diff options
Diffstat (limited to 'terraform/unifi-controller/unifi.tf')
| -rw-r--r-- | terraform/unifi-controller/unifi.tf | 110 |
1 files changed, 65 insertions, 45 deletions
diff --git a/terraform/unifi-controller/unifi.tf b/terraform/unifi-controller/unifi.tf index fc10542..4f1317f 100644 --- a/terraform/unifi-controller/unifi.tf +++ b/terraform/unifi-controller/unifi.tf @@ -1,77 +1,97 @@ -data "docker_network" "traefik" { - name = "traefik" -} +# data "docker_network" "traefik" { +# name = "traefik" +# } -data "docker_registry_image" "unifi-controller" { - name = "lscr.io/linuxserver/unifi-controller:latest" +data "docker_registry_image" "unifi-network-application" { + name = local.docker_image_controller } -resource "docker_image" "unifi-controller" { - name = data.docker_registry_image.unifi-controller.name - pull_triggers = [data.docker_registry_image.unifi-controller.sha256_digest] +resource "docker_image" "unifi-network-application" { + name = data.docker_registry_image.unifi-network-application.name + pull_triggers = [data.docker_registry_image.unifi-network-application.sha256_digest] } -resource "docker_volume" "unifi-controller" { - name = "unifi-controller" +resource "docker_volume" "unifi-network-application" { + name = "unifi-network-application" } -resource "docker_container" "unifi-controller" { - image = docker_image.unifi-controller.image_id - name = "unifi-controller" - hostname = "unifi-controller" +resource "docker_container" "unifi-network-application" { + image = docker_image.unifi-network-application.image_id + name = "unifi-network-application" + hostname = "unifi-network-application" # privileged = true - # must_run = false + must_run = true - networks_advanced { - name = data.docker_network.traefik.name - } + network_mode = "host" + +# networks_advanced { +# name = data.docker_network.traefik.name +# } + +# networks_advanced { +# name = docker_network.unifi.name +# } dynamic "ports" { for_each = [ - { port = 161, proto = "udp" }, - { port = 3478, proto = "udp" }, - { port = 6789, proto = "tcp" }, - { port = 8081, proto = "tcp" }, -# { port = 8080, proto = "tcp" }, # not used, we have configured it to 9080 - { port = 9080, proto = "tcp" }, - { port = 8880, proto = "tcp" }, -# { port = 8443, proto = "tcp" }, - { port = 10001, proto = "udp" }, + # Taken from https://fleet.linuxserver.io/image?name=linuxserver/unifi-controller + { port = 1900, proto = "udp" }, # Required for Make controller discoverable on L2 network option + { port = 3478, proto = "udp" }, # Unifi STUN port + { port = 5514, proto = "tcp" }, # Remote syslog port + { port = 6789, proto = "tcp" }, # For mobile throughput test + { port = 8080, proto = "tcp" }, # Required for device communication + + # Public HTTP is handled by traefik + # Not anymore! + { port = 8443, proto = "tcp" }, # Unifi web admin port + + # Not used + # { port = 8843, proto = "tcp" }, # Unifi guest portal HTTPS redirect port + # { port = 8880, proto = "tcp" }, # Unifi guest portal HTTP redirect port - # { port = 8843, proto = "tcp" }, web ui + { port = 10001, proto = "udp" }, # Required for AP discovery ] content { internal = ports.value["port"] external = ports.value["port"] protocol = ports.value["proto"] - ip = "fdf3:aad9:a885:77dd::2" + ip = local.public_ip } } volumes { - volume_name = docker_volume.unifi-controller.name + volume_name = docker_volume.unifi-network-application.name + read_only = false container_path = "/config" } - dynamic "labels" { - for_each = [ - { label = "traefik.enable", value = "true" }, - { label = "traefik.http.routers.unifi-controller.rule", value = "Host(`${local.domain_name}`)" }, - { label = "traefik.http.routers.unifi-controller.entrypoints", value = "websecure" }, - { label = "traefik.http.routers.unifi-controller.tls.certresolver", value = "linode" }, - { label = "traefik.http.services.unifi-controller.loadbalancer.server.port", value = "8443" }, - { label = "traefik.http.services.unifi-controller.loadbalancer.server.scheme", value = "https" }, - # { label = "traefik.http.services.unifi-controller.loadbalancer.passHostHeader", value = "false" }, - ] - content { - label = labels.value["label"] - value = labels.value["value"] - } - } +# dynamic "labels" { +# for_each = [ +# { label = "traefik.enable", value = "true" }, +# { label = "traefik.http.routers.unifi-network-application.rule", value = "Host(`${local.domain_name}`)" }, +# { label = "traefik.http.routers.unifi-network-application.entrypoints", value = "websecure" }, +# { label = "traefik.http.routers.unifi-network-application.tls.certresolver", value = "linode" }, +# { label = "traefik.http.services.unifi-network-application.loadbalancer.server.port", value = "8443" }, +# { label = "traefik.http.services.unifi-network-application.loadbalancer.server.scheme", value = "https" }, +# { label = "traefik.docker.network", value = "traefik" }, +# # { label = "traefik.http.services.unifi-network-application.loadbalancer.passHostHeader", value = "false" }, +# ] +# content { +# label = labels.value["label"] +# value = labels.value["value"] +# } +# } env = [ "PUID=1000", "PGID=1000", + "TZ=Europe/Oslo", "MEM_LIMIT=default", + "MONGO_USER=${local.mongo_username}", + "MONGO_PASS=${local.mongo_password}", + #"MONGO_HOST=${docker_container.unifi-mongo.hostname}", + "MONGO_HOST=localhost", + "MONGO_PORT=27017", + "MONGO_DBNAME=${local.mongo_database}", ] } |