data "docker_registry_image" "ripe-atlas" {
  name = "jamesits/ripe-atlas:latest"
}

resource "docker_image" "ripe-atlas" {
  name = data.docker_registry_image.ripe-atlas.name
  pull_triggers = [data.docker_registry_image.ripe-atlas.sha256_digest]
}

resource "docker_container" "ripe-atlas" {
  image = docker_image.ripe-atlas.image_id
  name = "ripe-atlas"
  restart = "always"

  log_driver = "local"

  mounts {
    target = "/etc/ripe-atlas"
    source = "/var/lib/containers/atlas-probe/etc"
    type = "bind"
  }

  mounts {
    target = "/run/ripe-atlas"
    source = "/var/lib/containers/atlas-probe/run"
    type = "bind"
  }

  mounts {
    target = "/var/spool/ripe-atlas"
    source = "/var/lib/containers/atlas-probe/spool"
    type = "bind"
  }

  capabilities {
    drop = ["ALL"]
    add = ["CAP_CHOWN", "CAP_SETUID", "CAP_SETGID", "CAP_DAC_OVERRIDE", "CAP_NET_RAW", "CAP_KILL", "CAP_FOWNER"]
  }

  lifecycle {
    ignore_changes = [
      ulimit,
      log_opts
    ]
  }
}