Network entities instead of ids

docker/service/image.tf

@@ -0,0 +1,20 @@
+// Cache the image locally to a mirror
+/*
+resource "docker_image" "mirror" {
+  count         = local.enable_mirror ? 1 : 0
+  name          = data.docker_registry_image.image.name
+  pull_triggers = [data.docker_registry_image.image.sha256_digest]
+  force_remove  = false
+}
+resource "docker_tag" "mirror" {
+  count        = local.enable_mirror ? 1 : 0
+  source_image = docker_image.mirror[0].name
+  target_image = var.mirror
+}
+resource "docker_registry_image" "mirror" {
+  count         = local.enable_mirror ? 1 : 0
+  depends_on    = [docker_tag.mirror[0]]
+  name          = docker_tag.mirror[0].target_image
+  keep_remotely = true
+}
+*/

docker/service/inputs.tf

@@ -43,7 +43,10 @@ variable "environment_variables" {
   description = "A map of environment variables to set in the container."
 }
 variable "networks" {
-  type        = list(string)
+  type = list(object({
+    name = string
+    id   = string
+  }))
   default     = []
   description = "A list of network names to attach the service to."
 }

docker/service/labels.tf

@@ -1,12 +1,12 @@
 locals {
   # Define service labels en-masse
   labels = merge(var.labels, {
-    "com.docker.stack.namespace"    = var.stack_name
-    "com.docker.stack.image"        = data.docker_registry_image.image.name
-    "ooo.grey.service.stack"        = var.stack_name
-    "ooo.grey.service.name"         = var.service_name
-    "ooo.grey.service.image"        = data.docker_registry_image.image.name
-    "ooo.grey.service.image.digest" = data.docker_registry_image.image.sha256_digest
+    "com.docker.stack.namespace" = var.stack_name
+    "com.docker.stack.image"     = data.docker_registry_image.image.name
+    "ooo.grey.service.stack"     = var.stack_name
+    "ooo.grey.service.name"      = var.service_name
+    "ooo.grey.service.image"     = data.docker_registry_image.image.name
+    #"ooo.grey.service.image.digest" = data.docker_registry_image.image.sha256_digest
   }, local.traefik_labels)
 
   # Calculate the traefik labels to use if enabled

docker/service/networks.tf

@@ -1,4 +0,0 @@
-data "docker_network" "networks" {
-  count = var.networks != null ? length(var.networks) : 0
-  name  = var.networks[count.index]
-}

docker/service/outputs.tf

@@ -14,4 +14,12 @@ output "volumes" {
 
 output "docker_service" {
   value = docker_service.instance
+}
+
+output "endpoint" {
+  value = try(
+    "https://${var.traefik.domain}",
+    "http://${docker_service.instance.name}:${docker_service.instance.endpoint_spec[0].ports[0].target_port}",
+    null
+  )
 }

docker/service/service.tf

@@ -85,7 +85,7 @@ resource "docker_service" "instance" {
 
     # Apply the networks
     dynamic "networks_advanced" {
-      for_each = data.docker_network.networks
+      for_each = var.networks
       content {
         name = networks_advanced.value.id
       }

docker/socket-proxy/socket-proxy.tf

@@ -10,7 +10,7 @@ module "service" {
   service_name          = var.service_name
   placement_constraints = concat(["node.role == manager"], var.placement_constraints)
   global                = true
-  networks              = [module.network.network]
+  networks              = [module.network]
   mounts                = { "/var/run/docker.sock" = "/var/run/docker.sock" }
   environment_variables = {
     SWARM      = 1

products/forgejo/actions-runner/inputs.tf

@@ -21,7 +21,13 @@ variable "forgejo_runner_name" {
 variable "forgejo_runner_labels" {
   description = "The labels to use for the runner"
   type        = list(string)
-  default     = []
+  default = [
+    "self-hosted:docker://gitea/runner-images:ubuntu-latest",
+    "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest",
+    "ubuntu-24.04:docker://gitea/runner-images:ubuntu-24.04",
+    "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04",
+    "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04",
+  ]
 }
 variable "forgejo_instance_url" {
   type        = string

products/forgejo/forgejo/app.ini.tpl

@@ -0,0 +1,104 @@
+APP_NAME = ${name}
+APP_SLOGAN = ${slogan}
+RUN_MODE = prod
+RUN_USER = git
+WORK_PATH = /data/gitea
+
+[repository]
+ROOT = /data/git/repositories
+
+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+[repository.upload]
+TEMP_PATH = /data/gitea/uploads
+
+[server]
+APP_DATA_PATH = /data/gitea
+DOMAIN = ${domain}
+SSH_DOMAIN = ${domain}
+HTTP_PORT = 3000
+ROOT_URL = https://${domain}/
+DISABLE_SSH = false
+START_SSH_SERVER = true
+SSH_PORT = ${ssh_port}
+#SSH_LISTEN_PORT = ${ssh_port}
+LFS_START_SERVER = true
+LFS_JWT_SECRET = 4mO5Yya8SZU7Ux4gkI_0gHknpQXP0qovBgm08KtrVN4
+OFFLINE_MODE = false
+
+[database]
+PATH = /data/gitea/gitea.db
+DB_TYPE = postgres
+HOST = ${database_host}:${database_port}
+NAME = ${database_database}
+USER = ${database_username}
+PASSWD = ${database_password}
+LOG_SQL = false
+SCHEMA =
+SSL_MODE = disable
+
+[indexer]
+ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
+[session]
+PROVIDER_CONFIG = /data/gitea/sessions
+PROVIDER = file
+
+[picture]
+AVATAR_UPLOAD_PATH = /data/gitea/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
+
+[attachment]
+PATH = /data/gitea/attachments
+
+[log]
+MODE = console
+LEVEL = Debug
+ROOT_PATH = /data/gitea/log
+
+[security]
+INSTALL_LOCK = true
+SECRET_KEY =
+REVERSE_PROXY_LIMIT = 1
+REVERSE_PROXY_TRUSTED_PROXIES = *
+INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE3MTc1MTg0Njh9.8aE5mPl4hj4oRhg_C6gywYThjqpNF0WnSfqSG38LnK8
+PASSWORD_HASH_ALGO = pbkdf2
+
+[service]
+DISABLE_REGISTRATION = true
+REQUIRE_SIGNIN_VIEW = false
+REGISTER_EMAIL_CONFIRM = false
+ENABLE_NOTIFY_MAIL = false
+ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+ENABLE_CAPTCHA = false
+DEFAULT_KEEP_EMAIL_PRIVATE = true
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING = true
+NO_REPLY_ADDRESS = ${email}
+
+[lfs]
+PATH = /data/git/lfs
+
+[mailer]
+ENABLED = false
+
+[openid]
+ENABLE_OPENID_SIGNIN = true
+ENABLE_OPENID_SIGNUP = true
+
+[cron.update_checker]
+ENABLED = false
+
+[repository.pull-request]
+DEFAULT_MERGE_STYLE = merge
+
+[repository.signing]
+DEFAULT_TRUST_MODEL = committer
+
+[oauth2]
+JWT_SECRET = YYPen0kJxu9VjTflmyhwJ65Pm2TFYMbyKYqUhvD0PiA
+
+[actions]
+ENABLED = true
+DEFAULT_ACTIONS_URL = https://github.com

products/forgejo/forgejo/database.tf

@@ -0,0 +1,14 @@
+module "postgres" {
+  source                = "../../../products/postgres"
+  stack_name            = var.stack_name
+  placement_constraints = var.placement_constraints
+  postgres_version      = "15"
+  networks              = [module.forgejo_network]
+  data_persist_path     = "/fast/gitea/db"
+  ports = [
+    {
+      host      = 62800
+      container = 5432
+    },
+  ]
+}

products/forgejo/forgejo/forgejo.tf

@@ -0,0 +1,43 @@
+
+module "forgejo" {
+  source                = "../../../docker/service"
+  image                 = "${var.forgejo_image}:${var.forgejo_version}"
+  stack_name            = var.stack_name
+  service_name          = "forgejo"
+  placement_constraints = var.placement_constraints
+  networks              = concat(var.networks, [module.forgejo_network])
+  configs = {
+    "/data/gitea/conf/app.ini" = templatefile("${path.module}/app.ini.tpl", merge({
+      name              = var.forgejo_name
+      slogan            = var.forgejo_slogan
+      domain            = var.traefik != null ? var.traefik.domain : ""
+      email             = var.forgejo_email
+      ssh_port          = var.ssh_port
+      database_host     = module.postgres.docker_service.name
+      database_port     = 5432
+      database_database = module.postgres.database
+      database_username = module.postgres.username
+      database_password = module.postgres.password
+    }))
+  }
+  mounts = merge(var.mounts, {
+    "/etc/timezone"  = "/etc/timezone",
+    "/etc/localtime" = "/etc/localtime",
+  })
+  environment_variables = {
+    USER_UID = 1000
+    USER_GID = 1000
+  }
+  start_first = false
+  ports = [
+    {
+      host      = 222
+      container = 222
+    },
+    {
+      host      = 3000
+      container = 3000
+    },
+  ]
+  traefik = var.traefik
+}

products/forgejo/forgejo/inputs.tf

@@ -0,0 +1,65 @@
+variable "forgejo_image" {
+  default     = "code.forgejo.org/forgejo/forgejo"
+  type        = string
+  description = "The docker image to use for the forgejo runner service."
+}
+variable "forgejo_version" {
+  default     = "9"
+  type        = string
+  description = "The version of the docker image to use for the forgejo runner service."
+}
+
+variable "forgejo_slogan" {
+  type        = string
+  description = "The slogan to use for the forgejo instance."
+  default     = ""
+}
+variable "forgejo_name" {
+  type        = string
+  description = "The name to use for the forgejo instance."
+  default     = "Forgejo"
+}
+variable "forgejo_email" {
+  type        = string
+  description = "The email to use for the forgejo instance."
+  default     = "forgejo@example.com"
+}
+variable "ssh_port" {
+  type        = number
+  description = "The port to use for ssh."
+  default     = 2222
+}
+variable "stack_name" {
+  type        = string
+  description = "The name of the stack to deploy the service to."
+  default     = "forgejo"
+}
+
+variable "placement_constraints" {
+  default     = []
+  type        = list(string)
+  description = "Docker placement constraints"
+}
+variable "networks" {
+  type = list(object({
+    name = string
+    id   = string
+  }))
+  default     = []
+  description = "A list of network names to attach the service to."
+}
+variable "mounts" {
+  #host=>container
+  type        = map(string)
+  default     = {}
+  description = "A map of host paths to container paths to mount. Key is Host path, Value is Container path"
+}
+
+variable "traefik" {
+  default = null
+  type = object({
+    domain = string
+    port   = optional(number, 3000)
+  })
+  description = "Whether to enable traefik for the service."
+}

products/forgejo/forgejo/networks.tf

@@ -0,0 +1,5 @@
+module "forgejo_network" {
+  source       = "../../../docker/network"
+  stack_name   = var.stack_name
+  network_name = "forgejo"
+}

products/forgejo/forgejo/outputs.tf

@@ -0,0 +1,10 @@
+output "docker_service" {
+  value = module.forgejo.docker_service
+}
+output "postgres" {
+  value = module.postgres
+}
+
+output "endpoint" {
+  value = module.forgejo.endpoint
+}

products/forgejo/forgejo/terraform.tf

@@ -0,0 +1,11 @@
+terraform {
+  required_version = "~> 1.6"
+  required_providers {
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "~>3.0"
+    }
+  }
+}
+
+

products/frigate/inputs.tf

@@ -8,7 +8,10 @@ variable "shm_size_mb" {
   description = "The size of the shared memory segment in MB"
 }
 variable "networks" {
-  type        = list(string)
+  type = list(object({
+    name = string
+    id   = string
+  }))
   default     = []
   description = "A list of network names to attach the service to."
 }

products/frigate/labels.tf

@@ -3,12 +3,12 @@ locals {
   container_name = "frigate"
   # Define service labels en-masse
   labels = merge({
-    "com.docker.stack.namespace"    = var.stack_name
-    "com.docker.stack.image"        = data.docker_registry_image.frigate.name
-    "ooo.grey.service.stack"        = var.stack_name
-    "ooo.grey.service.name"         = local.container_name
-    "ooo.grey.service.image"        = data.docker_registry_image.frigate.name
-    "ooo.grey.service.image.digest" = data.docker_registry_image.frigate.sha256_digest
+    "com.docker.stack.namespace" = var.stack_name
+    "com.docker.stack.image"     = data.docker_registry_image.frigate.name
+    "ooo.grey.service.stack"     = var.stack_name
+    "ooo.grey.service.name"      = local.container_name
+    "ooo.grey.service.image"     = data.docker_registry_image.frigate.name
+    #"ooo.grey.service.image.digest" = data.docker_registry_image.frigate.sha256_digest
   }, local.traefik_labels, var.labels)
 
   # Calculate the traefik labels to use if enabled

products/homeassistant/inputs.tf

@@ -21,7 +21,10 @@ variable "mounts" {
   description = "A map of host paths to container paths to mount. The key is the host path, and the value is the container path."
 }
 variable "networks" {
-  type        = list(string)
+  type = list(object({
+    name = string
+    id   = string
+  }))
   default     = []
   description = "A list of network names to attach the service to."
 }

products/homeassistant/outputs.tf

@@ -1,3 +1,6 @@
 output "docker_service" {
   value = module.homeassistant.docker_service
+}
+output "endpoint" {
+  value = module.homeassistant.endpoint
 }

products/minio/inputs.tf

@@ -4,7 +4,10 @@ variable "stack_name" {
   description = "The name of the stack to create."
 }
 variable "networks" {
-  type        = list(string)
+  type = list(object({
+    name = string
+    id   = string
+  }))
   default     = []
   description = "A list of network names to attach the service to."
 }

products/minio/minio.tf

@@ -32,7 +32,7 @@ module "minio" {
     MINIO_API_ROOT_ACCESS      = "on"
   }
   mounts                = var.mounts
-  networks              = concat(["loadbalancer-traefik"], var.networks)
+  networks              = var.networks
   placement_constraints = var.placement_constraints
   labels = {
     "traefik.enable" = "true"

products/minio/outputs.tf

@@ -1,3 +1,7 @@
 output "docker_service" {
   value = module.minio.docker_service
+}
+
+output "endpoint" {
+  value = module.minio.endpoint
 }

products/mitmproxy/inputs.tf

@@ -5,11 +5,13 @@ variable "stack_name" {
 }
 
 variable "networks" {
-  type        = list(string)
+  type = list(object({
+    name = string
+    id   = string
+  }))
   default     = []
   description = "A list of network names to attach the service to."
 }
-
 variable "traefik" {
   default = null
   type = object({

products/nginx/inputs.tf

@@ -14,6 +14,8 @@ variable "networks" {
     name = string
     id   = string
   }))
+  default     = []
+  description = "A list of network names to attach the service to."
 }
 variable "replicas" {
   type        = number

products/pgbackweb/inputs.tf

@@ -24,8 +24,12 @@ variable "placement_constraints" {
   description = "Docker Swarm placement constraints"
 }
 variable "networks" {
-  type    = list(string)
-  default = []
+  type = list(object({
+    name = string
+    id   = string
+  }))
+  default     = []
+  description = "A list of network names to attach the service to."
 }
 variable "domain" {
   type        = string

products/pgbackweb/outputs.tf

@@ -2,6 +2,6 @@ output "docker_service" {
   value = module.pgbackweb.docker_service
 }
 
-output "postgres_service" {
-  value = module.postgres.docker_service
+output "postgres" {
+  value = module.postgres
 }

products/pgbackweb/pgbackweb.tf

@@ -15,7 +15,7 @@ module "pgbackweb" {
   }
   stack_name            = var.stack_name
   service_name          = var.service_name
-  networks              = concat([module.network.network], var.networks)
+  networks              = concat([module.network], var.networks)
   placement_constraints = var.placement_constraints
   traefik               = { domain = var.domain }
 }
@@ -23,7 +23,7 @@ module "postgres" {
   source                = "../postgres"
   postgres_version      = "16"
   stack_name            = var.stack_name
-  networks              = [module.network.network]
+  networks              = [module.network]
   placement_constraints = var.placement_constraints
   database              = "pgbackweb"
   username              = "pgbackweb"

products/portainer/ui/inputs.tf

@@ -3,6 +3,14 @@ variable "stack_name" {
   type        = string
   description = "The name of the stack to create."
 }
+variable "networks" {
+  type = list(object({
+    name = string
+    id   = string
+  }))
+  default     = []
+  description = "A list of network names to attach the service to."
+}
 variable "traefik" {
   default = null
   type = object({

products/portainer/ui/network.tf

@@ -0,0 +1,5 @@
+module "portainer_network" {
+  source       = "../../../docker/network"
+  stack_name   = var.stack_name
+  network_name = "portainer"
+}

products/portainer/ui/output.tf

@@ -7,3 +7,7 @@ output "portainer" {
     service_name = module.portainer.docker_service.name
   }
 }
+
+output "network" {
+  value = module.portainer_network
+}

products/portainer/ui/ui.tf

@@ -29,7 +29,7 @@ module "portainer" {
   }
   traefik     = var.traefik
   mounts      = var.should_mount_local_docker_socket ? { "/var/run/docker.sock" = "/var/run/docker.sock" } : {}
-  networks    = ["loadbalancer-traefik"]
+  networks    = var.networks
   start_first = false
   placement_constraints = concat([
     "node.role == manager",

products/postgres/inputs.tf

@@ -29,8 +29,12 @@ variable "stack_name" {
   type = string
 }
 variable "networks" {
-  type    = list(string)
-  default = []
+  type = list(object({
+    name = string
+    id   = string
+  }))
+  default     = []
+  description = "A list of network names to attach the service to."
 }
 variable "ports" {
   type = list(object({
@@ -57,4 +61,9 @@ variable "placement_constraints" {
   default     = []
   type        = list(string)
   description = "Docker Swarm placement constraints"
+}
+variable "data_persist_path" {
+  default     = null
+  description = "Path on host machine to persist data. Leaving this blank will provision an ephemeral volume."
+  type        = string
 }

products/postgres/outputs.tf

@@ -15,4 +15,8 @@ output "ports" {
 }
 output "docker_service" {
   value = module.service.docker_service
+}
+
+output "endpoint" {
+  value = "postgres://${local.username}:${local.password}@${module.service.service_name}:5432/${local.database}"
 }

products/postgres/postgres.tf

@@ -10,9 +10,18 @@ module "service" {
     POSTGRES_PASSWORD = local.password
     POSTGRES_DB       = local.database
   }
-  volumes = {
-    "data" = "/var/lib/postgresql/data",
-  }
+  volumes               = local.volumes
+  mounts                = local.mounts
   ports                 = var.ports
   placement_constraints = var.placement_constraints
+}
+
+locals {
+  volumes = var.data_persist_path == null ? {
+    "data" = "/var/lib/postgres/data"
+  } : {}
+  mounts = var.data_persist_path != null ? {
+    "${var.data_persist_path}" = "/var/lib/postgres/data"
+  } : {}
+
 }

products/quassel/quassel.tf

@@ -17,7 +17,7 @@ module "service" {
   image        = "${var.quassel_image}:${var.quassel_version}"
   stack_name   = var.stack_name
   service_name = "quassel"
-  networks     = [module.network.network]
+  networks     = [module.network]
   environment_variables = {
     PUID               = 1000
     PGID               = 1000

products/redis/inputs.tf

@@ -20,8 +20,12 @@ variable "stack_name" {
   type = string
 }
 variable "networks" {
-  type    = list(string)
-  default = []
+  type = list(object({
+    name = string
+    id   = string
+  }))
+  default     = []
+  description = "A list of network names to attach the service to."
 }
 variable "ports" {
   type = list(object({

products/smokeping/inputs.tf

@@ -7,7 +7,7 @@ variable "traefik" {
   default = null
   type = object({
     domain = string
-    port   = optional(number)
+    port   = optional(number, 80)
   })
   description = "Whether to enable traefik for the service."
 }
@@ -16,3 +16,11 @@ variable "placement_constraints" {
   type        = list(string)
   description = "Docker Swarm placement constraints"
 }
+variable "networks" {
+  type = list(object({
+    name = string
+    id   = string
+  }))
+  default     = []
+  description = "A list of network names to attach the service to."
+}

products/smokeping/outputs.tf

@@ -1,3 +1,6 @@
 output "docker_service" {
   value = module.smokeping.docker_service
+}
+output "endpoint" {
+  value = module.smokeping.endpoint
 }

products/smokeping/smokeping.tf

@@ -10,6 +10,6 @@ module "smokeping" {
     TZ   = var.timezone
   }
   traefik               = var.traefik
-  networks              = ["loadbalancer-traefik"]
+  networks              = var.networks
   placement_constraints = var.placement_constraints
 }

products/statping/inputs.tf

@@ -23,7 +23,10 @@ variable "description" {
   default = "This is an install of statping"
 }
 variable "networks" {
-  type        = list(string)
+  type = list(object({
+    name = string
+    id   = string
+  }))
   default     = []
   description = "A list of network names to attach the service to."
 }
@@ -46,7 +49,7 @@ variable "traefik" {
   default = null
   type = object({
     domain = string
-    port   = optional(number)
+    port   = optional(number, 8080)
   })
   description = "Whether to enable traefik for the service."
 }

products/statping/outputs.tf

@@ -11,3 +11,9 @@ output "statping" {
     }
   }
 }
+output "endpoint" {
+  value = module.statping.endpoint
+}
+output "postgres" {
+  value = module.postgres
+}

products/statping/statping.tf

@@ -6,16 +6,16 @@ module "postgres" {
   source                = "../../products/postgres"
   postgres_version      = "16"
   stack_name            = var.stack_name
-  networks              = [module.network.network]
+  networks              = [module.network]
   placement_constraints = var.placement_constraints
   ports                 = [{ container = 5432, host = 65200 }]
 }
-module "service" {
+module "statping" {
   source       = "../../docker/service"
   image        = "${var.statping_image}:${var.statping_version}"
   stack_name   = var.stack_name
   service_name = "statping"
-  networks     = concat([module.network.network, "loadbalancer-traefik"], var.networks)
+  networks     = concat([module.network], var.networks)
   environment_variables = merge({
     VIRTUAL_HOST = "localhost"
     VIRTUAL_PORT = "8080"

products/traefik/traefik.tf

@@ -9,7 +9,7 @@ module "traefik" {
   stack_name            = var.stack_name
   service_name          = "traefik"
   image                 = "traefik:v3.2"
-  networks              = [module.traefik_network.network, module.docker_socket_proxy.network, ]
+  networks              = [module.traefik_network, module.docker_socket_proxy.network, ]
   mounts                = { "/goliath/letsencrypt" = "/certs" }
   placement_constraints = var.placement_constraints
   converge_enable       = false // @todo add healthcheck