Compare commits

...

2 commits

8 changed files with 36 additions and 50 deletions

View file

@ -21,6 +21,7 @@ lint:
- trufflehog # Trufflehog duplicates gitleaks functionality. - trufflehog # Trufflehog duplicates gitleaks functionality.
- terrascan - terrascan
- trivy - trivy
- checkov
enabled: enabled:
- hadolint@2.12.0 - hadolint@2.12.0
- tflint@0.51.1 - tflint@0.51.1
@ -28,7 +29,6 @@ lint:
- markdownlint@0.41.0 - markdownlint@0.41.0
- taplo@0.8.1 - taplo@0.8.1
- actionlint@1.7.1 - actionlint@1.7.1
- checkov@3.2.156
- git-diff-check - git-diff-check
- prettier@3.3.2 - prettier@3.3.2
- yamllint@1.35.1 - yamllint@1.35.1

View file

@ -1,5 +1,3 @@
Grey's Docker Swarm does IAC # Grey's Docker Swarm does IAC
============================
Or: How I learned to stop worrying and love the swarm. Or: How I learned to stop worrying and love the swarm.

View file

@ -52,6 +52,7 @@ resource "docker_service" "minio" {
} }
module "minio_nginx_config" { module "minio_nginx_config" {
# tflint-ignore: terraform_module_pinned_source
source = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available" source = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available"
hostname = var.domain hostname = var.domain
//certificate = acme_certificate.ooo_grey["s3"] //certificate = acme_certificate.ooo_grey["s3"]

View file

@ -12,5 +12,9 @@ terraform {
source = "BrendanThompson/scratch" source = "BrendanThompson/scratch"
version = "~> 0.4" version = "~> 0.4"
} }
local = {
source = "hashicorp/local"
version = "~>2.1"
}
} }
} }

View file

@ -11,6 +11,7 @@ resource "docker_network" "loadbalancer" {
} }
module "nginx" { module "nginx" {
# tflint-ignore: terraform_module_pinned_source
source = "git::https://code.techinc.nl/grey/terraform-nginx.git" source = "git::https://code.techinc.nl/grey/terraform-nginx.git"
configs = concat( configs = concat(
module.minio.nginx_files, module.minio.nginx_files,

View file

@ -13,37 +13,25 @@ resource "docker_volume" "ender5plus" {
name = "ender5plus_config" name = "ender5plus_config"
} }
resource "docker_service" "ender5plus" { resource "docker_container" "ender5plus" {
image = "${docker_image.octoprint.name}:latest"
provider = docker.printi provider = docker.printi
name = "ender5plus" name = "ender5plus"
task_spec { env = [
container_spec { "ENABLE_MJPG_STREAMER=false"
image = "${docker_image.octoprint.name}:latest" ]
mounts { restart = "always"
target = "/octoprint" ports {
source = docker_volume.ender5plus.name internal = 80
type = "volume" external = 3000
}
mounts {
target = "/dev/ttyACM0"
source = "/dev/serial/by-id/usb-FTDI_FT232R_USB_UART_A602AFFK-if00-port0"
type = "bind"
}
env = {
#ENABLE_MJPG_STREAMER = "true"
}
}
restart_policy {
condition = "any"
delay = "20s"
window = "0s"
}
} }
endpoint_spec { devices {
ports { host_path = "/dev/serial/by-id/usb-FTDI_FT232R_USB_UART_A602AFFK-if00-port0"
target_port = 80 container_path = "/dev/ttyACM0"
published_port = 3000 }
publish_mode = "ingress" volumes {
} container_path = "/octoprint"
#host_path = docker_volume.ender5plus.name
volume_name = docker_volume.ender5plus.name
} }
} }

View file

@ -1,6 +1,6 @@
FROM octoprint/octoprint AS octoprint FROM octoprint/octoprint AS octoprint
RUN apt update -q && \ RUN apt-get update -q && \
apt install -yq \ apt-get install -yq --no-install-recommends \
cpulimit \ cpulimit \
sudo \ sudo \
curl wget \ curl wget \
@ -13,23 +13,16 @@ RUN apt update -q && \
FROM octoprint AS mjpg-streamer-builder FROM octoprint AS mjpg-streamer-builder
WORKDIR /build WORKDIR /build
RUN apt update -q && \ RUN apt-get update -q && \
apt install -yq unzip subversion apt-get install -yq --no-install-recommends \
unzip \
subversion
RUN curl -s -L https://github.com/pranjalv123/mjpg-streamer-yu12/archive/refs/heads/master.zip --output mjpeg-streamer-yu12.zip && \ RUN curl -s -L https://github.com/pranjalv123/mjpg-streamer-yu12/archive/refs/heads/master.zip --output mjpeg-streamer-yu12.zip && \
unzip -q mjpeg-streamer-yu12.zip unzip -q mjpeg-streamer-yu12.zip \
RUN cd mjpg-streamer-yu12-master/mjpg-streamer && \ WORKDIR /build/mjpg-streamer-yu12-master/mjpg-streamer
make && \ RUN make && \
ls -lah ls -lah
FROM octoprint AS octoprint-mjpg-streamer FROM octoprint AS octoprint-mjpg-streamer
COPY --from=mjpg-streamer-builder /build/mjpg-streamer-yu12-master/mjpg-streamer/mjpg_streamer /usr/local/bin/mjpg_streamer COPY --from=mjpg-streamer-builder /build/mjpg-streamer-yu12-master/mjpg-streamer/mjpg_streamer /usr/local/bin/mjpg_streamer
COPY --from=mjpg-streamer-builder /build/mjpg-streamer-yu12-master/mjpg-streamer/*.so /usr/local/lib/mjpg-streamer/ COPY --from=mjpg-streamer-builder /build/mjpg-streamer-yu12-master/mjpg-streamer/*.so /usr/local/lib/mjpg-streamer/
FROM octoprint AS octoklipper
RUN git clone https://github.com/Klipper3d/klipper.git klipper && \
cd klipper && \
git checkout master && \
rm .git -rf
RUN venv/bin/pip install -r klipper/scripts/klippy-requirements.txt \
&& venv/bin/python -m compileall klipper/klippy \
&& venv/bin/python klipper/klippy/chelper/__init__.py

View file

@ -1,4 +1,5 @@
module "vigil_nginx_config" { module "vigil_nginx_config" {
# tflint-ignore: terraform_module_pinned_source
source = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available" source = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available"
hostname = "vigil.california.ti" hostname = "vigil.california.ti"
//certificate = acme_certificate.ooo_grey["s3"] //certificate = acme_certificate.ooo_grey["s3"]