Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| db8bb672d3 | |||
ed9100bc8f
|
1
.gitignore
vendored
1
.gitignore
vendored
@@ -1,5 +1,4 @@
|
||||
.vagrant
|
||||
.vscode
|
||||
.playbook
|
||||
/*.yml
|
||||
/*.yaml
|
||||
|
||||
2
Vagrantfile
vendored
2
Vagrantfile
vendored
@@ -20,7 +20,7 @@ else
|
||||
end
|
||||
|
||||
Vagrant.configure("2") do |config|
|
||||
config.vm.box = "debian/contrib-buster64"
|
||||
config.vm.box = "debian/bullseye64"
|
||||
config.vm.network "private_network", type: "dhcp"
|
||||
config.vm.synced_folder ".", "/vagrant", disabled: true
|
||||
config.vm.synced_folder "./scratch", "/vagrant/scratch"
|
||||
|
||||
17
dev/host_vars/mediawiki.yml
Normal file
17
dev/host_vars/mediawiki.yml
Normal file
@@ -0,0 +1,17 @@
|
||||
# base
|
||||
allow_reboot: false
|
||||
manage_network: false
|
||||
|
||||
# docker
|
||||
docker_users:
|
||||
- vagrant
|
||||
|
||||
# traefik
|
||||
traefik_version: latest
|
||||
traefik_dashboard: true
|
||||
traefik_domain: traefik.vm.krislamo.org
|
||||
traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
|
||||
#traefik_acme_email: realemail@example.com # Let's Encrypt settings
|
||||
#traefik_production: true
|
||||
|
||||
# mediawiki
|
||||
10
dev/mediawiki.yml
Normal file
10
dev/mediawiki.yml
Normal file
@@ -0,0 +1,10 @@
|
||||
- name: Install MediaWiki Server
|
||||
hosts: all
|
||||
become: true
|
||||
vars_files:
|
||||
- host_vars/mediawiki.yml
|
||||
roles:
|
||||
- base
|
||||
- docker
|
||||
- traefik
|
||||
- mediawiki
|
||||
@@ -20,7 +20,7 @@
|
||||
- docker
|
||||
- traefik
|
||||
- nextcloud
|
||||
# - gitea
|
||||
- gitea
|
||||
- jenkins
|
||||
- prometheus
|
||||
- nginx
|
||||
|
||||
1
roles/.gitignore
vendored
1
roles/.gitignore
vendored
@@ -7,6 +7,7 @@
|
||||
!gitea*/
|
||||
!jenkins*/
|
||||
!libvirt*/
|
||||
!mediawiki*/
|
||||
!minecraft*/
|
||||
!nextcloud*/
|
||||
!nginx*/
|
||||
|
||||
@@ -47,6 +47,7 @@
|
||||
labels:
|
||||
traefik.http.routers.gitea.rule: "Host(`{{ gitea_domain }}`)"
|
||||
traefik.http.routers.gitea.entrypoints: websecure
|
||||
traefik.http.routers.gitea.tls.certresolver: letsencrypt
|
||||
traefik.http.routers.gitea.middlewares: "securehttps@file"
|
||||
traefik.http.services.gitea.loadbalancer.server.port: "3000"
|
||||
traefik.docker.network: traefik
|
||||
|
||||
@@ -20,6 +20,7 @@
|
||||
labels:
|
||||
traefik.http.routers.jenkins.rule: "Host(`{{ jenkins_domain }}`)"
|
||||
traefik.http.routers.jenkins.entrypoints: websecure
|
||||
traefik.http.routers.jenkins.tls.certresolver: letsencrypt
|
||||
traefik.http.routers.jenkins.middlewares: "securehttps@file"
|
||||
traefik.docker.network: traefik
|
||||
traefik.enable: "true"
|
||||
|
||||
1
roles/mediawiki/defaults/main.yml
Normal file
1
roles/mediawiki/defaults/main.yml
Normal file
@@ -0,0 +1 @@
|
||||
mediawiki_name: mediawiki
|
||||
51
roles/mediawiki/tasks/main.yml
Normal file
51
roles/mediawiki/tasks/main.yml
Normal file
@@ -0,0 +1,51 @@
|
||||
- name: Create MediaWiki Network
|
||||
docker_network:
|
||||
name: "{{ mediawiki_name }}"
|
||||
|
||||
- name: Start MediaWiki's database container
|
||||
docker_container:
|
||||
name: "{{ mediawiki_dbname }}"
|
||||
image: mariadb:{{ mediawiki_dbversion }}
|
||||
state: started
|
||||
restart_policy: always
|
||||
volumes: "{{ mediawiki_dbroot }}:/var/lib/mysql"
|
||||
networks_cli_compatible: true
|
||||
networks:
|
||||
- name: "{{ mediawiki_name }}"
|
||||
env:
|
||||
MYSQL_RANDOM_ROOT_PASSWORD: "true"
|
||||
MYSQL_DATABASE: "{{ mediawiki_dbname }}"
|
||||
MYSQL_USER: "{{ mediawiki_dbuser }}"
|
||||
MYSQL_PASSWORD: "{{ mediawiki_dbpass }}"
|
||||
|
||||
- name: Start mediawiki container
|
||||
docker_container:
|
||||
name: "{{ mediawiki_name }}"
|
||||
image: mediawiki/mediawiki:{{ mediawiki_version }}
|
||||
state: started
|
||||
restart_policy: always
|
||||
networks_cli_compatible: true
|
||||
ports: "{{ mediawiki_ports }}"
|
||||
networks:
|
||||
- name: "{{ mediawiki_name }}"
|
||||
- name: traefik
|
||||
# volumes:
|
||||
# env:
|
||||
# USER_UID: "1000"
|
||||
# USER_GID: "1000"
|
||||
# DB_TYPE: mysql
|
||||
# DB_HOST: "{{ gitea_dbname }}"
|
||||
# DB_NAME: "{{ gitea_dbname }}"
|
||||
# DB_USER: "{{ gitea_dbuser }}"
|
||||
# DB_PASSWD: "{{ gitea_dbpass }}"
|
||||
# ROOT_URL: "https://{{ gitea_domain }}/"
|
||||
# SSH_DOMAIN: "{{ gitea_domain }}"
|
||||
# DOMAIN: "{{ gitea_domain }}"
|
||||
# labels:
|
||||
# traefik.http.routers.gitea.rule: "Host(`{{ gitea_domain }}`)"
|
||||
# traefik.http.routers.gitea.entrypoints: websecure
|
||||
# traefik.http.routers.gitea.tls.certresolver: letsencrypt
|
||||
# traefik.http.routers.gitea.middlewares: "securehttps@file"
|
||||
# traefik.http.services.gitea.loadbalancer.server.port: "3000"
|
||||
# traefik.docker.network: traefik
|
||||
# traefik.enable: "true"
|
||||
@@ -32,6 +32,7 @@
|
||||
labels:
|
||||
traefik.http.routers.nextcloud.rule: "Host(`{{ nextcloud_domain }}`)"
|
||||
traefik.http.routers.nextcloud.entrypoints: websecure
|
||||
traefik.http.routers.nextcloud.tls.certresolver: letsencrypt
|
||||
traefik.http.routers.nextcloud.middlewares: "securehttps@file,nextcloud-webdav"
|
||||
traefik.http.middlewares.nextcloud-webdav.redirectregex.regex: "https://(.*)/.well-known/(card|cal)dav"
|
||||
traefik.http.middlewares.nextcloud-webdav.redirectregex.replacement: "https://${1}/remote.php/dav/"
|
||||
|
||||
@@ -29,8 +29,9 @@
|
||||
- "{{ nginx_html }}:/usr/share/nginx/html:ro"
|
||||
labels:
|
||||
traefik.http.routers.nginx.rule: "Host(`{{ nginx_domain }}`)"
|
||||
#traefik.http.middlewares.nginxauth.basicauth.users: "{{ nginx_auth }}"
|
||||
traefik.http.middlewares.nginxauth.basicauth.users: "{{ nginx_auth }}"
|
||||
traefik.http.routers.nginx.entrypoints: websecure
|
||||
traefik.http.routers.nginx.middlewares: "securehttps@file"
|
||||
traefik.http.routers.nginx.tls.certresolver: letsencrypt
|
||||
traefik.http.routers.nginx.middlewares: "securehttps@file,nginxauth"
|
||||
traefik.docker.network: traefik
|
||||
traefik.enable: "true"
|
||||
|
||||
@@ -45,6 +45,7 @@
|
||||
traefik.http.routers.prometheus.rule: "Host(`{{ prom_domain }}`)"
|
||||
traefik.http.routers.prometheus.entrypoints: websecure
|
||||
traefik.http.routers.prometheus.middlewares: "securehttps@file,localonly"
|
||||
traefik.http.routers.prometheus.tls.certresolver: letsencrypt
|
||||
traefik.http.middlewares.localonly.ipwhitelist.sourcerange: "{{ traefik_localonly }}"
|
||||
traefik.docker.network: traefik
|
||||
traefik.enable: "true"
|
||||
@@ -64,6 +65,7 @@
|
||||
labels:
|
||||
traefik.http.routers.grafana.rule: "Host(`{{ grafana_domain }}`)"
|
||||
traefik.http.routers.grafana.entrypoints: websecure
|
||||
traefik.http.routers.grafana.tls.certresolver: letsencrypt
|
||||
traefik.http.routers.grafana.middlewares: "securehttps@file"
|
||||
traefik.docker.network: traefik
|
||||
traefik.enable: "true"
|
||||
|
||||
@@ -41,9 +41,10 @@
|
||||
- name: traefik
|
||||
labels:
|
||||
traefik.http.routers.traefik.rule: "Host(`{{ traefik_domain }}`)"
|
||||
#traefik.http.middlewares.auth.basicauth.users: "{{ traefik_auth }}"
|
||||
#traefik.http.middlewares.localonly.ipwhitelist.sourcerange: "{{ traefik_localonly }}"
|
||||
traefik.http.routers.traefik.middlewares: "securehttps@file"
|
||||
traefik.http.middlewares.auth.basicauth.users: "{{ traefik_auth }}"
|
||||
traefik.http.middlewares.localonly.ipwhitelist.sourcerange: "{{ traefik_localonly }}"
|
||||
traefik.http.routers.traefik.tls.certresolver: letsencrypt
|
||||
traefik.http.routers.traefik.middlewares: "securehttps@file,auth@docker,localonly"
|
||||
traefik.http.routers.traefik.service: "api@internal"
|
||||
traefik.http.routers.traefik.entrypoints: websecure
|
||||
traefik.http.routers.traefik.tls: "true"
|
||||
|
||||
Reference in New Issue
Block a user