tf/modules/swarm/hedgedoc/main.tf

90 lines
3.1 KiB
HCL

data "docker_registry_image" "hedgedoc" {
name = "quay.io/hedgedoc/hedgedoc:1.9.9"
}
data "docker_network" "traefik" {
name = "traefik"
}
resource "docker_network" "hedgedoc" {
name = "hedgedoc"
attachable = true
driver = "overlay"
lifecycle {
ignore_changes = [labels]
}
}
locals {
labels = {
"shepherd.auto-update" = "true",
"traefik.enable" = "true"
"traefik.http.services.hedgedoc.loadbalancer.server.port" = "3000",
"traefik.http.routers.hedgedoc.rule" = "Host(`pad.montage2.de`)||Host(`pad.chaoswest.tv`)",
"traefik.http.routers.hedgedoc.tls" = "true",
"traefik.http.routers.hedgedoc.tls.certresolver" = "default",
"traefik.http.routers.hedgedoc.middlewares" = "hedgedoc-redirect",
"traefik.http.middlewares.hedgedoc-redirect.redirectregex.regex" = "^https://pad.montage2.de/(.*)",
"traefik.http.middlewares.hedgedoc-redirect.redirectregex.replacement" = "https://pad.chaoswest.tv/$$${1}", # double escaping is necessary here
}
}
resource "docker_service" "hedgedoc" {
name = "hedgedoc"
dynamic "labels" {
for_each = local.labels
content {
label = labels.key
value = labels.value
}
}
task_spec {
networks_advanced {
name = data.docker_network.traefik.id
}
networks_advanced {
name = docker_network.hedgedoc.id
}
container_spec {
image = "${data.docker_registry_image.hedgedoc.name}@${data.docker_registry_image.hedgedoc.sha256_digest}"
env = merge({
for k, v in var.secrets : k => v
}, {
CMD_DB_URL = "sqlite:/hedgedoc/db/hedgedoc.sqlite",
CMD_DOMAIN = "pad.chaoswest.tv",
CMD_URL_ADDPORT = "false",
CMD_PROTOCOL_USESSL = "true",
CMD_EMAIL = "false",
CMD_ALLOW_EMAIL_REGISTER = "false",
CMD_ALLOW_FREEURL = "true",
CMD_OAUTH2_PROVIDERNAME = "authentik",
CMD_OAUTH2_SCOPE = "openid email profile",
CMD_OAUTH2_USER_PROFILE_URL = "https://authentik.montage2.de/application/o/userinfo/",
CMD_OAUTH2_TOKEN_URL = "https://authentik.montage2.de/application/o/token/",
CMD_OAUTH2_AUTHORIZATION_URL = "https://authentik.montage2.de/application/o/authorize/",
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR = "preferred_username",
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR = "name",
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR = "email",
})
mounts {
target = "/hedgedoc/db"
source = "/mnt/data/pad/db"
type = "bind"
}
mounts {
target = "/hedgedoc/public/uploads"
source = "/mnt/data/pad/uploads"
type = "bind"
}
}
}
}