Add env files, fix LLDAP pod to be created and fix random issues
This commit is contained in:
@@ -0,0 +1,5 @@
|
||||
TIMEZONE=""
|
||||
VOLUME_HOST=""
|
||||
PUID=""
|
||||
PGID=""
|
||||
DOCKER_SOCK=""
|
||||
@@ -8,3 +8,4 @@ override.tf.json
|
||||
.terraformrc
|
||||
terraform.rc
|
||||
.env
|
||||
./**/.env
|
||||
+1
-1
@@ -1 +1 @@
|
||||
opentofu 1.10.0
|
||||
opentofu 1.10.5
|
||||
|
||||
@@ -12,14 +12,14 @@ locals {
|
||||
|
||||
module "caddy" {
|
||||
source = "./modules/01-networking/caddy-service"
|
||||
volume_path = "./docker/infrastructure/"
|
||||
volume_path = "${local.volume_host}"
|
||||
domains = [
|
||||
"blackchaosnl.duckdns.org",
|
||||
"blackchaosnl.myaddr.io",
|
||||
"blackchaosnl.myaddr.dev",
|
||||
"blackchaosnl.myaddr.tools"
|
||||
]
|
||||
tls_email = "your-email@example.com" # For Let's Encrypt
|
||||
tls_email = "jjvijgen@gmail.com"
|
||||
container_name = "caddy"
|
||||
service_definitions = module.services.service_definitions
|
||||
networks = ["default"]
|
||||
|
||||
@@ -25,7 +25,6 @@ locals {
|
||||
site_address = "${subdomain}.${domain}"
|
||||
endpoint = service.endpoint
|
||||
service_name = service.name
|
||||
tls_email = var.tls_email
|
||||
has_custom_config = service.caddy_config != ""
|
||||
custom_config = service.caddy_config
|
||||
reverse_proxy_options = service.caddy_options
|
||||
@@ -62,7 +61,7 @@ locals {
|
||||
EOT
|
||||
|
||||
// Generate the main Caddyfile content
|
||||
caddyfile_content = merge(local.caddyfile_default, join("\n\n", [
|
||||
caddyfile_content = format("%s%s", local.caddyfile_default, join("\n\n", [
|
||||
for site in local.caddy_site_configs :
|
||||
site.has_custom_config ?
|
||||
// Use the custom Caddy config if provided
|
||||
@@ -95,7 +94,7 @@ resource "docker_volume" "caddy_config" {
|
||||
// Create Caddyfile in the volume path
|
||||
resource "local_file" "caddyfile" {
|
||||
content = local.caddyfile_content
|
||||
filename = "${var.volume_path}/${image}/Caddyfile"
|
||||
filename = "${var.volume_path}/${local.container_name}/Caddyfile"
|
||||
}
|
||||
|
||||
|
||||
@@ -108,17 +107,17 @@ module "caddy" {
|
||||
|
||||
volumes = [
|
||||
{
|
||||
host_path = "${var.volume_path}/${image}/data"
|
||||
host_path = "${var.volume_path}/${local.container_name}/data"
|
||||
container_path = "/data"
|
||||
read_only = false
|
||||
},
|
||||
{
|
||||
host_path = "${var.volume_path}/${image}/config"
|
||||
host_path = "${var.volume_path}/${local.container_name}/config"
|
||||
container_path = "/config"
|
||||
read_only = false
|
||||
},
|
||||
{
|
||||
host_path = "${var.volume_path}/${image}/Caddyfile"
|
||||
host_path = "${var.volume_path}/${local.container_name}/Caddyfile"
|
||||
container_path = "/etc/caddy/Caddyfile"
|
||||
read_only = true
|
||||
}
|
||||
|
||||
@@ -16,10 +16,8 @@ variable "volume_path" {
|
||||
}
|
||||
|
||||
variable "domains" {
|
||||
description = "Which domain name to use for services"
|
||||
type = list(object({
|
||||
name = string
|
||||
}))
|
||||
description = "Which domain names to use for services"
|
||||
type = list(string)
|
||||
}
|
||||
|
||||
variable "tls_email" {
|
||||
|
||||
@@ -8,8 +8,8 @@ terraform {
|
||||
|
||||
locals {
|
||||
container_name = "jellyfin"
|
||||
jellyfin_image = "docker.io/jellyfin/jellyfin"
|
||||
jellyfin_tag = var.image_tag
|
||||
jellyfin_image = "docker.io/jellyfin/jellyfin"
|
||||
jellyfin_tag = var.image_tag
|
||||
env_file = "${path.module}/.env"
|
||||
jellyfin_internal_port = 8096
|
||||
|
||||
@@ -20,11 +20,13 @@ locals {
|
||||
read_only = true
|
||||
},
|
||||
{
|
||||
host_path = "${volume_path}/${container_name}/config"
|
||||
host_path = "${var.volume_path}/${local.container_name}/config"
|
||||
container_path = "/config"
|
||||
read_only = false
|
||||
},{
|
||||
host_path = "${volume_path}/${container_name}/cache"
|
||||
host_path = "${var.volume_path}/${local.container_name}/cache"
|
||||
container_path = "/cache"
|
||||
read_only = false
|
||||
},
|
||||
]
|
||||
|
||||
|
||||
@@ -0,0 +1,6 @@
|
||||
LLDAP_JWT_SECRET=
|
||||
LLDAP_BASE_DN=
|
||||
LLDAP_USER_DN=
|
||||
LLDAP_USER_EMAIL=
|
||||
LLDAP_USER_PASS=
|
||||
LLDAP_KEY_SEED=
|
||||
@@ -7,36 +7,37 @@ terraform {
|
||||
}
|
||||
|
||||
locals {
|
||||
container_name = "freeipa"
|
||||
freeipa_image = "quay.io/repository/freeipa/freeipa-server"
|
||||
freeipa_tag = var.image_tag
|
||||
env_file = "${path.module}/.env"
|
||||
freeipa_internal_port = 8443
|
||||
container_name = "lldap"
|
||||
lldap_image = "ghcr.io/lldap/lldap"
|
||||
lldap_tag = var.image_tag
|
||||
env_file = "${path.module}/.env"
|
||||
lldap_internal_port = 17170
|
||||
|
||||
freeipa_volumes = [
|
||||
lldap_volumes = [
|
||||
{
|
||||
host_path = "${var.volume_path}/${local.container_name}/data"
|
||||
container_path = "${var.volume_path}/${local.container_name}/data"
|
||||
host_path = "${var.volume_path}/${local.container_name}/data"
|
||||
container_path = "/data"
|
||||
read_only = false
|
||||
},
|
||||
{
|
||||
host_path = ""
|
||||
container_path = "${var.volume_path}/${local.container_name}/data"
|
||||
|
||||
}
|
||||
]
|
||||
|
||||
freeipa_env_vars = {
|
||||
PASSWORD = var.admin_password
|
||||
lldap_env_vars = {
|
||||
LLDAP_JWT_SECRET = provider::dotenv::get_by_key("LLDAP_JWT_SECRET", local.env_file)
|
||||
LLDAP_BASE_DN = provider::dotenv::get_by_key("LLDAP_BASE_DN", local.env_file)
|
||||
LLDAP_USER_DN = provider::dotenv::get_by_key("LLDAP_USER_DN", local.env_file)
|
||||
LLDAP_USER_EMAIL = provider::dotenv::get_by_key("LLDAP_USER_EMAIL", local.env_file)
|
||||
LLDAP_USER_PASS = provider::dotenv::get_by_key("LLDAP_USER_PASS", local.env_file)
|
||||
LLDAP_KEY_SEED = provider::dotenv::get_by_key("LLDAP_KEY_SEED", local.env_file)
|
||||
}
|
||||
}
|
||||
|
||||
module "freeipa" {
|
||||
module "lldap" {
|
||||
source = "../../10-generic/docker-service"
|
||||
container_name = local.container_name
|
||||
image = local.freeipa_image
|
||||
tag = local.freeipa_tag
|
||||
volumes = local.freeipa_volumes
|
||||
env_vars = local.freeipa_env_vars
|
||||
image = local.lldap_image
|
||||
tag = local.lldap_tag
|
||||
volumes = local.lldap_volumes
|
||||
env_vars = local.lldap_env_vars
|
||||
networks = concat(var.networks)
|
||||
restart_policy = "always"
|
||||
}
|
||||
@@ -45,20 +46,9 @@ output "service_definition" {
|
||||
description = "General service definition with optional ingress configuration"
|
||||
value = {
|
||||
name = local.container_name
|
||||
primary_port = local.freeipa_internal_port
|
||||
endpoint = "http://${local.container_name}:${local.freeipa_internal_port}"
|
||||
subdomains = ["ipa"]
|
||||
ports = [
|
||||
{
|
||||
external = 8080
|
||||
internal = 80
|
||||
protocol = "tcp"
|
||||
},
|
||||
{
|
||||
external = 8443
|
||||
internal = 443
|
||||
protocol = "tcp"
|
||||
}
|
||||
]
|
||||
primary_port = local.lldap_internal_port
|
||||
endpoint = "http://${local.container_name}:${local.lldap_internal_port}"
|
||||
subdomains = ["users"]
|
||||
ports = []
|
||||
}
|
||||
}
|
||||
@@ -1,8 +1,8 @@
|
||||
|
||||
variable "image_tag" {
|
||||
description = "The tag for the freeipa container image. Default: Latest"
|
||||
description = "The tag for the freeipa container image. Default: latest-alpine-rootless"
|
||||
type = string
|
||||
default = "rocky-9"
|
||||
default = "latest-alpine-rootless"
|
||||
}
|
||||
|
||||
variable "volume_path" {
|
||||
@@ -33,8 +33,3 @@ variable "timezone" {
|
||||
type = string
|
||||
default = "Europe/Helsinki"
|
||||
}
|
||||
|
||||
variable "admin_password" {
|
||||
description = "Default password for logging into the IPA admin account"
|
||||
type = string
|
||||
}
|
||||
@@ -0,0 +1,9 @@
|
||||
output "services" {
|
||||
description = "Service definitions for all services"
|
||||
value = [
|
||||
for service in module.services.service_definitions : {
|
||||
name = service.name
|
||||
endpoint = service.endpoint
|
||||
}
|
||||
]
|
||||
}
|
||||
+5
-1
@@ -1,6 +1,6 @@
|
||||
terraform {
|
||||
required_providers {
|
||||
podman = {
|
||||
docker = {
|
||||
source = "kreuzwerker/docker"
|
||||
version = "~> 3.6.0"
|
||||
}
|
||||
@@ -14,3 +14,7 @@ terraform {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
provider "docker" {
|
||||
host = provider::dotenv::get_by_key("DOCKER_SOCK", "${path.module}/.env")
|
||||
}
|
||||
+3
-3
@@ -16,9 +16,9 @@ module "homelab_docker_network" {
|
||||
subnet = "10.88.0.0/16"
|
||||
}
|
||||
|
||||
module "freeipa" {
|
||||
module "lldap" {
|
||||
source = "${local.module_dir}/30-services-software/lldap-service"
|
||||
volume_path = "${local.volume_path}/freeipa"
|
||||
volume_path = "${local.root_volume}/lldap"
|
||||
networks = [
|
||||
module.homelab_docker_network.name
|
||||
]
|
||||
@@ -26,7 +26,7 @@ module "freeipa" {
|
||||
|
||||
module "jellyfin" {
|
||||
source = "${local.module_dir}/20-services-entertainment/jellyfin-service"
|
||||
volume_path = "${local.volume_path}/jellyfin"
|
||||
volume_path = "${local.root_volume}/jellyfin"
|
||||
networks = [
|
||||
module.homelab_docker_network.name
|
||||
]
|
||||
|
||||
+1
-1
@@ -2,7 +2,7 @@ output "service_definitions" {
|
||||
description = "Service definitions for all services"
|
||||
value = [
|
||||
module.jellyfin.service_definition,
|
||||
module.freeipa.service_definition,
|
||||
module.lldap.service_definition,
|
||||
]
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user