diff --git a/README.md b/README.md index 7b44435..d0373eb 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # Ansible scripts for our private Intel NUC servers ## TODO - ### nsd +- Change IPv6 addresses - ZSK rollover. - I always resign the zone, even if nothing has changed. I could check whether the zone has changed or new keys were generated but that is kind of difficult. diff --git a/inventory/group_vars/nucs.yml b/inventory/group_vars/nucs.yml index 69f1dc9..da24364 100644 --- a/inventory/group_vars/nucs.yml +++ b/inventory/group_vars/nucs.yml @@ -1,2 +1 @@ -base_data_dir: /data -base_service_dir: /srv +# Group variables for nucs group diff --git a/roles/common/files/resolv.conf b/roles/common/files/resolv.conf index 863bc57..8a9bf12 100644 --- a/roles/common/files/resolv.conf +++ b/roles/common/files/resolv.conf @@ -1,4 +1,3 @@ -nameserver 192.168.30.1 nameserver 1.1.1.1 nameserver 1.0.0.1 search lan diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index ab05296..7e13c12 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -5,13 +5,13 @@ state: latest update_cache: yes cache_valid_time: 86400 # One day -- name: Create base data directory +- name: Create /data directory file: - path: "{{ base_data_dir }}" + path: /data state: directory -- name: Create base service directory +- name: Create /apps directory file: - path: "{{ base_service_dir }}" + path: /apps state: directory - name: Disable systemd-resolved systemd: diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 2506fde..dfef31a 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -29,8 +29,3 @@ name: - docker - docker-compose -- name: Start Docker - systemd: - name: docker - enabled: true - state: started diff --git a/roles/forgejo/templates/docker-compose.yml.j2 b/roles/forgejo/files/docker-compose.yml similarity index 92% rename from roles/forgejo/templates/docker-compose.yml.j2 rename to roles/forgejo/files/docker-compose.yml index a72e115..b9a7542 100644 --- a/roles/forgejo/templates/docker-compose.yml.j2 +++ b/roles/forgejo/files/docker-compose.yml @@ -15,8 +15,8 @@ services: networks: - traefik volumes: - - {{ data_dir }}:/data - - {{ service_dir }}/conf:/data/gitea/conf + - /data/forgejo:/data + - /apps/forgejo/conf:/data/gitea/conf - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro labels: diff --git a/roles/forgejo/tasks/main.yml b/roles/forgejo/tasks/main.yml index a2ce768..d46f75d 100644 --- a/roles/forgejo/tasks/main.yml +++ b/roles/forgejo/tasks/main.yml @@ -1,31 +1,31 @@ - name: Create app directory file: - path: "{{ service_dir }}" + path: /apps/forgejo state: directory - name: Copy Docker Compose script - template: - src: "{{ role_path }}/templates/docker-compose.yml.j2" - dest: "{{ service_dir }}/docker-compose.yml" + copy: + src: "{{ role_path }}/files/docker-compose.yml" + dest: /apps/forgejo/docker-compose.yml - name: Create data directory file: - path: "{{ data_dir }}" + path: /data/forgejo state: directory owner: 1000 group: 1000 - name: Copy conf directory file: - path: "{{ service_dir }}/conf" + path: /apps/forgejo/conf state: directory owner: 1000 group: 1000 - name: Copy app.ini template: src: "{{ role_path }}/templates/app.ini" - dest: "{{ service_dir }}/conf/app.ini" + dest: /apps/forgejo/conf/app.ini register: config - name: Start the Docker Compose - docker_compose: - project_src: "{{ service_dir }}" + community.docker.docker_compose: + project_src: /apps/forgejo pull: true remove_orphans: true restarted: "{{ config.changed }}" diff --git a/roles/forgejo/vars/main.yml b/roles/forgejo/vars/main.yml index f0ac50e..1f23d70 100644 --- a/roles/forgejo/vars/main.yml +++ b/roles/forgejo/vars/main.yml @@ -1,7 +1,3 @@ -service_name: forgejo -data_dir: "{{ base_data_dir }}/{{ service_name }}" -service_dir: "{{ base_service_dir }}/{{ service_name }}" - forgejo: root_url: "https://git.pizzapim.nl" mailer_host: "smtp.tweak.nl" diff --git a/roles/kms/tasks/main.yml b/roles/kms/tasks/main.yml index 2518ba7..57a0ce4 100644 --- a/roles/kms/tasks/main.yml +++ b/roles/kms/tasks/main.yml @@ -1,14 +1,14 @@ - name: Create app directory file: - path: "{{ service_dir }}" + path: /apps/kms state: directory - name: Copy Docker Compose script copy: src: "{{ role_path }}/files/docker-compose.yml" - dest: "{{ service_dir }}/docker-compose.yml" + dest: /apps/kms/docker-compose.yml - name: Start the Docker Compose - docker_compose: - project_src: "{{ service_dir }}" + community.docker.docker_compose: + project_src: /apps/kms pull: true remove_orphans: true diff --git a/roles/kms/vars/main.yml b/roles/kms/vars/main.yml deleted file mode 100644 index 8f2f2a2..0000000 --- a/roles/kms/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -service_name: kms -service_dir: "{{ base_service_dir }}/{{ service_name }}" diff --git a/roles/mastodon/tasks/main.yml b/roles/mastodon/tasks/main.yml index 6f4ea70..6c90df0 100644 --- a/roles/mastodon/tasks/main.yml +++ b/roles/mastodon/tasks/main.yml @@ -1,22 +1,22 @@ - name: Create Mastodon app directory file: - path: "{{ service_dir }}" + path: /apps/mastodon state: directory - name: Copy .env.production copy: src: "{{ role_path }}/files/.env.production" - dest: "{{ service_dir }}.env.production" + dest: /apps/mastodon/.env.production - name: Copy Docker Compose script template: src: "{{ role_path }}/templates/docker-compose.yml.j2" - dest: "{{ service_dir }}/docker-compose.yml" + dest: /apps/mastodon/docker-compose.yml - name: Create Mastodon data directory file: - path: "{{ data_dir }}" + path: /data/mastodon state: directory mode: 0777 - name: Start Docker Compose docker_compose: - project_src: "{{ service_dir }}" + project_src: /apps/mastodon pull: true remove_orphans: true diff --git a/roles/mastodon/templates/docker-compose.yml.j2 b/roles/mastodon/templates/docker-compose.yml.j2 index e809bb7..01b2ea0 100644 --- a/roles/mastodon/templates/docker-compose.yml.j2 +++ b/roles/mastodon/templates/docker-compose.yml.j2 @@ -9,7 +9,7 @@ services: healthcheck: test: ['CMD', 'pg_isready', '-U', 'postgres'] volumes: - - {{ data_dir }}/postgres14:/var/lib/postgresql/data + - /data/mastodon/postgres14:/var/lib/postgresql/data environment: - 'POSTGRES_HOST_AUTH_METHOD=trust' - 'POSTGRES_PASSWORD={{ mastodon_postgres_password }}' @@ -24,7 +24,7 @@ services: healthcheck: test: ['CMD', 'redis-cli', 'ping'] volumes: - - {{ data_dir }}/redis:/data + - /data/mastodon/redis:/data environment: - 'REDIS_PASSWORD={{ mastodon_redis_password }}' @@ -46,7 +46,7 @@ services: - db - redis volumes: - - {{ data_dir }}/public/system:/mastodon/public/system + - /data/mastodon/public/system:/mastodon/public/system labels: - traefik.http.routers.mastodon.entrypoints=websecure - traefik.http.routers.mastodon.rule=Host(`social.pizzapim.nl`) @@ -91,7 +91,7 @@ services: networks: - default volumes: - - {{ data_dir }}/public/system:/mastodon/public/system + - /data/mastodon/public/system:/mastodon/public/system healthcheck: test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"] diff --git a/roles/mastodon/vars/main.yml b/roles/mastodon/vars/main.yml index 0f488b3..505d001 100644 --- a/roles/mastodon/vars/main.yml +++ b/roles/mastodon/vars/main.yml @@ -1,7 +1,3 @@ -service_name: mastodon -data_dir: "{{ base_data_dir }}/{{ service_name }}" -service_dir: "{{ base_service_dir }}/{{ service_name }}" - mastodon_postgres_password: !vault | $ANSIBLE_VAULT;1.1;AES256 34643131323762373635383736636432643161646130373565333432323337646435656233383131 diff --git a/roles/nsd/files/docker-compose.yml b/roles/nsd/files/docker-compose.yml new file mode 100644 index 0000000..42d56dd --- /dev/null +++ b/roles/nsd/files/docker-compose.yml @@ -0,0 +1,18 @@ +version: '3.7' + +services: + nsd: + container_name: nsd + restart: always + image: ghcr.io/the-kube-way/nsd:v4.6.0 + read_only: true + tmpfs: + - /tmp + - /var/db/nsd + volumes: + - /apps/nsd/conf:/etc/nsd:ro + - /apps/nsd/zones:/zones + - /apps/nsd/keys:/keys + ports: + - 53:53 + - 53:53/udp diff --git a/roles/nsd/files/nsd.conf b/roles/nsd/files/nsd.conf index f3460bf..151373c 100644 --- a/roles/nsd/files/nsd.conf +++ b/roles/nsd/files/nsd.conf @@ -1,11 +1,8 @@ server: - ip-address: enp3s0 server-count: 1 verbosity: 1 hide-version: yes - zonesdir: "/etc/nsd/zones" - ip-transparent: yes - ip-freebind: yes + zonesdir: "/zones" zone: name: pizzapim.nl diff --git a/roles/nsd/files/zones/geokunis2.nl b/roles/nsd/files/zones/geokunis2.nl index 1a5d776..4447d27 100644 --- a/roles/nsd/files/zones/geokunis2.nl +++ b/roles/nsd/files/zones/geokunis2.nl @@ -1,18 +1,19 @@ $ORIGIN geokunis2.nl. $TTL 60 -geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2023010601 1800 3600 1209600 3600 +geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2022103001 1800 3600 1209600 3600 NS ns.geokunis2.nl. NS ns0.transip.net. NS ns1.transip.nl. NS ns2.transip.eu. - A 84.245.14.149 - AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda + A 82.197.212.198 + AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e MX 0 . TXT "v=spf1 -all" CAA 0 issue "letsencrypt.org" jenl IN A 217.123.41.225 -kms IN A 84.245.14.149 +kms IN A 82.197.212.198 +ovh IN A 57.128.45.138 _dmarc IN TXT "v=DMARC1; p=reject; fo=0; adkim=s; aspf=s; pct=100; rf=afrf; sp=reject" -ns A 84.245.14.149 - AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda +ns A 82.197.212.198 + AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e diff --git a/roles/nsd/files/zones/pizzapim.nl b/roles/nsd/files/zones/pizzapim.nl index 9c8e1e5..67fa9ce 100644 --- a/roles/nsd/files/zones/pizzapim.nl +++ b/roles/nsd/files/zones/pizzapim.nl @@ -1,24 +1,26 @@ $ORIGIN pizzapim.nl. $TTL 60 -pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023010701 1800 3600 1209600 3600 +pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2022122900 1800 3600 1209600 3600 NS ns.pizzapim.nl. NS ns0.transip.net. NS ns1.transip.nl. NS ns2.transip.eu. - A 84.245.14.149 - AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda + A 82.197.212.198 + AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e TXT "v=spf1 ~all" CAA 0 issue "letsencrypt.org" +www IN CNAME @ +ns IN A 82.197.212.198 + AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e _dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;" - -www IN A 84.245.14.149 - AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda -ns IN A 84.245.14.149 - AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda -cloud IN CNAME www.pizzapim.nl. -social IN CNAME www.pizzapim.nl. -dav IN CNAME www.pizzapim.nl. -git IN CNAME www.pizzapim.nl. +cloud IN A 82.197.212.198 + AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e +social IN A 82.197.212.198 + AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e +dav IN A 82.197.212.198 + AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e +git IN A 82.197.212.198 + AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e diff --git a/roles/nsd/meta/main.yml b/roles/nsd/meta/main.yml new file mode 100644 index 0000000..090690b --- /dev/null +++ b/roles/nsd/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: + - role: common + - role: docker diff --git a/roles/nsd/tasks/main.yml b/roles/nsd/tasks/main.yml index 2636079..32d67c2 100644 --- a/roles/nsd/tasks/main.yml +++ b/roles/nsd/tasks/main.yml @@ -1,69 +1,86 @@ -- name: Install nsd - apt: - pkg: - - nsd - - ldnsutils +- name: Create nsd app directory + file: + path: /apps/nsd + state: directory +- name: Create nsd configuration directory + file: + path: /apps/nsd/conf + state: directory + owner: 991 + group: 991 - name: Copy nsd.conf copy: src: "{{ role_path }}/files/nsd.conf" - dest: /etc/nsd/nsd.conf -- name: Create zones directory + dest: /apps/nsd/conf/nsd.conf +- name: Create nsd zones directory file: - path: /etc/nsd/zones + path: /apps/nsd/zones state: directory + owner: 991 + group: 991 - name: Copy zone files copy: src: "{{ role_path }}/files/zones/" - dest: /etc/nsd/zones -- name: Create keys directory + dest: /apps/nsd/zones +- name: Create nsd keys directory file: - path: /etc/nsd/keys + path: /apps/nsd/keys state: directory + owner: 991 + group: 991 - name: Copy KSK private keys template: src: "{{ item }}" - dest: "/etc/nsd/keys/{{ item | basename }}" + dest: "/apps/nsd/keys/{{ item | basename }}" with_fileglob: - "{{ role_path }}/files/keys/*.ksk.private" - name: Copy KSK keys copy: src: "{{ item }}" - dest: "/etc/nsd/keys/{{ item | basename }}" + dest: "/apps/nsd/keys/{{ item | basename }}" with_fileglob: - "{{ role_path }}/files/keys/*.ksk.key" +- name: Copy Docker Compose script + copy: + src: "{{ role_path }}/files/docker-compose.yml" + dest: /apps/nsd/docker-compose.yml +- name: Start Docker Compose + docker_compose: + project_src: /apps/nsd + pull: true + remove_orphans: true - name: Check if ZSKs exist stat: - path: "/etc/nsd/keys/K{{ item | basename }}.zsk.key" + path: "/apps/nsd/keys/K{{ item | basename }}.zsk.key" register: zsks_exists with_fileglob: - "{{ role_path }}/files/zones/*" - name: Create ZSK command: - cmd: "ldns-keygen -a ED25519 {{ item.item | basename }}" - chdir: /etc/nsd/keys + cmd: "docker-compose exec -w /keys nsd ldns-keygen -a ED25519 {{ item.item | basename }}" + chdir: /apps/nsd register: create_zsk when: not item.stat.exists with_items: "{{ zsks_exists.results }}" - name: Rename ZSK key command: - cmd: "mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key" - chdir: /etc/nsd/keys + cmd: "docker-compose exec -w /keys nsd mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key" + chdir: /apps/nsd when: item.changed with_items: "{{ create_zsk.results }}" - name: Rename ZSK private key command: - cmd: "mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private" - chdir: /etc/nsd/keys + cmd: "docker-compose exec -w /keys nsd mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private" + chdir: /apps/nsd when: item.changed with_items: "{{ create_zsk.results }}" - name: Sign zones command: - cmd: "ldns-signzone {{ item | basename }} /etc/nsd/keys/K{{ item | basename }}.zsk /etc/nsd/keys/K{{ item | basename }}.ksk" - chdir: /etc/nsd/zones + cmd: 'docker-compose exec -w /zones nsd ldns-signzone {{ item | basename }} /keys/K{{ item | basename }}.zsk /keys/K{{ item | basename }}.ksk' + chdir: /apps/nsd with_fileglob: - "{{ role_path }}/files/zones/*" -- name: Restart NSD - systemd: - name: nsd - enabled: true - state: reloaded +- name: Restart Docker Compose + docker_compose: + project_src: /apps/nsd + restarted: true diff --git a/roles/pizzeria/tasks/main.yml b/roles/pizzeria/tasks/main.yml index 3d18940..da03235 100644 --- a/roles/pizzeria/tasks/main.yml +++ b/roles/pizzeria/tasks/main.yml @@ -1,9 +1,9 @@ - name: Clone pizzeria repository git: - repo: "{{ git_origin }}" - dest: "{{ service_dir }}" + repo: https://github.com/pizzapim/pizzeria + dest: /apps/pizzeria - name: Start the Docker Compose - docker_compose: - project_src: "{{ service_dir }}" + community.docker.docker_compose: + project_src: /apps/pizzeria pull: true remove_orphans: true diff --git a/roles/pizzeria/vars/main.yml b/roles/pizzeria/vars/main.yml deleted file mode 100644 index 33149bb..0000000 --- a/roles/pizzeria/vars/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -service_name: pizzeria -data_dir: "{{ base_data_dir }}/{{ service_name }}" -service_dir: "{{ base_service_dir }}/{{ service_name }}" -git_origin: https://git.pizzapim.nl/pim/pizzeria.git diff --git a/roles/radicale/templates/docker-compose.yml.j2 b/roles/radicale/files/docker-compose.yml similarity index 86% rename from roles/radicale/templates/docker-compose.yml.j2 rename to roles/radicale/files/docker-compose.yml index 1e9362f..fe20407 100644 --- a/roles/radicale/templates/docker-compose.yml.j2 +++ b/roles/radicale/files/docker-compose.yml @@ -9,8 +9,8 @@ services: restart: always image: mailu/radicale:1.9 volumes: - - {{ data_dir }}:/data - - {{ service_dir }}/config:/radicale + - /data/radicale:/data + - /apps/radicale/config:/radicale command: radicale -S -C /radicale/radicale.conf networks: - traefik diff --git a/roles/radicale/tasks/main.yml b/roles/radicale/tasks/main.yml index 48afa89..a66223b 100644 --- a/roles/radicale/tasks/main.yml +++ b/roles/radicale/tasks/main.yml @@ -1,29 +1,29 @@ - name: Create Radicale app directory file: - path: "{{ service_dir }}" + path: /apps/radicale state: directory - name: Copy docker-compose.yml file - template: - src: "{{ role_path }}/templates/docker-compose.yml.j2" - dest: "{{ service_dir }}/docker-compose.yml" + copy: + src: "{{ role_path }}/files/docker-compose.yml" + dest: /apps/radicale/docker-compose.yml - name: Create Radicale config directory file: - path: "{{ service_dir }}/config" + path: /apps/radicale/config state: directory - name: Copy radicale.conf copy: src: "{{ role_path }}/files/radicale.conf" - dest: "{{ service_dir }}/config/radicale.conf" + dest: /apps/radicale/config/radicale.conf - name: Copy users file copy: src: "{{ role_path }}/files/users" - dest: "{{ service_dir }}/config/users" + dest: /apps/radicale/config/users - name: Create Radicale data directory file: - path: "{{ data_dir }}" + path: /data/radicale state: directory - name: Start Docker Compose docker_compose: - project_src: "{{ service_dir }}" + project_src: /apps/radicale pull: true remove_orphans: true diff --git a/roles/radicale/vars/main.yml b/roles/radicale/vars/main.yml deleted file mode 100644 index 5c891bc..0000000 --- a/roles/radicale/vars/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -service_name: radicale -data_dir: "{{ base_data_dir }}/{{ service_name }}" -service_dir: "{{ base_service_dir }}/{{ service_name }}" diff --git a/roles/syncthing/templates/docker-compose.yml.j2 b/roles/syncthing/files/docker-compose.yml similarity index 83% rename from roles/syncthing/templates/docker-compose.yml.j2 rename to roles/syncthing/files/docker-compose.yml index 512eef6..7f4e6d8 100644 --- a/roles/syncthing/templates/docker-compose.yml.j2 +++ b/roles/syncthing/files/docker-compose.yml @@ -10,8 +10,8 @@ services: - PGID=1000 - TZ=Europe/Amsterdam volumes: - - {{ service_dir }}/config:/config - - {{ data_dir }}:/data + - /apps/syncthing/config:/config + - /data/syncthing:/data ports: - 8384:8384 - 22000:22000/tcp diff --git a/roles/syncthing/tasks/main.yml b/roles/syncthing/tasks/main.yml index 614d481..8b197fe 100644 --- a/roles/syncthing/tasks/main.yml +++ b/roles/syncthing/tasks/main.yml @@ -1,34 +1,34 @@ - name: Create Syncthing app directory file: - path: "{{ service_dir }}" + path: /apps/syncthing state: directory - name: Create Syncthing configuration directory file: - path: "{{ service_dir }}/config" + path: /apps/syncthing/config state: directory - name: Copy Syncthing private key copy: src: "{{ role_path }}/files/key.pem" - dest: "{{ service_dir }}/config/key.pem" + dest: /apps/syncthing/config/key.pem - name: Copy Syncthing certificate copy: src: "{{ role_path }}/files/cert.pem" - dest: "{{ service_dir }}/config/cert.pem" + dest: /apps/syncthing/config/cert.pem - name: Copy Syncthing configuration template: src: "{{ role_path }}/templates/config.xml.j2" - dest: "{{ service_dir }}/config/config.xml" + dest: /apps/syncthing/config/config.xml - name: Create Syncthing data directory file: - path: "{{ data_dir }}" + path: /data/syncthing state: directory mode: 0777 - name: Copy Docker Compose script - template: - src: "{{ role_path }}/templates/docker-compose.yml.j2" - dest: "{{ service_dir }}/docker-compose.yml" + copy: + src: "{{ role_path }}/files/docker-compose.yml" + dest: /apps/syncthing/docker-compose.yml - name: Start Docker Compose docker_compose: - project_src: "{{ service_dir }}" + project_src: /apps/syncthing pull: true remove_orphans: true diff --git a/roles/syncthing/vars/main.yml b/roles/syncthing/vars/main.yml index 4e73ff7..7e33fce 100644 --- a/roles/syncthing/vars/main.yml +++ b/roles/syncthing/vars/main.yml @@ -1,7 +1,3 @@ -service_name: syncthing -data_dir: "{{ base_data_dir }}/{{ service_name }}" -service_dir: "{{ base_service_dir }}/{{ service_name }}" - syncthing: apikey: !vault | $ANSIBLE_VAULT;1.1;AES256 diff --git a/roles/traefik/templates/docker-compose.yml.j2 b/roles/traefik/files/docker-compose.yml similarity index 82% rename from roles/traefik/templates/docker-compose.yml.j2 rename to roles/traefik/files/docker-compose.yml index f913135..70570d1 100644 --- a/roles/traefik/templates/docker-compose.yml.j2 +++ b/roles/traefik/files/docker-compose.yml @@ -20,9 +20,9 @@ services: - "56287:56287" volumes: - /var/run/docker.sock:/var/run/docker.sock - - {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml - - {{ service_dir }}/services.toml:/etc/traefik/services.toml - - {{ service_dir }}/acme.json:/acme.json + - /apps/traefik/traefik.toml:/etc/traefik/traefik.toml + - /apps/traefik/services.toml:/etc/traefik/services.toml + - /apps/traefik/acme.json:/acme.json networks: - traefik labels: diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml index 635c1dd..cedf64c 100644 --- a/roles/traefik/tasks/main.yml +++ b/roles/traefik/tasks/main.yml @@ -1,30 +1,30 @@ - name: Create traefik app directory file: - path: "{{ service_dir }}" + path: /apps/traefik state: directory - name: Create acme file copy: content: "" - dest: "{{ service_dir }}/acme.json" + dest: /apps/traefik/acme.json force: no mode: 0600 - name: Copy Docker Compose script - template: - src: "{{ role_path }}/templates/docker-compose.yml.j2" - dest: "{{ service_dir }}/docker-compose.yml" + copy: + src: "{{ role_path }}/files/docker-compose.yml" + dest: /apps/traefik/docker-compose.yml - name: Copy traefik.toml copy: src: "{{ role_path }}/files/traefik.toml" - dest: "{{ service_dir }}/traefik.toml" + dest: /apps/traefik/traefik.toml - name: Copy services.toml copy: src: "{{ role_path }}/files/services.toml" - dest: "{{ service_dir }}/services.toml" + dest: /apps/traefik/services.toml - name: Create traefik network docker_network: name: "traefik" - name: Start Docker Compose docker_compose: - project_src: "{{ service_dir }}" + project_src: /apps/traefik pull: true remove_orphans: true diff --git a/roles/traefik/vars/main.yml b/roles/traefik/vars/main.yml deleted file mode 100644 index 2e1116f..0000000 --- a/roles/traefik/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -service_name: traefik -service_dir: "{{ base_service_dir }}/{{ service_name }}"