225 lines
5.9 KiB
HCL
225 lines
5.9 KiB
HCL
# Description: This file contains the main Terraform configuration for the SonarQube Docker container configuration.
|
|
|
|
# Define the local variables
|
|
locals {
|
|
app_name = "searxng"
|
|
app_version = "latest"
|
|
app_src_port = "8080"
|
|
app_dst_port = "8080"
|
|
db_type = "redis"
|
|
db_version = "alpine"
|
|
db_src_port = "6379"
|
|
db_dst_port = "6379"
|
|
}
|
|
|
|
# Get the ID of the traefik_network
|
|
data "docker_network" "traefik_network" {
|
|
name = "traefik_network"
|
|
}
|
|
|
|
# Create Docker volumes dynamically based on service_volumes variable
|
|
resource "docker_volume" "service_volume" {
|
|
for_each = toset(flatten([
|
|
for svc, cfg in var.service_volumes : [
|
|
for vol_name, _ in cfg.volumes : vol_name
|
|
]
|
|
]))
|
|
name = each.value
|
|
}
|
|
|
|
# Create Docker images dynamically based on service_images variable
|
|
resource "docker_image" "database" {
|
|
name = "docker.io/library/${local.db_type}:${local.db_version}"
|
|
}
|
|
|
|
# Create Docker images dynamically based on service_images variable
|
|
resource "docker_image" "application" {
|
|
name = "docker.io/${local.app_name}/${local.app_name}:${local.app_version}"
|
|
}
|
|
|
|
# Create Docker images dynamically based on service_images variable
|
|
resource "docker_image" "tor" {
|
|
name = "docker.io/shinomineko/torproxy:latest"
|
|
}
|
|
|
|
resource "docker_container" "tor" {
|
|
image = docker_image.tor.image_id
|
|
name = "${local.app_name}-tor"
|
|
hostname = "${local.app_name}-tor"
|
|
command = [
|
|
"--Log", "notice stdout",
|
|
"--RunAsDaemon", "0",
|
|
"--SocksPort", "0.0.0.0:9050"
|
|
]
|
|
|
|
networks_advanced {
|
|
name = data.docker_network.traefik_network.name
|
|
}
|
|
|
|
#ports {
|
|
# internal = 9050
|
|
# external = 9050
|
|
#}
|
|
|
|
env = [
|
|
"ALLOW_UNKNOWN=true",
|
|
"SOCKS_PORT=9050"
|
|
]
|
|
}
|
|
|
|
# Create Docker containers dynamically based on service_volumes variable
|
|
resource "docker_container" "db" {
|
|
image = docker_image.database.image_id
|
|
name = "${local.app_name}-${local.db_type}-db"
|
|
hostname = "${local.app_name}-db"
|
|
command = ["--save", "30", "1", "--loglevel", "warning"]
|
|
|
|
networks_advanced {
|
|
name = data.docker_network.traefik_network.name
|
|
}
|
|
|
|
dynamic "volumes" {
|
|
for_each = var.service_volumes["database"].volumes
|
|
iterator = volume
|
|
content {
|
|
volume_name = docker_volume.service_volume[volume.key].name
|
|
container_path = volume.value
|
|
}
|
|
}
|
|
|
|
restart = "always"
|
|
capabilities {
|
|
drop = ["ALL"]
|
|
add = ["SETGID", "SETUID", "DAC_OVERRIDE"]
|
|
}
|
|
|
|
#logging {
|
|
# driver = "json-file"
|
|
# options = {
|
|
# "max-size" = "1m"
|
|
# "max-file" = "1"
|
|
# }
|
|
#}
|
|
}
|
|
|
|
# Create Docker containers dynamically based on service_volumes variable
|
|
resource "docker_container" "application" {
|
|
image = docker_image.application.image_id
|
|
name = local.app_name
|
|
hostname = local.app_name
|
|
networks_advanced {
|
|
name = data.docker_network.traefik_network.name
|
|
}
|
|
env = [
|
|
"SEARXNG_BASE_URL=https://search.bsdserver.nl/",
|
|
]
|
|
|
|
dynamic "volumes" {
|
|
for_each = var.service_volumes["application"].volumes
|
|
iterator = volume
|
|
content {
|
|
volume_name = docker_volume.service_volume[volume.key].name
|
|
container_path = volume.value
|
|
}
|
|
}
|
|
|
|
capabilities {
|
|
drop = ["ALL"]
|
|
add = ["CHOWN", "SETGID", "SETUID"]
|
|
}
|
|
|
|
#logging {
|
|
# driver = "json-file"
|
|
# options = {
|
|
# "max-size" = "1m"
|
|
# "max-file" = "1"
|
|
# }
|
|
#}
|
|
|
|
upload {
|
|
content = file("${path.module}/files/settings.yml")
|
|
file = "/etc/searxng/settings.yml"
|
|
}
|
|
|
|
upload {
|
|
content = file("${path.module}/files/limiter.toml")
|
|
file = "/etc/searxng/limiter.toml"
|
|
}
|
|
|
|
labels {
|
|
label = "traefik.enable"
|
|
value = "true"
|
|
}
|
|
|
|
labels {
|
|
label = "traefik.http.routers.searxng.entrypoints"
|
|
value = "websecure"
|
|
}
|
|
|
|
labels {
|
|
label = "traefik.http.routers.searxng.rule"
|
|
value = "Host(`search.bsdserver.nl`)"
|
|
}
|
|
|
|
labels {
|
|
label = "traefik.http.services.searxng.loadBalancer.server.port"
|
|
value = 8080
|
|
}
|
|
|
|
labels {
|
|
label = "traefik.http.routers.searxng.tls"
|
|
value = "true"
|
|
}
|
|
|
|
labels {
|
|
label = "traefik.http.routers.searxng.tls.certresolver"
|
|
value = "production"
|
|
}
|
|
|
|
labels {
|
|
label = "traefik.http.middlewares.searxng-headers.headers.customresponseheaders.Strict-Transport-Security"
|
|
value = "max-age=31536000; includeSubDomains; preload"
|
|
}
|
|
|
|
labels {
|
|
label = "traefik.http.middlewares.searxng-headers.headers.customresponseheaders.X-XSS-Protection"
|
|
value = "1; mode=block"
|
|
}
|
|
|
|
labels {
|
|
label = "traefik.http.middlewares.searxng-headers.headers.customresponseheaders.X-Content-Type-Options"
|
|
value = "nosniff"
|
|
}
|
|
|
|
labels {
|
|
label = "traefik.http.middlewares.searxng-headers.headers.customresponseheaders.Permissions-Policy"
|
|
value = "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()"
|
|
}
|
|
|
|
labels {
|
|
label = "traefik.http.middlewares.searxng-headers.headers.customresponseheaders.Referrer-Policy"
|
|
value = "no-referrer"
|
|
}
|
|
|
|
labels {
|
|
label = "traefik.http.middlewares.searxng-headers.headers.customresponseheaders.X-Robots-Tag"
|
|
value = "noindex, noarchive, nofollow"
|
|
}
|
|
|
|
labels {
|
|
label = "traefik.http.routers.searxng.middlewares"
|
|
value = "searxng-headers"
|
|
}
|
|
|
|
##labels {
|
|
## label = "traefik.http.routers.searxng.middlewares"
|
|
## value = "forward-auth"
|
|
##}
|
|
|
|
restart = "always"
|
|
|
|
depends_on = [
|
|
docker_container.db
|
|
]
|
|
}
|