diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..7a23813 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "lib/grey.ooo"] + path = lib/grey.ooo + url = https://github.com/matthewbaggett/terraform_modules.git diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index dde196d..cf8a354 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -1,6 +1,26 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. +provider "registry.terraform.io/aminueza/minio" { + version = "3.2.2" + constraints = "~> 3.0" + hashes = [ + "h1:1IBJAWUwx76o5+vUdxRCEfOG38hcrEVu32Xn06l7sOI=", + "zh:171106917383c691eb6e46d26b903671d62f861d53198cc4aa4f8b6abc5d7d04", + "zh:22a3bed9a04b255de3c539756f077c0b47e99e92d4b69a54e57635bbb67c8914", + "zh:3b35fa6847193983b03779bab68fb63086fbb3063f0a2aea48d138bd9bf6d24d", + "zh:3ccd2be2c6cc687f9637e5e2f6b0485f7ca73b1a87dfc28af8b34c1db2080f96", + "zh:427e118f2b8910b98659bc97af298a4d9a6c2a984d5fe313b9675d1cd4b6392c", + "zh:46087196a742659b4610b536b99af46e6e58edd4a8d65daf7fc72e4a9ed9ef99", + "zh:5f3154e6c89ead21ef39970e6491c1c04ab9095421fa8853eb35c1d4be7e4cc6", + "zh:5ff726bf0edb3a647cf5e066ffdbe74bcd74f0945acbbb1e2d1afb201feeb72f", + "zh:60c968d6197562fc0ffc4662034e65413b31773307d780b78aec6e1da9c606ea", + "zh:e0d21146d38744be45e42e41ea12e5b99aff3a5a39e4b0e878de05f47ceb9e74", + "zh:e8b22688852eb58b4369ae282ba99ec80c955a9608d0f7d787324d7f487a3082", + "zh:f7213700753e0225c72314e9d6756ccdb2eae18c99e393f49af55aa8e0c71e56", + ] +} + provider "registry.terraform.io/brendanthompson/scratch" { version = "0.4.0" constraints = "0.4.0, ~> 0.4" @@ -24,42 +44,42 @@ provider "registry.terraform.io/brendanthompson/scratch" { } provider "registry.terraform.io/hashicorp/local" { - version = "2.5.1" + version = "2.5.2" constraints = "~> 2.1" hashes = [ - "h1:8oTPe2VUL6E2d3OcrvqyjI4Nn/Y/UEQN26WLk5O/B0g=", - "zh:0af29ce2b7b5712319bf6424cb58d13b852bf9a777011a545fac99c7fdcdf561", - "zh:126063ea0d79dad1f68fa4e4d556793c0108ce278034f101d1dbbb2463924561", - "zh:196bfb49086f22fd4db46033e01655b0e5e036a5582d250412cc690fa7995de5", - "zh:37c92ec084d059d37d6cffdb683ccf68e3a5f8d2eb69dd73c8e43ad003ef8d24", - "zh:4269f01a98513651ad66763c16b268f4c2da76cc892ccfd54b401fff6cc11667", - "zh:51904350b9c728f963eef0c28f1d43e73d010333133eb7f30999a8fb6a0cc3d8", - "zh:73a66611359b83d0c3fcba2984610273f7954002febb8a57242bbb86d967b635", + "h1:JlMZD6nYqJ8sSrFfEAH0Vk/SL8WLZRmFaMUF9PJK5wM=", + "zh:136299545178ce281c56f36965bf91c35407c11897f7082b3b983d86cb79b511", + "zh:3b4486858aa9cb8163378722b642c57c529b6c64bfbfc9461d940a84cd66ebea", + "zh:4855ee628ead847741aa4f4fc9bed50cfdbf197f2912775dd9fe7bc43fa077c0", + "zh:4b8cd2583d1edcac4011caafe8afb7a95e8110a607a1d5fb87d921178074a69b", + "zh:52084ddaff8c8cd3f9e7bcb7ce4dc1eab00602912c96da43c29b4762dc376038", + "zh:71562d330d3f92d79b2952ffdda0dad167e952e46200c767dd30c6af8d7c0ed3", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7ae387993a92bcc379063229b3cce8af7eaf082dd9306598fcd42352994d2de0", - "zh:9e0f365f807b088646db6e4a8d4b188129d9ebdbcf2568c8ab33bddd1b82c867", - "zh:b5263acbd8ae51c9cbffa79743fbcadcb7908057c87eb22fd9048268056efbc4", - "zh:dfcd88ac5f13c0d04e24be00b686d069b4879cc4add1b7b1a8ae545783d97520", + "zh:805f81ade06ff68fa8b908d31892eaed5c180ae031c77ad35f82cb7a74b97cf4", + "zh:8b6b3ebeaaa8e38dd04e56996abe80db9be6f4c1df75ac3cccc77642899bd464", + "zh:ad07750576b99248037b897de71113cc19b1a8d0bc235eb99173cc83d0de3b1b", + "zh:b9f1c3bfadb74068f5c205292badb0661e17ac05eb23bfe8bd809691e4583d0e", + "zh:cc4cbcd67414fefb111c1bf7ab0bc4beb8c0b553d01719ad17de9a047adff4d1", ] } provider "registry.terraform.io/hashicorp/random" { - version = "3.6.2" - constraints = "~> 3.3" + version = "3.6.3" + constraints = "~> 3.3, ~> 3.5" hashes = [ - "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=", - "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", - "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", - "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", - "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", - "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", - "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", - "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", + "h1:Fnaec9vA8sZ8BXVlN3Xn9Jz3zghSETIKg7ch8oXhxno=", + "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451", + "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8", + "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe", + "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1", + "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36", + "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", - "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", - "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", - "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", + "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30", + "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615", + "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad", + "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556", + "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0", ] } diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml index 6ab6fc3..75f0b98 100644 --- a/.trunk/trunk.yaml +++ b/.trunk/trunk.yaml @@ -2,18 +2,18 @@ # To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml version: 0.1 cli: - version: 1.22.3 + version: 1.22.8 # Trunk provides extensibility via plugins. (https://docs.trunk.io/plugins) plugins: sources: - id: trunk - ref: v1.6.2 + ref: v1.6.6 uri: https://github.com/trunk-io/plugins # Many linters and tools depend on runtimes - configure them here. (https://docs.trunk.io/runtimes) runtimes: enabled: - go@1.21.0 - - node@18.12.1 + - node@18.20.5 - python@3.10.8 # This is the section where you manage your linters. (https://docs.trunk.io/check/configuration) lint: @@ -23,14 +23,14 @@ lint: - trivy - checkov enabled: - - hadolint@2.12.0 - - tflint@0.53.0 - - gitleaks@8.18.4 - - markdownlint@0.41.0 + - hadolint@2.12.1-beta + - tflint@0.54.0 + - gitleaks@8.22.1 + - markdownlint@0.43.0 - taplo@0.9.3 - - actionlint@1.7.1 + - actionlint@1.7.6 - git-diff-check - - prettier@3.3.3 + - prettier@3.4.2 - yamllint@1.35.1 definitions: - name: markdownlint @@ -45,16 +45,15 @@ actions: - trunk-upgrade-available tools: enabled: - - tfupdate@0.8.2 - - gh@2.49.2 + - tfupdate@0.8.5 + - gh@2.65.0 - jq@jq-1.7.1 - - yq@4.44.1 - - awscli@1.33.17 + - yq@4.44.6 + - awscli@1.36.35 - action-validator@0.6.0 - - act@0.2.65 + - act@0.2.71 - shellcheck@0.10.0 - - hadolint@2.12.0 - - tofu@1.8.1 + - hadolint@2.12.1-beta - trunk-toolbox@0.3.2 - - tflint@0.53.0 - - terraform@1.9.0 + - tflint@0.54.0 + - terraform@1.10.4 diff --git a/docker.tf b/docker.tf index 745ca18..67eadd3 100644 --- a/docker.tf +++ b/docker.tf @@ -7,7 +7,7 @@ provider "docker" { } } -provider "docker" { +/*provider "docker" { alias = "printi" host = "ssh://prin.ti" registry_auth { @@ -15,7 +15,7 @@ provider "docker" { username = "matthewbaggett" password = "dckr_pat_6ytcZqdfqRXzFYe5GUh79RfH1Hw" } -} +}*/ provider "docker" { alias = "unifi" diff --git a/flatcars.tf b/flatcars.tf_ similarity index 100% rename from flatcars.tf rename to flatcars.tf_ diff --git a/inputs.tf b/inputs.tf new file mode 100644 index 0000000..bf6c396 --- /dev/null +++ b/inputs.tf @@ -0,0 +1,18 @@ +variable "base_domain" { + description = "The base domain for the stack" + type = string +} +variable "acme_email" { + description = "The email address to use for ACME registration" + type = string +} +variable "treafik_defaults" { + type = object({ + ssl = bool + non-ssl = bool + }) + default = { + ssl = true + non-ssl = false + } +} \ No newline at end of file diff --git a/lib/grey.ooo b/lib/grey.ooo new file mode 160000 index 0000000..c67df52 --- /dev/null +++ b/lib/grey.ooo @@ -0,0 +1 @@ +Subproject commit c67df523d006bfd1bbda2ba6b5b4852b5151de97 diff --git a/minio.tf b/minio.tf index a528a3b..8c7804a 100644 --- a/minio.tf +++ b/minio.tf @@ -1,8 +1,15 @@ module "minio" { - source = "./modules/minio" - domain = "s3.california.ti" - network = docker_network.loadbalancer - storage_path = "/media/storage/minio" - admin_username = "techinc" - expose_ports = true + #source = "github.com/matthewbaggett/terraform_modules//products/minio" + source = "./lib/grey.ooo/products/minio" + depends_on = [module.traefik] + stack_name = "s3" + mounts = { "/media/storage/minio" = "/data" } + domain = "s3.${var.base_domain}" + placement_constraints = ["node.hostname == california"] + networks = [module.traefik.docker_network] + traefik = merge(var.treafik_defaults, { domain = "s3.${var.base_domain}" }) } +output "minio" { + value = module.minio.minio +} + diff --git a/modules/minio/inputs.tf b/modules/minio/inputs.tf deleted file mode 100644 index fe899f8..0000000 --- a/modules/minio/inputs.tf +++ /dev/null @@ -1,25 +0,0 @@ -variable "admin_username" { - type = string - description = "The username of the admin user" - default = "admin" -} -variable "domain" { - type = string - description = "The domain name of the minio instance" -} -variable "network" { - type = object({ - id = string - name = string - }) - description = "The network to attach the minio service to" -} -variable "storage_path" { - type = string - description = "The path to the storage directory to use" -} -variable "expose_ports" { - type = bool - description = "Expose the minio ports to the outside world" - default = false -} \ No newline at end of file diff --git a/modules/minio/minio.tf b/modules/minio/minio.tf deleted file mode 100644 index ef48d81..0000000 --- a/modules/minio/minio.tf +++ /dev/null @@ -1,86 +0,0 @@ -data "docker_registry_image" "minio" { - name = "quay.io/minio/minio:latest" -} - -resource "random_password" "minio_password" { - length = 32 - special = false -} - -locals { - SERVER_URL = "http://${var.domain}" - UI_URL = "http://${var.domain}/ui/" -} - -resource "docker_service" "minio" { - name = "minio" - task_spec { - container_spec { - image = "${data.docker_registry_image.minio.name}@${data.docker_registry_image.minio.sha256_digest}" - command = ["minio", "server", "/data", ] - env = { - MINIO_ADDRESS = "0.0.0.0:9000" - MINIO_CONSOLE_ADDRESS = "0.0.0.0:9001" - MINIO_ROOT_USER = var.admin_username - MINIO_ROOT_PASSWORD = random_password.minio_password.result - MINIO_SERVER_URL = local.SERVER_URL - MINIO_BROWSER_REDIRECT_URL = local.UI_URL - MINIO_BROWSER_REDIRECT = true - MINIO_API_ROOT_ACCESS = "on" - } - mounts { - target = "/data" - source = var.storage_path - type = "bind" - read_only = false - } - } - networks_advanced { - name = var.network.id - } - placement { - platforms { - architecture = "amd64" - os = "linux" - } - } - } - update_config { - parallelism = 1 - order = "stop-first" - } - dynamic "endpoint_spec" { - for_each = var.expose_ports ? toset(["aw yis"]) : toset([]) - content { - ports { - target_port = 9000 - published_port = 9000 - publish_mode = "ingress" - } - ports { - target_port = 9001 - published_port = 9001 - publish_mode = "ingress" - } - } - } -} - -module "minio_nginx_config" { - # tflint-ignore: terraform_module_pinned_source - source = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available" - hostname = var.domain - //certificate = acme_certificate.ooo_grey["s3"] - service_name = "minio_s3" - upstream_host = "${docker_service.minio.name}:9000" - config_prefix = "nginx" - extra_upstreams = [ - { - name = "minio_ui", - servers = ["${docker_service.minio.name}:9001"] - } - ] - extra_locations = file("${path.module}/minio_nginx_extra.conf") - allow_non_ssl = true - allow_ssl = false -} diff --git a/modules/minio/minio_nginx_extra.conf b/modules/minio/minio_nginx_extra.conf deleted file mode 100644 index 0f97fd8..0000000 --- a/modules/minio/minio_nginx_extra.conf +++ /dev/null @@ -1,25 +0,0 @@ - location /ui/ { - rewrite ^/ui/(.*) /$1 break; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-NginX-Proxy true; - - # This is necessary to pass the correct IP to be hashed - real_ip_header X-Real-IP; - - proxy_connect_timeout 300; - - # To support websockets in MinIO versions released after January 2023 - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress) - # Uncomment the following line to set the Origin request to an empty string - # proxy_set_header Origin ''; - - chunked_transfer_encoding off; - - proxy_pass http://minio_ui; - } diff --git a/modules/minio/outputs.tf b/modules/minio/outputs.tf deleted file mode 100644 index 90c8818..0000000 --- a/modules/minio/outputs.tf +++ /dev/null @@ -1,15 +0,0 @@ -output "auth" { - value = { - user = var.admin_username - password = nonsensitive(random_password.minio_password.result) - } -} -output "domain" { - value = local.SERVER_URL -} -output "storage_path" { - value = var.storage_path -} -output "nginx_files" { - value = module.minio_nginx_config.files -} diff --git a/modules/minio/terraform.tf b/modules/minio/terraform.tf deleted file mode 100644 index 448ac0b..0000000 --- a/modules/minio/terraform.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - docker = { - source = "kreuzwerker/docker" - version = "~>3.0" - } - random = { - source = "hashicorp/random" - version = "~>3.3" - } - } -} diff --git a/modules/vigil/configuration.tf b/modules/vigil/configuration.tf deleted file mode 100644 index b837c3d..0000000 --- a/modules/vigil/configuration.tf +++ /dev/null @@ -1,33 +0,0 @@ -locals { - services_toml = [ - for service_group, services in var.monitored_services : templatefile("${path.module}/vigil.service.toml.tpl", { - service_group_id = service_group - service_group_label = service_group - services = services - }) - ] - vigil_toml = templatefile("${path.module}/vigil.toml.tpl", { - manager_token = random_password.token["manager"].result - reporter_token = random_password.token["worker"].result - page_title = var.page_title - page_url = var.page_url - company_name = var.company_name - icon_color = var.icon_color - icon_url = var.icon_url - logo_color = var.logo_color - logo_url = var.logo_url - website_url = var.website_url - support_url = var.support_url - custom_html = var.custom_html - services = local.services_toml - startup_notification = var.notify_on_startup - telegram_enable = var.notify_telegram.token == "" ? "# " : "" // Disable telegram if token is not set - telegram_bot_token = var.notify_telegram.token - telegram_chat_id = var.notify_telegram.channel - }) - vigil_toml_checksum = md5(local.vigil_toml) -} -resource "local_file" "vigil_toml" { - filename = "${path.root}/.debug/vigil.toml" - content = local.vigil_toml -} diff --git a/modules/vigil/inputs.tf b/modules/vigil/inputs.tf deleted file mode 100644 index 1133878..0000000 --- a/modules/vigil/inputs.tf +++ /dev/null @@ -1,92 +0,0 @@ -variable "vigil_version" { - type = string - description = "The version of Vigil to deploy" - default = "v1.26.3" -} -variable "vigil_service_name" { - type = string - description = "The name of the Vigil service" - default = "vigil" -} -variable "docker_networks" { - type = list(object({ - id = string, - name = string, - })) - description = "Docker networks to connect the vigil service to" - default = null -} -variable "notify_on_startup" { - type = bool - description = "Whether to send a startup notifications" - default = false -} -variable "notify_telegram" { - type = object({ - token = string - channel = string - topic = optional(string, null) - }) - description = "Telegram configuration" - default = null -} -variable "monitored_services" { - type = map(list(object({ - id = string - label = string - endpoints = list(string) - http_method = optional(string, null) - http_status_healthy_below = optional(number, 400) - http_status_healthy_above = optional(number, 200) - }))) -} -variable "page_title" { - type = string - description = "The title of the Vigil page" - default = "Vigil" -} -variable "page_url" { - type = string - description = "The URL of the Vigil page" - default = "https://vigil.example.com" -} -variable "company_name" { - type = string - description = "The name of the company" - default = "ExampleCo" -} -variable "icon_color" { - type = string - description = "The color of the icon" - default = "#1972F5" -} -variable "icon_url" { - type = string - description = "The URL of the icon" - default = "https://example.com/icon.png" -} -variable "logo_color" { - type = string - description = "The color of the logo" - default = "#1972F5" -} -variable "logo_url" { - type = string - description = "The URL of the logo" - default = "https://example.com/logo.png" -} -variable "website_url" { - type = string - description = "The URL of the website" - default = "https://example.com" -} -variable "support_url" { - type = string - description = "The URL of the support page" - default = "https://example.com/support" -} -variable "custom_html" { - type = string - description = "Custom HTML to include in the Vigil page" - default = "" -} diff --git a/modules/vigil/outputs.tf b/modules/vigil/outputs.tf deleted file mode 100644 index 15c99df..0000000 --- a/modules/vigil/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "docker_service_name" { - value = docker_service.vigil.name -} \ No newline at end of file diff --git a/modules/vigil/terraform.tf b/modules/vigil/terraform.tf deleted file mode 100644 index 2b76e1b..0000000 --- a/modules/vigil/terraform.tf +++ /dev/null @@ -1,20 +0,0 @@ -terraform { - required_providers { - docker = { - source = "kreuzwerker/docker" - version = "~>3.0" - } - random = { - source = "hashicorp/random" - version = "~>3.3" - } - scratch = { - source = "BrendanThompson/scratch" - version = "~> 0.4" - } - local = { - source = "hashicorp/local" - version = "~>2.1" - } - } -} diff --git a/modules/vigil/vigil.service.toml.tpl b/modules/vigil/vigil.service.toml.tpl deleted file mode 100644 index be64193..0000000 --- a/modules/vigil/vigil.service.toml.tpl +++ /dev/null @@ -1,26 +0,0 @@ -[[probe.service]] -id = "${service_group_id}" -label = "${service_group_label}" - -%{ for service in services ~} -[[probe.service.node]] -id = "${service.id}" -label = "${service.label}" -mode = "poll" -reveal_replica_name = true -%{ if service.http_method != null ~} -http_method = "${service.http_method}" -%{ endif ~} -%{ if service.http_status_healthy_above != null ~} -poll_http_status_healthy_above = ${service.http_status_healthy_above} -%{ endif ~} -%{ if service.http_status_healthy_below != null ~} -poll_http_status_healthy_below = ${service.http_status_healthy_below} -%{ endif ~} -replicas = [ -%{ for endpoint in service.endpoints ~} - "${endpoint}", -%{ endfor ~} -] - -%{ endfor } \ No newline at end of file diff --git a/modules/vigil/vigil.tf b/modules/vigil/vigil.tf deleted file mode 100644 index f10882d..0000000 --- a/modules/vigil/vigil.tf +++ /dev/null @@ -1,69 +0,0 @@ -resource "random_password" "token" { - for_each = toset(["manager", "worker"]) - length = 32 - special = false -} -data "docker_registry_image" "vigil" { - name = "valeriansaliou/vigil:${var.vigil_version}" -} -resource "docker_service" "vigil" { - name = lower(var.vigil_service_name) - task_spec { - container_spec { - image = "${data.docker_registry_image.vigil.name}@${data.docker_registry_image.vigil.sha256_digest}" - healthcheck { - #test = ["CMD-SHELL", "wget -q --no-verbose --tries=1 --spider http://localhost:8080/ || exit 1"] - #interval = "10s" - #timeout = "10s" - #retries = 3 - #start_period = "1m" - # Disable healtcheck - test = ["NONE"] - } - configs { - config_id = docker_config.vigil.id - config_name = docker_config.vigil.name - file_name = "/etc/vigil.cfg" - } - } - dynamic "networks_advanced" { - for_each = var.docker_networks - content { - name = networks_advanced.value.id - } - } - restart_policy { - condition = "any" - delay = "20s" - window = "0s" - } - } - #converge_config { - # delay = "5s" - # timeout = "2m" - #} - update_config { - order = "stop-first" - parallelism = 1 - } - endpoint_spec { - ports { - target_port = 8080 - publish_mode = "ingress" - } - } -} -resource "random_id" "vigil_iter" { - byte_length = 4 - keepers = { - checksum = local.vigil_toml_checksum - } -} -resource "docker_config" "vigil" { - name = lower(join("-", [var.vigil_service_name, random_id.vigil_iter.hex])) - data = sensitive(base64encode(local.vigil_toml)) // I have marked this as sensitive just so it wont spam the hell out of the terminal with a wall of text. Its not actually sensitive. - lifecycle { - ignore_changes = [name] - create_before_destroy = true - } -} diff --git a/modules/vigil/vigil.toml.tpl b/modules/vigil/vigil.toml.tpl deleted file mode 100644 index f62c46a..0000000 --- a/modules/vigil/vigil.toml.tpl +++ /dev/null @@ -1,70 +0,0 @@ -# Vigil -# Microservices Status Page -# Configuration file -# Example: https://github.com/valeriansaliou/vigil/blob/master/config.cfg - -[server] -log_level = "debug" -inet = "0.0.0.0:8080" -workers = 4 -manager_token = "${manager_token}" -reporter_token = "${reporter_token}" - -[assets] -path = "./res/assets/" - -[branding] -page_title = "${page_title}" -page_url = "${page_url}" -company_name = "${company_name}" -icon_color = "${icon_color}" -icon_url = "${icon_url}" -logo_color = "${logo_color}" -logo_url = "${logo_url}" -website_url = "${website_url}" -support_url = "${support_url}" -custom_html = "${custom_html}" - -[metrics] -poll_interval = 15 -poll_retry = 2 -poll_http_status_healthy_above = 200 -poll_http_status_healthy_below = 400 -poll_delay_dead = 10 -poll_delay_sick = 5 -poll_parallelism = 4 -push_delay_dead = 20 -push_system_cpu_sick_above = 0.90 -push_system_ram_sick_above = 0.90 -script_interval = 300 -script_parallelism = 2 -local_delay_dead = 40 - -[plugins] - -[plugins.rabbitmq] -api_url = "http://127.0.0.1:15672" -auth_username = "rabbitmq-administrator" -auth_password = "RABBITMQ_ADMIN_PASSWORD" -virtualhost = "crisp" -queue_ready_healthy_below = 500 -queue_nack_healthy_below = 100 -queue_ready_dead_above = 20000 -queue_nack_dead_above = 5000 -queue_loaded_retry_delay = 500 - -[notify] -startup_notification = ${startup_notification} -reminder_interval = 600 -reminder_backoff_function = "linear" -reminder_backoff_limit = 3 - -${telegram_enable}[notify.telegram] -${telegram_enable}bot_token = "${telegram_bot_token}" -${telegram_enable}chat_id = "${telegram_chat_id}" - -[probe] - -%{ for service in services ~} -${service} -%{ endfor ~} \ No newline at end of file diff --git a/nginx.tf b/nginx.tf deleted file mode 100644 index a03a02a..0000000 --- a/nginx.tf +++ /dev/null @@ -1,27 +0,0 @@ -resource "docker_network" "loadbalancer" { - name = "loadbalancer" - driver = "overlay" - attachable = true - ipam_driver = "default" - ipam_config { - aux_address = {} - subnet = "172.16.0.0/16" - gateway = "172.16.0.1" - } -} - -module "nginx" { - # tflint-ignore: terraform_module_pinned_source - source = "git::https://code.techinc.nl/grey/terraform-nginx.git" - configs = concat( - module.minio.nginx_files, - //module.vigil_nginx_config.files, - module.videobucket_nginx_config.files, - //module.netbox_nginx_config.files, - module.orcaslicer_nginx_config.files, - ) - networks = [ - docker_network.loadbalancer, - ] - replicas = 2 -} diff --git a/orca-slicer.tf b/orca-slicer.tf index a4216ce..ca21eef 100644 --- a/orca-slicer.tf +++ b/orca-slicer.tf @@ -1,50 +1,18 @@ -data "docker_registry_image" "orcaslicer" { - name = "lscr.io/linuxserver/orcaslicer:latest" -} -resource "docker_volume" "orcaslicer" { - name = "orcaslicer_config" -} -resource "docker_service" "orcaslicer" { - name = "orcaslicer" - task_spec { - container_spec { - image = "${data.docker_registry_image.orcaslicer.name}@${data.docker_registry_image.orcaslicer.sha256_digest}" - env = { - PUID = 1000 - PGID = 1000 - TZ = "Europe/Amsterdam" - } - mounts { - target = "/config" - type = "volume" - source = docker_volume.orcaslicer.name - } - } - networks_advanced { - name = docker_network.loadbalancer.id - } - restart_policy { - condition = "any" - delay = "0s" - window = "0s" - } +module "orca" { + depends_on = [module.traefik] + //source = "github.com/matthewbaggett/terraform_modules//docker/service" + source = "./lib/grey.ooo/docker/service" + stack_name = "orca" + service_name = "orca" + image = "lscr.io/linuxserver/orcaslicer:latest" + environment_variables = { + PUID = 1000 + PGID = 1000 + TZ = "Europe/Amsterdam" } - endpoint_spec { - ports { - target_port = 3000 - published_port = 3000 - publish_mode = "ingress" - } + volumes = { + "orcaslicer_config" = "/config" } -} -module "orcaslicer_nginx_config" { - # tflint-ignore: terraform_module_pinned_source - source = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available" - hostname = "orca.california.ti" - //certificate = acme_certificate.ooo_grey["s3"] - service_name = docker_service.orcaslicer.name - upstream_host = "${docker_service.orcaslicer.name}:3000" - config_prefix = "nginx" - allow_non_ssl = true - allow_ssl = false -} + traefik = merge(var.treafik_defaults, { domain = "orca.${var.base_domain}", port = 3000 }) + converge_enable = false +} \ No newline at end of file diff --git a/output.tf b/output.tf deleted file mode 100644 index 64e1b82..0000000 --- a/output.tf +++ /dev/null @@ -1,4 +0,0 @@ -output "minio" { - value = module.minio -} - diff --git a/printers.tf b/printers.tf_ similarity index 100% rename from printers.tf rename to printers.tf_ diff --git a/proxmox.tf b/proxmox.tf_ similarity index 100% rename from proxmox.tf rename to proxmox.tf_ diff --git a/terraform.tf b/terraform.tf index 65e16ba..7a5888f 100644 --- a/terraform.tf +++ b/terraform.tf @@ -22,21 +22,25 @@ terraform { source = "Telmate/proxmox" version = "~> 2.9" } + minio = { + source = "aminueza/minio" + version = "~> 3.0" + } } - backend "s3" { - bucket = "terraform" - key = "ti-iac.tfstate" - profile = "techinc-tf" - shared_credentials_files = ["~/.aws/credentials"] - endpoints = { - s3 = "http://california.ti:9000" - } - region = "main" # Region validation will be skipped - skip_credentials_validation = true # Skip AWS related checks and validations - skip_requesting_account_id = true - skip_metadata_api_check = true - skip_region_validation = true - use_path_style = true # Enable path-style S3 URLs (https:/// https://developer.hashicorp.com/terraform/language/settings/backends/s3#use_path_style - } + # backend "s3" { + # bucket = "terraform" + # key = "ti-iac.tfstate" + # profile = "techinc-tf" + # shared_credentials_files = ["~/.aws/credentials"] + # endpoints = { + # s3 = "http://california.ti:9000" + # } + # region = "main" # Region validation will be skipped + # skip_credentials_validation = true # Skip AWS related checks and validations + # skip_requesting_account_id = true + # skip_metadata_api_check = true + # skip_region_validation = true + # use_path_style = true # Enable path-style S3 URLs (https:/// https://developer.hashicorp.com/terraform/language/settings/backends/s3#use_path_style + # } } diff --git a/treafik.tf b/treafik.tf new file mode 100644 index 0000000..95db1b3 --- /dev/null +++ b/treafik.tf @@ -0,0 +1,18 @@ +module "traefik" { + #source = "github.com/matthewbaggett/terraform_modules//products/traefik" + source = "./lib/grey.ooo/products/traefik" + enable_ssl = true + enable_non_ssl = true + acme_use_staging = true + acme_email = "matthew@baggett.me" + hello_service_domain = "hello.california.ti" + traefik_service_domain = "traefik.california.ti" + log_level = "DEBUG" + access_log = false + enable_ping = true + enable_docker_provider = false + enable_swarm_provider = true + enable_dashboard = true + api_insecure = true + api_debug = true +} diff --git a/ubiquity.tf b/ubiquity.tf_ similarity index 100% rename from ubiquity.tf rename to ubiquity.tf_ diff --git a/video-bucket.tf b/video-bucket.tf deleted file mode 100644 index 75e4478..0000000 --- a/video-bucket.tf +++ /dev/null @@ -1,51 +0,0 @@ -data "docker_registry_image" "video_bucket" { - name = "ghcr.io/matthewbaggett/bucket-serve:latest" -} -resource "docker_service" "video_bucket" { - name = "video-bucket" - task_spec { - container_spec { - image = "${data.docker_registry_image.video_bucket.name}@${data.docker_registry_image.video_bucket.sha256_digest}" - configs { - config_id = docker_config.video_bucket_config.id - config_name = docker_config.video_bucket_config.name - file_name = "/app/.env" - } - } - networks_advanced { - name = docker_network.loadbalancer.id - } - restart_policy { - condition = "any" - delay = "0s" - window = "0s" - } - } -} -locals { - video_bucket_config = <