data "docker_network" "traefik" { name = "traefik" } data "docker_network" "bridge" { name = "bridge" } resource "docker_image" "concourse-7_9_0" { name = "concourse/concourse:7.9.0" } resource "docker_container" "concourse" { image = docker_image.concourse-7_9_0.image_id name = "concourse" privileged = true must_run = false command = ["quickstart"] networks_advanced { name = data.docker_network.traefik.name } networks_advanced { name = data.docker_network.bridge.name } ports { internal = 8080 external = 8080 ip = "192.168.10.147" } mounts { type = "bind" target = "/worker-state" source = "/data3/concourse" } labels { label = "traefik.enable" value = "true" } labels { label = "traefik.enable" value = "true" } labels { label = "traefik.http.routers.concourse.rule" value = "Host(`${local.domain_name}`)" } labels { label = "traefik.http.routers.concourse.entrypoints" value = "websecure" } labels { label = "traefik.http.routers.concourse.tls.certresolver" value = "linode" } env = [ "CONCOURSE_POSTGRES_HOST=knot.vpn.trygvis.io", "CONCOURSE_POSTGRES_PORT=5432", "CONCOURSE_POSTGRES_USER=${postgresql_role.concourse.name}", "CONCOURSE_POSTGRES_PASSWORD=${postgresql_role.concourse.password}", "CONCOURSE_POSTGRES_DATABASE=${postgresql_database.concourse.name}", "CONCOURSE_POSTGRES_SSLMODE=require", "CONCOURSE_EXTERNAL_URL=https://${local.domain_name}", "CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER=overlay", "CONCOURSE_CLIENT_SECRET=Y29uY291cnNlLXdlYgo=", "CONCOURSE_TSA_CLIENT_SECRET=Y29uY291cnNlLXdvcmtlcgo=", "CONCOURSE_X_FRAME_OPTIONS=allow", "CONCOURSE_CONTENT_SECURITY_POLICY=*", "CONCOURSE_CLUSTER_NAME=tutorial", "CONCOURSE_WORKER_CONTAINERD_DNS_SERVER=8.8.8.8", "CONCOURSE_WORKER_RUNTIME=containerd", "CONCOURSE_ENABLE_ACROSS_STEP=true", "CONCOURSE_ENABLE_PIPELINE_INSTANCES=true", "CONCOURSE_WORK_DIR=/opt/concourse/worker", "CONCOURSE_ADD_LOCAL_USER=trygvis:trygvis", "CONCOURSE_MAIN_TEAM_LOCAL_USER=trygvis", # "CONCOURSE_MAIN_TEAM_GITHUB_ORG=org-name", # "CONCOURSE_MAIN_TEAM_GITHUB_TEAM=bitraf:Drift", # "CONCOURSE_MAIN_TEAM_GITHUB_USER=some-user", # "CONCOURSE_GITHUB_CLIENT_ID=${data.ansiblevault_path.github_client_id.value}", # "CONCOURSE_GITHUB_CLIENT_SECRET=${data.ansiblevault_path.github_client_secret.value}", ] }