Add coder, fix general typos, add more values to docker-service

2025-08-12 19:42:47 +00:00
parent f66bf45007
commit 8babee5a13
16 changed files with 303 additions and 28 deletions
@@ -43,9 +43,6 @@ locals {
      read_only      = volume.read_only
    }
  ]
-
-  // Merge provided labels with monitoring labels
-  merged_labels = merge(var.labels)
 }

 // Pull the Docker image
@@ -107,7 +104,7 @@ resource "docker_container" "service_container" {

  # Set container labels
  dynamic "labels" {
-    for_each = local.merged_labels
+    for_each = var.labels
    content {
      label = labels.key
      value = labels.value
@@ -132,15 +129,18 @@ resource "docker_container" "service_container" {
  cpu_shares  = var.cpu_shares

  # Other container options
-  dns         = var.dns
-  dns_search  = var.dns_search
-  hostname    = var.hostname
-  domainname  = var.domainname
-  user        = var.user
-  working_dir = var.working_dir
-  command     = var.command
-  entrypoint  = var.entrypoint
-  privileged  = var.privileged
+  dns           = var.dns
+  dns_search    = var.dns_search
+  hostname      = var.hostname
+  domainname    = var.domainname
+  user          = var.user
+  working_dir   = var.working_dir
+  command       = var.command
+  entrypoint    = var.entrypoint
+  privileged    = var.privileged
+  security_opts = var.security_opts
+  userns_mode   = var.userns_mode
+  gpus          = var.gpus

  # Set log options
  log_driver = var.log_driver
@@ -1,33 +1,33 @@
 variable "container_name" {
-  description = "Name of the Docker container"
+  description = "Name of the container"
  type        = string
 }

 variable "image" {
-  description = "Docker image name"
+  description = "Image name"
  type        = string
 }

 variable "tag" {
-  description = "Docker image tag"
+  description = "Image tag"
  type        = string
  default     = "latest"
 }

 variable "keep_image_locally" {
-  description = "Whether to keep the Docker image locally after pulling"
+  description = "Whether to keep the image locally after pulling"
  type        = bool
  default     = true
 }

 variable "restart_policy" {
-  description = "Docker restart policy (no, always, unless-stopped, on-failure)"
+  description = "Restart policy (no, always, unless-stopped, on-failure)"
  type        = string
  default     = "always"
 }

 variable "network_mode" {
-  description = "Docker network mode (bridge, host, etc.)"
+  description = "Network mode (bridge, host, etc.)"
  type        = string
  default     = "bridge"
 }
@@ -78,9 +78,12 @@ variable "pgid" {
 }

 variable "labels" {
-  description = "Docker container labels"
-  type        = map(string)
-  default     = {}
+  description = "Container labels"
+  type        = list(object({
+    label = string
+    value = string
+  }))
+  default     = []
 }

 variable "host_mappings" {
@@ -179,6 +182,24 @@ variable "privileged" {
  default     = false
 }

+variable "security_opts" {
+  description = "Set's security options for container"
+  type = list(string)
+  default = null
+}
+
+variable "userns_mode" {
+  description = "Set's the USERNS Mode"
+  type = string
+  default = null
+}
+
+variable "gpus" {
+  description = "Set the GPU passthrough"
+  type = string
+  default = null
+}
+
 // Logging options
 variable "log_driver" {
  description = "Log driver for the container"
@@ -1,5 +1,5 @@
 variable "image_tag" {
-  description = "The tag for the JellyFin container image. Default: Latest"
+  description = "The tag for the Calibre container image. Default: Latest"
  type        = string
  default     = "latest"
 }
@@ -12,6 +12,7 @@ locals {
  jellyfin_tag            = var.image_tag
  env_file                = "${path.module}/.env"
  jellyfin_internal_port  = 8096
+  gpus                    = "all"

  jellyfin_volumes = [
    {
@@ -44,6 +45,7 @@ module "jellyfin" {
  tag            = local.jellyfin_tag
  volumes        = local.jellyfin_volumes
  env_vars       = local.jellyfin_env_vars
+  gpus           = local.gpus
  networks       = concat(var.networks)
  restart_policy = "always"
 }
@@ -12,7 +12,7 @@ variable "redis_image_tag" {
 }

 variable "postgres_image_tag" {
-  description = "The tag for the redis container image. Default: 2025.6.3"
+  description = "The tag for the postgres container image. Default: 17-alpine"
  type        = string
  default     = "17-alpine"
 }
@@ -0,0 +1,9 @@
+POSTGRES_USER=""
+POSTGRES_PASSWORD=""
+POSTGRES_DB=""
+CODER_HTTP_ADDRESS="0.0.0.0:7080"
+CODER_ACCESS_URL="https://code.blackchaosnl.myaddr.dev"
+CODER_PROXY_TRUSTED_HEADERS="X-Real-IP,X-Forwarded-For,X-Forwarded-Port,X-Forwarded-Proto"
+CODER_PROXY_TRUSTED_ORIGINS=""
+CODER_DISABLE_PASSWORD_AUTH=True
+DOCKER_USER=""
@@ -0,0 +1,90 @@
+terraform {
+  required_providers {
+    dotenv = {
+      source = "germanbrew/dotenv"
+    }
+  }
+}
+
+locals {
+  container_name             = "coder"
+  postgres_container_name    = "coder-postgres"
+  coder_image                = "lscr.io/linuxserver/coder"
+  postgres_image             = "docker.io/library/postgres"
+  coder_tag                  = var.image_tag
+  postgres_tag               = var.postgres_image_tag
+  env_file                   = "${path.module}/.env"
+  coder_internal_port        = 7080
+
+  coder_volumes = [
+    {
+      host_path      = "/run/user/1000/podman/podman.sock"
+      container_path = "/var/run/docker.sock"
+      read_only      = false
+    }
+  ]
+
+  postgres_volumes = [
+    {
+      host_path      = "${var.volume_path}/${local.container_name}/data"
+      container_path = "/var/lib/postgresql/data"
+      read_only      = false
+    }
+  ]
+
+  coder_env_vars = {
+    CODER_PG_CONNECTION_URL              = "postgresql://${provider::dotenv::get_by_key("POSTGRES_USER", local.env_file)}:${provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file)}@coder-postgres/${provider::dotenv::get_by_key("POSTGRES_DB", local.env_file)}?sslmode=disable"
+    CODER_HTTP_ADDRESS                   = provider::dotenv::get_by_key("CODER_HTTP_ADDRESS", local.env_file)
+    CODER_ACCESS_URL                     = provider::dotenv::get_by_key("CODER_ACCESS_URL", local.env_file)
+    CODER_PROXY_TRUSTED_HEADERS          = provider::dotenv::get_by_key("CODER_PROXY_TRUSTED_HEADERS", local.env_file)
+    CODER_PROXY_TRUSTED_ORIGINS          = provider::dotenv::get_by_key("CODER_PROXY_TRUSTED_ORIGINS", local.env_file)
+    CODER_DISABLE_PASSWORD_AUTH          = provider::dotenv::get_by_key("CODER_DISABLE_PASSWORD_AUTH", local.env_file)
+    DOCKER_USER                          = provider::dotenv::get_by_key("DOCKER_USER", local.env_file)
+  }
+
+  postgres_env_vars = {
+    POSTGRES_USER                        = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file)
+    POSTGRES_PASSWORD                    = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file)
+    POSTGRES_DB                          = provider::dotenv::get_by_key("POSTGRES_DB", local.env_file)
+  }
+
+}
+
+module "coder-postgres" {
+  source         = "../../10-generic/docker-service"
+  container_name = local.postgres_container_name
+  image          = local.postgres_image
+  tag            = local.postgres_tag
+  volumes        = local.postgres_volumes
+  env_vars       = local.postgres_env_vars
+  networks       = concat(var.networks)
+  restart_policy = "always"
+}
+
+module "coder" {
+  source         = "../../10-generic/docker-service"
+  container_name = local.container_name
+  image          = local.coder_image
+  tag            = local.coder_tag
+  volumes        = local.coder_volumes
+  env_vars       = local.coder_env_vars
+  networks       = concat(var.networks)
+  restart_policy = "always"
+  labels         = [{
+    label = "run.oci.keep_original_groups"
+    value = "1"
+  }]
+  security_opts = [
+    "label:type:container_runtype_t"
+  ]
+}
+
+output "service_definition" {
+  description = "General service definition with optional ingress configuration"
+  value = {
+    name         = local.container_name
+    primary_port = local.coder_internal_port
+    endpoint     = "http://${local.container_name}:${local.coder_internal_port}"
+    subdomains   = ["code"]
+  }
+}
@@ -0,0 +1,40 @@
+variable "image_tag" {
+  description = "The tag for the coder container image. Default: Latest"
+  type        = string
+  default     = "latest"
+}
+
+variable "postgres_image_tag" {
+  description = "The tag for the postgres container image. Default: Latest"
+  type        = string
+  default     = "17-alpine"
+}
+
+variable "volume_path" {
+  description = "Base directory for volumes"
+  type        = string
+}
+
+variable "networks" {
+  description = "List of networks to which the container should be attached"
+  type        = list(string)
+  default     = []
+}
+
+variable "user_id" {
+  description = "User ID for container permissions"
+  type        = string
+  default     = "1000"
+}
+
+variable "group_id" {
+  description = "Group ID for container permissions"
+  type        = string
+  default     = "1000"
+}
+
+variable "timezone" {
+  description = "Timezone for the container"
+  type        = string
+  default     = "Europe/Helsinki"
+}
@@ -0,0 +1,2 @@
+WEBUI_PORT=9080
+TORRENTING_PORT=6881
@@ -0,0 +1,59 @@
+terraform {
+  required_providers {
+    dotenv = {
+      source = "germanbrew/dotenv"
+    }
+  }
+}
+
+locals {
+  container_name             = "qbittorrent"
+  qbittorrent_image          = "lscr.io/linuxserver/qbittorrent"
+  qbittorrent_tag            = var.image_tag
+  env_file                   = "${path.module}/.env"
+  qbittorrent_internal_port  = 9080
+
+  qbittorrent_volumes = [
+    {
+      host_path      = "/mnt/storage/media"
+      container_path = "/downloads"
+      read_only      = false
+    },
+    {
+      host_path      = "${var.volume_path}/${local.container_name}/config"
+      container_path = "/config"
+      read_only      = false
+    }
+  ]
+
+  qbittorrent_env_vars = {
+    PUID                             = var.user_id
+    PGID                             = var.group_id
+    TZ                               = var.timezone
+    WEBUI_PORT                       = provider::dotenv::get_by_key("WEBUI_PORT", local.env_file)
+    TORRENTING_PORT                  = provider::dotenv::get_by_key("TORRENTING_PORT", local.env_file)
+  }
+
+}
+
+module "qbittorrent" {
+  source         = "../../10-generic/docker-service"
+  container_name = local.container_name
+  image          = local.qbittorrent_image
+  tag            = local.qbittorrent_tag
+  volumes        = local.qbittorrent_volumes
+  env_vars       = local.qbittorrent_env_vars
+  networks       = concat(var.networks)
+  restart_policy = "always"
+}
+
+output "service_definition" {
+  description = "General service definition with optional ingress configuration"
+  value = {
+    name         = local.container_name
+    primary_port = local.qbittorrent_internal_port
+    endpoint     = "http://${local.container_name}:${local.qbittorrent_internal_port}"
+    subdomains   = ["downloads"]
+    is_guarded   = true
+  }
+}
@@ -0,0 +1,34 @@
+variable "image_tag" {
+  description = "The tag for the QBittorrent container image. Default: Latest"
+  type        = string
+  default     = "latest"
+}
+
+variable "volume_path" {
+  description = "Base directory for volumes"
+  type        = string
+}
+
+variable "networks" {
+  description = "List of networks to which the container should be attached"
+  type        = list(string)
+  default     = []
+}
+
+variable "user_id" {
+  description = "User ID for container permissions"
+  type        = string
+  default     = "1000"
+}
+
+variable "group_id" {
+  description = "Group ID for container permissions"
+  type        = string
+  default     = "1000"
+}
+
+variable "timezone" {
+  description = "Timezone for the container"
+  type        = string
+  default     = "Europe/Helsinki"
+}
@@ -1,11 +1,11 @@
 variable "image_tag" {
-  description = "The tag for the JellyFin container image. Default: Latest"
+  description = "The tag for the Tandoor container image. Default: Latest"
  type        = string
  default     = "latest"
 }

 variable "postgres_image_tag" {
-  description = "The tag for the redis container image. Default: 2025.6.3"
+  description = "The tag for the postgres container image. Default: 17-alpine"
  type        = string
  default     = "17-alpine"
 }
@@ -32,7 +32,7 @@ locals {
  EOT
 }

-resource "local_file" "caddyfile" {
+resource "local_file" "traccar_config_file" {
  content  = local.traccar_content
  filename = "${var.volume_path}/${local.container_name}/traccar.xml"
 }
@@ -1,5 +1,5 @@
 variable "image_tag" {
-  description = "The tag for the JellyFin container image. Default: Latest"
+  description = "The tag for the Traccar container image. Default: Latest"
  type        = string
  default     = "latest"
 }
@@ -48,6 +48,22 @@ module "jellyfin" {
  ]
 }

+module "qbittorrent" {
+  source = "${local.module_dir}/30-services-software/qbittorrent-service"
+  volume_path = "${local.root_volume}/qbittorrent"
+  networks = [
+    "blue",
+  ]
+}
+
+module "coder" {
+  source = "${local.module_dir}/30-services-software/coder-service"
+  volume_path = "${local.root_volume}/coder"
+  networks = [
+    "blue",
+  ]
+}
+
 module "calibre" {
  source = "${local.module_dir}/20-services-entertainment/calibre-service"
  volume_path = "${local.root_volume}/calibre"
@@ -5,6 +5,8 @@ output "service_definitions" {
    module.calibre.service_definition,
    module.traccar.service_definition,
    module.tandoor.service_definition,
+    module.qbittorrent.service_definition,
+    module.coder.service_definition,
    module.authentik.service_definition,
  ]
 }