feat(edge_vps): add Pangolin setup task and templates

2026-02-24 23:56:00 +01:00
parent 1b82acad1f
commit 6fdd021604
4 changed files with 78 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+.worktrees/
--- a/roles/edge_vps/tasks/40_pangolin.yaml
+++ b/roles/edge_vps/tasks/40_pangolin.yaml
@@ -0,0 +1,24 @@
+---
+- name: Deploy Pangolin config
+  ansible.builtin.template:
+    src: pangolin/config.yml.j2
+    dest: "{{ edge_vps_pangolin_config_dir }}/config.yml"
+    mode: "0644"
+  notify: restart pangolin
+
+- name: Deploy Pangolin docker-compose
+  ansible.builtin.template:
+    src: pangolin/docker-compose.yml.j2
+    dest: "{{ edge_vps_pangolin_config_dir }}/docker-compose.yml"
+    mode: "0644"
+
+- name: Create letsencrypt directory for Pangolin
+  ansible.builtin.file:
+    path: "{{ edge_vps_pangolin_config_dir }}/letsencrypt"
+    state: directory
+    mode: "0755"
+
+- name: Start Pangolin
+  community.docker.docker_compose_v2:
+    project_src: "{{ edge_vps_pangolin_config_dir }}"
+    state: present
--- a/roles/edge_vps/templates/pangolin/config.yml.j2
+++ b/roles/edge_vps/templates/pangolin/config.yml.j2
@@ -0,0 +1,28 @@
+gerbil:
+    start_port: 51820
+    base_endpoint: "{{ edge_vps_pangolin_base_endpoint }}"
+
+app:
+    dashboard_url: "{{ edge_vps_pangolin_dashboard_url }}"
+    log_level: "info"
+    telemetry:
+        anonymous_usage: true
+
+domains:
+    domain1:
+        base_domain: "{{ edge_vps_pangolin_base_domain }}"
+
+server:
+    secret: "{{ vault_edge_vps.pangolin.server_secret }}"
+    cors:
+        origins: ["{{ edge_vps_pangolin_dashboard_url }}"]
+        methods: ["GET", "POST", "PUT", "DELETE", "PATCH"]
+        allowed_headers: ["X-CSRF-Token", "Content-Type"]
+        credentials: false
+    maxmind_db_path: "./config/GeoLite2-Country.mmdb"
+
+flags:
+    require_email_verification: false
+    disable_signup_without_invite: true
+    disable_user_create_org: false
+    allow_raw_resources: true
--- a/roles/edge_vps/templates/pangolin/docker-compose.yml.j2
+++ b/roles/edge_vps/templates/pangolin/docker-compose.yml.j2
@@ -0,0 +1,25 @@
+services:
+  pangolin:
+    image: fosrl/pangolin:latest
+    container_name: pangolin
+    restart: unless-stopped
+    ports:
+      - "3001:3001"
+      - "443:443"
+      - "80:80"
+    volumes:
+      - ./config.yml:/app/config/config.yml:ro
+      - ./letsencrypt:/letsencrypt
+    depends_on:
+      - gerbil
+
+  gerbil:
+    image: fosrl/gerbil:latest
+    container_name: gerbil
+    restart: unless-stopped
+    network_mode: host
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    volumes:
+      - /lib/modules:/lib/modules