data "docker_registry_image" "nginx-lb" {
  name = "jonasal/nginx-certbot:latest"
}

resource "docker_image" "nginx-lb" {
  name = data.docker_registry_image.nginx-lb.name
  pull_triggers = [data.docker_registry_image.nginx-lb.sha256_digest]
}



resource "docker_container" "nginx-lb" {
  image = docker_image.nginx-lb.image_id
  name = "nginx-lb"

  #user = "1001:1001"

  env = [
    "CERTBOT_EMAIL=letsencrypt@meshmesh.nl"
  ]

  mounts {
    target = "/etc/nginx/nginx.conf"
    source = "/var/lib/containers/nginx-lb/nginx.conf"
    type = "bind"
  }

  mounts {
    target = "/etc/nginx/config"
    source = "/var/lib/containers/nginx-lb/conf"
    type = "bind"
  }

  mounts {
    target = "/etc/nginx/user_conf.d"
    source = "/var/lib/containers/nginx-lb/user_conf.d"
    type = "bind"
  }
  
  mounts {
    target = "/etc/letsencrypt"
    source = "/var/lib/containers/nginx-lb/secrets"
    type = "bind"
  }

  mounts {
    target = "/var/log/nginx"
    source = "/var/lib/containers/nginx-lb/log"
    type = "bind"
  }

  mounts {
    target = "/var/www/meshmesh.nl/current"
    source = "/var/www/meshmesh.nl/current"
    type = "bind"
  }

  restart = "always"

  networks_advanced {
    name = docker_network.bridge-v6.name
  }

  ports {
    internal = 80
    external = 80
  }

  ports {
    internal = 80
    external = 80
    ip = "2a02:2479:e7:3900::1"
  }

  ports {
    internal = 443
    external = 443
  }

  ports {
    internal = 443
    external = 443
    ip = "2a02:2479:e7:3900::1"
  }


  lifecycle {
    ignore_changes = [
      ulimit,
      log_opts
    ]
  }
}