From 038b1a3c55907f26f1b174002ad631e7a363e0fc Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Mon, 19 Jun 2023 11:24:48 +0200 Subject: [PATCH] move traefik acme.json to NFS --- ansible/inventory/group_vars/all.yml | 2 ++ ansible/playbooks/stacks.yml | 2 +- ansible/roles/traefik/docker-stack.yml.j2 | 16 +++++++++++++--- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/ansible/inventory/group_vars/all.yml b/ansible/inventory/group_vars/all.yml index 2513cac..407846c 100644 --- a/ansible/inventory/group_vars/all.yml +++ b/ansible/inventory/group_vars/all.yml @@ -16,6 +16,8 @@ nfs_shares: path: /mnt/data/pihole/dnsmasq - name: hedgedoc_uploads path: /mnt/data/hedgedoc/uploads + - name: traefik_acme + path: /mnt/data/traefik/acme database_passwords: nextcloud: !vault | diff --git a/ansible/playbooks/stacks.yml b/ansible/playbooks/stacks.yml index 242c3f7..97a8d38 100644 --- a/ansible/playbooks/stacks.yml +++ b/ansible/playbooks/stacks.yml @@ -15,6 +15,6 @@ - {role: kms, tags: kms} - {role: swarm_dashboard, tags: swarm_dashboard} - {role: shephard, tags: shephard} - - {role: jitsi, tags: jitsi} + # - {role: jitsi, tags: jitsi} - {role: pihole, tags: pihole} - {role: nextcloud, tags: nextcloud} diff --git a/ansible/roles/traefik/docker-stack.yml.j2 b/ansible/roles/traefik/docker-stack.yml.j2 index a540c80..6691d73 100644 --- a/ansible/roles/traefik/docker-stack.yml.j2 +++ b/ansible/roles/traefik/docker-stack.yml.j2 @@ -10,6 +10,13 @@ configs: external: true name: "{{ services.config_name }}" +volumes: + acme: + driver_opts: + type: "nfs" + o: "addr=192.168.30.10,nolock,soft,rw" + device: ":/mnt/data/traefik/acme" + services: traefik: image: traefik:3.0 @@ -66,9 +73,11 @@ services: - type: bind source: /var/run/docker.sock target: /var/run/docker.sock - - type: bind - source: /mnt/data/traefik/acme.json - target: /acme.json + - type: volume + source: acme + target: /acme + volume: + nocopy: true configs: - source: services target: /etc/traefik/services.yml @@ -96,6 +105,7 @@ services: - --certificatesresolvers.letsencrypt.acme=true - --certificatesresolvers.letsencrypt.acme.email=pim@kunis.nl + - --certificatesresolvers.letsencrypt.acme.storage=/acme/acme.json - --certificatesresolvers.letsencrypt.acme.httpchallenge=true - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web