beatzaplenty/docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #46 from beatz174-bit/codex/complete-terraform-documentation-for-docker

Browse Source 
Document full Docker compose container inventory in Terraform docker layer
This commit is contained in:
beatz174-bit
2026-04-21 09:46:46 +10:00
committed by GitHub
parent 5c3bc0317c 4695839df4
commit b848d6b807
31 changed files with 1070 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files
infrastructure/terraform/docker/authelia.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "authelia" {
name = local.docker_containers["authelia"].container_name
image = local.docker_containers["authelia"].image
restart = local.docker_containers["authelia"].restart_policy
labels = local.docker_containers["authelia"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/container-catalog.tf
+613
View File
@@ -0,0 +1,613 @@
locals {
docker_containers = {
"authelia" = {
terraform_resource = "docker_container.authelia"
compose_project = "core"
compose_service = "authelia"
compose_file = "core/authelia/docker-compose.yml"
container_name = "authelia"
image = "authelia/authelia"
image_source = "declared_image"
restart_policy = "always"
network_mode = null
networks = ["traefik"]
mounts = ["bind:/home/nixos/docker/core/authelia->/config"]
published_ports = []
build_context = "/home/nixos/docker/core/authelia"
build_dockerfile = "Dockerfile"
useful_labels = {
"traefik.enable" = "true"
"traefik.http.middlewares.authelia.forwardauth.address" = "http://authelia:9091/api/verify?rd=https://auth.lan.ddnsgeek.com/"
"traefik.http.middlewares.authelia.forwardauth.authResponseHeaders" = "Remote-User,Remote-Groups"
"traefik.http.middlewares.authelia.forwardauth.maxResponseBodySize" = "2097152"
"traefik.http.middlewares.authelia.forwardauth.trustForwardHeader" = "true"
"traefik.http.routers.authelia.entrypoints" = "websecure"
"traefik.http.routers.authelia.rule" = "Host(`auth.lan.ddnsgeek.com`)"
"traefik.http.routers.authelia.tls" = "true"
"traefik.http.routers.authelia.tls.certresolver" = "myresolver"
}
}
"crowdsec" = {
terraform_resource = "docker_container.crowdsec"
compose_project = "core"
compose_service = "crowdsec"
compose_file = "core/crowdsec/docker-compose.yml"
container_name = "crowdsec"
image = "core-crowdsec"
image_source = "compose_build_inferred"
restart_policy = "always"
network_mode = null
networks = ["traefik"]
mounts = ["bind:/home/nixos/docker/core/crowdsec/logs->/logs:ro", "bind:/home/nixos/docker/core/crowdsec/data->/var/lib/crowdsec/data", "bind:/home/nixos/docker/core/crowdsec/config->/etc/crowdsec"]
published_ports = []
build_context = "/home/nixos/docker/core/crowdsec"
build_dockerfile = "Dockerfile"
useful_labels = {}
}
"docker-socket-proxy" = {
terraform_resource = "docker_container.docker_socket_proxy"
compose_project = "core"
compose_service = "docker-socket-proxy"
compose_file = "monitoring/docker-socket-proxy/docker-compose.yml"
container_name = "docker-socket-proxy"
image = "tecnativa/docker-socket-proxy:latest"
image_source = "declared_image"
restart_policy = "unless-stopped"
network_mode = null
networks = ["monitor", "traefik"]
mounts = ["bind:/var/run/docker.sock->/var/run/docker.sock:ro"]
published_ports = []
build_context = null
build_dockerfile = null
useful_labels = {}
}
"docker-update-exporter" = {
terraform_resource = "docker_container.docker_update_exporter"
compose_project = "core"
compose_service = "docker-update-exporter"
compose_file = "monitoring/docker-exporter/docker-compose.yml"
container_name = "docker-update-exporter"
image = "core-docker-update-exporter"
image_source = "compose_build_inferred"
restart_policy = "unless-stopped"
network_mode = null
networks = ["monitor"]
mounts = ["bind:/root/.docker/config.json->/root/.docker/config.json:ro", "bind:/home/nixos/docker/monitoring/docker-exporter/data->/data", "bind:/home/nixos/docker->/compose:ro"]
published_ports = []
build_context = "/home/nixos/docker/monitoring/docker-exporter"
build_dockerfile = "Dockerfile"
useful_labels = {}
}
"error-pages" = {
terraform_resource = "docker_container.error_pages"
compose_project = "core"
compose_service = "error-pages"
compose_file = "core/error-pages/docker-compose.yml"
container_name = "error-pages"
image = "tarampampam/error-pages:3"
image_source = "declared_image"
restart_policy = "always"
network_mode = null
networks = ["traefik"]
mounts = []
published_ports = []
build_context = null
build_dockerfile = null
useful_labels = {
"traefik.enable" = "true"
"traefik.http.middlewares.error-pages-middleware.errors.query" = "/{status}.html"
"traefik.http.middlewares.error-pages-middleware.errors.service" = "error-pages-service"
"traefik.http.middlewares.error-pages-middleware.errors.status" = "400-599"
"traefik.http.routers.error-pages-router.entrypoints" = "web"
"traefik.http.routers.error-pages-router.middlewares" = "error-pages-middleware"
"traefik.http.routers.error-pages-router.rule" = "HostRegexp(`{host:.+}`)"
"traefik.http.services.error-pages-service.loadbalancer.server.port" = "8080"
}
}
"gitea" = {
terraform_resource = "docker_container.gitea"
compose_project = "core"
compose_service = "gitea"
compose_file = "apps/gitea/docker-compose.yml"
container_name = "gitea"
image = "gitea/gitea:latest"
image_source = "declared_image"
restart_policy = "always"
network_mode = null
networks = ["traefik"]
mounts = ["bind:/home/nixos/docker/apps/gitea/data->/data"]
published_ports = []
build_context = null
build_dockerfile = null
useful_labels = {
"traefik.docker.network" = "core_traefik"
"traefik.enable" = "true"
"traefik.http.routers.gitea.entrypoints" = "websecure"
"traefik.http.routers.gitea.rule" = "Host(`gitea.lan.ddnsgeek.com`)"
"traefik.http.routers.gitea.tls" = "true"
"traefik.http.routers.gitea.tls.certresolver" = "myresolver"
"traefik.http.services.gitea.loadbalancer.server.port" = "3000"
}
}
"gotify" = {
terraform_resource = "docker_container.gotify"
compose_project = "core"
compose_service = "gotify"
compose_file = "monitoring/gotify/docker-compose.yml"
container_name = "gotify"
image = "gotify/server:latest"
image_source = "declared_image"
restart_policy = "always"
network_mode = null
networks = ["traefik"]
mounts = ["bind:/home/nixos/docker/monitoring/gotify/data->/app/data"]
published_ports = []
build_context = null
build_dockerfile = null
useful_labels = {
"traefik.docker.network" = "core_traefik"
"traefik.enable" = "true"
"traefik.http.routers.gotify.entrypoints" = "websecure"
"traefik.http.routers.gotify.rule" = "Host(`gotify.lan.ddnsgeek.com`)"
"traefik.http.routers.gotify.tls.certresolver" = "myresolver"
"traefik.http.routers.gotify.tls.options" = "mtls-private-admin@file"
"traefik.http.services.gotify.loadbalancer.server.port" = "80"
}
}
"grafana" = {
terraform_resource = "docker_container.grafana"
compose_project = "core"
compose_service = "grafana"
compose_file = "monitoring/grafana/docker-compose.yml"
container_name = "grafana"
image = "grafana/grafana:latest"
image_source = "declared_image"
restart_policy = "unless-stopped"
network_mode = null
networks = ["monitor", "traefik"]
mounts = ["bind:/home/nixos/docker/monitoring/grafana/data->/var/lib/grafana"]
published_ports = []
build_context = null
build_dockerfile = null
useful_labels = {
"traefik.docker.network" = "core_traefik"
"traefik.enable" = "true"
"traefik.http.routers.grafana.entrypoints" = "websecure"
"traefik.http.routers.grafana.rule" = "Host(`grafana.lan.ddnsgeek.com`)"
"traefik.http.routers.grafana.tls.certresolver" = "myresolver"
"traefik.http.routers.grafana.tls.options" = "mtls-private-admin@file"
"traefik.http.services.grafana.loadbalancer.server.port" = "3000"
}
}
"gramps-redis" = {
terraform_resource = "docker_container.gramps_redis"
compose_project = "core"
compose_service = "gramps-redis"
compose_file = "apps/gramps/docker-compose.yml"
container_name = "gramps-redis"
image = "valkey/valkey:8-alpine"
image_source = "declared_image"
restart_policy = "always"
network_mode = null
networks = ["gramps"]
mounts = []
published_ports = []
build_context = null
build_dockerfile = null
useful_labels = {}
}
"gramps-web" = {
terraform_resource = "docker_container.gramps_web"
compose_project = "core"
compose_service = "grampsweb"
compose_file = "apps/gramps/docker-compose.yml"
container_name = "gramps-web"
image = "ghcr.io/gramps-project/grampsweb:latest"
image_source = "declared_image"
restart_policy = "always"
network_mode = null
networks = ["gramps", "traefik"]
mounts = ["bind:/home/nixos/docker/apps/gramps/data/users->/app/users", "bind:/home/nixos/docker/apps/gramps/data/index->/app/indexdir", "bind:/home/nixos/docker/apps/gramps/data/thumbnail_cache->/app/thumbnail_cache", "bind:/home/nixos/docker/apps/gramps/data/cache->/app/cache", "bind:/home/nixos/docker/apps/gramps/data/secret->/app/secret", "bind:/home/nixos/docker/apps/gramps/data/db->/root/.gramps/grampsdb", "bind:/home/nixos/docker/apps/gramps/data/media->/app/media", "bind:/home/nixos/docker/apps/gramps/data/tmp->/tmp"]
published_ports = []
build_context = null
build_dockerfile = null
useful_labels = {
"traefik.docker.network" = "core_traefik"
"traefik.enable" = "true"
"traefik.http.routers.gramps.entrypoints" = "websecure"
"traefik.http.routers.gramps.rule" = "Host(`familytree.lan.ddnsgeek.com`)"
"traefik.http.routers.gramps.tls.certresolver" = "myresolver"
"traefik.http.services.gramps.loadbalancer.server.port" = "5000"
}
}
"gramps-web-celery" = {
terraform_resource = "docker_container.gramps_web_celery"
compose_project = "core"
compose_service = "grampsweb_celery"
compose_file = "apps/gramps/docker-compose.yml"
container_name = "gramps-web-celery"
image = "ghcr.io/gramps-project/grampsweb:latest"
image_source = "declared_image"
restart_policy = "always"
network_mode = null
networks = ["gramps"]
mounts = ["bind:/home/nixos/docker/apps/gramps/data/users->/app/users", "bind:/home/nixos/docker/apps/gramps/data/index->/app/indexdir", "bind:/home/nixos/docker/apps/gramps/data/thumbnail_cache->/app/thumbnail_cache", "bind:/home/nixos/docker/apps/gramps/data/cache->/app/cache", "bind:/home/nixos/docker/apps/gramps/data/secret->/app/secret", "bind:/home/nixos/docker/apps/gramps/data/db->/root/.gramps/grampsdb", "bind:/home/nixos/docker/apps/gramps/data/media->/app/media", "bind:/home/nixos/docker/apps/gramps/data/tmp->/tmp"]
published_ports = []
build_context = null
build_dockerfile = null
useful_labels = {}
}
"influxdb" = {
terraform_resource = "docker_container.influxdb"
compose_project = "core"
compose_service = "influxdb"
compose_file = "monitoring/influxdb/docker-compose.yml"
container_name = "influxdb"
image = "influxdb:2.7"
image_source = "declared_image"
restart_policy = "unless-stopped"
network_mode = null
networks = ["monitor", "traefik"]
mounts = ["bind:/home/nixos/docker/monitoring/influxdb->/var/lib/influxdb2"]
published_ports = []
build_context = null
build_dockerfile = null
useful_labels = {
"traefik.docker.network" = "core_traefik"
"traefik.enable" = "true"
"traefik.http.routers.influxdb.entrypoints" = "websecure"
"traefik.http.routers.influxdb.middlewares" = "authelia"
"traefik.http.routers.influxdb.rule" = "Host(`influxdb.lan.ddnsgeek.com`)"
"traefik.http.routers.influxdb.tls.certresolver" = "myresolver"
"traefik.http.routers.influxdb.tls.options" = "mtls-private-admin@file"
"traefik.http.services.influxdb.loadbalancer.server.port" = "8086"
}
}
"monitor-kuma" = {
terraform_resource = "docker_container.monitor_kuma"
compose_project = "core"
compose_service = "monitor-kuma"
compose_file = "monitoring/uptime-kuma/docker-compose.yml"
container_name = "monitor-kuma"
image = "louislam/uptime-kuma:2.1.1"
image_source = "declared_image"
restart_policy = "always"
network_mode = null
networks = ["monitor", "traefik"]
mounts = ["bind:/home/nixos/docker/monitoring/uptime-kuma/data->/app/data"]
published_ports = []
build_context = null
build_dockerfile = null
useful_labels = {
"traefik.docker.network" = "core_traefik"
"traefik.enable" = "true"
"traefik.http.routers.monitor.entrypoints" = "websecure"
"traefik.http.routers.monitor.rule" = "Host(`monitor-kuma.lan.ddnsgeek.com`)"
"traefik.http.routers.monitor.tls" = "true"
"traefik.http.routers.monitor.tls.certresolver" = "myresolver"
"traefik.http.routers.monitor.tls.options" = "mtls-private-admin@file"
"traefik.http.services.monitor.loadbalancer.server.port" = "3001"
}
}
"mtls-bridge" = {
terraform_resource = "docker_container.mtls_bridge"
compose_project = "core"
compose_service = "mtls-bridge"
compose_file = "monitoring/mtls-bridge/docker-compose.yml"
container_name = "mtls-bridge"
image = "core-mtls-bridge"
image_source = "compose_build_inferred"
restart_policy = "unless-stopped"
network_mode = null
networks = ["monitor", "traefik"]
mounts = ["bind:/home/nixos/docker/core/traefik/certs->/certs:ro"]
published_ports = []
build_context = "/home/nixos/docker/monitoring/mtls-bridge"
build_dockerfile = "Dockerfile"
useful_labels = {
"traefik.docker.network" = "core_traefik"
"traefik.enable" = "true"
"traefik.http.middlewares.mtls-bridge-auth.basicauth.users" = ""
"traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowcredentials" = "true"
"traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowheaders" = "authorization,content-type,x-grafana-action,x-grafana-device-id"
"traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowmethods" = "GET,POST,PUT,PATCH,DELETE,OPTIONS"
"traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolalloworiginlist" = "https://grafana.lan.ddnsgeek.com"
"traefik.http.middlewares.mtls-bridge-cors.headers.addvaryheader" = "true"
"traefik.http.routers.mtls-bridge-preflight.entrypoints" = "websecure"
"traefik.http.routers.mtls-bridge-preflight.middlewares" = "mtls-bridge-cors"
"traefik.http.routers.mtls-bridge-preflight.priority" = "100"
"traefik.http.routers.mtls-bridge-preflight.rule" = "Host(`mtls-bridge.lan.ddnsgeek.com`) && Method(`OPTIONS`)"
"traefik.http.routers.mtls-bridge-preflight.service" = "mtls-bridge"
"traefik.http.routers.mtls-bridge-preflight.tls.certresolver" = "myresolver"
"traefik.http.routers.mtls-bridge.entrypoints" = "websecure"
"traefik.http.routers.mtls-bridge.middlewares" = "mtls-bridge-auth,mtls-bridge-cors"
"traefik.http.routers.mtls-bridge.rule" = "Host(`mtls-bridge.lan.ddnsgeek.com`)"
"traefik.http.routers.mtls-bridge.tls.certresolver" = "myresolver"
"traefik.http.services.mtls-bridge.loadbalancer.server.port" = "8080"
}
}
"nextcloud-db" = {
terraform_resource = "docker_container.nextcloud_db"
compose_project = "core"
compose_service = "nextcloud-db"
compose_file = "apps/nextcloud/docker-compose.yml"
container_name = "nextcloud-db"
image = "mariadb:11.4"
image_source = "declared_image"
restart_policy = "always"
network_mode = null
networks = ["nextcloud"]
mounts = ["bind:/home/nixos/docker/apps/nextcloud/database->/var/lib/mysql"]
published_ports = []
build_context = null
build_dockerfile = null
useful_labels = {}
}
"nextcloud-redis" = {
terraform_resource = "docker_container.nextcloud_redis"
compose_project = "core"
compose_service = "nextcloud-redis"
compose_file = "apps/nextcloud/docker-compose.yml"
container_name = "nextcloud-redis"
image = "redis"
image_source = "declared_image"
restart_policy = "always"
network_mode = null
networks = ["nextcloud"]
mounts = ["bind:/home/nixos/docker/apps/nextcloud/data/redis->/data"]
published_ports = []
build_context = null
build_dockerfile = null
useful_labels = {}
}
"nextcloud-webapp" = {
terraform_resource = "docker_container.nextcloud_webapp"
compose_project = "core"
compose_service = "nextcloud-webapp"
compose_file = "apps/nextcloud/docker-compose.yml"
container_name = "nextcloud-webapp"
image = "core-nextcloud-webapp"
image_source = "compose_build_inferred"
restart_policy = "always"
network_mode = null
networks = ["nextcloud", "traefik"]
mounts = ["bind:/home/nixos/docker/apps/nextcloud/data->/var/www/html/data", "bind:/home/nixos/docker/apps/nextcloud/config->/var/www/html/config", "tmpfs:->/tmp:exec"]
published_ports = []
build_context = "/home/nixos/docker/apps/nextcloud"
build_dockerfile = "Dockerfile"
useful_labels = {
"traefik.docker.network" = "core_traefik"
"traefik.enable" = "true"
"traefik.http.middlewares.nextcloud-dav.replacepathregex.regex" = "^/.well-known/ca(l|rd)dav"
"traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement" = "/remote.php/dav/"
"traefik.http.middlewares.nextcloud-nodeinfo.replacepathregex.regex" = "^/.well-known/nodeinfo"
"traefik.http.middlewares.nextcloud-nodeinfo.replacepathregex.replacement" = "/nextcloud/index.php/.well-known/nodeinfo/"
"traefik.http.middlewares.nextcloud-webfinger.redirectregex.permanent" = "true"
"traefik.http.middlewares.nextcloud-webfinger.redirectregex.regex" = "https://(.*)/.well-known/webfinger"
"traefik.http.middlewares.nextcloud-webfinger.redirectregex.replacement" = "https://$${1}/nextcloud/index.php/.well-known/webfinger"
"traefik.http.routers.nextcloud.entrypoints" = "websecure"
"traefik.http.routers.nextcloud.middlewares" = "nextcloud-dav, nextcloud-webfinger"
"traefik.http.routers.nextcloud.rule" = "Host(`nextcloud.lan.ddnsgeek.com`)"
"traefik.http.routers.nextcloud.tls.certresolver" = "myresolver"
}
}
"node-exporter" = {
terraform_resource = "docker_container.node_exporter"
compose_project = "core"
compose_service = "node-exporter"
compose_file = "monitoring/node-exporter/docker-compose.yml"
container_name = "node-exporter"
image = "prom/node-exporter:latest"
image_source = "declared_image"
restart_policy = "unless-stopped"
network_mode = null
networks = ["monitor"]
mounts = ["bind:/proc->/host/proc:ro", "bind:/sys->/host/sys:ro", "bind:/->/rootfs:ro"]
published_ports = []
build_context = null
build_dockerfile = null
useful_labels = {}
}
"node-red" = {
terraform_resource = "docker_container.node_red"
compose_project = "core"
compose_service = "node-red"
compose_file = "monitoring/node-red/docker-compose.yml"
container_name = "node-red"
image = "core-node-red"
image_source = "compose_build_inferred"
restart_policy = "unless-stopped"
network_mode = null
networks = ["monitor", "traefik"]
mounts = ["bind:/home/nixos/docker/monitoring/node-red/data->/data", "bind:/home/nixos/docker->/compose/docker:ro", "bind:/home/nixos/raspi->/compose/raspi:ro"]
published_ports = []
build_context = "/home/nixos/docker/monitoring/node-red"
build_dockerfile = "Dockerfile"
useful_labels = {
"traefik.docker.network" = "core_traefik"
"traefik.enable" = "true"
"traefik.http.routers.node-red.entrypoints" = "websecure"
"traefik.http.routers.node-red.middlewares" = "authelia"
"traefik.http.routers.node-red.rule" = "Host(`node-red.lan.ddnsgeek.com`)"
"traefik.http.routers.node-red.tls.certresolver" = "myresolver"
"traefik.http.routers.node-red.tls.options" = "mtls-private-admin@file"
"traefik.http.services.node-red.loadbalancer.server.port" = "1880"
}
}
"passbolt-db" = {
terraform_resource = "docker_container.passbolt_db"
compose_project = "core"
compose_service = "passbolt-db"
compose_file = "apps/passbolt/docker-compose.yml"
container_name = "passbolt-db"
image = "mariadb:12"
image_source = "declared_image"
restart_policy = "always"
network_mode = null
networks = ["passbolt"]
mounts = ["bind:/home/nixos/docker/apps/passbolt/data/database->/var/lib/mysql"]
published_ports = []
build_context = null
build_dockerfile = null
useful_labels = {}
}
"passbolt-webapp" = {
terraform_resource = "docker_container.passbolt_webapp"
compose_project = "core"
compose_service = "passbolt-webapp"
compose_file = "apps/passbolt/docker-compose.yml"
container_name = "passbolt-webapp"
image = "passbolt/passbolt:latest-ce"
image_source = "declared_image"
restart_policy = "always"
network_mode = null
networks = ["passbolt", "traefik"]
mounts = ["bind:/home/nixos/docker/apps/passbolt/data/gpg->/etc/passbolt/gpg", "bind:/home/nixos/docker/apps/passbolt/data/jwt->/etc/passbolt/jwt"]
published_ports = []
build_context = null
build_dockerfile = null
useful_labels = {
"traefik.docker.network" = "core_traefik"
"traefik.enable" = "true"
"traefik.http.routers.passbolt.entrypoints" = "websecure"
"traefik.http.routers.passbolt.rule" = "Host(`passbolt.lan.ddnsgeek.com`)"
"traefik.http.routers.passbolt.tls.certresolver" = "myresolver"
}
}
"pihole-exporter" = {
terraform_resource = "docker_container.pihole_exporter"
compose_project = "core"
compose_service = "pihole-exporter"
compose_file = "monitoring/pihole-exporter/docker-compose.yml"
container_name = "pihole-exporter"
image = "ekofr/pihole-exporter:latest"
image_source = "declared_image"
restart_policy = "unless-stopped"
network_mode = null
networks = ["monitor"]
mounts = []
published_ports = ["9617:9617/tcp"]
build_context = null
build_dockerfile = null
useful_labels = {}
}
"portainer" = {
terraform_resource = "docker_container.portainer"
compose_project = "core"
compose_service = "portainer"
compose_file = "monitoring/portainer/docker-compose.yml"
container_name = "portainer"
image = "portainer/portainer-ce:latest"
image_source = "declared_image"
restart_policy = "unless-stopped"
network_mode = null
networks = ["traefik"]
mounts = ["bind:/home/nixos/docker/monitoring/portainer/data->/data"]
published_ports = []
build_context = null
build_dockerfile = null
useful_labels = {
"traefik.enable" = "true"
"traefik.http.routers.portainer.entrypoints" = "websecure"
"traefik.http.routers.portainer.rule" = "Host(`portainer.lan.ddnsgeek.com`)"
"traefik.http.routers.portainer.tls" = "true"
"traefik.http.routers.portainer.tls.certresolver" = "myresolver"
"traefik.http.routers.portainer.tls.options" = "mtls-private-admin@file"
"traefik.http.services.portainer.loadbalancer.server.port" = "9000"
}
}
"prometheus" = {
terraform_resource = "docker_container.prometheus"
compose_project = "core"
compose_service = "prometheus"
compose_file = "monitoring/prometheus/docker-compose.yml"
container_name = "prometheus"
image = "prom/prometheus:latest"
image_source = "declared_image"
restart_policy = "unless-stopped"
network_mode = null
networks = ["monitor", "traefik"]
mounts = ["bind:/home/nixos/docker/monitoring/prometheus/prometheus.yml->/etc/prometheus/prometheus.yml:ro", "bind:/home/nixos/docker/monitoring/prometheus/data->/prometheus", "bind:/home/nixos/docker/monitoring/prometheus/rules->/etc/prometheus/rules:ro", "bind:/home/nixos/docker/secrets/prometheus_kuma_basic_auth_password.txt->/run/secrets/prometheus_kuma_basic_auth_password:ro"]
published_ports = []
build_context = null
build_dockerfile = null
useful_labels = {
"traefik.docker.network" = "core_traefik"
"traefik.enable" = "true"
"traefik.http.routers.prometheus.entrypoints" = "websecure"
"traefik.http.routers.prometheus.middlewares" = "authelia"
"traefik.http.routers.prometheus.rule" = "Host(`prometheus.lan.ddnsgeek.com`)"
"traefik.http.routers.prometheus.tls.certresolver" = "myresolver"
"traefik.http.routers.prometheus.tls.options" = "mtls-private-admin@file"
"traefik.http.services.prometheus.loadbalancer.server.port" = "9090"
}
}
"searxng-webapp" = {
terraform_resource = "docker_container.searxng-webapp"
compose_project = "core"
compose_service = "searxng-webapp"
compose_file = "apps/searxng/docker-compose.yml"
container_name = "searxng-webapp"
image = "searxng/searxng"
image_source = "declared_image"
restart_policy = "always"
network_mode = null
networks = ["traefik"]
mounts = []
published_ports = []
build_context = null
build_dockerfile = null
useful_labels = {
"traefik.enable" = "true"
"traefik.http.routers.searxng.entrypoints" = "websecure"
"traefik.http.routers.searxng.rule" = "Host(`searxng.lan.ddnsgeek.com`)"
"traefik.http.routers.searxng.tls.certresolver" = "myresolver"
"traefik.http.services.searxng.loadbalancer.server.port" = "8080"
}
}
"telegraf" = {
terraform_resource = "docker_container.telegraf"
compose_project = "core"
compose_service = "telegraf"
compose_file = "monitoring/telegraf/docker-compose.yml"
container_name = "telegraf"
image = "telegraf:latest"
image_source = "declared_image"
restart_policy = "unless-stopped"
network_mode = null
networks = ["monitor"]
mounts = ["bind:/home/nixos/docker/monitoring/telegraf/telegraf.conf->/etc/telegraf/telegraf.conf:ro", "bind:/home/nixos/docker/monitoring/node-red/data->/var/log/node-red:ro"]
published_ports = []
build_context = null
build_dockerfile = null
useful_labels = {}
}
"traefik" = {
terraform_resource = "docker_container.traefik"
compose_project = "core"
compose_service = "traefik"
compose_file = "core/traefik/docker-compose.yml"
container_name = "traefik"
image = "traefik:3"
image_source = "declared_image"
restart_policy = "always"
network_mode = null
networks = ["traefik"]
mounts = ["bind:/home/nixos/docker/core/traefik/data/letsencrypt->/letsencrypt", "bind:/home/nixos/docker/core/traefik/data/logs->/logs", "bind:/home/nixos/docker/core/traefik/certs->/etc/traefik/certs:ro", "bind:/home/nixos/docker/core/traefik/dynamic.yml->/etc/traefik/dynamic.yml:ro", "bind:/home/nixos/docker/core/traefik/traefik.yml->/etc/traefik/traefik.yml:ro", "bind:/home/nixos/docker/core/traefik/data/plugins->/plugins-storage"]
published_ports = ["80:80/tcp", "443:443/tcp"]
build_context = "/home/nixos/docker/core"
build_dockerfile = "Dockerfile"
useful_labels = {
"traefik.docker.network" = "core_traefik"
"traefik.enable" = "true"
"traefik.http.routers.traefik.entrypoints" = "websecure"
"traefik.http.routers.traefik.middlewares" = "authelia"
"traefik.http.routers.traefik.observability.tracing" = "true"
"traefik.http.routers.traefik.rule" = "Host(`traefik.lan.ddnsgeek.com`)"
"traefik.http.routers.traefik.service" = "api@internal"
"traefik.http.routers.traefik.tls.certresolver" = "myresolver"
"traefik.http.routers.traefik.tls.options" = "mtls-private-admin@file"
}
}
}
}
infrastructure/terraform/docker/crowdsec.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "crowdsec" {
name = local.docker_containers["crowdsec"].container_name
image = local.docker_containers["crowdsec"].image
restart = local.docker_containers["crowdsec"].restart_policy
labels = local.docker_containers["crowdsec"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/docker-socket-proxy.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "docker_socket_proxy" {
name = local.docker_containers["docker-socket-proxy"].container_name
image = local.docker_containers["docker-socket-proxy"].image
restart = local.docker_containers["docker-socket-proxy"].restart_policy
labels = local.docker_containers["docker-socket-proxy"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/docker-update-exporter.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "docker_update_exporter" {
name = local.docker_containers["docker-update-exporter"].container_name
image = local.docker_containers["docker-update-exporter"].image
restart = local.docker_containers["docker-update-exporter"].restart_policy
labels = local.docker_containers["docker-update-exporter"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/error-pages.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "error_pages" {
name = local.docker_containers["error-pages"].container_name
image = local.docker_containers["error-pages"].image
restart = local.docker_containers["error-pages"].restart_policy
labels = local.docker_containers["error-pages"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/gitea.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "gitea" {
name = local.docker_containers["gitea"].container_name
image = local.docker_containers["gitea"].image
restart = local.docker_containers["gitea"].restart_policy
labels = local.docker_containers["gitea"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/gotify.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "gotify" {
name = local.docker_containers["gotify"].container_name
image = local.docker_containers["gotify"].image
restart = local.docker_containers["gotify"].restart_policy
labels = local.docker_containers["gotify"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/grafana.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "grafana" {
name = local.docker_containers["grafana"].container_name
image = local.docker_containers["grafana"].image
restart = local.docker_containers["grafana"].restart_policy
labels = local.docker_containers["grafana"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/gramps-redis.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "gramps_redis" {
name = local.docker_containers["gramps-redis"].container_name
image = local.docker_containers["gramps-redis"].image
restart = local.docker_containers["gramps-redis"].restart_policy
labels = local.docker_containers["gramps-redis"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/gramps-web-celery.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "gramps_web_celery" {
name = local.docker_containers["gramps-web-celery"].container_name
image = local.docker_containers["gramps-web-celery"].image
restart = local.docker_containers["gramps-web-celery"].restart_policy
labels = local.docker_containers["gramps-web-celery"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/gramps-web.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "gramps_web" {
name = local.docker_containers["gramps-web"].container_name
image = local.docker_containers["gramps-web"].image
restart = local.docker_containers["gramps-web"].restart_policy
labels = local.docker_containers["gramps-web"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/influxdb.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "influxdb" {
name = local.docker_containers["influxdb"].container_name
image = local.docker_containers["influxdb"].image
restart = local.docker_containers["influxdb"].restart_policy
labels = local.docker_containers["influxdb"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/main.tf
+2 -26
View File
@@ -1,26 +1,2 @@
# Docker Terraform workflow in this repo: # Docker container resources are split into one file per container.
# 1) Add a minimal resource block for ONE existing container. # See container-catalog.tf for documentation-oriented metadata used by outputs.
# 2) Import that live container into state:
# terraform import docker_container.<name> <container_id_or_name>
# 3) Inspect imported arguments:
# terraform state show docker_container.<name>
# 4) Copy required arguments into this file and refine.
# 5) Repeat until terraform plan shows no unintended changes.
# Example skeleton for future imported containers (intentionally commented):
# resource "docker_container" "example_service" {
# name = "existing-container-name"
# image = "repo/image:tag"
#
# # Add additional arguments based on `terraform state show` output.
# # Keep values aligned with the live container so plan is a no-op.
# }
#resource "docker_container" "searxng-webapp" {
# name = "searxng-webapp"
# image = "searxng/searxng"
#}
#import {
# to = docker_container.searxng-webapp
# id = "5e755fc8478a3d088be12a1bb26df78e2f1990c56e1f7671f0cbf9761330092b"
#}
infrastructure/terraform/docker/monitor-kuma.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "monitor_kuma" {
name = local.docker_containers["monitor-kuma"].container_name
image = local.docker_containers["monitor-kuma"].image
restart = local.docker_containers["monitor-kuma"].restart_policy
labels = local.docker_containers["monitor-kuma"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/mtls-bridge.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "mtls_bridge" {
name = local.docker_containers["mtls-bridge"].container_name
image = local.docker_containers["mtls-bridge"].image
restart = local.docker_containers["mtls-bridge"].restart_policy
labels = local.docker_containers["mtls-bridge"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/nextcloud-db.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "nextcloud_db" {
name = local.docker_containers["nextcloud-db"].container_name
image = local.docker_containers["nextcloud-db"].image
restart = local.docker_containers["nextcloud-db"].restart_policy
labels = local.docker_containers["nextcloud-db"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/nextcloud-redis.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "nextcloud_redis" {
name = local.docker_containers["nextcloud-redis"].container_name
image = local.docker_containers["nextcloud-redis"].image
restart = local.docker_containers["nextcloud-redis"].restart_policy
labels = local.docker_containers["nextcloud-redis"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/nextcloud-webapp.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "nextcloud_webapp" {
name = local.docker_containers["nextcloud-webapp"].container_name
image = local.docker_containers["nextcloud-webapp"].image
restart = local.docker_containers["nextcloud-webapp"].restart_policy
labels = local.docker_containers["nextcloud-webapp"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/node-exporter.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "node_exporter" {
name = local.docker_containers["node-exporter"].container_name
image = local.docker_containers["node-exporter"].image
restart = local.docker_containers["node-exporter"].restart_policy
labels = local.docker_containers["node-exporter"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/node-red.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "node_red" {
name = local.docker_containers["node-red"].container_name
image = local.docker_containers["node-red"].image
restart = local.docker_containers["node-red"].restart_policy
labels = local.docker_containers["node-red"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/outputs.tf
+30 -11
View File
@@ -3,17 +3,36 @@ output "docker_host_in_use" {
value = var.docker_host value = var.docker_host
} }
output "managed_container_names" { output "docker_containers" {
description = "Names of containers intentionally tracked in Terraform configuration." description = "Documentation-shaped inventory of Docker containers managed via services-up.sh compose sources."
value = var.managed_container_names value = local.docker_containers
} }
output "import_reconciliation_steps" { output "docker_inventory" {
description = "Short reminder of the safe import-first workflow." description = "Compact Docker inventory suitable for export and merging into broader infrastructure docs."
value = [ value = {
"Create one docker_container block for an existing container.", compose_project = "core"
"Run terraform import for that block.", container_count = length(local.docker_containers)
"Run terraform state show and copy required arguments.", containers = {
"Refine config until terraform plan has no unintended changes.", for key, container in local.docker_containers : key => {
] compose_service = container.compose_service
compose_file = container.compose_file
container_name = container.container_name
image = container.image
image_source = container.image_source
build_context = container.build_context
network_mode = container.network_mode
networks = container.networks
published_ports = container.published_ports
mounts = container.mounts
restart_policy = container.restart_policy
labels = container.useful_labels
}
}
}
}
output "managed_container_names" {
description = "Names of containers intentionally tracked in Terraform documentation resources."
value = sort(keys(local.docker_containers))
} }
infrastructure/terraform/docker/passbolt-db.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "passbolt_db" {
name = local.docker_containers["passbolt-db"].container_name
image = local.docker_containers["passbolt-db"].image
restart = local.docker_containers["passbolt-db"].restart_policy
labels = local.docker_containers["passbolt-db"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/passbolt-webapp.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "passbolt_webapp" {
name = local.docker_containers["passbolt-webapp"].container_name
image = local.docker_containers["passbolt-webapp"].image
restart = local.docker_containers["passbolt-webapp"].restart_policy
labels = local.docker_containers["passbolt-webapp"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/pihole-exporter.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "pihole_exporter" {
name = local.docker_containers["pihole-exporter"].container_name
image = local.docker_containers["pihole-exporter"].image
restart = local.docker_containers["pihole-exporter"].restart_policy
labels = local.docker_containers["pihole-exporter"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/portainer.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "portainer" {
name = local.docker_containers["portainer"].container_name
image = local.docker_containers["portainer"].image
restart = local.docker_containers["portainer"].restart_policy
labels = local.docker_containers["portainer"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/prometheus.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "prometheus" {
name = local.docker_containers["prometheus"].container_name
image = local.docker_containers["prometheus"].image
restart = local.docker_containers["prometheus"].restart_policy
labels = local.docker_containers["prometheus"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/searxng-webapp.tf
+6 -46
View File
@@ -1,50 +1,10 @@
# -----------------------------------------------------------------------------
# AUTO-GENERATED BY reconcile_from_plan.sh
# Generated: 2026-04-14T10:53:00Z
# Source: terraform plan -generate-config-out
# Review carefully before apply.
# -----------------------------------------------------------------------------
# __generated__ by Terraform
# Please review these resources and move them into your main configuration files.
# __generated__ by Terraform from "5e755fc8478a3d088be12a1bb26df78e2f1990c56e1f7671f0cbf9761330092b"
resource "docker_container" "searxng-webapp" { resource "docker_container" "searxng-webapp" {
entrypoint = ["/usr/local/searxng/entrypoint.sh"] name = local.docker_containers["searxng-webapp"].container_name
hostname = "searxng.lan.ddnsgeek.com" image = local.docker_containers["searxng-webapp"].image
image = "sha256:6a9a175cd122c005abe2dc15d7cbfcd5109619e9dcccb511c34be244e10f49bc"
must_run = true restart = local.docker_containers["searxng-webapp"].restart_policy
name = "searxng-webapp"
network_mode = "core_traefik" labels = local.docker_containers["searxng-webapp"].useful_labels
read_only = true
restart = "always"
tmpfs = {
"/run" = ""
"/tmp" = ""
"/var" = ""
}
wait = false
wait_timeout = 60
working_dir = "/usr/local/searxng"
healthcheck {
interval = "20s"
retries = 8
start_period = "30s"
test = ["CMD-SHELL", "python3 -c \"import urllib.request,sys; r=urllib.request.urlopen('http://127.0.0.1:8080/', timeout=3); sys.exit(0 if 200<=r.status<400 else 1)\""]
timeout = "5s"
}
mounts {
read_only = false
source = "2255bde19ed136d348d29ada3d274eb3dbcb8aede13b246bbc9bac19fa38b37d"
target = "/var/cache/searxng"
type = "volume"
}
mounts {
read_only = false
source = "e7a1475c1265b7d1c15f7c4da10e93461f6f1bcf50fe8030131a6398509e2e48"
target = "/etc/searxng"
type = "volume"
}
lifecycle { lifecycle {
ignore_changes = [ ignore_changes = [
infrastructure/terraform/docker/telegraf.tf
+14
View File
@@ -0,0 +1,14 @@
resource "docker_container" "telegraf" {
name = local.docker_containers["telegraf"].container_name
image = local.docker_containers["telegraf"].image
restart = local.docker_containers["telegraf"].restart_policy
labels = local.docker_containers["telegraf"].useful_labels
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/traefik.tf
+69
View File
@@ -0,0 +1,69 @@
resource "docker_container" "traefik" {
name = local.docker_containers["traefik"].container_name
image = local.docker_containers["traefik"].image
restart = local.docker_containers["traefik"].restart_policy
labels = local.docker_containers["traefik"].useful_labels
network_mode = "core_traefik"
ports {
internal = 80
external = 80
protocol = "tcp"
}
ports {
internal = 443
external = 443
protocol = "tcp"
}
mounts {
type = "bind"
source = "/home/nixos/docker/core/traefik/data/letsencrypt"
target = "/letsencrypt"
read_only = false
}
mounts {
type = "bind"
source = "/home/nixos/docker/core/traefik/data/logs"
target = "/logs"
read_only = false
}
mounts {
type = "bind"
source = "/home/nixos/docker/core/traefik/certs"
target = "/etc/traefik/certs"
read_only = true
}
mounts {
type = "bind"
source = "/home/nixos/docker/core/traefik/dynamic.yml"
target = "/etc/traefik/dynamic.yml"
read_only = true
}
mounts {
type = "bind"
source = "/home/nixos/docker/core/traefik/traefik.yml"
target = "/etc/traefik/traefik.yml"
read_only = true
}
mounts {
type = "bind"
source = "/home/nixos/docker/core/traefik/data/plugins"
target = "/plugins-storage"
read_only = false
}
lifecycle {
ignore_changes = [
env,
]
}
}
infrastructure/terraform/docker/variables.tf
-6
View File
@@ -3,9 +3,3 @@ variable "docker_host" {
type = string type = string
default = "unix:///var/run/docker.sock" default = "unix:///var/run/docker.sock"
} }
variable "managed_container_names" {
description = "Human-maintained list of containers intentionally tracked in Terraform docs/outputs."
type = list(string)
default = ["searxng-webapp"]
}