Seafile stub

products/seafile/inputs.tf

@@ -0,0 +1,63 @@
+variable "enable" {
+  type        = bool
+  description = "Whether to enable the service."
+  default     = true
+}
+variable "seafile_version" {
+  type        = string
+  default     = "11.0.13"
+  description = "The version of the docker image to use for the Seafile service."
+}
+# Pass-thru variables
+variable "stack_name" {
+  type    = string
+  default = "seafile"
+}
+variable "service_name" {
+  default     = "seafile"
+  type        = string
+  description = "The name of the service to create."
+}
+variable "networks" {
+  type = list(object({
+    name = string
+    id   = string
+  }))
+  default     = []
+  description = "A list of network names to attach the service to."
+}
+variable "ports" {
+  type = list(object({
+    host         = optional(number, null)
+    container    = number
+    protocol     = optional(string, "tcp")
+    publish_mode = optional(string, "ingress")
+  }))
+  default     = []
+  description = "A map of port mappings to expose on the host. The key is the host port, and the value is the container port."
+}
+variable "mysql_ports" {
+  type = list(object({
+    host         = optional(number, null)
+    container    = number
+    protocol     = optional(string, "tcp")
+    publish_mode = optional(string, "ingress")
+  }))
+  default     = []
+  description = "A map of port mappings to expose on the host. The key is the host port, and the value is the container port."
+}
+variable "mounts" {
+  type        = map(string)
+  default     = {}
+  description = "A map of host paths to container paths to mount. The key is the host path, and the value is the container path."
+}
+variable "placement_constraints" {
+  default     = []
+  type        = list(string)
+  description = "Docker Swarm placement constraints"
+}
+variable "data_persist_path" {
+  default     = null
+  description = "Path on host machine to persist data. Leaving this blank will provision an ephemeral volume."
+  type        = string
+}

products/seafile/memcached.tf

@@ -0,0 +1,7 @@
+module "memcached" {
+  source                = "../memcached"
+  enable                = var.enable
+  stack_name            = var.stack_name
+  networks              = [module.network]
+  placement_constraints = var.placement_constraints
+}

products/seafile/mysql.tf

@@ -0,0 +1,11 @@
+module "mysql" {
+  source                = "../mysql"
+  enable                = var.enable
+  stack_name            = var.stack_name
+  database              = "seafile"
+  username              = "seafile"
+  networks              = [module.network]
+  data_persist_path     = "${var.data_persist_path}/mysql"
+  placement_constraints = var.placement_constraints
+  ports                 = var.mysql_ports
+}

products/seafile/network.tf

@@ -0,0 +1,5 @@
+module "network" {
+  source       = "../../docker/network"
+  stack_name   = var.stack_name
+  network_name = "nextcloud"
+}

products/seafile/seafile.tf

@@ -0,0 +1,90 @@
+variable "domain" {
+  type        = string
+  description = "The domain to use for the traefik configuration."
+}
+module "seafile" {
+  depends_on            = [module.memcached, module.mysql, module.network]
+  source                = "../../docker/service"
+  enable                = var.enable
+  stack_name            = var.stack_name
+  image                 = "h44z/seafile-ce:${var.seafile_version}"
+  placement_constraints = var.placement_constraints
+  service_name          = var.service_name
+  networks              = concat([module.network.network], var.networks, )
+  mounts = {
+    "${var.data_persist_path}/seafile" = "/seafile"
+    "${var.data_persist_path}/logs"    = "/opt/seafile/logs"
+  }
+  labels = {
+    "traefik.enable"         = "true"
+    "traefik.docker.network" = "proxy-net"
+    # HTTP Router Seafile/Seahub
+    "traefik.http.routers.seafile.rule"                      = "(Host(`seafile.${var.domain}`))"
+    "traefik.http.routers.seafile.entrypoints"               = "websecure"
+    "traefik.http.routers.seafile.tls"                       = "true"
+    "traefik.http.routers.seafile.tls.certresolver"          = "letsencryptresolver"
+    "traefik.http.routers.seafile.service"                   = "seafile"
+    "traefik.http.routers.seafile.middlewares"               = "sec-headers"
+    "traefik.http.services.seafile.loadbalancer.server.port" = "8000"
+    # HTTP Router Seafdav
+    "traefik.http.routers.seafile-dav.rule"                      = "Host(`seafile.${var.domain}`) && PathPrefix(`/seafdav`)"
+    "traefik.http.routers.seafile-dav.entrypoints"               = "websecure"
+    "traefik.http.routers.seafile-dav.tls"                       = "true"
+    "traefik.http.routers.seafile-dav.tls.certresolver"          = "letsencryptresolver"
+    "traefik.http.routers.seafile-dav.service"                   = "seafile-dav"
+    "traefik.http.services.seafile-dav.loadbalancer.server.port" = "8080"
+    # HTTP Router Seafhttp
+    "traefik.http.routers.seafile-http.rule"                      = "Host(`seafile.${var.domain}`) && PathPrefix(`/seafhttp`)"
+    "traefik.http.routers.seafile-http.entrypoints"               = "websecure"
+    "traefik.http.routers.seafile-http.tls"                       = "true"
+    "traefik.http.routers.seafile-http.tls.certresolver"          = "letsencryptresolver"
+    "traefik.http.routers.seafile-http.middlewares"               = "seafile-strip"
+    "traefik.http.routers.seafile-http.service"                   = "seafile-http"
+    "traefik.http.services.seafile-http.loadbalancer.server.port" = "8082"
+    # Middlewares 
+    "traefik.http.middlewares.seafile-strip.stripprefix.prefixes"       = "/seafhttp"
+    "traefik.http.middlewares.sec-headers.headers.sslredirect"          = "true"
+    "traefik.http.middlewares.sec-headers.headers.browserXssFilter"     = "true"
+    "traefik.http.middlewares.sec-headers.headers.contentTypeNosniff"   = "true"
+    "traefik.http.middlewares.sec-headers.headers.forceSTSHeader"       = "true"
+    "traefik.http.middlewares.sec-headers.headers.stsIncludeSubdomains" = "true"
+    "traefik.http.middlewares.sec-headers.headers.stsPreload"           = "true"
+    "traefik.http.middlewares.sec-headers.headers.referrerPolicy"       = "same-origin"
+  }
+  environment_variables = {
+    # Base settings
+    TIME_ZONE = "Europe/Amsterdam"
+
+    # Database settings, remove this section to use a sqlite database.
+    # You can either specify a root password (MYSQL_ROOT_PASSWORD), or use your exsting database tables.
+    # Also specifying MYSQL_USER_HOST only makes sense if MYSQL_ROOT_PASSWORD is given, otherwise no new MySQL user will be created.
+    # To use an external database, simply remove the MySQL service from the docker-compose.yml.
+    MYSQL_SERVER        = module.mysql.service_name
+    MYSQL_USER          = module.mysql.username
+    MYSQL_USER_PASSWORD = module.mysql.password
+    MYSQL_PORT          = 3306
+
+    # General Seafile Settings
+    SEAFILE_VERSION  = var.seafile_version
+    SEAFILE_NAME     = "Seafile"
+    SEAFILE_ADDRESS  = var.domain
+    SEAFILE_ADMIN    = "admin@${var.domain}"
+    SEAFILE_ADMIN_PW = "changeme"
+
+    # OnlyOffice Settings
+    ONLYOFFICE_JWT_SECRET = "Supers3cr3t" // @todo generate a key instead
+
+    # Optional Seafile Settings
+    LDAP_IGNORE_CERT_CHECK = true
+
+    # Traefik (Reverse Proxy) Settings
+    DOMAINNAME = var.domain
+
+    # All other settings can be edited in the conf dir (/seafile/conf) once the container started up!
+
+    # runmode, default = run
+    #MODE=maintenance
+  }
+  converge_enable = false // @todo: Fix healthcheck and change this.
+}
+

products/seafile/terraform.tf

@@ -0,0 +1,13 @@
+terraform {
+  required_version = "~> 1.6"
+  required_providers {
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "~> 3.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.0"
+    }
+  }
+}