tf/modules/swarm/traefik/main.tf

data "docker_registry_image" "traefik" {
  name = "traefik:v2.9"
}

resource "docker_secret" "hetzner_dns_api_token" {
  name = "traefik_hetzner_dns_api_token-${replace(timestamp(), ":", ".")}"
  data = base64encode(var.hetzner_dns_api_token)
  lifecycle {
    ignore_changes        = [name]
    create_before_destroy = true
  }
}

resource "docker_network" "traefik" {
  name       = "traefik"
  attachable = true
  driver     = "overlay"

  lifecycle {
    ignore_changes = [labels]
  }
}

resource "docker_volume" "traefik_acme" {
  name = "traefik_acme"

  lifecycle {
    prevent_destroy = true
  }
}

resource "docker_service" "traefik" {
  name = "traefik"

  mode {
    global = true
  }

  endpoint_spec {
    ports {
      target_port    = 80
      published_port = 80
      protocol       = "tcp"
      publish_mode   = "host"
    }

    ports {
      target_port    = 443
      published_port = 443
      protocol       = "tcp"
      publish_mode   = "host"
    }

    ports {
      target_port    = 443
      published_port = 443
      protocol       = "udp"
      publish_mode   = "host"
    }

    ports {
      target_port    = 8883
      published_port = 8883
      protocol       = "tcp"
      publish_mode   = "host"
    }
  }

  task_spec {
    networks_advanced {
      name = docker_network.traefik.id
    }

    container_spec {
      image = "${data.docker_registry_image.traefik.name}@${data.docker_registry_image.traefik.sha256_digest}"

      env = {
        HETZNER_API_KEY_FILE = "/hetznerdns-token"
      }

      secrets {
        secret_id   = docker_secret.hetzner_dns_api_token.id
        secret_name = docker_secret.hetzner_dns_api_token.name
        file_name   = "/hetznerdns-token"
        file_uid    = "0"
        file_gid    = "0"
        file_mode   = "0400"
      }

      labels {
        label = "shepherd.auto-update"
        value = "true"
      }

      mounts {
        target = "/var/run/docker.sock"
        source = "/var/run/docker.sock"
        type   = "bind"
      }

      mounts {
        target = "/acme"
        source = docker_volume.traefik_acme.name
        type   = "volume"
      }

      configs {
        config_id   = docker_config.traefik.id
        config_name = docker_config.traefik.name
        file_name   = "/etc/traefik/traefik.yaml"
        file_uid    = "0"
        file_gid    = "0"
        file_mode   = "0400"
      }

      configs {
        config_id   = docker_config.traefik_dynamic.id
        config_name = docker_config.traefik_dynamic.name
        file_name   = "/etc/traefik/dynamic/dynamic.yaml"
        file_uid    = "0"
        file_gid    = "0"
        file_mode   = "0400"
      }
    }
  }
}
Initial Things™, should be good enough to collaborate on 2024-01-25 19:13:35 +01:00			`data "docker_registry_image" "traefik" {`
			`name = "traefik:v2.9"`
			`}`

			`resource "docker_secret" "hetzner_dns_api_token" {`
			`name = "traefik_hetzner_dns_api_token-${replace(timestamp(), ":", ".")}"`
			`data = base64encode(var.hetzner_dns_api_token)`
			`lifecycle {`
			`ignore_changes = [name]`
			`create_before_destroy = true`
			`}`
			`}`

			`resource "docker_network" "traefik" {`
			`name = "traefik"`
			`attachable = true`
			`driver = "overlay"`

			`lifecycle {`
			`ignore_changes = [labels]`
			`}`
			`}`

			`resource "docker_volume" "traefik_acme" {`
			`name = "traefik_acme"`

			`lifecycle {`
			`prevent_destroy = true`
			`}`
			`}`

			`resource "docker_service" "traefik" {`
			`name = "traefik"`

			`mode {`
			`global = true`
			`}`

			`endpoint_spec {`
			`ports {`
			`target_port = 80`
			`published_port = 80`
			`protocol = "tcp"`
			`publish_mode = "host"`
			`}`

			`ports {`
			`target_port = 443`
			`published_port = 443`
			`protocol = "tcp"`
			`publish_mode = "host"`
			`}`

			`ports {`
			`target_port = 443`
			`published_port = 443`
			`protocol = "udp"`
			`publish_mode = "host"`
			`}`

			`ports {`
			`target_port = 8883`
			`published_port = 8883`
			`protocol = "tcp"`
			`publish_mode = "host"`
			`}`
			`}`

			`task_spec {`
			`networks_advanced {`
			`name = docker_network.traefik.id`
			`}`

			`container_spec {`
			`image = "${data.docker_registry_image.traefik.name}@${data.docker_registry_image.traefik.sha256_digest}"`

			`env = {`
			`HETZNER_API_KEY_FILE = "/hetznerdns-token"`
			`}`

			`secrets {`
			`secret_id = docker_secret.hetzner_dns_api_token.id`
			`secret_name = docker_secret.hetzner_dns_api_token.name`
			`file_name = "/hetznerdns-token"`
			`file_uid = "0"`
			`file_gid = "0"`
			`file_mode = "0400"`
			`}`

			`labels {`
			`label = "shepherd.auto-update"`
			`value = "true"`
			`}`

			`mounts {`
			`target = "/var/run/docker.sock"`
			`source = "/var/run/docker.sock"`
			`type = "bind"`
			`}`

			`mounts {`
			`target = "/acme"`
			`source = docker_volume.traefik_acme.name`
			`type = "volume"`
			`}`

			`configs {`
			`config_id = docker_config.traefik.id`
			`config_name = docker_config.traefik.name`
			`file_name = "/etc/traefik/traefik.yaml"`
			`file_uid = "0"`
			`file_gid = "0"`
			`file_mode = "0400"`
			`}`

			`configs {`
			`config_id = docker_config.traefik_dynamic.id`
			`config_name = docker_config.traefik_dynamic.name`
			`file_name = "/etc/traefik/dynamic/dynamic.yaml"`
			`file_uid = "0"`
			`file_gid = "0"`
			`file_mode = "0400"`
			`}`
			`}`
			`}`
			`}`