From 7258d150ad7880310a37320a9d0a39d413b0c164 Mon Sep 17 00:00:00 2001 From: beatz174-bit Date: Tue, 21 Apr 2026 09:26:36 +1000 Subject: [PATCH] Document full Docker compose container inventory in Terraform --- infrastructure/terraform/docker/authelia.tf | 13 + .../terraform/docker/container-catalog.tf | 613 ++++++++++++++++++ infrastructure/terraform/docker/crowdsec.tf | 13 + .../terraform/docker/docker-socket-proxy.tf | 13 + .../docker/docker-update-exporter.tf | 13 + .../terraform/docker/error-pages.tf | 13 + infrastructure/terraform/docker/gitea.tf | 13 + infrastructure/terraform/docker/gotify.tf | 13 + infrastructure/terraform/docker/grafana.tf | 13 + .../terraform/docker/gramps-redis.tf | 13 + .../terraform/docker/gramps-web-celery.tf | 13 + infrastructure/terraform/docker/gramps-web.tf | 13 + infrastructure/terraform/docker/influxdb.tf | 13 + infrastructure/terraform/docker/main.tf | 28 +- .../terraform/docker/monitor-kuma.tf | 13 + .../terraform/docker/mtls-bridge.tf | 13 + .../terraform/docker/nextcloud-db.tf | 13 + .../terraform/docker/nextcloud-redis.tf | 13 + .../terraform/docker/nextcloud-webapp.tf | 13 + .../terraform/docker/node-exporter.tf | 13 + infrastructure/terraform/docker/node-red.tf | 13 + infrastructure/terraform/docker/outputs.tf | 40 +- .../terraform/docker/passbolt-db.tf | 13 + .../terraform/docker/passbolt-webapp.tf | 13 + .../terraform/docker/pihole-exporter.tf | 13 + infrastructure/terraform/docker/portainer.tf | 13 + infrastructure/terraform/docker/prometheus.tf | 13 + .../terraform/docker/searxng-webapp.tf | 51 +- infrastructure/terraform/docker/telegraf.tf | 13 + infrastructure/terraform/docker/traefik.tf | 13 + infrastructure/terraform/docker/variables.tf | 6 - 31 files changed, 987 insertions(+), 89 deletions(-) create mode 100644 infrastructure/terraform/docker/authelia.tf create mode 100644 infrastructure/terraform/docker/container-catalog.tf create mode 100644 infrastructure/terraform/docker/crowdsec.tf create mode 100644 infrastructure/terraform/docker/docker-socket-proxy.tf create mode 100644 infrastructure/terraform/docker/docker-update-exporter.tf create mode 100644 infrastructure/terraform/docker/error-pages.tf create mode 100644 infrastructure/terraform/docker/gitea.tf create mode 100644 infrastructure/terraform/docker/gotify.tf create mode 100644 infrastructure/terraform/docker/grafana.tf create mode 100644 infrastructure/terraform/docker/gramps-redis.tf create mode 100644 infrastructure/terraform/docker/gramps-web-celery.tf create mode 100644 infrastructure/terraform/docker/gramps-web.tf create mode 100644 infrastructure/terraform/docker/influxdb.tf create mode 100644 infrastructure/terraform/docker/monitor-kuma.tf create mode 100644 infrastructure/terraform/docker/mtls-bridge.tf create mode 100644 infrastructure/terraform/docker/nextcloud-db.tf create mode 100644 infrastructure/terraform/docker/nextcloud-redis.tf create mode 100644 infrastructure/terraform/docker/nextcloud-webapp.tf create mode 100644 infrastructure/terraform/docker/node-exporter.tf create mode 100644 infrastructure/terraform/docker/node-red.tf create mode 100644 infrastructure/terraform/docker/passbolt-db.tf create mode 100644 infrastructure/terraform/docker/passbolt-webapp.tf create mode 100644 infrastructure/terraform/docker/pihole-exporter.tf create mode 100644 infrastructure/terraform/docker/portainer.tf create mode 100644 infrastructure/terraform/docker/prometheus.tf create mode 100644 infrastructure/terraform/docker/telegraf.tf create mode 100644 infrastructure/terraform/docker/traefik.tf diff --git a/infrastructure/terraform/docker/authelia.tf b/infrastructure/terraform/docker/authelia.tf new file mode 100644 index 0000000..99b940e --- /dev/null +++ b/infrastructure/terraform/docker/authelia.tf @@ -0,0 +1,13 @@ +resource "docker_container" "authelia" { + name = local.docker_containers["authelia"].container_name + image = local.docker_containers["authelia"].image + + restart = local.docker_containers["authelia"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/container-catalog.tf b/infrastructure/terraform/docker/container-catalog.tf new file mode 100644 index 0000000..2cce866 --- /dev/null +++ b/infrastructure/terraform/docker/container-catalog.tf @@ -0,0 +1,613 @@ +locals { + docker_containers = { + "authelia" = { + terraform_resource = "docker_container.authelia" + compose_project = "core" + compose_service = "authelia" + compose_file = "core/authelia/docker-compose.yml" + container_name = "authelia" + image = "authelia/authelia" + image_source = "declared_image" + restart_policy = "always" + network_mode = null + networks = ["traefik"] + mounts = ["bind:/home/nixos/docker/core/authelia->/config"] + published_ports = [] + build_context = "/home/nixos/docker/core/authelia" + build_dockerfile = "Dockerfile" + useful_labels = { + "traefik.enable" = "true" + "traefik.http.middlewares.authelia.forwardauth.address" = "http://authelia:9091/api/verify?rd=https://auth.lan.ddnsgeek.com/" + "traefik.http.middlewares.authelia.forwardauth.authResponseHeaders" = "Remote-User,Remote-Groups" + "traefik.http.middlewares.authelia.forwardauth.maxResponseBodySize" = "2097152" + "traefik.http.middlewares.authelia.forwardauth.trustForwardHeader" = "true" + "traefik.http.routers.authelia.entrypoints" = "websecure" + "traefik.http.routers.authelia.rule" = "Host(`auth.lan.ddnsgeek.com`)" + "traefik.http.routers.authelia.tls" = "true" + "traefik.http.routers.authelia.tls.certresolver" = "myresolver" + } + } + "crowdsec" = { + terraform_resource = "docker_container.crowdsec" + compose_project = "core" + compose_service = "crowdsec" + compose_file = "core/crowdsec/docker-compose.yml" + container_name = "crowdsec" + image = "core-crowdsec" + image_source = "compose_build_inferred" + restart_policy = "always" + network_mode = null + networks = ["traefik"] + mounts = ["bind:/home/nixos/docker/core/crowdsec/logs->/logs:ro", "bind:/home/nixos/docker/core/crowdsec/data->/var/lib/crowdsec/data", "bind:/home/nixos/docker/core/crowdsec/config->/etc/crowdsec"] + published_ports = [] + build_context = "/home/nixos/docker/core/crowdsec" + build_dockerfile = "Dockerfile" + useful_labels = {} + } + "docker-socket-proxy" = { + terraform_resource = "docker_container.docker_socket_proxy" + compose_project = "core" + compose_service = "docker-socket-proxy" + compose_file = "monitoring/docker-socket-proxy/docker-compose.yml" + container_name = "docker-socket-proxy" + image = "tecnativa/docker-socket-proxy:latest" + image_source = "declared_image" + restart_policy = "unless-stopped" + network_mode = null + networks = ["monitor", "traefik"] + mounts = ["bind:/var/run/docker.sock->/var/run/docker.sock:ro"] + published_ports = [] + build_context = null + build_dockerfile = null + useful_labels = {} + } + "docker-update-exporter" = { + terraform_resource = "docker_container.docker_update_exporter" + compose_project = "core" + compose_service = "docker-update-exporter" + compose_file = "monitoring/docker-exporter/docker-compose.yml" + container_name = "docker-update-exporter" + image = "core-docker-update-exporter" + image_source = "compose_build_inferred" + restart_policy = "unless-stopped" + network_mode = null + networks = ["monitor"] + mounts = ["bind:/root/.docker/config.json->/root/.docker/config.json:ro", "bind:/home/nixos/docker/monitoring/docker-exporter/data->/data", "bind:/home/nixos/docker->/compose:ro"] + published_ports = [] + build_context = "/home/nixos/docker/monitoring/docker-exporter" + build_dockerfile = "Dockerfile" + useful_labels = {} + } + "error-pages" = { + terraform_resource = "docker_container.error_pages" + compose_project = "core" + compose_service = "error-pages" + compose_file = "core/error-pages/docker-compose.yml" + container_name = "error-pages" + image = "tarampampam/error-pages:3" + image_source = "declared_image" + restart_policy = "always" + network_mode = null + networks = ["traefik"] + mounts = [] + published_ports = [] + build_context = null + build_dockerfile = null + useful_labels = { + "traefik.enable" = "true" + "traefik.http.middlewares.error-pages-middleware.errors.query" = "/{status}.html" + "traefik.http.middlewares.error-pages-middleware.errors.service" = "error-pages-service" + "traefik.http.middlewares.error-pages-middleware.errors.status" = "400-599" + "traefik.http.routers.error-pages-router.entrypoints" = "web" + "traefik.http.routers.error-pages-router.middlewares" = "error-pages-middleware" + "traefik.http.routers.error-pages-router.rule" = "HostRegexp(`{host:.+}`)" + "traefik.http.services.error-pages-service.loadbalancer.server.port" = "8080" + } + } + "gitea" = { + terraform_resource = "docker_container.gitea" + compose_project = "core" + compose_service = "gitea" + compose_file = "apps/gitea/docker-compose.yml" + container_name = "gitea" + image = "gitea/gitea:latest" + image_source = "declared_image" + restart_policy = "always" + network_mode = null + networks = ["traefik"] + mounts = ["bind:/home/nixos/docker/apps/gitea/data->/data"] + published_ports = [] + build_context = null + build_dockerfile = null + useful_labels = { + "traefik.docker.network" = "core_traefik" + "traefik.enable" = "true" + "traefik.http.routers.gitea.entrypoints" = "websecure" + "traefik.http.routers.gitea.rule" = "Host(`gitea.lan.ddnsgeek.com`)" + "traefik.http.routers.gitea.tls" = "true" + "traefik.http.routers.gitea.tls.certresolver" = "myresolver" + "traefik.http.services.gitea.loadbalancer.server.port" = "3000" + } + } + "gotify" = { + terraform_resource = "docker_container.gotify" + compose_project = "core" + compose_service = "gotify" + compose_file = "monitoring/gotify/docker-compose.yml" + container_name = "gotify" + image = "gotify/server:latest" + image_source = "declared_image" + restart_policy = "always" + network_mode = null + networks = ["traefik"] + mounts = ["bind:/home/nixos/docker/monitoring/gotify/data->/app/data"] + published_ports = [] + build_context = null + build_dockerfile = null + useful_labels = { + "traefik.docker.network" = "core_traefik" + "traefik.enable" = "true" + "traefik.http.routers.gotify.entrypoints" = "websecure" + "traefik.http.routers.gotify.rule" = "Host(`gotify.lan.ddnsgeek.com`)" + "traefik.http.routers.gotify.tls.certresolver" = "myresolver" + "traefik.http.routers.gotify.tls.options" = "mtls-private-admin@file" + "traefik.http.services.gotify.loadbalancer.server.port" = "80" + } + } + "grafana" = { + terraform_resource = "docker_container.grafana" + compose_project = "core" + compose_service = "grafana" + compose_file = "monitoring/grafana/docker-compose.yml" + container_name = "grafana" + image = "grafana/grafana:latest" + image_source = "declared_image" + restart_policy = "unless-stopped" + network_mode = null + networks = ["monitor", "traefik"] + mounts = ["bind:/home/nixos/docker/monitoring/grafana/data->/var/lib/grafana"] + published_ports = [] + build_context = null + build_dockerfile = null + useful_labels = { + "traefik.docker.network" = "core_traefik" + "traefik.enable" = "true" + "traefik.http.routers.grafana.entrypoints" = "websecure" + "traefik.http.routers.grafana.rule" = "Host(`grafana.lan.ddnsgeek.com`)" + "traefik.http.routers.grafana.tls.certresolver" = "myresolver" + "traefik.http.routers.grafana.tls.options" = "mtls-private-admin@file" + "traefik.http.services.grafana.loadbalancer.server.port" = "3000" + } + } + "gramps-redis" = { + terraform_resource = "docker_container.gramps_redis" + compose_project = "core" + compose_service = "gramps-redis" + compose_file = "apps/gramps/docker-compose.yml" + container_name = "gramps-redis" + image = "valkey/valkey:8-alpine" + image_source = "declared_image" + restart_policy = "always" + network_mode = null + networks = ["gramps"] + mounts = [] + published_ports = [] + build_context = null + build_dockerfile = null + useful_labels = {} + } + "gramps-web" = { + terraform_resource = "docker_container.gramps_web" + compose_project = "core" + compose_service = "grampsweb" + compose_file = "apps/gramps/docker-compose.yml" + container_name = "gramps-web" + image = "ghcr.io/gramps-project/grampsweb:latest" + image_source = "declared_image" + restart_policy = "always" + network_mode = null + networks = ["gramps", "traefik"] + mounts = ["bind:/home/nixos/docker/apps/gramps/data/users->/app/users", "bind:/home/nixos/docker/apps/gramps/data/index->/app/indexdir", "bind:/home/nixos/docker/apps/gramps/data/thumbnail_cache->/app/thumbnail_cache", "bind:/home/nixos/docker/apps/gramps/data/cache->/app/cache", "bind:/home/nixos/docker/apps/gramps/data/secret->/app/secret", "bind:/home/nixos/docker/apps/gramps/data/db->/root/.gramps/grampsdb", "bind:/home/nixos/docker/apps/gramps/data/media->/app/media", "bind:/home/nixos/docker/apps/gramps/data/tmp->/tmp"] + published_ports = [] + build_context = null + build_dockerfile = null + useful_labels = { + "traefik.docker.network" = "core_traefik" + "traefik.enable" = "true" + "traefik.http.routers.gramps.entrypoints" = "websecure" + "traefik.http.routers.gramps.rule" = "Host(`familytree.lan.ddnsgeek.com`)" + "traefik.http.routers.gramps.tls.certresolver" = "myresolver" + "traefik.http.services.gramps.loadbalancer.server.port" = "5000" + } + } + "gramps-web-celery" = { + terraform_resource = "docker_container.gramps_web_celery" + compose_project = "core" + compose_service = "grampsweb_celery" + compose_file = "apps/gramps/docker-compose.yml" + container_name = "gramps-web-celery" + image = "ghcr.io/gramps-project/grampsweb:latest" + image_source = "declared_image" + restart_policy = "always" + network_mode = null + networks = ["gramps"] + mounts = ["bind:/home/nixos/docker/apps/gramps/data/users->/app/users", "bind:/home/nixos/docker/apps/gramps/data/index->/app/indexdir", "bind:/home/nixos/docker/apps/gramps/data/thumbnail_cache->/app/thumbnail_cache", "bind:/home/nixos/docker/apps/gramps/data/cache->/app/cache", "bind:/home/nixos/docker/apps/gramps/data/secret->/app/secret", "bind:/home/nixos/docker/apps/gramps/data/db->/root/.gramps/grampsdb", "bind:/home/nixos/docker/apps/gramps/data/media->/app/media", "bind:/home/nixos/docker/apps/gramps/data/tmp->/tmp"] + published_ports = [] + build_context = null + build_dockerfile = null + useful_labels = {} + } + "influxdb" = { + terraform_resource = "docker_container.influxdb" + compose_project = "core" + compose_service = "influxdb" + compose_file = "monitoring/influxdb/docker-compose.yml" + container_name = "influxdb" + image = "influxdb:2.7" + image_source = "declared_image" + restart_policy = "unless-stopped" + network_mode = null + networks = ["monitor", "traefik"] + mounts = ["bind:/home/nixos/docker/monitoring/influxdb->/var/lib/influxdb2"] + published_ports = [] + build_context = null + build_dockerfile = null + useful_labels = { + "traefik.docker.network" = "core_traefik" + "traefik.enable" = "true" + "traefik.http.routers.influxdb.entrypoints" = "websecure" + "traefik.http.routers.influxdb.middlewares" = "authelia" + "traefik.http.routers.influxdb.rule" = "Host(`influxdb.lan.ddnsgeek.com`)" + "traefik.http.routers.influxdb.tls.certresolver" = "myresolver" + "traefik.http.routers.influxdb.tls.options" = "mtls-private-admin@file" + "traefik.http.services.influxdb.loadbalancer.server.port" = "8086" + } + } + "monitor-kuma" = { + terraform_resource = "docker_container.monitor_kuma" + compose_project = "core" + compose_service = "monitor-kuma" + compose_file = "monitoring/uptime-kuma/docker-compose.yml" + container_name = "monitor-kuma" + image = "louislam/uptime-kuma:2.1.1" + image_source = "declared_image" + restart_policy = "always" + network_mode = null + networks = ["monitor", "traefik"] + mounts = ["bind:/home/nixos/docker/monitoring/uptime-kuma/data->/app/data"] + published_ports = [] + build_context = null + build_dockerfile = null + useful_labels = { + "traefik.docker.network" = "core_traefik" + "traefik.enable" = "true" + "traefik.http.routers.monitor.entrypoints" = "websecure" + "traefik.http.routers.monitor.rule" = "Host(`monitor-kuma.lan.ddnsgeek.com`)" + "traefik.http.routers.monitor.tls" = "true" + "traefik.http.routers.monitor.tls.certresolver" = "myresolver" + "traefik.http.routers.monitor.tls.options" = "mtls-private-admin@file" + "traefik.http.services.monitor.loadbalancer.server.port" = "3001" + } + } + "mtls-bridge" = { + terraform_resource = "docker_container.mtls_bridge" + compose_project = "core" + compose_service = "mtls-bridge" + compose_file = "monitoring/mtls-bridge/docker-compose.yml" + container_name = "mtls-bridge" + image = "core-mtls-bridge" + image_source = "compose_build_inferred" + restart_policy = "unless-stopped" + network_mode = null + networks = ["monitor", "traefik"] + mounts = ["bind:/home/nixos/docker/core/traefik/certs->/certs:ro"] + published_ports = [] + build_context = "/home/nixos/docker/monitoring/mtls-bridge" + build_dockerfile = "Dockerfile" + useful_labels = { + "traefik.docker.network" = "core_traefik" + "traefik.enable" = "true" + "traefik.http.middlewares.mtls-bridge-auth.basicauth.users" = "" + "traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowcredentials" = "true" + "traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowheaders" = "authorization,content-type,x-grafana-action,x-grafana-device-id" + "traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowmethods" = "GET,POST,PUT,PATCH,DELETE,OPTIONS" + "traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolalloworiginlist" = "https://grafana.lan.ddnsgeek.com" + "traefik.http.middlewares.mtls-bridge-cors.headers.addvaryheader" = "true" + "traefik.http.routers.mtls-bridge-preflight.entrypoints" = "websecure" + "traefik.http.routers.mtls-bridge-preflight.middlewares" = "mtls-bridge-cors" + "traefik.http.routers.mtls-bridge-preflight.priority" = "100" + "traefik.http.routers.mtls-bridge-preflight.rule" = "Host(`mtls-bridge.lan.ddnsgeek.com`) && Method(`OPTIONS`)" + "traefik.http.routers.mtls-bridge-preflight.service" = "mtls-bridge" + "traefik.http.routers.mtls-bridge-preflight.tls.certresolver" = "myresolver" + "traefik.http.routers.mtls-bridge.entrypoints" = "websecure" + "traefik.http.routers.mtls-bridge.middlewares" = "mtls-bridge-auth,mtls-bridge-cors" + "traefik.http.routers.mtls-bridge.rule" = "Host(`mtls-bridge.lan.ddnsgeek.com`)" + "traefik.http.routers.mtls-bridge.tls.certresolver" = "myresolver" + "traefik.http.services.mtls-bridge.loadbalancer.server.port" = "8080" + } + } + "nextcloud-db" = { + terraform_resource = "docker_container.nextcloud_db" + compose_project = "core" + compose_service = "nextcloud-db" + compose_file = "apps/nextcloud/docker-compose.yml" + container_name = "nextcloud-db" + image = "mariadb:11.4" + image_source = "declared_image" + restart_policy = "always" + network_mode = null + networks = ["nextcloud"] + mounts = ["bind:/home/nixos/docker/apps/nextcloud/database->/var/lib/mysql"] + published_ports = [] + build_context = null + build_dockerfile = null + useful_labels = {} + } + "nextcloud-redis" = { + terraform_resource = "docker_container.nextcloud_redis" + compose_project = "core" + compose_service = "nextcloud-redis" + compose_file = "apps/nextcloud/docker-compose.yml" + container_name = "nextcloud-redis" + image = "redis" + image_source = "declared_image" + restart_policy = "always" + network_mode = null + networks = ["nextcloud"] + mounts = ["bind:/home/nixos/docker/apps/nextcloud/data/redis->/data"] + published_ports = [] + build_context = null + build_dockerfile = null + useful_labels = {} + } + "nextcloud-webapp" = { + terraform_resource = "docker_container.nextcloud_webapp" + compose_project = "core" + compose_service = "nextcloud-webapp" + compose_file = "apps/nextcloud/docker-compose.yml" + container_name = "nextcloud-webapp" + image = "core-nextcloud-webapp" + image_source = "compose_build_inferred" + restart_policy = "always" + network_mode = null + networks = ["nextcloud", "traefik"] + mounts = ["bind:/home/nixos/docker/apps/nextcloud/data->/var/www/html/data", "bind:/home/nixos/docker/apps/nextcloud/config->/var/www/html/config", "tmpfs:->/tmp:exec"] + published_ports = [] + build_context = "/home/nixos/docker/apps/nextcloud" + build_dockerfile = "Dockerfile" + useful_labels = { + "traefik.docker.network" = "core_traefik" + "traefik.enable" = "true" + "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex" = "^/.well-known/ca(l|rd)dav" + "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement" = "/remote.php/dav/" + "traefik.http.middlewares.nextcloud-nodeinfo.replacepathregex.regex" = "^/.well-known/nodeinfo" + "traefik.http.middlewares.nextcloud-nodeinfo.replacepathregex.replacement" = "/nextcloud/index.php/.well-known/nodeinfo/" + "traefik.http.middlewares.nextcloud-webfinger.redirectregex.permanent" = "true" + "traefik.http.middlewares.nextcloud-webfinger.redirectregex.regex" = "https://(.*)/.well-known/webfinger" + "traefik.http.middlewares.nextcloud-webfinger.redirectregex.replacement" = "https://$${1}/nextcloud/index.php/.well-known/webfinger" + "traefik.http.routers.nextcloud.entrypoints" = "websecure" + "traefik.http.routers.nextcloud.middlewares" = "nextcloud-dav, nextcloud-webfinger" + "traefik.http.routers.nextcloud.rule" = "Host(`nextcloud.lan.ddnsgeek.com`)" + "traefik.http.routers.nextcloud.tls.certresolver" = "myresolver" + } + } + "node-exporter" = { + terraform_resource = "docker_container.node_exporter" + compose_project = "core" + compose_service = "node-exporter" + compose_file = "monitoring/node-exporter/docker-compose.yml" + container_name = "node-exporter" + image = "prom/node-exporter:latest" + image_source = "declared_image" + restart_policy = "unless-stopped" + network_mode = null + networks = ["monitor"] + mounts = ["bind:/proc->/host/proc:ro", "bind:/sys->/host/sys:ro", "bind:/->/rootfs:ro"] + published_ports = [] + build_context = null + build_dockerfile = null + useful_labels = {} + } + "node-red" = { + terraform_resource = "docker_container.node_red" + compose_project = "core" + compose_service = "node-red" + compose_file = "monitoring/node-red/docker-compose.yml" + container_name = "node-red" + image = "core-node-red" + image_source = "compose_build_inferred" + restart_policy = "unless-stopped" + network_mode = null + networks = ["monitor", "traefik"] + mounts = ["bind:/home/nixos/docker/monitoring/node-red/data->/data", "bind:/home/nixos/docker->/compose/docker:ro", "bind:/home/nixos/raspi->/compose/raspi:ro"] + published_ports = [] + build_context = "/home/nixos/docker/monitoring/node-red" + build_dockerfile = "Dockerfile" + useful_labels = { + "traefik.docker.network" = "core_traefik" + "traefik.enable" = "true" + "traefik.http.routers.node-red.entrypoints" = "websecure" + "traefik.http.routers.node-red.middlewares" = "authelia" + "traefik.http.routers.node-red.rule" = "Host(`node-red.lan.ddnsgeek.com`)" + "traefik.http.routers.node-red.tls.certresolver" = "myresolver" + "traefik.http.routers.node-red.tls.options" = "mtls-private-admin@file" + "traefik.http.services.node-red.loadbalancer.server.port" = "1880" + } + } + "passbolt-db" = { + terraform_resource = "docker_container.passbolt_db" + compose_project = "core" + compose_service = "passbolt-db" + compose_file = "apps/passbolt/docker-compose.yml" + container_name = "passbolt-db" + image = "mariadb:12" + image_source = "declared_image" + restart_policy = "always" + network_mode = null + networks = ["passbolt"] + mounts = ["bind:/home/nixos/docker/apps/passbolt/data/database->/var/lib/mysql"] + published_ports = [] + build_context = null + build_dockerfile = null + useful_labels = {} + } + "passbolt-webapp" = { + terraform_resource = "docker_container.passbolt_webapp" + compose_project = "core" + compose_service = "passbolt-webapp" + compose_file = "apps/passbolt/docker-compose.yml" + container_name = "passbolt-webapp" + image = "passbolt/passbolt:latest-ce" + image_source = "declared_image" + restart_policy = "always" + network_mode = null + networks = ["passbolt", "traefik"] + mounts = ["bind:/home/nixos/docker/apps/passbolt/data/gpg->/etc/passbolt/gpg", "bind:/home/nixos/docker/apps/passbolt/data/jwt->/etc/passbolt/jwt"] + published_ports = [] + build_context = null + build_dockerfile = null + useful_labels = { + "traefik.docker.network" = "core_traefik" + "traefik.enable" = "true" + "traefik.http.routers.passbolt.entrypoints" = "websecure" + "traefik.http.routers.passbolt.rule" = "Host(`passbolt.lan.ddnsgeek.com`)" + "traefik.http.routers.passbolt.tls.certresolver" = "myresolver" + } + } + "pihole-exporter" = { + terraform_resource = "docker_container.pihole_exporter" + compose_project = "core" + compose_service = "pihole-exporter" + compose_file = "monitoring/pihole-exporter/docker-compose.yml" + container_name = "pihole-exporter" + image = "ekofr/pihole-exporter:latest" + image_source = "declared_image" + restart_policy = "unless-stopped" + network_mode = null + networks = ["monitor"] + mounts = [] + published_ports = ["9617:9617/tcp"] + build_context = null + build_dockerfile = null + useful_labels = {} + } + "portainer" = { + terraform_resource = "docker_container.portainer" + compose_project = "core" + compose_service = "portainer" + compose_file = "monitoring/portainer/docker-compose.yml" + container_name = "portainer" + image = "portainer/portainer-ce:latest" + image_source = "declared_image" + restart_policy = "unless-stopped" + network_mode = null + networks = ["traefik"] + mounts = ["bind:/home/nixos/docker/monitoring/portainer/data->/data"] + published_ports = [] + build_context = null + build_dockerfile = null + useful_labels = { + "traefik.enable" = "true" + "traefik.http.routers.portainer.entrypoints" = "websecure" + "traefik.http.routers.portainer.rule" = "Host(`portainer.lan.ddnsgeek.com`)" + "traefik.http.routers.portainer.tls" = "true" + "traefik.http.routers.portainer.tls.certresolver" = "myresolver" + "traefik.http.routers.portainer.tls.options" = "mtls-private-admin@file" + "traefik.http.services.portainer.loadbalancer.server.port" = "9000" + } + } + "prometheus" = { + terraform_resource = "docker_container.prometheus" + compose_project = "core" + compose_service = "prometheus" + compose_file = "monitoring/prometheus/docker-compose.yml" + container_name = "prometheus" + image = "prom/prometheus:latest" + image_source = "declared_image" + restart_policy = "unless-stopped" + network_mode = null + networks = ["monitor", "traefik"] + mounts = ["bind:/home/nixos/docker/monitoring/prometheus/prometheus.yml->/etc/prometheus/prometheus.yml:ro", "bind:/home/nixos/docker/monitoring/prometheus/data->/prometheus", "bind:/home/nixos/docker/monitoring/prometheus/rules->/etc/prometheus/rules:ro", "bind:/home/nixos/docker/secrets/prometheus_kuma_basic_auth_password.txt->/run/secrets/prometheus_kuma_basic_auth_password:ro"] + published_ports = [] + build_context = null + build_dockerfile = null + useful_labels = { + "traefik.docker.network" = "core_traefik" + "traefik.enable" = "true" + "traefik.http.routers.prometheus.entrypoints" = "websecure" + "traefik.http.routers.prometheus.middlewares" = "authelia" + "traefik.http.routers.prometheus.rule" = "Host(`prometheus.lan.ddnsgeek.com`)" + "traefik.http.routers.prometheus.tls.certresolver" = "myresolver" + "traefik.http.routers.prometheus.tls.options" = "mtls-private-admin@file" + "traefik.http.services.prometheus.loadbalancer.server.port" = "9090" + } + } + "searxng-webapp" = { + terraform_resource = "docker_container.searxng_webapp" + compose_project = "core" + compose_service = "searxng-webapp" + compose_file = "apps/searxng/docker-compose.yml" + container_name = "searxng-webapp" + image = "searxng/searxng" + image_source = "declared_image" + restart_policy = "always" + network_mode = null + networks = ["traefik"] + mounts = [] + published_ports = [] + build_context = null + build_dockerfile = null + useful_labels = { + "traefik.enable" = "true" + "traefik.http.routers.searxng.entrypoints" = "websecure" + "traefik.http.routers.searxng.rule" = "Host(`searxng.lan.ddnsgeek.com`)" + "traefik.http.routers.searxng.tls.certresolver" = "myresolver" + "traefik.http.services.searxng.loadbalancer.server.port" = "8080" + } + } + "telegraf" = { + terraform_resource = "docker_container.telegraf" + compose_project = "core" + compose_service = "telegraf" + compose_file = "monitoring/telegraf/docker-compose.yml" + container_name = "telegraf" + image = "telegraf:latest" + image_source = "declared_image" + restart_policy = "unless-stopped" + network_mode = null + networks = ["monitor"] + mounts = ["bind:/home/nixos/docker/monitoring/telegraf/telegraf.conf->/etc/telegraf/telegraf.conf:ro", "bind:/home/nixos/docker/monitoring/node-red/data->/var/log/node-red:ro"] + published_ports = [] + build_context = null + build_dockerfile = null + useful_labels = {} + } + "traefik" = { + terraform_resource = "docker_container.traefik" + compose_project = "core" + compose_service = "traefik" + compose_file = "core/traefik/docker-compose.yml" + container_name = "traefik" + image = "traefik:3" + image_source = "declared_image" + restart_policy = "always" + network_mode = null + networks = ["traefik"] + mounts = ["bind:/home/nixos/docker/core/traefik/data/letsencrypt->/letsencrypt", "bind:/home/nixos/docker/core/traefik/data/logs->/logs", "bind:/home/nixos/docker/core/traefik/certs->/etc/traefik/certs:ro", "bind:/home/nixos/docker/core/traefik/dynamic.yml->/etc/traefik/dynamic.yml:ro", "bind:/home/nixos/docker/core/traefik/traefik.yml->/etc/traefik/traefik.yml:ro", "bind:/home/nixos/docker/core/traefik/data/plugins->/plugins-storage"] + published_ports = ["80:80/tcp", "443:443/tcp"] + build_context = "/home/nixos/docker/core" + build_dockerfile = "Dockerfile" + useful_labels = { + "traefik.docker.network" = "core_traefik" + "traefik.enable" = "true" + "traefik.http.routers.traefik.entrypoints" = "websecure" + "traefik.http.routers.traefik.middlewares" = "authelia" + "traefik.http.routers.traefik.observability.tracing" = "true" + "traefik.http.routers.traefik.rule" = "Host(`traefik.lan.ddnsgeek.com`)" + "traefik.http.routers.traefik.service" = "api@internal" + "traefik.http.routers.traefik.tls.certresolver" = "myresolver" + "traefik.http.routers.traefik.tls.options" = "mtls-private-admin@file" + } + } + } +} diff --git a/infrastructure/terraform/docker/crowdsec.tf b/infrastructure/terraform/docker/crowdsec.tf new file mode 100644 index 0000000..8f5ac3d --- /dev/null +++ b/infrastructure/terraform/docker/crowdsec.tf @@ -0,0 +1,13 @@ +resource "docker_container" "crowdsec" { + name = local.docker_containers["crowdsec"].container_name + image = local.docker_containers["crowdsec"].image + + restart = local.docker_containers["crowdsec"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/docker-socket-proxy.tf b/infrastructure/terraform/docker/docker-socket-proxy.tf new file mode 100644 index 0000000..18694f8 --- /dev/null +++ b/infrastructure/terraform/docker/docker-socket-proxy.tf @@ -0,0 +1,13 @@ +resource "docker_container" "docker_socket_proxy" { + name = local.docker_containers["docker-socket-proxy"].container_name + image = local.docker_containers["docker-socket-proxy"].image + + restart = local.docker_containers["docker-socket-proxy"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/docker-update-exporter.tf b/infrastructure/terraform/docker/docker-update-exporter.tf new file mode 100644 index 0000000..228b3f0 --- /dev/null +++ b/infrastructure/terraform/docker/docker-update-exporter.tf @@ -0,0 +1,13 @@ +resource "docker_container" "docker_update_exporter" { + name = local.docker_containers["docker-update-exporter"].container_name + image = local.docker_containers["docker-update-exporter"].image + + restart = local.docker_containers["docker-update-exporter"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/error-pages.tf b/infrastructure/terraform/docker/error-pages.tf new file mode 100644 index 0000000..b5ca2b5 --- /dev/null +++ b/infrastructure/terraform/docker/error-pages.tf @@ -0,0 +1,13 @@ +resource "docker_container" "error_pages" { + name = local.docker_containers["error-pages"].container_name + image = local.docker_containers["error-pages"].image + + restart = local.docker_containers["error-pages"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/gitea.tf b/infrastructure/terraform/docker/gitea.tf new file mode 100644 index 0000000..43a47e0 --- /dev/null +++ b/infrastructure/terraform/docker/gitea.tf @@ -0,0 +1,13 @@ +resource "docker_container" "gitea" { + name = local.docker_containers["gitea"].container_name + image = local.docker_containers["gitea"].image + + restart = local.docker_containers["gitea"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/gotify.tf b/infrastructure/terraform/docker/gotify.tf new file mode 100644 index 0000000..550c282 --- /dev/null +++ b/infrastructure/terraform/docker/gotify.tf @@ -0,0 +1,13 @@ +resource "docker_container" "gotify" { + name = local.docker_containers["gotify"].container_name + image = local.docker_containers["gotify"].image + + restart = local.docker_containers["gotify"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/grafana.tf b/infrastructure/terraform/docker/grafana.tf new file mode 100644 index 0000000..f09c6ab --- /dev/null +++ b/infrastructure/terraform/docker/grafana.tf @@ -0,0 +1,13 @@ +resource "docker_container" "grafana" { + name = local.docker_containers["grafana"].container_name + image = local.docker_containers["grafana"].image + + restart = local.docker_containers["grafana"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/gramps-redis.tf b/infrastructure/terraform/docker/gramps-redis.tf new file mode 100644 index 0000000..4937e5c --- /dev/null +++ b/infrastructure/terraform/docker/gramps-redis.tf @@ -0,0 +1,13 @@ +resource "docker_container" "gramps_redis" { + name = local.docker_containers["gramps-redis"].container_name + image = local.docker_containers["gramps-redis"].image + + restart = local.docker_containers["gramps-redis"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/gramps-web-celery.tf b/infrastructure/terraform/docker/gramps-web-celery.tf new file mode 100644 index 0000000..a08554a --- /dev/null +++ b/infrastructure/terraform/docker/gramps-web-celery.tf @@ -0,0 +1,13 @@ +resource "docker_container" "gramps_web_celery" { + name = local.docker_containers["gramps-web-celery"].container_name + image = local.docker_containers["gramps-web-celery"].image + + restart = local.docker_containers["gramps-web-celery"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/gramps-web.tf b/infrastructure/terraform/docker/gramps-web.tf new file mode 100644 index 0000000..e1cdf38 --- /dev/null +++ b/infrastructure/terraform/docker/gramps-web.tf @@ -0,0 +1,13 @@ +resource "docker_container" "gramps_web" { + name = local.docker_containers["gramps-web"].container_name + image = local.docker_containers["gramps-web"].image + + restart = local.docker_containers["gramps-web"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/influxdb.tf b/infrastructure/terraform/docker/influxdb.tf new file mode 100644 index 0000000..d93ec6b --- /dev/null +++ b/infrastructure/terraform/docker/influxdb.tf @@ -0,0 +1,13 @@ +resource "docker_container" "influxdb" { + name = local.docker_containers["influxdb"].container_name + image = local.docker_containers["influxdb"].image + + restart = local.docker_containers["influxdb"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/main.tf b/infrastructure/terraform/docker/main.tf index 9a01732..4bc7867 100644 --- a/infrastructure/terraform/docker/main.tf +++ b/infrastructure/terraform/docker/main.tf @@ -1,26 +1,2 @@ -# Docker Terraform workflow in this repo: -# 1) Add a minimal resource block for ONE existing container. -# 2) Import that live container into state: -# terraform import docker_container. -# 3) Inspect imported arguments: -# terraform state show docker_container. -# 4) Copy required arguments into this file and refine. -# 5) Repeat until terraform plan shows no unintended changes. - -# Example skeleton for future imported containers (intentionally commented): -# resource "docker_container" "example_service" { -# name = "existing-container-name" -# image = "repo/image:tag" -# -# # Add additional arguments based on `terraform state show` output. -# # Keep values aligned with the live container so plan is a no-op. -# } -#resource "docker_container" "searxng-webapp" { -# name = "searxng-webapp" -# image = "searxng/searxng" -#} - -#import { -# to = docker_container.searxng-webapp -# id = "5e755fc8478a3d088be12a1bb26df78e2f1990c56e1f7671f0cbf9761330092b" -#} +# Docker container resources are split into one file per container. +# See container-catalog.tf for documentation-oriented metadata used by outputs. diff --git a/infrastructure/terraform/docker/monitor-kuma.tf b/infrastructure/terraform/docker/monitor-kuma.tf new file mode 100644 index 0000000..970f5e7 --- /dev/null +++ b/infrastructure/terraform/docker/monitor-kuma.tf @@ -0,0 +1,13 @@ +resource "docker_container" "monitor_kuma" { + name = local.docker_containers["monitor-kuma"].container_name + image = local.docker_containers["monitor-kuma"].image + + restart = local.docker_containers["monitor-kuma"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/mtls-bridge.tf b/infrastructure/terraform/docker/mtls-bridge.tf new file mode 100644 index 0000000..c6bfc9c --- /dev/null +++ b/infrastructure/terraform/docker/mtls-bridge.tf @@ -0,0 +1,13 @@ +resource "docker_container" "mtls_bridge" { + name = local.docker_containers["mtls-bridge"].container_name + image = local.docker_containers["mtls-bridge"].image + + restart = local.docker_containers["mtls-bridge"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/nextcloud-db.tf b/infrastructure/terraform/docker/nextcloud-db.tf new file mode 100644 index 0000000..2d2ac9e --- /dev/null +++ b/infrastructure/terraform/docker/nextcloud-db.tf @@ -0,0 +1,13 @@ +resource "docker_container" "nextcloud_db" { + name = local.docker_containers["nextcloud-db"].container_name + image = local.docker_containers["nextcloud-db"].image + + restart = local.docker_containers["nextcloud-db"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/nextcloud-redis.tf b/infrastructure/terraform/docker/nextcloud-redis.tf new file mode 100644 index 0000000..2e9db24 --- /dev/null +++ b/infrastructure/terraform/docker/nextcloud-redis.tf @@ -0,0 +1,13 @@ +resource "docker_container" "nextcloud_redis" { + name = local.docker_containers["nextcloud-redis"].container_name + image = local.docker_containers["nextcloud-redis"].image + + restart = local.docker_containers["nextcloud-redis"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/nextcloud-webapp.tf b/infrastructure/terraform/docker/nextcloud-webapp.tf new file mode 100644 index 0000000..7543a9d --- /dev/null +++ b/infrastructure/terraform/docker/nextcloud-webapp.tf @@ -0,0 +1,13 @@ +resource "docker_container" "nextcloud_webapp" { + name = local.docker_containers["nextcloud-webapp"].container_name + image = local.docker_containers["nextcloud-webapp"].image + + restart = local.docker_containers["nextcloud-webapp"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/node-exporter.tf b/infrastructure/terraform/docker/node-exporter.tf new file mode 100644 index 0000000..da03a82 --- /dev/null +++ b/infrastructure/terraform/docker/node-exporter.tf @@ -0,0 +1,13 @@ +resource "docker_container" "node_exporter" { + name = local.docker_containers["node-exporter"].container_name + image = local.docker_containers["node-exporter"].image + + restart = local.docker_containers["node-exporter"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/node-red.tf b/infrastructure/terraform/docker/node-red.tf new file mode 100644 index 0000000..ce2b116 --- /dev/null +++ b/infrastructure/terraform/docker/node-red.tf @@ -0,0 +1,13 @@ +resource "docker_container" "node_red" { + name = local.docker_containers["node-red"].container_name + image = local.docker_containers["node-red"].image + + restart = local.docker_containers["node-red"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/outputs.tf b/infrastructure/terraform/docker/outputs.tf index 2179104..8dee8e6 100644 --- a/infrastructure/terraform/docker/outputs.tf +++ b/infrastructure/terraform/docker/outputs.tf @@ -3,17 +3,35 @@ output "docker_host_in_use" { value = var.docker_host } -output "managed_container_names" { - description = "Names of containers intentionally tracked in Terraform configuration." - value = var.managed_container_names +output "docker_containers" { + description = "Documentation-shaped inventory of Docker containers managed via services-up.sh compose sources." + value = local.docker_containers } -output "import_reconciliation_steps" { - description = "Short reminder of the safe import-first workflow." - value = [ - "Create one docker_container block for an existing container.", - "Run terraform import for that block.", - "Run terraform state show and copy required arguments.", - "Refine config until terraform plan has no unintended changes.", - ] +output "docker_inventory" { + description = "Compact Docker inventory suitable for export and merging into broader infrastructure docs." + value = { + compose_project = "core" + container_count = length(local.docker_containers) + containers = { + for key, container in local.docker_containers : key => { + compose_service = container.compose_service + compose_file = container.compose_file + container_name = container.container_name + image = container.image + image_source = container.image_source + build_context = container.build_context + network_mode = container.network_mode + networks = container.networks + published_ports = container.published_ports + mounts = container.mounts + restart_policy = container.restart_policy + } + } + } +} + +output "managed_container_names" { + description = "Names of containers intentionally tracked in Terraform documentation resources." + value = sort(keys(local.docker_containers)) } diff --git a/infrastructure/terraform/docker/passbolt-db.tf b/infrastructure/terraform/docker/passbolt-db.tf new file mode 100644 index 0000000..d780859 --- /dev/null +++ b/infrastructure/terraform/docker/passbolt-db.tf @@ -0,0 +1,13 @@ +resource "docker_container" "passbolt_db" { + name = local.docker_containers["passbolt-db"].container_name + image = local.docker_containers["passbolt-db"].image + + restart = local.docker_containers["passbolt-db"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/passbolt-webapp.tf b/infrastructure/terraform/docker/passbolt-webapp.tf new file mode 100644 index 0000000..a39bf39 --- /dev/null +++ b/infrastructure/terraform/docker/passbolt-webapp.tf @@ -0,0 +1,13 @@ +resource "docker_container" "passbolt_webapp" { + name = local.docker_containers["passbolt-webapp"].container_name + image = local.docker_containers["passbolt-webapp"].image + + restart = local.docker_containers["passbolt-webapp"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/pihole-exporter.tf b/infrastructure/terraform/docker/pihole-exporter.tf new file mode 100644 index 0000000..5d8b1ff --- /dev/null +++ b/infrastructure/terraform/docker/pihole-exporter.tf @@ -0,0 +1,13 @@ +resource "docker_container" "pihole_exporter" { + name = local.docker_containers["pihole-exporter"].container_name + image = local.docker_containers["pihole-exporter"].image + + restart = local.docker_containers["pihole-exporter"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/portainer.tf b/infrastructure/terraform/docker/portainer.tf new file mode 100644 index 0000000..125c040 --- /dev/null +++ b/infrastructure/terraform/docker/portainer.tf @@ -0,0 +1,13 @@ +resource "docker_container" "portainer" { + name = local.docker_containers["portainer"].container_name + image = local.docker_containers["portainer"].image + + restart = local.docker_containers["portainer"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/prometheus.tf b/infrastructure/terraform/docker/prometheus.tf new file mode 100644 index 0000000..d500a67 --- /dev/null +++ b/infrastructure/terraform/docker/prometheus.tf @@ -0,0 +1,13 @@ +resource "docker_container" "prometheus" { + name = local.docker_containers["prometheus"].container_name + image = local.docker_containers["prometheus"].image + + restart = local.docker_containers["prometheus"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/searxng-webapp.tf b/infrastructure/terraform/docker/searxng-webapp.tf index beb1fed..9f54577 100644 --- a/infrastructure/terraform/docker/searxng-webapp.tf +++ b/infrastructure/terraform/docker/searxng-webapp.tf @@ -1,54 +1,13 @@ -# ----------------------------------------------------------------------------- -# AUTO-GENERATED BY reconcile_from_plan.sh -# Generated: 2026-04-14T10:53:00Z -# Source: terraform plan -generate-config-out -# Review carefully before apply. -# ----------------------------------------------------------------------------- +resource "docker_container" "searxng_webapp" { + name = local.docker_containers["searxng-webapp"].container_name + image = local.docker_containers["searxng-webapp"].image -# __generated__ by Terraform -# Please review these resources and move them into your main configuration files. - -# __generated__ by Terraform from "5e755fc8478a3d088be12a1bb26df78e2f1990c56e1f7671f0cbf9761330092b" -resource "docker_container" "searxng-webapp" { - entrypoint = ["/usr/local/searxng/entrypoint.sh"] - hostname = "searxng.lan.ddnsgeek.com" - image = "sha256:6a9a175cd122c005abe2dc15d7cbfcd5109619e9dcccb511c34be244e10f49bc" - must_run = true - name = "searxng-webapp" - network_mode = "core_traefik" - read_only = true - restart = "always" - tmpfs = { - "/run" = "" - "/tmp" = "" - "/var" = "" - } - wait = false - wait_timeout = 60 - working_dir = "/usr/local/searxng" - healthcheck { - interval = "20s" - retries = 8 - start_period = "30s" - test = ["CMD-SHELL", "python3 -c \"import urllib.request,sys; r=urllib.request.urlopen('http://127.0.0.1:8080/', timeout=3); sys.exit(0 if 200<=r.status<400 else 1)\""] - timeout = "5s" - } - mounts { - read_only = false - source = "2255bde19ed136d348d29ada3d274eb3dbcb8aede13b246bbc9bac19fa38b37d" - target = "/var/cache/searxng" - type = "volume" - } - mounts { - read_only = false - source = "e7a1475c1265b7d1c15f7c4da10e93461f6f1bcf50fe8030131a6398509e2e48" - target = "/etc/searxng" - type = "volume" - } + restart = local.docker_containers["searxng-webapp"].restart_policy lifecycle { ignore_changes = [ env, + labels, ] } } diff --git a/infrastructure/terraform/docker/telegraf.tf b/infrastructure/terraform/docker/telegraf.tf new file mode 100644 index 0000000..6c3af64 --- /dev/null +++ b/infrastructure/terraform/docker/telegraf.tf @@ -0,0 +1,13 @@ +resource "docker_container" "telegraf" { + name = local.docker_containers["telegraf"].container_name + image = local.docker_containers["telegraf"].image + + restart = local.docker_containers["telegraf"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/traefik.tf b/infrastructure/terraform/docker/traefik.tf new file mode 100644 index 0000000..5fbffe4 --- /dev/null +++ b/infrastructure/terraform/docker/traefik.tf @@ -0,0 +1,13 @@ +resource "docker_container" "traefik" { + name = local.docker_containers["traefik"].container_name + image = local.docker_containers["traefik"].image + + restart = local.docker_containers["traefik"].restart_policy + + lifecycle { + ignore_changes = [ + env, + labels, + ] + } +} diff --git a/infrastructure/terraform/docker/variables.tf b/infrastructure/terraform/docker/variables.tf index 900c173..6a60b2f 100644 --- a/infrastructure/terraform/docker/variables.tf +++ b/infrastructure/terraform/docker/variables.tf @@ -3,9 +3,3 @@ variable "docker_host" { type = string default = "unix:///var/run/docker.sock" } - -variable "managed_container_names" { - description = "Human-maintained list of containers intentionally tracked in Terraform docs/outputs." - type = list(string) - default = ["searxng-webapp"] -}