grey/IAC
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Compare commits

base: grey:main
Branches Tags
grey:main
grey:trunk-io/update-trunk
..
compare: grey:trunk-io/update-trunk
Branches Tags
grey:main
grey:trunk-io/update-trunk

1 commit
main ... trunk-io/u

Author SHA1 Message Date
gitea-actions
a14bb9d178 Upgrade trunk 2024-07-29 09:02:05 +00:00
38 changed files with 1158 additions and 323 deletions
Show stats Expand all files Collapse all files

3
.gitmodules vendored
View file

@ -1,3 +0,0 @@
[submodule "lib/grey.ooo"]
path = lib/grey.ooo
url = git@github.com:matthewbaggett/terraform_modules.git

120
.terraform.lock.hcl
View file

@ -1,29 +1,9 @@
# This file is maintained automatically by "terraform init". # This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates. # Manual edits may be lost in future updates.
provider "registry.terraform.io/aminueza/minio" {
version = "3.2.2"
constraints = "~> 3.0"
hashes = [
"h1:1IBJAWUwx76o5+vUdxRCEfOG38hcrEVu32Xn06l7sOI=",
"zh:171106917383c691eb6e46d26b903671d62f861d53198cc4aa4f8b6abc5d7d04",
"zh:22a3bed9a04b255de3c539756f077c0b47e99e92d4b69a54e57635bbb67c8914",
"zh:3b35fa6847193983b03779bab68fb63086fbb3063f0a2aea48d138bd9bf6d24d",
"zh:3ccd2be2c6cc687f9637e5e2f6b0485f7ca73b1a87dfc28af8b34c1db2080f96",
"zh:427e118f2b8910b98659bc97af298a4d9a6c2a984d5fe313b9675d1cd4b6392c",
"zh:46087196a742659b4610b536b99af46e6e58edd4a8d65daf7fc72e4a9ed9ef99",
"zh:5f3154e6c89ead21ef39970e6491c1c04ab9095421fa8853eb35c1d4be7e4cc6",
"zh:5ff726bf0edb3a647cf5e066ffdbe74bcd74f0945acbbb1e2d1afb201feeb72f",
"zh:60c968d6197562fc0ffc4662034e65413b31773307d780b78aec6e1da9c606ea",
"zh:e0d21146d38744be45e42e41ea12e5b99aff3a5a39e4b0e878de05f47ceb9e74",
"zh:e8b22688852eb58b4369ae282ba99ec80c955a9608d0f7d787324d7f487a3082",
"zh:f7213700753e0225c72314e9d6756ccdb2eae18c99e393f49af55aa8e0c71e56",
]
}
provider "registry.terraform.io/brendanthompson/scratch" { provider "registry.terraform.io/brendanthompson/scratch" {
version = "0.4.0" version = "0.4.0"
constraints = "0.4.0, ~> 0.4" constraints = "0.4.0"
hashes = [ hashes = [
"h1:MTVRrvKcbCMw67V+QMOWkHaH5W6wusaBwoB2e6HcELM=", "h1:MTVRrvKcbCMw67V+QMOWkHaH5W6wusaBwoB2e6HcELM=",
"zh:02de448b66fa61d39588dadb267698f361a3b681beb48d6576068923de600df7", "zh:02de448b66fa61d39588dadb267698f361a3b681beb48d6576068923de600df7",
@ -44,42 +24,42 @@ provider "registry.terraform.io/brendanthompson/scratch" {
} }
provider "registry.terraform.io/hashicorp/local" { provider "registry.terraform.io/hashicorp/local" {
version = "2.5.2" version = "2.5.1"
constraints = "~> 2.1" constraints = "~> 2.1"
hashes = [ hashes = [
"h1:JlMZD6nYqJ8sSrFfEAH0Vk/SL8WLZRmFaMUF9PJK5wM=", "h1:8oTPe2VUL6E2d3OcrvqyjI4Nn/Y/UEQN26WLk5O/B0g=",
"zh:136299545178ce281c56f36965bf91c35407c11897f7082b3b983d86cb79b511", "zh:0af29ce2b7b5712319bf6424cb58d13b852bf9a777011a545fac99c7fdcdf561",
"zh:3b4486858aa9cb8163378722b642c57c529b6c64bfbfc9461d940a84cd66ebea", "zh:126063ea0d79dad1f68fa4e4d556793c0108ce278034f101d1dbbb2463924561",
"zh:4855ee628ead847741aa4f4fc9bed50cfdbf197f2912775dd9fe7bc43fa077c0", "zh:196bfb49086f22fd4db46033e01655b0e5e036a5582d250412cc690fa7995de5",
"zh:4b8cd2583d1edcac4011caafe8afb7a95e8110a607a1d5fb87d921178074a69b", "zh:37c92ec084d059d37d6cffdb683ccf68e3a5f8d2eb69dd73c8e43ad003ef8d24",
"zh:52084ddaff8c8cd3f9e7bcb7ce4dc1eab00602912c96da43c29b4762dc376038", "zh:4269f01a98513651ad66763c16b268f4c2da76cc892ccfd54b401fff6cc11667",
"zh:71562d330d3f92d79b2952ffdda0dad167e952e46200c767dd30c6af8d7c0ed3", "zh:51904350b9c728f963eef0c28f1d43e73d010333133eb7f30999a8fb6a0cc3d8",
"zh:73a66611359b83d0c3fcba2984610273f7954002febb8a57242bbb86d967b635",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:805f81ade06ff68fa8b908d31892eaed5c180ae031c77ad35f82cb7a74b97cf4", "zh:7ae387993a92bcc379063229b3cce8af7eaf082dd9306598fcd42352994d2de0",
"zh:8b6b3ebeaaa8e38dd04e56996abe80db9be6f4c1df75ac3cccc77642899bd464", "zh:9e0f365f807b088646db6e4a8d4b188129d9ebdbcf2568c8ab33bddd1b82c867",
"zh:ad07750576b99248037b897de71113cc19b1a8d0bc235eb99173cc83d0de3b1b", "zh:b5263acbd8ae51c9cbffa79743fbcadcb7908057c87eb22fd9048268056efbc4",
"zh:b9f1c3bfadb74068f5c205292badb0661e17ac05eb23bfe8bd809691e4583d0e", "zh:dfcd88ac5f13c0d04e24be00b686d069b4879cc4add1b7b1a8ae545783d97520",
"zh:cc4cbcd67414fefb111c1bf7ab0bc4beb8c0b553d01719ad17de9a047adff4d1",
] ]
} }
provider "registry.terraform.io/hashicorp/random" { provider "registry.terraform.io/hashicorp/random" {
version = "3.6.3" version = "3.6.2"
constraints = "~> 3.3, ~> 3.5" constraints = "~> 3.3"
hashes = [ hashes = [
"h1:Fnaec9vA8sZ8BXVlN3Xn9Jz3zghSETIKg7ch8oXhxno=", "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=",
"zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451", "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec",
"zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8", "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53",
"zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe", "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114",
"zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1", "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad",
"zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36", "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b",
"zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e", "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916",
"zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30", "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150",
"zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615", "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544",
"zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad", "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7",
"zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556", "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af",
"zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0",
] ]
} }
@ -105,28 +85,6 @@ provider "registry.terraform.io/kreuzwerker/docker" {
] ]
} }
provider "registry.terraform.io/loafoe/htpasswd" {
version = "1.2.1"
constraints = "~> 1.0"
hashes = [
"h1:W1euQGM6t+QlB6Rq4fDbRKRHmeCIyYdIYdHrxL97BeE=",
"zh:14460c85ddc40a9ecadf583c22a7de91b83798a8ca4843949d50c3288c6f5bdd",
"zh:1af9416e28dd0a77c5d2c685561c4f60e19e2d606df0477ebc18eaa110c77807",
"zh:2245325864faaf027701ab12a04d641359a0dc439dd23c6e8f768407b78a5c18",
"zh:3813ff98198405d7c467565b52c7f0ad4533f43957da6390477dc898f8ed02c2",
"zh:3c0658e132232a181223f7ff65678d99cd2e8431c317f72281b67464e5e16892",
"zh:43505c0f42bc7635ec7c1fe5043c502f9b00ae4b5e74b81464bc494936643fc1",
"zh:52efdabb0abba99a33fd3ed981610f13c99bb383f94e997f90d95441d8558177",
"zh:75b5d9b4a610dfd0ff4dfb4039f61e79a0e56338e0a4cd45e0bc0edec34dfa62",
"zh:7aee5df091672d29f29dda57382a41d771fa21740cef6bb9a1b15afc6d84ffa4",
"zh:7ff618706e2953a21a22c7555e11f5cbe8e95c171704fcfdc6beedb0c25e49c0",
"zh:94e8a15c83a1a5a60ff1b58938dd9692d800fe05c5d8269e0916b5de03d89d3a",
"zh:c1ace4f322f9ec4956e4f30086da5b6a73f4d05e1266047d629b14a485c5a76d",
"zh:d4570075de49e3ee98494f7c44eab12e964c9776029ed536fd9352c3203cc635",
"zh:d99403b843de5939ea2e54b3ca46fd901d5c5b7fe34f44b8aeb8b38f4f792df6",
]
}
provider "registry.terraform.io/matthewbaggett/ssh" { provider "registry.terraform.io/matthewbaggett/ssh" {
version = "0.1.0" version = "0.1.0"
constraints = "~> 0.1.0" constraints = "~> 0.1.0"
@ -148,25 +106,3 @@ provider "registry.terraform.io/matthewbaggett/ssh" {
"zh:d2f7677b7b27ae80395bc4e7606cb25fb1c84770a1b6a7042dcc6b92558c7d1b", "zh:d2f7677b7b27ae80395bc4e7606cb25fb1c84770a1b6a7042dcc6b92558c7d1b",
] ]
} }
provider "registry.terraform.io/telmate/proxmox" {
version = "2.9.14"
constraints = "~> 2.9"
hashes = [
"h1:H/f+LbVyPOLslHLAYnGuMMRqWFZ65K6E3V+MCYgfAyk=",
"zh:0d049d33f705e5b814d30028770c084151218439424e99684ce31d7e26a720b5",
"zh:20b1c64ed56d81de95f3f37b82b45b4654c0de26670c0e87a474c5cce13cd015",
"zh:2946058abd1d8e50e475b9ec39781eb02576b40dbd80f4653fade4493a4514c6",
"zh:29e50a25c456f040ce072f23ac57b5b82ebd3b916ca5ae6688332b5ec62adc4a",
"zh:3612932306ce5f08db94868f526cbb8c56d0d3c6ebe1c11a83f92bbf94354296",
"zh:42d1699b0abebaac82ea5a19f4393541d8bb2741bde204a8ac1028cdc29d1b14",
"zh:5ffd5dc567262eb8aafdf2f6eac63f7f21361da9c5d75a3c36b479638a0001b0",
"zh:6692ef323e3b89de99934ad731f6a1850525bf8142916ae28ea4e4048d73a787",
"zh:a5afc98e9a4038516bb58e788cb77dea67a60dce780dfcd206d7373c5a56b776",
"zh:bf902cded709d84fa27fbf91b589c241f2238a6c4924e4e479eebd74320b93a5",
"zh:cab0e1e72c9cebcf669fc6f35ec28cb8ab2dffb0237afc8860aa40d23bf8a49f",
"zh:e523b99a48beec83d9bc04b2d336266044f9f53514cefb652fe6768611847196",
"zh:f593915e8a24829d322d2eaeedcb153328cf9042f0d84f66040dde1be70ede04",
"zh:fba1aff541133e2129dfda0160369635ab48503d5c44b8407ce5922ecc15d0bd",
]
}

37
.trunk/trunk.yaml
View file

@ -2,18 +2,18 @@
# To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml # To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml
version: 0.1 version: 0.1
cli: cli:
version: 1.22.8 version: 1.22.2
# Trunk provides extensibility via plugins. (https://docs.trunk.io/plugins) # Trunk provides extensibility via plugins. (https://docs.trunk.io/plugins)
plugins: plugins:
sources: sources:
- id: trunk - id: trunk
ref: v1.6.6 ref: v1.6.1
uri: https://github.com/trunk-io/plugins uri: https://github.com/trunk-io/plugins
# Many linters and tools depend on runtimes - configure them here. (https://docs.trunk.io/runtimes) # Many linters and tools depend on runtimes - configure them here. (https://docs.trunk.io/runtimes)
runtimes: runtimes:
enabled: enabled:
- go@1.21.0 - go@1.21.0
- node@18.20.5 - node@18.12.1
- python@3.10.8 - python@3.10.8
# This is the section where you manage your linters. (https://docs.trunk.io/check/configuration) # This is the section where you manage your linters. (https://docs.trunk.io/check/configuration)
lint: lint:
@ -23,14 +23,14 @@ lint:
- trivy - trivy
- checkov - checkov
enabled: enabled:
- hadolint@2.12.1-beta - hadolint@2.12.0
- tflint@0.54.0 - tflint@0.52.0
- gitleaks@8.22.1 - gitleaks@8.18.4
- markdownlint@0.43.0 - markdownlint@0.41.0
- taplo@0.9.3 - taplo@0.9.2
- actionlint@1.7.6 - actionlint@1.7.1
- git-diff-check - git-diff-check
- prettier@3.4.2 - prettier@3.3.3
- yamllint@1.35.1 - yamllint@1.35.1
definitions: definitions:
- name: markdownlint - name: markdownlint
@ -45,15 +45,16 @@ actions:
- trunk-upgrade-available - trunk-upgrade-available
tools: tools:
enabled: enabled:
- tfupdate@0.8.5 - tfupdate@0.8.2
- gh@2.65.0 - gh@2.49.2
- jq@jq-1.7.1 - jq@jq-1.7.1
- yq@4.44.6 - yq@4.44.1
- awscli@1.36.35 - awscli@1.33.31
- action-validator@0.6.0 - action-validator@0.6.0
- act@0.2.71 - act@0.2.63
- shellcheck@0.10.0 - shellcheck@0.10.0
- hadolint@2.12.1-beta - hadolint@2.12.0
- tofu@1.7.2
- trunk-toolbox@0.3.2 - trunk-toolbox@0.3.2
- tflint@0.54.0 - tflint@0.52.0
- terraform@1.10.4 - terraform@1.9.0

16
Makefile
View file

@ -1,16 +0,0 @@
SHELL := /bin/bash
.SILENT: up clear fmt init apply
.PHONY: up clear fmt init apply
all: up
clear:
clear
fmt:
terraform fmt -recursive .
init:
terraform init -upgrade
apply:
terraform apply \
-target module.traefik \
-target module.headscale \
-target module.portainer
up: clear fmt init apply

6
provider.docker.tf → docker.tf
View file

@ -1,5 +1,5 @@
provider "docker" { provider "docker" {
host = "tcp://${data.ssh_tunnel.management.local.address}" host = "ssh://california.ti"
registry_auth { registry_auth {
address = "docker.io" address = "docker.io"
username = "matthewbaggett" username = "matthewbaggett"
@ -7,7 +7,7 @@ provider "docker" {
} }
} }
/*provider "docker" { provider "docker" {
alias = "printi" alias = "printi"
host = "ssh://prin.ti" host = "ssh://prin.ti"
registry_auth { registry_auth {
@ -15,7 +15,7 @@ provider "docker" {
username = "matthewbaggett" username = "matthewbaggett"
password = "dckr_pat_6ytcZqdfqRXzFYe5GUh79RfH1Hw" password = "dckr_pat_6ytcZqdfqRXzFYe5GUh79RfH1Hw"
} }
}*/ }
provider "docker" { provider "docker" {
alias = "unifi" alias = "unifi"

19
inputs.tf
View file

@ -1,19 +0,0 @@
variable "base_domain" {
description = "The base domain for the stack"
type = string
default = "cluster.grey.ooo"
}
variable "acme_email" {
description = "The email address to use for ACME registration"
type = string
}
variable "treafik_defaults" {
type = object({
ssl = bool
non-ssl = bool
})
default = {
ssl = true
non-ssl = false
}
}

1
lib/grey.ooo

@ -1 +0,0 @@
Subproject commit 0c1b34c382eda5726554b64ee1bd50a92dc2c564

8
minio.tf Normal file
View file

@ -0,0 +1,8 @@
module "minio" {
source = "./modules/minio"
domain = "s3.california.ti"
network = docker_network.loadbalancer
storage_path = "/media/storage/minio"
admin_username = "techinc"
expose_ports = true
}

44
mitmproxy.tf_ Normal file
View file

@ -0,0 +1,44 @@
data "docker_registry_image" "mitmproxy" {
name = "ghcr.io/benzine-framework/mitmproxy:10.1.1"
}
resource "docker_service" "mitmproxy" {
name = "mitmproxy"
task_spec {
container_spec {
image = "${data.docker_registry_image.mitmproxy.name}@${data.docker_registry_image.mitmproxy.sha256_digest}"
command = [
"mitmweb",
"--web-host", "0.0.0.0",
"--web-port", "8081",
#"--listen-host", "0.0.0.0",
#"--listen-port", "8080",
"--ssl-insecure",
]
#healthcheck {
# test = ["CMD-SHELL", " curl -I -x http://localhost:8080 -k http://172.17.0.1 || exit 1"]
# start_period = "10s"
# interval = "10s"
# timeout = "5s"
# retries = 5
#}
}
restart_policy {
condition = "any"
delay = "0s"
window = "0s"
}
}
endpoint_spec {
ports {
target_port = 8081
published_port = 8081
publish_mode = "ingress"
}
ports {
target_port = 8080
published_port = 8080
publish_mode = "ingress"
}
}
}

25
modules/minio/inputs.tf Normal file
View file

@ -0,0 +1,25 @@
variable "admin_username" {
type = string
description = "The username of the admin user"
default = "admin"
}
variable "domain" {
type = string
description = "The domain name of the minio instance"
}
variable "network" {
type = object({
id = string
name = string
})
description = "The network to attach the minio service to"
}
variable "storage_path" {
type = string
description = "The path to the storage directory to use"
}
variable "expose_ports" {
type = bool
description = "Expose the minio ports to the outside world"
default = false
}

86
modules/minio/minio.tf Normal file
View file

@ -0,0 +1,86 @@
data "docker_registry_image" "minio" {
name = "quay.io/minio/minio:latest"
}
resource "random_password" "minio_password" {
length = 32
special = false
}
locals {
SERVER_URL = "http://${var.domain}"
UI_URL = "http://${var.domain}/ui/"
}
resource "docker_service" "minio" {
name = "minio"
task_spec {
container_spec {
image = "${data.docker_registry_image.minio.name}@${data.docker_registry_image.minio.sha256_digest}"
command = ["minio", "server", "/data", ]
env = {
MINIO_ADDRESS = "0.0.0.0:9000"
MINIO_CONSOLE_ADDRESS = "0.0.0.0:9001"
MINIO_ROOT_USER = var.admin_username
MINIO_ROOT_PASSWORD = random_password.minio_password.result
MINIO_SERVER_URL = local.SERVER_URL
MINIO_BROWSER_REDIRECT_URL = local.UI_URL
MINIO_BROWSER_REDIRECT = true
MINIO_API_ROOT_ACCESS = "on"
}
mounts {
target = "/data"
source = var.storage_path
type = "bind"
read_only = false
}
}
networks_advanced {
name = var.network.id
}
placement {
platforms {
architecture = "amd64"
os = "linux"
}
}
}
update_config {
parallelism = 1
order = "stop-first"
}
dynamic "endpoint_spec" {
for_each = var.expose_ports ? toset(["aw yis"]) : toset([])
content {
ports {
target_port = 9000
published_port = 9000
publish_mode = "ingress"
}
ports {
target_port = 9001
published_port = 9001
publish_mode = "ingress"
}
}
}
}
module "minio_nginx_config" {
# tflint-ignore: terraform_module_pinned_source
source = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available"
hostname = var.domain
//certificate = acme_certificate.ooo_grey["s3"]
service_name = "minio_s3"
upstream_host = "${docker_service.minio.name}:9000"
config_prefix = "nginx"
extra_upstreams = [
{
name = "minio_ui",
servers = ["${docker_service.minio.name}:9001"]
}
]
extra_locations = file("${path.module}/minio_nginx_extra.conf")
allow_non_ssl = true
allow_ssl = false
}

25
modules/minio/minio_nginx_extra.conf Normal file
View file

@ -0,0 +1,25 @@
location /ui/ {
rewrite ^/ui/(.*) /$1 break;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
# This is necessary to pass the correct IP to be hashed
real_ip_header X-Real-IP;
proxy_connect_timeout 300;
# To support websockets in MinIO versions released after January 2023
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
# Uncomment the following line to set the Origin request to an empty string
# proxy_set_header Origin '';
chunked_transfer_encoding off;
proxy_pass http://minio_ui;
}

15
modules/minio/outputs.tf Normal file
View file

@ -0,0 +1,15 @@
output "auth" {
value = {
user = var.admin_username
password = nonsensitive(random_password.minio_password.result)
}
}
output "domain" {
value = local.SERVER_URL
}
output "storage_path" {
value = var.storage_path
}
output "nginx_files" {
value = module.minio_nginx_config.files
}

12
modules/minio/terraform.tf Normal file
View file

@ -0,0 +1,12 @@
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "~>3.0"
}
random = {
source = "hashicorp/random"
version = "~>3.3"
}
}
}

33
modules/vigil/configuration.tf Normal file
View file

@ -0,0 +1,33 @@
locals {
services_toml = [
for service_group, services in var.monitored_services : templatefile("${path.module}/vigil.service.toml.tpl", {
service_group_id = service_group
service_group_label = service_group
services = services
})
]
vigil_toml = templatefile("${path.module}/vigil.toml.tpl", {
manager_token = random_password.token["manager"].result
reporter_token = random_password.token["worker"].result
page_title = var.page_title
page_url = var.page_url
company_name = var.company_name
icon_color = var.icon_color
icon_url = var.icon_url
logo_color = var.logo_color
logo_url = var.logo_url
website_url = var.website_url
support_url = var.support_url
custom_html = var.custom_html
services = local.services_toml
startup_notification = var.notify_on_startup
telegram_enable = var.notify_telegram.token == "" ? "# " : "" // Disable telegram if token is not set
telegram_bot_token = var.notify_telegram.token
telegram_chat_id = var.notify_telegram.channel
})
vigil_toml_checksum = md5(local.vigil_toml)
}
resource "local_file" "vigil_toml" {
filename = "${path.root}/.debug/vigil.toml"
content = local.vigil_toml
}

92
modules/vigil/inputs.tf Normal file
View file

@ -0,0 +1,92 @@
variable "vigil_version" {
type = string
description = "The version of Vigil to deploy"
default = "v1.26.3"
}
variable "vigil_service_name" {
type = string
description = "The name of the Vigil service"
default = "vigil"
}
variable "docker_networks" {
type = list(object({
id = string,
name = string,
}))
description = "Docker networks to connect the vigil service to"
default = null
}
variable "notify_on_startup" {
type = bool
description = "Whether to send a startup notifications"
default = false
}
variable "notify_telegram" {
type = object({
token = string
channel = string
topic = optional(string, null)
})
description = "Telegram configuration"
default = null
}
variable "monitored_services" {
type = map(list(object({
id = string
label = string
endpoints = list(string)
http_method = optional(string, null)
http_status_healthy_below = optional(number, 400)
http_status_healthy_above = optional(number, 200)
})))
}
variable "page_title" {
type = string
description = "The title of the Vigil page"
default = "Vigil"
}
variable "page_url" {
type = string
description = "The URL of the Vigil page"
default = "https://vigil.example.com"
}
variable "company_name" {
type = string
description = "The name of the company"
default = "ExampleCo"
}
variable "icon_color" {
type = string
description = "The color of the icon"
default = "#1972F5"
}
variable "icon_url" {
type = string
description = "The URL of the icon"
default = "https://example.com/icon.png"
}
variable "logo_color" {
type = string
description = "The color of the logo"
default = "#1972F5"
}
variable "logo_url" {
type = string
description = "The URL of the logo"
default = "https://example.com/logo.png"
}
variable "website_url" {
type = string
description = "The URL of the website"
default = "https://example.com"
}
variable "support_url" {
type = string
description = "The URL of the support page"
default = "https://example.com/support"
}
variable "custom_html" {
type = string
description = "Custom HTML to include in the Vigil page"
default = ""
}

3
modules/vigil/outputs.tf Normal file
View file

@ -0,0 +1,3 @@
output "docker_service_name" {
value = docker_service.vigil.name
}

20
modules/vigil/terraform.tf Normal file
View file

@ -0,0 +1,20 @@
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "~>3.0"
}
random = {
source = "hashicorp/random"
version = "~>3.3"
}
scratch = {
source = "BrendanThompson/scratch"
version = "~> 0.4"
}
local = {
source = "hashicorp/local"
version = "~>2.1"
}
}
}

26
modules/vigil/vigil.service.toml.tpl Normal file
View file

@ -0,0 +1,26 @@
[[probe.service]]
id = "${service_group_id}"
label = "${service_group_label}"
%{ for service in services ~}
[[probe.service.node]]
id = "${service.id}"
label = "${service.label}"
mode = "poll"
reveal_replica_name = true
%{ if service.http_method != null ~}
http_method = "${service.http_method}"
%{ endif ~}
%{ if service.http_status_healthy_above != null ~}
poll_http_status_healthy_above = ${service.http_status_healthy_above}
%{ endif ~}
%{ if service.http_status_healthy_below != null ~}
poll_http_status_healthy_below = ${service.http_status_healthy_below}
%{ endif ~}
replicas = [
%{ for endpoint in service.endpoints ~}
"${endpoint}",
%{ endfor ~}
]
%{ endfor }

69
modules/vigil/vigil.tf Normal file
View file

@ -0,0 +1,69 @@
resource "random_password" "token" {
for_each = toset(["manager", "worker"])
length = 32
special = false
}
data "docker_registry_image" "vigil" {
name = "valeriansaliou/vigil:${var.vigil_version}"
}
resource "docker_service" "vigil" {
name = lower(var.vigil_service_name)
task_spec {
container_spec {
image = "${data.docker_registry_image.vigil.name}@${data.docker_registry_image.vigil.sha256_digest}"
healthcheck {
#test = ["CMD-SHELL", "wget -q --no-verbose --tries=1 --spider http://localhost:8080/ || exit 1"]
#interval = "10s"
#timeout = "10s"
#retries = 3
#start_period = "1m"
# Disable healtcheck
test = ["NONE"]
}
configs {
config_id = docker_config.vigil.id
config_name = docker_config.vigil.name
file_name = "/etc/vigil.cfg"
}
}
dynamic "networks_advanced" {
for_each = var.docker_networks
content {
name = networks_advanced.value.id
}
}
restart_policy {
condition = "any"
delay = "20s"
window = "0s"
}
}
#converge_config {
# delay = "5s"
# timeout = "2m"
#}
update_config {
order = "stop-first"
parallelism = 1
}
endpoint_spec {
ports {
target_port = 8080
publish_mode = "ingress"
}
}
}
resource "random_id" "vigil_iter" {
byte_length = 4
keepers = {
checksum = local.vigil_toml_checksum
}
}
resource "docker_config" "vigil" {
name = lower(join("-", [var.vigil_service_name, random_id.vigil_iter.hex]))
data = sensitive(base64encode(local.vigil_toml)) // I have marked this as sensitive just so it wont spam the hell out of the terminal with a wall of text. Its not actually sensitive.
lifecycle {
ignore_changes = [name]
create_before_destroy = true
}
}

70
modules/vigil/vigil.toml.tpl Normal file
View file

@ -0,0 +1,70 @@
# Vigil
# Microservices Status Page
# Configuration file
# Example: https://github.com/valeriansaliou/vigil/blob/master/config.cfg
[server]
log_level = "debug"
inet = "0.0.0.0:8080"
workers = 4
manager_token = "${manager_token}"
reporter_token = "${reporter_token}"
[assets]
path = "./res/assets/"
[branding]
page_title = "${page_title}"
page_url = "${page_url}"
company_name = "${company_name}"
icon_color = "${icon_color}"
icon_url = "${icon_url}"
logo_color = "${logo_color}"
logo_url = "${logo_url}"
website_url = "${website_url}"
support_url = "${support_url}"
custom_html = "${custom_html}"
[metrics]
poll_interval = 15
poll_retry = 2
poll_http_status_healthy_above = 200
poll_http_status_healthy_below = 400
poll_delay_dead = 10
poll_delay_sick = 5
poll_parallelism = 4
push_delay_dead = 20
push_system_cpu_sick_above = 0.90
push_system_ram_sick_above = 0.90
script_interval = 300
script_parallelism = 2
local_delay_dead = 40
[plugins]
[plugins.rabbitmq]
api_url = "http://127.0.0.1:15672"
auth_username = "rabbitmq-administrator"
auth_password = "RABBITMQ_ADMIN_PASSWORD"
virtualhost = "crisp"
queue_ready_healthy_below = 500
queue_nack_healthy_below = 100
queue_ready_dead_above = 20000
queue_nack_dead_above = 5000
queue_loaded_retry_delay = 500
[notify]
startup_notification = ${startup_notification}
reminder_interval = 600
reminder_backoff_function = "linear"
reminder_backoff_limit = 3
${telegram_enable}[notify.telegram]
${telegram_enable}bot_token = "${telegram_bot_token}"
${telegram_enable}chat_id = "${telegram_chat_id}"
[probe]
%{ for service in services ~}
${service}
%{ endfor ~}

387
netbox.tf_ Normal file
View file

@ -0,0 +1,387 @@
# Docker images in use
data "docker_registry_image" "netbox" {
name = "netboxcommunity/netbox:v4.0-2.9.1"
}
data "docker_registry_image" "netbox_postgres" {
name = "postgres:16-alpine"
}
data "docker_registry_image" "netbox_redis" {
name = "redis:7-alpine"
}
# Docker Network
resource "docker_network" "netbox" {
name = "netbox"
driver = "overlay"
attachable = true
ipam_driver = "default"
}
# Docker Volumes
resource "docker_volume" "netbox_config" {
name = "netbox_config"
}
resource "docker_volume" "netbox_media" {
name = "netbox_media"
}
resource "docker_volume" "netbox_reports" {
name = "netbox_reports"
}
resource "docker_volume" "netbox_scripts" {
name = "netbox_scripts"
}
resource "docker_volume" "netbox_database" {
name = "netbox_database"
}
resource "docker_volume" "netbox_redis" {
name = "netbox_redis"
}
resource "docker_volume" "netbox_cache" {
name = "netbox_cache"
}
# Configs
resource "random_password" "postgres_password" {
length = 32
special = false
}
resource "random_password" "redis_password" {
length = 32
special = false
}
resource "random_password" "redis_cache_password" {
length = 32
special = false
}
resource "random_password" "secret_key" {
length = 50
special = false
}
locals {
netbox_conf = {
CORS_ORIGIN_ALLOW_ALL = true
DB_HOST = docker_service.netbox_postgres.name
DB_NAME = "netbox"
DB_PASSWORD = nonsensitive(random_password.postgres_password.result)
DB_USER = "netbox"
EMAIL_FROM = "netbox@bar.com"
EMAIL_PASSWORD = ""
EMAIL_PORT = 25
EMAIL_SERVER = "localhost"
EMAIL_SSL_CERTFILE = ""
EMAIL_SSL_KEYFILE = ""
EMAIL_TIMEOUT = 5
EMAIL_USERNAME = "netbox"
# EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`!
EMAIL_USE_SSL = "false"
EMAIL_USE_TLS = "false"
GRAPHQL_ENABLED = "true"
HOUSEKEEPING_INTERVAL = 86400
MEDIA_ROOT = "/opt/netbox/netbox/media"
METRICS_ENABLED = "false"
REDIS_DATABASE = 0
REDIS_HOST = docker_service.netbox_redis.name
REDIS_INSECURE_SKIP_TLS_VERIFY = "false"
//REDIS_PASSWORD = nonsensitive(random_password.redis_password.result)
REDIS_SSL = "false"
REDIS_CACHE_DATABASE = 1
REDIS_CACHE_HOST = docker_service.netbox_redis_cache.name
REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY = "false"
//REDIS_CACHE_PASSWORD = nonsensitive(random_password.redis_cache_password.result)
REDIS_CACHE_SSL = "false"
RELEASE_CHECK_URL = "https://api.github.com/repos/netbox-community/netbox/releases"
SECRET_KEY = nonsensitive(random_password.secret_key.result)
SKIP_SUPERUSER = "true"
WEBHOOKS_ENABLED = "true"
}
}
# Services
resource "docker_service" "netbox" {
name = "netbox-app"
task_spec {
container_spec {
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
user = "unit:root"
env = local.netbox_conf
healthcheck {
test = ["CMD-SHELL", "curl -f http://localhost:8080/login/ || exit 1"]
interval = "15s"
timeout = "3s"
start_period = "2m"
}
mounts {
target = "/etc/netbox/config"
type = "volume"
source = docker_volume.netbox_config.name
}
mounts {
target = "/opt/netbox/netbox/media"
type = "volume"
source = docker_volume.netbox_media.name
}
mounts {
target = "/opt/netbox/netbox/reports"
type = "volume"
source = docker_volume.netbox_reports.name
}
mounts {
target = "/opt/netbox/netbox/scripts"
type = "volume"
source = docker_volume.netbox_scripts.name
}
}
networks_advanced {
name = docker_network.loadbalancer.id
}
networks_advanced {
name = docker_network.netbox.id
}
restart_policy {
condition = "any"
delay = "0s"
window = "0s"
}
}
endpoint_spec {
ports {
protocol = "tcp"
publish_mode = "ingress"
target_port = 8080
}
}
converge_config {
timeout = "2m"
}
depends_on = [
docker_service.netbox_postgres,
docker_service.netbox_redis,
docker_service.netbox_redis_cache,
]
}
resource "docker_service" "netbox_worker" {
name = "netbox-worker"
task_spec {
container_spec {
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
user = "unit:root"
env = local.netbox_conf
command = ["/opt/netbox/venv/bin/python", "/opt/netbox/netbox/manage.py", "rqworker", ]
healthcheck {
test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q rqworker || exit 1"]
interval = "15s"
timeout = "3s"
start_period = "20s"
}
mounts {
target = "/etc/netbox/config"
type = "volume"
source = docker_volume.netbox_config.name
}
mounts {
target = "/opt/netbox/netbox/media"
type = "volume"
source = docker_volume.netbox_media.name
}
mounts {
target = "/opt/netbox/netbox/reports"
type = "volume"
source = docker_volume.netbox_reports.name
}
mounts {
target = "/opt/netbox/netbox/scripts"
type = "volume"
source = docker_volume.netbox_scripts.name
}
}
networks_advanced {
name = docker_network.netbox.id
}
restart_policy {
condition = "any"
delay = "0s"
window = "0s"
}
}
converge_config {
timeout = "2m"
}
depends_on = [
docker_service.netbox
]
}
resource "docker_service" "netbox_housekeeping" {
name = "netbox-housekeeping"
task_spec {
container_spec {
image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
user = "unit:root"
env = local.netbox_conf
command = ["/opt/netbox/housekeeping.sh", ]
healthcheck {
test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q housekeeping || exit 1"]
interval = "15s"
timeout = "3s"
start_period = "20s"
}
mounts {
target = "/etc/netbox/config"
type = "volume"
source = docker_volume.netbox_config.name
}
mounts {
target = "/opt/netbox/netbox/media"
type = "volume"
source = docker_volume.netbox_media.name
}
mounts {
target = "/opt/netbox/netbox/reports"
type = "volume"
source = docker_volume.netbox_reports.name
}
mounts {
target = "/opt/netbox/netbox/scripts"
type = "volume"
source = docker_volume.netbox_scripts.name
}
}
networks_advanced {
name = docker_network.netbox.id
}
restart_policy {
condition = "any"
delay = "0s"
window = "0s"
}
}
converge_config {
timeout = "2m"
}
depends_on = [
docker_service.netbox
]
}
# Netbox Postgres Database
resource "docker_service" "netbox_postgres" {
name = "netbox-postgres"
task_spec {
container_spec {
image = "${data.docker_registry_image.netbox_postgres.name}@${data.docker_registry_image.netbox_postgres.sha256_digest}"
mounts {
target = "/var/lib/postgresql/data"
type = "volume"
source = docker_volume.netbox_database.name
}
env = {
POSTGRES_DB = "netbox"
POSTGRES_USER = "netbox"
POSTGRES_PASSWORD = random_password.postgres_password.result
}
}
networks_advanced {
name = docker_network.netbox.id
}
restart_policy {
condition = "any"
delay = "0s"
window = "0s"
}
}
converge_config {
timeout = "2m"
}
}
# Netbox Redis
resource "docker_service" "netbox_redis" {
name = "netbox-redis"
task_spec {
container_spec {
image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}"
command = [
"sh", "-c",
"redis-server",
"--appendonly", "yes",
//"--requirepass", nonsensitive(random_password.redis_password.result),
]
mounts {
target = "/data"
type = "volume"
source = docker_volume.netbox_redis.name
}
healthcheck {
test = ["CMD", "sh", "-c", "redis-cli", "PING"]
interval = "5s"
timeout = "3s"
}
}
networks_advanced {
name = docker_network.netbox.id
}
restart_policy {
condition = "any"
delay = "0s"
window = "0s"
}
}
converge_config {
timeout = "2m"
}
}
resource "docker_service" "netbox_redis_cache" {
name = "netbox-redis-cache"
task_spec {
container_spec {
image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}"
command = [
"sh", "-c",
"redis-server",
//"--requirepass", nonsensitive(random_password.redis_cache_password.result),
]
mounts {
target = "/data"
type = "volume"
source = docker_volume.netbox_cache.name
}
healthcheck {
test = ["CMD", "sh", "-c", "redis-cli", "PING"]
interval = "5s"
timeout = "3s"
}
}
networks_advanced {
name = docker_network.netbox.id
}
restart_policy {
condition = "any"
delay = "0s"
window = "0s"
}
}
converge_config {
timeout = "2m"
}
}
# Set up some nginx bits for it
module "netbox_nginx_config" {
# tflint-ignore: terraform_module_pinned_source
source = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available"
hostname = "netbox.california.ti"
//certificate = acme_certificate.ooo_grey["s3"]
service_name = docker_service.netbox.name
upstream_host = "${docker_service.netbox.name}:8080"
config_prefix = "nginx"
allow_non_ssl = true
allow_ssl = false
depends_on = [
docker_service.netbox
]
}

27
nginx.tf Normal file
View file

@ -0,0 +1,27 @@
resource "docker_network" "loadbalancer" {
name = "loadbalancer"
driver = "overlay"
attachable = true
ipam_driver = "default"
ipam_config {
aux_address = {}
subnet = "172.16.0.0/16"
gateway = "172.16.0.1"
}
}
module "nginx" {
# tflint-ignore: terraform_module_pinned_source
source = "git::https://code.techinc.nl/grey/terraform-nginx.git"
configs = concat(
module.minio.nginx_files,
module.vigil_nginx_config.files,
module.videobucket_nginx_config.files,
//module.netbox_nginx_config.files,
module.orcaslicer_nginx_config.files,
)
networks = [
docker_network.loadbalancer,
]
replicas = 2
}

50
orca-slicer.tf Normal file
View file

@ -0,0 +1,50 @@
data "docker_registry_image" "orcaslicer" {
name = "lscr.io/linuxserver/orcaslicer:latest"
}
resource "docker_volume" "orcaslicer" {
name = "orcaslicer_config"
}
resource "docker_service" "orcaslicer" {
name = "orcaslicer"
task_spec {
container_spec {
image = "${data.docker_registry_image.orcaslicer.name}@${data.docker_registry_image.orcaslicer.sha256_digest}"
env = {
PUID = 1000
PGID = 1000
TZ = "Europe/Amsterdam"
}
mounts {
target = "/config"
type = "volume"
source = docker_volume.orcaslicer.name
}
}
networks_advanced {
name = docker_network.loadbalancer.id
}
restart_policy {
condition = "any"
delay = "0s"
window = "0s"
}
}
endpoint_spec {
ports {
target_port = 3000
published_port = 3000
publish_mode = "ingress"
}
}
}
module "orcaslicer_nginx_config" {
# tflint-ignore: terraform_module_pinned_source
source = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available"
hostname = "orca.california.ti"
//certificate = acme_certificate.ooo_grey["s3"]
service_name = docker_service.orcaslicer.name
upstream_host = "${docker_service.orcaslicer.name}:3000"
config_prefix = "nginx"
allow_non_ssl = true
allow_ssl = false
}

4
output.tf Normal file
View file

@ -0,0 +1,4 @@
output "minio" {
value = module.minio
}

42
printers.tf Normal file
View file

@ -0,0 +1,42 @@
resource "docker_image" "octoprint" {
provider = docker.printi
name = "octoprint"
build {
context = "${path.module}/printers"
target = "octoprint-mjpg-streamer"
tag = ["ti-octoprint:latest"]
}
}
resource "docker_volume" "ender5plus" {
provider = docker.printi
name = "ender5plus_config"
}
resource "scratch_string" "arse" {
in = yamlencode(docker_image.octoprint)
}
resource "docker_container" "ender5plus" {
image = docker_image.octoprint.image_id
provider = docker.printi
name = "ender5plus"
env = [
"ENABLE_MJPG_STREAMER=false"
]
network_mode = "bridge"
restart = "always"
ports {
internal = 80
external = 3000
}
devices {
host_path = "/dev/serial/by-id/usb-FTDI_FT232R_USB_UART_A602AFFK-if00-port0"
container_path = "/dev/ttyACM0"
permissions = "rwm"
}
volumes {
container_path = "/octoprint"
#host_path = docker_volume.ender5plus.name
volume_name = docker_volume.ender5plus.name
}
}

11
provider.ssh.tf
View file

@ -1,11 +0,0 @@
provider "ssh" {
server = { host = "cluster.grey.ooo", port = 22 }
user = "geusebio"
auth = { private_key = { content = try(file("~/.ssh/keys/exploding_bolts_2_rsa"), "") } }
}
data "ssh_tunnel" "management" {
connection_name = "management"
remote = {
socket = "/var/run/docker.sock"
}
}

13
service.headscale.tf
View file

@ -1,13 +0,0 @@
module "headscale" {
#source = "github.com/matthewbaggett/terraform_modules//products/headscale"
source = "./lib/grey.ooo/products/headscale"
#depends_on = [module.traefik]
stack_name = "headscale"
placement_constraints = ["node.hostname == Passing-by-and-thought-id-drop-in"]
#traefik = merge(var.treafik_defaults, { domain = "s3.${var.base_domain}" })
domain = "headscale.${var.base_domain}"
}
output "headscale" {
value = module.headscale
}

15
service.minio.tf
View file

@ -1,15 +0,0 @@
module "minio" {
#source = "github.com/matthewbaggett/terraform_modules//products/minio"
source = "./lib/grey.ooo/products/minio"
depends_on = [module.traefik]
stack_name = "s3"
mounts = { "/media/storage/minio" = "/data" }
domain = "s3.${var.base_domain}"
placement_constraints = ["node.hostname == california"]
networks = [module.traefik.docker_network]
traefik = merge(var.treafik_defaults, { domain = "s3.${var.base_domain}" })
}
output "minio" {
value = module.minio.minio
}

27
service.orca-slicer.tf
View file

@ -1,27 +0,0 @@
module "orca" {
//source = "github.com/matthewbaggett/terraform_modules//docker/service"
source = "./lib/grey.ooo/docker/service"
stack_name = "orca"
service_name = "orca"
image = "lscr.io/linuxserver/orcaslicer:latest"
environment_variables = {
PUID = 1000
PGID = 1000
TZ = "Europe/Amsterdam"
}
volumes = {
"orcaslicer_config" = "/config"
}
traefik = merge(var.treafik_defaults, {
domain = "orca.${var.base_domain}"
port = 3000
basic-auth-users = ["techinc"]
})
converge_enable = false
}
output "orca" {
value = {
endpoint = module.orca.endpoint
}
}

25
service.portainer.tf
View file

@ -1,25 +0,0 @@
module "portainer" {
#source = "github.com/matthewbaggett/terraform_modules//products/portainer/ui"
source = "./lib/grey.ooo/products/portainer/ui"
should_mount_local_docker_socket = true
placement_constraints = ["node.role == manager"]
networks = [module.traefik.docker_network]
traefik = {
domain = "portainer.${var.base_domain}",
port = 9000,
ssl = true,
non-ssl = true
basic-auth-users = ["techinc"]
}
}
output "portainer" {
value = {
endpoint = module.portainer.endpoint
credentials = module.portainer.portainer.credentials
socket-proxy = {
endpoint = module.portainer.socket_proxy_endpoint
}
}
}

38
service.printers.tf
View file

@ -1,38 +0,0 @@
module "s1" {
//source = "github.com/matthewbaggett/terraform_modules//docker/service"
source = "./lib/grey.ooo/docker/service"
stack_name = "printers"
service_name = "s1proxy"
image = "alpine/socat:latest"
command = ["socat", "tcp-listen:80,fork,reuseaddr", "tcp-connect:s1.prin.ti:80"]
traefik = merge(var.treafik_defaults, {
domain = "s1.${var.base_domain}"
port = 80
basic-auth-users = ["techinc"]
})
converge_enable = false
placement_constraints = ["node.hostname == california"]
}
module "label_printer" {
//source = "github.com/matthewbaggett/terraform_modules//docker/service"
source = "./lib/grey.ooo/docker/service"
stack_name = "printers"
service_name = "labelprinter"
image = "alpine/socat:latest"
command = ["socat", "tcp-listen:80,fork,reuseaddr", "tcp-connect:labelprinter.ti:80"]
traefik = merge(var.treafik_defaults, {
domain = "labelprinter.${var.base_domain}"
port = 80
basic-auth-users = ["techinc"]
})
converge_enable = false
placement_constraints = ["node.hostname == california"]
}
output "printers" {
value = {
s1 = module.s1.endpoint
label_printer = module.label_printer.endpoint
}
}

0
service.proxies.tf
View file

18
service.treafik.tf
View file

@ -1,18 +0,0 @@
module "traefik" {
source = "github.com/matthewbaggett/terraform_modules//products/traefik"
enable_ssl = true
enable_non_ssl = true
acme_use_staging = false
acme_email = var.acme_email
hello_service_domain = "hello.${var.base_domain}"
traefik_service_domain = "traefik.${var.base_domain}"
log_level = "DEBUG"
access_log = false
enable_ping = true
enable_docker_provider = false
enable_swarm_provider = true
enable_dashboard = true
api_insecure = true
api_debug = true
placement_constraints = ["node.role != manager"]
}

23
terraform.tf
View file

@ -16,28 +16,23 @@ terraform {
} }
scratch = { scratch = {
source = "BrendanThompson/scratch" source = "BrendanThompson/scratch"
version = "~> 0.4" version = "0.4.0"
}
proxmox = {
source = "Telmate/proxmox"
version = "~> 2.9"
}
minio = {
source = "aminueza/minio"
version = "~> 3.0"
} }
} }
backend "s3" { backend "s3" {
bucket = "techinc-iac" bucket = "terraform"
key = "terraform.tfstate" key = "ti-iac.tfstate"
profile = "techinc-iac" profile = "techinc-tf"
shared_credentials_files = ["~/.aws/credentials"] shared_credentials_files = ["~/.aws/credentials"]
region = "skip" # Region validation will be skipped endpoints = {
s3 = "http://california.ti:9000"
}
region = "main" # Region validation will be skipped
skip_credentials_validation = true # Skip AWS related checks and validations skip_credentials_validation = true # Skip AWS related checks and validations
skip_requesting_account_id = true skip_requesting_account_id = true
skip_metadata_api_check = true skip_metadata_api_check = true
skip_region_validation = true skip_region_validation = true
skip_s3_checksum = true use_path_style = true # Enable path-style S3 URLs (https://<HOST>/<BUCKET> https://developer.hashicorp.com/terraform/language/settings/backends/s3#use_path_style
} }
} }

0
ubiquity.tf_ → ubiquity.tf
View file

51
video-bucket.tf Normal file
View file

@ -0,0 +1,51 @@
data "docker_registry_image" "video_bucket" {
name = "ghcr.io/matthewbaggett/bucket-serve:latest"
}
resource "docker_service" "video_bucket" {
name = "video-bucket"
task_spec {
container_spec {
image = "${data.docker_registry_image.video_bucket.name}@${data.docker_registry_image.video_bucket.sha256_digest}"
configs {
config_id = docker_config.video_bucket_config.id
config_name = docker_config.video_bucket_config.name
file_name = "/app/.env"
}
}
networks_advanced {
name = docker_network.loadbalancer.id
}
restart_policy {
condition = "any"
delay = "0s"
window = "0s"
}
}
}
locals {
video_bucket_config = <<EOF
S3_ENDPOINT=http://s3.california.ti
S3_BUCKET=video
S3_KEY=Ipi5Xh1b2UgcGiLSLLpQ
S3_SECRET=E4xMwB44MT4tGLStJnZTwQbuDNHL1KR9M4I8taBT
EOF
}
resource "docker_config" "video_bucket_config" {
name = "video_bucket_config_${substr(md5(local.video_bucket_config), 0, 7)}"
data = base64encode(local.video_bucket_config)
lifecycle {
ignore_changes = [name]
create_before_destroy = true
}
}
module "videobucket_nginx_config" {
# tflint-ignore: terraform_module_pinned_source
source = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available"
hostname = "video.california.ti"
//certificate = acme_certificate.ooo_grey["s3"]
service_name = docker_service.video_bucket.name
upstream_host = "${docker_service.video_bucket.name}:80"
config_prefix = "nginx"
allow_non_ssl = true
allow_ssl = false
}

4
vigil.tf_ → vigil.tf
View file

@ -78,14 +78,14 @@ module "vigil" {
"icmp://main.pdu.ti", "icmp://main.pdu.ti",
"tcp://main.pdu.ti:23", "tcp://main.pdu.ti:23",
] ]
}, { },{
id = "pdu-aux" id = "pdu-aux"
label = "PDU Aux Space" label = "PDU Aux Space"
endpoints = [ endpoints = [
"icmp://aux.pdu.ti", "icmp://aux.pdu.ti",
"tcp://aux.pdu.ti:23", "tcp://aux.pdu.ti:23",
] ]
}, { },{
id = "pdu-printers" id = "pdu-printers"
label = "PDU Printers" label = "PDU Printers"
endpoints = [ endpoints = [