From d58f583df851d84af24b89a2c8ec717dd67fafaa Mon Sep 17 00:00:00 2001
From: Matthew Baggett <matthew@baggett.me>
Date: Mon, 3 Mar 2025 14:34:42 +0100
Subject: [PATCH] Create instance of Nginx Proxy Manager
---
products/nginx-proxy-manager/auth.tf | 20 +++++++++++++
products/nginx-proxy-manager/inputs.tf | 20 +++++++++++++
products/nginx-proxy-manager/network.tf | 5 ++++
.../nginx-proxy-manager.tf | 28 +++++++++++++++++++
products/nginx-proxy-manager/outputs.tf | 14 ++++++++++
products/nginx-proxy-manager/postgres.tf | 13 +++++++++
products/nginx-proxy-manager/terraform.tf | 9 ++++++
7 files changed, 109 insertions(+)
create mode 100644 products/nginx-proxy-manager/auth.tf
create mode 100644 products/nginx-proxy-manager/inputs.tf
create mode 100644 products/nginx-proxy-manager/network.tf
create mode 100644 products/nginx-proxy-manager/nginx-proxy-manager.tf
create mode 100644 products/nginx-proxy-manager/outputs.tf
create mode 100644 products/nginx-proxy-manager/postgres.tf
create mode 100644 products/nginx-proxy-manager/terraform.tf
diff --git a/products/nginx-proxy-manager/auth.tf b/products/nginx-proxy-manager/auth.tf
new file mode 100644
index 0000000..a11a6a9
--- /dev/null
+++ b/products/nginx-proxy-manager/auth.tf
@@ -0,0 +1,20 @@
+variable "admin_email" {
+ type = string
+ description = "The email address to use for the admin user."
+}
+variable "admin_password" {
+ default = null
+ type = string
+ description = "The password to use for the admin user."
+}
+
+resource "random_password" "password" {
+ count = var.admin_password == null ? 1 : 0
+ length = 32
+ special = false
+}
+
+locals {
+ admin_email = var.admin_email
+ admin_password = var.admin_password == null ? random_password.password[0].result : var.admin_password
+}
\ No newline at end of file
diff --git a/products/nginx-proxy-manager/inputs.tf b/products/nginx-proxy-manager/inputs.tf
new file mode 100644
index 0000000..bbb78bf
--- /dev/null
+++ b/products/nginx-proxy-manager/inputs.tf
@@ -0,0 +1,20 @@
+variable "enable" {
+ default = true
+ type = bool
+ description = "Whether to enable the service or to merely provision the service."
+}
+variable "stack_name" {
+ type = string
+ description = "The name of the stack to deploy the service to."
+ default = "nginx-proxy"
+}
+variable "publish_mode" {
+ type = string
+ description = "The publish mode for the service."
+ default = "ingress"
+}
+variable "data_persist_path" {
+ type = string
+ description = "The path to persist data to."
+ default = "/data/nginx-proxy-manager"
+}
diff --git a/products/nginx-proxy-manager/network.tf b/products/nginx-proxy-manager/network.tf
new file mode 100644
index 0000000..3dc29bf
--- /dev/null
+++ b/products/nginx-proxy-manager/network.tf
@@ -0,0 +1,5 @@
+
+module "network" {
+ source = "../../docker/network"
+ stack_name = var.stack_name
+}
\ No newline at end of file
diff --git a/products/nginx-proxy-manager/nginx-proxy-manager.tf b/products/nginx-proxy-manager/nginx-proxy-manager.tf
new file mode 100644
index 0000000..50ef962
--- /dev/null
+++ b/products/nginx-proxy-manager/nginx-proxy-manager.tf
@@ -0,0 +1,28 @@
+module "nginx_proxy_manager" {
+ source = "../../docker/service"
+ enable = var.enable
+ image = "jc21/nginx-proxy-manager:latest"
+ service_name = "nginx"
+ stack_name = "proxy"
+ networks = [module.network]
+ converge_enable = false # @todo: Write a healthcheck for the service and enable this.
+ ports = [
+ { host = 80, container = 80, publish_mode = var.publish_mode },
+ { host = 443, container = 443, publish_mode = var.publish_mode },
+ { host = 8080, container = 81, publish_mode = var.publish_mode },
+ ]
+ mounts = {
+ "${var.data_persist_path}/data" = "/data",
+ "${var.data_persist_path}/letsencrypt" = "/etc/letsencrypt",
+ }
+ environment_variables = {
+ DB_POSTGRES_HOST = module.postgres.service_name
+ DB_POSTGRES_PORT = "5432"
+ DB_POSTGRES_USER = module.postgres.username
+ DB_POSTGRES_NAME = module.postgres.database
+ DB_POSTGRES_PASSWORD = module.postgres.password
+ DISABLE_IPV6 = "true"
+ INITIAL_ADMIN_EMAIL = var.admin_email
+ INITIAL_ADMIN_PASSWORD = var.admin_password
+ }
+}
diff --git a/products/nginx-proxy-manager/outputs.tf b/products/nginx-proxy-manager/outputs.tf
new file mode 100644
index 0000000..117d438
--- /dev/null
+++ b/products/nginx-proxy-manager/outputs.tf
@@ -0,0 +1,14 @@
+output "authentication" {
+ value = {
+ user = local.admin_email
+ pass = nonsensitive(local.admin_password)
+ }
+}
+output "postgres" {
+ value = {
+ username = module.postgres.username
+ password = module.postgres.password
+ database = module.postgres.database
+ endpoint = module.postgres.endpoint
+ }
+}
\ No newline at end of file
diff --git a/products/nginx-proxy-manager/postgres.tf b/products/nginx-proxy-manager/postgres.tf
new file mode 100644
index 0000000..ee485b2
--- /dev/null
+++ b/products/nginx-proxy-manager/postgres.tf
@@ -0,0 +1,13 @@
+module "postgres" {
+ source = "../../products/postgres"
+ enable = var.enable
+ stack_name = "proxy"
+ service_name = "postgres"
+ networks = [module.network]
+ database = "nginx-proxy-manager"
+ username = "nginx-proxy-manager"
+ data_persist_path = "${var.data_persist_path}/postgres"
+ ports = [
+ { container = 5432, publish_mode = var.publish_mode },
+ ]
+}
\ No newline at end of file
diff --git a/products/nginx-proxy-manager/terraform.tf b/products/nginx-proxy-manager/terraform.tf
new file mode 100644
index 0000000..ef53bac
--- /dev/null
+++ b/products/nginx-proxy-manager/terraform.tf
@@ -0,0 +1,9 @@
+terraform {
+ required_version = "~> 1.6"
+ required_providers {
+ docker = {
+ source = "kreuzwerker/docker"
+ version = "~> 3.0"
+ }
+ }
+}