From 5a0811c25bc7be0c390a95fd050aa97ac3c4570b Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Mon, 19 Dec 2022 13:12:09 +0100
Subject: terraform/conflatorio-docker

---
 terraform/conflatorio-docker/.terraform.lock.hcl |  43 +++++++++
 terraform/conflatorio-docker/main.tf             |  24 +++++
 terraform/conflatorio-docker/traefik.tf          | 107 +++++++++++++++++++++++
 3 files changed, 174 insertions(+)
 create mode 100644 terraform/conflatorio-docker/.terraform.lock.hcl
 create mode 100644 terraform/conflatorio-docker/main.tf
 create mode 100644 terraform/conflatorio-docker/traefik.tf

diff --git a/terraform/conflatorio-docker/.terraform.lock.hcl b/terraform/conflatorio-docker/.terraform.lock.hcl
new file mode 100644
index 0000000..33dd88d
--- /dev/null
+++ b/terraform/conflatorio-docker/.terraform.lock.hcl
@@ -0,0 +1,43 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/null" {
+  version = "3.2.1"
+  hashes = [
+    "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=",
+    "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840",
+    "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb",
+    "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5",
+    "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238",
+    "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc",
+    "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970",
+    "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2",
+    "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5",
+    "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f",
+    "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694",
+  ]
+}
+
+provider "registry.terraform.io/kreuzwerker/docker" {
+  version     = "2.23.1"
+  constraints = "2.23.1"
+  hashes = [
+    "h1:0B1y4P21+k4/3KkVkDRjkmaQ2HYWnCD8EUMBCaoaudA=",
+    "zh:075f591d3ef708cbdb94f31685c332b15622dd0d6a4eff7c36a49c43fe138523",
+    "zh:1952a1d90541ba27e72441d876d7b8c8bdbbaf14cc80685db9940112f2075eb5",
+    "zh:1d050255ac61132e24d7b653bed14b152ad99f4a6ad3bd346694baded4f3eee8",
+    "zh:2fc77142ea2bcabc7dba00bd6e13a88f18987b56e030f1527ed9d3b8f8228179",
+    "zh:3acaa72c112a3fdbeb1463a39049d9ac543db38f1be0ac58b00ef3625e3fdd3a",
+    "zh:46f462e35cd7cc33df9c256a3b47101dd64435c49127f0b9c0731315c19f3a88",
+    "zh:4c647a12a68b6b3ebef2a0d3a36aad2abdab8662ab3fa1ed4965ef7440c529eb",
+    "zh:6440a7989917d538478875e80c682a973b7addf2b7931b4dfd0b15490b05e714",
+    "zh:84c587d6a935fb1b25044e920101b2bee76caa892259076d9eceb241b94271f4",
+    "zh:8960ae0fde31e4c0db97bb60424de79acf6863d49853e8e1426c6bae7fc7d5b6",
+    "zh:9e053699151cbff9e12df11f10d272b24d19eba52760f16ecbc9ba8f36ef086b",
+    "zh:b5261fd530cc531d69a54427a5563834e54f146f93876e9d19d4e8f0681f724e",
+    "zh:edbbf0931b4c82b8cd52cc99f717d5b745ed29fd563f96d9c526c66547ce2af2",
+    "zh:f6238eee53124aae4896a57e92c6ad7ce35adb946662e864abf3c8cc154e3498",
+  ]
+}
diff --git a/terraform/conflatorio-docker/main.tf b/terraform/conflatorio-docker/main.tf
new file mode 100644
index 0000000..ce46e60
--- /dev/null
+++ b/terraform/conflatorio-docker/main.tf
@@ -0,0 +1,24 @@
+terraform {
+  required_version = "~> 1.3.5"
+
+  backend "s3" {
+    bucket                      = "terraform-a6726272-73ff-11ed-8bdd-c79eb8376e05"
+    key                         = "conflatorio-docker/terraform.tfstate"
+    region                      = "eu-central-1"
+    skip_region_validation      = true
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    endpoint                    = "eu-central-1.linodeobjects.com"
+  }
+
+  required_providers {
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "2.23.1"
+    }
+  }
+}
+
+provider "docker" {
+  host = "ssh://conflatorio.vpn.trygvis.io"
+}
diff --git a/terraform/conflatorio-docker/traefik.tf b/terraform/conflatorio-docker/traefik.tf
new file mode 100644
index 0000000..281d94f
--- /dev/null
+++ b/terraform/conflatorio-docker/traefik.tf
@@ -0,0 +1,107 @@
+resource "docker_network" "traefik" {
+  name = "traefik"
+}
+
+resource "docker_image" "traefik" {
+  name = "traefik:2.9"
+}
+
+resource "docker_container" "traefik" {
+  image      = docker_image.traefik.image_id
+  name       = "traefik"
+  privileged = false
+  must_run   = false
+
+  networks_advanced {
+    name = docker_network.traefik.name
+  }
+
+  ports {
+    internal = 80
+    external = 80
+    ip       = "192.168.10.147"
+  }
+
+  ports {
+    internal = 443
+    external = 443
+    ip       = "192.168.10.147"
+  }
+
+  ports {
+    internal = 443
+    external = 443
+    ip       = "fdf3:aad9:a885:b3a::3"
+  }
+
+  command = [
+    "--log.level=DEBUG",
+    "--api.insecure=true",
+    "--providers.docker=true",
+    "--providers.docker.exposedbydefault=false",
+    "--entrypoints.websecure.address=:443",
+    "--entrypoints.web.address=:80",
+    "--entrypoints.web.http.redirections.entrypoint.to=websecure",
+    "--entrypoints.web.http.redirections.entrypoint.scheme=https",
+    "--certificatesresolvers.bitraf.acme.dnschallenge.provider=linode",
+    "--certificatesresolvers.bitraf.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53",
+    "--certificatesresolvers.bitraf.acme.email=itavdelingen@bitraf.no",
+    "--certificatesresolvers.bitraf.acme.storage=/letsencrypt/acme.json",
+  ]
+
+  #  labels {
+  #    label = "traefik.enable"
+  #    value = "true"
+  #  }
+
+  #  - "{{ docker_service__root }}/traefik/letsencrypt:/letsencrypt"
+  #  - "/var/run/docker.sock:/var/run/docker.sock:ro"
+
+  env = [
+    #  LINODE_TOKEN: "{{ linode_itavdelingen_pat }}"
+  ]
+
+  mounts {
+    source    = "/etc/docker-service/traefik/letsencrypt"
+    target    = "/letsencrypt"
+    type      = "bind"
+    read_only = true
+  }
+
+  mounts {
+    source    = "/var/run/docker.sock"
+    target    = "/var/run/docker.sock"
+    type      = "bind"
+    read_only = true
+  }
+
+  depends_on = [
+    resource.null_resource.letsencrypt,
+  ]
+}
+
+locals {
+  path = "/etc/docker-service/traefik/letsencrypt"
+}
+
+resource "null_resource" "letsencrypt" {
+  triggers = {
+    path = local.path
+  }
+
+  provisioner "local-exec" {
+    command = "ssh conflatorio.vpn.trygvis.io sudo mkdir -p ${local.path}"
+  }
+}
+
+# provisioner "file" {
+#   source      = "conf/myapp.conf"
+#   destination = "/etc/myapp.conf"
+# 
+#   connection {
+#     type     = "ssh"
+#     user     = "root"
+#     password = "${var.root_password}"
+#     host     = "${var.host}"
+#   }
+# }
-- 
cgit v1.2.3