diff --git a/.vscode/settings.json b/.vscode/settings.json index 0c07503..eb2113c 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -7,5 +7,6 @@ "https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json": [ "/services/*/stack.yml" ] - } + }, + "yaml.customTags": ["!vault"] } diff --git a/deploy.yaml b/deploy.yaml index 7792848..bea4900 100644 --- a/deploy.yaml +++ b/deploy.yaml @@ -12,3 +12,5 @@ vars: service: "{{ item }}" loop: "{{ services }}" + tags: + - always diff --git a/services/gitea/stack.yml b/services/gitea/stack.yml index af7ce41..abaa9aa 100644 --- a/services/gitea/stack.yml +++ b/services/gitea/stack.yml @@ -9,7 +9,7 @@ services: environment: - USER_UID={{ git_user.uid }} - USER_GID={{ git_user.group }} - - ROOT_URL=http://git.kadet.local/ + - ROOT_URL=http://git.{{ main_domain }}/ - DB_TYPE=mysql - DB_HOST=db:3306 - DB_NAME=gitea @@ -29,7 +29,7 @@ services: deploy: labels: - traefik.enable=true - - traefik.http.routers.{{ service }}.rule=Host(`git.kadet.local`) + - traefik.http.routers.{{ service }}.rule=Host(`git.{{ main_domain }}`) - traefik.http.services.{{ service }}.loadbalancer.server.port=3000 db: diff --git a/services/traefik/config/dynamic/dashboard.yaml b/services/traefik/config/dynamic/dashboard.yaml new file mode 100644 index 0000000..2c5a52d --- /dev/null +++ b/services/traefik/config/dynamic/dashboard.yaml @@ -0,0 +1,19 @@ +#jinja2: lstrip_blocks: True +--- +# Dashboard Configuration +http: + routers: + dashboard: + rule: Host(`traefik.{{ main_domain }}`) + service: api@internal +{% if dashboard_users is defined %} + middlewares: + - dashboard_auth + middlewares: + dashboard_auth: + basicAuth: + users: + {% for user in dashboard_users %} + - "{{ user.name }}:{{ user.password }}" + {% endfor %} +{% endif %} diff --git a/services/traefik/config/traefik.yaml b/services/traefik/config/traefik.yaml index e373123..8d65011 100644 --- a/services/traefik/config/traefik.yaml +++ b/services/traefik/config/traefik.yaml @@ -1,14 +1,4 @@ -################################################################ -# -# Configuration sample for Traefik v2. -# -# For Traefik v1: https://github.com/traefik/traefik/blob/v1.7/traefik.sample.toml -# -################################################################ - -################################################################ -# Global configuration -################################################################ +--- global: checkNewVersion: true sendAnonymousUsage: true @@ -16,98 +6,30 @@ global: ################################################################ # EntryPoints configuration ################################################################ - -# EntryPoints definition -# -# Optional -# entryPoints: - web: + web: address: :80 - - websecure: + websecure: address: :443 ################################################################ # Traefik logs configuration ################################################################ - -# Traefik logs -# Enabled by default and log to stdout -# -# Optional -# log: - # Log level - # - # Optional - # Default: "ERROR" - # - level: DEBUG - - # Sets the filepath for the traefik log. If not specified, stdout will be used. - # Intermediate directories are created if necessary. - # - # Optional - # Default: os.Stdout - # - filePath: os.Stdout - - # Format is either "json" or "common". - # - # Optional - # Default: "common" - # - format: common + level: DEBUG + format: common ################################################################ # Access logs configuration ################################################################ - -# Enable access logs -# By default it will write to stdout and produce logs in the textual -# Common Log Format (CLF), extended with additional fields. -# -# Optional -# accessLog: - # Sets the file path for the access log. If not specified, stdout will be used. - # Intermediate directories are created if necessary. - # - # Optional - # Default: os.Stdout - # - filePath: os.Stdout - - # Format is either "json" or "common". - # - # Optional - # Default: "common" - # - format: common + format: common ################################################################ # API and dashboard configuration ################################################################ - -# Enable API and dashboard -# -# Optional -# -#api: - # Enable the API in insecure mode - # - # Optional - # Default: false - # -# insecure: true - - # Enabled Dashboard - # - # Optional - # Default: true - # -# dashboard: false +api: + dashboard: true ################################################################ # Ping configuration @@ -127,8 +49,10 @@ accessLog: ################################################################ providers: + # File configuration for non-docker containers file: directory: "/etc/traefik/dynamic" + # Enable Docker configuration backend docker: endpoint: "unix:///var/run/docker.sock" diff --git a/services/traefik/stack.yml b/services/traefik/stack.yml index 6305b71..4808412 100644 --- a/services/traefik/stack.yml +++ b/services/traefik/stack.yml @@ -5,6 +5,7 @@ services: image: traefik:v2.4 ports: - 80:80 + - 8080:8080 - 443:443 volumes: - ./config/traefik.yaml:/etc/traefik/traefik.yaml:ro diff --git a/services/traefik/tasks/config.yml b/services/traefik/tasks/config.yml index 4953a39..7e454e3 100644 --- a/services/traefik/tasks/config.yml +++ b/services/traefik/tasks/config.yml @@ -3,9 +3,23 @@ copy: src: "{{ service_path }}/config/traefik.yaml" dest: "{{ remote_service_path }}/config/traefik.yaml" + tags: + - config - name: 'Ensure dynamic config directory exists' file: path: "{{ remote_service_path }}/config/dynamic" state: directory owner: "{{ ansible_user }}" + tags: + - config + +- name: 'Copy dynamic config' + template: + src: "{{ file }}" + dest: "{{ remote_service_path }}/config/dynamic/{{ file|basename }}" + with_fileglob: "{{ service_path }}/config/dynamic/*.yaml" + loop_control: + loop_var: file + tags: + - config diff --git a/tasks/deploy.yml b/tasks/deploy.yml index 166803a..a35cae8 100644 --- a/tasks/deploy.yml +++ b/tasks/deploy.yml @@ -1,9 +1,20 @@ --- - name: 'Include vars for "{{ service }}" service' - include_vars: "{{ file }}" + include_vars: "{{ service_vars_file }}" with_fileglob: "{{ services_root }}/{{ service }}/vars/*" loop_control: - loop_var: file + loop_var: service_vars_file + tags: + - always + +- name: 'Override "{{ service }}" service vars with local config' + set_fact: + '{{ variable.key }}': '{{ variable.value }}' + with_dict: "{{ service_config[service]|default({}) }}" + loop_control: + loop_var: variable + tags: + - always - name: 'Ensure "{{ service }}" service config directory exist' file: @@ -11,17 +22,23 @@ state: directory recurse: true owner: "{{ ansible_user }}" + tags: + - always - name: 'Load configuration tasks for "{{ service }}"' - include_tasks: "{{ file }}" + include_tasks: "{{ service_task_file }}" with_fileglob: "{{ services_root }}/{{ service }}/tasks/*" loop_control: - loop_var: file + loop_var: service_task_file + tags: + - always - name: 'Copy stack file of "{{ service }}" to remote server' template: src: "{{ services_root }}/{{ service }}/stack.yml" dest: "{{ remote_service_path }}/stack.yml" + tags: + - deploy - name: 'Deploy "{{ service }}" stack to docker' community.docker.docker_stack: @@ -31,4 +48,6 @@ - "{{ remote_service_path }}/stack.yml" - version: "{{ compose_version }}" networks: "{{ dict(swarm_global_networks | map(attribute='name') | zip_longest([], fillvalue={ 'external': True })) }}" + tags: + - deploy diff --git a/vars/services.yml b/vars/services.yml index f646c0b..42acd1a 100644 --- a/vars/services.yml +++ b/vars/services.yml @@ -10,3 +10,19 @@ remote_service_path: "{{ remote_services_root }}/{{ service }}" compose_version: "3.7" ingress_network: traefik + +main_domain: kadet.local + +service_config: + traefik: + dashboard_users: + - name: kadet + password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 35343061303630633064316236623032356663366661393931656562366336666364663133333432 + 6134663564396439313530353236393966313864353064380a613064363562393537313933366534 + 39366134613939653532306139383362633539616339356637623666303638653230393036356231 + 3634346265616162370a653132663638633234663432343839666531363734376433343836316137 + 35353236333161636466383462343234323461623233643339653739623932666637386633626330 + 6366666637366362663865313661306137383931613565663564 +