infra/r740: docker infrastructure

2026-02-01 22:55:59 +00:00 · 2026-01-22 18:40:38 +01:00
parent 583519cde9
commit 05b967f517
2 changed files with 57 additions and 0 deletions
--- a/infra/r740/docker/main.tf
+++ b/infra/r740/docker/main.tf
@@ -0,0 +1,49 @@
+terraform {
+  required_providers {
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "3.6.2"
+    }
+  }
+}
+
+# Docker configuration
+provider "docker" {
+  host = "ssh://root@${var.docker_host}"
+}
+
+resource "docker_image" "swarm-cd" {
+  name = "swarm-cd:latest"
+  # For now, custom-built image based on custom development branch
+  # Once this reaches upstream, back to upstream tag, like:
+  # ghcr.io/m-adawi/swarm-cd:1.9.0
+}
+
+resource "docker_container" "swarm-cd" {
+  name  = "swarm-cd"
+  image = docker_image.swarm-cd.image_id
+  volumes {
+      host_path = "/var/run/docker.sock"
+      container_path = "/var/run/docker.sock"
+      read_only = true
+  }
+  volumes {
+    host_path = "/root/homeprod/.swarmcd/repos.yaml"
+    container_path = "/app/repos.yaml"
+    read_only = true
+  }
+  volumes {
+    host_path = "/root/homeprod/.swarmcd/stacks.yaml"
+    container_path = "/app/stacks.yaml"
+    read_only = true
+  }
+  volumes {
+    host_path = "/app/swarm-cd/data"
+    container_path = "/data"
+  }
+  env = [
+    "SOPS_GPG_PRIVATE_KEY=${var.sops_private_key}"
+  ]
+
+  depends_on = [ docker_image.swarm-cd ]
+}
--- a/infra/r740/docker/variables.tf
+++ b/infra/r740/docker/variables.tf
@@ -0,0 +1,8 @@
+variable "sops_private_key" {
+  description = "Private SOPS GPG key for SwarmCD to decrypt secrets"
+  type = string
+}
+variable "docker_host" {
+  description = "Docker machine hostname"
+  type = string
+}