90 lines
3.1 KiB
HCL
90 lines
3.1 KiB
HCL
data "docker_registry_image" "hedgedoc" {
|
|
name = "quay.io/hedgedoc/hedgedoc:1.9.9"
|
|
}
|
|
|
|
data "docker_network" "traefik" {
|
|
name = "traefik"
|
|
}
|
|
|
|
resource "docker_network" "hedgedoc" {
|
|
name = "hedgedoc"
|
|
attachable = true
|
|
driver = "overlay"
|
|
|
|
lifecycle {
|
|
ignore_changes = [labels]
|
|
}
|
|
}
|
|
|
|
locals {
|
|
labels = {
|
|
"shepherd.auto-update" = "true",
|
|
"traefik.enable" = "true"
|
|
"traefik.http.services.hedgedoc.loadbalancer.server.port" = "3000",
|
|
"traefik.http.routers.hedgedoc.rule" = "Host(`pad.montage2.de`)||Host(`pad.chaoswest.tv`)",
|
|
"traefik.http.routers.hedgedoc.tls" = "true",
|
|
"traefik.http.routers.hedgedoc.tls.certresolver" = "default",
|
|
"traefik.http.routers.hedgedoc.middlewares" = "hedgedoc-redirect",
|
|
"traefik.http.middlewares.hedgedoc-redirect.redirectregex.regex" = "^https://pad.montage2.de/(.*)",
|
|
"traefik.http.middlewares.hedgedoc-redirect.redirectregex.replacement" = "https://pad.chaoswest.tv/$$${1}", # double escaping is necessary here
|
|
}
|
|
}
|
|
|
|
resource "docker_service" "hedgedoc" {
|
|
name = "hedgedoc"
|
|
|
|
dynamic "labels" {
|
|
for_each = local.labels
|
|
content {
|
|
label = labels.key
|
|
value = labels.value
|
|
}
|
|
}
|
|
|
|
task_spec {
|
|
networks_advanced {
|
|
name = data.docker_network.traefik.id
|
|
}
|
|
|
|
networks_advanced {
|
|
name = docker_network.hedgedoc.id
|
|
}
|
|
|
|
container_spec {
|
|
image = "${data.docker_registry_image.hedgedoc.name}@${data.docker_registry_image.hedgedoc.sha256_digest}"
|
|
|
|
env = merge({
|
|
for k, v in var.secrets : k => v
|
|
}, {
|
|
CMD_DB_URL = "sqlite:/hedgedoc/db/hedgedoc.sqlite",
|
|
CMD_DOMAIN = "pad.chaoswest.tv",
|
|
CMD_URL_ADDPORT = "false",
|
|
CMD_PROTOCOL_USESSL = "true",
|
|
CMD_EMAIL = "false",
|
|
CMD_ALLOW_EMAIL_REGISTER = "false",
|
|
CMD_ALLOW_FREEURL = "true",
|
|
CMD_OAUTH2_PROVIDERNAME = "authentik",
|
|
CMD_OAUTH2_SCOPE = "openid email profile",
|
|
CMD_OAUTH2_USER_PROFILE_URL = "https://authentik.montage2.de/application/o/userinfo/",
|
|
CMD_OAUTH2_TOKEN_URL = "https://authentik.montage2.de/application/o/token/",
|
|
CMD_OAUTH2_AUTHORIZATION_URL = "https://authentik.montage2.de/application/o/authorize/",
|
|
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR = "preferred_username",
|
|
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR = "name",
|
|
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR = "email",
|
|
})
|
|
|
|
mounts {
|
|
target = "/hedgedoc/db"
|
|
source = "/mnt/data/pad/db"
|
|
type = "bind"
|
|
}
|
|
|
|
mounts {
|
|
target = "/hedgedoc/public/uploads"
|
|
source = "/mnt/data/pad/uploads"
|
|
type = "bind"
|
|
}
|
|
}
|
|
}
|
|
}
|