Fix up bugs with services that don't need traefik among other things

matthewbaggett · Jan 16, 2025 · 0c1b34c · 0c1b34c
1 parent 0be3d94
commit 0c1b34c
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 10 deletions.
diff --git a/docker/service/outputs.tf b/docker/service/outputs.tf
@@ -14,7 +14,14 @@ output "docker_service" {
   value = docker_service.instance
 }
 locals {
-  first_auth = var.traefik.basic-auth-users != null ? "${try(var.traefik.basic-auth-users[0], null)}:${try(nonsensitive(random_password.password[var.traefik.basic-auth-users[0]].result), null)}@" : null
+  first_auth = (var.traefik != null
+    ? (
+      length(var.traefik.basic-auth-users) > 0
+      ?
+      "${try(var.traefik.basic-auth-users[0], null)}:${try(nonsensitive(random_password.password[var.traefik.basic-auth-users[0]].result), null)}@"
+      : null
+    ) : null
+  )
 }
 output "endpoint" {
   value = try(
@@ -25,7 +32,7 @@ output "endpoint" {
 }
 
 output "basic_auth_users" {
-  value = {
+  value = var.traefik != null ? {
     for user in var.traefik.basic-auth-users : user => nonsensitive(htpasswd_password.htpasswd[user].bcrypt)
-  }
+  } : {}
 }
diff --git a/docker/service/traefik.tf b/docker/service/traefik.tf
@@ -8,23 +8,23 @@ variable "traefik" {
     rule             = optional(string)
     middlewares      = optional(list(string))
     network          = optional(object({ name = string, id = string }))
-    basic-auth-users = optional(list(string))
+    basic-auth-users = optional(list(string), [])
   })
   description = "Whether to enable traefik for the service."
 }
 resource "random_password" "password" {
-  for_each = toset(var.traefik.basic-auth-users)
+  for_each = toset(try(var.traefik.basic-auth-users, []))
   length   = 16
   special  = false
 }
 resource "random_password" "salt" {
-  for_each         = toset(var.traefik.basic-auth-users)
+  for_each         = toset(try(var.traefik.basic-auth-users, []))
   length           = 8
   special          = true
   override_special = "!@#%&*()-_=+[]{}<>:?"
 }
 resource "htpasswd_password" "htpasswd" {
-  for_each = toset(var.traefik.basic-auth-users)
+  for_each = toset(try(var.traefik.basic-auth-users, []))
   password = random_password.password[each.key].result
   salt     = random_password.salt[each.key].result
 }
@@ -47,7 +47,7 @@ locals {
       : {}
     ) : {}
   )
-  traefik_middlewares = concat(coalesce(var.traefik.middlewares, []), [
+  traefik_middlewares = concat(coalesce(try(var.traefik.middlewares, []), []), [
     local.traefik_basic_auth != null ? "${local.traefik_service}-auth" : null
   ])
   traefik_rule = (
@@ -82,8 +82,8 @@ locals {
       },
       (local.traefik_middlewares != null
         ? {
-          "traefik.http.routers.${local.traefik_service}.middlewares"     = join(",", local.traefik_middlewares)
-          "traefik.http.routers.${local.traefik_service}-ssl.middlewares" = join(",", local.traefik_middlewares)
+          "traefik.http.routers.${local.traefik_service}.middlewares"     = var.traefik.non-ssl ? join(",", local.traefik_middlewares) : null
+          "traefik.http.routers.${local.traefik_service}-ssl.middlewares" = var.traefik.ssl ? join(",", local.traefik_middlewares) : null
         } : {}
       ),
       local.traefik_basic_auth,

diff --git a/products/traefik/traefik.tf b/products/traefik/traefik.tf
@@ -12,6 +12,7 @@ module "traefik" {
   networks              = [module.traefik_network, module.docker_socket_proxy.network, ]
   remote_volumes        = { "/certs" = module.traefik_certs_volume.volume }
   placement_constraints = var.placement_constraints
+  global                = true
   converge_enable       = false // @todo add healthcheck
   command = distinct(compact([
     "/usr/local/bin/traefik",