data "docker_registry_image" "traefik" { name = "traefik:v2.9" } resource "docker_secret" "hetzner_dns_api_token" { name = "traefik_hetzner_dns_api_token-${replace(timestamp(), ":", ".")}" data = base64encode(var.hetzner_dns_api_token) lifecycle { ignore_changes = [name] create_before_destroy = true } } resource "docker_network" "traefik" { name = "traefik" attachable = true driver = "overlay" lifecycle { ignore_changes = [labels] } } resource "docker_volume" "traefik_acme" { name = "traefik_acme" lifecycle { prevent_destroy = true } } resource "docker_service" "traefik" { name = "traefik" mode { global = true } endpoint_spec { ports { target_port = 80 published_port = 80 protocol = "tcp" publish_mode = "host" } ports { target_port = 443 published_port = 443 protocol = "tcp" publish_mode = "host" } ports { target_port = 443 published_port = 443 protocol = "udp" publish_mode = "host" } ports { target_port = 8883 published_port = 8883 protocol = "tcp" publish_mode = "host" } } task_spec { networks_advanced { name = docker_network.traefik.id } container_spec { image = "${data.docker_registry_image.traefik.name}@${data.docker_registry_image.traefik.sha256_digest}" env = { HETZNER_API_KEY_FILE = "/hetznerdns-token" } secrets { secret_id = docker_secret.hetzner_dns_api_token.id secret_name = docker_secret.hetzner_dns_api_token.name file_name = "/hetznerdns-token" file_uid = "0" file_gid = "0" file_mode = "0400" } labels { label = "shepherd.auto-update" value = "true" } mounts { target = "/var/run/docker.sock" source = "/var/run/docker.sock" type = "bind" } mounts { target = "/acme" source = docker_volume.traefik_acme.name type = "volume" } configs { config_id = docker_config.traefik.id config_name = docker_config.traefik.name file_name = "/etc/traefik/traefik.yaml" file_uid = "0" file_gid = "0" file_mode = "0400" } configs { config_id = docker_config.traefik_dynamic.id config_name = docker_config.traefik_dynamic.name file_name = "/etc/traefik/dynamic/dynamic.yaml" file_uid = "0" file_gid = "0" file_mode = "0400" } } } }