data "docker_network" "traefik" { name = "traefik" } data "docker_registry_image" "unifi-controller" { name = "lscr.io/linuxserver/unifi-controller:latest" } resource "docker_image" "unifi-controller" { name = data.docker_registry_image.unifi-controller.name pull_triggers = [data.docker_registry_image.unifi-controller.sha256_digest] } resource "docker_volume" "unifi-controller" { name = "unifi-controller" } resource "docker_container" "unifi-controller" { image = docker_image.unifi-controller.image_id name = "unifi-controller" hostname = "unifi-controller" # privileged = true # must_run = false networks_advanced { name = data.docker_network.traefik.name } dynamic "ports" { for_each = [ { port = 161, proto = "udp" }, { port = 3478, proto = "udp" }, { port = 6789, proto = "tcp" }, { port = 8081, proto = "tcp" }, { port = 8080, proto = "tcp" }, # not used, we have configured it to 9080 { port = 9080, proto = "tcp" }, { port = 8880, proto = "tcp" }, { port = 8443, proto = "tcp" }, { port = 10001, proto = "udp" }, # { port = 8843, proto = "tcp" }, web ui ] content { internal = ports.value["port"] external = ports.value["port"] protocol = ports.value["proto"] ip = "fdf3:aad9:a885:77dd::2" } } volumes { volume_name = docker_volume.unifi-controller.name container_path = "/config" } dynamic "labels" { for_each = [ { label = "traefik.enable", value = "true" }, { label = "traefik.http.routers.unifi-controller.rule", value = "Host(`${local.domain_name}`)" }, { label = "traefik.http.routers.unifi-controller.entrypoints", value = "websecure" }, { label = "traefik.http.routers.unifi-controller.tls.certresolver", value = "linode" }, { label = "traefik.http.services.unifi-controller.loadbalancer.server.port", value = "8443" }, { label = "traefik.http.services.unifi-controller.loadbalancer.server.scheme", value = "https" }, # { label = "traefik.http.services.unifi-controller.loadbalancer.passHostHeader", value = "false" }, ] content { label = labels.value["label"] value = labels.value["value"] } } env = [ "PUID=1000", "PGID=1000", "MEM_LIMIT=default", ] }