tudattr/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(docker): Added elasticsearch and kibana, need ssl cert and logstash

Browse Source 
Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
This commit is contained in:
Tuan-Dat Tran
2025-02-07 09:39:48 +01:00
parent 924e4a2f92
commit 09bbc04959
1 changed files with 68 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

152
group_vars/docker/vars.yml
View File

@@ -2,14 +2,17 @@ docker:
url: "https://download.docker.com/linux"
apt_release_channel: "stable"
directories:
opt: "/opt/docker/"
compose: "/opt/docker/compose"
config: "/opt/docker/config/"
compose: "/opt/docker/compose/"
media: "/media/docker/data/"
caddy:
admin_email: me+acme@tudattr.dev
domain: "seyshiro.de"
elk_version: 8.17.0
services:
- name: syncthing
vm:
@@ -121,7 +124,7 @@ services:
external: /opt/local/jellyfin/config
- name: "Cache"
internal: /cache
external: /opt/docker/config/jellyfin/cache
external: "{{ docker.directories.config }}/jellyfin/cache"
- name: "Tv Series"
internal: /tv:ro
external: /media/series
@@ -176,7 +179,7 @@ services:
volumes:
- name: "Configuration"
internal: /updater/data/"
external: /opt/docker/config/ddns-updater/data/
external: "{{ docker.directories.config }}/ddns-updater/data/"
ports:
- name: "http"
internal: 8000
@@ -355,7 +358,7 @@ services:
volumes:
- name: "Data"
internal: /datastore
external: /opt/docker/config/changedetection/data/
external: "{{ docker.directories.config }}/changedetection/data/"
ports:
- name: "http"
internal: 5000
@@ -375,7 +378,7 @@ services:
volumes:
- name: "Configuration"
internal: /gluetun
external: /opt/docker/config/gluetun/config
external: "{{ docker.directories.config }}/gluetun/config"
ports:
- name: "Qbit Client"
internal: 8082
@@ -405,7 +408,7 @@ services:
volumes:
- name: "Configuration"
internal: /config
external: /opt/docker/config/torrentleech/config
external: "{{ docker.directories.config }}/torrentleech/config"
- name: "Downloads"
internal: /downloads
external: /media/docker/data/arr_downloads
@@ -431,7 +434,7 @@ services:
volumes:
- name: "Configuration"
internal: /config
external: /opt/docker/config/qbit/config
external: "{{ docker.directories.config }}/qbit/config"
- name: "Downloads"
internal: /downloads
external: /media/docker/data/arr_downloads
@@ -470,79 +473,60 @@ services:
- name: "Docker"
internal: /var/lib/docker:ro
external: /var/lib/docker
# - name: template
# vm:
# -
# container_name:
# image:
# restart:
# volumes:
# - name:
# internal:
# external:
# ports:
# - name:
# internal:
# external:
# environment:
# -
# - name: calibre
# vm:
# - docker-host00
# container_name: calibre
# image: lscr.io/linuxserver/calibre-web:latest
# restart: unless-stopped
# volumes:
# - name: "Configuration"
# internal: /config"
# external: /opt/local/calibre/
# - name: "Books"
# internal: /books"
# external: /media/docker/data/calibre/
# ports:
# - name: "http"
# internal: 5000
# external: 5000
# environment:
# - PUID=1000
# - PGID=1000
# - TZ=Europe/Berlin
# - DOCKER_MODS=linuxserver/mods:universal-calibre
# - name: grafana
# vm:
# container_name: grafana
# image: grafana/grafana-oss
# restart: unless-stopped
# volumes:
# - name: "Configuration"
# internal: /etc/grafana/
# external: /opt/docker/config/grafana/config/
# - name: "Data"
# internal: /var/lib/grafana/
# external: /media/docker/data/grafana/
# ports:
# environment:
# - PUID=472
# - PGID=472
# - TZ=Europe/Berlin
# - name: prometheus
# vm:
# - docker-host00
# container_name: prometheus
# image: prom/prometheus
# restart: unless-stopped
# volumes:
# - name: "Configuration"
# internal: /etc/prometheus/
# external: /opt/docker/config/prometheus/
# - name: "Data"
# internal: /prometheus/
# external: prometheus_data
# ports:
# - name: "http"
# internal: 5000
# external: 5000
# environment:
# - PUID=65534
# - PGID=65534
# - TZ=Europe/Berlin
- name: elasticsearch
vm:
- docker-host01
container_name: elasticsearch
image: "docker.elastic.co/elasticsearch/elasticsearch:{{ elk_version }}"
restart: unless-stopped
ports:
- name: ""
internal: 9200
external: 9200
- name: ""
internal: 9300
external: 9300
volumes:
- name: "data"
internal: /usr/share/elasticsearch/data
external: "{{ docker.directories.config }}/elk/elasticsearch/data"
- name: "certs"
internal: /usr/share/elasticsearch/config/certs
external: "{{ docker.directories.config }}/elk/certs"
environment:
- node.name=elasticsearch
- cluster.name=docker-cluster
- discovery.type=single-node
- "ELASTIC_PASSWORD={{ vault.docker.elk.elastic.password }}"
- xpack.security.enabled=true
- xpack.security.authc.api_key.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/elasticsearch.key
- xpack.security.http.ssl.certificate=certs/elasticsearch.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.key=certs/elasticsearch.key
- xpack.security.transport.ssl.certificate=certs/elasticsearch.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca.crt
- name: kibana
vm:
- docker-host01
container_name: kibana
image: "docker.elastic.co/kibana/kibana:{{ elk_version }}"
restart: unless-stopped
ports:
- name: "http"
internal: 5601
external: 5601
volumes:
- name: "certs"
internal: /usr/share/kibana/config/certs
external: "{{ docker.directories.config }}/elk/certs/"
environment:
- ELASTICSEARCH_HOSTS=["https://elasticsearch:9200"]
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD={{ vault.docker.elk.elastic.password }}
- SERVER_SSL_ENABLED=true
- SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/certs/kibana.crt
- SERVER_SSL_KEY=/usr/share/kibana/config/certs/kibana.key