Compare commits

..

No commits in common. "c5ad2aab9fd290f9c4aaa1f73b94c39fc9a4712b" and "9cf2de65ac97cc40a3e6fbd98522a627cd733c05" have entirely different histories.

12 changed files with 12 additions and 69 deletions

View file

@ -22,7 +22,6 @@ All services below are running under Docker, except NSD and Borg.
- Jitsi Meet (https://meet.jit.si) - Jitsi Meet (https://meet.jit.si)
- Backups using [Borg](https://www.borgbackup.org/) and [Borgmatic](https://torsion.org/borgmatic/) - Backups using [Borg](https://www.borgbackup.org/) and [Borgmatic](https://torsion.org/borgmatic/)
- RSS feed reader using [FreshRSS](https://miniflux.app/) - RSS feed reader using [FreshRSS](https://miniflux.app/)
- Metrics using [Prometheus](https://prometheus.io/)
## Possible future services ## Possible future services
@ -35,12 +34,12 @@ All services below are running under Docker, except NSD and Borg.
## TODO ## TODO
- Clear view of what services + which versions we are running. This way, we can track security updates better. - Clear view of what services + which versions we are running. This way, we can track security updates better.
- Delegate pim.kunis.nl to my server
- Host tobb website? - Host tobb website?
- Move from Ubuntu to Debian - Move from Ubuntu to Debian
- move to pim.kunis.nl
- security.txt - security.txt
- Podman - Podman
- Replace watchtower with Podman features - Remove watchtower with Podman features
### NSD ### NSD

View file

@ -2,5 +2,3 @@ base_data_dir: /data
base_service_dir: /srv base_service_dir: /srv
jitsi_videobridge_port: 54562 jitsi_videobridge_port: 54562
git_ssh_port: 56287 git_ssh_port: 56287
prometheus_port: 8081
traefik_api_port: 8080

View file

@ -15,7 +15,6 @@
- {role: 'freshrss', tags: 'freshrss'} - {role: 'freshrss', tags: 'freshrss'}
- {role: 'blog', tags: 'blog'} - {role: 'blog', tags: 'blog'}
- {role: 'inbucket', tags: 'inbucket'} - {role: 'inbucket', tags: 'inbucket'}
- {role: 'prometheus', tags: 'prometheus'}
- name: Setup dataserver - name: Setup dataserver
hosts: dataserver hosts: dataserver
roles: roles:

View file

@ -24,7 +24,7 @@ services:
- traefik.http.routers.forgejo.rule=Host(`git.pizzapim.nl`) - traefik.http.routers.forgejo.rule=Host(`git.pizzapim.nl`)
- traefik.http.routers.forgejo.tls=true - traefik.http.routers.forgejo.tls=true
- traefik.http.routers.forgejo.tls.certresolver=pizzapim - traefik.http.routers.forgejo.tls.certresolver=pizzapim
- traefik.http.routers.forgejo.service=forgejo - traefik.tcp.routers.forgejo.service=forgejo
- traefik.http.services.forgejo.loadbalancer.server.port=3000 - traefik.http.services.forgejo.loadbalancer.server.port=3000
- traefik.tcp.routers.forgejo-ssh.rule=HostSNI(`*`) - traefik.tcp.routers.forgejo-ssh.rule=HostSNI(`*`)

View file

@ -1,7 +1,7 @@
$ORIGIN pizzapim.nl. $ORIGIN pizzapim.nl.
$TTL 60 $TTL 60
pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023020701 1800 3600 1209600 3600 pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023012200 1800 3600 1209600 3600
NS ns.pizzapim.nl. NS ns.pizzapim.nl.
NS ns0.transip.net. NS ns0.transip.net.
@ -18,8 +18,10 @@ www IN A 84.245.14.149
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
ns IN A 84.245.14.149 ns IN A 84.245.14.149
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
cloud IN CNAME www.pizzapim.nl.
social IN CNAME www.pizzapim.nl. social IN CNAME www.pizzapim.nl.
dav IN CNAME www.pizzapim.nl. dav IN CNAME www.pizzapim.nl.
git IN CNAME www.pizzapim.nl. git IN CNAME www.pizzapim.nl.
meet IN CNAME www.pizzapim.nl. meet IN CNAME www.pizzapim.nl.
rss IN CNAME www.pizzapim.nl. rss IN CNAME www.pizzapim.nl.
traefik IN CNAME www.pizzapim.nl.

View file

@ -1,3 +0,0 @@
dependencies:
- role: common
- role: docker

View file

@ -1,19 +0,0 @@
- name: Create app directory
file:
path: "{{ service_dir }}"
state: directory
- name: Copy Docker Compose script
template:
src: "{{ role_path }}/templates/docker-compose.yml.j2"
dest: "{{ service_dir }}/docker-compose.yml"
- name: Copy prometheus.yml
template:
src: "{{ role_path }}/templates/prometheus.yml.j2"
dest: "{{ service_dir }}/prometheus.yml"
register: config
- name: Start Docker Compose
docker_compose:
project_src: "{{ service_dir }}"
pull: true
remove_orphans: true
restarted: "{{ config.changed }}"

View file

@ -1,13 +0,0 @@
version: "3.8"
services:
prometheus:
image: prom/prometheus
container_name: prometheus
restart: always
volumes:
- "{{ service_dir }}/prometheus.yml:/etc/prometheus/prometheus.yml"
extra_hosts:
- "host.docker.internal:host-gateway"
ports:
- "{{ prometheus_port }}:9090"

View file

@ -1,14 +0,0 @@
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'prometheus'
scrape_interval: 5s
static_configs:
- targets: ['localhost:9090']
- job_name: 'traefik'
scrape_interval: 5s
static_configs:
- targets: ['host.docker.internal:{{ traefik_api_port }}']

View file

@ -1,3 +0,0 @@
service_name: prometheus
data_dir: "{{ base_data_dir }}/{{ service_name }}"
service_dir: "{{ base_service_dir }}/{{ service_name }}"

View file

@ -13,7 +13,6 @@ services:
- "443:443" - "443:443"
- "80:80" - "80:80"
- "{{ git_ssh_port }}:{{ git_ssh_port }}" - "{{ git_ssh_port }}:{{ git_ssh_port }}"
- "{{ traefik_api_port }}:{{ traefik_api_port }}"
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml - {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml
@ -30,6 +29,10 @@ services:
- traefik.http.routers.esrom.tls=true - traefik.http.routers.esrom.tls=true
- traefik.http.routers.esrom.tls.certresolver=geokunis - traefik.http.routers.esrom.tls.certresolver=geokunis
- traefik.http.routers.traefik.rule=Host(`max.lan`) - traefik.http.routers.traefik.rule=Host(`traefik.pizzapim.nl`)
- traefik.http.routers.traefik.entrypoints=internal - traefik.http.routers.traefik.entrypoints=websecure
- traefik.http.routers.traefik.tls=true
- traefik.http.routers.traefik.tls.certresolver=pizzapim
- traefik.http.routers.traefik.service=api@internal - traefik.http.routers.traefik.service=api@internal
- traefik.http.routers.traefik.middlewares=whitelist-local
- "traefik.http.middlewares.whitelist-local.ipwhitelist.sourcerange=127.0.0.1/32,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,::1,fc00::/7"

View file

@ -13,17 +13,11 @@ loglevel = "DEBUG"
address = ":{{ git_ssh_port }}" address = ":{{ git_ssh_port }}"
[entryPoints.video] [entryPoints.video]
address = ":{{ jitsi_videobridge_port }}/udp" address = ":{{ jitsi_videobridge_port }}/udp"
[entryPoints.internal]
address = ":{{ traefik_api_port }}"
[api] [api]
insecure = false insecure = false
dashboard = true dashboard = true
[metrics]
[metrics.prometheus]
entryPoint = "internal"
[providers.docker] [providers.docker]
endpoint = "unix:///var/run/docker.sock" endpoint = "unix:///var/run/docker.sock"