Compare commits

..

No commits in common. "f23b6fbb2f385e493c56717ff1f0d87a2de532fd" and "435910e5609d46a9ef14486321398781a500dfde" have entirely different histories.

7 changed files with 96 additions and 181 deletions

View file

@ -1,28 +1,33 @@
/*provider "ssh" {
server = {
host = "california.ti"
port = 22
}
user = "techinc"
auth = {
private_key = {
content = file("~/.ssh/keys/exploding_bolts_2_rsa")
}
}
}
data "ssh_tunnel" "docker" {
connection_name = "docker_socket_tunnel_california"
remote = {
socket = "/var/run/docker.sock"
}
}
*/
provider "docker" { provider "docker" {
host = "ssh://california.ti" host = "ssh://california.ti"
registry_auth {
address = "docker.io"
username = "matthewbaggett"
password = "dckr_pat_6ytcZqdfqRXzFYe5GUh79RfH1Hw"
}
} }
provider "docker" { provider "docker" {
alias = "printi" alias = "printi"
host = "ssh://prin.ti" host = "ssh://prin.ti"
registry_auth {
address = "docker.io"
username = "matthewbaggett"
password = "dckr_pat_6ytcZqdfqRXzFYe5GUh79RfH1Hw"
}
} }
provider "docker" { provider "docker" {
alias = "unifi" alias = "unifi"
host = "ssh://unifi.ti" host = "ssh://unifi.ti"
registry_auth {
address = "docker.io"
username = "matthewbaggett"
password = "dckr_pat_6ytcZqdfqRXzFYe5GUh79RfH1Hw"
}
} }

170
netbox.tf
View file

@ -1,20 +1,17 @@
# Docker images in use # Docker images in use
data "docker_registry_image" "netbox" { data "docker_registry_image" "netbox" {
name = "netboxcommunity/netbox:v4.0-2.9.1" name = "docker.io/netboxcommunity/netbox:v4.0-2.9.1"
} }
data "docker_registry_image" "netbox_postgres" { data "docker_registry_image" "netbox_postgres" {
name = "postgres:16-alpine" name = "docker.io/postgres:16-alpine"
} }
data "docker_registry_image" "netbox_redis" { data "docker_registry_image" "netbox_redis" {
name = "redis:7-alpine" name = "docker.io/redis:7-alpine"
} }
# Docker Network # Docker Network
resource "docker_network" "netbox" { resource "docker_network" "netbox" {
name = "netbox" name = "netbox"
driver = "overlay"
attachable = true
ipam_driver = "default"
} }
# Docker Volumes # Docker Volumes
@ -49,57 +46,47 @@ resource "random_password" "redis_password" {
length = 32 length = 32
special = false special = false
} }
resource "random_password" "redis_cache_password" {
length = 32
special = false
}
resource "random_password" "secret_key" {
length = 50
special = false
}
locals { locals {
netbox_conf = {
CORS_ORIGIN_ALLOW_ALL = true CORS_ORIGIN_ALLOW_ALL = true
DB_HOST = docker_service.netbox_postgres.name DB_HOST=docker_service.netbox_postgres.name
DB_NAME = "netbox" DB_NAME="netbox"
DB_PASSWORD = nonsensitive(random_password.postgres_password.result) DB_PASSWORD = nonsensitive(random_password.postgres_password.result)
DB_USER = "netbox" DB_USER="netbox"
EMAIL_FROM = "netbox@bar.com" EMAIL_FROM="netbox@bar.com"
EMAIL_PASSWORD = "" EMAIL_PASSWORD=""
EMAIL_PORT = 25 EMAIL_PORT=25
EMAIL_SERVER = "localhost" EMAIL_SERVER="localhost"
EMAIL_SSL_CERTFILE = "" EMAIL_SSL_CERTFILE=""
EMAIL_SSL_KEYFILE = "" EMAIL_SSL_KEYFILE=""
EMAIL_TIMEOUT = 5 EMAIL_TIMEOUT=5
EMAIL_USERNAME = "netbox" EMAIL_USERNAME="netbox"
# EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`! # EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`!
EMAIL_USE_SSL = "false" EMAIL_USE_SSL=false
EMAIL_USE_TLS = "false" EMAIL_USE_TLS=false
GRAPHQL_ENABLED = "true" GRAPHQL_ENABLED=true
HOUSEKEEPING_INTERVAL = 86400 HOUSEKEEPING_INTERVAL=86400
MEDIA_ROOT = "/opt/netbox/netbox/media" MEDIA_ROOT="/opt/netbox/netbox/media"
METRICS_ENABLED = "false" METRICS_ENABLED=false
REDIS_DATABASE = 0 REDIS_CACHE_DATABASE=1
REDIS_HOST = docker_service.netbox_redis.name REDIS_CACHE_HOST=docker_service.netbox_redis_cache.name
REDIS_INSECURE_SKIP_TLS_VERIFY = "false" REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY=false
//REDIS_PASSWORD = nonsensitive(random_password.redis_password.result) REDIS_CACHE_PASSWORD=nonsensitive(random_password.redis_password.result)
REDIS_SSL = "false" REDIS_CACHE_SSL=false
REDIS_CACHE_DATABASE = 1 REDIS_DATABASE=0
REDIS_CACHE_HOST = docker_service.netbox_redis_cache.name REDIS_HOST=docker_service.netbox_redis.name
REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY = "false" REDIS_INSECURE_SKIP_TLS_VERIFY=false
//REDIS_CACHE_PASSWORD = nonsensitive(random_password.redis_cache_password.result) REDIS_PASSWORD=nonsensitive(random_password.redis_password.result)
REDIS_CACHE_SSL = "false" REDIS_SSL=false
RELEASE_CHECK_URL = "https://api.github.com/repos/netbox-community/netbox/releases" RELEASE_CHECK_URL="https://api.github.com/repos/netbox-community/netbox/releases"
SECRET_KEY = nonsensitive(random_password.secret_key.result) SECRET_KEY="r(m)9nLGnz$(_q3N4z1k(EFsMCjjjzx08x9VhNVcfd%6RF#r!6DE@+V5Zk2X"
SKIP_SUPERUSER = "true" SKIP_SUPERUSER=true
WEBHOOKS_ENABLED = "true" WEBHOOKS_ENABLED=true
}
} }
# Services # Services
@ -109,12 +96,11 @@ resource "docker_service" "netbox" {
container_spec { container_spec {
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}" image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
user = "unit:root" user = "unit:root"
env = local.netbox_conf
healthcheck { healthcheck {
test = ["CMD-SHELL", "curl -f http://localhost:8080/login/ || exit 1"] test = ["CMD-SHELL", "curl -f http://localhost:8080/login/ || exit 1"]
interval = "15s" interval = "15s"
timeout = "3s" timeout = "3s"
start_period = "2m" start_period = "60s"
} }
mounts { mounts {
target = "/etc/netbox/config" target = "/etc/netbox/config"
@ -149,21 +135,6 @@ resource "docker_service" "netbox" {
window = "0s" window = "0s"
} }
} }
endpoint_spec {
ports {
protocol = "tcp"
publish_mode = "ingress"
target_port = 8080
}
}
converge_config {
timeout = "2m"
}
depends_on = [
docker_service.netbox_postgres,
docker_service.netbox_redis,
docker_service.netbox_redis_cache,
]
} }
resource "docker_service" "netbox_worker" { resource "docker_service" "netbox_worker" {
name = "netbox-worker" name = "netbox-worker"
@ -171,8 +142,7 @@ resource "docker_service" "netbox_worker" {
container_spec { container_spec {
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}" image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
user = "unit:root" user = "unit:root"
env = local.netbox_conf command = ["/opt/netbox/venv/bin/python", "/opt/netbox/netbox/manage.py", "rqworker",]
command = ["/opt/netbox/venv/bin/python", "/opt/netbox/netbox/manage.py", "rqworker", ]
healthcheck { healthcheck {
test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q rqworker || exit 1"] test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q rqworker || exit 1"]
interval = "15s" interval = "15s"
@ -209,12 +179,6 @@ resource "docker_service" "netbox_worker" {
window = "0s" window = "0s"
} }
} }
converge_config {
timeout = "2m"
}
depends_on = [
docker_service.netbox
]
} }
resource "docker_service" "netbox_housekeeping" { resource "docker_service" "netbox_housekeeping" {
name = "netbox-housekeeping" name = "netbox-housekeeping"
@ -222,8 +186,7 @@ resource "docker_service" "netbox_housekeeping" {
container_spec { container_spec {
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}" image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
user = "unit:root" user = "unit:root"
env = local.netbox_conf command = ["/opt/netbox/housekeeping.sh",]
command = ["/opt/netbox/housekeeping.sh", ]
healthcheck { healthcheck {
test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q housekeeping || exit 1"] test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q housekeeping || exit 1"]
interval = "15s" interval = "15s"
@ -260,12 +223,6 @@ resource "docker_service" "netbox_housekeeping" {
window = "0s" window = "0s"
} }
} }
converge_config {
timeout = "2m"
}
depends_on = [
docker_service.netbox
]
} }
# Netbox Postgres Database # Netbox Postgres Database
@ -283,6 +240,7 @@ resource "docker_service" "netbox_postgres" {
POSTGRES_DB = "netbox" POSTGRES_DB = "netbox"
POSTGRES_USER = "netbox" POSTGRES_USER = "netbox"
POSTGRES_PASSWORD = random_password.postgres_password.result POSTGRES_PASSWORD = random_password.postgres_password.result
} }
} }
networks_advanced { networks_advanced {
@ -294,9 +252,6 @@ resource "docker_service" "netbox_postgres" {
window = "0s" window = "0s"
} }
} }
converge_config {
timeout = "2m"
}
} }
# Netbox Redis # Netbox Redis
@ -305,21 +260,11 @@ resource "docker_service" "netbox_redis" {
task_spec { task_spec {
container_spec { container_spec {
image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}" image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}"
command = [ command = ["sh", "-c", "redis-server","--appendonly","yes", "--requirepass", random_password.redis_password.result, ]
"sh", "-c",
"redis-server",
"--appendonly", "yes",
//"--requirepass", nonsensitive(random_password.redis_password.result),
]
mounts { mounts {
target = "/data" target = "/data"
type = "volume" type = "volume"
source = docker_volume.netbox_redis.name source = docker_volume.netbox_database.name
}
healthcheck {
test = ["CMD", "sh", "-c", "redis-cli", "PING"]
interval = "5s"
timeout = "3s"
} }
} }
networks_advanced { networks_advanced {
@ -331,29 +276,17 @@ resource "docker_service" "netbox_redis" {
window = "0s" window = "0s"
} }
} }
converge_config {
timeout = "2m"
}
} }
resource "docker_service" "netbox_redis_cache" { resource "docker_service" "netbox_redis_cache" {
name = "netbox-redis-cache" name = "netbox-redis-cache"
task_spec { task_spec {
container_spec { container_spec {
image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}" image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}"
command = [ command = ["sh", "-c", "redis-server", "--requirepass", random_password.redis_password.result, ]
"sh", "-c",
"redis-server",
//"--requirepass", nonsensitive(random_password.redis_cache_password.result),
]
mounts { mounts {
target = "/data" target = "/data"
type = "volume" type = "volume"
source = docker_volume.netbox_cache.name source = docker_volume.netbox_database.name
}
healthcheck {
test = ["CMD", "sh", "-c", "redis-cli", "PING"]
interval = "5s"
timeout = "3s"
} }
} }
networks_advanced { networks_advanced {
@ -365,23 +298,4 @@ resource "docker_service" "netbox_redis_cache" {
window = "0s" window = "0s"
} }
} }
converge_config {
timeout = "2m"
}
}
# Set up some nginx bits for it
module "netbox_nginx_config" {
# tflint-ignore: terraform_module_pinned_source
source = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available"
hostname = "netbox.california.ti"
//certificate = acme_certificate.ooo_grey["s3"]
service_name = docker_service.netbox.name
upstream_host = "${docker_service.netbox.name}:8080"
config_prefix = "nginx"
allow_non_ssl = true
allow_ssl = false
depends_on = [
docker_service.netbox
]
} }

View file

@ -17,10 +17,9 @@ module "nginx" {
module.minio.nginx_files, module.minio.nginx_files,
module.vigil_nginx_config.files, module.vigil_nginx_config.files,
module.videobucket_nginx_config.files, module.videobucket_nginx_config.files,
//module.netbox_nginx_config.files,
) )
networks = [ networks = [
docker_network.loadbalancer, docker_network.loadbalancer,
] ]
replicas = 2 replicas = 1
} }

View file

@ -17,7 +17,8 @@ resource "scratch_string" "arse" {
} }
resource "docker_container" "ender5plus" { resource "docker_container" "ender5plus" {
image = docker_image.octoprint.image_id image = "${docker_image.octoprint.name}:latest"
#image = docker_image.octoprint.image_id
provider = docker.printi provider = docker.printi
name = "ender5plus" name = "ender5plus"
env = [ env = [

View file

@ -22,7 +22,7 @@ resource "docker_service" "video_bucket" {
} }
} }
} }
locals { locals{
video_bucket_config = <<EOF video_bucket_config = <<EOF
S3_ENDPOINT=http://s3.california.ti S3_ENDPOINT=http://s3.california.ti
S3_BUCKET=video S3_BUCKET=video
@ -31,12 +31,8 @@ S3_SECRET=E4xMwB44MT4tGLStJnZTwQbuDNHL1KR9M4I8taBT
EOF EOF
} }
resource "docker_config" "video_bucket_config" { resource "docker_config" "video_bucket_config" {
name = "video_bucket_config_${substr(md5(local.video_bucket_config), 0, 7)}" name = "video_bucket_config_${substr(md5(local.video_bucket_config),0,7)}"
data = base64encode(local.video_bucket_config) data = base64encode(local.video_bucket_config)
lifecycle {
ignore_changes = [name]
create_before_destroy = true
}
} }
module "videobucket_nginx_config" { module "videobucket_nginx_config" {
# tflint-ignore: terraform_module_pinned_source # tflint-ignore: terraform_module_pinned_source