Compare commits
No commits in common. "c5ad2aab9fd290f9c4aaa1f73b94c39fc9a4712b" and "9cf2de65ac97cc40a3e6fbd98522a627cd733c05" have entirely different histories.
c5ad2aab9f
...
9cf2de65ac
12 changed files with 12 additions and 69 deletions
|
@ -22,7 +22,6 @@ All services below are running under Docker, except NSD and Borg.
|
||||||
- Jitsi Meet (https://meet.jit.si)
|
- Jitsi Meet (https://meet.jit.si)
|
||||||
- Backups using [Borg](https://www.borgbackup.org/) and [Borgmatic](https://torsion.org/borgmatic/)
|
- Backups using [Borg](https://www.borgbackup.org/) and [Borgmatic](https://torsion.org/borgmatic/)
|
||||||
- RSS feed reader using [FreshRSS](https://miniflux.app/)
|
- RSS feed reader using [FreshRSS](https://miniflux.app/)
|
||||||
- Metrics using [Prometheus](https://prometheus.io/)
|
|
||||||
|
|
||||||
## Possible future services
|
## Possible future services
|
||||||
|
|
||||||
|
@ -35,12 +34,12 @@ All services below are running under Docker, except NSD and Borg.
|
||||||
## TODO
|
## TODO
|
||||||
|
|
||||||
- Clear view of what services + which versions we are running. This way, we can track security updates better.
|
- Clear view of what services + which versions we are running. This way, we can track security updates better.
|
||||||
|
- Delegate pim.kunis.nl to my server
|
||||||
- Host tobb website?
|
- Host tobb website?
|
||||||
- Move from Ubuntu to Debian
|
- Move from Ubuntu to Debian
|
||||||
- move to pim.kunis.nl
|
|
||||||
- security.txt
|
- security.txt
|
||||||
- Podman
|
- Podman
|
||||||
- Replace watchtower with Podman features
|
- Remove watchtower with Podman features
|
||||||
|
|
||||||
### NSD
|
### NSD
|
||||||
|
|
||||||
|
|
|
@ -2,5 +2,3 @@ base_data_dir: /data
|
||||||
base_service_dir: /srv
|
base_service_dir: /srv
|
||||||
jitsi_videobridge_port: 54562
|
jitsi_videobridge_port: 54562
|
||||||
git_ssh_port: 56287
|
git_ssh_port: 56287
|
||||||
prometheus_port: 8081
|
|
||||||
traefik_api_port: 8080
|
|
||||||
|
|
|
@ -15,7 +15,6 @@
|
||||||
- {role: 'freshrss', tags: 'freshrss'}
|
- {role: 'freshrss', tags: 'freshrss'}
|
||||||
- {role: 'blog', tags: 'blog'}
|
- {role: 'blog', tags: 'blog'}
|
||||||
- {role: 'inbucket', tags: 'inbucket'}
|
- {role: 'inbucket', tags: 'inbucket'}
|
||||||
- {role: 'prometheus', tags: 'prometheus'}
|
|
||||||
- name: Setup dataserver
|
- name: Setup dataserver
|
||||||
hosts: dataserver
|
hosts: dataserver
|
||||||
roles:
|
roles:
|
||||||
|
|
|
@ -24,7 +24,7 @@ services:
|
||||||
- traefik.http.routers.forgejo.rule=Host(`git.pizzapim.nl`)
|
- traefik.http.routers.forgejo.rule=Host(`git.pizzapim.nl`)
|
||||||
- traefik.http.routers.forgejo.tls=true
|
- traefik.http.routers.forgejo.tls=true
|
||||||
- traefik.http.routers.forgejo.tls.certresolver=pizzapim
|
- traefik.http.routers.forgejo.tls.certresolver=pizzapim
|
||||||
- traefik.http.routers.forgejo.service=forgejo
|
- traefik.tcp.routers.forgejo.service=forgejo
|
||||||
- traefik.http.services.forgejo.loadbalancer.server.port=3000
|
- traefik.http.services.forgejo.loadbalancer.server.port=3000
|
||||||
|
|
||||||
- traefik.tcp.routers.forgejo-ssh.rule=HostSNI(`*`)
|
- traefik.tcp.routers.forgejo-ssh.rule=HostSNI(`*`)
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
$ORIGIN pizzapim.nl.
|
$ORIGIN pizzapim.nl.
|
||||||
$TTL 60
|
$TTL 60
|
||||||
|
|
||||||
pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023020701 1800 3600 1209600 3600
|
pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023012200 1800 3600 1209600 3600
|
||||||
|
|
||||||
NS ns.pizzapim.nl.
|
NS ns.pizzapim.nl.
|
||||||
NS ns0.transip.net.
|
NS ns0.transip.net.
|
||||||
|
@ -18,8 +18,10 @@ www IN A 84.245.14.149
|
||||||
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
|
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
|
||||||
ns IN A 84.245.14.149
|
ns IN A 84.245.14.149
|
||||||
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
|
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
|
||||||
|
cloud IN CNAME www.pizzapim.nl.
|
||||||
social IN CNAME www.pizzapim.nl.
|
social IN CNAME www.pizzapim.nl.
|
||||||
dav IN CNAME www.pizzapim.nl.
|
dav IN CNAME www.pizzapim.nl.
|
||||||
git IN CNAME www.pizzapim.nl.
|
git IN CNAME www.pizzapim.nl.
|
||||||
meet IN CNAME www.pizzapim.nl.
|
meet IN CNAME www.pizzapim.nl.
|
||||||
rss IN CNAME www.pizzapim.nl.
|
rss IN CNAME www.pizzapim.nl.
|
||||||
|
traefik IN CNAME www.pizzapim.nl.
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
dependencies:
|
|
||||||
- role: common
|
|
||||||
- role: docker
|
|
|
@ -1,19 +0,0 @@
|
||||||
- name: Create app directory
|
|
||||||
file:
|
|
||||||
path: "{{ service_dir }}"
|
|
||||||
state: directory
|
|
||||||
- name: Copy Docker Compose script
|
|
||||||
template:
|
|
||||||
src: "{{ role_path }}/templates/docker-compose.yml.j2"
|
|
||||||
dest: "{{ service_dir }}/docker-compose.yml"
|
|
||||||
- name: Copy prometheus.yml
|
|
||||||
template:
|
|
||||||
src: "{{ role_path }}/templates/prometheus.yml.j2"
|
|
||||||
dest: "{{ service_dir }}/prometheus.yml"
|
|
||||||
register: config
|
|
||||||
- name: Start Docker Compose
|
|
||||||
docker_compose:
|
|
||||||
project_src: "{{ service_dir }}"
|
|
||||||
pull: true
|
|
||||||
remove_orphans: true
|
|
||||||
restarted: "{{ config.changed }}"
|
|
|
@ -1,13 +0,0 @@
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
prometheus:
|
|
||||||
image: prom/prometheus
|
|
||||||
container_name: prometheus
|
|
||||||
restart: always
|
|
||||||
volumes:
|
|
||||||
- "{{ service_dir }}/prometheus.yml:/etc/prometheus/prometheus.yml"
|
|
||||||
extra_hosts:
|
|
||||||
- "host.docker.internal:host-gateway"
|
|
||||||
ports:
|
|
||||||
- "{{ prometheus_port }}:9090"
|
|
|
@ -1,14 +0,0 @@
|
||||||
global:
|
|
||||||
scrape_interval: 15s
|
|
||||||
|
|
||||||
scrape_configs:
|
|
||||||
|
|
||||||
- job_name: 'prometheus'
|
|
||||||
scrape_interval: 5s
|
|
||||||
static_configs:
|
|
||||||
- targets: ['localhost:9090']
|
|
||||||
|
|
||||||
- job_name: 'traefik'
|
|
||||||
scrape_interval: 5s
|
|
||||||
static_configs:
|
|
||||||
- targets: ['host.docker.internal:{{ traefik_api_port }}']
|
|
|
@ -1,3 +0,0 @@
|
||||||
service_name: prometheus
|
|
||||||
data_dir: "{{ base_data_dir }}/{{ service_name }}"
|
|
||||||
service_dir: "{{ base_service_dir }}/{{ service_name }}"
|
|
|
@ -13,7 +13,6 @@ services:
|
||||||
- "443:443"
|
- "443:443"
|
||||||
- "80:80"
|
- "80:80"
|
||||||
- "{{ git_ssh_port }}:{{ git_ssh_port }}"
|
- "{{ git_ssh_port }}:{{ git_ssh_port }}"
|
||||||
- "{{ traefik_api_port }}:{{ traefik_api_port }}"
|
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
- {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml
|
- {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml
|
||||||
|
@ -30,6 +29,10 @@ services:
|
||||||
- traefik.http.routers.esrom.tls=true
|
- traefik.http.routers.esrom.tls=true
|
||||||
- traefik.http.routers.esrom.tls.certresolver=geokunis
|
- traefik.http.routers.esrom.tls.certresolver=geokunis
|
||||||
|
|
||||||
- traefik.http.routers.traefik.rule=Host(`max.lan`)
|
- traefik.http.routers.traefik.rule=Host(`traefik.pizzapim.nl`)
|
||||||
- traefik.http.routers.traefik.entrypoints=internal
|
- traefik.http.routers.traefik.entrypoints=websecure
|
||||||
|
- traefik.http.routers.traefik.tls=true
|
||||||
|
- traefik.http.routers.traefik.tls.certresolver=pizzapim
|
||||||
- traefik.http.routers.traefik.service=api@internal
|
- traefik.http.routers.traefik.service=api@internal
|
||||||
|
- traefik.http.routers.traefik.middlewares=whitelist-local
|
||||||
|
- "traefik.http.middlewares.whitelist-local.ipwhitelist.sourcerange=127.0.0.1/32,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,::1,fc00::/7"
|
||||||
|
|
|
@ -13,17 +13,11 @@ loglevel = "DEBUG"
|
||||||
address = ":{{ git_ssh_port }}"
|
address = ":{{ git_ssh_port }}"
|
||||||
[entryPoints.video]
|
[entryPoints.video]
|
||||||
address = ":{{ jitsi_videobridge_port }}/udp"
|
address = ":{{ jitsi_videobridge_port }}/udp"
|
||||||
[entryPoints.internal]
|
|
||||||
address = ":{{ traefik_api_port }}"
|
|
||||||
|
|
||||||
[api]
|
[api]
|
||||||
insecure = false
|
insecure = false
|
||||||
dashboard = true
|
dashboard = true
|
||||||
|
|
||||||
[metrics]
|
|
||||||
[metrics.prometheus]
|
|
||||||
entryPoint = "internal"
|
|
||||||
|
|
||||||
[providers.docker]
|
[providers.docker]
|
||||||
endpoint = "unix:///var/run/docker.sock"
|
endpoint = "unix:///var/run/docker.sock"
|
||||||
|
|
||||||
|
|
Reference in a new issue