tudattr
/
ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Switched to nginx proxy manager 

Signed-off-by: TuDatTr <tuan-dat.tran@tudattr.dev>
pull/1/head
TuDatTr 2023-08-15 04:16:51 +02:00
parent df1a070806
commit a9af3c74c8
9 changed files with 98 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
group_vars/all/vars.yml
View File

@ -172,12 +172,16 @@ kuma_config: "{{ docker_dir }}/kuma/"
# Traefik # Traefik
# #
traefik_host: "traefik" traefik:
traefik_user_port: "80" host: "traefik"
traefik_admin_port: "8080" admin:
port: "8080"
traefik_config: "{{ docker_dir }}/traefik/etc-traefik/" config: "{{ docker_dir }}/traefik/etc-traefik/"
traefik_data: "{{ docker_dir }}/traefik/var-log/" data: "{{ docker_dir }}/traefik/var-log/"
letsencrypt: "{{ docker_dir }}/traefik/letsencrypt/"
user:
web: "80"
websecure: "443"
# #
# DynDns Updater # DynDns Updater
@ -451,3 +455,17 @@ stirling:
host: "stirling" host: "stirling"
dns: "pdf" dns: "pdf"
port: 8084 port: 8084
#
# nginx proxy manager
#
nginx:
host: "nginx"
endpoints:
http: 80
https: 443
admin: 8080
paths:
letsencrypt: "{{docker_dir}}/nginx/letsencrypt"
data: "{{docker_dir}}/nginx/data"

13
roles/docker/tasks/nginx-proxy-manager.yml Normal file
View File

@ -0,0 +1,13 @@
---
- name: Create nginx-data directory
file:
path: "{{ item }}"
owner: "{{ puid }}"
group: "{{ pgid }}"
mode: '755'
state: directory
loop:
- "{{ nginx.paths.letsencrypt }}"
- "{{ nginx.paths.data }}"
become: yes

4
roles/docker/tasks/pi_compose.yml
View File

@ -1,8 +1,8 @@
--- ---
- include_tasks: traefik.yml - include_tasks: nginx-proxy-manager.yml
tags: tags:
- traefik - nginx
- include_tasks: pihole.yml - include_tasks: pihole.yml
tags: tags:

9
roles/docker/tasks/pihole.yml
View File

@ -10,3 +10,12 @@
- "{{ docker_dir }}/pihole/etc-pihole/" - "{{ docker_dir }}/pihole/etc-pihole/"
- "{{ docker_dir }}/pihole/etc-dnsmasq.d/" - "{{ docker_dir }}/pihole/etc-dnsmasq.d/"
become: true become: true
- name: Copy wildcard config
template:
owner: "{{ puid }}"
src: "templates/common/pihole/etc-dnsmasq/02-wildcard-dns.conf"
dest: "{{ docker_dir }}/pihole/etc-dnsmasq.d/02-wildcard-dns.conf"
mode: '660'
become: true

7
roles/docker/tasks/traefik.yml
View File

@ -9,3 +9,10 @@
loop: loop:
- "{{ docker_dir }}/traefik/etc-traefik/" - "{{ docker_dir }}/traefik/etc-traefik/"
- "{{ docker_dir }}/traefik/var-log/" - "{{ docker_dir }}/traefik/var-log/"
- name: Copy traefik-config
template:
owner: 1000
src: "templates/common/traefik/etc-traefik/traefik.yml"
dest: "{{ traefik.config }}"
mode: '400'

98
roles/docker/templates/aya01/compose.yaml
View File

@ -1,26 +1,26 @@
version: '3' version: '3'
services: services:
traefik: nginx:
image: traefik:latest container_name: "{{nginx.host}}"
container_name: traefik image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped restart: unless-stopped
networks: networks:
net: {} net: {}
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "{{ traefik_config }}:/etc/traefik/"
- "{{ traefik_data }}:/var/log/"
ports: ports:
- "{{ traefik_user_port}}:80" - '{{nginx.endpoints.http}}:80'
- "{{ traefik_admin_port}}:8080" - '{{nginx.endpoints.https}}:443'
- '{{nginx.endpoints.admin}}:81'
volumes:
- "{{nginx.paths.data}}:/data"
- "{{nginx.paths.letsencrypt}}:/etc/letsencrypt"
- '/var/run/docker.sock:/var/run/docker.sock'
pihole: pihole:
image: pihole/pihole:latest
container_name: pihole container_name: pihole
image: pihole/pihole:latest
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
- traefik - nginx
networks: networks:
- net - net
ports: ports:
@ -46,10 +46,6 @@ services:
- 1.1.1.1 - 1.1.1.1
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{ pihole_host }}.rule=Host(`{{ pihole_host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{ pihole_host }}.loadbalancer.server.port=80"
syncthing: syncthing:
image: syncthing/syncthing image: syncthing/syncthing
@ -71,10 +67,6 @@ services:
- PGID={{pgid}} - PGID={{pgid}}
- TZ={{timezone}} - TZ={{timezone}}
hostname: syncthing hostname: syncthing
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{ syncthing_host }}.rule=Host(`{{ syncthing_host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{ syncthing_host }}.loadbalancer.server.port={{ syncthing_port }}"
cupsd: cupsd:
container_name: cupsd container_name: cupsd
@ -93,10 +85,6 @@ services:
volumes: volumes:
- /var/run/dbus:/var/run/dbus - /var/run/dbus:/var/run/dbus
- "{{cupsd_config}}:/etc/cups" - "{{cupsd_config}}:/etc/cups"
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{ cupsd_host }}.rule=Host(`{{ cupsd_host }}.{{ aya01_host }}.{{local_domain}}`)"
- "traefik.http.services.{{ cupsd_host }}.loadbalancer.server.port={{ cupsd_port }}"
kuma: kuma:
container_name: kuma container_name: kuma
@ -114,10 +102,6 @@ services:
- "{{ kuma_port }}:3001" - "{{ kuma_port }}:3001"
volumes: volumes:
- "{{ kuma_config }}:/app/data" - "{{ kuma_config }}:/app/data"
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{kuma_host}}.rule=Host(`{{ kuma_host }}.{{ aya01_host }}.{{local_domain}}`)"
- "traefik.http.services.{{kuma_host}}.loadbalancer.server.port={{ kuma_port }}"
plex: plex:
image: lscr.io/linuxserver/plex:latest image: lscr.io/linuxserver/plex:latest
@ -148,10 +132,6 @@ services:
- "{{ plex_tv }}:/tv" - "{{ plex_tv }}:/tv"
- "{{ plex_movies }}:/movies" - "{{ plex_movies }}:/movies"
- "{{ plex_music }}:/music" - "{{ plex_music }}:/music"
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{plex_host}}.rule=Host(`{{ plex_host }}.{{ aya01_host }}.{{local_domain}}`)"
- "traefik.http.services.{{plex_host}}.loadbalancer.server.port={{ plex_port }}"
sonarr: sonarr:
image: lscr.io/linuxserver/sonarr:latest image: lscr.io/linuxserver/sonarr:latest
@ -171,10 +151,6 @@ services:
- {{ sonarr_downloads }}:/downloads #optional - {{ sonarr_downloads }}:/downloads #optional
ports: ports:
- {{ sonarr_port }}:8989 - {{ sonarr_port }}:8989
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{sonarr_host}}.rule=Host(`{{ sonarr_host }}.{{ aya01_host }}.{{local_domain}}`)"
- "traefik.http.services.{{sonarr_host}}.loadbalancer.server.port={{ sonarr_port }}"
radarr: radarr:
image: lscr.io/linuxserver/radarr:latest image: lscr.io/linuxserver/radarr:latest
@ -194,10 +170,6 @@ services:
- {{ radarr_downloads }}:/downloads #optional - {{ radarr_downloads }}:/downloads #optional
ports: ports:
- {{ radarr_port }}:7878 - {{ radarr_port }}:7878
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{radarr_host}}.rule=Host(`{{ radarr_host }}.{{ aya01_host }}.{{local_domain}}`)"
- "traefik.http.services.{{radarr_host}}.loadbalancer.server.port={{ radarr_port }}"
lidarr: lidarr:
image: lscr.io/linuxserver/lidarr:latest image: lscr.io/linuxserver/lidarr:latest
@ -217,10 +189,6 @@ services:
- {{ lidarr_downloads }}:/downloads #optional - {{ lidarr_downloads }}:/downloads #optional
ports: ports:
- {{ lidarr_port }}:8686 - {{ lidarr_port }}:8686
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{lidarr_host}}.rule=Host(`{{ lidarr_host }}.{{ aya01_host }}.{{local_domain}}`)"
- "traefik.http.services.{{lidarr_host}}.loadbalancer.server.port={{ lidarr_port }}"
prowlarr: prowlarr:
image: lscr.io/linuxserver/prowlarr:latest image: lscr.io/linuxserver/prowlarr:latest
@ -238,10 +206,6 @@ services:
- {{ prowlarr_config }}:/config - {{ prowlarr_config }}:/config
ports: ports:
- {{ prowlarr_port }}:9696 - {{ prowlarr_port }}:9696
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{prowlarr_host}}.rule=Host(`{{ prowlarr_host }}.{{ aya01_host }}.{{local_domain}}`)"
- "traefik.http.services.{{prowlarr_host}}.loadbalancer.server.port={{ prowlarr_port }}"
pastebin: pastebin:
image: wantguns/bin image: wantguns/bin
@ -261,10 +225,6 @@ services:
- HOST_URL={{ bin_host }}.{{ aya01_host }}.{{ local_domain }} - HOST_URL={{ bin_host }}.{{ aya01_host }}.{{ local_domain }}
volumes: volumes:
- {{ bin_upload }}:/app/upload - {{ bin_upload }}:/app/upload
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{ bin_host }}.rule=Host(`{{ bin_host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{ bin_host }}.loadbalancer.server.port={{ bin_port }}"
tautulli: tautulli:
image: lscr.io/linuxserver/tautulli:latest image: lscr.io/linuxserver/tautulli:latest
@ -282,10 +242,6 @@ services:
- {{ tautulli_config}}:/config - {{ tautulli_config}}:/config
ports: ports:
- {{ tautulli_port }}:8181 - {{ tautulli_port }}:8181
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{ tautulli_host }}.rule=Host(`{{ tautulli_host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{ tautulli_host }}.loadbalancer.server.port={{ tautulli_port }}"
{{ gluetun_host }}: {{ gluetun_host }}:
image: qmcgaw/gluetun image: qmcgaw/gluetun
@ -312,16 +268,6 @@ services:
- SERVER_COUNTRIES={{ gluetun_country }} - SERVER_COUNTRIES={{ gluetun_country }}
- OPENVPN_USER={{ vault_qbit_vpn_user }}+pmp - OPENVPN_USER={{ vault_qbit_vpn_user }}+pmp
- OPENVPN_PASSWORD={{ vault_qbit_vpn_password }} - OPENVPN_PASSWORD={{ vault_qbit_vpn_password }}
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{ gluetun_host }}.rule=Host(`{{ gluetun_host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{ gluetun_host }}.loadbalancer.server.port={{ gluetun_port }}"
- "traefik.http.routers.{{ torrentleech_host }}.service={{ torrentleech_host }}"
- "traefik.http.routers.{{ torrentleech_host }}.rule=Host(`{{ torrentleech_host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{ torrentleech_host }}.loadbalancer.server.port={{ torrentleech_port }}"
- "traefik.http.routers.{{ qbit_host }}.service={{ qbit_host }}"
- "traefik.http.routers.{{ qbit_host }}.rule=Host(`{{ qbit_host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{ qbit_host }}.loadbalancer.server.port={{ qbit_port }}"
{{ torrentleech_host }}: {{ torrentleech_host }}:
image: qbittorrentofficial/qbittorrent-nox image: qbittorrentofficial/qbittorrent-nox
@ -380,10 +326,6 @@ services:
- prometheus_data:/prometheus/ - prometheus_data:/prometheus/
ports: ports:
- {{ prometheus_port }}:9090 - {{ prometheus_port }}:9090
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{ prometheus_host }}.rule=Host(`{{ prometheus_host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{ prometheus_host }}.loadbalancer.server.port={{ prometheus_port }}"
{{ grafana_host }}: {{ grafana_host }}:
image: grafana/grafana-oss image: grafana/grafana-oss
@ -403,10 +345,6 @@ services:
- {{ grafana_config }}:/etc/grafana/ - {{ grafana_config }}:/etc/grafana/
ports: ports:
- {{ grafana_port }}:3000 - {{ grafana_port }}:3000
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{ grafana_host }}.rule=Host(`{{ grafana_host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{ grafana_host }}.loadbalancer.server.port={{ grafana_port }}"
ddns-updater: ddns-updater:
container_name: ddns-updater container_name: ddns-updater
@ -420,10 +358,6 @@ services:
- "{{ ddns_data }}:/updater/data/" - "{{ ddns_data }}:/updater/data/"
ports: ports:
- "{{ ddns_port }}:8000/tcp" - "{{ ddns_port }}:8000/tcp"
labels:
- "traefik.enable=true"
- "traefik.http.routers.ddns-updater.rule=Host(`{{ ddns_host }}.{{ aya01_host }}.{{local_domain}}`)"
- "traefik.http.services.ddns-updater.loadbalancer.server.port={{ ddns_port }}"
homeassistant: homeassistant:
container_name: homeassistant container_name: homeassistant
@ -442,10 +376,6 @@ services:
- 4357:4357 - 4357:4357
- 5683:5683 - 5683:5683
- 5683:5683/udp - 5683:5683/udp
labels:
- "traefik.enable=true"
- "traefik.http.routers.homeassistant.rule=Host(`{{ ha_host }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.homeassistant.loadbalancer.server.port={{ ha_port }}"
{{stirling.host}}: {{stirling.host}}:
container_name: {{stirling.host}} container_name: {{stirling.host}}
@ -457,10 +387,6 @@ services:
net: {} net: {}
ports: ports:
- '{{stirling.port}}:8080' - '{{stirling.port}}:8080'
labels:
- "traefik.enable=true"
- "traefik.http.routers.{{stirling.host}}.rule=Host(`{{ stirling.dns }}.{{ aya01_host }}.{{ local_domain }}`)"
- "traefik.http.services.{{stirling.host}}.loadbalancer.server.port={{ 8080 }}"
networks: networks:
zoneminder: zoneminder:

3
roles/docker/templates/common/pihole/etc-dnsmasq/02-wildcard-dns.conf Normal file
View File

@ -0,0 +1,3 @@
address=/pi.borg.land/192.168.20.11
address=/aya01.borg.land/192.168.20.12
address=/naruto.borg.land/192.168.20.13

13
roles/docker/templates/common/traefik/etc-traefik/traefik.yml
View File

@ -10,6 +10,7 @@ entryPoints:
providers: providers:
docker: docker:
endpoint: "unix:///var/run/docker.sock" endpoint: "unix:///var/run/docker.sock"
exposedbydefault: "false"
# API and dashboard configuration # API and dashboard configuration
api: api:
@ -21,3 +22,15 @@ log:
accessLog: accessLog:
filePath: "/var/log/access.log" filePath: "/var/log/access.log"
certificatesResolvers:
myresolver:
acme:
email: "me+cert@tudattr.dev"
storage: "/letsencrypt/acme.json"
dnsChallenge:
provider: "namecheap"
metrics:
prometheus:
entrypoint: "traefik"

30
roles/docker/templates/pi/compose.yaml
View File

@ -1,23 +1,27 @@
version: '3' version: '3'
services: services:
traefik: nginx:
container_name: traefik container_name: "{{nginx.host}}"
image: traefik:latest image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped restart: unless-stopped
networks: networks:
net: {} net: {}
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "{{ traefik_config }}:/etc/traefik/"
- "{{ traefik_data }}:/var/log/"
ports: ports:
- "{{ traefik_user_port }}:80" - '{{nginx.endpoints.http}}:80'
- "{{ traefik_admin_port }}:8080" - '{{nginx.endpoints.https}}:443'
- '{{nginx.endpoints.admin}}:81'
volumes:
- "{{nginx.paths.data}}:/data"
- "{{nginx.paths.letsencrypt}}:/etc/letsencrypt"
- '/var/run/docker.sock:/var/run/docker.sock'
pihole: pihole:
container_name: pihole container_name: pihole
image: pihole/pihole:latest image: pihole/pihole:latest
restart: unless-stopped restart: unless-stopped
depends_on:
- nginx
networks: networks:
net: {} net: {}
ports: ports:
@ -26,7 +30,7 @@ services:
- "67:67/udp" - "67:67/udp"
- "{{ pihole_port }}:80/tcp" - "{{ pihole_port }}:80/tcp"
environment: environment:
- "WEBPASSWORD={{ vault_pi_pihole_password }}" - "WEBPASSWORD={{ vault.pi.pihole.password }}"
- "ServerIP=192.168.20.11" - "ServerIP=192.168.20.11"
- "INTERFACE=eth0" - "INTERFACE=eth0"
- "DNS1=1.1.1.1" - "DNS1=1.1.1.1"
@ -40,10 +44,6 @@ services:
- 1.1.1.1 - 1.1.1.1
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
labels:
- "traefik.enable=true"
- "traefik.http.routers.pihole.rule=Host(`{{ pihole_host }}.{{ pi_host }}.{{ local_domain }}`)"
- "traefik.http.services.pihole.loadbalancer.server.port={{ 80 }}"
networks: networks:
net: net: