Refactorin
Some checks failed
Trunk Cache / Trunk Cache (push) Has been cancelled
Trunk Check / Trunk Check Runner (push) Has been cancelled
Trunk Upgrade / Upgrade Trunk (push) Has been cancelled

This commit is contained in:
Greyscale 2025-01-09 09:01:54 +01:00
parent 661aa57a3c
commit ddde0c525a
29 changed files with 154 additions and 674 deletions

3
.gitmodules vendored Normal file
View file

@ -0,0 +1,3 @@
[submodule "lib/grey.ooo"]
path = lib/grey.ooo
url = https://github.com/matthewbaggett/terraform_modules.git

View file

@ -1,6 +1,26 @@
# This file is maintained automatically by "terraform init". # This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates. # Manual edits may be lost in future updates.
provider "registry.terraform.io/aminueza/minio" {
version = "3.2.2"
constraints = "~> 3.0"
hashes = [
"h1:1IBJAWUwx76o5+vUdxRCEfOG38hcrEVu32Xn06l7sOI=",
"zh:171106917383c691eb6e46d26b903671d62f861d53198cc4aa4f8b6abc5d7d04",
"zh:22a3bed9a04b255de3c539756f077c0b47e99e92d4b69a54e57635bbb67c8914",
"zh:3b35fa6847193983b03779bab68fb63086fbb3063f0a2aea48d138bd9bf6d24d",
"zh:3ccd2be2c6cc687f9637e5e2f6b0485f7ca73b1a87dfc28af8b34c1db2080f96",
"zh:427e118f2b8910b98659bc97af298a4d9a6c2a984d5fe313b9675d1cd4b6392c",
"zh:46087196a742659b4610b536b99af46e6e58edd4a8d65daf7fc72e4a9ed9ef99",
"zh:5f3154e6c89ead21ef39970e6491c1c04ab9095421fa8853eb35c1d4be7e4cc6",
"zh:5ff726bf0edb3a647cf5e066ffdbe74bcd74f0945acbbb1e2d1afb201feeb72f",
"zh:60c968d6197562fc0ffc4662034e65413b31773307d780b78aec6e1da9c606ea",
"zh:e0d21146d38744be45e42e41ea12e5b99aff3a5a39e4b0e878de05f47ceb9e74",
"zh:e8b22688852eb58b4369ae282ba99ec80c955a9608d0f7d787324d7f487a3082",
"zh:f7213700753e0225c72314e9d6756ccdb2eae18c99e393f49af55aa8e0c71e56",
]
}
provider "registry.terraform.io/brendanthompson/scratch" { provider "registry.terraform.io/brendanthompson/scratch" {
version = "0.4.0" version = "0.4.0"
constraints = "0.4.0, ~> 0.4" constraints = "0.4.0, ~> 0.4"
@ -24,42 +44,42 @@ provider "registry.terraform.io/brendanthompson/scratch" {
} }
provider "registry.terraform.io/hashicorp/local" { provider "registry.terraform.io/hashicorp/local" {
version = "2.5.1" version = "2.5.2"
constraints = "~> 2.1" constraints = "~> 2.1"
hashes = [ hashes = [
"h1:8oTPe2VUL6E2d3OcrvqyjI4Nn/Y/UEQN26WLk5O/B0g=", "h1:JlMZD6nYqJ8sSrFfEAH0Vk/SL8WLZRmFaMUF9PJK5wM=",
"zh:0af29ce2b7b5712319bf6424cb58d13b852bf9a777011a545fac99c7fdcdf561", "zh:136299545178ce281c56f36965bf91c35407c11897f7082b3b983d86cb79b511",
"zh:126063ea0d79dad1f68fa4e4d556793c0108ce278034f101d1dbbb2463924561", "zh:3b4486858aa9cb8163378722b642c57c529b6c64bfbfc9461d940a84cd66ebea",
"zh:196bfb49086f22fd4db46033e01655b0e5e036a5582d250412cc690fa7995de5", "zh:4855ee628ead847741aa4f4fc9bed50cfdbf197f2912775dd9fe7bc43fa077c0",
"zh:37c92ec084d059d37d6cffdb683ccf68e3a5f8d2eb69dd73c8e43ad003ef8d24", "zh:4b8cd2583d1edcac4011caafe8afb7a95e8110a607a1d5fb87d921178074a69b",
"zh:4269f01a98513651ad66763c16b268f4c2da76cc892ccfd54b401fff6cc11667", "zh:52084ddaff8c8cd3f9e7bcb7ce4dc1eab00602912c96da43c29b4762dc376038",
"zh:51904350b9c728f963eef0c28f1d43e73d010333133eb7f30999a8fb6a0cc3d8", "zh:71562d330d3f92d79b2952ffdda0dad167e952e46200c767dd30c6af8d7c0ed3",
"zh:73a66611359b83d0c3fcba2984610273f7954002febb8a57242bbb86d967b635",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:7ae387993a92bcc379063229b3cce8af7eaf082dd9306598fcd42352994d2de0", "zh:805f81ade06ff68fa8b908d31892eaed5c180ae031c77ad35f82cb7a74b97cf4",
"zh:9e0f365f807b088646db6e4a8d4b188129d9ebdbcf2568c8ab33bddd1b82c867", "zh:8b6b3ebeaaa8e38dd04e56996abe80db9be6f4c1df75ac3cccc77642899bd464",
"zh:b5263acbd8ae51c9cbffa79743fbcadcb7908057c87eb22fd9048268056efbc4", "zh:ad07750576b99248037b897de71113cc19b1a8d0bc235eb99173cc83d0de3b1b",
"zh:dfcd88ac5f13c0d04e24be00b686d069b4879cc4add1b7b1a8ae545783d97520", "zh:b9f1c3bfadb74068f5c205292badb0661e17ac05eb23bfe8bd809691e4583d0e",
"zh:cc4cbcd67414fefb111c1bf7ab0bc4beb8c0b553d01719ad17de9a047adff4d1",
] ]
} }
provider "registry.terraform.io/hashicorp/random" { provider "registry.terraform.io/hashicorp/random" {
version = "3.6.2" version = "3.6.3"
constraints = "~> 3.3" constraints = "~> 3.3, ~> 3.5"
hashes = [ hashes = [
"h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=", "h1:Fnaec9vA8sZ8BXVlN3Xn9Jz3zghSETIKg7ch8oXhxno=",
"zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451",
"zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8",
"zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe",
"zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1",
"zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36",
"zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e",
"zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30",
"zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615",
"zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad",
"zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556",
"zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0",
] ]
} }

View file

@ -2,18 +2,18 @@
# To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml # To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml
version: 0.1 version: 0.1
cli: cli:
version: 1.22.3 version: 1.22.8
# Trunk provides extensibility via plugins. (https://docs.trunk.io/plugins) # Trunk provides extensibility via plugins. (https://docs.trunk.io/plugins)
plugins: plugins:
sources: sources:
- id: trunk - id: trunk
ref: v1.6.2 ref: v1.6.6
uri: https://github.com/trunk-io/plugins uri: https://github.com/trunk-io/plugins
# Many linters and tools depend on runtimes - configure them here. (https://docs.trunk.io/runtimes) # Many linters and tools depend on runtimes - configure them here. (https://docs.trunk.io/runtimes)
runtimes: runtimes:
enabled: enabled:
- go@1.21.0 - go@1.21.0
- node@18.12.1 - node@18.20.5
- python@3.10.8 - python@3.10.8
# This is the section where you manage your linters. (https://docs.trunk.io/check/configuration) # This is the section where you manage your linters. (https://docs.trunk.io/check/configuration)
lint: lint:
@ -23,14 +23,14 @@ lint:
- trivy - trivy
- checkov - checkov
enabled: enabled:
- hadolint@2.12.0 - hadolint@2.12.1-beta
- tflint@0.53.0 - tflint@0.54.0
- gitleaks@8.18.4 - gitleaks@8.22.1
- markdownlint@0.41.0 - markdownlint@0.43.0
- taplo@0.9.3 - taplo@0.9.3
- actionlint@1.7.1 - actionlint@1.7.6
- git-diff-check - git-diff-check
- prettier@3.3.3 - prettier@3.4.2
- yamllint@1.35.1 - yamllint@1.35.1
definitions: definitions:
- name: markdownlint - name: markdownlint
@ -45,16 +45,15 @@ actions:
- trunk-upgrade-available - trunk-upgrade-available
tools: tools:
enabled: enabled:
- tfupdate@0.8.2 - tfupdate@0.8.5
- gh@2.49.2 - gh@2.65.0
- jq@jq-1.7.1 - jq@jq-1.7.1
- yq@4.44.1 - yq@4.44.6
- awscli@1.33.17 - awscli@1.36.35
- action-validator@0.6.0 - action-validator@0.6.0
- act@0.2.65 - act@0.2.71
- shellcheck@0.10.0 - shellcheck@0.10.0
- hadolint@2.12.0 - hadolint@2.12.1-beta
- tofu@1.8.1
- trunk-toolbox@0.3.2 - trunk-toolbox@0.3.2
- tflint@0.53.0 - tflint@0.54.0
- terraform@1.9.0 - terraform@1.10.4

View file

@ -7,7 +7,7 @@ provider "docker" {
} }
} }
provider "docker" { /*provider "docker" {
alias = "printi" alias = "printi"
host = "ssh://prin.ti" host = "ssh://prin.ti"
registry_auth { registry_auth {
@ -15,7 +15,7 @@ provider "docker" {
username = "matthewbaggett" username = "matthewbaggett"
password = "dckr_pat_6ytcZqdfqRXzFYe5GUh79RfH1Hw" password = "dckr_pat_6ytcZqdfqRXzFYe5GUh79RfH1Hw"
} }
} }*/
provider "docker" { provider "docker" {
alias = "unifi" alias = "unifi"

18
inputs.tf Normal file
View file

@ -0,0 +1,18 @@
variable "base_domain" {
description = "The base domain for the stack"
type = string
}
variable "acme_email" {
description = "The email address to use for ACME registration"
type = string
}
variable "treafik_defaults" {
type = object({
ssl = bool
non-ssl = bool
})
default = {
ssl = true
non-ssl = false
}
}

1
lib/grey.ooo Submodule

@ -0,0 +1 @@
Subproject commit c67df523d006bfd1bbda2ba6b5b4852b5151de97

View file

@ -1,8 +1,15 @@
module "minio" { module "minio" {
source = "./modules/minio" #source = "github.com/matthewbaggett/terraform_modules//products/minio"
domain = "s3.california.ti" source = "./lib/grey.ooo/products/minio"
network = docker_network.loadbalancer depends_on = [module.traefik]
storage_path = "/media/storage/minio" stack_name = "s3"
admin_username = "techinc" mounts = { "/media/storage/minio" = "/data" }
expose_ports = true domain = "s3.${var.base_domain}"
placement_constraints = ["node.hostname == california"]
networks = [module.traefik.docker_network]
traefik = merge(var.treafik_defaults, { domain = "s3.${var.base_domain}" })
} }
output "minio" {
value = module.minio.minio
}

View file

@ -1,25 +0,0 @@
variable "admin_username" {
type = string
description = "The username of the admin user"
default = "admin"
}
variable "domain" {
type = string
description = "The domain name of the minio instance"
}
variable "network" {
type = object({
id = string
name = string
})
description = "The network to attach the minio service to"
}
variable "storage_path" {
type = string
description = "The path to the storage directory to use"
}
variable "expose_ports" {
type = bool
description = "Expose the minio ports to the outside world"
default = false
}

View file

@ -1,86 +0,0 @@
data "docker_registry_image" "minio" {
name = "quay.io/minio/minio:latest"
}
resource "random_password" "minio_password" {
length = 32
special = false
}
locals {
SERVER_URL = "http://${var.domain}"
UI_URL = "http://${var.domain}/ui/"
}
resource "docker_service" "minio" {
name = "minio"
task_spec {
container_spec {
image = "${data.docker_registry_image.minio.name}@${data.docker_registry_image.minio.sha256_digest}"
command = ["minio", "server", "/data", ]
env = {
MINIO_ADDRESS = "0.0.0.0:9000"
MINIO_CONSOLE_ADDRESS = "0.0.0.0:9001"
MINIO_ROOT_USER = var.admin_username
MINIO_ROOT_PASSWORD = random_password.minio_password.result
MINIO_SERVER_URL = local.SERVER_URL
MINIO_BROWSER_REDIRECT_URL = local.UI_URL
MINIO_BROWSER_REDIRECT = true
MINIO_API_ROOT_ACCESS = "on"
}
mounts {
target = "/data"
source = var.storage_path
type = "bind"
read_only = false
}
}
networks_advanced {
name = var.network.id
}
placement {
platforms {
architecture = "amd64"
os = "linux"
}
}
}
update_config {
parallelism = 1
order = "stop-first"
}
dynamic "endpoint_spec" {
for_each = var.expose_ports ? toset(["aw yis"]) : toset([])
content {
ports {
target_port = 9000
published_port = 9000
publish_mode = "ingress"
}
ports {
target_port = 9001
published_port = 9001
publish_mode = "ingress"
}
}
}
}
module "minio_nginx_config" {
# tflint-ignore: terraform_module_pinned_source
source = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available"
hostname = var.domain
//certificate = acme_certificate.ooo_grey["s3"]
service_name = "minio_s3"
upstream_host = "${docker_service.minio.name}:9000"
config_prefix = "nginx"
extra_upstreams = [
{
name = "minio_ui",
servers = ["${docker_service.minio.name}:9001"]
}
]
extra_locations = file("${path.module}/minio_nginx_extra.conf")
allow_non_ssl = true
allow_ssl = false
}

View file

@ -1,25 +0,0 @@
location /ui/ {
rewrite ^/ui/(.*) /$1 break;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
# This is necessary to pass the correct IP to be hashed
real_ip_header X-Real-IP;
proxy_connect_timeout 300;
# To support websockets in MinIO versions released after January 2023
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
# Uncomment the following line to set the Origin request to an empty string
# proxy_set_header Origin '';
chunked_transfer_encoding off;
proxy_pass http://minio_ui;
}

View file

@ -1,15 +0,0 @@
output "auth" {
value = {
user = var.admin_username
password = nonsensitive(random_password.minio_password.result)
}
}
output "domain" {
value = local.SERVER_URL
}
output "storage_path" {
value = var.storage_path
}
output "nginx_files" {
value = module.minio_nginx_config.files
}

View file

@ -1,12 +0,0 @@
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "~>3.0"
}
random = {
source = "hashicorp/random"
version = "~>3.3"
}
}
}

View file

@ -1,33 +0,0 @@
locals {
services_toml = [
for service_group, services in var.monitored_services : templatefile("${path.module}/vigil.service.toml.tpl", {
service_group_id = service_group
service_group_label = service_group
services = services
})
]
vigil_toml = templatefile("${path.module}/vigil.toml.tpl", {
manager_token = random_password.token["manager"].result
reporter_token = random_password.token["worker"].result
page_title = var.page_title
page_url = var.page_url
company_name = var.company_name
icon_color = var.icon_color
icon_url = var.icon_url
logo_color = var.logo_color
logo_url = var.logo_url
website_url = var.website_url
support_url = var.support_url
custom_html = var.custom_html
services = local.services_toml
startup_notification = var.notify_on_startup
telegram_enable = var.notify_telegram.token == "" ? "# " : "" // Disable telegram if token is not set
telegram_bot_token = var.notify_telegram.token
telegram_chat_id = var.notify_telegram.channel
})
vigil_toml_checksum = md5(local.vigil_toml)
}
resource "local_file" "vigil_toml" {
filename = "${path.root}/.debug/vigil.toml"
content = local.vigil_toml
}

View file

@ -1,92 +0,0 @@
variable "vigil_version" {
type = string
description = "The version of Vigil to deploy"
default = "v1.26.3"
}
variable "vigil_service_name" {
type = string
description = "The name of the Vigil service"
default = "vigil"
}
variable "docker_networks" {
type = list(object({
id = string,
name = string,
}))
description = "Docker networks to connect the vigil service to"
default = null
}
variable "notify_on_startup" {
type = bool
description = "Whether to send a startup notifications"
default = false
}
variable "notify_telegram" {
type = object({
token = string
channel = string
topic = optional(string, null)
})
description = "Telegram configuration"
default = null
}
variable "monitored_services" {
type = map(list(object({
id = string
label = string
endpoints = list(string)
http_method = optional(string, null)
http_status_healthy_below = optional(number, 400)
http_status_healthy_above = optional(number, 200)
})))
}
variable "page_title" {
type = string
description = "The title of the Vigil page"
default = "Vigil"
}
variable "page_url" {
type = string
description = "The URL of the Vigil page"
default = "https://vigil.example.com"
}
variable "company_name" {
type = string
description = "The name of the company"
default = "ExampleCo"
}
variable "icon_color" {
type = string
description = "The color of the icon"
default = "#1972F5"
}
variable "icon_url" {
type = string
description = "The URL of the icon"
default = "https://example.com/icon.png"
}
variable "logo_color" {
type = string
description = "The color of the logo"
default = "#1972F5"
}
variable "logo_url" {
type = string
description = "The URL of the logo"
default = "https://example.com/logo.png"
}
variable "website_url" {
type = string
description = "The URL of the website"
default = "https://example.com"
}
variable "support_url" {
type = string
description = "The URL of the support page"
default = "https://example.com/support"
}
variable "custom_html" {
type = string
description = "Custom HTML to include in the Vigil page"
default = ""
}

View file

@ -1,3 +0,0 @@
output "docker_service_name" {
value = docker_service.vigil.name
}

View file

@ -1,20 +0,0 @@
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "~>3.0"
}
random = {
source = "hashicorp/random"
version = "~>3.3"
}
scratch = {
source = "BrendanThompson/scratch"
version = "~> 0.4"
}
local = {
source = "hashicorp/local"
version = "~>2.1"
}
}
}

View file

@ -1,26 +0,0 @@
[[probe.service]]
id = "${service_group_id}"
label = "${service_group_label}"
%{ for service in services ~}
[[probe.service.node]]
id = "${service.id}"
label = "${service.label}"
mode = "poll"
reveal_replica_name = true
%{ if service.http_method != null ~}
http_method = "${service.http_method}"
%{ endif ~}
%{ if service.http_status_healthy_above != null ~}
poll_http_status_healthy_above = ${service.http_status_healthy_above}
%{ endif ~}
%{ if service.http_status_healthy_below != null ~}
poll_http_status_healthy_below = ${service.http_status_healthy_below}
%{ endif ~}
replicas = [
%{ for endpoint in service.endpoints ~}
"${endpoint}",
%{ endfor ~}
]
%{ endfor }

View file

@ -1,69 +0,0 @@
resource "random_password" "token" {
for_each = toset(["manager", "worker"])
length = 32
special = false
}
data "docker_registry_image" "vigil" {
name = "valeriansaliou/vigil:${var.vigil_version}"
}
resource "docker_service" "vigil" {
name = lower(var.vigil_service_name)
task_spec {
container_spec {
image = "${data.docker_registry_image.vigil.name}@${data.docker_registry_image.vigil.sha256_digest}"
healthcheck {
#test = ["CMD-SHELL", "wget -q --no-verbose --tries=1 --spider http://localhost:8080/ || exit 1"]
#interval = "10s"
#timeout = "10s"
#retries = 3
#start_period = "1m"
# Disable healtcheck
test = ["NONE"]
}
configs {
config_id = docker_config.vigil.id
config_name = docker_config.vigil.name
file_name = "/etc/vigil.cfg"
}
}
dynamic "networks_advanced" {
for_each = var.docker_networks
content {
name = networks_advanced.value.id
}
}
restart_policy {
condition = "any"
delay = "20s"
window = "0s"
}
}
#converge_config {
# delay = "5s"
# timeout = "2m"
#}
update_config {
order = "stop-first"
parallelism = 1
}
endpoint_spec {
ports {
target_port = 8080
publish_mode = "ingress"
}
}
}
resource "random_id" "vigil_iter" {
byte_length = 4
keepers = {
checksum = local.vigil_toml_checksum
}
}
resource "docker_config" "vigil" {
name = lower(join("-", [var.vigil_service_name, random_id.vigil_iter.hex]))
data = sensitive(base64encode(local.vigil_toml)) // I have marked this as sensitive just so it wont spam the hell out of the terminal with a wall of text. Its not actually sensitive.
lifecycle {
ignore_changes = [name]
create_before_destroy = true
}
}

View file

@ -1,70 +0,0 @@
# Vigil
# Microservices Status Page
# Configuration file
# Example: https://github.com/valeriansaliou/vigil/blob/master/config.cfg
[server]
log_level = "debug"
inet = "0.0.0.0:8080"
workers = 4
manager_token = "${manager_token}"
reporter_token = "${reporter_token}"
[assets]
path = "./res/assets/"
[branding]
page_title = "${page_title}"
page_url = "${page_url}"
company_name = "${company_name}"
icon_color = "${icon_color}"
icon_url = "${icon_url}"
logo_color = "${logo_color}"
logo_url = "${logo_url}"
website_url = "${website_url}"
support_url = "${support_url}"
custom_html = "${custom_html}"
[metrics]
poll_interval = 15
poll_retry = 2
poll_http_status_healthy_above = 200
poll_http_status_healthy_below = 400
poll_delay_dead = 10
poll_delay_sick = 5
poll_parallelism = 4
push_delay_dead = 20
push_system_cpu_sick_above = 0.90
push_system_ram_sick_above = 0.90
script_interval = 300
script_parallelism = 2
local_delay_dead = 40
[plugins]
[plugins.rabbitmq]
api_url = "http://127.0.0.1:15672"
auth_username = "rabbitmq-administrator"
auth_password = "RABBITMQ_ADMIN_PASSWORD"
virtualhost = "crisp"
queue_ready_healthy_below = 500
queue_nack_healthy_below = 100
queue_ready_dead_above = 20000
queue_nack_dead_above = 5000
queue_loaded_retry_delay = 500
[notify]
startup_notification = ${startup_notification}
reminder_interval = 600
reminder_backoff_function = "linear"
reminder_backoff_limit = 3
${telegram_enable}[notify.telegram]
${telegram_enable}bot_token = "${telegram_bot_token}"
${telegram_enable}chat_id = "${telegram_chat_id}"
[probe]
%{ for service in services ~}
${service}
%{ endfor ~}

View file

@ -1,27 +0,0 @@
resource "docker_network" "loadbalancer" {
name = "loadbalancer"
driver = "overlay"
attachable = true
ipam_driver = "default"
ipam_config {
aux_address = {}
subnet = "172.16.0.0/16"
gateway = "172.16.0.1"
}
}
module "nginx" {
# tflint-ignore: terraform_module_pinned_source
source = "git::https://code.techinc.nl/grey/terraform-nginx.git"
configs = concat(
module.minio.nginx_files,
//module.vigil_nginx_config.files,
module.videobucket_nginx_config.files,
//module.netbox_nginx_config.files,
module.orcaslicer_nginx_config.files,
)
networks = [
docker_network.loadbalancer,
]
replicas = 2
}

View file

@ -1,50 +1,18 @@
data "docker_registry_image" "orcaslicer" { module "orca" {
name = "lscr.io/linuxserver/orcaslicer:latest" depends_on = [module.traefik]
} //source = "github.com/matthewbaggett/terraform_modules//docker/service"
resource "docker_volume" "orcaslicer" { source = "./lib/grey.ooo/docker/service"
name = "orcaslicer_config" stack_name = "orca"
} service_name = "orca"
resource "docker_service" "orcaslicer" { image = "lscr.io/linuxserver/orcaslicer:latest"
name = "orcaslicer" environment_variables = {
task_spec {
container_spec {
image = "${data.docker_registry_image.orcaslicer.name}@${data.docker_registry_image.orcaslicer.sha256_digest}"
env = {
PUID = 1000 PUID = 1000
PGID = 1000 PGID = 1000
TZ = "Europe/Amsterdam" TZ = "Europe/Amsterdam"
} }
mounts { volumes = {
target = "/config" "orcaslicer_config" = "/config"
type = "volume"
source = docker_volume.orcaslicer.name
} }
} traefik = merge(var.treafik_defaults, { domain = "orca.${var.base_domain}", port = 3000 })
networks_advanced { converge_enable = false
name = docker_network.loadbalancer.id
}
restart_policy {
condition = "any"
delay = "0s"
window = "0s"
}
}
endpoint_spec {
ports {
target_port = 3000
published_port = 3000
publish_mode = "ingress"
}
}
}
module "orcaslicer_nginx_config" {
# tflint-ignore: terraform_module_pinned_source
source = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available"
hostname = "orca.california.ti"
//certificate = acme_certificate.ooo_grey["s3"]
service_name = docker_service.orcaslicer.name
upstream_host = "${docker_service.orcaslicer.name}:3000"
config_prefix = "nginx"
allow_non_ssl = true
allow_ssl = false
} }

View file

@ -1,4 +0,0 @@
output "minio" {
value = module.minio
}

View file

@ -22,21 +22,25 @@ terraform {
source = "Telmate/proxmox" source = "Telmate/proxmox"
version = "~> 2.9" version = "~> 2.9"
} }
minio = {
source = "aminueza/minio"
version = "~> 3.0"
}
} }
backend "s3" { # backend "s3" {
bucket = "terraform" # bucket = "terraform"
key = "ti-iac.tfstate" # key = "ti-iac.tfstate"
profile = "techinc-tf" # profile = "techinc-tf"
shared_credentials_files = ["~/.aws/credentials"] # shared_credentials_files = ["~/.aws/credentials"]
endpoints = { # endpoints = {
s3 = "http://california.ti:9000" # s3 = "http://california.ti:9000"
} # }
region = "main" # Region validation will be skipped # region = "main" # Region validation will be skipped
skip_credentials_validation = true # Skip AWS related checks and validations # skip_credentials_validation = true # Skip AWS related checks and validations
skip_requesting_account_id = true # skip_requesting_account_id = true
skip_metadata_api_check = true # skip_metadata_api_check = true
skip_region_validation = true # skip_region_validation = true
use_path_style = true # Enable path-style S3 URLs (https://<HOST>/<BUCKET> https://developer.hashicorp.com/terraform/language/settings/backends/s3#use_path_style # use_path_style = true # Enable path-style S3 URLs (https://<HOST>/<BUCKET> https://developer.hashicorp.com/terraform/language/settings/backends/s3#use_path_style
} # }
} }

18
treafik.tf Normal file
View file

@ -0,0 +1,18 @@
module "traefik" {
#source = "github.com/matthewbaggett/terraform_modules//products/traefik"
source = "./lib/grey.ooo/products/traefik"
enable_ssl = true
enable_non_ssl = true
acme_use_staging = true
acme_email = "matthew@baggett.me"
hello_service_domain = "hello.california.ti"
traefik_service_domain = "traefik.california.ti"
log_level = "DEBUG"
access_log = false
enable_ping = true
enable_docker_provider = false
enable_swarm_provider = true
enable_dashboard = true
api_insecure = true
api_debug = true
}

View file

@ -1,51 +0,0 @@
data "docker_registry_image" "video_bucket" {
name = "ghcr.io/matthewbaggett/bucket-serve:latest"
}
resource "docker_service" "video_bucket" {
name = "video-bucket"
task_spec {
container_spec {
image = "${data.docker_registry_image.video_bucket.name}@${data.docker_registry_image.video_bucket.sha256_digest}"
configs {
config_id = docker_config.video_bucket_config.id
config_name = docker_config.video_bucket_config.name
file_name = "/app/.env"
}
}
networks_advanced {
name = docker_network.loadbalancer.id
}
restart_policy {
condition = "any"
delay = "0s"
window = "0s"
}
}
}
locals {
video_bucket_config = <<EOF
S3_ENDPOINT=http://s3.california.ti
S3_BUCKET=video
S3_KEY=Ipi5Xh1b2UgcGiLSLLpQ
S3_SECRET=E4xMwB44MT4tGLStJnZTwQbuDNHL1KR9M4I8taBT
EOF
}
resource "docker_config" "video_bucket_config" {
name = "video_bucket_config_${substr(md5(local.video_bucket_config), 0, 7)}"
data = base64encode(local.video_bucket_config)
lifecycle {
ignore_changes = [name]
create_before_destroy = true
}
}
module "videobucket_nginx_config" {
# tflint-ignore: terraform_module_pinned_source
source = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available"
hostname = "video.california.ti"
//certificate = acme_certificate.ooo_grey["s3"]
service_name = docker_service.video_bucket.name
upstream_host = "${docker_service.video_bucket.name}:80"
config_prefix = "nginx"
allow_non_ssl = true
allow_ssl = false
}