127 lines
2.6 KiB
Terraform
127 lines
2.6 KiB
Terraform
|
data "docker_registry_image" "traefik" {
|
||
|
name = "traefik:v2.9"
|
||
|
}
|
||
|
|
||
|
resource "docker_secret" "hetzner_dns_api_token" {
|
||
|
name = "traefik_hetzner_dns_api_token-${replace(timestamp(), ":", ".")}"
|
||
|
data = base64encode(var.hetzner_dns_api_token)
|
||
|
lifecycle {
|
||
|
ignore_changes = [name]
|
||
|
create_before_destroy = true
|
||
|
}
|
||
|
}
|
||
|
|
||
|
resource "docker_network" "traefik" {
|
||
|
name = "traefik"
|
||
|
attachable = true
|
||
|
driver = "overlay"
|
||
|
|
||
|
lifecycle {
|
||
|
ignore_changes = [labels]
|
||
|
}
|
||
|
}
|
||
|
|
||
|
resource "docker_volume" "traefik_acme" {
|
||
|
name = "traefik_acme"
|
||
|
|
||
|
lifecycle {
|
||
|
prevent_destroy = true
|
||
|
}
|
||
|
}
|
||
|
|
||
|
resource "docker_service" "traefik" {
|
||
|
name = "traefik"
|
||
|
|
||
|
mode {
|
||
|
global = true
|
||
|
}
|
||
|
|
||
|
endpoint_spec {
|
||
|
ports {
|
||
|
target_port = 80
|
||
|
published_port = 80
|
||
|
protocol = "tcp"
|
||
|
publish_mode = "host"
|
||
|
}
|
||
|
|
||
|
ports {
|
||
|
target_port = 443
|
||
|
published_port = 443
|
||
|
protocol = "tcp"
|
||
|
publish_mode = "host"
|
||
|
}
|
||
|
|
||
|
ports {
|
||
|
target_port = 443
|
||
|
published_port = 443
|
||
|
protocol = "udp"
|
||
|
publish_mode = "host"
|
||
|
}
|
||
|
|
||
|
ports {
|
||
|
target_port = 8883
|
||
|
published_port = 8883
|
||
|
protocol = "tcp"
|
||
|
publish_mode = "host"
|
||
|
}
|
||
|
}
|
||
|
|
||
|
task_spec {
|
||
|
networks_advanced {
|
||
|
name = docker_network.traefik.id
|
||
|
}
|
||
|
|
||
|
container_spec {
|
||
|
image = "${data.docker_registry_image.traefik.name}@${data.docker_registry_image.traefik.sha256_digest}"
|
||
|
|
||
|
env = {
|
||
|
HETZNER_API_KEY_FILE = "/hetznerdns-token"
|
||
|
}
|
||
|
|
||
|
secrets {
|
||
|
secret_id = docker_secret.hetzner_dns_api_token.id
|
||
|
secret_name = docker_secret.hetzner_dns_api_token.name
|
||
|
file_name = "/hetznerdns-token"
|
||
|
file_uid = "0"
|
||
|
file_gid = "0"
|
||
|
file_mode = "0400"
|
||
|
}
|
||
|
|
||
|
labels {
|
||
|
label = "shepherd.auto-update"
|
||
|
value = "true"
|
||
|
}
|
||
|
|
||
|
mounts {
|
||
|
target = "/var/run/docker.sock"
|
||
|
source = "/var/run/docker.sock"
|
||
|
type = "bind"
|
||
|
}
|
||
|
|
||
|
mounts {
|
||
|
target = "/acme"
|
||
|
source = docker_volume.traefik_acme.name
|
||
|
type = "volume"
|
||
|
}
|
||
|
|
||
|
configs {
|
||
|
config_id = docker_config.traefik.id
|
||
|
config_name = docker_config.traefik.name
|
||
|
file_name = "/etc/traefik/traefik.yaml"
|
||
|
file_uid = "0"
|
||
|
file_gid = "0"
|
||
|
file_mode = "0400"
|
||
|
}
|
||
|
|
||
|
configs {
|
||
|
config_id = docker_config.traefik_dynamic.id
|
||
|
config_name = docker_config.traefik_dynamic.name
|
||
|
file_name = "/etc/traefik/dynamic/dynamic.yaml"
|
||
|
file_uid = "0"
|
||
|
file_gid = "0"
|
||
|
file_mode = "0400"
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|