Patrick de Ruiter
88f64911a7
All checks were successful
Code Quality & Security Scan / TFLint (push) Successful in 18s
Code Quality & Security Scan / Terraform Destroy (push) Has been skipped
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 27s
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 44s
Code Quality & Security Scan / Terraform Validate (push) Successful in 39s
Code Quality & Security Scan / SonarQube Scan (push) Successful in 37s
Code Quality & Security Scan / Terraform Plan (push) Successful in 1m24s
Code Quality & Security Scan / Terraform Apply (push) Successful in 1m31s
Added dns_servers variable to allow configuring custom DNS servers for the container to resolve internal hostnames. Changes: - Added dns_servers variable (list of strings, default empty) - Added dns configuration to docker_container resource in main.tf - Allows container to resolve internal domains like gitea.bsdserver.nl This fixes the ENOTFOUND DNS resolution error where the container couldn't resolve internal Gitea hostname, which was being reported as an "Authentication failure" but was actually a network/DNS issue. The error was: getaddrinfo ENOTFOUND gitea.bsdserver.nl Usage: dns_servers = ["192.168.x.x", "192.168.x.y"] If not specified (default), container uses Docker's default DNS.
99 lines
2.9 KiB
HCL
99 lines
2.9 KiB
HCL
# Get Traefik network
|
|
data "docker_network" "traefik_network" {
|
|
name = "traefik_network"
|
|
}
|
|
|
|
# Create volumes for Renovate
|
|
resource "docker_volume" "renovate_config" {
|
|
name = "renovate-config"
|
|
}
|
|
|
|
resource "docker_volume" "renovate_cache" {
|
|
name = "renovate-cache"
|
|
}
|
|
|
|
# Pull Renovate image
|
|
resource "docker_image" "renovate" {
|
|
name = var.renovate_image
|
|
keep_locally = true
|
|
}
|
|
|
|
# Create Renovate container
|
|
resource "docker_container" "renovate" {
|
|
image = docker_image.renovate.image_id
|
|
name = var.container_name
|
|
hostname = var.container_name
|
|
restart = var.restart_policy
|
|
|
|
# Resource limits
|
|
memory = var.memory_limit
|
|
memory_swap = var.memory_swap_limit
|
|
|
|
# Environment variables for Renovate
|
|
env = concat(
|
|
[
|
|
"RENOVATE_PLATFORM=${data.vault_generic_secret.renovate.data["renovate_platform"]}",
|
|
"RENOVATE_ENDPOINT=${data.vault_generic_secret.renovate.data["renovate_endpoint"]}",
|
|
"RENOVATE_TOKEN=${data.vault_generic_secret.renovate.data["renovate_token"]}",
|
|
"RENOVATE_GIT_AUTHOR=${data.vault_generic_secret.renovate.data["renovate_git_author"]}",
|
|
"RENOVATE_USERNAME=${data.vault_generic_secret.renovate.data["renovate_username"]}",
|
|
"RENOVATE_AUTODISCOVER=${var.renovate_autodiscover}",
|
|
"LOG_LEVEL=${var.log_level}"
|
|
],
|
|
var.github_com_token != "" ? ["GITHUB_COM_TOKEN=${var.github_com_token}"] : [],
|
|
var.extra_env_vars
|
|
)
|
|
|
|
# Network configuration
|
|
networks_advanced {
|
|
name = data.docker_network.traefik_network.name
|
|
}
|
|
|
|
# DNS configuration for internal hostname resolution
|
|
dns = var.dns_servers
|
|
|
|
# Volumes
|
|
volumes {
|
|
volume_name = docker_volume.renovate_config.name
|
|
container_path = "/usr/src/app/config"
|
|
}
|
|
|
|
volumes {
|
|
volume_name = docker_volume.renovate_cache.name
|
|
container_path = "/tmp/renovate"
|
|
}
|
|
|
|
# Upload config.js if enabled
|
|
dynamic "upload" {
|
|
for_each = var.upload_config_file ? [1] : []
|
|
content {
|
|
content = templatefile("${path.module}/files/config.js.tpl", {
|
|
platform = data.vault_generic_secret.renovate.data["renovate_platform"]
|
|
endpoint = data.vault_generic_secret.renovate.data["renovate_endpoint"]
|
|
git_author = data.vault_generic_secret.renovate.data["renovate_git_author"]
|
|
username = data.vault_generic_secret.renovate.data["renovate_username"]
|
|
autodiscover = var.renovate_autodiscover
|
|
onboarding_config = var.renovate_onboarding_config
|
|
})
|
|
file = "/usr/src/app/config.js"
|
|
}
|
|
}
|
|
|
|
lifecycle {
|
|
ignore_changes = [
|
|
command,
|
|
entrypoint
|
|
]
|
|
}
|
|
}
|
|
|
|
# DNS CNAME record for Renovate (optional, if web interface is needed)
|
|
resource "dns_cname_record" "renovate_cname" {
|
|
count = var.create_cname_record ? 1 : 0
|
|
|
|
zone = "${var.domain}."
|
|
ttl = 300
|
|
name = coalesce(var.dns_name, var.container_name)
|
|
cname = "hosting.${var.domain}."
|
|
}
|