mensa/modules/docker/proxy/main.tf at d1dd009ed46241a3e08d09ad599937b64c3cd42d · code0-tech/mensa · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
terraform {
  required_providers {
    docker = {
      source  = "kreuzwerker/docker"
      version = "3.6.2"
    }
    cloudflare = {
      source  = "cloudflare/cloudflare"
      version = "5.17.0"
    }
  }
}

data "docker_registry_image" "proxy" {
  name = "nginxproxy/nginx-proxy:1.10.0"
}

resource "docker_image" "proxy" {
  name          = data.docker_registry_image.proxy.name
  pull_triggers = [data.docker_registry_image.proxy.sha256_digest]
}

resource "docker_network" "proxy" {
  name       = "proxy"
  attachable = true
}

module "certificates" {
  source   = "../../cloudflare/certificate"
  hostname = each.value
  for_each = var.certificate_hostnames
}

resource "docker_container" "proxy" {
  //noinspection HILUnresolvedReference
  image   = docker_image.proxy.image_id
  name    = "proxy"
  restart = "always"

  ports {
    internal = 443
    external = 443
  }

  network_mode = "bridge"

  networks_advanced {
    name = docker_network.proxy.id
  }

  volumes {
    container_path = "/tmp/docker.sock"
    host_path      = "/var/run/docker.sock"
    read_only      = true
  }

  dynamic "upload" {
    for_each = module.certificates
    content {
      file    = "/etc/nginx/certs/${upload.value["hostname"]}.crt"
      content = upload.value["certificate"]
    }
  }

  dynamic "upload" {
    for_each = module.certificates
    content {
      file    = "/etc/nginx/certs/${upload.value["hostname"]}.key"
      content = upload.value["private_key"]
    }
  }
}