Compare commits
No commits in common. "f23b6fbb2f385e493c56717ff1f0d87a2de532fd" and "435910e5609d46a9ef14486321398781a500dfde" have entirely different histories.
f23b6fbb2f
...
435910e560
7 changed files with 96 additions and 181 deletions
35
docker.tf
35
docker.tf
|
@ -1,28 +1,33 @@
|
||||||
|
/*provider "ssh" {
|
||||||
|
server = {
|
||||||
|
host = "california.ti"
|
||||||
|
port = 22
|
||||||
|
}
|
||||||
|
user = "techinc"
|
||||||
|
auth = {
|
||||||
|
private_key = {
|
||||||
|
content = file("~/.ssh/keys/exploding_bolts_2_rsa")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
data "ssh_tunnel" "docker" {
|
||||||
|
connection_name = "docker_socket_tunnel_california"
|
||||||
|
remote = {
|
||||||
|
socket = "/var/run/docker.sock"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
provider "docker" {
|
provider "docker" {
|
||||||
host = "ssh://california.ti"
|
host = "ssh://california.ti"
|
||||||
registry_auth {
|
|
||||||
address = "docker.io"
|
|
||||||
username = "matthewbaggett"
|
|
||||||
password = "dckr_pat_6ytcZqdfqRXzFYe5GUh79RfH1Hw"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
provider "docker" {
|
provider "docker" {
|
||||||
alias = "printi"
|
alias = "printi"
|
||||||
host = "ssh://prin.ti"
|
host = "ssh://prin.ti"
|
||||||
registry_auth {
|
|
||||||
address = "docker.io"
|
|
||||||
username = "matthewbaggett"
|
|
||||||
password = "dckr_pat_6ytcZqdfqRXzFYe5GUh79RfH1Hw"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
provider "docker" {
|
provider "docker" {
|
||||||
alias = "unifi"
|
alias = "unifi"
|
||||||
host = "ssh://unifi.ti"
|
host = "ssh://unifi.ti"
|
||||||
registry_auth {
|
|
||||||
address = "docker.io"
|
|
||||||
username = "matthewbaggett"
|
|
||||||
password = "dckr_pat_6ytcZqdfqRXzFYe5GUh79RfH1Hw"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
170
netbox.tf
170
netbox.tf
|
@ -1,20 +1,17 @@
|
||||||
# Docker images in use
|
# Docker images in use
|
||||||
data "docker_registry_image" "netbox" {
|
data "docker_registry_image" "netbox" {
|
||||||
name = "netboxcommunity/netbox:v4.0-2.9.1"
|
name = "docker.io/netboxcommunity/netbox:v4.0-2.9.1"
|
||||||
}
|
}
|
||||||
data "docker_registry_image" "netbox_postgres" {
|
data "docker_registry_image" "netbox_postgres" {
|
||||||
name = "postgres:16-alpine"
|
name = "docker.io/postgres:16-alpine"
|
||||||
}
|
}
|
||||||
data "docker_registry_image" "netbox_redis" {
|
data "docker_registry_image" "netbox_redis" {
|
||||||
name = "redis:7-alpine"
|
name = "docker.io/redis:7-alpine"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Docker Network
|
# Docker Network
|
||||||
resource "docker_network" "netbox" {
|
resource "docker_network" "netbox" {
|
||||||
name = "netbox"
|
name = "netbox"
|
||||||
driver = "overlay"
|
|
||||||
attachable = true
|
|
||||||
ipam_driver = "default"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Docker Volumes
|
# Docker Volumes
|
||||||
|
@ -49,57 +46,47 @@ resource "random_password" "redis_password" {
|
||||||
length = 32
|
length = 32
|
||||||
special = false
|
special = false
|
||||||
}
|
}
|
||||||
resource "random_password" "redis_cache_password" {
|
|
||||||
length = 32
|
|
||||||
special = false
|
|
||||||
}
|
|
||||||
resource "random_password" "secret_key" {
|
|
||||||
length = 50
|
|
||||||
special = false
|
|
||||||
}
|
|
||||||
locals {
|
locals {
|
||||||
netbox_conf = {
|
|
||||||
CORS_ORIGIN_ALLOW_ALL = true
|
CORS_ORIGIN_ALLOW_ALL = true
|
||||||
|
|
||||||
DB_HOST = docker_service.netbox_postgres.name
|
DB_HOST=docker_service.netbox_postgres.name
|
||||||
DB_NAME = "netbox"
|
DB_NAME="netbox"
|
||||||
DB_PASSWORD = nonsensitive(random_password.postgres_password.result)
|
DB_PASSWORD = nonsensitive(random_password.postgres_password.result)
|
||||||
DB_USER = "netbox"
|
DB_USER="netbox"
|
||||||
|
|
||||||
EMAIL_FROM = "netbox@bar.com"
|
EMAIL_FROM="netbox@bar.com"
|
||||||
EMAIL_PASSWORD = ""
|
EMAIL_PASSWORD=""
|
||||||
EMAIL_PORT = 25
|
EMAIL_PORT=25
|
||||||
EMAIL_SERVER = "localhost"
|
EMAIL_SERVER="localhost"
|
||||||
EMAIL_SSL_CERTFILE = ""
|
EMAIL_SSL_CERTFILE=""
|
||||||
EMAIL_SSL_KEYFILE = ""
|
EMAIL_SSL_KEYFILE=""
|
||||||
EMAIL_TIMEOUT = 5
|
EMAIL_TIMEOUT=5
|
||||||
EMAIL_USERNAME = "netbox"
|
EMAIL_USERNAME="netbox"
|
||||||
# EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`!
|
# EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`!
|
||||||
EMAIL_USE_SSL = "false"
|
EMAIL_USE_SSL=false
|
||||||
EMAIL_USE_TLS = "false"
|
EMAIL_USE_TLS=false
|
||||||
|
|
||||||
GRAPHQL_ENABLED = "true"
|
GRAPHQL_ENABLED=true
|
||||||
HOUSEKEEPING_INTERVAL = 86400
|
HOUSEKEEPING_INTERVAL=86400
|
||||||
MEDIA_ROOT = "/opt/netbox/netbox/media"
|
MEDIA_ROOT="/opt/netbox/netbox/media"
|
||||||
METRICS_ENABLED = "false"
|
METRICS_ENABLED=false
|
||||||
|
|
||||||
REDIS_DATABASE = 0
|
REDIS_CACHE_DATABASE=1
|
||||||
REDIS_HOST = docker_service.netbox_redis.name
|
REDIS_CACHE_HOST=docker_service.netbox_redis_cache.name
|
||||||
REDIS_INSECURE_SKIP_TLS_VERIFY = "false"
|
REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY=false
|
||||||
//REDIS_PASSWORD = nonsensitive(random_password.redis_password.result)
|
REDIS_CACHE_PASSWORD=nonsensitive(random_password.redis_password.result)
|
||||||
REDIS_SSL = "false"
|
REDIS_CACHE_SSL=false
|
||||||
|
|
||||||
REDIS_CACHE_DATABASE = 1
|
REDIS_DATABASE=0
|
||||||
REDIS_CACHE_HOST = docker_service.netbox_redis_cache.name
|
REDIS_HOST=docker_service.netbox_redis.name
|
||||||
REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY = "false"
|
REDIS_INSECURE_SKIP_TLS_VERIFY=false
|
||||||
//REDIS_CACHE_PASSWORD = nonsensitive(random_password.redis_cache_password.result)
|
REDIS_PASSWORD=nonsensitive(random_password.redis_password.result)
|
||||||
REDIS_CACHE_SSL = "false"
|
REDIS_SSL=false
|
||||||
|
|
||||||
RELEASE_CHECK_URL = "https://api.github.com/repos/netbox-community/netbox/releases"
|
RELEASE_CHECK_URL="https://api.github.com/repos/netbox-community/netbox/releases"
|
||||||
SECRET_KEY = nonsensitive(random_password.secret_key.result)
|
SECRET_KEY="r(m)9nLGnz$(_q3N4z1k(EFsMCjjjzx08x9VhNVcfd%6RF#r!6DE@+V5Zk2X"
|
||||||
SKIP_SUPERUSER = "true"
|
SKIP_SUPERUSER=true
|
||||||
WEBHOOKS_ENABLED = "true"
|
WEBHOOKS_ENABLED=true
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Services
|
# Services
|
||||||
|
@ -109,12 +96,11 @@ resource "docker_service" "netbox" {
|
||||||
container_spec {
|
container_spec {
|
||||||
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
|
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
|
||||||
user = "unit:root"
|
user = "unit:root"
|
||||||
env = local.netbox_conf
|
|
||||||
healthcheck {
|
healthcheck {
|
||||||
test = ["CMD-SHELL", "curl -f http://localhost:8080/login/ || exit 1"]
|
test = ["CMD-SHELL", "curl -f http://localhost:8080/login/ || exit 1"]
|
||||||
interval = "15s"
|
interval = "15s"
|
||||||
timeout = "3s"
|
timeout = "3s"
|
||||||
start_period = "2m"
|
start_period = "60s"
|
||||||
}
|
}
|
||||||
mounts {
|
mounts {
|
||||||
target = "/etc/netbox/config"
|
target = "/etc/netbox/config"
|
||||||
|
@ -149,21 +135,6 @@ resource "docker_service" "netbox" {
|
||||||
window = "0s"
|
window = "0s"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
endpoint_spec {
|
|
||||||
ports {
|
|
||||||
protocol = "tcp"
|
|
||||||
publish_mode = "ingress"
|
|
||||||
target_port = 8080
|
|
||||||
}
|
|
||||||
}
|
|
||||||
converge_config {
|
|
||||||
timeout = "2m"
|
|
||||||
}
|
|
||||||
depends_on = [
|
|
||||||
docker_service.netbox_postgres,
|
|
||||||
docker_service.netbox_redis,
|
|
||||||
docker_service.netbox_redis_cache,
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
resource "docker_service" "netbox_worker" {
|
resource "docker_service" "netbox_worker" {
|
||||||
name = "netbox-worker"
|
name = "netbox-worker"
|
||||||
|
@ -171,8 +142,7 @@ resource "docker_service" "netbox_worker" {
|
||||||
container_spec {
|
container_spec {
|
||||||
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
|
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
|
||||||
user = "unit:root"
|
user = "unit:root"
|
||||||
env = local.netbox_conf
|
command = ["/opt/netbox/venv/bin/python", "/opt/netbox/netbox/manage.py", "rqworker",]
|
||||||
command = ["/opt/netbox/venv/bin/python", "/opt/netbox/netbox/manage.py", "rqworker", ]
|
|
||||||
healthcheck {
|
healthcheck {
|
||||||
test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q rqworker || exit 1"]
|
test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q rqworker || exit 1"]
|
||||||
interval = "15s"
|
interval = "15s"
|
||||||
|
@ -209,12 +179,6 @@ resource "docker_service" "netbox_worker" {
|
||||||
window = "0s"
|
window = "0s"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
converge_config {
|
|
||||||
timeout = "2m"
|
|
||||||
}
|
|
||||||
depends_on = [
|
|
||||||
docker_service.netbox
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
resource "docker_service" "netbox_housekeeping" {
|
resource "docker_service" "netbox_housekeeping" {
|
||||||
name = "netbox-housekeeping"
|
name = "netbox-housekeeping"
|
||||||
|
@ -222,8 +186,7 @@ resource "docker_service" "netbox_housekeeping" {
|
||||||
container_spec {
|
container_spec {
|
||||||
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
|
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
|
||||||
user = "unit:root"
|
user = "unit:root"
|
||||||
env = local.netbox_conf
|
command = ["/opt/netbox/housekeeping.sh",]
|
||||||
command = ["/opt/netbox/housekeeping.sh", ]
|
|
||||||
healthcheck {
|
healthcheck {
|
||||||
test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q housekeeping || exit 1"]
|
test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q housekeeping || exit 1"]
|
||||||
interval = "15s"
|
interval = "15s"
|
||||||
|
@ -260,12 +223,6 @@ resource "docker_service" "netbox_housekeeping" {
|
||||||
window = "0s"
|
window = "0s"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
converge_config {
|
|
||||||
timeout = "2m"
|
|
||||||
}
|
|
||||||
depends_on = [
|
|
||||||
docker_service.netbox
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Netbox Postgres Database
|
# Netbox Postgres Database
|
||||||
|
@ -283,6 +240,7 @@ resource "docker_service" "netbox_postgres" {
|
||||||
POSTGRES_DB = "netbox"
|
POSTGRES_DB = "netbox"
|
||||||
POSTGRES_USER = "netbox"
|
POSTGRES_USER = "netbox"
|
||||||
POSTGRES_PASSWORD = random_password.postgres_password.result
|
POSTGRES_PASSWORD = random_password.postgres_password.result
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
networks_advanced {
|
networks_advanced {
|
||||||
|
@ -294,9 +252,6 @@ resource "docker_service" "netbox_postgres" {
|
||||||
window = "0s"
|
window = "0s"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
converge_config {
|
|
||||||
timeout = "2m"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Netbox Redis
|
# Netbox Redis
|
||||||
|
@ -305,21 +260,11 @@ resource "docker_service" "netbox_redis" {
|
||||||
task_spec {
|
task_spec {
|
||||||
container_spec {
|
container_spec {
|
||||||
image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}"
|
image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}"
|
||||||
command = [
|
command = ["sh", "-c", "redis-server","--appendonly","yes", "--requirepass", random_password.redis_password.result, ]
|
||||||
"sh", "-c",
|
|
||||||
"redis-server",
|
|
||||||
"--appendonly", "yes",
|
|
||||||
//"--requirepass", nonsensitive(random_password.redis_password.result),
|
|
||||||
]
|
|
||||||
mounts {
|
mounts {
|
||||||
target = "/data"
|
target = "/data"
|
||||||
type = "volume"
|
type = "volume"
|
||||||
source = docker_volume.netbox_redis.name
|
source = docker_volume.netbox_database.name
|
||||||
}
|
|
||||||
healthcheck {
|
|
||||||
test = ["CMD", "sh", "-c", "redis-cli", "PING"]
|
|
||||||
interval = "5s"
|
|
||||||
timeout = "3s"
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
networks_advanced {
|
networks_advanced {
|
||||||
|
@ -331,29 +276,17 @@ resource "docker_service" "netbox_redis" {
|
||||||
window = "0s"
|
window = "0s"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
converge_config {
|
|
||||||
timeout = "2m"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
resource "docker_service" "netbox_redis_cache" {
|
resource "docker_service" "netbox_redis_cache" {
|
||||||
name = "netbox-redis-cache"
|
name = "netbox-redis-cache"
|
||||||
task_spec {
|
task_spec {
|
||||||
container_spec {
|
container_spec {
|
||||||
image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}"
|
image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}"
|
||||||
command = [
|
command = ["sh", "-c", "redis-server", "--requirepass", random_password.redis_password.result, ]
|
||||||
"sh", "-c",
|
|
||||||
"redis-server",
|
|
||||||
//"--requirepass", nonsensitive(random_password.redis_cache_password.result),
|
|
||||||
]
|
|
||||||
mounts {
|
mounts {
|
||||||
target = "/data"
|
target = "/data"
|
||||||
type = "volume"
|
type = "volume"
|
||||||
source = docker_volume.netbox_cache.name
|
source = docker_volume.netbox_database.name
|
||||||
}
|
|
||||||
healthcheck {
|
|
||||||
test = ["CMD", "sh", "-c", "redis-cli", "PING"]
|
|
||||||
interval = "5s"
|
|
||||||
timeout = "3s"
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
networks_advanced {
|
networks_advanced {
|
||||||
|
@ -365,23 +298,4 @@ resource "docker_service" "netbox_redis_cache" {
|
||||||
window = "0s"
|
window = "0s"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
converge_config {
|
|
||||||
timeout = "2m"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Set up some nginx bits for it
|
|
||||||
module "netbox_nginx_config" {
|
|
||||||
# tflint-ignore: terraform_module_pinned_source
|
|
||||||
source = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available"
|
|
||||||
hostname = "netbox.california.ti"
|
|
||||||
//certificate = acme_certificate.ooo_grey["s3"]
|
|
||||||
service_name = docker_service.netbox.name
|
|
||||||
upstream_host = "${docker_service.netbox.name}:8080"
|
|
||||||
config_prefix = "nginx"
|
|
||||||
allow_non_ssl = true
|
|
||||||
allow_ssl = false
|
|
||||||
depends_on = [
|
|
||||||
docker_service.netbox
|
|
||||||
]
|
|
||||||
}
|
}
|
3
nginx.tf
3
nginx.tf
|
@ -17,10 +17,9 @@ module "nginx" {
|
||||||
module.minio.nginx_files,
|
module.minio.nginx_files,
|
||||||
module.vigil_nginx_config.files,
|
module.vigil_nginx_config.files,
|
||||||
module.videobucket_nginx_config.files,
|
module.videobucket_nginx_config.files,
|
||||||
//module.netbox_nginx_config.files,
|
|
||||||
)
|
)
|
||||||
networks = [
|
networks = [
|
||||||
docker_network.loadbalancer,
|
docker_network.loadbalancer,
|
||||||
]
|
]
|
||||||
replicas = 2
|
replicas = 1
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,7 +17,8 @@ resource "scratch_string" "arse" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "docker_container" "ender5plus" {
|
resource "docker_container" "ender5plus" {
|
||||||
image = docker_image.octoprint.image_id
|
image = "${docker_image.octoprint.name}:latest"
|
||||||
|
#image = docker_image.octoprint.image_id
|
||||||
provider = docker.printi
|
provider = docker.printi
|
||||||
name = "ender5plus"
|
name = "ender5plus"
|
||||||
env = [
|
env = [
|
||||||
|
|
|
@ -22,7 +22,7 @@ resource "docker_service" "video_bucket" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
locals {
|
locals{
|
||||||
video_bucket_config = <<EOF
|
video_bucket_config = <<EOF
|
||||||
S3_ENDPOINT=http://s3.california.ti
|
S3_ENDPOINT=http://s3.california.ti
|
||||||
S3_BUCKET=video
|
S3_BUCKET=video
|
||||||
|
@ -31,12 +31,8 @@ S3_SECRET=E4xMwB44MT4tGLStJnZTwQbuDNHL1KR9M4I8taBT
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
resource "docker_config" "video_bucket_config" {
|
resource "docker_config" "video_bucket_config" {
|
||||||
name = "video_bucket_config_${substr(md5(local.video_bucket_config), 0, 7)}"
|
name = "video_bucket_config_${substr(md5(local.video_bucket_config),0,7)}"
|
||||||
data = base64encode(local.video_bucket_config)
|
data = base64encode(local.video_bucket_config)
|
||||||
lifecycle {
|
|
||||||
ignore_changes = [name]
|
|
||||||
create_before_destroy = true
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
module "videobucket_nginx_config" {
|
module "videobucket_nginx_config" {
|
||||||
# tflint-ignore: terraform_module_pinned_source
|
# tflint-ignore: terraform_module_pinned_source
|
||||||
|
|
Loading…
Reference in a new issue