tf/modules/swarm/hedgedoc/main.tf

data "docker_registry_image" "hedgedoc" {
  name = "quay.io/hedgedoc/hedgedoc:1.9.9"
}

data "docker_registry_image" "hedgedoc_mysql" {
  name = "mysql:8"
}

data "docker_network" "traefik" {
  name = "traefik"
}

resource "docker_network" "hedgedoc" {
  name       = "hedgedoc"
  attachable = true
  driver     = "overlay"

  lifecycle {
    ignore_changes = [labels]
  }
}


locals {
  labels = {
    "shepherd.auto-update"                                                 = "true",
    "traefik.enable"                                                       = "true"
    "traefik.http.services.hedgedoc.loadbalancer.server.port"              = "3000",
    "traefik.http.routers.hedgedoc.rule"                                   = "Host(`pad.montage2.de`)||Host(`pad.chaoswest.tv`)",
    "traefik.http.routers.hedgedoc.tls"                                    = "true",
    "traefik.http.routers.hedgedoc.tls.certresolver"                       = "default",
    "traefik.http.routers.hedgedoc.middlewares"                            = "hedgedoc-redirect",
    "traefik.http.middlewares.hedgedoc-redirect.redirectregex.regex"       = "^https://pad.chaoswest.tv/(.*)",
    "traefik.http.middlewares.hedgedoc-redirect.redirectregex.replacement" = "https://pad.montage2.de/$$${1}", # double escaping is necessary here
  }
}

resource "docker_service" "hedgedoc_mysql" {
  name = "hedgedoc-mysql"

  task_spec {
    networks_advanced {
      name = docker_network.hedgedoc.id
    }

    container_spec {
      image = "${data.docker_registry_image.hedgedoc_mysql.name}@${data.docker_registry_image.hedgedoc_mysql.sha256_digest}"

      args = [
        "--character-set-server=utf8mb4",
        "--collation-server=utf8mb4_unicode_ci"
      ]

      env = {
        MYSQL_RANDOM_ROOT_PASSWORD = "1",
        MYSQL_DATABASE             = "hedgedoc",
        MYSQL_USER                 = "hedgedoc",
        MYSQL_PASSWORD             = "hedgedoc",
      }

      mounts {
        target = "/var/lib/mysql/"
        source = "/mnt/data/pad/mysql/"
        type   = "bind"
      }
    }
  }
}

resource "docker_service" "hedgedoc" {
  name = "hedgedoc"

  dynamic "labels" {
    for_each = local.labels
    content {
      label = labels.key
      value = labels.value
    }
  }

  task_spec {
    networks_advanced {
      name = data.docker_network.traefik.id
    }

    networks_advanced {
      name = docker_network.hedgedoc.id
    }

    container_spec {
      image = "${data.docker_registry_image.hedgedoc.name}@${data.docker_registry_image.hedgedoc.sha256_digest}"

      env = merge({
        for k, v in var.secrets : k => v
        }, {
        CMD_DB_URL                                = "mysql://hedgedoc:hedgedoc@hedgedoc-mysql:3306/hedgedoc",
        CMD_DOMAIN                                = "pad.montage2.de",
        CMD_URL_ADDPORT                           = "false",
        CMD_PROTOCOL_USESSL                       = "true",
        CMD_EMAIL                                 = "false",
        CMD_ALLOW_EMAIL_REGISTER                  = "false",
        CMD_ALLOW_FREEURL                         = "true",
        CMD_GITLAB_BASEURL                        = "https://gitlab.montage2.de",
        CMD_OAUTH2_PROVIDERNAME                   = "authentik",
        CMD_OAUTH2_SCOPE                          = "openid email profile",
        CMD_OAUTH2_USER_PROFILE_URL               = "https://authentik.montage2.de/application/o/userinfo/",
        CMD_OAUTH2_TOKEN_URL                      = "https://authentik.montage2.de/application/o/token/",
        CMD_OAUTH2_AUTHORIZATION_URL              = "https://authentik.montage2.de/application/o/authorize/",
        CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR     = "preferred_username",
        CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR = "name",
        CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR        = "email",
      })

      mounts {
        target = "/hedgedoc/public/uploads"
        source = "/mnt/data/pad/uploads"
        type   = "bind"
      }
    }
  }
}
Initial Things™, should be good enough to collaborate on 2024-01-25 19:13:35 +01:00			`data "docker_registry_image" "hedgedoc" {`
			`name = "quay.io/hedgedoc/hedgedoc:1.9.9"`
			`}`

			`data "docker_registry_image" "hedgedoc_mysql" {`
			`name = "mysql:8"`
			`}`

			`data "docker_network" "traefik" {`
			`name = "traefik"`
			`}`

			`resource "docker_network" "hedgedoc" {`
			`name = "hedgedoc"`
			`attachable = true`
			`driver = "overlay"`

			`lifecycle {`
			`ignore_changes = [labels]`
			`}`
			`}`



			`locals {`
			`labels = {`
			`"shepherd.auto-update" = "true",`
			`"traefik.enable" = "true"`
			`"traefik.http.services.hedgedoc.loadbalancer.server.port" = "3000",`
			"traefik.http.routers.hedgedoc.rule" = "Host(`pad.montage2.de`)\|\|Host(`pad.chaoswest.tv`)",
			`"traefik.http.routers.hedgedoc.tls" = "true",`
			`"traefik.http.routers.hedgedoc.tls.certresolver" = "default",`
			`"traefik.http.routers.hedgedoc.middlewares" = "hedgedoc-redirect",`
			`"traefik.http.middlewares.hedgedoc-redirect.redirectregex.regex" = "^https://pad.chaoswest.tv/(.*)",`
			`"traefik.http.middlewares.hedgedoc-redirect.redirectregex.replacement" = "https://pad.montage2.de/$$${1}", # double escaping is necessary here`
			`}`
			`}`

			`resource "docker_service" "hedgedoc_mysql" {`
			`name = "hedgedoc-mysql"`

			`task_spec {`
			`networks_advanced {`
			`name = docker_network.hedgedoc.id`
			`}`

			`container_spec {`
			`image = "${data.docker_registry_image.hedgedoc_mysql.name}@${data.docker_registry_image.hedgedoc_mysql.sha256_digest}"`

			`args = [`
			`"--character-set-server=utf8mb4",`
			`"--collation-server=utf8mb4_unicode_ci"`
			`]`

			`env = {`
			`MYSQL_RANDOM_ROOT_PASSWORD = "1",`
			`MYSQL_DATABASE = "hedgedoc",`
			`MYSQL_USER = "hedgedoc",`
			`MYSQL_PASSWORD = "hedgedoc",`
			`}`

			`mounts {`
			`target = "/var/lib/mysql/"`
			`source = "/mnt/data/pad/mysql/"`
			`type = "bind"`
			`}`
			`}`
			`}`
			`}`

			`resource "docker_service" "hedgedoc" {`
			`name = "hedgedoc"`

			`dynamic "labels" {`
			`for_each = local.labels`
			`content {`
			`label = labels.key`
			`value = labels.value`
			`}`
			`}`

			`task_spec {`
			`networks_advanced {`
			`name = data.docker_network.traefik.id`
			`}`

			`networks_advanced {`
			`name = docker_network.hedgedoc.id`
			`}`

			`container_spec {`
			`image = "${data.docker_registry_image.hedgedoc.name}@${data.docker_registry_image.hedgedoc.sha256_digest}"`

			`env = merge({`
			`for k, v in var.secrets : k => v`
			`}, {`
			`CMD_DB_URL = "mysql://hedgedoc:hedgedoc@hedgedoc-mysql:3306/hedgedoc",`
			`CMD_DOMAIN = "pad.montage2.de",`
			`CMD_URL_ADDPORT = "false",`
			`CMD_PROTOCOL_USESSL = "true",`
			`CMD_EMAIL = "false",`
			`CMD_ALLOW_EMAIL_REGISTER = "false",`
			`CMD_ALLOW_FREEURL = "true",`
			`CMD_GITLAB_BASEURL = "https://gitlab.montage2.de",`
			`CMD_OAUTH2_PROVIDERNAME = "authentik",`
			`CMD_OAUTH2_SCOPE = "openid email profile",`
			`CMD_OAUTH2_USER_PROFILE_URL = "https://authentik.montage2.de/application/o/userinfo/",`
			`CMD_OAUTH2_TOKEN_URL = "https://authentik.montage2.de/application/o/token/",`
			`CMD_OAUTH2_AUTHORIZATION_URL = "https://authentik.montage2.de/application/o/authorize/",`
			`CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR = "preferred_username",`
			`CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR = "name",`
			`CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR = "email",`
			`})`

			`mounts {`
			`target = "/hedgedoc/public/uploads"`
			`source = "/mnt/data/pad/uploads"`
			`type = "bind"`
			`}`
			`}`
			`}`
			`}`