From f05b5689f86243b227068cf9331d8146fbc33cf8 Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Mon, 27 Feb 2023 11:35:40 +0100 Subject: unifi-controller --- terraform/unifi-controller/.terraform.lock.hcl | 68 +++++++++++++++++++++++ terraform/unifi-controller/backend.tf | 12 ++++ terraform/unifi-controller/main.tf | 36 ++++++++++++ terraform/unifi-controller/terragrunt.hcl | 3 + terraform/unifi-controller/unifi.tf | 76 ++++++++++++++++++++++++++ 5 files changed, 195 insertions(+) create mode 100644 terraform/unifi-controller/.terraform.lock.hcl create mode 100644 terraform/unifi-controller/backend.tf create mode 100644 terraform/unifi-controller/main.tf create mode 100644 terraform/unifi-controller/terragrunt.hcl create mode 100644 terraform/unifi-controller/unifi.tf (limited to 'terraform/unifi-controller') diff --git a/terraform/unifi-controller/.terraform.lock.hcl b/terraform/unifi-controller/.terraform.lock.hcl new file mode 100644 index 0000000..b96b3f3 --- /dev/null +++ b/terraform/unifi-controller/.terraform.lock.hcl @@ -0,0 +1,68 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/cyrilgdn/postgresql" { + version = "1.18.0" + constraints = "1.18.0" + hashes = [ + "h1:Nf26liFILUZXPh1P2B8T3qtq2Tc7objtm0sBSt0lhh0=", + "zh:251b609167ce25e974607c0c7dd3f90cfc45980c9068364f896e26c31416d96c", + "zh:317980d14a6a171f118bb522ffd02046e508d98100073f97671aeb2adae30d79", + "zh:3622c6414e91f8ccceed94ddf12062a22c14de4fac73c6142b009ae791ca7cd4", + "zh:36be2b338c230b0ab0c7b4c55049dba9bd8d705973c2cceaf3e293d41f520db5", + "zh:4332e83b91f60c43679ff9660c8ef4ebe251e05926a4d20dc64db1bfbabc8670", + "zh:444835840c917aff17f49f9f7b4ae542d5bd9f2ec306b581d1931b00380213bd", + "zh:5174bd85ea94ed4a6cef6c02bc27498f47ac21841fcab7487ab19d8513c97e54", + "zh:61c6eb6b2bf18cdc0734c101854e25990ba24a16580c6bbc599a0b00f72be397", + "zh:b40bbc61a4e522b22ebd57f01a518370a97cd6945e4bdd2955e5f887c88ee3f6", + "zh:d7aeb158c884f6590d6033cd44d5e9438f648bcb5ca3bd54573847c287845b00", + "zh:da3bee1282f6b48572d15f7a693113931afb306b98e29c09c9a054bdc3d6df44", + "zh:ec864a068eeab48899d99405f5606379478df8e48c005844d63a5360c23d5e15", + "zh:fda709d1cabde236b79c98c9abb80f2c1591fdea751afadc546073056be6e6ba", + "zh:ff08607ab25d1c5b55c3794b67a4ee2c9ac5023962c196ce587df34f0e201ca6", + ] +} + +provider "registry.terraform.io/kreuzwerker/docker" { + version = "3.0.1" + constraints = "3.0.1" + hashes = [ + "h1:X2wZHQoG54NmtojeFcX0PSJPelaIejQRqyyI2h+LjWg=", + "zh:02f60126ca16b344092df3c315296bf1a216c3b2a68eddb3c89fdfa5ea826118", + "zh:0d2ee9624a54dbc10538b0c4e296348641b9bfba1354b3f872e43f7ec69a75f2", + "zh:473d7427da8c9efc231266abc7fdc27fca5f9ee0bdfcdb9914f0a2886e3e23b8", + "zh:5f0189bcd0c944c001098cb17a23efa79df8f0eec8644a64fe0e4200983ba5b7", + "zh:6200319c41d6baad3f46701a4028412f8ae2496e29fc4fef9584cc71da5fbbe6", + "zh:650be621f2216b1240f148eae8fcf80ec57c35925e2b212db7c23a70b9e67e06", + "zh:72fcfa6207251105066a34f0ec6d27ecc658b565e84fa946da376dd1afadd265", + "zh:92fc352a2090d3d380c7c8e8bbdf6f99d93a0182701056bb1d2dbfd5049e8ca6", + "zh:a7e2ef666c2a7eb5661b06cfbd7635cb9543524e7bf6a3851dcf6eacc9950cc4", + "zh:a8604595e61e8919c51a8656800c8c64557f9a2bc00309315895b380f2e9be19", + "zh:caf65603a84b749d8f3af2ee47b66f7e21d481f981e2e1d1d59838751c5e3be4", + "zh:dad40c4e57da284e7f57b5c0cc9dfac3cb27b01d2f2436fbe3464f0a2111b262", + "zh:dc1b173dbcba9d74879b16f36f6d9e97ef62fbd6fca8db79ec4fe4ec69c0e2f3", + "zh:e506d04677383b6d62bd69d42dc9005e27a45ccc2efc6e0de607e1f8445981d2", + ] +} + +provider "registry.terraform.io/linode/linode" { + version = "1.30.0" + constraints = "1.30.0" + hashes = [ + "h1:rd4yQ7u3awn2kTqdKf5D67TTeo6rybYpDry/WwvolRA=", + "zh:197c61c5eb2252f65c18d2aa65cdc0511617b13e2388118f3fe063d7969dd7ad", + "zh:1a66470682acb13dc57308d5b1eaa19ff60c2404a3b15714e3072d02d569b1a5", + "zh:368cdcf17073a39687da830c02cf3ce50e0d8f03b7ec808b49561628be798abc", + "zh:42f2510a70afbb7fc8928df119d1e14ce1b61d2aded13b88072858ee5861feb2", + "zh:57734dd1e8255abd52a33ff79c20ef4efc3831850b22dd1a628e6301c3cf95c6", + "zh:61d614a7a4607bfc4ab6bfd0501007501957b973dbd028e0e513a3d4df07f12e", + "zh:79243f22fc0a9adfc1123abdd17c515f0ce4d8147302889033b6c44f6a48337e", + "zh:9f7cd46185bbe2c001dab1d0bd6c17a9740e7279d3fffe93755f2c964e267213", + "zh:9fdc9f8f47bde4140bc14cf082bbc2ceb63a3bebf0683df2fefd83c9e248274c", + "zh:aa1fd80a7ea245f8b852e40c68ccde2d8b6446e2138ebdec7425c67e82099881", + "zh:bb31f1ba5b0e001cf343d3a4cfafa70e6f3e30fd8a200d2cd7e077663efe0456", + "zh:da87881fa030287df2009028c49581e1fd0ff89baef0d8543b27ca506eff2971", + "zh:ed6afd7b1bc7237a9dff5c721ca3a5c7c505803cd5ea0b4ad0dfdf07ed6f9b0d", + "zh:ee653d5d08cb331ce2d8dc1010e68d363470ae87be62c0515e5d2418727cd02b", + ] +} diff --git a/terraform/unifi-controller/backend.tf b/terraform/unifi-controller/backend.tf new file mode 100644 index 0000000..af4b54d --- /dev/null +++ b/terraform/unifi-controller/backend.tf @@ -0,0 +1,12 @@ +# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa +terraform { + backend "s3" { + bucket = "terraform-a6726272-73ff-11ed-8bdd-c79eb8376e05" + endpoint = "eu-central-1.linodeobjects.com" + key = "unifi-controller/terraform.tfstate" + region = "eu-central-1" + skip_credentials_validation = true + skip_metadata_api_check = true + skip_region_validation = true + } +} diff --git a/terraform/unifi-controller/main.tf b/terraform/unifi-controller/main.tf new file mode 100644 index 0000000..98d559a --- /dev/null +++ b/terraform/unifi-controller/main.tf @@ -0,0 +1,36 @@ +terraform { + required_version = "~> 1.3.5" + + # backend "s3" { + # bucket = "terraform-a6726272-73ff-11ed-8bdd-c79eb8376e05" + # key = "unifi/terraform.tfstate" + # region = "eu-central-1" + # skip_region_validation = true + # skip_credentials_validation = true + # skip_metadata_api_check = true + # endpoint = "eu-central-1.linodeobjects.com" + # } + + required_providers { + docker = { + source = "kreuzwerker/docker" + version = "3.0.1" + } + linode = { + source = "linode/linode" + version = "1.30.0" + } + postgresql = { + source = "cyrilgdn/postgresql" + version = "1.18.0" + } + } +} + +provider "docker" { + host = "ssh://conflatorio.vpn.trygvis.io" +} + +locals { + domain_name = "unifi.vpn.trygvis.io" +} diff --git a/terraform/unifi-controller/terragrunt.hcl b/terraform/unifi-controller/terragrunt.hcl new file mode 100644 index 0000000..e147285 --- /dev/null +++ b/terraform/unifi-controller/terragrunt.hcl @@ -0,0 +1,3 @@ +include "root" { + path = find_in_parent_folders() +} diff --git a/terraform/unifi-controller/unifi.tf b/terraform/unifi-controller/unifi.tf new file mode 100644 index 0000000..55ccef3 --- /dev/null +++ b/terraform/unifi-controller/unifi.tf @@ -0,0 +1,76 @@ +data "docker_network" "traefik" { + name = "traefik" +} + +data "docker_registry_image" "unifi-controller" { + name = "lscr.io/linuxserver/unifi-controller:latest" +} + +resource "docker_image" "unifi-controller" { + name = data.docker_registry_image.unifi-controller.name + pull_triggers = [data.docker_registry_image.unifi-controller.sha256_digest] +} + +resource "docker_volume" "unifi-controller" { + name = "unifi-controller" +} + +resource "docker_container" "unifi-controller" { + image = docker_image.unifi-controller.image_id + name = "unifi-controller" + hostname = "unifi-controller" + # privileged = true + # must_run = false + + networks_advanced { + name = data.docker_network.traefik.name + } + + dynamic "ports" { + for_each = [ + { port = 161, proto = "udp" }, + { port = 3478, proto = "udp" }, + { port = 6789, proto = "tcp" }, + { port = 8081, proto = "tcp" }, + { port = 8080, proto = "tcp" }, + { port = 8880, proto = "tcp" }, + { port = 8443, proto = "tcp" }, + { port = 10001, proto = "udp" }, + +# { port = 8843, proto = "tcp" }, web ui + ] + content { + internal = ports.value["port"] + external = ports.value["port"] + protocol = ports.value["proto"] + ip = "192.168.10.3" + } + } + + volumes { + volume_name = docker_volume.unifi-controller.name + container_path = "/config" + } + + dynamic "labels" { + for_each = [ + { label = "traefik.enable", value = "true" }, + { label = "traefik.http.routers.unifi-controller.rule", value = "Host(`${local.domain_name}`)" }, + { label = "traefik.http.routers.unifi-controller.entrypoints", value = "websecure" }, + { label = "traefik.http.routers.unifi-controller.tls.certresolver", value = "linode" }, + { label = "traefik.http.services.unifi-controller.loadbalancer.server.port", value = "8443" }, + { label = "traefik.http.services.unifi-controller.loadbalancer.server.scheme", value = "https" }, +# { label = "traefik.http.services.unifi-controller.loadbalancer.passHostHeader", value = "false" }, + ] + content { + label = labels.value["label"] + value = labels.value["value"] + } + } + + env = [ + "PUID=1000", + "PGID=1000", + "MEM_LIMIT=default", + ] +} -- cgit v1.2.3