aboutsummaryrefslogtreecommitdiff
path: root/terraform/conflatorio-docker
diff options
context:
space:
mode:
Diffstat (limited to 'terraform/conflatorio-docker')
-rw-r--r--terraform/conflatorio-docker/.terraform.lock.hcl19
-rw-r--r--terraform/conflatorio-docker/main.tf13
-rw-r--r--terraform/conflatorio-docker/traefik.tf11
3 files changed, 37 insertions, 6 deletions
diff --git a/terraform/conflatorio-docker/.terraform.lock.hcl b/terraform/conflatorio-docker/.terraform.lock.hcl
index 33dd88d..3ac9963 100644
--- a/terraform/conflatorio-docker/.terraform.lock.hcl
+++ b/terraform/conflatorio-docker/.terraform.lock.hcl
@@ -41,3 +41,22 @@ provider "registry.terraform.io/kreuzwerker/docker" {
"zh:f6238eee53124aae4896a57e92c6ad7ce35adb946662e864abf3c8cc154e3498",
]
}
+
+provider "registry.terraform.io/meilleursagents/ansiblevault" {
+ version = "2.2.0"
+ constraints = "2.2.0"
+ hashes = [
+ "h1:BdAWPYZ+cwkGuc9Hy0zZfyvbRL9f3naXpcUaOnoZee8=",
+ "zh:06faf88f2a6f2e9aabadb0d50565f4804636039042d37984463f0ca647f52189",
+ "zh:15053cceec8b24d9b62598e9e6860607603c2ecc7871705720a0753ef297d79f",
+ "zh:525f261f35d58151b4c51301cc1ae98a592c9b3400449361a91f2d84c467e2ac",
+ "zh:8bfe3b2c2b975792987d0642e8525efbf436ae08b1cebb1fa266b8954cb1915e",
+ "zh:93a943b494b0f70ef644334bf7646bf203ca087873385ab8ff89d406b9448771",
+ "zh:c651248189d297321a48feb775907de0ba2b9a100cb35f7364357b0af0e55931",
+ "zh:ccbee95f3c264c663fcddac8c8c921ec9f4fde95f15196838a73a9bf215a4020",
+ "zh:d3226f7b3a3013fceeef3392f54708b976daa0f43767bc24ff8c420c8a48a1a9",
+ "zh:f236d34596a51f64163eb5d13c3bcea4e10023f7e65f777b7267c463c427aad2",
+ "zh:f79f848b9c4b67879c2c25f2ef5b654eaafcfd7568f442eea2566bb580519c4f",
+ "zh:fbe2363c1c6a32df6443e650b53b5004a4d6f9431d23935ed98c500bed1552bd",
+ ]
+}
diff --git a/terraform/conflatorio-docker/main.tf b/terraform/conflatorio-docker/main.tf
index ce46e60..21081ac 100644
--- a/terraform/conflatorio-docker/main.tf
+++ b/terraform/conflatorio-docker/main.tf
@@ -16,9 +16,22 @@ terraform {
source = "kreuzwerker/docker"
version = "2.23.1"
}
+ ansiblevault = {
+ source = "MeilleursAgents/ansiblevault"
+ version = "2.2.0"
+ }
}
}
provider "docker" {
host = "ssh://conflatorio.vpn.trygvis.io"
}
+
+provider "ansiblevault" {
+ root_folder = "../.."
+}
+
+data "ansiblevault_path" "linode_token" {
+ path = "terraform-vault.yml"
+ key = "linode_token"
+}
diff --git a/terraform/conflatorio-docker/traefik.tf b/terraform/conflatorio-docker/traefik.tf
index 281d94f..42442be 100644
--- a/terraform/conflatorio-docker/traefik.tf
+++ b/terraform/conflatorio-docker/traefik.tf
@@ -43,10 +43,10 @@ resource "docker_container" "traefik" {
"--entrypoints.web.address=:80",
"--entrypoints.web.http.redirections.entrypoint.to=websecure",
"--entrypoints.web.http.redirections.entrypoint.scheme=https",
- "--certificatesresolvers.bitraf.acme.dnschallenge.provider=linode",
- "--certificatesresolvers.bitraf.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53",
- "--certificatesresolvers.bitraf.acme.email=itavdelingen@bitraf.no",
- "--certificatesresolvers.bitraf.acme.storage=/letsencrypt/acme.json",
+ "--certificatesresolvers.linode.acme.dnschallenge.provider=linode",
+ "--certificatesresolvers.linode.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53",
+ "--certificatesresolvers.linode.acme.email=root@trygvis.io",
+ "--certificatesresolvers.linode.acme.storage=/letsencrypt/acme.json",
]
# labels {
@@ -58,14 +58,13 @@ resource "docker_container" "traefik" {
# - "/var/run/docker.sock:/var/run/docker.sock:ro"
env = [
- # LINODE_TOKEN: "{{ linode_itavdelingen_pat }}"
+ "LINODE_TOKEN=${data.ansiblevault_path.linode_token.value}"
]
mounts {
source = "/etc/docker-service/traefik/letsencrypt"
target = "/letsencrypt"
type = "bind"
- read_only = true
}
mounts {