feat: Caddy deployment with terraform

terraform/.gitignore

@@ -0,0 +1,34 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc

terraform/main.tf

@@ -0,0 +1,8 @@
+module "caddy" {
+  source               = "./modules/caddy"
+  cloudflare_api_token = var.cloudflare_caddy_api_token
+  endpoint = "192.168.15.92"
+  providers = {
+    nomad = nomad
+  }
+}

terraform/modules/caddy/conf/Caddyfile

@@ -0,0 +1,6 @@
+nomad.lab.marioverde.com.br {
+    reverse_proxy "${endpoint}:4646"
+    tls {
+	    dns cloudflare "${cloudflare_api_token}"
+    }
+}

terraform/modules/caddy/conf/caddy.hcl

@@ -0,0 +1,76 @@
+job "caddy" {
+  datacenters = ["dc"]
+  type        = "service"
+
+  group "proxy" {
+    count = 1
+
+    network {
+
+      port "http" {
+        static = 80
+        to     = 80
+      }
+
+      port "https" {
+        static = 443
+        to     = 443
+      }
+    }
+
+    restart {
+      attempts = 2
+      interval = "2m"
+      delay    = "30s"
+      mode     = "fail"
+    }
+
+    task "internal" {
+      driver = "docker"
+
+      config {
+        image = "mrkaran/caddy:latest"
+
+        volumes = [
+          "${NOMAD_ALLOC_DIR}/caddy/data:/data",
+        ]
+
+        # Bind the config file to container.
+        mount {
+          type   = "bind"
+          source = "configs"
+          target = "/etc/caddy" # Bind mount the template from `NOMAD_TASK_DIR`.
+        }
+        ports = ["http", "https"]
+      }
+
+      resources {
+        cpu    = 100
+        memory = 100
+      }
+
+      service {
+            name = "caddy-http"
+            port = "http"
+            provider = "nomad"
+        }
+      
+      service {
+            name = "caddy-http"
+            port = "https"
+            provider = "nomad"
+        }
+
+      template {
+        data = <<EOF
+            ${caddyfile}
+        EOF
+
+        destination = "configs/Caddyfile" # Rendered template.
+
+        # Caddy doesn't support reload via signals as of 
+        change_mode = "restart"
+      }
+    }
+  }
+}

terraform/modules/caddy/data.tf

@@ -0,0 +1,7 @@
+data "template_file" "caddyfile" {
+  template = file("${path.module}/conf/Caddyfile")
+  vars = {
+    cloudflare_api_token = var.cloudflare_api_token
+    endpoint = var.endpoint
+  }
+}

terraform/modules/caddy/job.tf

@@ -0,0 +1,6 @@
+resource "nomad_job" "app" {
+  jobspec = templatefile("${path.module}/conf/caddy.hcl", {
+    caddyfile = data.template_file.caddyfile.rendered
+    NOMAD_ALLOC_DIR = "/alloc"
+  })
+}

terraform/modules/caddy/providers..tf

@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    nomad = {
+      source = "hashicorp/nomad"
+      version = "2.0.0-rc.1"
+    }
+  }
+  required_version = ">= 0.14"
+}

terraform/modules/caddy/variables.tf

@@ -0,0 +1,9 @@
+variable "cloudflare_api_token" {
+  type        = string
+  description = "Cloudflare API token to edit DNS Zones and Records."
+}
+
+variable "endpoint" {
+  type = string
+  description = "Nomad's server endpoint, the machine IP Address so we can reverse proxy our services."
+}

terraform/providers.tf

@@ -0,0 +1,14 @@
+# Configure the Nomad provider.
+provider "nomad" {
+  address = "http://192.168.15.92:4646"
+}
+
+terraform {
+  required_providers {
+    nomad = {
+      source = "hashicorp/nomad"
+      version = "2.0.0-rc.1"
+    }
+  }
+  required_version = ">= 0.14"
+}

terraform/variables.tf

@@ -0,0 +1,4 @@
+variable "cloudflare_caddy_api_token" {
+  type        = string
+  description = "API key to edit TLS in DNS zones in Cloudflare used by Caddy"
+}