mike/infrastructure
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Final changes to traefik and up and running

Browse Source
This commit is contained in:
Mike Wilson
2023-02-15 15:15:33 -05:00
parent 901199d2b7
commit 76b2dccc5e
15 changed files with 101 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ansible/ansible.cfg
View File

@@ -1,4 +1,5 @@
[defaults]
remote_user = mike
inventory = ./hosts.ini
interpreter_python = auto_silent
vault_password_file = ./vault-pass.sh

1
ansible/roles/gluetun/tasks/main.yml
View File

@@ -10,6 +10,7 @@
template:
src: docker-compose.yml
dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml"
owner: "{{ docker_user }}"
mode: "{{ docker_compose_file_mask }}"
validate: docker-compose -f %s config
become: true

1
ansible/roles/lidarr/tasks/main.yml
View File

@@ -18,6 +18,7 @@
template:
src: docker-compose.yml
dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml"
owner: "{{ docker_user }}"
mode: "{{ docker_compose_file_mask }}"
validate: docker-compose -f %s config
become: true

1
ansible/roles/ntfy/tasks/main.yml
View File

@@ -10,6 +10,7 @@
template:
src: docker-compose.yml
dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml"
owner: "{{ docker_user }}"
mode: "{{ docker_compose_file_mask }}"
validate: docker-compose -f %s config
become: true

1
ansible/roles/overseerr/tasks/main.yml
View File

@@ -16,6 +16,7 @@
template:
src: docker-compose.yml
dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml"
owner: "{{ docker_user }}"
mode: "{{ docker_compose_file_mask }}"
validate: docker-compose -f %s config
become: true

1
ansible/roles/prowlarr/tasks/main.yml
View File

@@ -18,6 +18,7 @@
template:
src: docker-compose.yml
dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml"
owner: "{{ docker_user }}"
mode: "{{ docker_compose_file_mask }}"
validate: docker-compose -f %s config
become: true

1
ansible/roles/qbittorrent/tasks/main.yml
View File

@@ -18,6 +18,7 @@
template:
src: docker-compose.yml
dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml"
owner: "{{ docker_user }}"
mode: "{{ docker_compose_file_mask }}"
validate: docker-compose -f %s config
become: true

1
ansible/roles/radarr/tasks/main.yml
View File

@@ -18,6 +18,7 @@
template:
src: docker-compose.yml
dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml"
owner: "{{ docker_user }}"
mode: "{{ docker_compose_file_mask }}"
validate: docker-compose -f %s config
become: true

1
ansible/roles/sonarr/tasks/main.yml
View File

@@ -18,6 +18,7 @@
template:
src: docker-compose.yml
dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml"
owner: "{{ docker_user }}"
mode: "{{ docker_compose_file_mask }}"
validate: docker-compose -f %s config
become: true

2
ansible/roles/traefik/handlers/main.yml
View File

@@ -1,4 +1,4 @@
- name: Restart Traefik
- name: restart traefik
community.docker.docker_compose:
project_src: "{{ install_directory }}/traefik"
restarted: true

29
ansible/roles/traefik/tasks/main.yml
View File

@@ -14,16 +14,11 @@
template:
src: docker-compose.yml
dest: "{{ install_directory}}/traefik/docker-compose.yml"
owner: "{{ docker_user }}"
mode: "{{ docker_compose_file_mask }}"
validate: docker-compose -f %s config
become: true
- name: Start docker container
community.docker.docker_compose:
project_src: "{{ install_directory }}/traefik"
pull: true
remove_orphans: yes
- name: Install config
template:
src: traefik.yml
@@ -40,3 +35,25 @@
mode: "{{ docker_compose_directory_mask }}"
owner: "{{ primary_user }}"
become: true
- name: Install file providers
template:
src: "{{ item }}"
dest: "{{ data_dir }}/traefik/conf/"
mode: "{{ docker_compose_file_mask }}"
owner: "{{ primary_user }}"
with_fileglob:
- "templates/conf/*"
- name: Create acme storage file
file:
path: "{{ data_dir }}/traefik/acme.json"
state: touch
mode: 0600
become: true
- name: Start docker container
community.docker.docker_compose:
project_src: "{{ install_directory }}/traefik"
pull: true
remove_orphans: yes

17
ansible/roles/traefik/templates/conf/middlewares.yml Normal file
View File

@@ -0,0 +1,17 @@
http:
middlewares:
lan-whitelist:
ipWhitelist:
sourceRange:
- 10.0.0.0/24
- 10.67.115.0/24
secure-headers:
headers:
customFrameOptionsValue: SAMEORIGIN
forceSTSHeader: true
stsSeconds: 15552000
stsPreload: true
customResponseHeaders:
Permissions-Policy: interest-cohort() # Opts out of Google's FLoC network. See https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
X-Robots-Tag: none

18
ansible/roles/traefik/templates/docker-compose.yml
View File

@@ -3,11 +3,15 @@ version: "{{ docker_compose_version }}"
networks:
traefik:
external: true
docker-socket-proxy:
external: false
services:
traefik:
container_name: traefik
image: traefik:latest
image: traefik:v2.9
depends_on:
- docker_socket_proxy
networks:
- traefik
- docker-socket-proxy
@@ -24,3 +28,15 @@ services:
traefik.http.routers.traefik-dashboard.rule: "Host(`traefik.local.{{ personal_domain }}`)"
traefik.http.routers.traefik-dashboard.service: api@internal
traefik.http.routers.traefik-dashboard.middlewares: lan-whitelist@file
docker_socket_proxy:
image: tecnativa/docker-socket-proxy:latest
restart: unless-stopped
networks:
- docker-socket-proxy
environment:
- CONTAINERS=1
- SERVICES=1
- INFO=1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro

20
ansible/roles/traefik/templates/traefik.yml
View File

@@ -23,19 +23,25 @@ entryPoints:
traefik:
address: :8080
api:
dashboard: true
debug: false
certificatesResolvers:
letsencrypt:
acme:
# Staging server
caServer: https://acme-staging-v02.api.letsencrypt.org/directory
#caServer: https://acme-staging-v02.api.letsencrypt.org/directory
# Production server
# caServer: https://acme-v02.api.letsencrypt.org/directory
email: "{{ letsencrypt_email }}"
storage: /etc/traefik.acme.json
dnsChallenge:
provider: porkbun
delayBeforeCheck: 0
caServer: https://acme-v02.api.letsencrypt.org/directory
email: "{{ letsencrypt_email }}"
storage: /etc/traefik/acme.json
dnsChallenge:
provider: porkbun
delayBeforeCheck: 0
resolvers:
- "1.1.1.1:53"
serversTransport:
insecureSkipVerify: true

42
ansible/roles/traefik/vars/main.yml
View File

@@ -1,29 +1,29 @@
porkbun_api_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
38353531366235383239643438376161613937643431303266663966663930386163353935386135
6135356665626161333763326635306132303162383532650a346130613565323330383739326161
64353462336430333162333562626432626136616238373237633366336433626231316635636264
6130396265333839300a643766303132376138356531393335336165613966633862623632313461
65643138383531396630666637623265396461376632393436613964306538383233326562623332
61626536313765303164323862326263396163386266613562326231643234623931323065326466
63643836316336343966613537623330376462373031363535373136333764336133303134653136
62623339616261316164
36633865383466613761653530356339306339376335363733623333323337323033643265366239
3662663339636537643761306131396239643235393939650a366631613839356538363566396136
61613232646335353962326131386439353562663766643230663738666665383234353565316334
3734343134326662390a343031366435363539396431323434623138643961313066333831376433
37656633383431393161303636366338346362306331666666656531666537343362323562366433
38356339346536333234656263633739663337323462633932393064366434353666643535303835
38326663303539393332356630396636306466313038333932613530316261363036643534666563
38643762396133386638
porkbun_secret_api_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
30356330383036313732363931663661303336336263306431383835653763643531303830366636
6638323437393130653566613061363061363465306633350a343530356334343232336665663138
33653737616239306536616139336162313830356462326630336238393137386334623031613833
6633363566373731610a383331386230323336633062623764373566323036663364623232613762
34636236616432393634366539393036386162343665363338636664393639623532356430613238
33393831323334626335333630366331633464353638353636666430616630306139336665376132
34326563626465633036656134373430616634393931626638636332323562366565326535626237
38313264383866633662
39386233356265366265303231306464653832383736623135303732633339343137613637633438
3565316266613631613039376337343662313635336566330a646138373931373534343236373939
33343733383664653430343432366461386438613164313763643536336639653439396335656538
3432663033323036620a356337666338656437373966616635646138336463623030376362303735
65373439316665353464303838393166323638643761376632336431666437623262363236616437
61396563306536393636356133613561633838656431343765323033663331626334376234353662
62396539316239653637363661646537316264626436386434373334336130623262343630373739
64363263623634643536
letsencrypt_email: !vault |
$ANSIBLE_VAULT;1.1;AES256
62353466393863323930373663656438626661393566366336326235666137303932623838353865
3830323761643134656431646632656166656661303963320a343436353633613763643030303364
38396464663634343131306638383131343466613537346463373765646434393366373939653964
6630626639393637330a386365303332653162383933353265306134383232303635633935623132
63616137626161323037613062663063373963643263313366613233383536316638
66616132376664623230326531343438613064353632363466383261626565383136373962613838
3439623362373931323736663166326364316434303731340a303961376134643530393736366661
65386462643538666664626364613737343738303561366330623738633232376436356138656437
3363336137313338650a343739623839626632653830376338393162316139343033303261346539
64373364616434633438313936376563303437653764633631663431666337323738