DNS module updated, working example service

main.tf

@@ -14,15 +14,15 @@ terraform {
       version = "1.1.1"
     }
 
-    portainer = {
-      source  = "portainer/portainer"
-      version = "1.4.2"
-    }
-
     docker = {
       source  = "kreuzwerker/docker"
       version = "3.6.2"
     }
+
+    technitium = {
+      source  = "kevynb/technitium"
+      version = "0.2.0"
+    }
   }
 }
 

modules/dns/nginxproxy.tf

@@ -1,7 +1,3 @@
-module "nginx" {
-  source = "../nginx_config"
-}
-
 resource "nginxproxymanager_certificate_letsencrypt" "certificate" {
   domain_names = [var.domain_name]
 
@@ -10,34 +6,27 @@ resource "nginxproxymanager_certificate_letsencrypt" "certificate" {
 
   dns_challenge            = true
   dns_provider             = "cloudflare"
-  dns_provider_credentials = var.dns_cloudflare_api_token
+  dns_provider_credentials = "dns_cloudflare_api_token=${var.dns_cloudflare_api_token}"
+  propagation_seconds = 10
 }
 
-data "nginxproxymanager_access_list" "access_list" {
-  id = var.internal_only ? module.nginx.outputs.internal_access_list_id : module.nginx.outputs.cloudflare_access_list_id
-}
+//This is just commented out for now, because ultimately I'd rather manage this from here than passing it in the other way
+//data "nginxproxymanager_access_list" "access_list" {
+//  id = var.internal_only ? module.nginx.internal_access_list_id : module.nginx.cloudflare_access_list_id
+//}
 
 resource "nginxproxymanager_proxy_host" "host" {
   domain_names = [var.domain_name]
 
-  forward_scheme = "https"
-  forward_host   = var.domain_name
-  forward_port   = 443
+  forward_scheme = var.forward_scheme
+  forward_host   = var.service_ipv4
+  forward_port   = var.service_port
 
   caching_enabled         = true
   allow_websocket_upgrade = true
   block_exploits          = true
 
-  access_list_id = data.nginxproxymanager_access_list.access_list.id
-
-  locations = [
-    {
-      path           = "/"
-      forward_scheme = "http"
-      forward_host   = var.internal_host_ipv4 != "" ? var.internal_host_ipv4 : var.internal_host_ipv6
-      forward_port   = var.service_port
-    }
-  ]
+  access_list_id = var.access_list_id
 
   certificate_id  = nginxproxymanager_certificate_letsencrypt.certificate.id
   ssl_forced      = true

modules/dns/variables.tf

@@ -4,12 +4,29 @@ variable "internal_only" {
   default     = false
 }
 
+variable "access_list_id" {
+  type = string
+  description = "ID of access list in NGINX"
+  default = null
+}
+
 variable "service_port" {
   description = "Port on which the service is running"
   type        = number
   default     = 80
 }
 
+variable "service_ipv4" {
+  description = "IPv4 address of the service"
+  type        = string
+}
+
+variable "forward_scheme" {
+  description = "Scheme of forwarded service"
+  type        = string
+  default = "http"
+}
+
 variable "dns_cloudflare_api_token" {
   description = "Cloudflare API token for DNS updates"
   type        = string
@@ -20,7 +37,6 @@ variable "dns_cloudflare_api_token" {
 variable "admin_email" {
   description = "Email address for the admin user"
   type        = string
-  default     = ""
 }
 
 variable "external_host_ipv4" {
@@ -72,6 +88,7 @@ variable "domain_name" {
 variable "zone_id" {
   description = "Cloudflare zone ID for the DNS record"
   type        = string
+  default     = ""
 }
 
 variable "proxied_domain" {

providers.tf

@@ -4,10 +4,11 @@ provider "nginxproxymanager" {
   password = var.nginx_proxy_pass
 }
 
-provider "portainer" {
-}
-
-//The Agent is running on the host that has docker, so we'll just connect directly to the socket
 provider "docker" {
   host = "unix:///var/run/docker.sock"
+}
+
+provider "technitium" {
+  url   = var.technitium_host
+  token = var.technitium_api_token
 }

services.tf

@@ -1,3 +1,7 @@
 module "arr_service" {
   source = "./services/arrr"
+
+  admin_email      = var.network_admin_email
+  cloudflare_token = var.cloudflare_api_token
+  access_list_id   = module.nginx_conf.internal_access_list_id
 }

services/arrr/main.tf

@@ -1,9 +1,43 @@
+variable "cloudflare_token" {
+  type = string
+  description = "Cloudflare API token"
+}
+
+variable "admin_email" {
+  type = string
+  description = "Network admin email address"
+}
+
+variable "access_list_id" {
+  type = string
+  description = ""
+}
+
+locals {
+  domain_name="test.mallett.family"
+  ip_address = "192.168.5.13"
+}
+
 module "service_docker" {
   source = "../../modules/docker"
 
   container_name = "AAutomated_Test"
-  container_image = "ghcr.io/flaresolverr/flaresolverr:v3.3.21"
+  container_image = "linuxserver/prowlarr:latest"
   attach_to_br0 = false
   attach_to_br1 = true
-  br1_ipv4_addr = "192.168.5.13"
+  br1_ipv4_addr = local.ip_address
+}
+
+module "service_dns" {
+  source = "../../modules/dns"
+
+  internal_only = true
+  service_port = 9696
+  zone_name = "mallett.family"
+  domain_name = local.domain_name
+  access_list_id = var.access_list_id
+  internal_host_ipv4 = "192.168.4.2" //Port to Nginx
+  service_ipv4 = local.ip_address
+  admin_email = var.admin_email
+  dns_cloudflare_api_token = var.cloudflare_token
 }

variables.tf

@@ -8,4 +8,24 @@ variable "nginx_proxy_user" {
 
 variable "nginx_proxy_pass" {
   type = string
+}
+
+variable "cloudflare_api_token" {
+  type        = string
+  description = "Cloudflare API token"
+}
+
+variable "network_admin_email" {
+  type        = string
+  description = "Network admin email address"
+}
+
+variable "technitium_api_token" {
+  type        = string
+  description = "API token for technitium"
+}
+
+variable "technitium_host" {
+  type        = string
+  description = "Host for technitium"
 }