Improve ports configuration

2024-10-21 01:52:16 +02:00 · 2024-10-21 01:52:16 +02:00 · e17156a8ca
commit e17156a8ca
parent ff92241ddb
6 changed files with 37 additions and 10 deletions
--- a/modules/infrastructure/variables.tf
+++ b/modules/infrastructure/variables.tf
@ -23,8 +23,6 @@ variable "services" {
      name = string
      type = string
    })))
-    ports = optional(list(string))
-    certificates = optional(list(string))
    auth = bool
    auth_cert = optional(string)
    auth_redirects = optional(list(string))
--- a/modules/services/variables.tf
+++ b/modules/services/variables.tf
@ -14,8 +14,6 @@ variable "services" {
      name = string
      type = string
    })))
-    ports = optional(list(string))
-    certificates = optional(list(string))
    auth = bool
    auth_cert = optional(string)
    auth_redirects = optional(list(string))
--- a/playbooks/filter_plugins/service_filters.py
+++ b/playbooks/filter_plugins/service_filters.py
@ -5,6 +5,7 @@ class FilterModule(object):
            'services_to_dnscontrol': self.services_to_dnscontrol,
            'services_get_backups': self.services_get_backups,
            'service_get_backups': self.service_get_backups,
+            'services_ports_to_docker': self.services_ports_to_docker,
            'service_get_domain': self.service_get_domain,
        }

@ -46,6 +47,14 @@ class FilterModule(object):
                    return dns_0.get("domain")
        return None

+    def services_ports_to_docker(self, ports, type_filter=None):
+        result = []
+        for port in ports:
+            if type_filter and port.get("type") != type_filter:
+                continue
+            result.append(f"{port['port']}:{port['port']}/{port['protocol']}")
+        return result
+
    def services_to_dnscontrol(self, services):
        result = {}
        for service in services:
--- a/playbooks/roles/caddy/vars/main.yml
+++ b/playbooks/roles/caddy/vars/main.yml
@ -6,7 +6,7 @@ caddy_acmedns_url: "https://{{ acme_dns.host }}"

 caddy_ports_default:
  - "{{ host_vpn.ip }}:2019:2019"
-caddy_ports_extra: "{{ host_services | map(attribute='ports') | flatten }}"
+caddy_ports_extra: "{{ host_services | map(attribute='ports') | flatten | services_ports_to_docker('reverse_proxy') }}"
 caddy_ports: "{{ caddy_ports_default | union(caddy_ports_extra) }}"

 caddy_env:
--- a/services.auto.tfvars
+++ b/services.auto.tfvars
@ -42,9 +42,21 @@ services = {
    name = "caddy"
    host = "*"
    ports = [
-      "80:80",
-      "443:443",
-      "443:443/udp",
+      {
+        port = 80
+        protocol = "tcp"
+        type = "reverse_proxy"
+      },
+      {
+        port = 443
+        protocol = "tcp"
+        type = "reverse_proxy"
+      },
+      {
+        port = 443
+        protocol = "tcp"
+        type = "reverse_proxy"
+      },
      #"2019:2019",
    ]
    auth = false
@ -418,7 +430,13 @@ services = {
      url = "/_matrix/client/versions"
      group = "4-services"
    }
-    ports = ["8448:8448"]
+    ports = [
+      {
+        port = 8448
+        protocol = "tcp"
+        type = "reverse_proxy"
+      }
+    ]
    auth = true
    auth_redirects = ["https://matrix.serguzim.me/_synapse/client/oidc/callback"]
    database = true
--- a/variables.tf
+++ b/variables.tf
@ -145,7 +145,11 @@ variable "services" {
      group = optional(string)
      conditions = optional(list(string))
    }))
-    ports = optional(list(string))
+    ports = optional(list(object({
+      port = number
+      protocol = string
+      type = string
+    })))
    certificates = optional(list(string))
    auth = bool
    auth_cert = optional(string)