diff options
Diffstat (limited to 'terraform')
-rw-r--r-- | terraform/unifi-controller/README.md | 9 | ||||
-rw-r--r-- | terraform/unifi-controller/main.tf | 9 | ||||
-rw-r--r-- | terraform/unifi-controller/mongo.tf | 23 | ||||
-rw-r--r-- | terraform/unifi-controller/sops.yml | 34 | ||||
-rw-r--r-- | terraform/unifi-controller/unifi.tf | 13 |
5 files changed, 72 insertions, 16 deletions
diff --git a/terraform/unifi-controller/README.md b/terraform/unifi-controller/README.md new file mode 100644 index 0000000..66f0fb0 --- /dev/null +++ b/terraform/unifi-controller/README.md @@ -0,0 +1,9 @@ +# Mongo init + +After the mongo database has been started the first time, execute the output of: + + terraform output -json|jq -r .mongo_init_js.value + +in a mongo shell: + + docker exec -it unifi-mongo mongo diff --git a/terraform/unifi-controller/main.tf b/terraform/unifi-controller/main.tf index 915685a..f5f7b0a 100644 --- a/terraform/unifi-controller/main.tf +++ b/terraform/unifi-controller/main.tf @@ -28,14 +28,15 @@ provider "docker" { locals { domain_name = "unifi.vpn.trygvis.io" - docker_image_controller = "lscr.io/linuxserver/unifi-controller:8.0.24" - docker_image_mongo = "mongo:3.6" + docker_image_controller = "lscr.io/linuxserver/unifi-controller:8.0.24-mongoless" + docker_image_mongo = "mongo:7.0" + mongo_database = "unifi" mongo_username = "unifi" - mongo_password = data.sops_file_entry.mongo_password + mongo_password = data.sops_file_entry.mongo_password.data } data "sops_file_entry" "mongo_password" { - source_file = "../../sops.yml" + source_file = "sops.yml" data_key = "mongo_password" } diff --git a/terraform/unifi-controller/mongo.tf b/terraform/unifi-controller/mongo.tf index 747b3b1..98b4e36 100644 --- a/terraform/unifi-controller/mongo.tf +++ b/terraform/unifi-controller/mongo.tf @@ -1,5 +1,5 @@ -resource "docker_network" "unifi-mongo" { - name = "unifi-mongo" +resource "docker_network" "unifi" { + name = "unifi" } data "docker_registry_image" "mongo" { @@ -21,7 +21,7 @@ resource "docker_container" "unifi-mongo" { hostname = "unifi-mongo" networks_advanced { - name = docker_network.unifi-mongo.name + name = docker_network.unifi.name } volumes { @@ -29,3 +29,20 @@ resource "docker_container" "unifi-mongo" { container_path = "/data/db" } } + +output "mongo_init_js" { + sensitive = true + value = <<-EOF + db.getSiblingDB("${local.mongo_database}"). + createUser({ + user: "${local.mongo_database}", + pwd: "${local.mongo_password}", + roles: [{role: "dbOwner", db: "${local.mongo_database}"}]}); + + db.getSiblingDB("${local.mongo_database}_stat"). + createUser({ + user: "${local.mongo_database}", + pwd: "${local.mongo_password}", + roles: [{role: "dbOwner", db: "${local.mongo_database}_stat"}]}); + EOF +} diff --git a/terraform/unifi-controller/sops.yml b/terraform/unifi-controller/sops.yml index daf5231..ce815b2 100644 --- a/terraform/unifi-controller/sops.yml +++ b/terraform/unifi-controller/sops.yml @@ -1,4 +1,4 @@ -mongo_password: ENC[AES256_GCM,data:4GK/9eCD/tuhDTgAnvn4nim6zB8q476MG4SYzp4SuxcTK0uUdPKdMj0uWAUySYnFI+hNINSMm5ujZ6PXUdLxE2X04t52Dtm5DoVXgZTrP8WHXz2RHGrVElJ6LABVji3mmh4+Ug==,iv:5j89FCkB9sr85tRzo9qeVUjrqvgZOEihBstXNWgbTOA=,tag:V27pawBT6NqX3V0iAeu7NA==,type:str] +mongo_password: ENC[AES256_GCM,data:BdrzXzqlYf0LO0ru361m/ZIqErFT/yRl+2pdsmFZNYyrgrZN+3q9aZoMCSva1E6w4xGbMmjG6WSgQlf+yRIlb6k9q0yFSPE9gbfhESILrSuO2McVjSO0KCK7+nI3b9nlb2Lp2A==,iv:yNNWskWG2lAZZOp8HgWomAgFg1BdXQ1zH/SmMnQVSkQ=,tag:OxpdBIr47OUpEqj+hmyKMw==,type:str] sops: kms: [] gcp_kms: [] @@ -8,14 +8,32 @@ sops: - recipient: age13wv3rp0varlg4nvt3tca48fq8u9q3mc6yfdekjeapcmc7kaq4dysrzcmv3 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlRFptMlVVRWFQbjlwb2tj - NmtEV29HMm82SjdKTDE4N2pSOUpvRzBOcDAwCnBOcnlKS0dCQjRxc0VzY3pEVyt1 - K2hRZGpqL3p1ejZJM2xyTDFocnFSMW8KLS0tIEx0cVpOUHVrZTErTXBGKyt2Rmx5 - Q3NYajIxUFNwUDZ6bW1XT1NWak8vaVkK0IoF+EoQA7AAXmfVICs8wIxJrhlTDKkc - cRc2o70ARquivCo/SuYg1f/097BhOucm1lLXfCATvzi5GvMwqXvcTg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPbUlUNnlVVDZBMGFyT2cy + djZMbjVUa2UxRlRzNzVMNmNWQkFRSWlselc4CjV5dU5QUGtrTWpqL2k2L29wSjRI + ak9ZL2hDb3F0UHFkZDVmV2lxVjVRVG8KLS0tIGIyNDF3cTRRTTZ4R1oyVHU5YUVJ + Y09WN2EvVDZwTExybms2UmJEN0h1OUkKJLGAUByueidNKz9LrRLUzkAhT3+mczz6 + 10JVToEgm5+N95zEXBiZtaNftvGYU6eVqHtwFyVm3lbO7VBYpvhRNQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-20T04:48:47Z" - mac: ENC[AES256_GCM,data:BbX2yJsTcmgoY1lL+isa85eBN8OK4BM7wZsuwAJtOsxMDEHYmzJiF4AjKnSoTWqdCLy2PhpUPfLmsunfODhfoiCmfjqr69WHP+fktPK9RRaa+bBGGXAc6/GBWBuvlhmgvy0LKRa9DrCPLOF0lwrEvmur89THCUu6HW60aguO3E0=,iv:C3VFYOdMGh8M4KbS1K0zq8cwmsrjZFkih74use0omdQ=,tag:arLY4XlgJ3Z8fFdXeHBAHw==,type:str] + - recipient: age1mvh832crygenu5tu5njtraraet656rzwnawuasjggvs999dc9ueqj9qclw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMnVTcno3emdKRWUvL25j + MjEzN0pMUktPcjU3QW5CeEtYL2dFS1ZMdW13CjJVT0FOWTBUOWVCa0tEZE4yM1lx + d2F0TjAvaDBvcmdkR0pHV0c5KzRqdzgKLS0tIDR6TThRdWtMSzdkL2FHKytCNU8r + WHc3OWM0b0lSMGRUM2NnNmdocnNiRVkKko4z88f5PzmVzxfB8Zi/zZhccvxqYqym + nvd7uja8Ght+DpT/stYIrYyu0lyBOTVirwTIaEHr5bKUY1d+TwwP/g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1teasctdpkatekpsa47q58d3ugwyyqcuj5v9udtusk7ca9sfv694sw057a5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4a29XdEZkdkZuU0M3MGpU + YkJRbjdWOWpmdjQyUHY5VDBqUTRYUk9LR21BCkxjOUU4Mmg4NXZwVnRJYWp4NnZr + a0xUS3pQTjJNam5qQXhhZUkxaW5nVWsKLS0tIFJ3eFJxbytPQkZJKzF2MGorVmlr + LzVLTE1qZkp0YUhFT3h2dktuMnJGZE0KnirLt0k2g2XqqIKIu6nNNIoZMF25Ir7E + EFjv/k/kKVLPesrdtfwKRCLQqtQjV0j1qtqPOKoUDcrE3zxs4r4gaA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-20T07:04:41Z" + mac: ENC[AES256_GCM,data:hjDc7d8/8dwEb23Xb16WBsoEOE7hepyLYz2n2DW6aKT14RLOAxB85kP8Ibwb0tC4DqwNkCqOWJ6WxhHrZA2IKE4co6bsD8uc6atM2EgRm6Xctgr2lqvYMr7WtPFKIQF+/K7358i7vf/tyvtdvNINVuBXVra5LcxVTSVyUIb1m+w=,iv:VKDovzX5RO9RIjm85JlfsNE5sd+TVYRh8FbFJHIZpgw=,tag:tbdoa4Cow5jYEVvP9LXEiQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/terraform/unifi-controller/unifi.tf b/terraform/unifi-controller/unifi.tf index 699628b..8e6c7d7 100644 --- a/terraform/unifi-controller/unifi.tf +++ b/terraform/unifi-controller/unifi.tf @@ -12,7 +12,7 @@ resource "docker_image" "unifi-controller" { } resource "docker_volume" "unifi-controller" { - name = "unifi-controller" + name = "unifi-controller-new" } resource "docker_container" "unifi-controller" { @@ -26,6 +26,10 @@ resource "docker_container" "unifi-controller" { name = data.docker_network.traefik.name } + networks_advanced { + name = docker_network.unifi.name + } + dynamic "ports" { for_each = [ # Taken from https://fleet.linuxserver.io/image?name=linuxserver/unifi-controller @@ -65,6 +69,7 @@ resource "docker_container" "unifi-controller" { { label = "traefik.http.routers.unifi-controller.tls.certresolver", value = "linode" }, { label = "traefik.http.services.unifi-controller.loadbalancer.server.port", value = "8443" }, { label = "traefik.http.services.unifi-controller.loadbalancer.server.scheme", value = "https" }, + { label = "traefik.docker.network", value = "traefik" }, # { label = "traefik.http.services.unifi-controller.loadbalancer.passHostHeader", value = "false" }, ] content { @@ -76,6 +81,12 @@ resource "docker_container" "unifi-controller" { env = [ "PUID=1000", "PGID=1000", + "TZ=Europe/Oslo", "MEM_LIMIT=default", + "MONGO_USER=${local.mongo_username}", + "MONGO_PASS=${local.mongo_password}", + "MONGO_HOST=${docker_container.unifi-mongo.hostname}", + "MONGO_PORT=27017", + "MONGO_DBNAME=${local.mongo_database}", ] } |