Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| c6ad186d74 | |||
c67a39982e
|
10
.gitignore
vendored
10
.gitignore
vendored
@@ -1,13 +1,3 @@
|
||||
.vagrant
|
||||
.playbook
|
||||
/*.yml
|
||||
/*.yaml
|
||||
!backup.yml
|
||||
!moxie.yml
|
||||
!docker.yml
|
||||
!dockerbox.yml
|
||||
!hypervisor.yml
|
||||
!minecraft.yml
|
||||
!proxy.yml
|
||||
!unifi.yml
|
||||
/environments/
|
||||
|
||||
@@ -8,7 +8,6 @@
|
||||
- docker
|
||||
- traefik
|
||||
- nextcloud
|
||||
- gitea
|
||||
- jenkins
|
||||
- prometheus
|
||||
- nginx
|
||||
|
||||
@@ -13,6 +13,7 @@ traefik_domain: traefik.vm.krislamo.org
|
||||
traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
|
||||
#traefik_acme_email: realemail@example.com # Let's Encrypt settings
|
||||
#traefik_production: true
|
||||
traefik_http_only: true # if behind reverse-proxy
|
||||
|
||||
# nextcloud
|
||||
nextcloud_version: stable
|
||||
|
||||
@@ -18,8 +18,6 @@ proxy:
|
||||
proxy_pass: "http://127.0.0.1:8080"
|
||||
- domain: "{{ gitea_domain }}"
|
||||
proxy_pass: "http://127.0.0.1:3000"
|
||||
- domain: "{{ kutt_domain }}"
|
||||
proxy_pass: "http://127.0.0.1:3030"
|
||||
|
||||
# docker
|
||||
docker_users:
|
||||
@@ -37,16 +35,3 @@ bitwarden_install_key: 1yB3Z2gRI0KnnH90C6p
|
||||
gitea_domain: "git.{{ base_domain }}"
|
||||
gitea_version: 1
|
||||
gitea_dbpass: password
|
||||
|
||||
# kutt
|
||||
kutt_version: latest
|
||||
kutt_redis_version: 6
|
||||
kutt_postgres_version: 12
|
||||
kutt_domain: "kutt.{{ base_domain }}"
|
||||
kutt_dbpass: password
|
||||
kutt_jwt_secret: long&random
|
||||
kutt_mail_user: kutt-noreply@example.com
|
||||
kutt_mail_host: smtp.example.com
|
||||
kutt_mail_password: realpassword
|
||||
kutt_report_email: realemail@example.com
|
||||
kutt_admin_emails: realemail@example.com
|
||||
|
||||
@@ -10,4 +10,3 @@
|
||||
- docker
|
||||
- gitea
|
||||
- bitwarden
|
||||
- kutt
|
||||
|
||||
3
roles/.gitignore
vendored
3
roles/.gitignore
vendored
@@ -1,14 +1,11 @@
|
||||
# Sort roles: tail -n +6 roles/.gitignore | sort
|
||||
/*
|
||||
!.gitignore
|
||||
!requirements.yml
|
||||
# roles
|
||||
!base*/
|
||||
!bitwarden*/
|
||||
!docker*/
|
||||
!gitea*/
|
||||
!jenkins*/
|
||||
!kutt*/
|
||||
!libvirt*/
|
||||
!mariadb*/
|
||||
!minecraft*/
|
||||
|
||||
@@ -1,16 +0,0 @@
|
||||
# container settings
|
||||
kutt_name: kutt
|
||||
kutt_default_domain: "{{ kutt_domain }}"
|
||||
kutt_webport: 3030
|
||||
kutt_web: "127.0.0.1:{{ kutt_webport }}"
|
||||
|
||||
# database settings
|
||||
kutt_dbname: "{{ kutt_name }}"
|
||||
kutt_dbuser: "{{ kutt_name }}"
|
||||
kutt_postgres_volume: postgres_data
|
||||
|
||||
# redis
|
||||
kutt_redis_volume: redis_data
|
||||
|
||||
# host
|
||||
kutt_root: "{{ docker_compose_root }}/{{ kutt_name }}"
|
||||
@@ -1,5 +0,0 @@
|
||||
- name: Restart Kutt
|
||||
service:
|
||||
name: "{{ docker_compose_service }}@{{ kutt_name }}"
|
||||
state: restarted
|
||||
listen: restart_kutt
|
||||
@@ -1,22 +0,0 @@
|
||||
- name: Create Kutt directory
|
||||
file:
|
||||
path: "{{ kutt_root }}"
|
||||
state: directory
|
||||
|
||||
- name: Install Kutt's docker-compose file
|
||||
template:
|
||||
src: docker-compose.yml.j2
|
||||
dest: "{{ kutt_root }}/docker-compose.yml"
|
||||
notify: restart_kutt
|
||||
|
||||
- name: Install Kutt's docker-compose variables
|
||||
template:
|
||||
src: compose-env.j2
|
||||
dest: "{{ kutt_root }}/.env"
|
||||
notify: restart_kutt
|
||||
|
||||
- name: Start and enable Gitea service
|
||||
service:
|
||||
name: "{{ docker_compose_service }}@{{ kutt_name }}"
|
||||
state: started
|
||||
enabled: true
|
||||
@@ -1,17 +0,0 @@
|
||||
# {{ ansible_managed }}
|
||||
kutt_version={{ kutt_version }}
|
||||
kutt_web={{ kutt_web }}
|
||||
kutt_domain={{ kutt_domain }}
|
||||
kutt_default_domain={{ kutt_default_domain }}
|
||||
kutt_jwt_secret={{ kutt_jwt_secret }}
|
||||
kutt_dbname={{ kutt_dbname }}
|
||||
kutt_dbuser={{ kutt_dbuser }}
|
||||
kutt_dbpass={{ kutt_dbpass }}
|
||||
kutt_mail_user={{ kutt_mail_user }}
|
||||
kutt_mail_host={{ kutt_mail_host }}
|
||||
kutt_mail_password={{ kutt_mail_password }}
|
||||
kutt_report_email={{ kutt_report_email }}
|
||||
kutt_admin_emails={{ kutt_admin_emails }}
|
||||
kutt_redis_version={{ kutt_redis_version }}
|
||||
kutt_postgres_version={{ kutt_postgres_version }}
|
||||
kutt_postgres_volume={{ kutt_postgres_volume }}
|
||||
@@ -1,46 +0,0 @@
|
||||
version: "3.7"
|
||||
|
||||
services:
|
||||
kutt:
|
||||
image: kutt/kutt:${kutt_version}
|
||||
depends_on:
|
||||
- postgres
|
||||
- redis
|
||||
command: ["./wait-for-it.sh", "postgres:5432", "--", "npm", "start"]
|
||||
ports:
|
||||
- ${kutt_web}:3000
|
||||
environment:
|
||||
SITE_NAME: ${kutt_domain}
|
||||
DEFAULT_DOMAIN: ${kutt_default_domain}
|
||||
JWT_SECRET: ${kutt_jwt_secret}
|
||||
|
||||
DB_HOST: postgres
|
||||
DB_NAME: ${kutt_dbname}
|
||||
DB_USER: ${kutt_dbuser}
|
||||
DB_PASSWORD: ${kutt_dbpass}
|
||||
REDIS_HOST: redis
|
||||
|
||||
MAIL_USER: ${kutt_mail_user}
|
||||
MAIL_HOST: ${kutt_mail_host}
|
||||
MAIL_PORT: ${kutt_mail_port}
|
||||
MAIL_PASSWORD: ${kutt_mail_password}
|
||||
REPORT_EMAIL: ${kutt_report_email}
|
||||
ADMIN_EMAILS: ${kutt_admin_emails}
|
||||
|
||||
redis:
|
||||
image: redis:${kutt_redis_version}
|
||||
volumes:
|
||||
- {{ kutt_redis_volume }}:/data
|
||||
|
||||
postgres:
|
||||
image: postgres:${kutt_postgres_version}
|
||||
environment:
|
||||
POSTGRES_USER: ${kutt_dbuser}
|
||||
POSTGRES_PASSWORD: ${kutt_dbpass}
|
||||
POSTGRES_DB: ${kutt_dbname}
|
||||
volumes:
|
||||
- {{ kutt_postgres_volume }}:/var/lib/postgresql/data
|
||||
|
||||
volumes:
|
||||
{{ kutt_redis_volume }}:
|
||||
{{ kutt_postgres_volume }}:
|
||||
@@ -46,6 +46,12 @@ server {
|
||||
proxy_pass {{ item.proxy_pass }};
|
||||
{% if item.proxy_ssl_verify is defined and item.proxy_ssl_verify is false %}
|
||||
proxy_ssl_verify off;
|
||||
{% endif %}
|
||||
{% if item.websockets is defined and item.websockets %}
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Origin http://$host;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
{% endif %}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,12 +1,18 @@
|
||||
# Container settings
|
||||
traefik_name: traefik
|
||||
traefik_dashboard: false
|
||||
traefik_root: "/opt/{{ traefik_name }}"
|
||||
traefik_standalone: true
|
||||
traefik_http_only: false
|
||||
traefik_debug: false
|
||||
traefik_web_entry: "80:80"
|
||||
traefik_websecure_entry: "443:443"
|
||||
traefik_localonly: "10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8"
|
||||
|
||||
# HTTPS settings
|
||||
traefik_production: false
|
||||
traefik_hsts_enable: false
|
||||
traefik_hsts_preload: false
|
||||
traefik_hsts_seconds: 0
|
||||
traefik_http_redirect: false
|
||||
traefik_ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
traefik_http_redirect: true
|
||||
|
||||
# Host settings
|
||||
traefik_root: "{{ docker_compose_root }}/{{ traefik_name }}"
|
||||
|
||||
@@ -4,11 +4,8 @@
|
||||
state: touch
|
||||
listen: reload_traefik
|
||||
|
||||
- name: Restart Traefik container
|
||||
docker_container:
|
||||
name: "{{ traefik_name }}"
|
||||
image: traefik:{{ traefik_version }}
|
||||
state: started
|
||||
container_default_behavior: "no_defaults"
|
||||
restart: yes
|
||||
- name: Restart Traefik
|
||||
service:
|
||||
name: "{{ docker_compose_service }}@{{ traefik_name }}"
|
||||
state: restarted
|
||||
listen: restart_traefik
|
||||
|
||||
@@ -1,14 +1,8 @@
|
||||
- name: Create Traefik configuration directories
|
||||
- name: Create Traefik directories
|
||||
file:
|
||||
path: "{{ traefik_root }}/config/dynamic"
|
||||
state: directory
|
||||
|
||||
- name: Install static Traefik configuration
|
||||
template:
|
||||
src: traefik.yml.j2
|
||||
dest: "{{ traefik_root }}/config/traefik.yml"
|
||||
notify: restart_traefik
|
||||
|
||||
- name: Install dynamic security configuration
|
||||
template:
|
||||
src: security.yml.j2
|
||||
@@ -25,32 +19,26 @@
|
||||
loop: "{{ traefik_external }}"
|
||||
when: traefik_external is defined
|
||||
|
||||
- name: Create Traefik network
|
||||
docker_network:
|
||||
name: traefik
|
||||
- name: Install Traefik's docker-compose file
|
||||
template:
|
||||
src: docker-compose.yml.j2
|
||||
dest: "{{ traefik_root }}/docker-compose.yml"
|
||||
notify: restart_traefik
|
||||
|
||||
- name: Start Traefik container
|
||||
docker_container:
|
||||
name: "{{ traefik_name }}"
|
||||
image: traefik:{{ traefik_version }}
|
||||
- name: Install Traefik's docker-compose variables
|
||||
template:
|
||||
src: compose-env.j2
|
||||
dest: "{{ traefik_root }}/.env"
|
||||
notify: restart_traefik
|
||||
|
||||
- name: Install static Traefik configuration
|
||||
template:
|
||||
src: traefik.yml.j2
|
||||
dest: "{{ traefik_root }}/config/traefik.yml"
|
||||
notify: restart_traefik
|
||||
|
||||
- name: Start and enable Traefik service
|
||||
service:
|
||||
name: "{{ docker_compose_service }}@{{ traefik_name }}"
|
||||
state: started
|
||||
restart_policy: always
|
||||
ports: "{{ traefik_ports }}"
|
||||
container_default_behavior: "no_defaults"
|
||||
networks_cli_compatible: "false"
|
||||
networks:
|
||||
- name: traefik
|
||||
labels:
|
||||
traefik.http.routers.traefik.rule: "Host(`{{ traefik_domain }}`)"
|
||||
#traefik.http.middlewares.auth.basicauth.users: "{{ traefik_auth }}"
|
||||
#traefik.http.middlewares.localonly.ipwhitelist.sourcerange: "{{ traefik_localonly }}"
|
||||
#traefik.http.routers.traefik.tls.certresolver: letsencrypt
|
||||
#traefik.http.routers.traefik.middlewares: "securehttps@file,auth@docker,localonly"
|
||||
traefik.http.routers.traefik.service: "api@internal"
|
||||
traefik.http.routers.traefik.entrypoints: websecure
|
||||
traefik.http.routers.traefik.tls: "true"
|
||||
traefik.docker.network: traefik
|
||||
traefik.enable: "{{ traefik_dashboard | string }}"
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- "{{ traefik_root }}/config:/etc/traefik"
|
||||
enabled: true
|
||||
|
||||
8
roles/traefik/templates/compose-env.j2
Normal file
8
roles/traefik/templates/compose-env.j2
Normal file
@@ -0,0 +1,8 @@
|
||||
# {{ ansible_managed }}
|
||||
traefik_version={{ traefik_version }}
|
||||
traefik_name={{ traefik_name }}
|
||||
traefik_domain={{ traefik_domain }}
|
||||
traefik_dashboard={{ traefik_dashboard | string | lower }}
|
||||
traefik_debug={{ traefik_debug | string | lower }}
|
||||
traefik_web_entry={{ traefik_web_entry }}
|
||||
traefik_websecure_entry={{ traefik_websecure_entry }}
|
||||
25
roles/traefik/templates/docker-compose.yml.j2
Normal file
25
roles/traefik/templates/docker-compose.yml.j2
Normal file
@@ -0,0 +1,25 @@
|
||||
version: '3.7'
|
||||
|
||||
networks:
|
||||
traefik:
|
||||
name: traefik
|
||||
|
||||
services:
|
||||
traefik:
|
||||
image: "traefik:${traefik_version}"
|
||||
container_name: "${traefik_name}"
|
||||
ports:
|
||||
- "${traefik_web_entry:-80:80}"
|
||||
{% if traefik_standalone and not traefik_http_only %}
|
||||
- "${traefik_websecure_entry:-443:443}"
|
||||
{% endif %}
|
||||
networks:
|
||||
- traefik
|
||||
labels:
|
||||
- "traefik.http.routers.traefik.rule=Host(`{{ traefik_domain }}`)"
|
||||
- "traefik.http.routers.traefik.service=api@internal"
|
||||
- "traefik.docker.network=traefik"
|
||||
- "traefik.enable=${traefik_dashboard:-false}"
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- "{{ traefik_root }}/config:/etc/traefik"
|
||||
@@ -10,7 +10,7 @@ providers:
|
||||
entrypoints:
|
||||
web:
|
||||
address: ':80'
|
||||
{% if traefik_http_redirect is defined and traefik_http_redirect %}
|
||||
{% if traefik_http_redirect is defined and traefik_http_redirect and not traefik_http_only %}
|
||||
http:
|
||||
redirections:
|
||||
entrypoint:
|
||||
@@ -18,10 +18,12 @@ entrypoints:
|
||||
scheme: https
|
||||
permanent: true
|
||||
{% endif %}
|
||||
{% if not traefik_http_only is defined or not traefik_http_only %}
|
||||
websecure:
|
||||
address: ':443'
|
||||
http:
|
||||
tls: {}
|
||||
{% endif %}
|
||||
|
||||
{% if traefik_acme_email is defined %}
|
||||
certificatesResolvers:
|
||||
|
||||
@@ -14,7 +14,6 @@ HOST[8]="wordpress.${DOMAIN}"
|
||||
HOST[9]="site1.wordpress.${DOMAIN}"
|
||||
HOST[10]="site2.wordpress.${DOMAIN}"
|
||||
HOST[11]="unifi.${DOMAIN}"
|
||||
HOST[11]="kutt.${DOMAIN}"
|
||||
|
||||
# Get Vagrantbox guest IP
|
||||
VAGRANT_OUTPUT=$(vagrant ssh -c "hostname -I | cut -d' ' -f2" 2>/dev/null)
|
||||
|
||||
Reference in New Issue
Block a user