Compare commits
10 Commits
5d5d05f055
...
7926457cda
Author | SHA1 | Date | |
---|---|---|---|
7926457cda | |||
b5be87961a | |||
7bc4235fd3 | |||
e5a2075849 | |||
71a8507928 | |||
0957ad5f1c | |||
b4c55cffc9 | |||
802fa7625c | |||
cc263ab01c | |||
5f1b513f13 |
91
containers/collabora/tasks.yml
Normal file
91
containers/collabora/tasks.yml
Normal file
@ -0,0 +1,91 @@
|
|||||||
|
# code: language=ansible
|
||||||
|
|
||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
name: Collabora CODE container
|
||||||
|
tasks:
|
||||||
|
- name: Stop running containers
|
||||||
|
become_user: containers
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
scope: user
|
||||||
|
name: container-{{ item }}.service
|
||||||
|
state: stopped
|
||||||
|
loop:
|
||||||
|
- collabora
|
||||||
|
|
||||||
|
# - name: Create podman volumes
|
||||||
|
# containers.podman.podman_volume:
|
||||||
|
# state: present
|
||||||
|
# name: "{{ item }}"
|
||||||
|
# become_user: containers
|
||||||
|
# become: true
|
||||||
|
# loop:
|
||||||
|
# - collabora-config
|
||||||
|
|
||||||
|
- name: Create podman networks
|
||||||
|
containers.podman.podman_network:
|
||||||
|
name: "{{ item }}"
|
||||||
|
recreate: false
|
||||||
|
state: "present"
|
||||||
|
become_user: containers
|
||||||
|
become: true
|
||||||
|
loop:
|
||||||
|
- traefik-collabora
|
||||||
|
- nextcloud-collabora
|
||||||
|
|
||||||
|
- name: Pull container images
|
||||||
|
become_user: containers
|
||||||
|
become: true
|
||||||
|
containers.podman.podman_image:
|
||||||
|
name: docker.io/{{ item }}
|
||||||
|
loop:
|
||||||
|
- collabora/code:latest
|
||||||
|
|
||||||
|
- name: Add a collabora container
|
||||||
|
become_user: containers
|
||||||
|
become: true
|
||||||
|
containers.podman.podman_container:
|
||||||
|
name: collabora
|
||||||
|
image: docker.io/collabora/code:latest
|
||||||
|
state: present
|
||||||
|
cap_add:
|
||||||
|
- MKNOD
|
||||||
|
network:
|
||||||
|
- traefik-collabora
|
||||||
|
- nextcloud-collabora
|
||||||
|
# volume:
|
||||||
|
# - collabora-config:/etc/coolwsd:Z
|
||||||
|
label:
|
||||||
|
io.containers.autoupdate: "registry"
|
||||||
|
traefik.enable: "true"
|
||||||
|
traefik.http.routers.collabora.entrypoints: "https"
|
||||||
|
traefik.http.routers.collabora.rule: "Host(`{{ vault_domain }}`) && PathPrefix(`/collabora`,`/browser`)"
|
||||||
|
traefik.http.routers.collabora.tls: "true"
|
||||||
|
traefik.http.routers.collabora.tls.certresolver: "wildcard"
|
||||||
|
traefik.http.routers.collabora.service: "collabora"
|
||||||
|
traefik.http.services.collabora.loadbalancer.server.port: "9980"
|
||||||
|
traefik.docker.network: "traefik-collabora"
|
||||||
|
env:
|
||||||
|
domain: "chef\\.heaplab\\.deib\\.polimi\\.it"
|
||||||
|
aliasgroup1: "chef\\.heaplab\\.deib\\.polimi\\.it"
|
||||||
|
username: "{{ vault_collabora_user }}"
|
||||||
|
password: "{{ vault_collabora_password }}"
|
||||||
|
extra_params: "--o:ssl.enable=false --o:ssl.termination=true --o:net.service_root=/collabora"
|
||||||
|
generate_systemd:
|
||||||
|
path: /home/containers/.config/systemd/user/
|
||||||
|
restart_policy: on-failure
|
||||||
|
names: true
|
||||||
|
new: true
|
||||||
|
|
||||||
|
- name: Start containers at boot
|
||||||
|
become_user: containers
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
scope: user
|
||||||
|
name: container-{{ item }}.service
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
daemon_reload: true
|
||||||
|
loop:
|
||||||
|
- collabora
|
@ -4,6 +4,16 @@
|
|||||||
- hosts: all
|
- hosts: all
|
||||||
name: Drone CI runner agent
|
name: Drone CI runner agent
|
||||||
tasks:
|
tasks:
|
||||||
|
- name: Stop running containers
|
||||||
|
become_user: containers
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
scope: user
|
||||||
|
name: container-{{ item }}.service
|
||||||
|
state: stopped
|
||||||
|
loop:
|
||||||
|
- drone-runner
|
||||||
|
|
||||||
- name: Get containers UID
|
- name: Get containers UID
|
||||||
ansible.builtin.command: "id -u containers"
|
ansible.builtin.command: "id -u containers"
|
||||||
register: uid_containers
|
register: uid_containers
|
||||||
@ -50,11 +60,11 @@
|
|||||||
io.containers.autoupdate: "registry"
|
io.containers.autoupdate: "registry"
|
||||||
traefik.enable: "true"
|
traefik.enable: "true"
|
||||||
traefik.http.routers.drone-runner.entrypoints: "https"
|
traefik.http.routers.drone-runner.entrypoints: "https"
|
||||||
traefik.http.routers.drone-runner.rule: "PathPrefix(`/runner`)"
|
traefik.http.routers.drone-runner.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/runner/`) || Path(`/runner`))"
|
||||||
traefik.http.routers.drone-runner.tls: "true"
|
traefik.http.routers.drone-runner.tls: "true"
|
||||||
traefik.http.routers.drone-runner.tls.certresolver: "wildcard"
|
traefik.http.routers.drone-runner.tls.certresolver: "wildcard"
|
||||||
traefik.http.routers.drone-runner.service: "drone-runner"
|
traefik.http.routers.drone-runner.service: "drone-runner"
|
||||||
traefik.http.routers.drone-runner.middlewares: "drone-runner-prefixstrip@docker"
|
traefik.http.routers.drone-runner.middlewares: "force-trailing-slash@file,drone-runner-prefixstrip@docker"
|
||||||
traefik.http.middlewares.drone-runner-prefixstrip.stripprefix.prefixes: "/runner"
|
traefik.http.middlewares.drone-runner-prefixstrip.stripprefix.prefixes: "/runner"
|
||||||
traefik.http.services.drone-runner.loadbalancer.server.port: "3000"
|
traefik.http.services.drone-runner.loadbalancer.server.port: "3000"
|
||||||
traefik.docker.network: "traefik-drone-runner"
|
traefik.docker.network: "traefik-drone-runner"
|
||||||
|
@ -4,6 +4,16 @@
|
|||||||
- hosts: all
|
- hosts: all
|
||||||
name: Drone CI server coordinator
|
name: Drone CI server coordinator
|
||||||
tasks:
|
tasks:
|
||||||
|
- name: Stop running containers
|
||||||
|
become_user: containers
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
scope: user
|
||||||
|
name: container-{{ item }}.service
|
||||||
|
state: stopped
|
||||||
|
loop:
|
||||||
|
- drone-server
|
||||||
|
|
||||||
- name: Create podman volumes
|
- name: Create podman volumes
|
||||||
containers.podman.podman_volume:
|
containers.podman.podman_volume:
|
||||||
state: present
|
state: present
|
||||||
@ -48,11 +58,11 @@
|
|||||||
io.containers.autoupdate: "registry"
|
io.containers.autoupdate: "registry"
|
||||||
traefik.enable: "true"
|
traefik.enable: "true"
|
||||||
traefik.http.routers.drone-server.entrypoints: "https"
|
traefik.http.routers.drone-server.entrypoints: "https"
|
||||||
traefik.http.routers.drone-server.rule: "PathPrefix(`/drone`)"
|
traefik.http.routers.drone-server.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/drone/`) || Path(`/drone`))"
|
||||||
traefik.http.routers.drone-server.tls: "true"
|
traefik.http.routers.drone-server.tls: "true"
|
||||||
traefik.http.routers.drone-server.tls.certresolver: "wildcard"
|
traefik.http.routers.drone-server.tls.certresolver: "wildcard"
|
||||||
traefik.http.routers.drone-server.service: "drone-server"
|
traefik.http.routers.drone-server.service: "drone-server"
|
||||||
traefik.http.routers.drone-server.middlewares: "drone-server-prefixstrip@docker"
|
traefik.http.routers.drone-server.middlewares: "force-trailing-slash@file,drone-server-prefixstrip@docker"
|
||||||
traefik.http.middlewares.drone-server-prefixstrip.stripprefix.prefixes: "/drone"
|
traefik.http.middlewares.drone-server-prefixstrip.stripprefix.prefixes: "/drone"
|
||||||
traefik.http.services.drone-server.loadbalancer.server.port: "80"
|
traefik.http.services.drone-server.loadbalancer.server.port: "80"
|
||||||
traefik.docker.network: "traefik-drone"
|
traefik.docker.network: "traefik-drone"
|
||||||
|
@ -4,6 +4,17 @@
|
|||||||
- hosts: all
|
- hosts: all
|
||||||
name: Gitea web server
|
name: Gitea web server
|
||||||
tasks:
|
tasks:
|
||||||
|
- name: Stop running containers
|
||||||
|
become_user: containers
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
scope: user
|
||||||
|
name: container-{{ item }}.service
|
||||||
|
state: stopped
|
||||||
|
loop:
|
||||||
|
- gitea
|
||||||
|
- db_gitea
|
||||||
|
|
||||||
- name: Permit traffic from any IP to ssh port
|
- name: Permit traffic from any IP to ssh port
|
||||||
become: true
|
become: true
|
||||||
community.general.ufw:
|
community.general.ufw:
|
||||||
@ -87,8 +98,8 @@
|
|||||||
name: gitea
|
name: gitea
|
||||||
image: docker.io/gitea/gitea:latest
|
image: docker.io/gitea/gitea:latest
|
||||||
state: present
|
state: present
|
||||||
ports:
|
publish:
|
||||||
- 22:22
|
- "22:22"
|
||||||
network:
|
network:
|
||||||
- traefik-gitea
|
- traefik-gitea
|
||||||
- mariadb-gitea
|
- mariadb-gitea
|
||||||
@ -100,11 +111,11 @@
|
|||||||
io.containers.autoupdate: "registry"
|
io.containers.autoupdate: "registry"
|
||||||
traefik.enable: "true"
|
traefik.enable: "true"
|
||||||
traefik.http.routers.gitea.entrypoints: "https"
|
traefik.http.routers.gitea.entrypoints: "https"
|
||||||
traefik.http.routers.gitea.rule: "PathPrefix(`/git`)"
|
traefik.http.routers.gitea.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/git/`) || Path(`/git`))"
|
||||||
traefik.http.routers.gitea.tls: "true"
|
traefik.http.routers.gitea.tls: "true"
|
||||||
traefik.http.routers.gitea.tls.certresolver: "wildcard"
|
traefik.http.routers.gitea.tls.certresolver: "wildcard"
|
||||||
traefik.http.routers.gitea.service: "gitea"
|
traefik.http.routers.gitea.service: "gitea"
|
||||||
traefik.http.routers.gitea.middlewares: "gitea-prefixstrip@docker"
|
traefik.http.routers.gitea.middlewares: "force-trailing-slash@file,gitea-prefixstrip@docker"
|
||||||
traefik.http.middlewares.gitea-prefixstrip.stripprefix.prefixes: "/git"
|
traefik.http.middlewares.gitea-prefixstrip.stripprefix.prefixes: "/git"
|
||||||
traefik.http.services.gitea.loadbalancer.server.port: "3000"
|
traefik.http.services.gitea.loadbalancer.server.port: "3000"
|
||||||
traefik.docker.network: "traefik-gitea"
|
traefik.docker.network: "traefik-gitea"
|
||||||
|
93
containers/heimdall/tasks.yml
Normal file
93
containers/heimdall/tasks.yml
Normal file
@ -0,0 +1,93 @@
|
|||||||
|
# code: language=ansible
|
||||||
|
|
||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
name: Heimdall landing page
|
||||||
|
tasks:
|
||||||
|
- name: Stop running containers
|
||||||
|
become_user: containers
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
scope: user
|
||||||
|
name: container-{{ item }}.service
|
||||||
|
state: stopped
|
||||||
|
loop:
|
||||||
|
- heimdall
|
||||||
|
|
||||||
|
- name: Create podman volumes
|
||||||
|
containers.podman.podman_volume:
|
||||||
|
state: present
|
||||||
|
name: "{{ item }}"
|
||||||
|
become_user: containers
|
||||||
|
become: true
|
||||||
|
loop:
|
||||||
|
- heimdall-config
|
||||||
|
|
||||||
|
- name: Create podman networks
|
||||||
|
containers.podman.podman_network:
|
||||||
|
name: "{{ item }}"
|
||||||
|
recreate: false
|
||||||
|
state: "present"
|
||||||
|
become_user: containers
|
||||||
|
become: true
|
||||||
|
loop:
|
||||||
|
- traefik-heimdall
|
||||||
|
|
||||||
|
- name: Pull an image
|
||||||
|
become_user: containers
|
||||||
|
become: true
|
||||||
|
containers.podman.podman_image:
|
||||||
|
name: lscr.io/linuxserver/heimdall:latest
|
||||||
|
|
||||||
|
- name: Add a heimdall container
|
||||||
|
become_user: containers
|
||||||
|
become: true
|
||||||
|
containers.podman.podman_container:
|
||||||
|
name: heimdall
|
||||||
|
image: lscr.io/linuxserver/heimdall:latest
|
||||||
|
state: present
|
||||||
|
network:
|
||||||
|
- traefik-heimdall
|
||||||
|
volume:
|
||||||
|
- heimdall-config:/config:Z
|
||||||
|
label:
|
||||||
|
io.containers.autoupdate: "registry"
|
||||||
|
traefik.enable: "true"
|
||||||
|
|
||||||
|
traefik.http.routers.heimdall.entrypoints: "https"
|
||||||
|
traefik.http.routers.heimdall.rule: "Host(`{{ vault_domain }}`)"
|
||||||
|
traefik.http.routers.heimdall.tls: "true"
|
||||||
|
traefik.http.routers.heimdall.tls.certresolver: "wildcard"
|
||||||
|
traefik.http.routers.heimdall.service: "heimdall"
|
||||||
|
traefik.http.services.heimdall.loadbalancer.server.port: "80"
|
||||||
|
|
||||||
|
traefik.http.routers.heimdall-settings.entrypoints: "https"
|
||||||
|
traefik.http.routers.heimdall-settings.rule: "Host(`{{ vault_domain }}`) && Path(`/settings`)"
|
||||||
|
traefik.http.routers.heimdall-settings.tls: "true"
|
||||||
|
traefik.http.routers.heimdall-settings.tls.certresolver: "wildcard"
|
||||||
|
traefik.http.routers.heimdall-settings.service: "heimdall"
|
||||||
|
traefik.http.routers.heimdall-settings.middlewares: "heimdall-auth@docker"
|
||||||
|
traefik.http.services.heimdall-settings.loadbalancer.server.port: "80"
|
||||||
|
|
||||||
|
traefik.http.middlewares.heimdall-auth.basicauth.users: "{{ vault_heimdall_basic_auth }}"
|
||||||
|
|
||||||
|
traefik.docker.network: "traefik-heimdall"
|
||||||
|
env:
|
||||||
|
TZ: "Europe/Rome"
|
||||||
|
generate_systemd:
|
||||||
|
path: /home/containers/.config/systemd/user/
|
||||||
|
restart_policy: on-failure
|
||||||
|
names: true
|
||||||
|
new: true
|
||||||
|
|
||||||
|
- name: Start containers at boot
|
||||||
|
become_user: containers
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
scope: user
|
||||||
|
name: container-{{ item }}.service
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
daemon_reload: true
|
||||||
|
loop:
|
||||||
|
- heimdall
|
@ -4,6 +4,18 @@
|
|||||||
- hosts: all
|
- hosts: all
|
||||||
name: Nextcloud file sharing web service
|
name: Nextcloud file sharing web service
|
||||||
tasks:
|
tasks:
|
||||||
|
- name: Stop running containers
|
||||||
|
become_user: containers
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
scope: user
|
||||||
|
name: container-{{ item }}.service
|
||||||
|
state: stopped
|
||||||
|
loop:
|
||||||
|
- nextcloud
|
||||||
|
- redis_nextcloud
|
||||||
|
- db_nextcloud
|
||||||
|
|
||||||
- name: Pull container images
|
- name: Pull container images
|
||||||
become_user: containers
|
become_user: containers
|
||||||
become: true
|
become: true
|
||||||
@ -77,6 +89,7 @@
|
|||||||
- traefik-nextcloud
|
- traefik-nextcloud
|
||||||
- mariadb-nextcloud
|
- mariadb-nextcloud
|
||||||
- redis-nextcloud
|
- redis-nextcloud
|
||||||
|
- nextcloud-collabora
|
||||||
|
|
||||||
- name: Create redis instance
|
- name: Create redis instance
|
||||||
become_user: containers
|
become_user: containers
|
||||||
@ -139,18 +152,19 @@
|
|||||||
- traefik-nextcloud
|
- traefik-nextcloud
|
||||||
- mariadb-nextcloud
|
- mariadb-nextcloud
|
||||||
- redis-nextcloud
|
- redis-nextcloud
|
||||||
|
- nextcloud-collabora
|
||||||
label:
|
label:
|
||||||
io.containers.autoupdate: "registry"
|
io.containers.autoupdate: "registry"
|
||||||
traefik.enable: "true"
|
traefik.enable: "true"
|
||||||
traefik.http.routers.nextcloud.entrypoints: "https"
|
traefik.http.routers.nextcloud.entrypoints: "https"
|
||||||
traefik.http.routers.nextcloud.rule: "PathPrefix(`/cloud`)"
|
traefik.http.routers.nextcloud.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/cloud/`) || Path(`/cloud`))"
|
||||||
traefik.http.routers.nextcloud.tls: "true"
|
traefik.http.routers.nextcloud.tls: "true"
|
||||||
traefik.http.routers.nextcloud.tls.certresolver: "wildcard"
|
traefik.http.routers.nextcloud.tls.certresolver: "wildcard"
|
||||||
traefik.http.routers.nextcloud.service: "nextcloud"
|
traefik.http.routers.nextcloud.service: "nextcloud"
|
||||||
traefik.http.routers.nextcloud.middlewares: "nextcloud-prefixstrip,nextcloud-redirectregex,nextcloud-headers,http-compress@file"
|
traefik.http.routers.nextcloud.middlewares: "force-trailing-slash@file,nextcloud-prefixstrip,nextcloud-redirectregex,nextcloud-headers,http-compress@file"
|
||||||
traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.permanent: "true"
|
traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.permanent: "true"
|
||||||
traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.regex: "https://(.*)/cloud/.well-known/(card|cal)dav"
|
traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.regex: "https://(.*)/.well-known/(card|cal)dav"
|
||||||
traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.replacement: "https://${1}/cloud/remote.php/dav/"
|
traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.replacement: "https://${1}/remote.php/dav/"
|
||||||
traefik.http.middlewares.nextcloud-headers.headers.stsSeconds: "31536000"
|
traefik.http.middlewares.nextcloud-headers.headers.stsSeconds: "31536000"
|
||||||
traefik.http.middlewares.nextcloud-headers.headers.stsIncludeSubdomains: "true"
|
traefik.http.middlewares.nextcloud-headers.headers.stsIncludeSubdomains: "true"
|
||||||
traefik.http.middlewares.nextcloud-prefixstrip.stripprefix.prefixes: "/cloud"
|
traefik.http.middlewares.nextcloud-prefixstrip.stripprefix.prefixes: "/cloud"
|
||||||
@ -170,10 +184,12 @@
|
|||||||
SMTP_AUTHTYPE: "None"
|
SMTP_AUTHTYPE: "None"
|
||||||
SMTP_NAME: ""
|
SMTP_NAME: ""
|
||||||
SMTP_PASSWORD: ""
|
SMTP_PASSWORD: ""
|
||||||
MAIL_FROM_ADDRESS: "nextcloud"
|
MAIL_FROM_ADDRESS: "{{ vault_smtp_from }}"
|
||||||
MAIL_DOMAIN: "{{ vault_smtp_domain }}"
|
MAIL_DOMAIN: "{{ vault_smtp_domain }}"
|
||||||
TRUSTED_PROXIES: "traefik"
|
TRUSTED_PROXIES: "traefik"
|
||||||
OVERWRITEWEBROOT: "/cloud"
|
OVERWRITEWEBROOT: "/cloud"
|
||||||
|
OVERWRITECLIURL: "https://{{ vault_domain }}/cloud"
|
||||||
|
OVERWRITEPROTOCOL: "https"
|
||||||
generate_systemd:
|
generate_systemd:
|
||||||
path: /home/containers/.config/systemd/user/
|
path: /home/containers/.config/systemd/user/
|
||||||
restart_policy: on-failure
|
restart_policy: on-failure
|
||||||
|
@ -9,6 +9,16 @@
|
|||||||
register: uid_containers
|
register: uid_containers
|
||||||
changed_when: uid_containers.rc != 0
|
changed_when: uid_containers.rc != 0
|
||||||
|
|
||||||
|
- name: Stop running containers
|
||||||
|
become_user: containers
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
scope: user
|
||||||
|
name: container-{{ item }}.service
|
||||||
|
state: stopped
|
||||||
|
loop:
|
||||||
|
- portainer
|
||||||
|
|
||||||
- name: Pull portainer image
|
- name: Pull portainer image
|
||||||
become_user: containers
|
become_user: containers
|
||||||
become: true
|
become: true
|
||||||
@ -48,11 +58,11 @@
|
|||||||
io.containers.autoupdate: "registry"
|
io.containers.autoupdate: "registry"
|
||||||
traefik.enable: "true"
|
traefik.enable: "true"
|
||||||
traefik.http.routers.portainer.entrypoints: "https"
|
traefik.http.routers.portainer.entrypoints: "https"
|
||||||
traefik.http.routers.portainer.rule: "PathPrefix(`/portainer`)"
|
traefik.http.routers.portainer.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/portainer/`) || Path(`/portainer`))"
|
||||||
traefik.http.routers.portainer.tls: "true"
|
traefik.http.routers.portainer.tls: "true"
|
||||||
traefik.http.routers.portainer.tls.certresolver: "wildcard"
|
traefik.http.routers.portainer.tls.certresolver: "wildcard"
|
||||||
traefik.http.routers.portainer.service: "portainer"
|
traefik.http.routers.portainer.service: "portainer"
|
||||||
traefik.http.routers.portainer.middlewares: "portainer-prefixstrip@docker"
|
traefik.http.routers.portainer.middlewares: "force-trailing-slash@file,portainer-prefixstrip@docker"
|
||||||
traefik.http.middlewares.portainer-prefixstrip.stripprefix.prefixes: "/portainer"
|
traefik.http.middlewares.portainer-prefixstrip.stripprefix.prefixes: "/portainer"
|
||||||
traefik.http.services.portainer.loadbalancer.server.port: "9000"
|
traefik.http.services.portainer.loadbalancer.server.port: "9000"
|
||||||
traefik.docker.network: "traefik-portainer"
|
traefik.docker.network: "traefik-portainer"
|
||||||
|
15
containers/traefik/files/conf/force_trailing_slash.yml
Normal file
15
containers/traefik/files/conf/force_trailing_slash.yml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
http:
|
||||||
|
middlewares:
|
||||||
|
force-trailing-slash:
|
||||||
|
chain:
|
||||||
|
middlewares:
|
||||||
|
- add-trailing-slash
|
||||||
|
- strip-after-slash
|
||||||
|
add-trailing-slash:
|
||||||
|
redirectregex:
|
||||||
|
regex: "^(https?://[^/]+/[a-z0-9_]+)$"
|
||||||
|
replacement: "${1}/"
|
||||||
|
permanent: true
|
||||||
|
strip-after-slash:
|
||||||
|
stripprefixregex:
|
||||||
|
regex: "/[a-z0-9_]+"
|
@ -9,6 +9,16 @@
|
|||||||
register: uid_containers
|
register: uid_containers
|
||||||
changed_when: uid_containers.rc != 0
|
changed_when: uid_containers.rc != 0
|
||||||
|
|
||||||
|
- name: Stop running containers
|
||||||
|
become_user: containers
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
scope: user
|
||||||
|
name: container-{{ item }}.service
|
||||||
|
state: stopped
|
||||||
|
loop:
|
||||||
|
- traefik
|
||||||
|
|
||||||
- name: Permit traffic from any IP to http port
|
- name: Permit traffic from any IP to http port
|
||||||
become: true
|
become: true
|
||||||
community.general.ufw:
|
community.general.ufw:
|
||||||
@ -75,6 +85,8 @@
|
|||||||
- traefik-portainer
|
- traefik-portainer
|
||||||
- traefik-nextcloud
|
- traefik-nextcloud
|
||||||
- traefik-gitea
|
- traefik-gitea
|
||||||
|
- traefik-collabora
|
||||||
|
- traefik-heimdall
|
||||||
|
|
||||||
- name: Create traefik instance
|
- name: Create traefik instance
|
||||||
become_user: containers
|
become_user: containers
|
||||||
@ -83,9 +95,9 @@
|
|||||||
name: traefik
|
name: traefik
|
||||||
image: docker.io/traefik:latest
|
image: docker.io/traefik:latest
|
||||||
state: present
|
state: present
|
||||||
ports:
|
publish:
|
||||||
- 80:80
|
- "80:80"
|
||||||
- 443:443
|
- "443:443"
|
||||||
security_opt:
|
security_opt:
|
||||||
- label=type:container_runtime_t
|
- label=type:container_runtime_t
|
||||||
volume:
|
volume:
|
||||||
@ -96,15 +108,16 @@
|
|||||||
- traefik-portainer
|
- traefik-portainer
|
||||||
- traefik-nextcloud
|
- traefik-nextcloud
|
||||||
- traefik-gitea
|
- traefik-gitea
|
||||||
|
- traefik-collabora
|
||||||
|
- traefik-heimdall
|
||||||
cap_add:
|
cap_add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
label:
|
label:
|
||||||
io.containers.autoupdate: "registry"
|
io.containers.autoupdate: "registry"
|
||||||
traefik.enable: "true"
|
traefik.enable: "true"
|
||||||
traefik.http.middlewares.traefik-auth.basicauth.users: "{{ vault_traefik_basic_auth }}"
|
traefik.http.middlewares.traefik-auth.basicauth.users: "{{ vault_traefik_basic_auth }}"
|
||||||
traefik.http.middlewares.traefik-prefixstrip.stripprefix.prefixes: "/traefik"
|
|
||||||
traefik.http.routers.traefik.entrypoints: "https"
|
traefik.http.routers.traefik.entrypoints: "https"
|
||||||
traefik.http.routers.traefik.rule: "PathPrefix(`/traefik`) || HeadersRegexp(`Referer`, `.*/traefik/.*`)"
|
traefik.http.routers.traefik.rule: "Host(`{{ vault_domain }}`) && PathPrefix(`/api`,`/dashboard`)"
|
||||||
traefik.http.routers.traefik.middlewares: "traefik-auth@docker"
|
traefik.http.routers.traefik.middlewares: "traefik-auth@docker"
|
||||||
traefik.http.routers.traefik.tls: "true"
|
traefik.http.routers.traefik.tls: "true"
|
||||||
traefik.http.routers.traefik.tls.certresolver: "wildcard"
|
traefik.http.routers.traefik.tls.certresolver: "wildcard"
|
||||||
|
@ -1,10 +1,11 @@
|
|||||||
http:
|
http:
|
||||||
routers:
|
routers:
|
||||||
cockpit:
|
cockpit:
|
||||||
rule: "PathPrefix(`/cockpit`)"
|
rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/cockpit/`) || Path(`/cockpit`))"
|
||||||
entryPoints: https
|
entryPoints: https
|
||||||
middlewares:
|
middlewares:
|
||||||
- cockpit-stripprefix
|
- force-trailing-slash
|
||||||
|
- drop-xforwarded-proto
|
||||||
service: cockpit
|
service: cockpit
|
||||||
tls:
|
tls:
|
||||||
certresolver: wildcard
|
certresolver: wildcard
|
||||||
@ -14,9 +15,18 @@ http:
|
|||||||
stripPrefix:
|
stripPrefix:
|
||||||
prefixes:
|
prefixes:
|
||||||
- "/cockpit"
|
- "/cockpit"
|
||||||
|
drop-xforwarded-proto:
|
||||||
|
headers:
|
||||||
|
customrequestheaders:
|
||||||
|
X-Forwarded-Proto: ""
|
||||||
|
|
||||||
services:
|
services:
|
||||||
cockpit:
|
cockpit:
|
||||||
loadBalancer:
|
loadBalancer:
|
||||||
|
serversTransport: nocertverify
|
||||||
servers:
|
servers:
|
||||||
- url: "http://127.0.0.1:9090"
|
- url: "https://{{ vault_domain }}:9090"
|
||||||
|
|
||||||
|
serversTransports:
|
||||||
|
nocertverify:
|
||||||
|
insecureSkipVerify: true
|
@ -1,69 +1,80 @@
|
|||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
39333532643966303936316430656133306365636266323238356465353438666664643735653036
|
38343663613164616165313862356365343939336537653566313831623633613732336635313164
|
||||||
3261393138663336613866633439333536386465653636620a383932323939323762643666646635
|
3633356634376334643136323431306261366134376637360a323339346463373637373965336337
|
||||||
38353038393234636430383864636461373530626238366630396165353430616233393936336233
|
63663130636364633334626237613430313833386165646231353639346466393535623838353337
|
||||||
3964396231643335320a376361623633646233343937663863613663323335316231643330396536
|
6463303161343630640a343433383465343432323032653861366233363761343931353764343236
|
||||||
34323464663065343531313639653238386666353036643337366635303737393933356464333432
|
65613763653334353461363966663832366632363565656537646366346637623837366663346464
|
||||||
34353031623163663234626637376632313434326634343361343633646335633530343264306562
|
33656634373163306537393631633239626432643963646534323739633266373130363535613136
|
||||||
34343834343564633032636537313964343864623434643131343464373431653262306535346563
|
61353933666130363765643965623030623737386264636632386635626266323563613133663165
|
||||||
33666631323264633136363164613763386662653666356131613931613237303439623638616461
|
63316438623732613361333136353230313763396463363233633266393862333238363331363231
|
||||||
35643530623665376631303932633031613737623034653262666439303839666665326136373630
|
33343963626533623931306637353236323065616631363633623433366634346331316637393565
|
||||||
33653137323437643138643234633330386565396635353831613461326363333862336636626338
|
39643564333065353866616566643436383630666439623730376561663831376566363132316230
|
||||||
39373064613936623563333734643837313066353761323435353761643566383533323962373133
|
61663938366566653165383636343138366437636361663764643939636233343532373131346361
|
||||||
39643461633035613239613265366131396461656361646434333535646366343230303666313732
|
66363433656338316434646166666331323538393139623632613837333933353932333464613134
|
||||||
63323565613339653537653332363436383633306363333330306132313338303466333466306565
|
36396232333461353930623935613364343333356133396530653330323963653665386461383664
|
||||||
39386464323230323561646464373232353863323961363664323436313862303563313234383632
|
38666433623135316161326661336561376262363361376135613035306532626238633262616234
|
||||||
64373036316235396330346434313635626262376435666134636663653337613561393337616635
|
64336330386565663034333662373331343931323937646436323666633439333864363061386164
|
||||||
32323238623831623933373066633032333831356131343639333665386335613435373433333661
|
65623338396637303162373331346430613233396362613465356631316566346239326132396464
|
||||||
61313234666261353464643066653331666561633835666135646236353533656137623465323162
|
32626639656238666565636537663365316630653535656137303234653032363865396633656435
|
||||||
66626531643961353366643866666463356530376661623164333964353562306465336237353937
|
33373662623565303062346637363134393161313237656139356361653163393536386563636261
|
||||||
64303635633562623964383966373865363135613438643165326637376239343566613739336462
|
38386463646634336263623032653433336334326666376166653739656165343965613466663238
|
||||||
33363537356262383866383838306631383865363830623162333964363333316438303233633037
|
31376534383065366635386563656334623232383730626663393765663834613862656139656464
|
||||||
61303537626364323638356632313563656463383632613736626133326131316362313263356637
|
62373062633539396632323536373039313031366637653464313735656534336239343838316464
|
||||||
61373237333038666361343036643633623334396435333634613532396465363738616664656561
|
65366538663464353064353864346432383866313935626633633434636436653863393735626639
|
||||||
34383730666463353932323432396330646566373662346364303231613063656237636164303263
|
32626332316439326661623233333032356362373537663366633538313761616435366639346230
|
||||||
33633565303366636132316239373731633563393231363365373639356265323465326563326538
|
30633234616331336631336431633037633066616237623736663661313464303934373565663136
|
||||||
62653834376232653636646664336565623137613434366662313738393261373165323764373736
|
31353265386237363031323262393232353766303763626565666438643339336235393936366230
|
||||||
37616435653033633634373364616630373163626162646336373532643030633863326562333333
|
32623636386334326235663061623236393066326666326337343635616366313436626662316237
|
||||||
30316433626565303366313036353836386564363936643238366137646666303932623764323461
|
34636661396139373863663130386631333437643665333631616234333730623032376237646432
|
||||||
34636566396137343261363630313239326464326437306666656233636139643439383739616637
|
34396631613766346630333831643035393538356234343134313466386335633539623335373265
|
||||||
30306534386663323761313530393737643536306131316363366335636437313335336164636334
|
30626330303939653362353364376331643638336137616133326532336638633639326261313164
|
||||||
30363336306336363837386663626461363465396235323861643664323664643139663537386363
|
37353638306138343939326632393634623432383531346466643931343839666137383637643930
|
||||||
66636134313661346465323066613934396566333033616462653831396134366234393735336132
|
35646531656235396137626535323162396163323330646535663639656136346165356434363065
|
||||||
31353037613136613232346631393433626339316539656236313661376662376630623233363831
|
36636165373031376639623866373264613035353439643837623536326439336638646530316531
|
||||||
35366131643334656532333634383364666461353133646563386138626266303339663662636335
|
62343130326461636231626531636436663162396361633264633031373865623830326461313935
|
||||||
66303835333631356665386133616666613337643538376164363334343934326264383533656431
|
31353831303838346436373935613765646638373861346435393566333438383239393465643535
|
||||||
66616362303230303932663931306661643066626638663537633566303862326365653435376230
|
32316539623362383661643363336236346331346335623938653530613866333231643130353530
|
||||||
61613230376462383530323063343366613561633130313736313236396433306439356532383262
|
61633936623061646533613938353763343137623037363639393836306531333739383537343933
|
||||||
38306565306637623733653235643362303737383533663739366632616437306162626661353362
|
35353034373563633437326530616138336438333930326536616630356231316430613035643932
|
||||||
31613932333039613063643666316635316363663236663836643539613364656131316138386332
|
66663134613234356237363632393762356463383133353034323132376266636465313966316536
|
||||||
61636135383430653535323734366437633830336462373162343634323935313235656439316361
|
32353731343862306562396435653231376666363931636234323330383763613565303361646339
|
||||||
63663230373330626331393863633461343434633736316166613033636134393837393564326364
|
31333033653764333932373965613563356131373432393933643666653735633939316237353061
|
||||||
63393231376435643836393233303536303434626530373363343664636634363366393463316137
|
38653363626233353161363134333834363663303530343938313261666632356234326531313238
|
||||||
63386163613839336132366363333965313737303838386465336331316232303561643233376666
|
62356161343230646633633531333738376335396539626431373732313833613539343531623066
|
||||||
37363130646230366264653965316436316238306231643663353936623932356462373538356536
|
32303237363161396439623131656163626132303765326461306632323435343063653563656334
|
||||||
35323739336432353664386236306364353236656330643965363461313732313838663464653834
|
65613830653335386662663031653839363934656437343730303065396363636537346237306138
|
||||||
35336166663033666139666234613131343030613066623363343837316464356137623436653263
|
30316131613865393861383639663161303734336133346262383365323666623237386262663337
|
||||||
63356564663362343062653964326138376663633562333764643830623931383566663831666661
|
35663637393032633764623635343466363366316536643539306339363130316238633630336362
|
||||||
64353632653130343839616233626638616537326138363438303661386138336163303266303233
|
35393230393436393436383537646163613334363130336163636230633639623738623766666537
|
||||||
62353138396461373739643864376261326662356466313932326534633135363639323065346166
|
35356432326666663539313337306230313937616332653134346136363236383036653462363031
|
||||||
64393931636432383437323931333633626538326334623361623837363538313766333433333333
|
38643432356534396466656261373762633132363833663561613636316435666463343135393363
|
||||||
64653062366366393533636333633337663034623737663766663762383863333561326637313431
|
65623063626564313131383534313661356637396166383930643936303337666437643861323931
|
||||||
34306132663061626166316562653063613964306232356264333264613031636434616430353530
|
38333238373866336433356561626561306330313034626233616533663866613930383735393336
|
||||||
64343762643832613937623834653763396430373438363531636339613038303064326665383038
|
61666339636466376633643731303065333337656162396634343032623939656231633838613136
|
||||||
32393364653330653965623938363132633865666665306262303234376334373238326130333939
|
66386233663231616638616163363430636233346465636461313864343436323664316638636132
|
||||||
31353462626365303031313965346538346237643331326362353032653731343764303864383133
|
66376466343662343938356537333730646265393032613738393832646364323737363437343538
|
||||||
64366461303665313562373463353961633732313631303439663432373533393064366130306266
|
31666436666664353161626462316161326262363166373835653462643935356465386132656233
|
||||||
61356332643161306135643838303863366364633239376165316338323162373631656266663062
|
64613839353235663564633765653936306261303639343265653765633131666366363930643634
|
||||||
34306539353262333964643062306564656435663861323861613738616436643266313730343739
|
35333039326130656234626135663031343839336633373564333930313134383630646566386261
|
||||||
36646662653032366230336463313333656436356661653838656233663638316661643866373865
|
65306237353235333865643666353064383663663234386233666164313461633738396465366139
|
||||||
66356332316338343565333035303932356334643163353139623138346235313639383363396338
|
36646335663461303736646362343534623334366134303138323535656635316433356230663137
|
||||||
30653866323962653132656133626539323862666433613063633730333766303763326163396530
|
39633939613563353761376339633031623531633262326164326630343239633434666665386566
|
||||||
64376461613930376364666439326163353061356630373463643839316263626661323139316131
|
36633039653161316135353463373331373937393864643338643633656530313431646530303737
|
||||||
36356130613032333531633831653061653165386533393933663935666439303935303634313732
|
65386337323235663263306163616136363030363634373536366331646439336264366664613664
|
||||||
35623731313030333264646465353066393534333934663535343130316637353765366264653564
|
36323235363838653062313863663864336262646236653466313534663461636637303434333362
|
||||||
33323834313834653034373163623132616633626337356461346361353732653339393163313139
|
62653364316535393237383864646237633064656337393932383038623331633738343235323333
|
||||||
65393535666234323832313865346635383433333839356364623065323933653332326134633331
|
32646333316432623733646437383836376666626139623261386635333433373536613435396136
|
||||||
35633664666330306234656638633933646539643866313162613539373131323962383363653566
|
34393033663332303634616261333236383565653934303437396134623130383836643035386638
|
||||||
38373662626136323463393630346134663936303963373065626331656130353066346666363564
|
37616561353130656439373863656466636361646234363337343766613938323836373866656666
|
||||||
62373431643133353536
|
66663035333032616262313734323536616331633337346333343634643064643862663030653434
|
||||||
|
64633939623731633232363734306137616434373466396561313961663931373162333138373533
|
||||||
|
33393562363632383665633938316139623238376536316332376663313661316361633337383431
|
||||||
|
34316337643664363462636364666637623036323861636231373539643134633937366166376233
|
||||||
|
32663730316230626337396165333034313637373435623933313966386330633634646134323865
|
||||||
|
65383636376632373363306430653039353039393738646133393635383038366662393634346265
|
||||||
|
37623931343664383665666130656432613038343830383531613435333336313362343333663831
|
||||||
|
35313734326666396566633132663735373162323937323064336133636264313338373462386339
|
||||||
|
39636635353130646237323834393963396238653633623161653539636263316534636461363437
|
||||||
|
64656463613565636231336635613937383537393561353463343530376238623532366335366430
|
||||||
|
35363739666335343436643433376432633762623661376161373539633662323633643939316134
|
||||||
|
663339383635626333363365323634623535
|
||||||
|
@ -30,6 +30,15 @@
|
|||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Permit traffic from any IP to cockpit socket
|
||||||
|
become: true
|
||||||
|
community.general.ufw:
|
||||||
|
direction: in
|
||||||
|
from_ip: any
|
||||||
|
proto: tcp
|
||||||
|
to_port: 9090
|
||||||
|
rule: allow
|
||||||
|
|
||||||
# - name: Reboot
|
# - name: Reboot
|
||||||
# become: true
|
# become: true
|
||||||
# ansible.builtin.reboot:
|
# ansible.builtin.reboot:
|
||||||
|
@ -1,4 +1,3 @@
|
|||||||
[WebService]
|
[WebService]
|
||||||
Origins = http://{{ inventory_hostname }} ws://{{ inventory_hostname }} https://{{ inventory_hostname }} wss://{{ inventory_hostname }} http://{{ ansible_host }} ws://{{ ansible_host }} https://{{ ansible_host }} wss://{{ ansible_host }}
|
Origins = http://{{ inventory_hostname }} ws://{{ inventory_hostname }} https://{{ inventory_hostname }} wss://{{ inventory_hostname }} http://{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:9090 ws://{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:9090 https://{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:9090 wss://{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:9090
|
||||||
ProtocolHeader = X-Forwarded-Proto
|
ProtocolHeader = X-Forwarded-Proto
|
||||||
AllowUnencrypted=true
|
|
Loading…
Reference in New Issue
Block a user