Browse Source

feat: add caddy

pull/3/head
Karan Sharma 1 year ago
parent
commit
60aa99277e
  1. 10
      floyd/terraform/bookstack/container.tf
  2. 6
      floyd/terraform/bookstack/mariadb.tf
  3. 20
      floyd/terraform/caddy/conf/Caddyfile.tpl
  4. 37
      floyd/terraform/caddy/container.tf
  5. 6
      floyd/terraform/caddy/data.tf
  6. 8
      floyd/terraform/caddy/image.tf
  7. 5
      floyd/terraform/caddy/network.tf
  8. 7
      floyd/terraform/caddy/variables.tf
  9. 8
      floyd/terraform/caddy/versions.tf
  10. 6
      floyd/terraform/digitalocean-infra/firewalls.tf
  11. 10
      floyd/terraform/digitalocean-infra/main.tf
  12. 3
      floyd/terraform/env.sample
  13. 10
      floyd/terraform/gitea/container.tf
  14. 5
      floyd/terraform/gitea/network.tf
  15. 6
      floyd/terraform/main.tf
  16. 12
      floyd/terraform/pihole/container.tf
  17. 5
      floyd/terraform/pihole/network.tf
  18. 15
      floyd/terraform/unbound/container.tf
  19. 5
      floyd/terraform/unbound/network.tf
  20. 5
      floyd/terraform/variables.tf

10
floyd/terraform/bookstack/container.tf

@ -16,8 +16,12 @@ resource "docker_container" "bookstack" {
protocol = "tcp"
}
networks_advanced {
name = docker_network.bookstack.name
networks_advanced {
name = docker_network.bookstack.name
}
networks_advanced {
name = "caddy"
}
env = [
@ -28,7 +32,7 @@ resource "docker_container" "bookstack" {
"DB_PASS=${var.bookstack_mariadb_password}",
"DB_DATABASE=bookstackapp"
]
restart = "unless-stopped"
destroy_grace_seconds = 30
must_run = true

6
floyd/terraform/bookstack/mariadb.tf

@ -8,7 +8,7 @@ resource "docker_container" "bookstack_db" {
host_path = "/data/bookstack"
container_path = "/config"
}
env = [
"TZ=Asia/Kolkata",
"MYSQL_DATABASE=bookstackapp",
@ -18,8 +18,8 @@ resource "docker_container" "bookstack_db" {
"PGID=1000"
]
networks_advanced {
name = docker_network.bookstack.name
networks_advanced {
name = docker_network.bookstack.name
}
restart = "unless-stopped"

20
floyd/terraform/caddy/conf/Caddyfile.tpl

@ -0,0 +1,20 @@
git.mrkaran.dev {
reverse_proxy gitea:3000
tls {
dns cloudflare "${cloudflare_api_token}"
}
}
pi.mrkaran.dev {
reverse_proxy pihole:80
tls {
dns cloudflare "${cloudflare_api_token}"
}
}
wiki.mrkaran.dev {
reverse_proxy bookstack:80
tls {
dns cloudflare "${cloudflare_api_token}"
}
}

37
floyd/terraform/caddy/container.tf

@ -0,0 +1,37 @@
resource "docker_container" "caddy" {
name = "caddy"
image = docker_image.caddy.latest
volumes {
host_path = "/data/caddy"
container_path = "/data"
}
# Caddyfile
upload {
content = data.template_file.caddyfile.rendered
file = "/etc/caddy/Caddyfile"
}
ports {
internal = 443
external = 443
ip = var.ips["tailscale_floyd"]
protocol = "tcp"
}
ports {
internal = 80
external = 80
ip = var.ips["tailscale_floyd"]
protocol = "tcp"
}
networks_advanced {
name = docker_network.caddy.name
}
restart = "unless-stopped"
destroy_grace_seconds = 30
must_run = true
}

6
floyd/terraform/caddy/data.tf

@ -0,0 +1,6 @@
data "template_file" "caddyfile" {
template = "${file("${path.module}/conf/Caddyfile.tpl")}"
vars = {
cloudflare_api_token = "${var.cloudflare_api_token}"
}
}

8
floyd/terraform/caddy/image.tf

@ -0,0 +1,8 @@
data "docker_registry_image" "caddy" {
name = "mrkaran/caddy:latest"
}
resource "docker_image" "caddy" {
name = data.docker_registry_image.caddy.name
pull_triggers = [data.docker_registry_image.caddy.sha256_digest]
}

5
floyd/terraform/caddy/network.tf

@ -0,0 +1,5 @@
resource "docker_network" "caddy" {
name = "caddy"
driver = "bridge"
internal = "false"
}

7
floyd/terraform/caddy/variables.tf

@ -0,0 +1,7 @@
variable "ips" {
type = map
}
variable "cloudflare_api_token" {
type = string
}

8
floyd/terraform/caddy/versions.tf

@ -0,0 +1,8 @@
terraform {
required_providers {
docker = {
source = "terraform-providers/docker"
}
}
required_version = ">= 0.13"
}

6
floyd/terraform/digitalocean-infra/firewalls.tf

@ -1,17 +1,17 @@
resource "digitalocean_firewall" "web" {
name = "allow-http-https-cf-inbound"
name = "allow-http-https-tailscale"
droplet_ids = [digitalocean_droplet.floyd.id]
inbound_rule {
protocol = "tcp"
port_range = "80"
source_addresses = ["173.245.48.0/20","103.21.244.0/22","103.22.200.0/22","103.31.4.0/22","141.101.64.0/18","108.162.192.0/18","190.93.240.0/20","188.114.96.0/20","197.234.240.0/22","198.41.128.0/17","162.158.0.0/15","104.16.0.0/12","172.64.0.0/13","131.0.72.0/22","2400:cb00::/32","2606:4700::/32","2803:f800::/32","2405:b500::/32","2405:8100::/32","2a06:98c0::/29","2c0f:f248::/32"]
source_addresses = ["100.64.0.0/10"]
}
inbound_rule {
protocol = "tcp"
port_range = "443"
source_addresses = ["173.245.48.0/20","103.21.244.0/22","103.22.200.0/22","103.31.4.0/22","141.101.64.0/18","108.162.192.0/18","190.93.240.0/20","188.114.96.0/20","197.234.240.0/22","198.41.128.0/17","162.158.0.0/15","104.16.0.0/12","172.64.0.0/13","131.0.72.0/22","2400:cb00::/32","2606:4700::/32","2803:f800::/32","2405:b500::/32","2405:8100::/32","2a06:98c0::/29","2c0f:f248::/32"]
source_addresses = ["100.64.0.0/10"]
}
}

10
floyd/terraform/digitalocean-infra/main.tf

@ -6,11 +6,11 @@ resource "digitalocean_ssh_key" "mrkaran" {
# Create a new droplet in the blr1 region (master node)
resource "digitalocean_droplet" "floyd" {
image = "ubuntu-20-04-x64"
name = "floyd"
region = "blr1"
monitoring = true
size = "s-1vcpu-2gb"
image = "ubuntu-20-04-x64"
name = "floyd"
region = "blr1"
monitoring = true
size = "s-1vcpu-2gb"
ipv6 = true
private_networking = true
tags = [

3
floyd/terraform/env.sample

@ -0,0 +1,3 @@
DIGITALOCEAN_TOKEN=
TF_VAR_bookstack_mariadb_password=
TF_VAR_cloudflare_api_token=

10
floyd/terraform/gitea/container.tf

@ -8,7 +8,7 @@ resource "docker_container" "gitea" {
host_path = "/data/gitea/"
container_path = "/data/"
}
# https://tools.ietf.org/html/rfc5966
# mentions to support TCP for DNS.
ports {
@ -26,6 +26,14 @@ resource "docker_container" "gitea" {
protocol = "tcp"
}
networks_advanced {
name = docker_network.gitea.name
}
networks_advanced {
name = "caddy"
}
restart = "unless-stopped"
destroy_grace_seconds = 30
must_run = true

5
floyd/terraform/gitea/network.tf

@ -0,0 +1,5 @@
resource "docker_network" "gitea" {
name = "gitea"
driver = "bridge"
internal = "false"
}

6
floyd/terraform/main.tf

@ -22,3 +22,9 @@ module "bookstack" {
ips = var.ips
bookstack_mariadb_password = var.bookstack_mariadb_password
}
module "caddy" {
source = "./caddy"
ips = var.ips
cloudflare_api_token = var.cloudflare_api_token
}

12
floyd/terraform/pihole/container.tf

@ -8,7 +8,7 @@ resource "docker_container" "pihole" {
host_path = "/data/pihole/etc-pihole/"
container_path = "/etc/pihole/"
}
volumes {
host_path = "/data/pihole/etc-dnsmasq.d/"
container_path = "/etc/dnsmasq.d/"
@ -51,7 +51,15 @@ resource "docker_container" "pihole" {
env = [
"TZ=Asia/Kolkata",
]
networks_advanced {
name = docker_network.pihole.name
}
networks_advanced {
name = "caddy"
}
restart = "unless-stopped"
destroy_grace_seconds = 30
must_run = true

5
floyd/terraform/pihole/network.tf

@ -0,0 +1,5 @@
resource "docker_network" "pihole" {
name = "pihole"
driver = "bridge"
internal = "false"
}

15
floyd/terraform/unbound/container.tf

@ -4,11 +4,6 @@ resource "docker_container" "unbound" {
name = "unbound"
image = docker_image.unbound.latest
# volumes {
# host_path = "/data/unbound"
# container_path = "/opt/unbound/etc/unbound/"
# }
# https://tools.ietf.org/html/rfc5966
# mentions to support TCP for DNS.
ports {
@ -25,7 +20,15 @@ resource "docker_container" "unbound" {
ip = var.ips["tailscale_floyd"]
protocol = "udp"
}
networks_advanced {
name = docker_network.unbound.name
}
networks_advanced {
name = "pihole"
}
restart = "unless-stopped"
destroy_grace_seconds = 30
must_run = true

5
floyd/terraform/unbound/network.tf

@ -0,0 +1,5 @@
resource "docker_network" "unbound" {
name = "unbound"
driver = "bridge"
internal = "false"
}

5
floyd/terraform/variables.tf

@ -11,3 +11,8 @@ variable "bookstack_mariadb_password" {
type = string
description = "Password for Bookstack MariaDB server"
}
variable "cloudflare_api_token" {
type = string
description = "API key to edit DNS zones in Cloudflare"
}

Loading…
Cancel
Save