diff --git a/README.md b/README.md index d0373eb..7b44435 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # Ansible scripts for our private Intel NUC servers ## TODO + ### nsd -- Change IPv6 addresses - ZSK rollover. - I always resign the zone, even if nothing has changed. I could check whether the zone has changed or new keys were generated but that is kind of difficult. diff --git a/inventory/group_vars/nucs.yml b/inventory/group_vars/nucs.yml index da24364..69f1dc9 100644 --- a/inventory/group_vars/nucs.yml +++ b/inventory/group_vars/nucs.yml @@ -1 +1,2 @@ -# Group variables for nucs group +base_data_dir: /data +base_service_dir: /srv diff --git a/roles/common/files/resolv.conf b/roles/common/files/resolv.conf index 8a9bf12..863bc57 100644 --- a/roles/common/files/resolv.conf +++ b/roles/common/files/resolv.conf @@ -1,3 +1,4 @@ +nameserver 192.168.30.1 nameserver 1.1.1.1 nameserver 1.0.0.1 search lan diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 7e13c12..ab05296 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -5,13 +5,13 @@ state: latest update_cache: yes cache_valid_time: 86400 # One day -- name: Create /data directory +- name: Create base data directory file: - path: /data + path: "{{ base_data_dir }}" state: directory -- name: Create /apps directory +- name: Create base service directory file: - path: /apps + path: "{{ base_service_dir }}" state: directory - name: Disable systemd-resolved systemd: diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index dfef31a..2506fde 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -29,3 +29,8 @@ name: - docker - docker-compose +- name: Start Docker + systemd: + name: docker + enabled: true + state: started diff --git a/roles/forgejo/tasks/main.yml b/roles/forgejo/tasks/main.yml index d46f75d..a2ce768 100644 --- a/roles/forgejo/tasks/main.yml +++ b/roles/forgejo/tasks/main.yml @@ -1,31 +1,31 @@ - name: Create app directory file: - path: /apps/forgejo + path: "{{ service_dir }}" state: directory - name: Copy Docker Compose script - copy: - src: "{{ role_path }}/files/docker-compose.yml" - dest: /apps/forgejo/docker-compose.yml + template: + src: "{{ role_path }}/templates/docker-compose.yml.j2" + dest: "{{ service_dir }}/docker-compose.yml" - name: Create data directory file: - path: /data/forgejo + path: "{{ data_dir }}" state: directory owner: 1000 group: 1000 - name: Copy conf directory file: - path: /apps/forgejo/conf + path: "{{ service_dir }}/conf" state: directory owner: 1000 group: 1000 - name: Copy app.ini template: src: "{{ role_path }}/templates/app.ini" - dest: /apps/forgejo/conf/app.ini + dest: "{{ service_dir }}/conf/app.ini" register: config - name: Start the Docker Compose - community.docker.docker_compose: - project_src: /apps/forgejo + docker_compose: + project_src: "{{ service_dir }}" pull: true remove_orphans: true restarted: "{{ config.changed }}" diff --git a/roles/forgejo/files/docker-compose.yml b/roles/forgejo/templates/docker-compose.yml.j2 similarity index 92% rename from roles/forgejo/files/docker-compose.yml rename to roles/forgejo/templates/docker-compose.yml.j2 index b9a7542..a72e115 100644 --- a/roles/forgejo/files/docker-compose.yml +++ b/roles/forgejo/templates/docker-compose.yml.j2 @@ -15,8 +15,8 @@ services: networks: - traefik volumes: - - /data/forgejo:/data - - /apps/forgejo/conf:/data/gitea/conf + - {{ data_dir }}:/data + - {{ service_dir }}/conf:/data/gitea/conf - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro labels: diff --git a/roles/forgejo/vars/main.yml b/roles/forgejo/vars/main.yml index 1f23d70..f0ac50e 100644 --- a/roles/forgejo/vars/main.yml +++ b/roles/forgejo/vars/main.yml @@ -1,3 +1,7 @@ +service_name: forgejo +data_dir: "{{ base_data_dir }}/{{ service_name }}" +service_dir: "{{ base_service_dir }}/{{ service_name }}" + forgejo: root_url: "https://git.pizzapim.nl" mailer_host: "smtp.tweak.nl" diff --git a/roles/kms/tasks/main.yml b/roles/kms/tasks/main.yml index 57a0ce4..2518ba7 100644 --- a/roles/kms/tasks/main.yml +++ b/roles/kms/tasks/main.yml @@ -1,14 +1,14 @@ - name: Create app directory file: - path: /apps/kms + path: "{{ service_dir }}" state: directory - name: Copy Docker Compose script copy: src: "{{ role_path }}/files/docker-compose.yml" - dest: /apps/kms/docker-compose.yml + dest: "{{ service_dir }}/docker-compose.yml" - name: Start the Docker Compose - community.docker.docker_compose: - project_src: /apps/kms + docker_compose: + project_src: "{{ service_dir }}" pull: true remove_orphans: true diff --git a/roles/kms/vars/main.yml b/roles/kms/vars/main.yml new file mode 100644 index 0000000..8f2f2a2 --- /dev/null +++ b/roles/kms/vars/main.yml @@ -0,0 +1,2 @@ +service_name: kms +service_dir: "{{ base_service_dir }}/{{ service_name }}" diff --git a/roles/mastodon/tasks/main.yml b/roles/mastodon/tasks/main.yml index 6c90df0..6f4ea70 100644 --- a/roles/mastodon/tasks/main.yml +++ b/roles/mastodon/tasks/main.yml @@ -1,22 +1,22 @@ - name: Create Mastodon app directory file: - path: /apps/mastodon + path: "{{ service_dir }}" state: directory - name: Copy .env.production copy: src: "{{ role_path }}/files/.env.production" - dest: /apps/mastodon/.env.production + dest: "{{ service_dir }}.env.production" - name: Copy Docker Compose script template: src: "{{ role_path }}/templates/docker-compose.yml.j2" - dest: /apps/mastodon/docker-compose.yml + dest: "{{ service_dir }}/docker-compose.yml" - name: Create Mastodon data directory file: - path: /data/mastodon + path: "{{ data_dir }}" state: directory mode: 0777 - name: Start Docker Compose docker_compose: - project_src: /apps/mastodon + project_src: "{{ service_dir }}" pull: true remove_orphans: true diff --git a/roles/mastodon/templates/docker-compose.yml.j2 b/roles/mastodon/templates/docker-compose.yml.j2 index 01b2ea0..e809bb7 100644 --- a/roles/mastodon/templates/docker-compose.yml.j2 +++ b/roles/mastodon/templates/docker-compose.yml.j2 @@ -9,7 +9,7 @@ services: healthcheck: test: ['CMD', 'pg_isready', '-U', 'postgres'] volumes: - - /data/mastodon/postgres14:/var/lib/postgresql/data + - {{ data_dir }}/postgres14:/var/lib/postgresql/data environment: - 'POSTGRES_HOST_AUTH_METHOD=trust' - 'POSTGRES_PASSWORD={{ mastodon_postgres_password }}' @@ -24,7 +24,7 @@ services: healthcheck: test: ['CMD', 'redis-cli', 'ping'] volumes: - - /data/mastodon/redis:/data + - {{ data_dir }}/redis:/data environment: - 'REDIS_PASSWORD={{ mastodon_redis_password }}' @@ -46,7 +46,7 @@ services: - db - redis volumes: - - /data/mastodon/public/system:/mastodon/public/system + - {{ data_dir }}/public/system:/mastodon/public/system labels: - traefik.http.routers.mastodon.entrypoints=websecure - traefik.http.routers.mastodon.rule=Host(`social.pizzapim.nl`) @@ -91,7 +91,7 @@ services: networks: - default volumes: - - /data/mastodon/public/system:/mastodon/public/system + - {{ data_dir }}/public/system:/mastodon/public/system healthcheck: test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"] diff --git a/roles/mastodon/vars/main.yml b/roles/mastodon/vars/main.yml index 505d001..0f488b3 100644 --- a/roles/mastodon/vars/main.yml +++ b/roles/mastodon/vars/main.yml @@ -1,3 +1,7 @@ +service_name: mastodon +data_dir: "{{ base_data_dir }}/{{ service_name }}" +service_dir: "{{ base_service_dir }}/{{ service_name }}" + mastodon_postgres_password: !vault | $ANSIBLE_VAULT;1.1;AES256 34643131323762373635383736636432643161646130373565333432323337646435656233383131 diff --git a/roles/nsd/files/docker-compose.yml b/roles/nsd/files/docker-compose.yml deleted file mode 100644 index 42d56dd..0000000 --- a/roles/nsd/files/docker-compose.yml +++ /dev/null @@ -1,18 +0,0 @@ -version: '3.7' - -services: - nsd: - container_name: nsd - restart: always - image: ghcr.io/the-kube-way/nsd:v4.6.0 - read_only: true - tmpfs: - - /tmp - - /var/db/nsd - volumes: - - /apps/nsd/conf:/etc/nsd:ro - - /apps/nsd/zones:/zones - - /apps/nsd/keys:/keys - ports: - - 53:53 - - 53:53/udp diff --git a/roles/nsd/files/nsd.conf b/roles/nsd/files/nsd.conf index 151373c..f3460bf 100644 --- a/roles/nsd/files/nsd.conf +++ b/roles/nsd/files/nsd.conf @@ -1,8 +1,11 @@ server: + ip-address: enp3s0 server-count: 1 verbosity: 1 hide-version: yes - zonesdir: "/zones" + zonesdir: "/etc/nsd/zones" + ip-transparent: yes + ip-freebind: yes zone: name: pizzapim.nl diff --git a/roles/nsd/files/zones/geokunis2.nl b/roles/nsd/files/zones/geokunis2.nl index 4447d27..1a5d776 100644 --- a/roles/nsd/files/zones/geokunis2.nl +++ b/roles/nsd/files/zones/geokunis2.nl @@ -1,19 +1,18 @@ $ORIGIN geokunis2.nl. $TTL 60 -geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2022103001 1800 3600 1209600 3600 +geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2023010601 1800 3600 1209600 3600 NS ns.geokunis2.nl. NS ns0.transip.net. NS ns1.transip.nl. NS ns2.transip.eu. - A 82.197.212.198 - AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e + A 84.245.14.149 + AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda MX 0 . TXT "v=spf1 -all" CAA 0 issue "letsencrypt.org" jenl IN A 217.123.41.225 -kms IN A 82.197.212.198 -ovh IN A 57.128.45.138 +kms IN A 84.245.14.149 _dmarc IN TXT "v=DMARC1; p=reject; fo=0; adkim=s; aspf=s; pct=100; rf=afrf; sp=reject" -ns A 82.197.212.198 - AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e +ns A 84.245.14.149 + AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda diff --git a/roles/nsd/files/zones/pizzapim.nl b/roles/nsd/files/zones/pizzapim.nl index 67fa9ce..9c8e1e5 100644 --- a/roles/nsd/files/zones/pizzapim.nl +++ b/roles/nsd/files/zones/pizzapim.nl @@ -1,26 +1,24 @@ $ORIGIN pizzapim.nl. $TTL 60 -pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2022122900 1800 3600 1209600 3600 +pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023010701 1800 3600 1209600 3600 NS ns.pizzapim.nl. NS ns0.transip.net. NS ns1.transip.nl. NS ns2.transip.eu. - A 82.197.212.198 - AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e + A 84.245.14.149 + AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda TXT "v=spf1 ~all" CAA 0 issue "letsencrypt.org" -www IN CNAME @ -ns IN A 82.197.212.198 - AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e _dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;" -cloud IN A 82.197.212.198 - AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e -social IN A 82.197.212.198 - AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e -dav IN A 82.197.212.198 - AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e -git IN A 82.197.212.198 - AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e + +www IN A 84.245.14.149 + AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda +ns IN A 84.245.14.149 + AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda +cloud IN CNAME www.pizzapim.nl. +social IN CNAME www.pizzapim.nl. +dav IN CNAME www.pizzapim.nl. +git IN CNAME www.pizzapim.nl. diff --git a/roles/nsd/meta/main.yml b/roles/nsd/meta/main.yml deleted file mode 100644 index 090690b..0000000 --- a/roles/nsd/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - role: common - - role: docker diff --git a/roles/nsd/tasks/main.yml b/roles/nsd/tasks/main.yml index 32d67c2..2636079 100644 --- a/roles/nsd/tasks/main.yml +++ b/roles/nsd/tasks/main.yml @@ -1,86 +1,69 @@ -- name: Create nsd app directory - file: - path: /apps/nsd - state: directory -- name: Create nsd configuration directory - file: - path: /apps/nsd/conf - state: directory - owner: 991 - group: 991 +- name: Install nsd + apt: + pkg: + - nsd + - ldnsutils - name: Copy nsd.conf copy: src: "{{ role_path }}/files/nsd.conf" - dest: /apps/nsd/conf/nsd.conf -- name: Create nsd zones directory + dest: /etc/nsd/nsd.conf +- name: Create zones directory file: - path: /apps/nsd/zones + path: /etc/nsd/zones state: directory - owner: 991 - group: 991 - name: Copy zone files copy: src: "{{ role_path }}/files/zones/" - dest: /apps/nsd/zones -- name: Create nsd keys directory + dest: /etc/nsd/zones +- name: Create keys directory file: - path: /apps/nsd/keys + path: /etc/nsd/keys state: directory - owner: 991 - group: 991 - name: Copy KSK private keys template: src: "{{ item }}" - dest: "/apps/nsd/keys/{{ item | basename }}" + dest: "/etc/nsd/keys/{{ item | basename }}" with_fileglob: - "{{ role_path }}/files/keys/*.ksk.private" - name: Copy KSK keys copy: src: "{{ item }}" - dest: "/apps/nsd/keys/{{ item | basename }}" + dest: "/etc/nsd/keys/{{ item | basename }}" with_fileglob: - "{{ role_path }}/files/keys/*.ksk.key" -- name: Copy Docker Compose script - copy: - src: "{{ role_path }}/files/docker-compose.yml" - dest: /apps/nsd/docker-compose.yml -- name: Start Docker Compose - docker_compose: - project_src: /apps/nsd - pull: true - remove_orphans: true - name: Check if ZSKs exist stat: - path: "/apps/nsd/keys/K{{ item | basename }}.zsk.key" + path: "/etc/nsd/keys/K{{ item | basename }}.zsk.key" register: zsks_exists with_fileglob: - "{{ role_path }}/files/zones/*" - name: Create ZSK command: - cmd: "docker-compose exec -w /keys nsd ldns-keygen -a ED25519 {{ item.item | basename }}" - chdir: /apps/nsd + cmd: "ldns-keygen -a ED25519 {{ item.item | basename }}" + chdir: /etc/nsd/keys register: create_zsk when: not item.stat.exists with_items: "{{ zsks_exists.results }}" - name: Rename ZSK key command: - cmd: "docker-compose exec -w /keys nsd mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key" - chdir: /apps/nsd + cmd: "mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key" + chdir: /etc/nsd/keys when: item.changed with_items: "{{ create_zsk.results }}" - name: Rename ZSK private key command: - cmd: "docker-compose exec -w /keys nsd mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private" - chdir: /apps/nsd + cmd: "mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private" + chdir: /etc/nsd/keys when: item.changed with_items: "{{ create_zsk.results }}" - name: Sign zones command: - cmd: 'docker-compose exec -w /zones nsd ldns-signzone {{ item | basename }} /keys/K{{ item | basename }}.zsk /keys/K{{ item | basename }}.ksk' - chdir: /apps/nsd + cmd: "ldns-signzone {{ item | basename }} /etc/nsd/keys/K{{ item | basename }}.zsk /etc/nsd/keys/K{{ item | basename }}.ksk" + chdir: /etc/nsd/zones with_fileglob: - "{{ role_path }}/files/zones/*" -- name: Restart Docker Compose - docker_compose: - project_src: /apps/nsd - restarted: true +- name: Restart NSD + systemd: + name: nsd + enabled: true + state: reloaded diff --git a/roles/pizzeria/tasks/main.yml b/roles/pizzeria/tasks/main.yml index da03235..3d18940 100644 --- a/roles/pizzeria/tasks/main.yml +++ b/roles/pizzeria/tasks/main.yml @@ -1,9 +1,9 @@ - name: Clone pizzeria repository git: - repo: https://github.com/pizzapim/pizzeria - dest: /apps/pizzeria + repo: "{{ git_origin }}" + dest: "{{ service_dir }}" - name: Start the Docker Compose - community.docker.docker_compose: - project_src: /apps/pizzeria + docker_compose: + project_src: "{{ service_dir }}" pull: true remove_orphans: true diff --git a/roles/pizzeria/vars/main.yml b/roles/pizzeria/vars/main.yml new file mode 100644 index 0000000..33149bb --- /dev/null +++ b/roles/pizzeria/vars/main.yml @@ -0,0 +1,4 @@ +service_name: pizzeria +data_dir: "{{ base_data_dir }}/{{ service_name }}" +service_dir: "{{ base_service_dir }}/{{ service_name }}" +git_origin: https://git.pizzapim.nl/pim/pizzeria.git diff --git a/roles/radicale/tasks/main.yml b/roles/radicale/tasks/main.yml index a66223b..48afa89 100644 --- a/roles/radicale/tasks/main.yml +++ b/roles/radicale/tasks/main.yml @@ -1,29 +1,29 @@ - name: Create Radicale app directory file: - path: /apps/radicale + path: "{{ service_dir }}" state: directory - name: Copy docker-compose.yml file - copy: - src: "{{ role_path }}/files/docker-compose.yml" - dest: /apps/radicale/docker-compose.yml + template: + src: "{{ role_path }}/templates/docker-compose.yml.j2" + dest: "{{ service_dir }}/docker-compose.yml" - name: Create Radicale config directory file: - path: /apps/radicale/config + path: "{{ service_dir }}/config" state: directory - name: Copy radicale.conf copy: src: "{{ role_path }}/files/radicale.conf" - dest: /apps/radicale/config/radicale.conf + dest: "{{ service_dir }}/config/radicale.conf" - name: Copy users file copy: src: "{{ role_path }}/files/users" - dest: /apps/radicale/config/users + dest: "{{ service_dir }}/config/users" - name: Create Radicale data directory file: - path: /data/radicale + path: "{{ data_dir }}" state: directory - name: Start Docker Compose docker_compose: - project_src: /apps/radicale + project_src: "{{ service_dir }}" pull: true remove_orphans: true diff --git a/roles/radicale/files/docker-compose.yml b/roles/radicale/templates/docker-compose.yml.j2 similarity index 86% rename from roles/radicale/files/docker-compose.yml rename to roles/radicale/templates/docker-compose.yml.j2 index fe20407..1e9362f 100644 --- a/roles/radicale/files/docker-compose.yml +++ b/roles/radicale/templates/docker-compose.yml.j2 @@ -9,8 +9,8 @@ services: restart: always image: mailu/radicale:1.9 volumes: - - /data/radicale:/data - - /apps/radicale/config:/radicale + - {{ data_dir }}:/data + - {{ service_dir }}/config:/radicale command: radicale -S -C /radicale/radicale.conf networks: - traefik diff --git a/roles/radicale/vars/main.yml b/roles/radicale/vars/main.yml new file mode 100644 index 0000000..5c891bc --- /dev/null +++ b/roles/radicale/vars/main.yml @@ -0,0 +1,3 @@ +service_name: radicale +data_dir: "{{ base_data_dir }}/{{ service_name }}" +service_dir: "{{ base_service_dir }}/{{ service_name }}" diff --git a/roles/syncthing/tasks/main.yml b/roles/syncthing/tasks/main.yml index 8b197fe..614d481 100644 --- a/roles/syncthing/tasks/main.yml +++ b/roles/syncthing/tasks/main.yml @@ -1,34 +1,34 @@ - name: Create Syncthing app directory file: - path: /apps/syncthing + path: "{{ service_dir }}" state: directory - name: Create Syncthing configuration directory file: - path: /apps/syncthing/config + path: "{{ service_dir }}/config" state: directory - name: Copy Syncthing private key copy: src: "{{ role_path }}/files/key.pem" - dest: /apps/syncthing/config/key.pem + dest: "{{ service_dir }}/config/key.pem" - name: Copy Syncthing certificate copy: src: "{{ role_path }}/files/cert.pem" - dest: /apps/syncthing/config/cert.pem + dest: "{{ service_dir }}/config/cert.pem" - name: Copy Syncthing configuration template: src: "{{ role_path }}/templates/config.xml.j2" - dest: /apps/syncthing/config/config.xml + dest: "{{ service_dir }}/config/config.xml" - name: Create Syncthing data directory file: - path: /data/syncthing + path: "{{ data_dir }}" state: directory mode: 0777 - name: Copy Docker Compose script - copy: - src: "{{ role_path }}/files/docker-compose.yml" - dest: /apps/syncthing/docker-compose.yml + template: + src: "{{ role_path }}/templates/docker-compose.yml.j2" + dest: "{{ service_dir }}/docker-compose.yml" - name: Start Docker Compose docker_compose: - project_src: /apps/syncthing + project_src: "{{ service_dir }}" pull: true remove_orphans: true diff --git a/roles/syncthing/files/docker-compose.yml b/roles/syncthing/templates/docker-compose.yml.j2 similarity index 83% rename from roles/syncthing/files/docker-compose.yml rename to roles/syncthing/templates/docker-compose.yml.j2 index 7f4e6d8..512eef6 100644 --- a/roles/syncthing/files/docker-compose.yml +++ b/roles/syncthing/templates/docker-compose.yml.j2 @@ -10,8 +10,8 @@ services: - PGID=1000 - TZ=Europe/Amsterdam volumes: - - /apps/syncthing/config:/config - - /data/syncthing:/data + - {{ service_dir }}/config:/config + - {{ data_dir }}:/data ports: - 8384:8384 - 22000:22000/tcp diff --git a/roles/syncthing/vars/main.yml b/roles/syncthing/vars/main.yml index 7e33fce..4e73ff7 100644 --- a/roles/syncthing/vars/main.yml +++ b/roles/syncthing/vars/main.yml @@ -1,3 +1,7 @@ +service_name: syncthing +data_dir: "{{ base_data_dir }}/{{ service_name }}" +service_dir: "{{ base_service_dir }}/{{ service_name }}" + syncthing: apikey: !vault | $ANSIBLE_VAULT;1.1;AES256 diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml index cedf64c..635c1dd 100644 --- a/roles/traefik/tasks/main.yml +++ b/roles/traefik/tasks/main.yml @@ -1,30 +1,30 @@ - name: Create traefik app directory file: - path: /apps/traefik + path: "{{ service_dir }}" state: directory - name: Create acme file copy: content: "" - dest: /apps/traefik/acme.json + dest: "{{ service_dir }}/acme.json" force: no mode: 0600 - name: Copy Docker Compose script - copy: - src: "{{ role_path }}/files/docker-compose.yml" - dest: /apps/traefik/docker-compose.yml + template: + src: "{{ role_path }}/templates/docker-compose.yml.j2" + dest: "{{ service_dir }}/docker-compose.yml" - name: Copy traefik.toml copy: src: "{{ role_path }}/files/traefik.toml" - dest: /apps/traefik/traefik.toml + dest: "{{ service_dir }}/traefik.toml" - name: Copy services.toml copy: src: "{{ role_path }}/files/services.toml" - dest: /apps/traefik/services.toml + dest: "{{ service_dir }}/services.toml" - name: Create traefik network docker_network: name: "traefik" - name: Start Docker Compose docker_compose: - project_src: /apps/traefik + project_src: "{{ service_dir }}" pull: true remove_orphans: true diff --git a/roles/traefik/files/docker-compose.yml b/roles/traefik/templates/docker-compose.yml.j2 similarity index 82% rename from roles/traefik/files/docker-compose.yml rename to roles/traefik/templates/docker-compose.yml.j2 index 70570d1..f913135 100644 --- a/roles/traefik/files/docker-compose.yml +++ b/roles/traefik/templates/docker-compose.yml.j2 @@ -20,9 +20,9 @@ services: - "56287:56287" volumes: - /var/run/docker.sock:/var/run/docker.sock - - /apps/traefik/traefik.toml:/etc/traefik/traefik.toml - - /apps/traefik/services.toml:/etc/traefik/services.toml - - /apps/traefik/acme.json:/acme.json + - {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml + - {{ service_dir }}/services.toml:/etc/traefik/services.toml + - {{ service_dir }}/acme.json:/acme.json networks: - traefik labels: diff --git a/roles/traefik/vars/main.yml b/roles/traefik/vars/main.yml new file mode 100644 index 0000000..2e1116f --- /dev/null +++ b/roles/traefik/vars/main.yml @@ -0,0 +1,2 @@ +service_name: traefik +service_dir: "{{ base_service_dir }}/{{ service_name }}"