From d2154b0efcf20bc1c5f02fd95ee899b0bbfdaded Mon Sep 17 00:00:00 2001 From: Luigi Oliveira Date: Wed, 9 Aug 2023 21:37:50 -0300 Subject: [PATCH] feat: Caddy deployment with terraform --- terraform/.gitignore | 34 ++++++++++++ terraform/main.tf | 8 +++ terraform/modules/caddy/conf/Caddyfile | 6 ++ terraform/modules/caddy/conf/caddy.hcl | 76 ++++++++++++++++++++++++++ terraform/modules/caddy/data.tf | 7 +++ terraform/modules/caddy/job.tf | 6 ++ terraform/modules/caddy/providers..tf | 9 +++ terraform/modules/caddy/variables.tf | 9 +++ terraform/providers.tf | 14 +++++ terraform/variables.tf | 4 ++ 10 files changed, 173 insertions(+) create mode 100644 terraform/.gitignore create mode 100644 terraform/main.tf create mode 100644 terraform/modules/caddy/conf/Caddyfile create mode 100644 terraform/modules/caddy/conf/caddy.hcl create mode 100644 terraform/modules/caddy/data.tf create mode 100644 terraform/modules/caddy/job.tf create mode 100644 terraform/modules/caddy/providers..tf create mode 100644 terraform/modules/caddy/variables.tf create mode 100644 terraform/providers.tf create mode 100644 terraform/variables.tf diff --git a/terraform/.gitignore b/terraform/.gitignore new file mode 100644 index 0000000..dc82526 --- /dev/null +++ b/terraform/.gitignore @@ -0,0 +1,34 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc \ No newline at end of file diff --git a/terraform/main.tf b/terraform/main.tf new file mode 100644 index 0000000..1e4997d --- /dev/null +++ b/terraform/main.tf @@ -0,0 +1,8 @@ +module "caddy" { + source = "./modules/caddy" + cloudflare_api_token = var.cloudflare_caddy_api_token + endpoint = "192.168.15.92" + providers = { + nomad = nomad + } +} \ No newline at end of file diff --git a/terraform/modules/caddy/conf/Caddyfile b/terraform/modules/caddy/conf/Caddyfile new file mode 100644 index 0000000..bedfa50 --- /dev/null +++ b/terraform/modules/caddy/conf/Caddyfile @@ -0,0 +1,6 @@ +nomad.lab.marioverde.com.br { + reverse_proxy "${endpoint}:4646" + tls { + dns cloudflare "${cloudflare_api_token}" + } +} \ No newline at end of file diff --git a/terraform/modules/caddy/conf/caddy.hcl b/terraform/modules/caddy/conf/caddy.hcl new file mode 100644 index 0000000..7bf5a94 --- /dev/null +++ b/terraform/modules/caddy/conf/caddy.hcl @@ -0,0 +1,76 @@ +job "caddy" { + datacenters = ["dc"] + type = "service" + + group "proxy" { + count = 1 + + network { + + port "http" { + static = 80 + to = 80 + } + + port "https" { + static = 443 + to = 443 + } + } + + restart { + attempts = 2 + interval = "2m" + delay = "30s" + mode = "fail" + } + + task "internal" { + driver = "docker" + + config { + image = "mrkaran/caddy:latest" + + volumes = [ + "${NOMAD_ALLOC_DIR}/caddy/data:/data", + ] + + # Bind the config file to container. + mount { + type = "bind" + source = "configs" + target = "/etc/caddy" # Bind mount the template from `NOMAD_TASK_DIR`. + } + ports = ["http", "https"] + } + + resources { + cpu = 100 + memory = 100 + } + + service { + name = "caddy-http" + port = "http" + provider = "nomad" + } + + service { + name = "caddy-http" + port = "https" + provider = "nomad" + } + + template { + data = <