Compare commits

...

11 commits

Author SHA1 Message Date
gitea-actions
b56fa28b31 Upgrade trunk 2024-07-15 09:02:47 +00:00
5f01e175a8 Add duplicate of unifi system for restoring a backup
Some checks failed
Trunk Check / Trunk Check Runner (push) Failing after 2s
2024-07-14 13:14:07 +02:00
3ce144ce24 add toilet AP 2024-07-14 13:14:04 +02:00
793568095e Telegrammy bits - Requires a patch to vigil itself.
Some checks failed
Trunk Check / Trunk Check Runner (push) Failing after 2s
2024-07-09 11:58:20 +02:00
4482dbb3c6 Updating vigil bits
Some checks failed
Trunk Check / Trunk Check Runner (push) Failing after 1s
2024-07-08 17:59:57 +02:00
e8a89352e2 fmt
Some checks failed
Trunk Check / Trunk Check Runner (push) Failing after 2s
2024-07-08 17:57:53 +02:00
7dd930d465 Add s3 backend store 2024-07-08 17:57:39 +02:00
7161564458 Expose ports 9000 and 9001 for minio 2024-07-08 17:51:54 +02:00
f23b6fbb2f Parking netbox for the night
Some checks failed
Trunk Check / Trunk Check Runner (push) Failing after 5s
2024-07-04 02:04:32 +02:00
5863de84aa fmt 2024-07-04 01:10:04 +02:00
5d77766197 Fix ender redeploying itself. 2024-07-04 01:09:08 +02:00
16 changed files with 322 additions and 138 deletions

1
.gitignore vendored
View file

@ -4,3 +4,4 @@
/terraform.tfstate* /terraform.tfstate*
/.terraform.tfstate* /.terraform.tfstate*
/.github/cache /.github/cache
/terraform.tfvars

View file

@ -24,13 +24,13 @@ lint:
- checkov - checkov
enabled: enabled:
- hadolint@2.12.0 - hadolint@2.12.0
- tflint@0.51.1 - tflint@0.52.0
- gitleaks@8.18.4 - gitleaks@8.18.4
- markdownlint@0.41.0 - markdownlint@0.41.0
- taplo@0.8.1 - taplo@0.9.2
- actionlint@1.7.1 - actionlint@1.7.1
- git-diff-check - git-diff-check
- prettier@3.3.2 - prettier@3.3.3
- yamllint@1.35.1 - yamllint@1.35.1
definitions: definitions:
- name: markdownlint - name: markdownlint
@ -49,12 +49,12 @@ tools:
- gh@2.49.2 - gh@2.49.2
- jq@jq-1.7.1 - jq@jq-1.7.1
- yq@4.44.1 - yq@4.44.1
- awscli@1.33.17 - awscli@1.33.26
- action-validator@0.6.0 - action-validator@0.6.0
- act@0.2.63 - act@0.2.64
- shellcheck@0.10.0 - shellcheck@0.10.0
- hadolint@2.12.0 - hadolint@2.12.0
- tofu@1.7.2 - tofu@1.7.2
- trunk-toolbox@0.3.2 - trunk-toolbox@0.3.2
- tflint@0.51.1 - tflint@0.52.0
- terraform@1.9.0 - terraform@1.9.0

View file

@ -1,33 +1,28 @@
/*provider "ssh" {
server = {
host = "california.ti"
port = 22
}
user = "techinc"
auth = {
private_key = {
content = file("~/.ssh/keys/exploding_bolts_2_rsa")
}
}
}
data "ssh_tunnel" "docker" {
connection_name = "docker_socket_tunnel_california"
remote = {
socket = "/var/run/docker.sock"
}
}
*/
provider "docker" { provider "docker" {
host = "ssh://california.ti" host = "ssh://california.ti"
registry_auth {
address = "docker.io"
username = "matthewbaggett"
password = "dckr_pat_6ytcZqdfqRXzFYe5GUh79RfH1Hw"
}
} }
provider "docker" { provider "docker" {
alias = "printi" alias = "printi"
host = "ssh://prin.ti" host = "ssh://prin.ti"
registry_auth {
address = "docker.io"
username = "matthewbaggett"
password = "dckr_pat_6ytcZqdfqRXzFYe5GUh79RfH1Hw"
}
} }
provider "docker" { provider "docker" {
alias = "unifi" alias = "unifi"
host = "ssh://unifi.ti" host = "ssh://unifi.ti"
registry_auth {
address = "docker.io"
username = "matthewbaggett"
password = "dckr_pat_6ytcZqdfqRXzFYe5GUh79RfH1Hw"
}
} }

View file

@ -4,4 +4,5 @@ module "minio" {
network = docker_network.loadbalancer network = docker_network.loadbalancer
storage_path = "/media/storage/minio" storage_path = "/media/storage/minio"
admin_username = "techinc" admin_username = "techinc"
expose_ports = true
} }

View file

@ -18,3 +18,8 @@ variable "storage_path" {
type = string type = string
description = "The path to the storage directory to use" description = "The path to the storage directory to use"
} }
variable "expose_ports" {
type = bool
description = "Expose the minio ports to the outside world"
default = false
}

View file

@ -49,6 +49,21 @@ resource "docker_service" "minio" {
parallelism = 1 parallelism = 1
order = "stop-first" order = "stop-first"
} }
dynamic "endpoint_spec" {
for_each = var.expose_ports ? toset(["aw yis"]) : toset([])
content {
ports {
target_port = 9000
published_port = 9000
publish_mode = "ingress"
}
ports {
target_port = 9001
published_port = 9001
publish_mode = "ingress"
}
}
}
} }
module "minio_nginx_config" { module "minio_nginx_config" {

View file

@ -7,19 +7,22 @@ locals {
}) })
] ]
vigil_toml = templatefile("${path.module}/vigil.toml.tpl", { vigil_toml = templatefile("${path.module}/vigil.toml.tpl", {
manager_token = random_password.token["manager"].result manager_token = random_password.token["manager"].result
reporter_token = random_password.token["worker"].result reporter_token = random_password.token["worker"].result
page_title = var.page_title page_title = var.page_title
page_url = var.page_url page_url = var.page_url
company_name = var.company_name company_name = var.company_name
icon_color = var.icon_color icon_color = var.icon_color
icon_url = var.icon_url icon_url = var.icon_url
logo_color = var.logo_color logo_color = var.logo_color
logo_url = var.logo_url logo_url = var.logo_url
website_url = var.website_url website_url = var.website_url
support_url = var.support_url support_url = var.support_url
custom_html = var.custom_html custom_html = var.custom_html
services = local.services_toml services = local.services_toml
startup_notification = var.notify_on_startup
telegram_bot_token = var.notify_telegram.token
telegram_chat_id = var.notify_telegram.channel
}) })
vigil_toml_checksum = md5(local.vigil_toml) vigil_toml_checksum = md5(local.vigil_toml)
} }

View file

@ -16,17 +16,29 @@ variable "docker_networks" {
description = "Docker networks to connect the vigil service to" description = "Docker networks to connect the vigil service to"
default = null default = null
} }
variable "notify_on_startup" {
type = bool
description = "Whether to send a startup notifications"
default = false
}
variable "notify_telegram" {
type = object({
token = string
channel = string
topic = optional(string, null)
})
description = "Telegram configuration"
default = null
}
variable "monitored_services" { variable "monitored_services" {
type = map(list(object({ type = map(list(object({
id = string id = string
label = string label = string
endpoints = list(string) endpoints = list(string)
http_method = optional(string, null) http_method = optional(string, null)
http_status_healthy_below = optional(number, 400) http_status_healthy_below = optional(number, 400)
http_status_healthy_above = optional(number, 200) http_status_healthy_above = optional(number, 200)
}))) })))
} }
variable "page_title" { variable "page_title" {
type = string type = string

View file

@ -54,14 +54,14 @@ queue_nack_dead_above = 5000
queue_loaded_retry_delay = 500 queue_loaded_retry_delay = 500
[notify] [notify]
startup_notification = false startup_notification = ${startup_notification}
reminder_interval = 600 reminder_interval = 600
reminder_backoff_function = "linear" reminder_backoff_function = "linear"
reminder_backoff_limit = 3 reminder_backoff_limit = 3
#[notify.telegram] [notify.telegram]
#bot_token = "xxxxxxxxxx:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" bot_token = "${telegram_bot_token}"
#chat_id = "xxxxxxxxx" chat_id = "${telegram_chat_id}"
[probe] [probe]

210
netbox.tf
View file

@ -1,17 +1,20 @@
# Docker images in use # Docker images in use
data "docker_registry_image" "netbox" { data "docker_registry_image" "netbox" {
name = "docker.io/netboxcommunity/netbox:v4.0-2.9.1" name = "netboxcommunity/netbox:v4.0-2.9.1"
} }
data "docker_registry_image" "netbox_postgres" { data "docker_registry_image" "netbox_postgres" {
name = "docker.io/postgres:16-alpine" name = "postgres:16-alpine"
} }
data "docker_registry_image" "netbox_redis" { data "docker_registry_image" "netbox_redis" {
name = "docker.io/redis:7-alpine" name = "redis:7-alpine"
} }
# Docker Network # Docker Network
resource "docker_network" "netbox" { resource "docker_network" "netbox" {
name = "netbox" name = "netbox"
driver = "overlay"
attachable = true
ipam_driver = "default"
} }
# Docker Volumes # Docker Volumes
@ -39,54 +42,64 @@ resource "docker_volume" "netbox_cache" {
# Configs # Configs
resource "random_password" "postgres_password" { resource "random_password" "postgres_password" {
length = 32 length = 32
special = false special = false
} }
resource "random_password" "redis_password" { resource "random_password" "redis_password" {
length = 32 length = 32
special = false
}
resource "random_password" "redis_cache_password" {
length = 32
special = false
}
resource "random_password" "secret_key" {
length = 50
special = false special = false
} }
locals { locals {
CORS_ORIGIN_ALLOW_ALL = true netbox_conf = {
CORS_ORIGIN_ALLOW_ALL = true
DB_HOST=docker_service.netbox_postgres.name DB_HOST = docker_service.netbox_postgres.name
DB_NAME="netbox" DB_NAME = "netbox"
DB_PASSWORD = nonsensitive(random_password.postgres_password.result) DB_PASSWORD = nonsensitive(random_password.postgres_password.result)
DB_USER="netbox" DB_USER = "netbox"
EMAIL_FROM="netbox@bar.com" EMAIL_FROM = "netbox@bar.com"
EMAIL_PASSWORD="" EMAIL_PASSWORD = ""
EMAIL_PORT=25 EMAIL_PORT = 25
EMAIL_SERVER="localhost" EMAIL_SERVER = "localhost"
EMAIL_SSL_CERTFILE="" EMAIL_SSL_CERTFILE = ""
EMAIL_SSL_KEYFILE="" EMAIL_SSL_KEYFILE = ""
EMAIL_TIMEOUT=5 EMAIL_TIMEOUT = 5
EMAIL_USERNAME="netbox" EMAIL_USERNAME = "netbox"
# EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`! # EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`!
EMAIL_USE_SSL=false EMAIL_USE_SSL = "false"
EMAIL_USE_TLS=false EMAIL_USE_TLS = "false"
GRAPHQL_ENABLED=true GRAPHQL_ENABLED = "true"
HOUSEKEEPING_INTERVAL=86400 HOUSEKEEPING_INTERVAL = 86400
MEDIA_ROOT="/opt/netbox/netbox/media" MEDIA_ROOT = "/opt/netbox/netbox/media"
METRICS_ENABLED=false METRICS_ENABLED = "false"
REDIS_CACHE_DATABASE=1 REDIS_DATABASE = 0
REDIS_CACHE_HOST=docker_service.netbox_redis_cache.name REDIS_HOST = docker_service.netbox_redis.name
REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY=false REDIS_INSECURE_SKIP_TLS_VERIFY = "false"
REDIS_CACHE_PASSWORD=nonsensitive(random_password.redis_password.result) //REDIS_PASSWORD = nonsensitive(random_password.redis_password.result)
REDIS_CACHE_SSL=false REDIS_SSL = "false"
REDIS_DATABASE=0 REDIS_CACHE_DATABASE = 1
REDIS_HOST=docker_service.netbox_redis.name REDIS_CACHE_HOST = docker_service.netbox_redis_cache.name
REDIS_INSECURE_SKIP_TLS_VERIFY=false REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY = "false"
REDIS_PASSWORD=nonsensitive(random_password.redis_password.result) //REDIS_CACHE_PASSWORD = nonsensitive(random_password.redis_cache_password.result)
REDIS_SSL=false REDIS_CACHE_SSL = "false"
RELEASE_CHECK_URL="https://api.github.com/repos/netbox-community/netbox/releases" RELEASE_CHECK_URL = "https://api.github.com/repos/netbox-community/netbox/releases"
SECRET_KEY="r(m)9nLGnz$(_q3N4z1k(EFsMCjjjzx08x9VhNVcfd%6RF#r!6DE@+V5Zk2X" SECRET_KEY = nonsensitive(random_password.secret_key.result)
SKIP_SUPERUSER=true SKIP_SUPERUSER = "true"
WEBHOOKS_ENABLED=true WEBHOOKS_ENABLED = "true"
}
} }
# Services # Services
@ -95,12 +108,13 @@ resource "docker_service" "netbox" {
task_spec { task_spec {
container_spec { container_spec {
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}" image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
user = "unit:root" user = "unit:root"
env = local.netbox_conf
healthcheck { healthcheck {
test = ["CMD-SHELL", "curl -f http://localhost:8080/login/ || exit 1"] test = ["CMD-SHELL", "curl -f http://localhost:8080/login/ || exit 1"]
interval = "15s" interval = "15s"
timeout = "3s" timeout = "3s"
start_period = "60s" start_period = "2m"
} }
mounts { mounts {
target = "/etc/netbox/config" target = "/etc/netbox/config"
@ -135,18 +149,34 @@ resource "docker_service" "netbox" {
window = "0s" window = "0s"
} }
} }
endpoint_spec {
ports {
protocol = "tcp"
publish_mode = "ingress"
target_port = 8080
}
}
converge_config {
timeout = "2m"
}
depends_on = [
docker_service.netbox_postgres,
docker_service.netbox_redis,
docker_service.netbox_redis_cache,
]
} }
resource "docker_service" "netbox_worker" { resource "docker_service" "netbox_worker" {
name = "netbox-worker" name = "netbox-worker"
task_spec { task_spec {
container_spec { container_spec {
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}" image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
user = "unit:root" user = "unit:root"
command = ["/opt/netbox/venv/bin/python", "/opt/netbox/netbox/manage.py", "rqworker",] env = local.netbox_conf
command = ["/opt/netbox/venv/bin/python", "/opt/netbox/netbox/manage.py", "rqworker", ]
healthcheck { healthcheck {
test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q rqworker || exit 1"] test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q rqworker || exit 1"]
interval = "15s" interval = "15s"
timeout = "3s" timeout = "3s"
start_period = "20s" start_period = "20s"
} }
mounts { mounts {
@ -179,18 +209,25 @@ resource "docker_service" "netbox_worker" {
window = "0s" window = "0s"
} }
} }
converge_config {
timeout = "2m"
}
depends_on = [
docker_service.netbox
]
} }
resource "docker_service" "netbox_housekeeping" { resource "docker_service" "netbox_housekeeping" {
name = "netbox-housekeeping" name = "netbox-housekeeping"
task_spec { task_spec {
container_spec { container_spec {
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}" image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
user = "unit:root" user = "unit:root"
command = ["/opt/netbox/housekeeping.sh",] env = local.netbox_conf
command = ["/opt/netbox/housekeeping.sh", ]
healthcheck { healthcheck {
test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q housekeeping || exit 1"] test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q housekeeping || exit 1"]
interval = "15s" interval = "15s"
timeout = "3s" timeout = "3s"
start_period = "20s" start_period = "20s"
} }
mounts { mounts {
@ -223,6 +260,12 @@ resource "docker_service" "netbox_housekeeping" {
window = "0s" window = "0s"
} }
} }
converge_config {
timeout = "2m"
}
depends_on = [
docker_service.netbox
]
} }
# Netbox Postgres Database # Netbox Postgres Database
@ -240,7 +283,6 @@ resource "docker_service" "netbox_postgres" {
POSTGRES_DB = "netbox" POSTGRES_DB = "netbox"
POSTGRES_USER = "netbox" POSTGRES_USER = "netbox"
POSTGRES_PASSWORD = random_password.postgres_password.result POSTGRES_PASSWORD = random_password.postgres_password.result
} }
} }
networks_advanced { networks_advanced {
@ -252,6 +294,9 @@ resource "docker_service" "netbox_postgres" {
window = "0s" window = "0s"
} }
} }
converge_config {
timeout = "2m"
}
} }
# Netbox Redis # Netbox Redis
@ -260,11 +305,21 @@ resource "docker_service" "netbox_redis" {
task_spec { task_spec {
container_spec { container_spec {
image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}" image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}"
command = ["sh", "-c", "redis-server","--appendonly","yes", "--requirepass", random_password.redis_password.result, ] command = [
"sh", "-c",
"redis-server",
"--appendonly", "yes",
//"--requirepass", nonsensitive(random_password.redis_password.result),
]
mounts { mounts {
target = "/data" target = "/data"
type = "volume" type = "volume"
source = docker_volume.netbox_database.name source = docker_volume.netbox_redis.name
}
healthcheck {
test = ["CMD", "sh", "-c", "redis-cli", "PING"]
interval = "5s"
timeout = "3s"
} }
} }
networks_advanced { networks_advanced {
@ -276,17 +331,29 @@ resource "docker_service" "netbox_redis" {
window = "0s" window = "0s"
} }
} }
converge_config {
timeout = "2m"
}
} }
resource "docker_service" "netbox_redis_cache" { resource "docker_service" "netbox_redis_cache" {
name = "netbox-redis-cache" name = "netbox-redis-cache"
task_spec { task_spec {
container_spec { container_spec {
image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}" image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}"
command = ["sh", "-c", "redis-server", "--requirepass", random_password.redis_password.result, ] command = [
"sh", "-c",
"redis-server",
//"--requirepass", nonsensitive(random_password.redis_cache_password.result),
]
mounts { mounts {
target = "/data" target = "/data"
type = "volume" type = "volume"
source = docker_volume.netbox_database.name source = docker_volume.netbox_cache.name
}
healthcheck {
test = ["CMD", "sh", "-c", "redis-cli", "PING"]
interval = "5s"
timeout = "3s"
} }
} }
networks_advanced { networks_advanced {
@ -298,4 +365,23 @@ resource "docker_service" "netbox_redis_cache" {
window = "0s" window = "0s"
} }
} }
converge_config {
timeout = "2m"
}
}
# Set up some nginx bits for it
module "netbox_nginx_config" {
# tflint-ignore: terraform_module_pinned_source
source = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available"
hostname = "netbox.california.ti"
//certificate = acme_certificate.ooo_grey["s3"]
service_name = docker_service.netbox.name
upstream_host = "${docker_service.netbox.name}:8080"
config_prefix = "nginx"
allow_non_ssl = true
allow_ssl = false
depends_on = [
docker_service.netbox
]
} }

View file

@ -17,9 +17,10 @@ module "nginx" {
module.minio.nginx_files, module.minio.nginx_files,
module.vigil_nginx_config.files, module.vigil_nginx_config.files,
module.videobucket_nginx_config.files, module.videobucket_nginx_config.files,
//module.netbox_nginx_config.files,
) )
networks = [ networks = [
docker_network.loadbalancer, docker_network.loadbalancer,
] ]
replicas = 1 replicas = 2
} }

View file

@ -17,8 +17,7 @@ resource "scratch_string" "arse" {
} }
resource "docker_container" "ender5plus" { resource "docker_container" "ender5plus" {
image = "${docker_image.octoprint.name}:latest" image = docker_image.octoprint.image_id
#image = docker_image.octoprint.image_id
provider = docker.printi provider = docker.printi
name = "ender5plus" name = "ender5plus"
env = [ env = [

View file

@ -1,5 +1,6 @@
terraform { terraform {
required_version = "~> 1.6" required_version = "~> 1.6"
required_providers { required_providers {
docker = { docker = {
source = "kreuzwerker/docker" source = "kreuzwerker/docker"
@ -14,8 +15,24 @@ terraform {
version = "~> 0.1.0" version = "~> 0.1.0"
} }
scratch = { scratch = {
source = "BrendanThompson/scratch" source = "BrendanThompson/scratch"
version = "0.4.0" version = "0.4.0"
} }
} }
backend "s3" {
bucket = "terraform"
key = "ti-iac.tfstate"
profile = "techinc-tf"
shared_credentials_files = ["~/.aws/credentials"]
endpoints = {
s3 = "http://california.ti:9000"
}
region = "main" # Region validation will be skipped
skip_credentials_validation = true # Skip AWS related checks and validations
skip_requesting_account_id = true
skip_metadata_api_check = true
skip_region_validation = true
use_path_style = true # Enable path-style S3 URLs (https://<HOST>/<BUCKET> https://developer.hashicorp.com/terraform/language/settings/backends/s3#use_path_style
}
} }

View file

@ -53,6 +53,36 @@ resource "docker_service" "unifi_controller" {
} }
} }
resource "docker_service" "unifi_controller_restored_from_backup" {
name = "unifi_controller_restored_from_backup"
provider = docker.unifi
task_spec {
container_spec {
image = "${data.docker_registry_image.unifi_controller.name}@${data.docker_registry_image.unifi_controller.sha256_digest}"
env = {
TZ = "Europe/Amsterdam"
}
mounts {
target = "/unifi"
source = "/home/techinc/unifi_restored_from_backup"
type = "bind"
}
}
restart_policy {
condition = "any"
delay = "0s"
window = "0s"
}
}
endpoint_spec {
ports {
target_port = 443
published_port = 444
publish_mode = "ingress"
}
}
}
data "docker_registry_image" "http2https" { data "docker_registry_image" "http2https" {
name = "articulate/http-to-https" name = "articulate/http-to-https"
} }

View file

@ -7,9 +7,9 @@ resource "docker_service" "video_bucket" {
container_spec { container_spec {
image = "${data.docker_registry_image.video_bucket.name}@${data.docker_registry_image.video_bucket.sha256_digest}" image = "${data.docker_registry_image.video_bucket.name}@${data.docker_registry_image.video_bucket.sha256_digest}"
configs { configs {
config_id = docker_config.video_bucket_config.id config_id = docker_config.video_bucket_config.id
config_name = docker_config.video_bucket_config.name config_name = docker_config.video_bucket_config.name
file_name = "/app/.env" file_name = "/app/.env"
} }
} }
networks_advanced { networks_advanced {
@ -22,8 +22,8 @@ resource "docker_service" "video_bucket" {
} }
} }
} }
locals{ locals {
video_bucket_config = <<EOF video_bucket_config = <<EOF
S3_ENDPOINT=http://s3.california.ti S3_ENDPOINT=http://s3.california.ti
S3_BUCKET=video S3_BUCKET=video
S3_KEY=Ipi5Xh1b2UgcGiLSLLpQ S3_KEY=Ipi5Xh1b2UgcGiLSLLpQ
@ -31,8 +31,12 @@ S3_SECRET=E4xMwB44MT4tGLStJnZTwQbuDNHL1KR9M4I8taBT
EOF EOF
} }
resource "docker_config" "video_bucket_config" { resource "docker_config" "video_bucket_config" {
name = "video_bucket_config_${substr(md5(local.video_bucket_config),0,7)}" name = "video_bucket_config_${substr(md5(local.video_bucket_config), 0, 7)}"
data = base64encode(local.video_bucket_config) data = base64encode(local.video_bucket_config)
lifecycle {
ignore_changes = [name]
create_before_destroy = true
}
} }
module "videobucket_nginx_config" { module "videobucket_nginx_config" {
# tflint-ignore: terraform_module_pinned_source # tflint-ignore: terraform_module_pinned_source

View file

@ -9,7 +9,15 @@ module "vigil_nginx_config" {
allow_non_ssl = true allow_non_ssl = true
allow_ssl = false allow_ssl = false
} }
variable "telegram_token" {
type = string
}
variable "telegram_channel" {
type = string
}
variable "telegram_topic" {
type = string
}
module "vigil" { module "vigil" {
source = "./modules/vigil" source = "./modules/vigil"
monitored_services = { monitored_services = {
@ -53,7 +61,7 @@ module "vigil" {
id = "backup" id = "backup"
label = "Backup Server" label = "Backup Server"
endpoints = [ endpoints = [
"icmp://backup.ti", #"icmp://backup.ti", # ??? Doesn't work?
"tcp://backup.ti:22", "tcp://backup.ti:22",
"http://backup.ti", "http://backup.ti",
] ]
@ -73,24 +81,25 @@ module "vigil" {
id = "unifi-ap-mainspace" id = "unifi-ap-mainspace"
label = "Unifi AP Mainspace" label = "Unifi AP Mainspace"
endpoints = [ endpoints = [
"icmp://mainspace-ap.ti", # "icmp://mainspace-ap.ti", # Painfully, ICMP said it was up when it was infact entirely unplugged. No ICMP for you.
"tcp://mainspace-ap.ti:22",
] ]
}, },
{ {
id = "unifi-ap-auxspace" id = "unifi-ap-auxspace"
label = "Unifi AP Auxspace" label = "Unifi AP Auxspace"
endpoints = [ endpoints = [
"icmp://auxspace-ap.ti", # "icmp://auxspace-ap.ti", # Painfully, ICMP said it was up when it was infact entirely unplugged. No ICMP for you.
"tcp://auxspace-ap.ti:22",
]
},
{
id = "unifi-ap-toilets"
label = "Unifi AP Hallway/Toilets"
endpoints = [
"icmp://toilet-ap.ti",
] ]
}, },
#{
# id = "unifi-ap-hallway"
# label = "Unifi AP Hallway"
# endpoints = [
# "icmp://hallway-ap.ti",
# ]
#},
] ]
"Printers" = [ "Printers" = [
{ {
@ -135,9 +144,9 @@ module "vigil" {
id = "ansible" id = "ansible"
label = "TechInc Ansible Server" label = "TechInc Ansible Server"
endpoints = [ endpoints = [
"icmp://ansible.ti", #"icmp://ansible.ti", # Doesn't work?
"tcp://ansible.ti:22", "tcp://ansible.ti:22",
"http://ansible.ti" #"http://ansible.ti", # Doesn't work?
] ]
http_method = "GET" http_method = "GET"
}, },
@ -156,7 +165,7 @@ module "vigil" {
endpoints = [ endpoints = [
#"icmp://shardik.ti", # Doesn't work? #"icmp://shardik.ti", # Doesn't work?
"tcp://shardik.ti:22", "tcp://shardik.ti:22",
"http://shardik.ti" "http://shardik.ti",
] ]
http_method = "GET" http_method = "GET"
}, },
@ -164,8 +173,8 @@ module "vigil" {
id = "sip" id = "sip"
label = "SIP" label = "SIP"
endpoints = [ endpoints = [
"icmp://sip.ti", #"icmp://sip.ti", # Doesn't work?
"http://sip.ti" "http://sip.ti",
] ]
http_method = "GET" http_method = "GET"
}, },
@ -203,4 +212,10 @@ module "vigil" {
docker_networks = [ docker_networks = [
docker_network.loadbalancer docker_network.loadbalancer
] ]
notify_on_startup = true
notify_telegram = {
token = var.telegram_token
channel = var.telegram_channel
topic = var.telegram_topic
}
} }