data "docker_network" "traefik" { name = "traefik" } data "docker_registry_image" "unifi-controller" { name = local.docker_image_controller } resource "docker_image" "unifi-controller" { name = data.docker_registry_image.unifi-controller.name pull_triggers = [data.docker_registry_image.unifi-controller.sha256_digest] } resource "docker_volume" "unifi-controller" { name = "unifi-controller-new" } resource "docker_container" "unifi-controller" { image = docker_image.unifi-controller.image_id name = "unifi-controller" hostname = "unifi-controller" # privileged = true # must_run = false networks_advanced { name = data.docker_network.traefik.name } networks_advanced { name = docker_network.unifi.name } dynamic "ports" { for_each = [ # Taken from https://fleet.linuxserver.io/image?name=linuxserver/unifi-controller { port = 1900, proto = "udp" }, # Required for Make controller discoverable on L2 network option { port = 3478, proto = "udp" }, # Unifi STUN port { port = 5514, proto = "tcp" }, # Remote syslog port { port = 6789, proto = "tcp" }, # For mobile throughput test { port = 8080, proto = "tcp" }, # Required for device communication # Public HTTP is handled by traefik # { port = 8443, proto = "tcp" }, # Unifi web admin port # Not used # { port = 8843, proto = "tcp" }, # Unifi guest portal HTTPS redirect port # { port = 8880, proto = "tcp" }, # Unifi guest portal HTTP redirect port { port = 10001, proto = "udp" }, # Required for AP discovery ] content { internal = ports.value["port"] external = ports.value["port"] protocol = ports.value["proto"] ip = local.public_ip } } volumes { volume_name = docker_volume.unifi-controller.name read_only = false container_path = "/config" } dynamic "labels" { for_each = [ { label = "traefik.enable", value = "true" }, { label = "traefik.http.routers.unifi-controller.rule", value = "Host(`${local.domain_name}`)" }, { label = "traefik.http.routers.unifi-controller.entrypoints", value = "websecure" }, { label = "traefik.http.routers.unifi-controller.tls.certresolver", value = "linode" }, { label = "traefik.http.services.unifi-controller.loadbalancer.server.port", value = "8443" }, { label = "traefik.http.services.unifi-controller.loadbalancer.server.scheme", value = "https" }, { label = "traefik.docker.network", value = "traefik" }, # { label = "traefik.http.services.unifi-controller.loadbalancer.passHostHeader", value = "false" }, ] content { label = labels.value["label"] value = labels.value["value"] } } env = [ "PUID=1000", "PGID=1000", "TZ=Europe/Oslo", "MEM_LIMIT=default", "MONGO_USER=${local.mongo_username}", "MONGO_PASS=${local.mongo_password}", "MONGO_HOST=${docker_container.unifi-mongo.hostname}", "MONGO_PORT=27017", "MONGO_DBNAME=${local.mongo_database}", ] }