Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 7098e4037f | |||
ed9100bc8f
|
1
.gitignore
vendored
1
.gitignore
vendored
@@ -1,5 +1,4 @@
|
||||
.vagrant
|
||||
.vscode
|
||||
.playbook
|
||||
/*.yml
|
||||
/*.yaml
|
||||
|
||||
2
Vagrantfile
vendored
2
Vagrantfile
vendored
@@ -20,7 +20,7 @@ else
|
||||
end
|
||||
|
||||
Vagrant.configure("2") do |config|
|
||||
config.vm.box = "debian/contrib-buster64"
|
||||
config.vm.box = "debian/bullseye64"
|
||||
config.vm.network "private_network", type: "dhcp"
|
||||
config.vm.synced_folder ".", "/vagrant", disabled: true
|
||||
config.vm.synced_folder "./scratch", "/vagrant/scratch"
|
||||
|
||||
27
dev/host_vars/jekyll.yml
Normal file
27
dev/host_vars/jekyll.yml
Normal file
@@ -0,0 +1,27 @@
|
||||
# base
|
||||
allow_reboot: false
|
||||
manage_network: false
|
||||
|
||||
# docker
|
||||
docker_users:
|
||||
- vagrant
|
||||
|
||||
# traefik
|
||||
traefik_version: latest
|
||||
traefik_dashboard: true
|
||||
traefik_domain: traefik.vm.krislamo.org
|
||||
traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
|
||||
#traefik_acme_email: realemail@example.com # Let's Encrypt settings
|
||||
#traefik_production: true
|
||||
|
||||
# jekyll
|
||||
jekyll_project: example
|
||||
jekyll_repo_url: https://git.krislamo.org/kris/example-jekyll/
|
||||
jekyll_repo_branch: master
|
||||
|
||||
# nginx
|
||||
nginx_domain: nginx.vm.krislamo.org
|
||||
nginx_name: staticsite
|
||||
nginx_repo_url: https://git.krislamo.org/kris/example-website/
|
||||
nginx_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
|
||||
nginx_version: latest
|
||||
11
dev/jekyll.yml
Normal file
11
dev/jekyll.yml
Normal file
@@ -0,0 +1,11 @@
|
||||
- name: Install Jekyll server
|
||||
hosts: all
|
||||
become: true
|
||||
vars_files:
|
||||
- host_vars/jekyll.yml
|
||||
roles:
|
||||
- base
|
||||
- docker
|
||||
#- traefik
|
||||
- jekyll
|
||||
#- nginx
|
||||
@@ -20,7 +20,7 @@
|
||||
- docker
|
||||
- traefik
|
||||
- nextcloud
|
||||
# - gitea
|
||||
- gitea
|
||||
- jenkins
|
||||
- prometheus
|
||||
- nginx
|
||||
|
||||
@@ -47,6 +47,7 @@
|
||||
labels:
|
||||
traefik.http.routers.gitea.rule: "Host(`{{ gitea_domain }}`)"
|
||||
traefik.http.routers.gitea.entrypoints: websecure
|
||||
traefik.http.routers.gitea.tls.certresolver: letsencrypt
|
||||
traefik.http.routers.gitea.middlewares: "securehttps@file"
|
||||
traefik.http.services.gitea.loadbalancer.server.port: "3000"
|
||||
traefik.docker.network: traefik
|
||||
|
||||
@@ -20,6 +20,7 @@
|
||||
labels:
|
||||
traefik.http.routers.jenkins.rule: "Host(`{{ jenkins_domain }}`)"
|
||||
traefik.http.routers.jenkins.entrypoints: websecure
|
||||
traefik.http.routers.jenkins.tls.certresolver: letsencrypt
|
||||
traefik.http.routers.jenkins.middlewares: "securehttps@file"
|
||||
traefik.docker.network: traefik
|
||||
traefik.enable: "true"
|
||||
|
||||
@@ -32,6 +32,7 @@
|
||||
labels:
|
||||
traefik.http.routers.nextcloud.rule: "Host(`{{ nextcloud_domain }}`)"
|
||||
traefik.http.routers.nextcloud.entrypoints: websecure
|
||||
traefik.http.routers.nextcloud.tls.certresolver: letsencrypt
|
||||
traefik.http.routers.nextcloud.middlewares: "securehttps@file,nextcloud-webdav"
|
||||
traefik.http.middlewares.nextcloud-webdav.redirectregex.regex: "https://(.*)/.well-known/(card|cal)dav"
|
||||
traefik.http.middlewares.nextcloud-webdav.redirectregex.replacement: "https://${1}/remote.php/dav/"
|
||||
|
||||
@@ -29,8 +29,9 @@
|
||||
- "{{ nginx_html }}:/usr/share/nginx/html:ro"
|
||||
labels:
|
||||
traefik.http.routers.nginx.rule: "Host(`{{ nginx_domain }}`)"
|
||||
#traefik.http.middlewares.nginxauth.basicauth.users: "{{ nginx_auth }}"
|
||||
traefik.http.middlewares.nginxauth.basicauth.users: "{{ nginx_auth }}"
|
||||
traefik.http.routers.nginx.entrypoints: websecure
|
||||
traefik.http.routers.nginx.middlewares: "securehttps@file"
|
||||
traefik.http.routers.nginx.tls.certresolver: letsencrypt
|
||||
traefik.http.routers.nginx.middlewares: "securehttps@file,nginxauth"
|
||||
traefik.docker.network: traefik
|
||||
traefik.enable: "true"
|
||||
|
||||
@@ -45,6 +45,7 @@
|
||||
traefik.http.routers.prometheus.rule: "Host(`{{ prom_domain }}`)"
|
||||
traefik.http.routers.prometheus.entrypoints: websecure
|
||||
traefik.http.routers.prometheus.middlewares: "securehttps@file,localonly"
|
||||
traefik.http.routers.prometheus.tls.certresolver: letsencrypt
|
||||
traefik.http.middlewares.localonly.ipwhitelist.sourcerange: "{{ traefik_localonly }}"
|
||||
traefik.docker.network: traefik
|
||||
traefik.enable: "true"
|
||||
@@ -64,6 +65,7 @@
|
||||
labels:
|
||||
traefik.http.routers.grafana.rule: "Host(`{{ grafana_domain }}`)"
|
||||
traefik.http.routers.grafana.entrypoints: websecure
|
||||
traefik.http.routers.grafana.tls.certresolver: letsencrypt
|
||||
traefik.http.routers.grafana.middlewares: "securehttps@file"
|
||||
traefik.docker.network: traefik
|
||||
traefik.enable: "true"
|
||||
|
||||
@@ -41,9 +41,10 @@
|
||||
- name: traefik
|
||||
labels:
|
||||
traefik.http.routers.traefik.rule: "Host(`{{ traefik_domain }}`)"
|
||||
#traefik.http.middlewares.auth.basicauth.users: "{{ traefik_auth }}"
|
||||
#traefik.http.middlewares.localonly.ipwhitelist.sourcerange: "{{ traefik_localonly }}"
|
||||
traefik.http.routers.traefik.middlewares: "securehttps@file"
|
||||
traefik.http.middlewares.auth.basicauth.users: "{{ traefik_auth }}"
|
||||
traefik.http.middlewares.localonly.ipwhitelist.sourcerange: "{{ traefik_localonly }}"
|
||||
traefik.http.routers.traefik.tls.certresolver: letsencrypt
|
||||
traefik.http.routers.traefik.middlewares: "securehttps@file,auth@docker,localonly"
|
||||
traefik.http.routers.traefik.service: "api@internal"
|
||||
traefik.http.routers.traefik.entrypoints: websecure
|
||||
traefik.http.routers.traefik.tls: "true"
|
||||
|
||||
Reference in New Issue
Block a user