tf/modules/swarm/wekan/main.tf

data "docker_registry_image" "wekan" {
  name = "quay.io/wekan/wekan"
}

data "docker_registry_image" "mongo" {
  name = "mongo:6" // Yes. Don't ask.
}

data "docker_network" "traefik" {
  name = "traefik"
}

resource "docker_network" "wekan" {
  name       = "wekan"
  attachable = true
  driver     = "overlay"

  lifecycle {
    ignore_changes = [labels]
  }
}


locals {
  labels = {
    "shepherd.auto-update"                                 = "true",
    "traefik.enable"                                       = "true"
    "traefik.http.services.wekan.loadbalancer.server.port" = "8080",
    "traefik.http.routers.wekan.rule"                      = "Host(`kanban.chaoswest.tv`)",
    "traefik.http.routers.wekan.tls"                       = "true",
    "traefik.http.routers.wekan.tls.certresolver"          = "default",
  }
}

resource "docker_service" "mongo" {
  name = "wekan-mongo"

  task_spec {
    networks_advanced {
      name = docker_network.wekan.id
    }

    container_spec {
      image = "${data.docker_registry_image.mongo.name}@${data.docker_registry_image.mongo.sha256_digest}"

      mounts {
        target = "/data/db"
        source = "/mnt/data/kanban/mongodb/"
        type   = "bind"
      }
    }
  }
}

resource "docker_service" "wekan" {
  name = "wekan"

  dynamic "labels" {
    for_each = local.labels
    content {
      label = labels.key
      value = labels.value
    }
  }

  task_spec {
    networks_advanced {
      name = data.docker_network.traefik.id
    }

    networks_advanced {
      name = docker_network.wekan.id
    }

    container_spec {
      image = "${data.docker_registry_image.wekan.name}@${data.docker_registry_image.wekan.sha256_digest}"

      env = merge({
        for k, v in var.secrets : k => v
        }, {
        MONGO_URL                = "mongodb://wekan-mongo:27017/wekan"
        ROOT_URL                 = "https://kanban.chaoswest.tv/"
        #OIDC_REDIRECTION_ENABLED = "true"
        OAUTH2_ENABLED           = "true"
        OAUTH2_LOGIN_STYLE       = "redirect"
        OAUTH2_SERVER_URL        = "https://authentik.montage2.de"
        OAUTH2_CLIENT_ID         = var.secrets.authentik_client_id
        OAUTH2_SECRET            = var.secrets.authentik_client_secret
        OAUTH2_AUTH_ENDPOINT     = "/application/o/authorize/"
        OAUTH2_USERINFO_ENDPOINT = "/application/o/userinfo/"
        OAUTH2_TOKEN_ENDPOINT    = "/application/o/token/"
        OAUTH2_ID_MAP            = "preferred_username"
        OAUTH2_USERNAME_MAP      = "preferred_username"
        OAUTH2_FULLNAME_MAP      = "given_name"
        OAUTH2_EMAIL_MAP         = "email"
      })
    }
  }
}
wekan, i guess 2024-02-24 13:19:46 +01:00			`data "docker_registry_image" "wekan" {`
			`name = "quay.io/wekan/wekan"`
			`}`

			`data "docker_registry_image" "mongo" {`
			`name = "mongo:6" // Yes. Don't ask.`
			`}`

			`data "docker_network" "traefik" {`
			`name = "traefik"`
			`}`

			`resource "docker_network" "wekan" {`
			`name = "wekan"`
			`attachable = true`
			`driver = "overlay"`

			`lifecycle {`
			`ignore_changes = [labels]`
			`}`
			`}`



			`locals {`
			`labels = {`
			`"shepherd.auto-update" = "true",`
			`"traefik.enable" = "true"`
			`"traefik.http.services.wekan.loadbalancer.server.port" = "8080",`
			"traefik.http.routers.wekan.rule" = "Host(`kanban.chaoswest.tv`)",
			`"traefik.http.routers.wekan.tls" = "true",`
			`"traefik.http.routers.wekan.tls.certresolver" = "default",`
			`}`
			`}`

			`resource "docker_service" "mongo" {`
			`name = "wekan-mongo"`

			`task_spec {`
			`networks_advanced {`
			`name = docker_network.wekan.id`
			`}`

			`container_spec {`
			`image = "${data.docker_registry_image.mongo.name}@${data.docker_registry_image.mongo.sha256_digest}"`

			`mounts {`
			`target = "/data/db"`
			`source = "/mnt/data/kanban/mongodb/"`
			`type = "bind"`
			`}`
			`}`
			`}`
			`}`

			`resource "docker_service" "wekan" {`
			`name = "wekan"`

			`dynamic "labels" {`
			`for_each = local.labels`
			`content {`
			`label = labels.key`
			`value = labels.value`
			`}`
			`}`

			`task_spec {`
			`networks_advanced {`
			`name = data.docker_network.traefik.id`
			`}`

			`networks_advanced {`
			`name = docker_network.wekan.id`
			`}`

			`container_spec {`
			`image = "${data.docker_registry_image.wekan.name}@${data.docker_registry_image.wekan.sha256_digest}"`

			`env = merge({`
			`for k, v in var.secrets : k => v`
			`}, {`
			`MONGO_URL = "mongodb://wekan-mongo:27017/wekan"`
			`ROOT_URL = "https://kanban.chaoswest.tv/"`
			`#OIDC_REDIRECTION_ENABLED = "true"`
			`OAUTH2_ENABLED = "true"`
			`OAUTH2_LOGIN_STYLE = "redirect"`
			`OAUTH2_SERVER_URL = "https://authentik.montage2.de"`
			`OAUTH2_CLIENT_ID = var.secrets.authentik_client_id`
			`OAUTH2_SECRET = var.secrets.authentik_client_secret`
			`OAUTH2_AUTH_ENDPOINT = "/application/o/authorize/"`
			`OAUTH2_USERINFO_ENDPOINT = "/application/o/userinfo/"`
			`OAUTH2_TOKEN_ENDPOINT = "/application/o/token/"`
			`OAUTH2_ID_MAP = "preferred_username"`
			`OAUTH2_USERNAME_MAP = "preferred_username"`
			`OAUTH2_FULLNAME_MAP = "given_name"`
			`OAUTH2_EMAIL_MAP = "email"`
			`})`
			`}`
			`}`
			`}`