From ebe35b94b059343849e0c428ee69378190f25030 Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Mon, 23 Oct 2023 15:41:46 +0200
Subject: grafana/traefik

---
 sops.yml                                |  7 ++++---
 terraform/conflatorio-docker/network.tf |  9 +++++++++
 terraform/conflatorio-docker/traefik.tf | 17 ++---------------
 terraform/grafana/grafana.tf            |  9 +++++----
 terraform/grafana/main.tf               |  8 ++++++++
 5 files changed, 28 insertions(+), 22 deletions(-)
 create mode 100644 terraform/conflatorio-docker/network.tf

diff --git a/sops.yml b/sops.yml
index 64b08b5..dc49206 100644
--- a/sops.yml
+++ b/sops.yml
@@ -1,4 +1,5 @@
-linode_token: ENC[AES256_GCM,data:OzTO+rM+z2hO3ch25HbiPvxI+bV8RoJ6BRY3yobKeXac6mv9rUbp3YjnyeeuKXrRdj6xNGYAiklrKeJlx0NxWg==,iv:uI4haka/5ZfZ3laPRfc3C6spxhSvemQuiw00oNWNGNQ=,tag:FiB8bZIQMlyOjcAaDJD5hQ==,type:str]
+#ENC[AES256_GCM,data:KE8haaNoCU7koejXB4F+UvE=,iv:M6s1LQBOlM97GAtZOGw7cnDcQZD/q4rNrEDF1FocxGs=,tag:mQszvgw+WNcEt9Czi+8hjg==,type:comment]
+linode_token: ENC[AES256_GCM,data:OaLHFMUozNiWb/YA+Nja7plMvHfRBbvr3UMrt+hGl88F7eDe5CLkEfkeNNRHcUy1lxNhX1j4YlVhBGxdTA2PoQ==,iv:gz31tnelnCg7Yw1CoHCrSaNXnlehnx4TWFHJq0VCc3g=,tag:sdeiTbUAkTCVAeyw78DIVA==,type:str]
 knot_pdb_terraform_password: ENC[AES256_GCM,data:cu5aUZAVrmtzgBB2hGfBkd+TU4vB0cWnBNluTHptyV0YvZuq,iv:HT4Cmr9huuylVt2vwFcrWUlBmDE6V3n0bXq/telJNBM=,tag:2RSvWnAAM5seHv12HyDprA==,type:str]
 sops:
     kms: []
@@ -24,8 +25,8 @@ sops:
             blppL21UdmlVWjhjdGpCSFNJY3dIZlEK8sh3ZE8ISuSmhPccYPWFaqigJtvpsif0
             kTwRoh0PFW6mCU9YCtosXV98jlEyUK/NbCmBx765AjrHOdAvJ0HIfQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-12-23T11:55:19Z"
-    mac: ENC[AES256_GCM,data:3sN4NSN7QnhpdSSwzz9DqUrD9ltcSMTP2N/uO2zHdd3eZRN8tx4/H0ggiyCKWUr1DMbyI608PaQ5ASi8kqNLYUYAeXl3z0rk2qbxOu82j1pfnHkSkZFkWAj1vnQfcXomTKUCqwiG/AXKifB/g3v0/aGVwUBr1mu+k4mGbI7tU/A=,iv:3eDkx1ntGw/uZr0lfYcdXCixcMcjmViH/qaUMKZagvM=,tag:vfgVLAHinf3Gj+NFSW+y/g==,type:str]
+    lastmodified: "2023-10-23T13:22:29Z"
+    mac: ENC[AES256_GCM,data:XkWZD0Whj/5Zd/dGC20UyQxvvkrca6Ox58L2cXzLAgum/lYj6Q+GdRIIApz7Iwmj8ZkX4I8+jrF9epozJwS4ZiYW6qsmcNzpt3F3oiwYqe8OcLfOpdSVdy5QekiNtweqO9zTAO14hVbz+QYkTnCBqc8tBF2BFVxek6j8KKSbTTM=,iv:O8AU9xhhnfJ36NBfJkdB6YVtmL/sEXRfVrMBpCV5ufc=,tag:/g/I6C2t4+QWUfFXDbblKQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3
diff --git a/terraform/conflatorio-docker/network.tf b/terraform/conflatorio-docker/network.tf
new file mode 100644
index 0000000..32e1bfb
--- /dev/null
+++ b/terraform/conflatorio-docker/network.tf
@@ -0,0 +1,9 @@
+resource "docker_network" "public" {
+  name = "public"
+
+  ipv6 = true
+
+  ipam_config {
+    subnet  = "fdf3:aad9:a885:77dd:bbbb::/120"
+  }
+}
diff --git a/terraform/conflatorio-docker/traefik.tf b/terraform/conflatorio-docker/traefik.tf
index ebc1ea0..8613394 100644
--- a/terraform/conflatorio-docker/traefik.tf
+++ b/terraform/conflatorio-docker/traefik.tf
@@ -1,10 +1,5 @@
 resource "docker_network" "traefik" {
   name = "traefik"
-  ipv6 = true
-
-  ipam_config {
-    subnet  = "fdf3:aad9:a885:77dd:aaaa::/120"
-  }
 }
 
 resource "docker_image" "traefik" {
@@ -21,16 +16,8 @@ resource "docker_container" "traefik" {
     name = docker_network.traefik.name
   }
 
-#  ports {
-#    internal = 80
-#    external = 80
-#    ip       = "192.168.10.147"
-#  }
-#
-#  ports {
-#    internal = 443
-#    external = 443
-#    ip       = "192.168.10.147"
+#  networks_advanced {
+#    name = docker_network.public.name
 #  }
 
   ports {
diff --git a/terraform/grafana/grafana.tf b/terraform/grafana/grafana.tf
index d72d457..6d75da3 100644
--- a/terraform/grafana/grafana.tf
+++ b/terraform/grafana/grafana.tf
@@ -1,7 +1,3 @@
-data "docker_network" "traefik" {
-  name = "traefik"
-}
-
 resource "docker_image" "grafana" {
   name = "grafana/grafana-oss:10.1.5"
 }
@@ -20,9 +16,14 @@ resource "docker_container" "grafana" {
     name = data.docker_network.traefik.name
   }
 
+  networks_advanced {
+    name = data.docker_network.public.name
+  }
+
   dynamic "labels" {
     for_each = [
       { label = "traefik.enable", value = "true" },
+      { label = "traefik.docker.network", value = data.docker_network.traefik.name },
       { label = "traefik.http.routers.grafana.rule", value = "Host(`grafana.vpn.trygvis.io`)" },
       { label = "traefik.http.routers.grafana.entrypoints", value = "websecure" },
       { label = "traefik.http.routers.grafana.tls.certresolver", value = "linode" },
diff --git a/terraform/grafana/main.tf b/terraform/grafana/main.tf
index d27c60e..fa225ab 100644
--- a/terraform/grafana/main.tf
+++ b/terraform/grafana/main.tf
@@ -37,3 +37,11 @@ provider "postgresql" {
   password = data.sops_file_entry.knot_pdb_terraform_password.data
   sslmode  = "require"
 }
+
+data "docker_network" "traefik" {
+  name = "traefik"
+}
+
+data "docker_network" "public" {
+  name = "public"
+}
-- 
cgit v1.2.3