101 lines
2.6 KiB
HCL
101 lines
2.6 KiB
HCL
data "docker_registry_image" "wekan" {
|
|
name = "quay.io/wekan/wekan"
|
|
}
|
|
|
|
data "docker_registry_image" "mongo" {
|
|
name = "mongo:6" // Yes. Don't ask.
|
|
}
|
|
|
|
data "docker_network" "traefik" {
|
|
name = "traefik"
|
|
}
|
|
|
|
resource "docker_network" "wekan" {
|
|
name = "wekan"
|
|
attachable = true
|
|
driver = "overlay"
|
|
|
|
lifecycle {
|
|
ignore_changes = [labels]
|
|
}
|
|
}
|
|
|
|
|
|
|
|
locals {
|
|
labels = {
|
|
"shepherd.auto-update" = "true",
|
|
"traefik.enable" = "true"
|
|
"traefik.http.services.wekan.loadbalancer.server.port" = "8080",
|
|
"traefik.http.routers.wekan.rule" = "Host(`kanban.chaoswest.tv`)",
|
|
"traefik.http.routers.wekan.tls" = "true",
|
|
"traefik.http.routers.wekan.tls.certresolver" = "default",
|
|
}
|
|
}
|
|
|
|
resource "docker_service" "mongo" {
|
|
name = "wekan-mongo"
|
|
|
|
task_spec {
|
|
networks_advanced {
|
|
name = docker_network.wekan.id
|
|
}
|
|
|
|
container_spec {
|
|
image = "${data.docker_registry_image.mongo.name}@${data.docker_registry_image.mongo.sha256_digest}"
|
|
|
|
mounts {
|
|
target = "/data/db"
|
|
source = "/mnt/data/kanban/mongodb/"
|
|
type = "bind"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "docker_service" "wekan" {
|
|
name = "wekan"
|
|
|
|
dynamic "labels" {
|
|
for_each = local.labels
|
|
content {
|
|
label = labels.key
|
|
value = labels.value
|
|
}
|
|
}
|
|
|
|
task_spec {
|
|
networks_advanced {
|
|
name = data.docker_network.traefik.id
|
|
}
|
|
|
|
networks_advanced {
|
|
name = docker_network.wekan.id
|
|
}
|
|
|
|
container_spec {
|
|
image = "${data.docker_registry_image.wekan.name}@${data.docker_registry_image.wekan.sha256_digest}"
|
|
|
|
env = merge({
|
|
for k, v in var.secrets : k => v
|
|
}, {
|
|
MONGO_URL = "mongodb://wekan-mongo:27017/wekan"
|
|
ROOT_URL = "https://kanban.chaoswest.tv/"
|
|
#OIDC_REDIRECTION_ENABLED = "true"
|
|
OAUTH2_ENABLED = "true"
|
|
OAUTH2_LOGIN_STYLE = "redirect"
|
|
OAUTH2_SERVER_URL = "https://authentik.montage2.de"
|
|
OAUTH2_CLIENT_ID = var.secrets.authentik_client_id
|
|
OAUTH2_SECRET = var.secrets.authentik_client_secret
|
|
OAUTH2_AUTH_ENDPOINT = "/application/o/authorize/"
|
|
OAUTH2_USERINFO_ENDPOINT = "/application/o/userinfo/"
|
|
OAUTH2_TOKEN_ENDPOINT = "/application/o/token/"
|
|
OAUTH2_ID_MAP = "preferred_username"
|
|
OAUTH2_USERNAME_MAP = "preferred_username"
|
|
OAUTH2_FULLNAME_MAP = "given_name"
|
|
OAUTH2_EMAIL_MAP = "email"
|
|
})
|
|
}
|
|
}
|
|
}
|