resource "docker_network" "traefik" { name = "traefik" # ipv6 = true ipam_config { gateway = "172.20.0.1" subnet = "172.20.0.0/16" } # ipam_config { # subnet = "fd00:dead:beef::/48" # gateway = "fd00:dead:beef::1" # } } resource "docker_image" "traefik" { name = "traefik:2.9" } resource "docker_container" "traefik" { image = docker_image.traefik.image_id name = "traefik" privileged = false must_run = false networks_advanced { name = docker_network.traefik.name } ports { internal = 80 external = 80 ip = "192.168.10.147" } ports { internal = 443 external = 443 ip = "192.168.10.147" } ports { internal = 443 external = 443 ip = "fdf3:aad9:a885:b3a::3" } command = [ "--log.level=DEBUG", "--api.insecure=true", "--providers.docker=true", "--providers.docker.exposedbydefault=false", "--entrypoints.websecure.address=:443", "--entrypoints.web.address=:80", "--entrypoints.web.http.redirections.entrypoint.to=websecure", "--entrypoints.web.http.redirections.entrypoint.scheme=https", "--certificatesresolvers.linode.acme.dnschallenge.provider=linode", "--certificatesresolvers.linode.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53", "--certificatesresolvers.linode.acme.email=root@trygvis.io", "--certificatesresolvers.linode.acme.storage=/letsencrypt/acme.json", ] # labels { # label = "traefik.enable" # value = "true" # } # - "{{ docker_service__root }}/traefik/letsencrypt:/letsencrypt" # - "/var/run/docker.sock:/var/run/docker.sock:ro" env = [ "LINODE_TOKEN=${data.sops_file_entry.linode_token.data}" ] mounts { source = "/etc/docker-service/traefik/letsencrypt" target = "/letsencrypt" type = "bind" } mounts { source = "/var/run/docker.sock" target = "/var/run/docker.sock" type = "bind" read_only = true } depends_on = [ resource.null_resource.letsencrypt, ] } locals { path = "/etc/docker-service/traefik/letsencrypt" } resource "null_resource" "letsencrypt" { triggers = { path = local.path } provisioner "local-exec" { command = "ssh conflatorio.vpn.trygvis.io sudo mkdir -p ${local.path}" } }