Compare commits
11 commits
9e0e141996
...
b56fa28b31
Author | SHA1 | Date | |
---|---|---|---|
|
b56fa28b31 | ||
5f01e175a8 | |||
3ce144ce24 | |||
793568095e | |||
4482dbb3c6 | |||
e8a89352e2 | |||
7dd930d465 | |||
7161564458 | |||
f23b6fbb2f | |||
5863de84aa | |||
5d77766197 |
16 changed files with 322 additions and 138 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -4,3 +4,4 @@
|
||||||
/terraform.tfstate*
|
/terraform.tfstate*
|
||||||
/.terraform.tfstate*
|
/.terraform.tfstate*
|
||||||
/.github/cache
|
/.github/cache
|
||||||
|
/terraform.tfvars
|
|
@ -24,13 +24,13 @@ lint:
|
||||||
- checkov
|
- checkov
|
||||||
enabled:
|
enabled:
|
||||||
- hadolint@2.12.0
|
- hadolint@2.12.0
|
||||||
- tflint@0.51.1
|
- tflint@0.52.0
|
||||||
- gitleaks@8.18.4
|
- gitleaks@8.18.4
|
||||||
- markdownlint@0.41.0
|
- markdownlint@0.41.0
|
||||||
- taplo@0.8.1
|
- taplo@0.9.2
|
||||||
- actionlint@1.7.1
|
- actionlint@1.7.1
|
||||||
- git-diff-check
|
- git-diff-check
|
||||||
- prettier@3.3.2
|
- prettier@3.3.3
|
||||||
- yamllint@1.35.1
|
- yamllint@1.35.1
|
||||||
definitions:
|
definitions:
|
||||||
- name: markdownlint
|
- name: markdownlint
|
||||||
|
@ -49,12 +49,12 @@ tools:
|
||||||
- gh@2.49.2
|
- gh@2.49.2
|
||||||
- jq@jq-1.7.1
|
- jq@jq-1.7.1
|
||||||
- yq@4.44.1
|
- yq@4.44.1
|
||||||
- awscli@1.33.17
|
- awscli@1.33.26
|
||||||
- action-validator@0.6.0
|
- action-validator@0.6.0
|
||||||
- act@0.2.63
|
- act@0.2.64
|
||||||
- shellcheck@0.10.0
|
- shellcheck@0.10.0
|
||||||
- hadolint@2.12.0
|
- hadolint@2.12.0
|
||||||
- tofu@1.7.2
|
- tofu@1.7.2
|
||||||
- trunk-toolbox@0.3.2
|
- trunk-toolbox@0.3.2
|
||||||
- tflint@0.51.1
|
- tflint@0.52.0
|
||||||
- terraform@1.9.0
|
- terraform@1.9.0
|
||||||
|
|
35
docker.tf
35
docker.tf
|
@ -1,33 +1,28 @@
|
||||||
/*provider "ssh" {
|
|
||||||
server = {
|
|
||||||
host = "california.ti"
|
|
||||||
port = 22
|
|
||||||
}
|
|
||||||
user = "techinc"
|
|
||||||
auth = {
|
|
||||||
private_key = {
|
|
||||||
content = file("~/.ssh/keys/exploding_bolts_2_rsa")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
data "ssh_tunnel" "docker" {
|
|
||||||
connection_name = "docker_socket_tunnel_california"
|
|
||||||
remote = {
|
|
||||||
socket = "/var/run/docker.sock"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
|
|
||||||
provider "docker" {
|
provider "docker" {
|
||||||
host = "ssh://california.ti"
|
host = "ssh://california.ti"
|
||||||
|
registry_auth {
|
||||||
|
address = "docker.io"
|
||||||
|
username = "matthewbaggett"
|
||||||
|
password = "dckr_pat_6ytcZqdfqRXzFYe5GUh79RfH1Hw"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
provider "docker" {
|
provider "docker" {
|
||||||
alias = "printi"
|
alias = "printi"
|
||||||
host = "ssh://prin.ti"
|
host = "ssh://prin.ti"
|
||||||
|
registry_auth {
|
||||||
|
address = "docker.io"
|
||||||
|
username = "matthewbaggett"
|
||||||
|
password = "dckr_pat_6ytcZqdfqRXzFYe5GUh79RfH1Hw"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
provider "docker" {
|
provider "docker" {
|
||||||
alias = "unifi"
|
alias = "unifi"
|
||||||
host = "ssh://unifi.ti"
|
host = "ssh://unifi.ti"
|
||||||
|
registry_auth {
|
||||||
|
address = "docker.io"
|
||||||
|
username = "matthewbaggett"
|
||||||
|
password = "dckr_pat_6ytcZqdfqRXzFYe5GUh79RfH1Hw"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
1
minio.tf
1
minio.tf
|
@ -4,4 +4,5 @@ module "minio" {
|
||||||
network = docker_network.loadbalancer
|
network = docker_network.loadbalancer
|
||||||
storage_path = "/media/storage/minio"
|
storage_path = "/media/storage/minio"
|
||||||
admin_username = "techinc"
|
admin_username = "techinc"
|
||||||
|
expose_ports = true
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,3 +18,8 @@ variable "storage_path" {
|
||||||
type = string
|
type = string
|
||||||
description = "The path to the storage directory to use"
|
description = "The path to the storage directory to use"
|
||||||
}
|
}
|
||||||
|
variable "expose_ports" {
|
||||||
|
type = bool
|
||||||
|
description = "Expose the minio ports to the outside world"
|
||||||
|
default = false
|
||||||
|
}
|
|
@ -49,6 +49,21 @@ resource "docker_service" "minio" {
|
||||||
parallelism = 1
|
parallelism = 1
|
||||||
order = "stop-first"
|
order = "stop-first"
|
||||||
}
|
}
|
||||||
|
dynamic "endpoint_spec" {
|
||||||
|
for_each = var.expose_ports ? toset(["aw yis"]) : toset([])
|
||||||
|
content {
|
||||||
|
ports {
|
||||||
|
target_port = 9000
|
||||||
|
published_port = 9000
|
||||||
|
publish_mode = "ingress"
|
||||||
|
}
|
||||||
|
ports {
|
||||||
|
target_port = 9001
|
||||||
|
published_port = 9001
|
||||||
|
publish_mode = "ingress"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
module "minio_nginx_config" {
|
module "minio_nginx_config" {
|
||||||
|
|
|
@ -7,19 +7,22 @@ locals {
|
||||||
})
|
})
|
||||||
]
|
]
|
||||||
vigil_toml = templatefile("${path.module}/vigil.toml.tpl", {
|
vigil_toml = templatefile("${path.module}/vigil.toml.tpl", {
|
||||||
manager_token = random_password.token["manager"].result
|
manager_token = random_password.token["manager"].result
|
||||||
reporter_token = random_password.token["worker"].result
|
reporter_token = random_password.token["worker"].result
|
||||||
page_title = var.page_title
|
page_title = var.page_title
|
||||||
page_url = var.page_url
|
page_url = var.page_url
|
||||||
company_name = var.company_name
|
company_name = var.company_name
|
||||||
icon_color = var.icon_color
|
icon_color = var.icon_color
|
||||||
icon_url = var.icon_url
|
icon_url = var.icon_url
|
||||||
logo_color = var.logo_color
|
logo_color = var.logo_color
|
||||||
logo_url = var.logo_url
|
logo_url = var.logo_url
|
||||||
website_url = var.website_url
|
website_url = var.website_url
|
||||||
support_url = var.support_url
|
support_url = var.support_url
|
||||||
custom_html = var.custom_html
|
custom_html = var.custom_html
|
||||||
services = local.services_toml
|
services = local.services_toml
|
||||||
|
startup_notification = var.notify_on_startup
|
||||||
|
telegram_bot_token = var.notify_telegram.token
|
||||||
|
telegram_chat_id = var.notify_telegram.channel
|
||||||
})
|
})
|
||||||
vigil_toml_checksum = md5(local.vigil_toml)
|
vigil_toml_checksum = md5(local.vigil_toml)
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,17 +16,29 @@ variable "docker_networks" {
|
||||||
description = "Docker networks to connect the vigil service to"
|
description = "Docker networks to connect the vigil service to"
|
||||||
default = null
|
default = null
|
||||||
}
|
}
|
||||||
|
variable "notify_on_startup" {
|
||||||
|
type = bool
|
||||||
|
description = "Whether to send a startup notifications"
|
||||||
|
default = false
|
||||||
|
}
|
||||||
|
variable "notify_telegram" {
|
||||||
|
type = object({
|
||||||
|
token = string
|
||||||
|
channel = string
|
||||||
|
topic = optional(string, null)
|
||||||
|
})
|
||||||
|
description = "Telegram configuration"
|
||||||
|
default = null
|
||||||
|
}
|
||||||
variable "monitored_services" {
|
variable "monitored_services" {
|
||||||
type = map(list(object({
|
type = map(list(object({
|
||||||
id = string
|
id = string
|
||||||
label = string
|
label = string
|
||||||
endpoints = list(string)
|
endpoints = list(string)
|
||||||
http_method = optional(string, null)
|
http_method = optional(string, null)
|
||||||
http_status_healthy_below = optional(number, 400)
|
http_status_healthy_below = optional(number, 400)
|
||||||
http_status_healthy_above = optional(number, 200)
|
http_status_healthy_above = optional(number, 200)
|
||||||
})))
|
})))
|
||||||
|
|
||||||
}
|
}
|
||||||
variable "page_title" {
|
variable "page_title" {
|
||||||
type = string
|
type = string
|
||||||
|
|
|
@ -54,14 +54,14 @@ queue_nack_dead_above = 5000
|
||||||
queue_loaded_retry_delay = 500
|
queue_loaded_retry_delay = 500
|
||||||
|
|
||||||
[notify]
|
[notify]
|
||||||
startup_notification = false
|
startup_notification = ${startup_notification}
|
||||||
reminder_interval = 600
|
reminder_interval = 600
|
||||||
reminder_backoff_function = "linear"
|
reminder_backoff_function = "linear"
|
||||||
reminder_backoff_limit = 3
|
reminder_backoff_limit = 3
|
||||||
|
|
||||||
#[notify.telegram]
|
[notify.telegram]
|
||||||
#bot_token = "xxxxxxxxxx:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
|
bot_token = "${telegram_bot_token}"
|
||||||
#chat_id = "xxxxxxxxx"
|
chat_id = "${telegram_chat_id}"
|
||||||
|
|
||||||
[probe]
|
[probe]
|
||||||
|
|
||||||
|
|
210
netbox.tf
210
netbox.tf
|
@ -1,17 +1,20 @@
|
||||||
# Docker images in use
|
# Docker images in use
|
||||||
data "docker_registry_image" "netbox" {
|
data "docker_registry_image" "netbox" {
|
||||||
name = "docker.io/netboxcommunity/netbox:v4.0-2.9.1"
|
name = "netboxcommunity/netbox:v4.0-2.9.1"
|
||||||
}
|
}
|
||||||
data "docker_registry_image" "netbox_postgres" {
|
data "docker_registry_image" "netbox_postgres" {
|
||||||
name = "docker.io/postgres:16-alpine"
|
name = "postgres:16-alpine"
|
||||||
}
|
}
|
||||||
data "docker_registry_image" "netbox_redis" {
|
data "docker_registry_image" "netbox_redis" {
|
||||||
name = "docker.io/redis:7-alpine"
|
name = "redis:7-alpine"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Docker Network
|
# Docker Network
|
||||||
resource "docker_network" "netbox" {
|
resource "docker_network" "netbox" {
|
||||||
name = "netbox"
|
name = "netbox"
|
||||||
|
driver = "overlay"
|
||||||
|
attachable = true
|
||||||
|
ipam_driver = "default"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Docker Volumes
|
# Docker Volumes
|
||||||
|
@ -39,54 +42,64 @@ resource "docker_volume" "netbox_cache" {
|
||||||
|
|
||||||
# Configs
|
# Configs
|
||||||
resource "random_password" "postgres_password" {
|
resource "random_password" "postgres_password" {
|
||||||
length = 32
|
length = 32
|
||||||
special = false
|
special = false
|
||||||
}
|
}
|
||||||
resource "random_password" "redis_password" {
|
resource "random_password" "redis_password" {
|
||||||
length = 32
|
length = 32
|
||||||
|
special = false
|
||||||
|
}
|
||||||
|
resource "random_password" "redis_cache_password" {
|
||||||
|
length = 32
|
||||||
|
special = false
|
||||||
|
}
|
||||||
|
resource "random_password" "secret_key" {
|
||||||
|
length = 50
|
||||||
special = false
|
special = false
|
||||||
}
|
}
|
||||||
locals {
|
locals {
|
||||||
CORS_ORIGIN_ALLOW_ALL = true
|
netbox_conf = {
|
||||||
|
CORS_ORIGIN_ALLOW_ALL = true
|
||||||
|
|
||||||
DB_HOST=docker_service.netbox_postgres.name
|
DB_HOST = docker_service.netbox_postgres.name
|
||||||
DB_NAME="netbox"
|
DB_NAME = "netbox"
|
||||||
DB_PASSWORD = nonsensitive(random_password.postgres_password.result)
|
DB_PASSWORD = nonsensitive(random_password.postgres_password.result)
|
||||||
DB_USER="netbox"
|
DB_USER = "netbox"
|
||||||
|
|
||||||
EMAIL_FROM="netbox@bar.com"
|
EMAIL_FROM = "netbox@bar.com"
|
||||||
EMAIL_PASSWORD=""
|
EMAIL_PASSWORD = ""
|
||||||
EMAIL_PORT=25
|
EMAIL_PORT = 25
|
||||||
EMAIL_SERVER="localhost"
|
EMAIL_SERVER = "localhost"
|
||||||
EMAIL_SSL_CERTFILE=""
|
EMAIL_SSL_CERTFILE = ""
|
||||||
EMAIL_SSL_KEYFILE=""
|
EMAIL_SSL_KEYFILE = ""
|
||||||
EMAIL_TIMEOUT=5
|
EMAIL_TIMEOUT = 5
|
||||||
EMAIL_USERNAME="netbox"
|
EMAIL_USERNAME = "netbox"
|
||||||
# EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`!
|
# EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`!
|
||||||
EMAIL_USE_SSL=false
|
EMAIL_USE_SSL = "false"
|
||||||
EMAIL_USE_TLS=false
|
EMAIL_USE_TLS = "false"
|
||||||
|
|
||||||
GRAPHQL_ENABLED=true
|
GRAPHQL_ENABLED = "true"
|
||||||
HOUSEKEEPING_INTERVAL=86400
|
HOUSEKEEPING_INTERVAL = 86400
|
||||||
MEDIA_ROOT="/opt/netbox/netbox/media"
|
MEDIA_ROOT = "/opt/netbox/netbox/media"
|
||||||
METRICS_ENABLED=false
|
METRICS_ENABLED = "false"
|
||||||
|
|
||||||
REDIS_CACHE_DATABASE=1
|
REDIS_DATABASE = 0
|
||||||
REDIS_CACHE_HOST=docker_service.netbox_redis_cache.name
|
REDIS_HOST = docker_service.netbox_redis.name
|
||||||
REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY=false
|
REDIS_INSECURE_SKIP_TLS_VERIFY = "false"
|
||||||
REDIS_CACHE_PASSWORD=nonsensitive(random_password.redis_password.result)
|
//REDIS_PASSWORD = nonsensitive(random_password.redis_password.result)
|
||||||
REDIS_CACHE_SSL=false
|
REDIS_SSL = "false"
|
||||||
|
|
||||||
REDIS_DATABASE=0
|
REDIS_CACHE_DATABASE = 1
|
||||||
REDIS_HOST=docker_service.netbox_redis.name
|
REDIS_CACHE_HOST = docker_service.netbox_redis_cache.name
|
||||||
REDIS_INSECURE_SKIP_TLS_VERIFY=false
|
REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY = "false"
|
||||||
REDIS_PASSWORD=nonsensitive(random_password.redis_password.result)
|
//REDIS_CACHE_PASSWORD = nonsensitive(random_password.redis_cache_password.result)
|
||||||
REDIS_SSL=false
|
REDIS_CACHE_SSL = "false"
|
||||||
|
|
||||||
RELEASE_CHECK_URL="https://api.github.com/repos/netbox-community/netbox/releases"
|
RELEASE_CHECK_URL = "https://api.github.com/repos/netbox-community/netbox/releases"
|
||||||
SECRET_KEY="r(m)9nLGnz$(_q3N4z1k(EFsMCjjjzx08x9VhNVcfd%6RF#r!6DE@+V5Zk2X"
|
SECRET_KEY = nonsensitive(random_password.secret_key.result)
|
||||||
SKIP_SUPERUSER=true
|
SKIP_SUPERUSER = "true"
|
||||||
WEBHOOKS_ENABLED=true
|
WEBHOOKS_ENABLED = "true"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Services
|
# Services
|
||||||
|
@ -95,12 +108,13 @@ resource "docker_service" "netbox" {
|
||||||
task_spec {
|
task_spec {
|
||||||
container_spec {
|
container_spec {
|
||||||
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
|
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
|
||||||
user = "unit:root"
|
user = "unit:root"
|
||||||
|
env = local.netbox_conf
|
||||||
healthcheck {
|
healthcheck {
|
||||||
test = ["CMD-SHELL", "curl -f http://localhost:8080/login/ || exit 1"]
|
test = ["CMD-SHELL", "curl -f http://localhost:8080/login/ || exit 1"]
|
||||||
interval = "15s"
|
interval = "15s"
|
||||||
timeout = "3s"
|
timeout = "3s"
|
||||||
start_period = "60s"
|
start_period = "2m"
|
||||||
}
|
}
|
||||||
mounts {
|
mounts {
|
||||||
target = "/etc/netbox/config"
|
target = "/etc/netbox/config"
|
||||||
|
@ -135,18 +149,34 @@ resource "docker_service" "netbox" {
|
||||||
window = "0s"
|
window = "0s"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
endpoint_spec {
|
||||||
|
ports {
|
||||||
|
protocol = "tcp"
|
||||||
|
publish_mode = "ingress"
|
||||||
|
target_port = 8080
|
||||||
|
}
|
||||||
|
}
|
||||||
|
converge_config {
|
||||||
|
timeout = "2m"
|
||||||
|
}
|
||||||
|
depends_on = [
|
||||||
|
docker_service.netbox_postgres,
|
||||||
|
docker_service.netbox_redis,
|
||||||
|
docker_service.netbox_redis_cache,
|
||||||
|
]
|
||||||
}
|
}
|
||||||
resource "docker_service" "netbox_worker" {
|
resource "docker_service" "netbox_worker" {
|
||||||
name = "netbox-worker"
|
name = "netbox-worker"
|
||||||
task_spec {
|
task_spec {
|
||||||
container_spec {
|
container_spec {
|
||||||
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
|
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
|
||||||
user = "unit:root"
|
user = "unit:root"
|
||||||
command = ["/opt/netbox/venv/bin/python", "/opt/netbox/netbox/manage.py", "rqworker",]
|
env = local.netbox_conf
|
||||||
|
command = ["/opt/netbox/venv/bin/python", "/opt/netbox/netbox/manage.py", "rqworker", ]
|
||||||
healthcheck {
|
healthcheck {
|
||||||
test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q rqworker || exit 1"]
|
test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q rqworker || exit 1"]
|
||||||
interval = "15s"
|
interval = "15s"
|
||||||
timeout = "3s"
|
timeout = "3s"
|
||||||
start_period = "20s"
|
start_period = "20s"
|
||||||
}
|
}
|
||||||
mounts {
|
mounts {
|
||||||
|
@ -179,18 +209,25 @@ resource "docker_service" "netbox_worker" {
|
||||||
window = "0s"
|
window = "0s"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
converge_config {
|
||||||
|
timeout = "2m"
|
||||||
|
}
|
||||||
|
depends_on = [
|
||||||
|
docker_service.netbox
|
||||||
|
]
|
||||||
}
|
}
|
||||||
resource "docker_service" "netbox_housekeeping" {
|
resource "docker_service" "netbox_housekeeping" {
|
||||||
name = "netbox-housekeeping"
|
name = "netbox-housekeeping"
|
||||||
task_spec {
|
task_spec {
|
||||||
container_spec {
|
container_spec {
|
||||||
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
|
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
|
||||||
user = "unit:root"
|
user = "unit:root"
|
||||||
command = ["/opt/netbox/housekeeping.sh",]
|
env = local.netbox_conf
|
||||||
|
command = ["/opt/netbox/housekeeping.sh", ]
|
||||||
healthcheck {
|
healthcheck {
|
||||||
test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q housekeeping || exit 1"]
|
test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q housekeeping || exit 1"]
|
||||||
interval = "15s"
|
interval = "15s"
|
||||||
timeout = "3s"
|
timeout = "3s"
|
||||||
start_period = "20s"
|
start_period = "20s"
|
||||||
}
|
}
|
||||||
mounts {
|
mounts {
|
||||||
|
@ -223,6 +260,12 @@ resource "docker_service" "netbox_housekeeping" {
|
||||||
window = "0s"
|
window = "0s"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
converge_config {
|
||||||
|
timeout = "2m"
|
||||||
|
}
|
||||||
|
depends_on = [
|
||||||
|
docker_service.netbox
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
# Netbox Postgres Database
|
# Netbox Postgres Database
|
||||||
|
@ -240,7 +283,6 @@ resource "docker_service" "netbox_postgres" {
|
||||||
POSTGRES_DB = "netbox"
|
POSTGRES_DB = "netbox"
|
||||||
POSTGRES_USER = "netbox"
|
POSTGRES_USER = "netbox"
|
||||||
POSTGRES_PASSWORD = random_password.postgres_password.result
|
POSTGRES_PASSWORD = random_password.postgres_password.result
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
networks_advanced {
|
networks_advanced {
|
||||||
|
@ -252,6 +294,9 @@ resource "docker_service" "netbox_postgres" {
|
||||||
window = "0s"
|
window = "0s"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
converge_config {
|
||||||
|
timeout = "2m"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Netbox Redis
|
# Netbox Redis
|
||||||
|
@ -260,11 +305,21 @@ resource "docker_service" "netbox_redis" {
|
||||||
task_spec {
|
task_spec {
|
||||||
container_spec {
|
container_spec {
|
||||||
image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}"
|
image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}"
|
||||||
command = ["sh", "-c", "redis-server","--appendonly","yes", "--requirepass", random_password.redis_password.result, ]
|
command = [
|
||||||
|
"sh", "-c",
|
||||||
|
"redis-server",
|
||||||
|
"--appendonly", "yes",
|
||||||
|
//"--requirepass", nonsensitive(random_password.redis_password.result),
|
||||||
|
]
|
||||||
mounts {
|
mounts {
|
||||||
target = "/data"
|
target = "/data"
|
||||||
type = "volume"
|
type = "volume"
|
||||||
source = docker_volume.netbox_database.name
|
source = docker_volume.netbox_redis.name
|
||||||
|
}
|
||||||
|
healthcheck {
|
||||||
|
test = ["CMD", "sh", "-c", "redis-cli", "PING"]
|
||||||
|
interval = "5s"
|
||||||
|
timeout = "3s"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
networks_advanced {
|
networks_advanced {
|
||||||
|
@ -276,17 +331,29 @@ resource "docker_service" "netbox_redis" {
|
||||||
window = "0s"
|
window = "0s"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
converge_config {
|
||||||
|
timeout = "2m"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
resource "docker_service" "netbox_redis_cache" {
|
resource "docker_service" "netbox_redis_cache" {
|
||||||
name = "netbox-redis-cache"
|
name = "netbox-redis-cache"
|
||||||
task_spec {
|
task_spec {
|
||||||
container_spec {
|
container_spec {
|
||||||
image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}"
|
image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}"
|
||||||
command = ["sh", "-c", "redis-server", "--requirepass", random_password.redis_password.result, ]
|
command = [
|
||||||
|
"sh", "-c",
|
||||||
|
"redis-server",
|
||||||
|
//"--requirepass", nonsensitive(random_password.redis_cache_password.result),
|
||||||
|
]
|
||||||
mounts {
|
mounts {
|
||||||
target = "/data"
|
target = "/data"
|
||||||
type = "volume"
|
type = "volume"
|
||||||
source = docker_volume.netbox_database.name
|
source = docker_volume.netbox_cache.name
|
||||||
|
}
|
||||||
|
healthcheck {
|
||||||
|
test = ["CMD", "sh", "-c", "redis-cli", "PING"]
|
||||||
|
interval = "5s"
|
||||||
|
timeout = "3s"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
networks_advanced {
|
networks_advanced {
|
||||||
|
@ -298,4 +365,23 @@ resource "docker_service" "netbox_redis_cache" {
|
||||||
window = "0s"
|
window = "0s"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
converge_config {
|
||||||
|
timeout = "2m"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Set up some nginx bits for it
|
||||||
|
module "netbox_nginx_config" {
|
||||||
|
# tflint-ignore: terraform_module_pinned_source
|
||||||
|
source = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available"
|
||||||
|
hostname = "netbox.california.ti"
|
||||||
|
//certificate = acme_certificate.ooo_grey["s3"]
|
||||||
|
service_name = docker_service.netbox.name
|
||||||
|
upstream_host = "${docker_service.netbox.name}:8080"
|
||||||
|
config_prefix = "nginx"
|
||||||
|
allow_non_ssl = true
|
||||||
|
allow_ssl = false
|
||||||
|
depends_on = [
|
||||||
|
docker_service.netbox
|
||||||
|
]
|
||||||
}
|
}
|
3
nginx.tf
3
nginx.tf
|
@ -17,9 +17,10 @@ module "nginx" {
|
||||||
module.minio.nginx_files,
|
module.minio.nginx_files,
|
||||||
module.vigil_nginx_config.files,
|
module.vigil_nginx_config.files,
|
||||||
module.videobucket_nginx_config.files,
|
module.videobucket_nginx_config.files,
|
||||||
|
//module.netbox_nginx_config.files,
|
||||||
)
|
)
|
||||||
networks = [
|
networks = [
|
||||||
docker_network.loadbalancer,
|
docker_network.loadbalancer,
|
||||||
]
|
]
|
||||||
replicas = 1
|
replicas = 2
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,8 +17,7 @@ resource "scratch_string" "arse" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "docker_container" "ender5plus" {
|
resource "docker_container" "ender5plus" {
|
||||||
image = "${docker_image.octoprint.name}:latest"
|
image = docker_image.octoprint.image_id
|
||||||
#image = docker_image.octoprint.image_id
|
|
||||||
provider = docker.printi
|
provider = docker.printi
|
||||||
name = "ender5plus"
|
name = "ender5plus"
|
||||||
env = [
|
env = [
|
||||||
|
|
19
terraform.tf
19
terraform.tf
|
@ -1,5 +1,6 @@
|
||||||
terraform {
|
terraform {
|
||||||
required_version = "~> 1.6"
|
required_version = "~> 1.6"
|
||||||
|
|
||||||
required_providers {
|
required_providers {
|
||||||
docker = {
|
docker = {
|
||||||
source = "kreuzwerker/docker"
|
source = "kreuzwerker/docker"
|
||||||
|
@ -14,8 +15,24 @@ terraform {
|
||||||
version = "~> 0.1.0"
|
version = "~> 0.1.0"
|
||||||
}
|
}
|
||||||
scratch = {
|
scratch = {
|
||||||
source = "BrendanThompson/scratch"
|
source = "BrendanThompson/scratch"
|
||||||
version = "0.4.0"
|
version = "0.4.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
backend "s3" {
|
||||||
|
bucket = "terraform"
|
||||||
|
key = "ti-iac.tfstate"
|
||||||
|
profile = "techinc-tf"
|
||||||
|
shared_credentials_files = ["~/.aws/credentials"]
|
||||||
|
endpoints = {
|
||||||
|
s3 = "http://california.ti:9000"
|
||||||
|
}
|
||||||
|
region = "main" # Region validation will be skipped
|
||||||
|
skip_credentials_validation = true # Skip AWS related checks and validations
|
||||||
|
skip_requesting_account_id = true
|
||||||
|
skip_metadata_api_check = true
|
||||||
|
skip_region_validation = true
|
||||||
|
use_path_style = true # Enable path-style S3 URLs (https://<HOST>/<BUCKET> https://developer.hashicorp.com/terraform/language/settings/backends/s3#use_path_style
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
30
ubiquity.tf
30
ubiquity.tf
|
@ -53,6 +53,36 @@ resource "docker_service" "unifi_controller" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "docker_service" "unifi_controller_restored_from_backup" {
|
||||||
|
name = "unifi_controller_restored_from_backup"
|
||||||
|
provider = docker.unifi
|
||||||
|
task_spec {
|
||||||
|
container_spec {
|
||||||
|
image = "${data.docker_registry_image.unifi_controller.name}@${data.docker_registry_image.unifi_controller.sha256_digest}"
|
||||||
|
env = {
|
||||||
|
TZ = "Europe/Amsterdam"
|
||||||
|
}
|
||||||
|
mounts {
|
||||||
|
target = "/unifi"
|
||||||
|
source = "/home/techinc/unifi_restored_from_backup"
|
||||||
|
type = "bind"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
restart_policy {
|
||||||
|
condition = "any"
|
||||||
|
delay = "0s"
|
||||||
|
window = "0s"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
endpoint_spec {
|
||||||
|
ports {
|
||||||
|
target_port = 443
|
||||||
|
published_port = 444
|
||||||
|
publish_mode = "ingress"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
data "docker_registry_image" "http2https" {
|
data "docker_registry_image" "http2https" {
|
||||||
name = "articulate/http-to-https"
|
name = "articulate/http-to-https"
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,9 +7,9 @@ resource "docker_service" "video_bucket" {
|
||||||
container_spec {
|
container_spec {
|
||||||
image = "${data.docker_registry_image.video_bucket.name}@${data.docker_registry_image.video_bucket.sha256_digest}"
|
image = "${data.docker_registry_image.video_bucket.name}@${data.docker_registry_image.video_bucket.sha256_digest}"
|
||||||
configs {
|
configs {
|
||||||
config_id = docker_config.video_bucket_config.id
|
config_id = docker_config.video_bucket_config.id
|
||||||
config_name = docker_config.video_bucket_config.name
|
config_name = docker_config.video_bucket_config.name
|
||||||
file_name = "/app/.env"
|
file_name = "/app/.env"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
networks_advanced {
|
networks_advanced {
|
||||||
|
@ -22,8 +22,8 @@ resource "docker_service" "video_bucket" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
locals{
|
locals {
|
||||||
video_bucket_config = <<EOF
|
video_bucket_config = <<EOF
|
||||||
S3_ENDPOINT=http://s3.california.ti
|
S3_ENDPOINT=http://s3.california.ti
|
||||||
S3_BUCKET=video
|
S3_BUCKET=video
|
||||||
S3_KEY=Ipi5Xh1b2UgcGiLSLLpQ
|
S3_KEY=Ipi5Xh1b2UgcGiLSLLpQ
|
||||||
|
@ -31,8 +31,12 @@ S3_SECRET=E4xMwB44MT4tGLStJnZTwQbuDNHL1KR9M4I8taBT
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
resource "docker_config" "video_bucket_config" {
|
resource "docker_config" "video_bucket_config" {
|
||||||
name = "video_bucket_config_${substr(md5(local.video_bucket_config),0,7)}"
|
name = "video_bucket_config_${substr(md5(local.video_bucket_config), 0, 7)}"
|
||||||
data = base64encode(local.video_bucket_config)
|
data = base64encode(local.video_bucket_config)
|
||||||
|
lifecycle {
|
||||||
|
ignore_changes = [name]
|
||||||
|
create_before_destroy = true
|
||||||
|
}
|
||||||
}
|
}
|
||||||
module "videobucket_nginx_config" {
|
module "videobucket_nginx_config" {
|
||||||
# tflint-ignore: terraform_module_pinned_source
|
# tflint-ignore: terraform_module_pinned_source
|
||||||
|
|
49
vigil.tf
49
vigil.tf
|
@ -9,7 +9,15 @@ module "vigil_nginx_config" {
|
||||||
allow_non_ssl = true
|
allow_non_ssl = true
|
||||||
allow_ssl = false
|
allow_ssl = false
|
||||||
}
|
}
|
||||||
|
variable "telegram_token" {
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
variable "telegram_channel" {
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
variable "telegram_topic" {
|
||||||
|
type = string
|
||||||
|
}
|
||||||
module "vigil" {
|
module "vigil" {
|
||||||
source = "./modules/vigil"
|
source = "./modules/vigil"
|
||||||
monitored_services = {
|
monitored_services = {
|
||||||
|
@ -53,7 +61,7 @@ module "vigil" {
|
||||||
id = "backup"
|
id = "backup"
|
||||||
label = "Backup Server"
|
label = "Backup Server"
|
||||||
endpoints = [
|
endpoints = [
|
||||||
"icmp://backup.ti",
|
#"icmp://backup.ti", # ??? Doesn't work?
|
||||||
"tcp://backup.ti:22",
|
"tcp://backup.ti:22",
|
||||||
"http://backup.ti",
|
"http://backup.ti",
|
||||||
]
|
]
|
||||||
|
@ -73,24 +81,25 @@ module "vigil" {
|
||||||
id = "unifi-ap-mainspace"
|
id = "unifi-ap-mainspace"
|
||||||
label = "Unifi AP Mainspace"
|
label = "Unifi AP Mainspace"
|
||||||
endpoints = [
|
endpoints = [
|
||||||
"icmp://mainspace-ap.ti",
|
# "icmp://mainspace-ap.ti", # Painfully, ICMP said it was up when it was infact entirely unplugged. No ICMP for you.
|
||||||
|
"tcp://mainspace-ap.ti:22",
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
id = "unifi-ap-auxspace"
|
id = "unifi-ap-auxspace"
|
||||||
label = "Unifi AP Auxspace"
|
label = "Unifi AP Auxspace"
|
||||||
endpoints = [
|
endpoints = [
|
||||||
"icmp://auxspace-ap.ti",
|
# "icmp://auxspace-ap.ti", # Painfully, ICMP said it was up when it was infact entirely unplugged. No ICMP for you.
|
||||||
|
"tcp://auxspace-ap.ti:22",
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
id = "unifi-ap-toilets"
|
||||||
|
label = "Unifi AP Hallway/Toilets"
|
||||||
|
endpoints = [
|
||||||
|
"icmp://toilet-ap.ti",
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
#{
|
|
||||||
# id = "unifi-ap-hallway"
|
|
||||||
# label = "Unifi AP Hallway"
|
|
||||||
# endpoints = [
|
|
||||||
# "icmp://hallway-ap.ti",
|
|
||||||
# ]
|
|
||||||
#},
|
|
||||||
|
|
||||||
]
|
]
|
||||||
"Printers" = [
|
"Printers" = [
|
||||||
{
|
{
|
||||||
|
@ -135,9 +144,9 @@ module "vigil" {
|
||||||
id = "ansible"
|
id = "ansible"
|
||||||
label = "TechInc Ansible Server"
|
label = "TechInc Ansible Server"
|
||||||
endpoints = [
|
endpoints = [
|
||||||
"icmp://ansible.ti",
|
#"icmp://ansible.ti", # Doesn't work?
|
||||||
"tcp://ansible.ti:22",
|
"tcp://ansible.ti:22",
|
||||||
"http://ansible.ti"
|
#"http://ansible.ti", # Doesn't work?
|
||||||
]
|
]
|
||||||
http_method = "GET"
|
http_method = "GET"
|
||||||
},
|
},
|
||||||
|
@ -156,7 +165,7 @@ module "vigil" {
|
||||||
endpoints = [
|
endpoints = [
|
||||||
#"icmp://shardik.ti", # Doesn't work?
|
#"icmp://shardik.ti", # Doesn't work?
|
||||||
"tcp://shardik.ti:22",
|
"tcp://shardik.ti:22",
|
||||||
"http://shardik.ti"
|
"http://shardik.ti",
|
||||||
]
|
]
|
||||||
http_method = "GET"
|
http_method = "GET"
|
||||||
},
|
},
|
||||||
|
@ -164,8 +173,8 @@ module "vigil" {
|
||||||
id = "sip"
|
id = "sip"
|
||||||
label = "SIP"
|
label = "SIP"
|
||||||
endpoints = [
|
endpoints = [
|
||||||
"icmp://sip.ti",
|
#"icmp://sip.ti", # Doesn't work?
|
||||||
"http://sip.ti"
|
"http://sip.ti",
|
||||||
]
|
]
|
||||||
http_method = "GET"
|
http_method = "GET"
|
||||||
},
|
},
|
||||||
|
@ -203,4 +212,10 @@ module "vigil" {
|
||||||
docker_networks = [
|
docker_networks = [
|
||||||
docker_network.loadbalancer
|
docker_network.loadbalancer
|
||||||
]
|
]
|
||||||
|
notify_on_startup = true
|
||||||
|
notify_telegram = {
|
||||||
|
token = var.telegram_token
|
||||||
|
channel = var.telegram_channel
|
||||||
|
topic = var.telegram_topic
|
||||||
|
}
|
||||||
}
|
}
|
Loading…
Reference in a new issue