diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..fb97c6d --- /dev/null +++ b/.env.example @@ -0,0 +1,5 @@ +TIMEZONE="" +VOLUME_HOST="" +PUID="" +PGID="" +DOCKER_SOCK="" \ No newline at end of file diff --git a/.gitignore b/.gitignore index 76e7103..5a2aa3a 100644 --- a/.gitignore +++ b/.gitignore @@ -7,4 +7,5 @@ override.tf override.tf.json .terraformrc terraform.rc -.env \ No newline at end of file +.env +./**/.env \ No newline at end of file diff --git a/.tool-versions b/.tool-versions index 5cffb8b..3a3fe37 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1 +1 @@ -opentofu 1.10.0 +opentofu 1.10.5 diff --git a/main.tf b/main.tf index d4d0387..24d971a 100644 --- a/main.tf +++ b/main.tf @@ -12,14 +12,14 @@ locals { module "caddy" { source = "./modules/01-networking/caddy-service" - volume_path = "./docker/infrastructure/" + volume_path = "${local.volume_host}" domains = [ "blackchaosnl.duckdns.org", "blackchaosnl.myaddr.io", "blackchaosnl.myaddr.dev", "blackchaosnl.myaddr.tools" ] - tls_email = "your-email@example.com" # For Let's Encrypt + tls_email = "jjvijgen@gmail.com" container_name = "caddy" service_definitions = module.services.service_definitions networks = ["default"] diff --git a/modules/01-networking/caddy-service/main.tf b/modules/01-networking/caddy-service/main.tf index 4157923..ba3bc67 100644 --- a/modules/01-networking/caddy-service/main.tf +++ b/modules/01-networking/caddy-service/main.tf @@ -25,7 +25,6 @@ locals { site_address = "${subdomain}.${domain}" endpoint = service.endpoint service_name = service.name - tls_email = var.tls_email has_custom_config = service.caddy_config != "" custom_config = service.caddy_config reverse_proxy_options = service.caddy_options @@ -62,7 +61,7 @@ locals { EOT // Generate the main Caddyfile content - caddyfile_content = merge(local.caddyfile_default, join("\n\n", [ + caddyfile_content = format("%s%s", local.caddyfile_default, join("\n\n", [ for site in local.caddy_site_configs : site.has_custom_config ? // Use the custom Caddy config if provided @@ -95,7 +94,7 @@ resource "docker_volume" "caddy_config" { // Create Caddyfile in the volume path resource "local_file" "caddyfile" { content = local.caddyfile_content - filename = "${var.volume_path}/${image}/Caddyfile" + filename = "${var.volume_path}/${local.container_name}/Caddyfile" } @@ -108,17 +107,17 @@ module "caddy" { volumes = [ { - host_path = "${var.volume_path}/${image}/data" + host_path = "${var.volume_path}/${local.container_name}/data" container_path = "/data" read_only = false }, { - host_path = "${var.volume_path}/${image}/config" + host_path = "${var.volume_path}/${local.container_name}/config" container_path = "/config" read_only = false }, { - host_path = "${var.volume_path}/${image}/Caddyfile" + host_path = "${var.volume_path}/${local.container_name}/Caddyfile" container_path = "/etc/caddy/Caddyfile" read_only = true } diff --git a/modules/01-networking/caddy-service/variables.tf b/modules/01-networking/caddy-service/variables.tf index 095cfdc..d9fdbb4 100644 --- a/modules/01-networking/caddy-service/variables.tf +++ b/modules/01-networking/caddy-service/variables.tf @@ -16,10 +16,8 @@ variable "volume_path" { } variable "domains" { - description = "Which domain name to use for services" - type = list(object({ - name = string - })) + description = "Which domain names to use for services" + type = list(string) } variable "tls_email" { diff --git a/modules/20-services-entertainment/jellyfin-service/main.tf b/modules/20-services-entertainment/jellyfin-service/main.tf index bc31474..d766cfd 100644 --- a/modules/20-services-entertainment/jellyfin-service/main.tf +++ b/modules/20-services-entertainment/jellyfin-service/main.tf @@ -8,8 +8,8 @@ terraform { locals { container_name = "jellyfin" - jellyfin_image = "docker.io/jellyfin/jellyfin" - jellyfin_tag = var.image_tag + jellyfin_image = "docker.io/jellyfin/jellyfin" + jellyfin_tag = var.image_tag env_file = "${path.module}/.env" jellyfin_internal_port = 8096 @@ -20,11 +20,13 @@ locals { read_only = true }, { - host_path = "${volume_path}/${container_name}/config" + host_path = "${var.volume_path}/${local.container_name}/config" container_path = "/config" + read_only = false },{ - host_path = "${volume_path}/${container_name}/cache" + host_path = "${var.volume_path}/${local.container_name}/cache" container_path = "/cache" + read_only = false }, ] diff --git a/modules/30-services-software/lldap-service/.env.example b/modules/30-services-software/lldap-service/.env.example new file mode 100644 index 0000000..95d4da0 --- /dev/null +++ b/modules/30-services-software/lldap-service/.env.example @@ -0,0 +1,6 @@ +LLDAP_JWT_SECRET= +LLDAP_BASE_DN= +LLDAP_USER_DN= +LLDAP_USER_EMAIL= +LLDAP_USER_PASS= +LLDAP_KEY_SEED= \ No newline at end of file diff --git a/modules/30-services-software/lldap-service/main.tf b/modules/30-services-software/lldap-service/main.tf index b8af171..5248517 100644 --- a/modules/30-services-software/lldap-service/main.tf +++ b/modules/30-services-software/lldap-service/main.tf @@ -7,36 +7,37 @@ terraform { } locals { - container_name = "freeipa" - freeipa_image = "quay.io/repository/freeipa/freeipa-server" - freeipa_tag = var.image_tag - env_file = "${path.module}/.env" - freeipa_internal_port = 8443 + container_name = "lldap" + lldap_image = "ghcr.io/lldap/lldap" + lldap_tag = var.image_tag + env_file = "${path.module}/.env" + lldap_internal_port = 17170 - freeipa_volumes = [ + lldap_volumes = [ { - host_path = "${var.volume_path}/${local.container_name}/data" - container_path = "${var.volume_path}/${local.container_name}/data" + host_path = "${var.volume_path}/${local.container_name}/data" + container_path = "/data" + read_only = false }, - { - host_path = "" - container_path = "${var.volume_path}/${local.container_name}/data" - - } ] - freeipa_env_vars = { - PASSWORD = var.admin_password + lldap_env_vars = { + LLDAP_JWT_SECRET = provider::dotenv::get_by_key("LLDAP_JWT_SECRET", local.env_file) + LLDAP_BASE_DN = provider::dotenv::get_by_key("LLDAP_BASE_DN", local.env_file) + LLDAP_USER_DN = provider::dotenv::get_by_key("LLDAP_USER_DN", local.env_file) + LLDAP_USER_EMAIL = provider::dotenv::get_by_key("LLDAP_USER_EMAIL", local.env_file) + LLDAP_USER_PASS = provider::dotenv::get_by_key("LLDAP_USER_PASS", local.env_file) + LLDAP_KEY_SEED = provider::dotenv::get_by_key("LLDAP_KEY_SEED", local.env_file) } } -module "freeipa" { +module "lldap" { source = "../../10-generic/docker-service" container_name = local.container_name - image = local.freeipa_image - tag = local.freeipa_tag - volumes = local.freeipa_volumes - env_vars = local.freeipa_env_vars + image = local.lldap_image + tag = local.lldap_tag + volumes = local.lldap_volumes + env_vars = local.lldap_env_vars networks = concat(var.networks) restart_policy = "always" } @@ -45,20 +46,9 @@ output "service_definition" { description = "General service definition with optional ingress configuration" value = { name = local.container_name - primary_port = local.freeipa_internal_port - endpoint = "http://${local.container_name}:${local.freeipa_internal_port}" - subdomains = ["ipa"] - ports = [ - { - external = 8080 - internal = 80 - protocol = "tcp" - }, - { - external = 8443 - internal = 443 - protocol = "tcp" - } - ] + primary_port = local.lldap_internal_port + endpoint = "http://${local.container_name}:${local.lldap_internal_port}" + subdomains = ["users"] + ports = [] } } \ No newline at end of file diff --git a/modules/30-services-software/lldap-service/variables.tf b/modules/30-services-software/lldap-service/variables.tf index a2fed70..d7069da 100644 --- a/modules/30-services-software/lldap-service/variables.tf +++ b/modules/30-services-software/lldap-service/variables.tf @@ -1,8 +1,8 @@ variable "image_tag" { - description = "The tag for the freeipa container image. Default: Latest" + description = "The tag for the freeipa container image. Default: latest-alpine-rootless" type = string - default = "rocky-9" + default = "latest-alpine-rootless" } variable "volume_path" { @@ -32,9 +32,4 @@ variable "timezone" { description = "Timezone for the container" type = string default = "Europe/Helsinki" -} - -variable "admin_password" { - description = "Default password for logging into the IPA admin account" - type = string } \ No newline at end of file diff --git a/outputs.tf b/outputs.tf index e69de29..1e1b829 100644 --- a/outputs.tf +++ b/outputs.tf @@ -0,0 +1,9 @@ +output "services" { + description = "Service definitions for all services" + value = [ + for service in module.services.service_definitions : { + name = service.name + endpoint = service.endpoint + } + ] +} \ No newline at end of file diff --git a/providers.tf b/providers.tf index 07a403f..d910333 100644 --- a/providers.tf +++ b/providers.tf @@ -1,6 +1,6 @@ terraform { required_providers { - podman = { + docker = { source = "kreuzwerker/docker" version = "~> 3.6.0" } @@ -14,3 +14,7 @@ terraform { } } } + +provider "docker" { + host = provider::dotenv::get_by_key("DOCKER_SOCK", "${path.module}/.env") +} \ No newline at end of file diff --git a/services/main.tf b/services/main.tf index 55a29ce..5f5196f 100644 --- a/services/main.tf +++ b/services/main.tf @@ -16,9 +16,9 @@ module "homelab_docker_network" { subnet = "10.88.0.0/16" } -module "freeipa" { +module "lldap" { source = "${local.module_dir}/30-services-software/lldap-service" - volume_path = "${local.volume_path}/freeipa" + volume_path = "${local.root_volume}/lldap" networks = [ module.homelab_docker_network.name ] @@ -26,7 +26,7 @@ module "freeipa" { module "jellyfin" { source = "${local.module_dir}/20-services-entertainment/jellyfin-service" - volume_path = "${local.volume_path}/jellyfin" + volume_path = "${local.root_volume}/jellyfin" networks = [ module.homelab_docker_network.name ] diff --git a/services/outputs.tf b/services/outputs.tf index 4731e9b..2c7bb70 100644 --- a/services/outputs.tf +++ b/services/outputs.tf @@ -2,7 +2,7 @@ output "service_definitions" { description = "Service definitions for all services" value = [ module.jellyfin.service_definition, - module.freeipa.service_definition, + module.lldap.service_definition, ] }