1 files changed, 48 insertions, 0 deletions

diff --git a/terraform/grafana/grafana.tf b/terraform/grafana/grafana.tf
new file mode 100644
index 0000000..d72d457
--- /dev/null
+++ b/terraform/grafana/grafana.tf
@@ -0,0 +1,48 @@
+data "docker_network" "traefik" {
+  name = "traefik"
+}
+
+resource "docker_image" "grafana" {
+  name = "grafana/grafana-oss:10.1.5"
+}
+
+resource "docker_volume" "grafana" {
+  name = "grafana"
+}
+
+resource "docker_container" "grafana" {
+  image      = docker_image.grafana.image_id
+  name       = "grafana"
+  privileged = false
+  must_run   = true
+
+  networks_advanced {
+    name = data.docker_network.traefik.name
+  }
+
+  dynamic "labels" {
+    for_each = [
+      { label = "traefik.enable", value = "true" },
+      { label = "traefik.http.routers.grafana.rule", value = "Host(`grafana.vpn.trygvis.io`)" },
+      { label = "traefik.http.routers.grafana.entrypoints", value = "websecure" },
+      { label = "traefik.http.routers.grafana.tls.certresolver", value = "linode" },
+    ]
+    content {
+      label = labels.value["label"]
+      value = labels.value["value"]
+    }
+  }
+
+  env = [
+    "GF_DATABASE_TYPE=postgres",
+    "GF_DATABASE_HOST=[fdf3:aad9:a885:b3a::1]",
+    "GF_DATABASE_DATABASE=${postgresql_database.grafana.name}",
+    "GF_DATABASE_USER=${postgresql_role.grafana.name}",
+    "GF_DATABASE_PASSWORD=${postgresql_role.grafana.password}",
+  ]
+
+  volumes {
+    volume_name    = docker_volume.grafana.name
+    container_path = "/var/lib/grafana"
+  }
+}