From 6148fab2ccae5d8bdd9d9025182dc1c2ce641410 Mon Sep 17 00:00:00 2001 From: erebion Date: Tue, 16 Jul 2024 21:57:13 +0200 Subject: [PATCH] fixes for traefik, update authentik --- host_vars/unhb2/unhb2.yml | 5 ++ host_vars/unhb2/unhb2_vault.yml | 78 ++++++++++--------- host_vars/unhb4/unhb4.yml | 4 +- .../pretix_docker/templates/pretix.service.j2 | 7 +- roles/traefik_docker/tasks/main.yml | 4 +- site.yml | 3 +- 6 files changed, 59 insertions(+), 42 deletions(-) diff --git a/host_vars/unhb2/unhb2.yml b/host_vars/unhb2/unhb2.yml index 7e01003..139d2e6 100644 --- a/host_vars/unhb2/unhb2.yml +++ b/host_vars/unhb2/unhb2.yml @@ -16,6 +16,8 @@ firewall_services: firewall_ports: - "587/tcp" +firewall_zone: "external" + pretix_container_name: "pretix_app.server2" pretix_currency: "EUR" pretix_db_backend: "postgresql" @@ -36,6 +38,9 @@ pretix_redis_container_name: "pretix_redis.server2" pretix_registration: "off" pretix_redis_sessions: "true" +traefik_container_name: "traefik" +traefik_dashboard_hostname: "traefik2.un-hack-bar.de" + watchtower_container_name: "watchtower.server2" watchtower_domainname: "unhb.de" watchtower_hostname: "neuromancer" diff --git a/host_vars/unhb2/unhb2_vault.yml b/host_vars/unhb2/unhb2_vault.yml index af7e37a..9701eea 100644 --- a/host_vars/unhb2/unhb2_vault.yml +++ b/host_vars/unhb2/unhb2_vault.yml @@ -1,38 +1,42 @@ $ANSIBLE_VAULT;1.1;AES256 -36386661383262363762326636333638663039376235393062363831613537303533623564636330 -3162653935633634336165316264373836383063336166620a366234356163643532643937613835 -64383262313039346165653136343037326639383434323235333834343931636235306134383431 -6465616134653133660a363163323132343532656164356237616162656265663662656363643136 -63383739316639383733623964666132663139646437343036633038393335653338663432366234 -66386564393133303865353433333063623238353964303236373763613137663264336337353737 -38333536366235383333306434323432326163396461313861663764613961393161306363646466 -39613833643330616530653065373934633563313137643666316531643066373834363537336638 -63363662393038346230313434326134353866306665643235326161306332316531323238316430 -39646138656637636266643864653735613632383365623032346565623135666533316665303732 -39336462326437303730343865303962653932326138336232646234323561303463326432663337 -34333066666462363638323536326464663633653864386666343533313231326639376234633565 -32353636376431303735386365393033636235323365333832333339653132623965663737616138 -61393130653432373361623936656635343935666332303064343763656338656433663063386137 -63613865313733393264386638613966306634643036643139393934616237363663353938363461 -66343739653262313963383363326339336361333430643263306131316231643935653835653437 -63333239353362396261636438346236623966623666666634663965306630333138333138666632 -31663066393336643033383535626635373762656333363166316661646464313937616365646234 -62383564656534623164333166363937626139393137663965646232326532396536356437383563 -63343261383538343335653861383530323837613938623036356630653937653237333739323433 -31396464333733333630656363623761383032353732316235363462623131366634343539653938 -34353234376266333364363264303531356631363030303961343134366133666432323866343537 -31383066636664346230633035393739623339393231313661666435363337316431353364666464 -65333935653936626230333161353133653231323139393335393636663533346563663433666431 -38653965376335656639373435343439393664326262376235386337623034386636336661303934 -66653565663965306664376133616664313437306137616536346432353738383964616461313139 -38383263313539323063363439663734383861336364653962316665376362383035356335616630 -39383337636366633232313262303364343931316462633932346162646262373932373864333866 -31336461643032313933356237343966633138663934643765646431306637653439633536303961 -34636366396330303135386630393537653538663638653034633262373463383430643839656563 -39323463373637393230383130656362303030623365383638333363303430373231393866643236 -61653736363134303437626233653966353266636438636335633734613533613263656466366163 -64653437333662656235636437636266343565663837343461646163326238366165326135373363 -61366131336665656661356433376262663836356230323063373766313437646630626535303935 -31616331323132663665636162353331346631353636613964396635323766383334343566643938 -33313739396361616265313134333564353633646531383666363031376238626465383735666636 -3236 +34663134653636313763396465363236363138636632666439336236623535343137633332356439 +3764376137346635383238333438313239363263656534350a326665346331343736663334653933 +39353535386230336631373964376462626363303632336166393135656532636162663633316461 +6364303032636230380a393739353836623730353866626633333232306464613430383366326234 +62393931653331353263343963633365383831323164396238323535346535343438643032616463 +32383534393534633662623966653566643730393961663731376366643034366335643130623265 +66333130303866366565613735346131333262393234346166303266336264343332646534656634 +31386634333766333062653166396262613262623738343135653139653934306362613365653835 +37303437346363303039653861663033323966306437623961396265386536646433643836373439 +64316665383361646531343237303036356362653635393330383061383939376161336661383961 +38666335353166613735666565373136653064643734616130633137663731613237323433613536 +38613033626137393435353931616233363930343761616431386564356237383761613333386630 +31656237616135653135306639336264656666343163633531653961633833623863633436663033 +32646465343262333562656436353234386663356134353637393431613561303435303633633765 +39316435623066613764323064636239313332663463353065303461396133666239636231333835 +36356331643663366230323230363963383233353738363635653963363137343039336632363933 +35353733633730626562653038343035393133316166356138343537363834343834373761336539 +62333633373339346161333866366136343830326363343131313838643864653635643465363861 +38653131306433306638666464613363613331616430613234323736343231306230396330323733 +65353231336131353434663063333237366433373731323432653530313434663563656432313764 +36656662303039383236323135313465663139346138396665376336323336386230626631643037 +35643832373139373063653136306365313233613238623034336261383866306632636339356439 +34346132393832643832356434313331343536396333343437646337383133333361663861646633 +32393732613331613635626537333765366261656361363634303737653939396636363861316531 +62653333306462356333373861373139373363393531633466663531646130653130376266653334 +37666534363566643863613536313839396139383535666463626562363563336537353235316133 +64623664396166616433313532663930623232383339306534303234326536303932346131663564 +64373936623964646436646465336365373965663863306663663061613363343037656463306635 +39336635323365303935633965343733653531646261376638643161373937303138316664313563 +39353939373335363963383764316262643734656537356462616335353831323561336266656238 +63323230323933663236356438363735326364333662613262323561333262356366343639656562 +37396332393033383531303062376539326130396466343635663333666232343334653965633931 +38626435303366333365623537373761333838333037303562343437633363386333623662323639 +63363731303163383135363961376231633162626234393535333835363462373431376365343333 +30303236383365323836613133383830613233326464366163613230656264643833376136363963 +38633765333238656166646563303930373366313931333733616238333230353131356431613533 +65653265356338393766373266613433323765623233666465666361393631666532336335386638 +66373465656364656564336138333033376562373566396636633735363864363761393062303635 +39323134303831383638313239633664383463343938373765613061306163663561343863313134 +33336666633164656639636466303566666263346662653662383235326265626330373931346461 +6533 diff --git a/host_vars/unhb4/unhb4.yml b/host_vars/unhb4/unhb4.yml index 3b4ef53..6dcb6ad 100644 --- a/host_vars/unhb4/unhb4.yml +++ b/host_vars/unhb4/unhb4.yml @@ -64,9 +64,11 @@ firewall_ports: - 64738/udp # Mumble - 21117/tcp # Rustdesk +firewall_zone: "external" + traefik_container_name: "traefik" traefik_dashboard_hostname: "traefik.un-hack-bar.de" version: - authentik: "2023.10.3" + authentik: "2024.6.1" element_web: "latest" diff --git a/roles/pretix_docker/templates/pretix.service.j2 b/roles/pretix_docker/templates/pretix.service.j2 index 812e929..8657b1c 100644 --- a/roles/pretix_docker/templates/pretix.service.j2 +++ b/roles/pretix_docker/templates/pretix.service.j2 @@ -11,8 +11,13 @@ ExecStart=/usr/bin/docker run --rm --name {{ pretix_container_name }} --network --label com.centurylinklabs.watchtower.enable=false --env-file {{ docker_volumes_dir }}/pretix/pretix.env \ -v {{ docker_volumes_dir }}/pretix/data:/data \ -v {{ docker_volumes_dir }}/pretix/conf:/etc/pretix \ + --label "traefik.enable=true" --label "traefik.http.routers.pretix.rule=Host(`pretix.un-hack-bar.de`)" \ + --label "traefik.http.routers.pretix.entrypoints=websecure" \ + --label "traefik.http.routers.pretix.tls.certresolver=letsencrypt" \ + --label "traefik.http.services.pretix.loadbalancer.server.port=80" \ + --label "traefik.docker.network=traefik" \ pretix/standalone:stable -ExecStartPost=/usr/bin/bash -c "/bin/sleep 10 && /usr/bin/docker network connect nginx_net {{ pretix_container_name }}" +ExecStartPost=/usr/bin/bash -c "/bin/sleep 10 && /usr/bin/docker network connect traefik {{ pretix_container_name }}" ExecStop=/usr/bin/docker stop {{ pretix_container_name }} Restart=always RestartSec=15s diff --git a/roles/traefik_docker/tasks/main.yml b/roles/traefik_docker/tasks/main.yml index 0054163..c59182b 100644 --- a/roles/traefik_docker/tasks/main.yml +++ b/roles/traefik_docker/tasks/main.yml @@ -16,7 +16,7 @@ with_items: - "{{ docker_volumes_dir }}/traefik" -- name: "Template Config for Pretix" +- name: "Template Config for Traefik" ansible.builtin.template: src: "{{ item }}.j2" dest: "{{ docker_volumes_dir }}/traefik/{{ item }}" @@ -47,7 +47,7 @@ daemon_reload: yes when: unit.changed -- name: "Enable systemd units for Pretix" +- name: "Enable systemd units for Traefik" ansible.builtin.systemd: state: started enabled: true diff --git a/site.yml b/site.yml index f756403..42157c4 100644 --- a/site.yml +++ b/site.yml @@ -18,8 +18,9 @@ remote_user: root roles: - - watchtower_docker # Needs changes when migrating to Traefik + #- watchtower_docker # Needs changes when migrating to Traefik - pretix_docker # Needs changes when migrating to Traefik + - traefik_docker - name: Set up roles on unhb4 hosts: unhb4