diff --git a/README.md b/README.md index 8b0ee33..13acbdf 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,6 @@ All services below are running under Docker, except NSD and Borg. - Jitsi Meet (https://meet.jit.si) - Backups using [Borg](https://www.borgbackup.org/) and [Borgmatic](https://torsion.org/borgmatic/) - RSS feed reader using [FreshRSS](https://miniflux.app/) -- Metrics using [Prometheus](https://prometheus.io/) ## Possible future services @@ -35,12 +34,12 @@ All services below are running under Docker, except NSD and Borg. ## TODO - Clear view of what services + which versions we are running. This way, we can track security updates better. +- Delegate pim.kunis.nl to my server - Host tobb website? - Move from Ubuntu to Debian -- move to pim.kunis.nl - security.txt - Podman -- Replace watchtower with Podman features +- Remove watchtower with Podman features ### NSD diff --git a/inventory/group_vars/homeserver.yml b/inventory/group_vars/homeserver.yml index 0517db2..6b91532 100644 --- a/inventory/group_vars/homeserver.yml +++ b/inventory/group_vars/homeserver.yml @@ -2,5 +2,3 @@ base_data_dir: /data base_service_dir: /srv jitsi_videobridge_port: 54562 git_ssh_port: 56287 -prometheus_port: 8081 -traefik_api_port: 8080 diff --git a/playbooks/all.yml b/playbooks/all.yml index 7667947..502f97f 100644 --- a/playbooks/all.yml +++ b/playbooks/all.yml @@ -15,7 +15,6 @@ - {role: 'freshrss', tags: 'freshrss'} - {role: 'blog', tags: 'blog'} - {role: 'inbucket', tags: 'inbucket'} - - {role: 'prometheus', tags: 'prometheus'} - name: Setup dataserver hosts: dataserver roles: diff --git a/roles/forgejo/templates/docker-compose.yml.j2 b/roles/forgejo/templates/docker-compose.yml.j2 index dd0464a..6e40051 100644 --- a/roles/forgejo/templates/docker-compose.yml.j2 +++ b/roles/forgejo/templates/docker-compose.yml.j2 @@ -24,7 +24,7 @@ services: - traefik.http.routers.forgejo.rule=Host(`git.pizzapim.nl`) - traefik.http.routers.forgejo.tls=true - traefik.http.routers.forgejo.tls.certresolver=pizzapim - - traefik.http.routers.forgejo.service=forgejo + - traefik.tcp.routers.forgejo.service=forgejo - traefik.http.services.forgejo.loadbalancer.server.port=3000 - traefik.tcp.routers.forgejo-ssh.rule=HostSNI(`*`) diff --git a/roles/nsd/files/zones/pizzapim.nl b/roles/nsd/files/zones/pizzapim.nl index a4a6e4c..5758df5 100644 --- a/roles/nsd/files/zones/pizzapim.nl +++ b/roles/nsd/files/zones/pizzapim.nl @@ -1,7 +1,7 @@ $ORIGIN pizzapim.nl. $TTL 60 -pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023020701 1800 3600 1209600 3600 +pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023012200 1800 3600 1209600 3600 NS ns.pizzapim.nl. NS ns0.transip.net. @@ -18,8 +18,10 @@ www IN A 84.245.14.149 AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda ns IN A 84.245.14.149 AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda +cloud IN CNAME www.pizzapim.nl. social IN CNAME www.pizzapim.nl. dav IN CNAME www.pizzapim.nl. git IN CNAME www.pizzapim.nl. meet IN CNAME www.pizzapim.nl. rss IN CNAME www.pizzapim.nl. +traefik IN CNAME www.pizzapim.nl. diff --git a/roles/prometheus/meta/main.yml b/roles/prometheus/meta/main.yml deleted file mode 100644 index 090690b..0000000 --- a/roles/prometheus/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - role: common - - role: docker diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml deleted file mode 100644 index ede0033..0000000 --- a/roles/prometheus/tasks/main.yml +++ /dev/null @@ -1,19 +0,0 @@ -- name: Create app directory - file: - path: "{{ service_dir }}" - state: directory -- name: Copy Docker Compose script - template: - src: "{{ role_path }}/templates/docker-compose.yml.j2" - dest: "{{ service_dir }}/docker-compose.yml" -- name: Copy prometheus.yml - template: - src: "{{ role_path }}/templates/prometheus.yml.j2" - dest: "{{ service_dir }}/prometheus.yml" - register: config -- name: Start Docker Compose - docker_compose: - project_src: "{{ service_dir }}" - pull: true - remove_orphans: true - restarted: "{{ config.changed }}" diff --git a/roles/prometheus/templates/docker-compose.yml.j2 b/roles/prometheus/templates/docker-compose.yml.j2 deleted file mode 100644 index 9b4b066..0000000 --- a/roles/prometheus/templates/docker-compose.yml.j2 +++ /dev/null @@ -1,13 +0,0 @@ -version: "3.8" - -services: - prometheus: - image: prom/prometheus - container_name: prometheus - restart: always - volumes: - - "{{ service_dir }}/prometheus.yml:/etc/prometheus/prometheus.yml" - extra_hosts: - - "host.docker.internal:host-gateway" - ports: - - "{{ prometheus_port }}:9090" diff --git a/roles/prometheus/templates/prometheus.yml.j2 b/roles/prometheus/templates/prometheus.yml.j2 deleted file mode 100644 index 333c3b0..0000000 --- a/roles/prometheus/templates/prometheus.yml.j2 +++ /dev/null @@ -1,14 +0,0 @@ -global: - scrape_interval: 15s - -scrape_configs: - - - job_name: 'prometheus' - scrape_interval: 5s - static_configs: - - targets: ['localhost:9090'] - - - job_name: 'traefik' - scrape_interval: 5s - static_configs: - - targets: ['host.docker.internal:{{ traefik_api_port }}'] diff --git a/roles/prometheus/vars/main.yml b/roles/prometheus/vars/main.yml deleted file mode 100644 index 5894688..0000000 --- a/roles/prometheus/vars/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -service_name: prometheus -data_dir: "{{ base_data_dir }}/{{ service_name }}" -service_dir: "{{ base_service_dir }}/{{ service_name }}" diff --git a/roles/traefik/templates/docker-compose.yml.j2 b/roles/traefik/templates/docker-compose.yml.j2 index 1a85265..7db26ed 100644 --- a/roles/traefik/templates/docker-compose.yml.j2 +++ b/roles/traefik/templates/docker-compose.yml.j2 @@ -13,7 +13,6 @@ services: - "443:443" - "80:80" - "{{ git_ssh_port }}:{{ git_ssh_port }}" - - "{{ traefik_api_port }}:{{ traefik_api_port }}" volumes: - /var/run/docker.sock:/var/run/docker.sock - {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml @@ -30,6 +29,10 @@ services: - traefik.http.routers.esrom.tls=true - traefik.http.routers.esrom.tls.certresolver=geokunis - - traefik.http.routers.traefik.rule=Host(`max.lan`) - - traefik.http.routers.traefik.entrypoints=internal + - traefik.http.routers.traefik.rule=Host(`traefik.pizzapim.nl`) + - traefik.http.routers.traefik.entrypoints=websecure + - traefik.http.routers.traefik.tls=true + - traefik.http.routers.traefik.tls.certresolver=pizzapim - traefik.http.routers.traefik.service=api@internal + - traefik.http.routers.traefik.middlewares=whitelist-local + - "traefik.http.middlewares.whitelist-local.ipwhitelist.sourcerange=127.0.0.1/32,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,::1,fc00::/7" diff --git a/roles/traefik/templates/traefik.toml.j2 b/roles/traefik/templates/traefik.toml.j2 index d7fbb24..b07f315 100644 --- a/roles/traefik/templates/traefik.toml.j2 +++ b/roles/traefik/templates/traefik.toml.j2 @@ -13,17 +13,11 @@ loglevel = "DEBUG" address = ":{{ git_ssh_port }}" [entryPoints.video] address = ":{{ jitsi_videobridge_port }}/udp" - [entryPoints.internal] - address = ":{{ traefik_api_port }}" [api] insecure = false dashboard = true -[metrics] - [metrics.prometheus] - entryPoint = "internal" - [providers.docker] endpoint = "unix:///var/run/docker.sock"