data "docker_registry_image" "nginx-lb-certbot" {
  name = "certbot/certbot:latest"
}

resource "docker_image" "nginx-lb-certbot" {
  name = data.docker_registry_image.nginx-lb-certbot.name
  pull_triggers = [data.docker_registry_image.nginx-lb-certbot.sha256_digest]
}

resource "docker_network" "nginx-lb-certbot" {
  name = "nginx-lb-certbot"
}

resource "docker_container" "nginx-lb-certbot" {
  image = docker_image.nginx-lb-certbot.image_id
  name = "nginx-lb-certbot"

  mounts {
    target = "/etc/letsencrypt"
    source = "/share/appdata/nginx-lb/certs"
    type = "bind"
  }

  mounts {
    target = "/var/www/acme-challenge-root"
    source = "/share/appdata/nginx-lb/certbot"
    type = "bind"
  }

  # Triggered by ofelia

  lifecycle {
    ignore_changes = [
      ulimit,
      log_opts
    ]
  }

  #command = ["certonly", "--webroot", "--email", "info@xz1.nl", "-w", "/var/www/acme-challenge-root", "-d", "photoprism.xz1.nl", "--agree-tos"]
  #command = ["certonly", "--webroot", "--email", "info@xz1.nl", "-w", "/var/www/acme-challenge-root", "-d", "airsonic.xz1.nl", "--agree-tos"]
  #command = ["certonly", "--webroot", "--email", "info@xz1.nl", "-w", "/var/www/acme-challenge-root", "-d", "hass.xz1.nl", "--agree-tos"]
  #command = ["certonly", "--webroot", "--email", "info@xz1.nl", "-w", "/var/www/acme-challenge-root", "-d", "freshrss.xz1.nl", "--agree-tos"]
  command = ["renew"]
}