data "docker_registry_image" "grafana" { name = "grafana/grafana:latest" } data "docker_network" "traefik" { name = "traefik" } locals { labels = { "shepherd.auto-update" = "true", "traefik.enable" = "true" "traefik.http.services.grafana.loadbalancer.server.port" = "3000", "traefik.http.routers.grafana.rule" = "Host(`grafana.chaoswest.tv`)", "traefik.http.routers.grafana.tls" = "true", "traefik.http.routers.grafana.tls.certresolver" = "default", } } resource "docker_service" "grafana" { name = "grafana" dynamic "labels" { for_each = local.labels content { label = labels.key value = labels.value } } task_spec { networks_advanced { name = data.docker_network.traefik.id } container_spec { image = "${data.docker_registry_image.grafana.name}@${data.docker_registry_image.grafana.sha256_digest}" env = { for k, v in var.secrets : "${upper(k)}__FILE" => "/run/secrets/${k}" } dynamic "secrets" { for_each = nonsensitive(var.secrets) content { secret_id = docker_secret.secrets[secrets.key].id secret_name = docker_secret.secrets[secrets.key].name file_name = "/run/secrets/${secrets.key}" file_uid = "472" file_gid = "472" file_mode = "0400" } } mounts { target = "/var/lib/grafana/" source = "/mnt/data/grafana/" type = "bind" } configs { config_id = docker_config.grafana.id config_name = docker_config.grafana.name file_name = "/etc/grafana/grafana.ini" file_uid = "472" file_gid = "472" file_mode = "0400" } } } } data "hetznerdns_zone" "primary" { name = "chaoswest.tv" } resource "hetznerdns_record" "primary" { zone_id = data.hetznerdns_zone.primary.id name = "grafana" value = "ax41-1.fsn.mon2.de." type = "CNAME" }