move traefik acme.json to NFS

2023-06-19 11:24:48 +02:00 · 2023-06-19 11:24:48 +02:00 · 038b1a3c55
commit 038b1a3c55
parent f41cbb0251
3 changed files with 16 additions and 4 deletions
--- a/ansible/inventory/group_vars/all.yml
+++ b/ansible/inventory/group_vars/all.yml
@ -16,6 +16,8 @@ nfs_shares:
    path: /mnt/data/pihole/dnsmasq
  - name: hedgedoc_uploads
    path: /mnt/data/hedgedoc/uploads
+  - name: traefik_acme
+    path: /mnt/data/traefik/acme

 database_passwords:
  nextcloud: !vault |
--- a/ansible/playbooks/stacks.yml
+++ b/ansible/playbooks/stacks.yml
@ -15,6 +15,6 @@
    - {role: kms, tags: kms}
    - {role: swarm_dashboard, tags: swarm_dashboard}
    - {role: shephard, tags: shephard}
-    - {role: jitsi, tags: jitsi}
+    # - {role: jitsi, tags: jitsi}
    - {role: pihole, tags: pihole}
    - {role: nextcloud, tags: nextcloud}
--- a/ansible/roles/traefik/docker-stack.yml.j2
+++ b/ansible/roles/traefik/docker-stack.yml.j2
@ -10,6 +10,13 @@ configs:
    external: true
    name: "{{ services.config_name }}"

+volumes:
+  acme:
+    driver_opts:
+      type: "nfs"
+      o: "addr=192.168.30.10,nolock,soft,rw"
+      device: ":/mnt/data/traefik/acme"
+
 services:
  traefik:
    image: traefik:3.0
@ -66,9 +73,11 @@ services:
      - type: bind
        source: /var/run/docker.sock
        target: /var/run/docker.sock
-      - type: bind
-        source: /mnt/data/traefik/acme.json
-        target: /acme.json
+      - type: volume
+        source: acme
+        target: /acme
+        volume:
+          nocopy: true
    configs:
      - source: services
        target: /etc/traefik/services.yml
@ -96,6 +105,7 @@ services:

      - --certificatesresolvers.letsencrypt.acme=true
      - --certificatesresolvers.letsencrypt.acme.email=pim@kunis.nl
+      - --certificatesresolvers.letsencrypt.acme.storage=/acme/acme.json
      - --certificatesresolvers.letsencrypt.acme.httpchallenge=true
      - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web