Compare commits
No commits in common. "7926457cda261abdc0df46af3fcf4f618f0f9402" and "5d5d05f0552a813cc65eb02b90d766caa7bad716" have entirely different histories.
7926457cda
...
5d5d05f055
@ -1,91 +0,0 @@
|
|||||||
# code: language=ansible
|
|
||||||
|
|
||||||
---
|
|
||||||
- hosts: all
|
|
||||||
name: Collabora CODE container
|
|
||||||
tasks:
|
|
||||||
- name: Stop running containers
|
|
||||||
become_user: containers
|
|
||||||
become: true
|
|
||||||
ansible.builtin.systemd:
|
|
||||||
scope: user
|
|
||||||
name: container-{{ item }}.service
|
|
||||||
state: stopped
|
|
||||||
loop:
|
|
||||||
- collabora
|
|
||||||
|
|
||||||
# - name: Create podman volumes
|
|
||||||
# containers.podman.podman_volume:
|
|
||||||
# state: present
|
|
||||||
# name: "{{ item }}"
|
|
||||||
# become_user: containers
|
|
||||||
# become: true
|
|
||||||
# loop:
|
|
||||||
# - collabora-config
|
|
||||||
|
|
||||||
- name: Create podman networks
|
|
||||||
containers.podman.podman_network:
|
|
||||||
name: "{{ item }}"
|
|
||||||
recreate: false
|
|
||||||
state: "present"
|
|
||||||
become_user: containers
|
|
||||||
become: true
|
|
||||||
loop:
|
|
||||||
- traefik-collabora
|
|
||||||
- nextcloud-collabora
|
|
||||||
|
|
||||||
- name: Pull container images
|
|
||||||
become_user: containers
|
|
||||||
become: true
|
|
||||||
containers.podman.podman_image:
|
|
||||||
name: docker.io/{{ item }}
|
|
||||||
loop:
|
|
||||||
- collabora/code:latest
|
|
||||||
|
|
||||||
- name: Add a collabora container
|
|
||||||
become_user: containers
|
|
||||||
become: true
|
|
||||||
containers.podman.podman_container:
|
|
||||||
name: collabora
|
|
||||||
image: docker.io/collabora/code:latest
|
|
||||||
state: present
|
|
||||||
cap_add:
|
|
||||||
- MKNOD
|
|
||||||
network:
|
|
||||||
- traefik-collabora
|
|
||||||
- nextcloud-collabora
|
|
||||||
# volume:
|
|
||||||
# - collabora-config:/etc/coolwsd:Z
|
|
||||||
label:
|
|
||||||
io.containers.autoupdate: "registry"
|
|
||||||
traefik.enable: "true"
|
|
||||||
traefik.http.routers.collabora.entrypoints: "https"
|
|
||||||
traefik.http.routers.collabora.rule: "Host(`{{ vault_domain }}`) && PathPrefix(`/collabora`,`/browser`)"
|
|
||||||
traefik.http.routers.collabora.tls: "true"
|
|
||||||
traefik.http.routers.collabora.tls.certresolver: "wildcard"
|
|
||||||
traefik.http.routers.collabora.service: "collabora"
|
|
||||||
traefik.http.services.collabora.loadbalancer.server.port: "9980"
|
|
||||||
traefik.docker.network: "traefik-collabora"
|
|
||||||
env:
|
|
||||||
domain: "chef\\.heaplab\\.deib\\.polimi\\.it"
|
|
||||||
aliasgroup1: "chef\\.heaplab\\.deib\\.polimi\\.it"
|
|
||||||
username: "{{ vault_collabora_user }}"
|
|
||||||
password: "{{ vault_collabora_password }}"
|
|
||||||
extra_params: "--o:ssl.enable=false --o:ssl.termination=true --o:net.service_root=/collabora"
|
|
||||||
generate_systemd:
|
|
||||||
path: /home/containers/.config/systemd/user/
|
|
||||||
restart_policy: on-failure
|
|
||||||
names: true
|
|
||||||
new: true
|
|
||||||
|
|
||||||
- name: Start containers at boot
|
|
||||||
become_user: containers
|
|
||||||
become: true
|
|
||||||
ansible.builtin.systemd:
|
|
||||||
scope: user
|
|
||||||
name: container-{{ item }}.service
|
|
||||||
enabled: true
|
|
||||||
state: started
|
|
||||||
daemon_reload: true
|
|
||||||
loop:
|
|
||||||
- collabora
|
|
||||||
@ -4,16 +4,6 @@
|
|||||||
- hosts: all
|
- hosts: all
|
||||||
name: Drone CI runner agent
|
name: Drone CI runner agent
|
||||||
tasks:
|
tasks:
|
||||||
- name: Stop running containers
|
|
||||||
become_user: containers
|
|
||||||
become: true
|
|
||||||
ansible.builtin.systemd:
|
|
||||||
scope: user
|
|
||||||
name: container-{{ item }}.service
|
|
||||||
state: stopped
|
|
||||||
loop:
|
|
||||||
- drone-runner
|
|
||||||
|
|
||||||
- name: Get containers UID
|
- name: Get containers UID
|
||||||
ansible.builtin.command: "id -u containers"
|
ansible.builtin.command: "id -u containers"
|
||||||
register: uid_containers
|
register: uid_containers
|
||||||
@ -60,11 +50,11 @@
|
|||||||
io.containers.autoupdate: "registry"
|
io.containers.autoupdate: "registry"
|
||||||
traefik.enable: "true"
|
traefik.enable: "true"
|
||||||
traefik.http.routers.drone-runner.entrypoints: "https"
|
traefik.http.routers.drone-runner.entrypoints: "https"
|
||||||
traefik.http.routers.drone-runner.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/runner/`) || Path(`/runner`))"
|
traefik.http.routers.drone-runner.rule: "PathPrefix(`/runner`)"
|
||||||
traefik.http.routers.drone-runner.tls: "true"
|
traefik.http.routers.drone-runner.tls: "true"
|
||||||
traefik.http.routers.drone-runner.tls.certresolver: "wildcard"
|
traefik.http.routers.drone-runner.tls.certresolver: "wildcard"
|
||||||
traefik.http.routers.drone-runner.service: "drone-runner"
|
traefik.http.routers.drone-runner.service: "drone-runner"
|
||||||
traefik.http.routers.drone-runner.middlewares: "force-trailing-slash@file,drone-runner-prefixstrip@docker"
|
traefik.http.routers.drone-runner.middlewares: "drone-runner-prefixstrip@docker"
|
||||||
traefik.http.middlewares.drone-runner-prefixstrip.stripprefix.prefixes: "/runner"
|
traefik.http.middlewares.drone-runner-prefixstrip.stripprefix.prefixes: "/runner"
|
||||||
traefik.http.services.drone-runner.loadbalancer.server.port: "3000"
|
traefik.http.services.drone-runner.loadbalancer.server.port: "3000"
|
||||||
traefik.docker.network: "traefik-drone-runner"
|
traefik.docker.network: "traefik-drone-runner"
|
||||||
|
|||||||
@ -4,16 +4,6 @@
|
|||||||
- hosts: all
|
- hosts: all
|
||||||
name: Drone CI server coordinator
|
name: Drone CI server coordinator
|
||||||
tasks:
|
tasks:
|
||||||
- name: Stop running containers
|
|
||||||
become_user: containers
|
|
||||||
become: true
|
|
||||||
ansible.builtin.systemd:
|
|
||||||
scope: user
|
|
||||||
name: container-{{ item }}.service
|
|
||||||
state: stopped
|
|
||||||
loop:
|
|
||||||
- drone-server
|
|
||||||
|
|
||||||
- name: Create podman volumes
|
- name: Create podman volumes
|
||||||
containers.podman.podman_volume:
|
containers.podman.podman_volume:
|
||||||
state: present
|
state: present
|
||||||
@ -58,11 +48,11 @@
|
|||||||
io.containers.autoupdate: "registry"
|
io.containers.autoupdate: "registry"
|
||||||
traefik.enable: "true"
|
traefik.enable: "true"
|
||||||
traefik.http.routers.drone-server.entrypoints: "https"
|
traefik.http.routers.drone-server.entrypoints: "https"
|
||||||
traefik.http.routers.drone-server.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/drone/`) || Path(`/drone`))"
|
traefik.http.routers.drone-server.rule: "PathPrefix(`/drone`)"
|
||||||
traefik.http.routers.drone-server.tls: "true"
|
traefik.http.routers.drone-server.tls: "true"
|
||||||
traefik.http.routers.drone-server.tls.certresolver: "wildcard"
|
traefik.http.routers.drone-server.tls.certresolver: "wildcard"
|
||||||
traefik.http.routers.drone-server.service: "drone-server"
|
traefik.http.routers.drone-server.service: "drone-server"
|
||||||
traefik.http.routers.drone-server.middlewares: "force-trailing-slash@file,drone-server-prefixstrip@docker"
|
traefik.http.routers.drone-server.middlewares: "drone-server-prefixstrip@docker"
|
||||||
traefik.http.middlewares.drone-server-prefixstrip.stripprefix.prefixes: "/drone"
|
traefik.http.middlewares.drone-server-prefixstrip.stripprefix.prefixes: "/drone"
|
||||||
traefik.http.services.drone-server.loadbalancer.server.port: "80"
|
traefik.http.services.drone-server.loadbalancer.server.port: "80"
|
||||||
traefik.docker.network: "traefik-drone"
|
traefik.docker.network: "traefik-drone"
|
||||||
|
|||||||
@ -4,17 +4,6 @@
|
|||||||
- hosts: all
|
- hosts: all
|
||||||
name: Gitea web server
|
name: Gitea web server
|
||||||
tasks:
|
tasks:
|
||||||
- name: Stop running containers
|
|
||||||
become_user: containers
|
|
||||||
become: true
|
|
||||||
ansible.builtin.systemd:
|
|
||||||
scope: user
|
|
||||||
name: container-{{ item }}.service
|
|
||||||
state: stopped
|
|
||||||
loop:
|
|
||||||
- gitea
|
|
||||||
- db_gitea
|
|
||||||
|
|
||||||
- name: Permit traffic from any IP to ssh port
|
- name: Permit traffic from any IP to ssh port
|
||||||
become: true
|
become: true
|
||||||
community.general.ufw:
|
community.general.ufw:
|
||||||
@ -98,8 +87,8 @@
|
|||||||
name: gitea
|
name: gitea
|
||||||
image: docker.io/gitea/gitea:latest
|
image: docker.io/gitea/gitea:latest
|
||||||
state: present
|
state: present
|
||||||
publish:
|
ports:
|
||||||
- "22:22"
|
- 22:22
|
||||||
network:
|
network:
|
||||||
- traefik-gitea
|
- traefik-gitea
|
||||||
- mariadb-gitea
|
- mariadb-gitea
|
||||||
@ -111,11 +100,11 @@
|
|||||||
io.containers.autoupdate: "registry"
|
io.containers.autoupdate: "registry"
|
||||||
traefik.enable: "true"
|
traefik.enable: "true"
|
||||||
traefik.http.routers.gitea.entrypoints: "https"
|
traefik.http.routers.gitea.entrypoints: "https"
|
||||||
traefik.http.routers.gitea.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/git/`) || Path(`/git`))"
|
traefik.http.routers.gitea.rule: "PathPrefix(`/git`)"
|
||||||
traefik.http.routers.gitea.tls: "true"
|
traefik.http.routers.gitea.tls: "true"
|
||||||
traefik.http.routers.gitea.tls.certresolver: "wildcard"
|
traefik.http.routers.gitea.tls.certresolver: "wildcard"
|
||||||
traefik.http.routers.gitea.service: "gitea"
|
traefik.http.routers.gitea.service: "gitea"
|
||||||
traefik.http.routers.gitea.middlewares: "force-trailing-slash@file,gitea-prefixstrip@docker"
|
traefik.http.routers.gitea.middlewares: "gitea-prefixstrip@docker"
|
||||||
traefik.http.middlewares.gitea-prefixstrip.stripprefix.prefixes: "/git"
|
traefik.http.middlewares.gitea-prefixstrip.stripprefix.prefixes: "/git"
|
||||||
traefik.http.services.gitea.loadbalancer.server.port: "3000"
|
traefik.http.services.gitea.loadbalancer.server.port: "3000"
|
||||||
traefik.docker.network: "traefik-gitea"
|
traefik.docker.network: "traefik-gitea"
|
||||||
|
|||||||
@ -1,93 +0,0 @@
|
|||||||
# code: language=ansible
|
|
||||||
|
|
||||||
---
|
|
||||||
- hosts: all
|
|
||||||
name: Heimdall landing page
|
|
||||||
tasks:
|
|
||||||
- name: Stop running containers
|
|
||||||
become_user: containers
|
|
||||||
become: true
|
|
||||||
ansible.builtin.systemd:
|
|
||||||
scope: user
|
|
||||||
name: container-{{ item }}.service
|
|
||||||
state: stopped
|
|
||||||
loop:
|
|
||||||
- heimdall
|
|
||||||
|
|
||||||
- name: Create podman volumes
|
|
||||||
containers.podman.podman_volume:
|
|
||||||
state: present
|
|
||||||
name: "{{ item }}"
|
|
||||||
become_user: containers
|
|
||||||
become: true
|
|
||||||
loop:
|
|
||||||
- heimdall-config
|
|
||||||
|
|
||||||
- name: Create podman networks
|
|
||||||
containers.podman.podman_network:
|
|
||||||
name: "{{ item }}"
|
|
||||||
recreate: false
|
|
||||||
state: "present"
|
|
||||||
become_user: containers
|
|
||||||
become: true
|
|
||||||
loop:
|
|
||||||
- traefik-heimdall
|
|
||||||
|
|
||||||
- name: Pull an image
|
|
||||||
become_user: containers
|
|
||||||
become: true
|
|
||||||
containers.podman.podman_image:
|
|
||||||
name: lscr.io/linuxserver/heimdall:latest
|
|
||||||
|
|
||||||
- name: Add a heimdall container
|
|
||||||
become_user: containers
|
|
||||||
become: true
|
|
||||||
containers.podman.podman_container:
|
|
||||||
name: heimdall
|
|
||||||
image: lscr.io/linuxserver/heimdall:latest
|
|
||||||
state: present
|
|
||||||
network:
|
|
||||||
- traefik-heimdall
|
|
||||||
volume:
|
|
||||||
- heimdall-config:/config:Z
|
|
||||||
label:
|
|
||||||
io.containers.autoupdate: "registry"
|
|
||||||
traefik.enable: "true"
|
|
||||||
|
|
||||||
traefik.http.routers.heimdall.entrypoints: "https"
|
|
||||||
traefik.http.routers.heimdall.rule: "Host(`{{ vault_domain }}`)"
|
|
||||||
traefik.http.routers.heimdall.tls: "true"
|
|
||||||
traefik.http.routers.heimdall.tls.certresolver: "wildcard"
|
|
||||||
traefik.http.routers.heimdall.service: "heimdall"
|
|
||||||
traefik.http.services.heimdall.loadbalancer.server.port: "80"
|
|
||||||
|
|
||||||
traefik.http.routers.heimdall-settings.entrypoints: "https"
|
|
||||||
traefik.http.routers.heimdall-settings.rule: "Host(`{{ vault_domain }}`) && Path(`/settings`)"
|
|
||||||
traefik.http.routers.heimdall-settings.tls: "true"
|
|
||||||
traefik.http.routers.heimdall-settings.tls.certresolver: "wildcard"
|
|
||||||
traefik.http.routers.heimdall-settings.service: "heimdall"
|
|
||||||
traefik.http.routers.heimdall-settings.middlewares: "heimdall-auth@docker"
|
|
||||||
traefik.http.services.heimdall-settings.loadbalancer.server.port: "80"
|
|
||||||
|
|
||||||
traefik.http.middlewares.heimdall-auth.basicauth.users: "{{ vault_heimdall_basic_auth }}"
|
|
||||||
|
|
||||||
traefik.docker.network: "traefik-heimdall"
|
|
||||||
env:
|
|
||||||
TZ: "Europe/Rome"
|
|
||||||
generate_systemd:
|
|
||||||
path: /home/containers/.config/systemd/user/
|
|
||||||
restart_policy: on-failure
|
|
||||||
names: true
|
|
||||||
new: true
|
|
||||||
|
|
||||||
- name: Start containers at boot
|
|
||||||
become_user: containers
|
|
||||||
become: true
|
|
||||||
ansible.builtin.systemd:
|
|
||||||
scope: user
|
|
||||||
name: container-{{ item }}.service
|
|
||||||
enabled: true
|
|
||||||
state: started
|
|
||||||
daemon_reload: true
|
|
||||||
loop:
|
|
||||||
- heimdall
|
|
||||||
@ -4,18 +4,6 @@
|
|||||||
- hosts: all
|
- hosts: all
|
||||||
name: Nextcloud file sharing web service
|
name: Nextcloud file sharing web service
|
||||||
tasks:
|
tasks:
|
||||||
- name: Stop running containers
|
|
||||||
become_user: containers
|
|
||||||
become: true
|
|
||||||
ansible.builtin.systemd:
|
|
||||||
scope: user
|
|
||||||
name: container-{{ item }}.service
|
|
||||||
state: stopped
|
|
||||||
loop:
|
|
||||||
- nextcloud
|
|
||||||
- redis_nextcloud
|
|
||||||
- db_nextcloud
|
|
||||||
|
|
||||||
- name: Pull container images
|
- name: Pull container images
|
||||||
become_user: containers
|
become_user: containers
|
||||||
become: true
|
become: true
|
||||||
@ -89,7 +77,6 @@
|
|||||||
- traefik-nextcloud
|
- traefik-nextcloud
|
||||||
- mariadb-nextcloud
|
- mariadb-nextcloud
|
||||||
- redis-nextcloud
|
- redis-nextcloud
|
||||||
- nextcloud-collabora
|
|
||||||
|
|
||||||
- name: Create redis instance
|
- name: Create redis instance
|
||||||
become_user: containers
|
become_user: containers
|
||||||
@ -152,19 +139,18 @@
|
|||||||
- traefik-nextcloud
|
- traefik-nextcloud
|
||||||
- mariadb-nextcloud
|
- mariadb-nextcloud
|
||||||
- redis-nextcloud
|
- redis-nextcloud
|
||||||
- nextcloud-collabora
|
|
||||||
label:
|
label:
|
||||||
io.containers.autoupdate: "registry"
|
io.containers.autoupdate: "registry"
|
||||||
traefik.enable: "true"
|
traefik.enable: "true"
|
||||||
traefik.http.routers.nextcloud.entrypoints: "https"
|
traefik.http.routers.nextcloud.entrypoints: "https"
|
||||||
traefik.http.routers.nextcloud.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/cloud/`) || Path(`/cloud`))"
|
traefik.http.routers.nextcloud.rule: "PathPrefix(`/cloud`)"
|
||||||
traefik.http.routers.nextcloud.tls: "true"
|
traefik.http.routers.nextcloud.tls: "true"
|
||||||
traefik.http.routers.nextcloud.tls.certresolver: "wildcard"
|
traefik.http.routers.nextcloud.tls.certresolver: "wildcard"
|
||||||
traefik.http.routers.nextcloud.service: "nextcloud"
|
traefik.http.routers.nextcloud.service: "nextcloud"
|
||||||
traefik.http.routers.nextcloud.middlewares: "force-trailing-slash@file,nextcloud-prefixstrip,nextcloud-redirectregex,nextcloud-headers,http-compress@file"
|
traefik.http.routers.nextcloud.middlewares: "nextcloud-prefixstrip,nextcloud-redirectregex,nextcloud-headers,http-compress@file"
|
||||||
traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.permanent: "true"
|
traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.permanent: "true"
|
||||||
traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.regex: "https://(.*)/.well-known/(card|cal)dav"
|
traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.regex: "https://(.*)/cloud/.well-known/(card|cal)dav"
|
||||||
traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.replacement: "https://${1}/remote.php/dav/"
|
traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.replacement: "https://${1}/cloud/remote.php/dav/"
|
||||||
traefik.http.middlewares.nextcloud-headers.headers.stsSeconds: "31536000"
|
traefik.http.middlewares.nextcloud-headers.headers.stsSeconds: "31536000"
|
||||||
traefik.http.middlewares.nextcloud-headers.headers.stsIncludeSubdomains: "true"
|
traefik.http.middlewares.nextcloud-headers.headers.stsIncludeSubdomains: "true"
|
||||||
traefik.http.middlewares.nextcloud-prefixstrip.stripprefix.prefixes: "/cloud"
|
traefik.http.middlewares.nextcloud-prefixstrip.stripprefix.prefixes: "/cloud"
|
||||||
@ -184,12 +170,10 @@
|
|||||||
SMTP_AUTHTYPE: "None"
|
SMTP_AUTHTYPE: "None"
|
||||||
SMTP_NAME: ""
|
SMTP_NAME: ""
|
||||||
SMTP_PASSWORD: ""
|
SMTP_PASSWORD: ""
|
||||||
MAIL_FROM_ADDRESS: "{{ vault_smtp_from }}"
|
MAIL_FROM_ADDRESS: "nextcloud"
|
||||||
MAIL_DOMAIN: "{{ vault_smtp_domain }}"
|
MAIL_DOMAIN: "{{ vault_smtp_domain }}"
|
||||||
TRUSTED_PROXIES: "traefik"
|
TRUSTED_PROXIES: "traefik"
|
||||||
OVERWRITEWEBROOT: "/cloud"
|
OVERWRITEWEBROOT: "/cloud"
|
||||||
OVERWRITECLIURL: "https://{{ vault_domain }}/cloud"
|
|
||||||
OVERWRITEPROTOCOL: "https"
|
|
||||||
generate_systemd:
|
generate_systemd:
|
||||||
path: /home/containers/.config/systemd/user/
|
path: /home/containers/.config/systemd/user/
|
||||||
restart_policy: on-failure
|
restart_policy: on-failure
|
||||||
|
|||||||
@ -9,16 +9,6 @@
|
|||||||
register: uid_containers
|
register: uid_containers
|
||||||
changed_when: uid_containers.rc != 0
|
changed_when: uid_containers.rc != 0
|
||||||
|
|
||||||
- name: Stop running containers
|
|
||||||
become_user: containers
|
|
||||||
become: true
|
|
||||||
ansible.builtin.systemd:
|
|
||||||
scope: user
|
|
||||||
name: container-{{ item }}.service
|
|
||||||
state: stopped
|
|
||||||
loop:
|
|
||||||
- portainer
|
|
||||||
|
|
||||||
- name: Pull portainer image
|
- name: Pull portainer image
|
||||||
become_user: containers
|
become_user: containers
|
||||||
become: true
|
become: true
|
||||||
@ -58,11 +48,11 @@
|
|||||||
io.containers.autoupdate: "registry"
|
io.containers.autoupdate: "registry"
|
||||||
traefik.enable: "true"
|
traefik.enable: "true"
|
||||||
traefik.http.routers.portainer.entrypoints: "https"
|
traefik.http.routers.portainer.entrypoints: "https"
|
||||||
traefik.http.routers.portainer.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/portainer/`) || Path(`/portainer`))"
|
traefik.http.routers.portainer.rule: "PathPrefix(`/portainer`)"
|
||||||
traefik.http.routers.portainer.tls: "true"
|
traefik.http.routers.portainer.tls: "true"
|
||||||
traefik.http.routers.portainer.tls.certresolver: "wildcard"
|
traefik.http.routers.portainer.tls.certresolver: "wildcard"
|
||||||
traefik.http.routers.portainer.service: "portainer"
|
traefik.http.routers.portainer.service: "portainer"
|
||||||
traefik.http.routers.portainer.middlewares: "force-trailing-slash@file,portainer-prefixstrip@docker"
|
traefik.http.routers.portainer.middlewares: "portainer-prefixstrip@docker"
|
||||||
traefik.http.middlewares.portainer-prefixstrip.stripprefix.prefixes: "/portainer"
|
traefik.http.middlewares.portainer-prefixstrip.stripprefix.prefixes: "/portainer"
|
||||||
traefik.http.services.portainer.loadbalancer.server.port: "9000"
|
traefik.http.services.portainer.loadbalancer.server.port: "9000"
|
||||||
traefik.docker.network: "traefik-portainer"
|
traefik.docker.network: "traefik-portainer"
|
||||||
|
|||||||
@ -1,15 +0,0 @@
|
|||||||
http:
|
|
||||||
middlewares:
|
|
||||||
force-trailing-slash:
|
|
||||||
chain:
|
|
||||||
middlewares:
|
|
||||||
- add-trailing-slash
|
|
||||||
- strip-after-slash
|
|
||||||
add-trailing-slash:
|
|
||||||
redirectregex:
|
|
||||||
regex: "^(https?://[^/]+/[a-z0-9_]+)$"
|
|
||||||
replacement: "${1}/"
|
|
||||||
permanent: true
|
|
||||||
strip-after-slash:
|
|
||||||
stripprefixregex:
|
|
||||||
regex: "/[a-z0-9_]+"
|
|
||||||
@ -9,16 +9,6 @@
|
|||||||
register: uid_containers
|
register: uid_containers
|
||||||
changed_when: uid_containers.rc != 0
|
changed_when: uid_containers.rc != 0
|
||||||
|
|
||||||
- name: Stop running containers
|
|
||||||
become_user: containers
|
|
||||||
become: true
|
|
||||||
ansible.builtin.systemd:
|
|
||||||
scope: user
|
|
||||||
name: container-{{ item }}.service
|
|
||||||
state: stopped
|
|
||||||
loop:
|
|
||||||
- traefik
|
|
||||||
|
|
||||||
- name: Permit traffic from any IP to http port
|
- name: Permit traffic from any IP to http port
|
||||||
become: true
|
become: true
|
||||||
community.general.ufw:
|
community.general.ufw:
|
||||||
@ -85,8 +75,6 @@
|
|||||||
- traefik-portainer
|
- traefik-portainer
|
||||||
- traefik-nextcloud
|
- traefik-nextcloud
|
||||||
- traefik-gitea
|
- traefik-gitea
|
||||||
- traefik-collabora
|
|
||||||
- traefik-heimdall
|
|
||||||
|
|
||||||
- name: Create traefik instance
|
- name: Create traefik instance
|
||||||
become_user: containers
|
become_user: containers
|
||||||
@ -95,9 +83,9 @@
|
|||||||
name: traefik
|
name: traefik
|
||||||
image: docker.io/traefik:latest
|
image: docker.io/traefik:latest
|
||||||
state: present
|
state: present
|
||||||
publish:
|
ports:
|
||||||
- "80:80"
|
- 80:80
|
||||||
- "443:443"
|
- 443:443
|
||||||
security_opt:
|
security_opt:
|
||||||
- label=type:container_runtime_t
|
- label=type:container_runtime_t
|
||||||
volume:
|
volume:
|
||||||
@ -108,16 +96,15 @@
|
|||||||
- traefik-portainer
|
- traefik-portainer
|
||||||
- traefik-nextcloud
|
- traefik-nextcloud
|
||||||
- traefik-gitea
|
- traefik-gitea
|
||||||
- traefik-collabora
|
|
||||||
- traefik-heimdall
|
|
||||||
cap_add:
|
cap_add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
label:
|
label:
|
||||||
io.containers.autoupdate: "registry"
|
io.containers.autoupdate: "registry"
|
||||||
traefik.enable: "true"
|
traefik.enable: "true"
|
||||||
traefik.http.middlewares.traefik-auth.basicauth.users: "{{ vault_traefik_basic_auth }}"
|
traefik.http.middlewares.traefik-auth.basicauth.users: "{{ vault_traefik_basic_auth }}"
|
||||||
|
traefik.http.middlewares.traefik-prefixstrip.stripprefix.prefixes: "/traefik"
|
||||||
traefik.http.routers.traefik.entrypoints: "https"
|
traefik.http.routers.traefik.entrypoints: "https"
|
||||||
traefik.http.routers.traefik.rule: "Host(`{{ vault_domain }}`) && PathPrefix(`/api`,`/dashboard`)"
|
traefik.http.routers.traefik.rule: "PathPrefix(`/traefik`) || HeadersRegexp(`Referer`, `.*/traefik/.*`)"
|
||||||
traefik.http.routers.traefik.middlewares: "traefik-auth@docker"
|
traefik.http.routers.traefik.middlewares: "traefik-auth@docker"
|
||||||
traefik.http.routers.traefik.tls: "true"
|
traefik.http.routers.traefik.tls: "true"
|
||||||
traefik.http.routers.traefik.tls.certresolver: "wildcard"
|
traefik.http.routers.traefik.tls.certresolver: "wildcard"
|
||||||
|
|||||||
@ -1,11 +1,10 @@
|
|||||||
http:
|
http:
|
||||||
routers:
|
routers:
|
||||||
cockpit:
|
cockpit:
|
||||||
rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/cockpit/`) || Path(`/cockpit`))"
|
rule: "PathPrefix(`/cockpit`)"
|
||||||
entryPoints: https
|
entryPoints: https
|
||||||
middlewares:
|
middlewares:
|
||||||
- force-trailing-slash
|
- cockpit-stripprefix
|
||||||
- drop-xforwarded-proto
|
|
||||||
service: cockpit
|
service: cockpit
|
||||||
tls:
|
tls:
|
||||||
certresolver: wildcard
|
certresolver: wildcard
|
||||||
@ -15,18 +14,9 @@ http:
|
|||||||
stripPrefix:
|
stripPrefix:
|
||||||
prefixes:
|
prefixes:
|
||||||
- "/cockpit"
|
- "/cockpit"
|
||||||
drop-xforwarded-proto:
|
|
||||||
headers:
|
|
||||||
customrequestheaders:
|
|
||||||
X-Forwarded-Proto: ""
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
cockpit:
|
cockpit:
|
||||||
loadBalancer:
|
loadBalancer:
|
||||||
serversTransport: nocertverify
|
|
||||||
servers:
|
servers:
|
||||||
- url: "https://{{ vault_domain }}:9090"
|
- url: "http://127.0.0.1:9090"
|
||||||
|
|
||||||
serversTransports:
|
|
||||||
nocertverify:
|
|
||||||
insecureSkipVerify: true
|
|
||||||
|
|||||||
@ -1,80 +1,69 @@
|
|||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
38343663613164616165313862356365343939336537653566313831623633613732336635313164
|
39333532643966303936316430656133306365636266323238356465353438666664643735653036
|
||||||
3633356634376334643136323431306261366134376637360a323339346463373637373965336337
|
3261393138663336613866633439333536386465653636620a383932323939323762643666646635
|
||||||
63663130636364633334626237613430313833386165646231353639346466393535623838353337
|
38353038393234636430383864636461373530626238366630396165353430616233393936336233
|
||||||
6463303161343630640a343433383465343432323032653861366233363761343931353764343236
|
3964396231643335320a376361623633646233343937663863613663323335316231643330396536
|
||||||
65613763653334353461363966663832366632363565656537646366346637623837366663346464
|
34323464663065343531313639653238386666353036643337366635303737393933356464333432
|
||||||
33656634373163306537393631633239626432643963646534323739633266373130363535613136
|
34353031623163663234626637376632313434326634343361343633646335633530343264306562
|
||||||
61353933666130363765643965623030623737386264636632386635626266323563613133663165
|
34343834343564633032636537313964343864623434643131343464373431653262306535346563
|
||||||
63316438623732613361333136353230313763396463363233633266393862333238363331363231
|
33666631323264633136363164613763386662653666356131613931613237303439623638616461
|
||||||
33343963626533623931306637353236323065616631363633623433366634346331316637393565
|
35643530623665376631303932633031613737623034653262666439303839666665326136373630
|
||||||
39643564333065353866616566643436383630666439623730376561663831376566363132316230
|
33653137323437643138643234633330386565396635353831613461326363333862336636626338
|
||||||
61663938366566653165383636343138366437636361663764643939636233343532373131346361
|
39373064613936623563333734643837313066353761323435353761643566383533323962373133
|
||||||
66363433656338316434646166666331323538393139623632613837333933353932333464613134
|
39643461633035613239613265366131396461656361646434333535646366343230303666313732
|
||||||
36396232333461353930623935613364343333356133396530653330323963653665386461383664
|
63323565613339653537653332363436383633306363333330306132313338303466333466306565
|
||||||
38666433623135316161326661336561376262363361376135613035306532626238633262616234
|
39386464323230323561646464373232353863323961363664323436313862303563313234383632
|
||||||
64336330386565663034333662373331343931323937646436323666633439333864363061386164
|
64373036316235396330346434313635626262376435666134636663653337613561393337616635
|
||||||
65623338396637303162373331346430613233396362613465356631316566346239326132396464
|
32323238623831623933373066633032333831356131343639333665386335613435373433333661
|
||||||
32626639656238666565636537663365316630653535656137303234653032363865396633656435
|
61313234666261353464643066653331666561633835666135646236353533656137623465323162
|
||||||
33373662623565303062346637363134393161313237656139356361653163393536386563636261
|
66626531643961353366643866666463356530376661623164333964353562306465336237353937
|
||||||
38386463646634336263623032653433336334326666376166653739656165343965613466663238
|
64303635633562623964383966373865363135613438643165326637376239343566613739336462
|
||||||
31376534383065366635386563656334623232383730626663393765663834613862656139656464
|
33363537356262383866383838306631383865363830623162333964363333316438303233633037
|
||||||
62373062633539396632323536373039313031366637653464313735656534336239343838316464
|
61303537626364323638356632313563656463383632613736626133326131316362313263356637
|
||||||
65366538663464353064353864346432383866313935626633633434636436653863393735626639
|
61373237333038666361343036643633623334396435333634613532396465363738616664656561
|
||||||
32626332316439326661623233333032356362373537663366633538313761616435366639346230
|
34383730666463353932323432396330646566373662346364303231613063656237636164303263
|
||||||
30633234616331336631336431633037633066616237623736663661313464303934373565663136
|
33633565303366636132316239373731633563393231363365373639356265323465326563326538
|
||||||
31353265386237363031323262393232353766303763626565666438643339336235393936366230
|
62653834376232653636646664336565623137613434366662313738393261373165323764373736
|
||||||
32623636386334326235663061623236393066326666326337343635616366313436626662316237
|
37616435653033633634373364616630373163626162646336373532643030633863326562333333
|
||||||
34636661396139373863663130386631333437643665333631616234333730623032376237646432
|
30316433626565303366313036353836386564363936643238366137646666303932623764323461
|
||||||
34396631613766346630333831643035393538356234343134313466386335633539623335373265
|
34636566396137343261363630313239326464326437306666656233636139643439383739616637
|
||||||
30626330303939653362353364376331643638336137616133326532336638633639326261313164
|
30306534386663323761313530393737643536306131316363366335636437313335336164636334
|
||||||
37353638306138343939326632393634623432383531346466643931343839666137383637643930
|
30363336306336363837386663626461363465396235323861643664323664643139663537386363
|
||||||
35646531656235396137626535323162396163323330646535663639656136346165356434363065
|
66636134313661346465323066613934396566333033616462653831396134366234393735336132
|
||||||
36636165373031376639623866373264613035353439643837623536326439336638646530316531
|
31353037613136613232346631393433626339316539656236313661376662376630623233363831
|
||||||
62343130326461636231626531636436663162396361633264633031373865623830326461313935
|
35366131643334656532333634383364666461353133646563386138626266303339663662636335
|
||||||
31353831303838346436373935613765646638373861346435393566333438383239393465643535
|
66303835333631356665386133616666613337643538376164363334343934326264383533656431
|
||||||
32316539623362383661643363336236346331346335623938653530613866333231643130353530
|
66616362303230303932663931306661643066626638663537633566303862326365653435376230
|
||||||
61633936623061646533613938353763343137623037363639393836306531333739383537343933
|
61613230376462383530323063343366613561633130313736313236396433306439356532383262
|
||||||
35353034373563633437326530616138336438333930326536616630356231316430613035643932
|
38306565306637623733653235643362303737383533663739366632616437306162626661353362
|
||||||
66663134613234356237363632393762356463383133353034323132376266636465313966316536
|
31613932333039613063643666316635316363663236663836643539613364656131316138386332
|
||||||
32353731343862306562396435653231376666363931636234323330383763613565303361646339
|
61636135383430653535323734366437633830336462373162343634323935313235656439316361
|
||||||
31333033653764333932373965613563356131373432393933643666653735633939316237353061
|
63663230373330626331393863633461343434633736316166613033636134393837393564326364
|
||||||
38653363626233353161363134333834363663303530343938313261666632356234326531313238
|
63393231376435643836393233303536303434626530373363343664636634363366393463316137
|
||||||
62356161343230646633633531333738376335396539626431373732313833613539343531623066
|
63386163613839336132366363333965313737303838386465336331316232303561643233376666
|
||||||
32303237363161396439623131656163626132303765326461306632323435343063653563656334
|
37363130646230366264653965316436316238306231643663353936623932356462373538356536
|
||||||
65613830653335386662663031653839363934656437343730303065396363636537346237306138
|
35323739336432353664386236306364353236656330643965363461313732313838663464653834
|
||||||
30316131613865393861383639663161303734336133346262383365323666623237386262663337
|
35336166663033666139666234613131343030613066623363343837316464356137623436653263
|
||||||
35663637393032633764623635343466363366316536643539306339363130316238633630336362
|
63356564663362343062653964326138376663633562333764643830623931383566663831666661
|
||||||
35393230393436393436383537646163613334363130336163636230633639623738623766666537
|
64353632653130343839616233626638616537326138363438303661386138336163303266303233
|
||||||
35356432326666663539313337306230313937616332653134346136363236383036653462363031
|
62353138396461373739643864376261326662356466313932326534633135363639323065346166
|
||||||
38643432356534396466656261373762633132363833663561613636316435666463343135393363
|
64393931636432383437323931333633626538326334623361623837363538313766333433333333
|
||||||
65623063626564313131383534313661356637396166383930643936303337666437643861323931
|
64653062366366393533636333633337663034623737663766663762383863333561326637313431
|
||||||
38333238373866336433356561626561306330313034626233616533663866613930383735393336
|
34306132663061626166316562653063613964306232356264333264613031636434616430353530
|
||||||
61666339636466376633643731303065333337656162396634343032623939656231633838613136
|
64343762643832613937623834653763396430373438363531636339613038303064326665383038
|
||||||
66386233663231616638616163363430636233346465636461313864343436323664316638636132
|
32393364653330653965623938363132633865666665306262303234376334373238326130333939
|
||||||
66376466343662343938356537333730646265393032613738393832646364323737363437343538
|
31353462626365303031313965346538346237643331326362353032653731343764303864383133
|
||||||
31666436666664353161626462316161326262363166373835653462643935356465386132656233
|
64366461303665313562373463353961633732313631303439663432373533393064366130306266
|
||||||
64613839353235663564633765653936306261303639343265653765633131666366363930643634
|
61356332643161306135643838303863366364633239376165316338323162373631656266663062
|
||||||
35333039326130656234626135663031343839336633373564333930313134383630646566386261
|
34306539353262333964643062306564656435663861323861613738616436643266313730343739
|
||||||
65306237353235333865643666353064383663663234386233666164313461633738396465366139
|
36646662653032366230336463313333656436356661653838656233663638316661643866373865
|
||||||
36646335663461303736646362343534623334366134303138323535656635316433356230663137
|
66356332316338343565333035303932356334643163353139623138346235313639383363396338
|
||||||
39633939613563353761376339633031623531633262326164326630343239633434666665386566
|
30653866323962653132656133626539323862666433613063633730333766303763326163396530
|
||||||
36633039653161316135353463373331373937393864643338643633656530313431646530303737
|
64376461613930376364666439326163353061356630373463643839316263626661323139316131
|
||||||
65386337323235663263306163616136363030363634373536366331646439336264366664613664
|
36356130613032333531633831653061653165386533393933663935666439303935303634313732
|
||||||
36323235363838653062313863663864336262646236653466313534663461636637303434333362
|
35623731313030333264646465353066393534333934663535343130316637353765366264653564
|
||||||
62653364316535393237383864646237633064656337393932383038623331633738343235323333
|
33323834313834653034373163623132616633626337356461346361353732653339393163313139
|
||||||
32646333316432623733646437383836376666626139623261386635333433373536613435396136
|
65393535666234323832313865346635383433333839356364623065323933653332326134633331
|
||||||
34393033663332303634616261333236383565653934303437396134623130383836643035386638
|
35633664666330306234656638633933646539643866313162613539373131323962383363653566
|
||||||
37616561353130656439373863656466636361646234363337343766613938323836373866656666
|
38373662626136323463393630346134663936303963373065626331656130353066346666363564
|
||||||
66663035333032616262313734323536616331633337346333343634643064643862663030653434
|
62373431643133353536
|
||||||
64633939623731633232363734306137616434373466396561313961663931373162333138373533
|
|
||||||
33393562363632383665633938316139623238376536316332376663313661316361633337383431
|
|
||||||
34316337643664363462636364666637623036323861636231373539643134633937366166376233
|
|
||||||
32663730316230626337396165333034313637373435623933313966386330633634646134323865
|
|
||||||
65383636376632373363306430653039353039393738646133393635383038366662393634346265
|
|
||||||
37623931343664383665666130656432613038343830383531613435333336313362343333663831
|
|
||||||
35313734326666396566633132663735373162323937323064336133636264313338373462386339
|
|
||||||
39636635353130646237323834393963396238653633623161653539636263316534636461363437
|
|
||||||
64656463613565636231336635613937383537393561353463343530376238623532366335366430
|
|
||||||
35363739666335343436643433376432633762623661376161373539633662323633643939316134
|
|
||||||
663339383635626333363365323634623535
|
|
||||||
|
|||||||
@ -30,15 +30,6 @@
|
|||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
||||||
- name: Permit traffic from any IP to cockpit socket
|
|
||||||
become: true
|
|
||||||
community.general.ufw:
|
|
||||||
direction: in
|
|
||||||
from_ip: any
|
|
||||||
proto: tcp
|
|
||||||
to_port: 9090
|
|
||||||
rule: allow
|
|
||||||
|
|
||||||
# - name: Reboot
|
# - name: Reboot
|
||||||
# become: true
|
# become: true
|
||||||
# ansible.builtin.reboot:
|
# ansible.builtin.reboot:
|
||||||
|
|||||||
@ -1,3 +1,4 @@
|
|||||||
[WebService]
|
[WebService]
|
||||||
Origins = http://{{ inventory_hostname }} ws://{{ inventory_hostname }} https://{{ inventory_hostname }} wss://{{ inventory_hostname }} http://{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:9090 ws://{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:9090 https://{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:9090 wss://{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:9090
|
Origins = http://{{ inventory_hostname }} ws://{{ inventory_hostname }} https://{{ inventory_hostname }} wss://{{ inventory_hostname }} http://{{ ansible_host }} ws://{{ ansible_host }} https://{{ ansible_host }} wss://{{ ansible_host }}
|
||||||
ProtocolHeader = X-Forwarded-Proto
|
ProtocolHeader = X-Forwarded-Proto
|
||||||
|
AllowUnencrypted=true
|
||||||
Loading…
Reference in New Issue
Block a user