Modified roles for use with Traefik #1
10 changed files with 124 additions and 8 deletions
|
@ -64,6 +64,8 @@ firewall_ports:
|
||||||
- 64738/udp # Mumble
|
- 64738/udp # Mumble
|
||||||
- 21117/tcp # Rustdesk
|
- 21117/tcp # Rustdesk
|
||||||
|
|
||||||
|
traefik_container_name: "traefik"
|
||||||
|
|
||||||
version:
|
version:
|
||||||
authentik: "2023.10.3"
|
authentik: "2023.10.3"
|
||||||
element_web: "latest"
|
element_web: "latest"
|
||||||
|
|
|
@ -3,7 +3,8 @@
|
||||||
- name: "Install dependencies"
|
- name: "Install dependencies"
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
pkg:
|
pkg:
|
||||||
- docker.io
|
- docker-ce
|
||||||
|
- apparmor
|
||||||
|
|
||||||
- name: "Create directory for Authentik with Docker"
|
- name: "Create directory for Authentik with Docker"
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
|
|
|
@ -8,11 +8,15 @@ ExecStartPre=-/usr/bin/docker rm --force {{ container_names.authentik.server }}
|
||||||
ExecStartPre=-/usr/bin/docker pull ghcr.io/goauthentik/server:{{ version.authentik }}
|
ExecStartPre=-/usr/bin/docker pull ghcr.io/goauthentik/server:{{ version.authentik }}
|
||||||
ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.server }} \
|
ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.server }} \
|
||||||
--network authentik_net --publish 127.0.0.1:9000:9000 --publish 127.0.0.1:9443:9443 \
|
--network authentik_net --publish 127.0.0.1:9000:9000 --publish 127.0.0.1:9443:9443 \
|
||||||
|
--label "traefik.enable=true" --label "traefik.http.routers.authentik.rule=Host(`auth.un-hack-bar.de`)" \
|
||||||
|
--label "traefik.http.routers.authentik.entrypoints=websecure" \
|
||||||
|
--label "traefik.http.routers.authentik.tls.certresolver=letsencrypt" \
|
||||||
|
--label "traefik.http.services.authentik.loadbalancer.server.port=9000" \
|
||||||
--env-file {{ docker_volumes_dir }}/authentik/authentik.env \
|
--env-file {{ docker_volumes_dir }}/authentik/authentik.env \
|
||||||
-v {{ docker_volumes_dir }}/authentik/media:/media \
|
-v {{ docker_volumes_dir }}/authentik/media:/media \
|
||||||
-v {{ docker_volumes_dir }}/authentik/custom-templates:/templates \
|
-v {{ docker_volumes_dir }}/authentik/custom-templates:/templates \
|
||||||
ghcr.io/goauthentik/server:{{ version.authentik }} server
|
ghcr.io/goauthentik/server:{{ version.authentik }} server
|
||||||
ExecStartPost=/usr/bin/bash -c "/bin/sleep 120 && /usr/bin/docker network connect nginx_net {{ container_names.authentik.server }}"
|
ExecStartPost=/usr/bin/bash -c "/bin/sleep 120 && /usr/bin/docker network connect traefik {{ container_names.authentik.server }}"
|
||||||
ExecStop=-/usr/bin/docker stop {{ container_names.authentik.server }}
|
ExecStop=-/usr/bin/docker stop {{ container_names.authentik.server }}
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=60s
|
RestartSec=60s
|
||||||
|
|
|
@ -3,7 +3,8 @@
|
||||||
- name: "Install dependencies"
|
- name: "Install dependencies"
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
pkg:
|
pkg:
|
||||||
- docker.io
|
- docker-ce
|
||||||
|
- apparmor
|
||||||
|
|
||||||
- name: "Create directory for Element Web with Docker"
|
- name: "Create directory for Element Web with Docker"
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
|
|
|
@ -6,14 +6,18 @@ Requires=docker.service
|
||||||
[Service]
|
[Service]
|
||||||
ExecStartPre=-/usr/bin/docker rm --force {{ container_names.element_web.element_web }}
|
ExecStartPre=-/usr/bin/docker rm --force {{ container_names.element_web.element_web }}
|
||||||
ExecStart=/usr/bin/docker run --rm --name {{ container_names.element_web.element_web }} \
|
ExecStart=/usr/bin/docker run --rm --name {{ container_names.element_web.element_web }} \
|
||||||
--network nginx_net --env-file {{ docker_volumes_dir }}/element_web/element_web.env \
|
--network traefik --env-file {{ docker_volumes_dir }}/element_web/element_web.env \
|
||||||
|
--label "traefik.enable=true" --label "traefik.http.routers.element.rule=Host(`chat.un-hack-bar.de`)" \
|
||||||
|
--label "traefik.http.routers.element.entrypoints=websecure" \
|
||||||
|
--label "traefik.http.routers.element.tls.certresolver=letsencrypt" \
|
||||||
|
--label "traefik.http.services.element.loadbalancer.server.port=80" \
|
||||||
|
--env-file {{ docker_volumes_dir }}/element_web/element_web.env \
|
||||||
-v {{ docker_volumes_dir }}/element_web/config/config.json:/app/config.json:ro \
|
-v {{ docker_volumes_dir }}/element_web/config/config.json:/app/config.json:ro \
|
||||||
-v {{ docker_volumes_dir }}/element_web/config/unhb.png:/app/unhb.png:ro \
|
-v {{ docker_volumes_dir }}/element_web/config/unhb.png:/app/unhb.png:ro \
|
||||||
vectorim/element-web:{{ version.element_web }}
|
vectorim/element-web:{{ version.element_web }}
|
||||||
ExecStop=-/usr/bin/docker stop {{ container_names.element_web.element_web }}
|
ExecStop=-/usr/bin/docker stop {{ container_names.element_web.element_web }}
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=60s
|
RestartSec=60s
|
||||||
TimeoutRestartSec=60s
|
|
||||||
Type=exec
|
Type=exec
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
|
|
@ -13,7 +13,7 @@ ExecStart=/usr/bin/docker run --rm --name {{ pretix_container_name }} --network
|
||||||
-v {{ docker_volumes_dir }}/pretix/conf:/etc/pretix \
|
-v {{ docker_volumes_dir }}/pretix/conf:/etc/pretix \
|
||||||
pretix/standalone:stable
|
pretix/standalone:stable
|
||||||
ExecStartPost=/usr/bin/bash -c "/bin/sleep 10 && /usr/bin/docker network connect nginx_net {{ pretix_container_name }}"
|
ExecStartPost=/usr/bin/bash -c "/bin/sleep 10 && /usr/bin/docker network connect nginx_net {{ pretix_container_name }}"
|
||||||
ExecStop=/usr/bin/docker stop {{ watchtower_container_name }}
|
ExecStop=/usr/bin/docker stop {{ pretix_container_name }}
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=15s
|
RestartSec=15s
|
||||||
Type=exec
|
Type=exec
|
||||||
|
|
7
roles/traefik_docker/handlers/main.yml
Normal file
7
roles/traefik_docker/handlers/main.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: restart-traefik-docker
|
||||||
|
ansible.builtin.service:
|
||||||
|
state: restarted
|
||||||
|
name: traefik.service
|
||||||
|
tags: molecule-notest
|
78
roles/traefik_docker/tasks/main.yml
Normal file
78
roles/traefik_docker/tasks/main.yml
Normal file
|
@ -0,0 +1,78 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: "Install dependencies"
|
||||||
|
ansible.builtin.apt:
|
||||||
|
pkg:
|
||||||
|
- docker-ce
|
||||||
|
- apparmor
|
||||||
|
|
||||||
|
- name: "Create directory for Traefik"
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0755'
|
||||||
|
with_items:
|
||||||
|
- "{{ docker_volumes_dir }}/traefik"
|
||||||
|
|
||||||
|
#- name: "Ensure Pretix has access to its files"
|
||||||
|
# ansible.builtin.file:
|
||||||
|
# path: "{{ item }}"
|
||||||
|
# state: file
|
||||||
|
# owner: 15371
|
||||||
|
# group: 15371
|
||||||
|
# mode: '0600'
|
||||||
|
# with_items:
|
||||||
|
# - "{{ docker_volumes_dir }}/pretix/data/.secret"
|
||||||
|
|
||||||
|
#- name: "Template .env files for Pretix"
|
||||||
|
# ansible.builtin.template:
|
||||||
|
# src: "{{ item }}.j2"
|
||||||
|
# dest: "{{ docker_volumes_dir }}/pretix/{{ item }}"
|
||||||
|
# force: true
|
||||||
|
# owner: root
|
||||||
|
# group: root
|
||||||
|
# mode: '0660'
|
||||||
|
# with_items:
|
||||||
|
# - pretix.env
|
||||||
|
# - pretix-db.env
|
||||||
|
# notify: restart-pretix-docker
|
||||||
|
|
||||||
|
#- name: "Template Config for Pretix"
|
||||||
|
# ansible.builtin.template:
|
||||||
|
# src: "{{ item }}.j2"
|
||||||
|
# dest: "{{ docker_volumes_dir }}/pretix/conf/{{ item }}"
|
||||||
|
# force: true
|
||||||
|
# owner: 15371
|
||||||
|
# group: 15371
|
||||||
|
# mode: '0640'
|
||||||
|
# with_items:
|
||||||
|
# - pretix.cfg
|
||||||
|
# notify: restart-pretix-docker
|
||||||
|
|
||||||
|
- name: "Template systemd unit files for Traefik"
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ item }}.j2"
|
||||||
|
dest: "/etc/systemd/system/{{ item }}"
|
||||||
|
force: true
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
with_items:
|
||||||
|
- traefik.service
|
||||||
|
register: unit
|
||||||
|
notify: restart-traefik-docker
|
||||||
|
|
||||||
|
- name: "Reload systemd units"
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
daemon_reload: yes
|
||||||
|
when: unit.changed
|
||||||
|
|
||||||
|
- name: "Enable systemd units for Pretix"
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
name: "{{ item }}"
|
||||||
|
with_items:
|
||||||
|
- traefik.service
|
18
roles/traefik_docker/templates/traefik.service.j2
Normal file
18
roles/traefik_docker/templates/traefik.service.j2
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Traefik with Docker
|
||||||
|
After=docker.service
|
||||||
|
Requires=docker.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStartPre=-/usr/bin/docker rm --force {{ traefik_container_name }}
|
||||||
|
ExecStart=/usr/bin/docker run --rm --name {{ traefik_container_name }} \
|
||||||
|
-v /var/run/docker.sock:/var/run/docker.sock -v {{ docker_volumes_dir }}/traefik/traefik.toml:/traefik.toml \
|
||||||
|
-v {{ docker_volumes_dir }}/traefik/traefik_dynamic.toml:/traefik_dynamic.toml -v {{ docker_volumes_dir }}/traefik/letsencrypt/:/letsencrypt \
|
||||||
|
-p 80:80 -p 443:443 -p 8448:8448 --network traefik traefik:v2.10.5
|
||||||
|
ExecStop=/usr/bin/docker stop {{ traefik_container_name }}
|
||||||
|
Restart=always
|
||||||
|
RestartSec=15s
|
||||||
|
Type=exec
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
5
site.yml
5
site.yml
|
@ -18,8 +18,8 @@
|
||||||
remote_user: root
|
remote_user: root
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
- watchtower_docker
|
- watchtower_docker # Needs changes when migrating to Traefik
|
||||||
- pretix_docker
|
- pretix_docker # Needs changes when migrating to Traefik
|
||||||
|
|
||||||
- name: Set up roles on unhb4
|
- name: Set up roles on unhb4
|
||||||
hosts: unhb4
|
hosts: unhb4
|
||||||
|
@ -28,3 +28,4 @@
|
||||||
roles:
|
roles:
|
||||||
- authentik_docker
|
- authentik_docker
|
||||||
- element_web_docker
|
- element_web_docker
|
||||||
|
- traefik_docker
|
||||||
|
|
Loading…
Reference in a new issue