inventory/m2.ini

@@ -1,7 +0,0 @@
-[main]
-m2.kadet.net
-
-[main:vars]
-ansible_user=kadet
-main_domain=kadet.net
-swarm_addr=2a01:4f8:c2c:db18::1

inventory/vagrant.ini

@@ -5,6 +5,3 @@
 ansible_user=vagrant
 ansible_ssh_private_key_file=./.vagrant/machines/default/virtualbox/private_key
 ansible_ssh_common_args='-o StrictHostKeyChecking=no'
-main_domain=kadet.local
-swarm_addr=eth0
-lets_encrypt_url=https://acme-staging-v02.api.letsencrypt.org/directory

services/cojedzie/stack.yml

@@ -8,8 +8,6 @@ services:
       - default
     volumes: 
       - db_data:/var/db
-    environment:
-      - TRUSTED_PROXIES=10.0.0.0/8
     deploy:
       mode: replicated
       replicas: 1
@@ -17,8 +15,6 @@ services:
         - traefik.enable=true
         - traefik.http.routers.{{ service }}-api.rule=(Host(`{{ service }}.{{ main_domain }}`) || Host(`cojedzie.pl`)) && PathPrefix(`/api/`)
         - traefik.http.routers.{{ service }}-api.priority=100
-        - traefik.http.routers.{{ service }}-api.tls=true
-        - traefik.http.routers.{{ service }}-api.tls.certresolver=lets-encrypt
         - traefik.http.services.{{ service }}-api.loadbalancer.server.port=8080
 
   update-job:
@@ -59,8 +55,6 @@ services:
       labels:
         - traefik.enable=true
         - traefik.http.routers.{{ service }}-front.rule=Host(`{{ service }}.{{ main_domain }}`) || Host(`cojedzie.pl`)
-        - traefik.http.routers.{{ service }}-front.tls=true
-        - traefik.http.routers.{{ service }}-front.tls.certresolver=lets-encrypt
         - traefik.http.services.{{ service }}-front.loadbalancer.server.port=3000
 
 volumes:

services/gitea/stack.yml

@@ -29,6 +29,4 @@ services:
       labels:
         - traefik.enable=true
         - traefik.http.routers.{{ service }}.rule=Host(`git.{{ main_domain }}`)
-        - traefik.http.routers.{{ service }}.tls=true
-        - traefik.http.routers.{{ service }}.tls.certresolver=lets-encrypt
         - traefik.http.services.{{ service }}.loadbalancer.server.port=3000

services/portainer/stack.yml

@@ -20,7 +20,7 @@ services:
       - portainer_data:/data
     networks:
       - agent_network
-      - "{{ ingress_network }}"
+      - {{ ingress_network }}
     deploy:
       mode: replicated
       replicas: 1
@@ -29,8 +29,6 @@ services:
       labels:
         - traefik.enable=true
         - traefik.http.routers.{{ service }}.rule=Host(`{{ service }}.{{ main_domain }}`)
-        - traefik.http.routers.{{ service }}.tls=true
-        - traefik.http.routers.{{ service }}.tls.certresolver=lets-encrypt
         - traefik.http.services.{{ service }}.loadbalancer.server.port=9000
 
 networks:

services/registry/config/config.yml

@@ -1,21 +0,0 @@
-version: 0.1
-log:
-  fields:
-    service: registry
-storage:
-  cache:
-    blobdescriptor: inmemory
-  {{ registry_storage|to_nice_yaml(indent=2, width=140)|indent(2) }}
-http:
-  addr: :5000
-  headers:
-    X-Content-Type-Options: [nosniff]
-auth:
-  htpasswd:
-    realm: basic-realm
-    path: /etc/docker/registry/htpasswd
-health:
-  storagedriver:
-    enabled: true
-    interval: 10s
-    threshold: 3

services/registry/stack.yml

@@ -1,30 +0,0 @@
-version: "{{ compose_version }}"
-
-services:
-  registry:
-    image: registry:2
-    secrets:
-      - source: htpasswd_{{ registry_htpasswd.stat.checksum }}
-        target: /etc/docker/registry/htpasswd
-    configs:
-      - source: registry_{{ registry_config.checksum }}
-        target: /etc/docker/registry/config.yml
-    deploy:
-      placement:
-        constraints:
-          - node.role == manager
-      labels:
-        - traefik.enable=true
-        - traefik.http.routers.{{ service }}.rule=Host(`{{ service }}.{{ main_domain }}`)
-        - traefik.http.routers.{{ service }}.tls=true
-        - traefik.http.routers.{{ service }}.tls.certresolver=lets-encrypt
-        - traefik.http.services.{{ service }}.loadbalancer.server.port=5000
-    networks: ['{{ ingress_network }}']
-
-configs:
-  registry_{{ registry_config.checksum }}:
-    file: ./config/config.yml
-
-secrets:
-  htpasswd_{{ registry_htpasswd.stat.checksum }}:
-    file: ./config/htpasswd

services/registry/tasks/config.yml

@@ -1,29 +0,0 @@
----
-- name: 'Copy config for "{{ service }}"'
-  template:
-    src: "{{ service_path }}/config/config.yml"
-    dest: "{{ remote_service_path }}/config/config.yml"
-  register: registry_config
-  tags:
-    - config
-
-- name: 'Generate passwords file for "{{ service }}"'
-  community.general.htpasswd:
-    path: "{{ remote_service_path }}/config/htpasswd"
-    name: "{{ registry_user.name }}"
-    crypt_scheme: bcrypt
-    password: "{{ registry_user.password }}"
-  loop: "{{ registry_users }}"
-  loop_control:
-    loop_var: registry_user
-    label: "{{ registry_user.name }}"
-  tags:
-    - config
-
-- name: 'Compute config hash for passwords file of "{{ service }}"'
-  ansible.builtin.stat:
-    path: "{{ remote_service_path }}/config/htpasswd"
-    get_mime: no
-    get_attributes: no
-    get_checksum: yes
-  register: registry_htpasswd

services/traefik/config/dynamic/alcoholic-calendar.yaml

@@ -4,5 +4,3 @@ http:
     alcoholic-calendar:
       rule: Host(`alcoholic.{{ main_domain }}`)
       service: legacy@docker
-      tls:
-        certresolver: lets-encrypt

services/traefik/config/dynamic/dashboard.yaml

@@ -6,8 +6,6 @@ http:
     dashboard:
       rule: Host(`traefik.{{ main_domain }}`)
       service: api@internal
-      tls:
-        certresolver: lets-encrypt
 {% if dashboard_users is defined %}
       middlewares:
         - dashboard_auth

services/traefik/config/dynamic/nginx.yaml

@@ -4,5 +4,3 @@ http:
     nginx:
       rule: Host(`{{ main_domain }}`)
       service: legacy@docker
-      tls:
-        certresolver: lets-encrypt

services/traefik/config/dynamic/paa.yaml

@@ -4,5 +4,3 @@ http:
     paa:
       rule: Host(`paa.{{ main_domain }}`)
       service: legacy@docker
-      tls:
-        certresolver: lets-encrypt

services/traefik/config/dynamic/pastebin.yaml

@@ -4,5 +4,3 @@ http:
     pastebin:
       rule: Host(`bin.{{ main_domain }}`)
       service: legacy@docker
-      tls:
-        certresolver: lets-encrypt

services/traefik/config/traefik.yaml

@@ -9,12 +9,6 @@ global:
 entryPoints:
   web:       
     address: :80
-    http:
-      redirections:
-        entryPoint:
-          to: websecure
-          scheme: https
-
   websecure: 
     address: :443
 
@@ -65,11 +59,3 @@ providers:
     swarmMode: true
     exposedByDefault: false
     network: "traefik"
-
-certificatesResolvers:
-  lets-encrypt:
-    acme:
-      caServer: "{{ lets_encrypt_url|default('https://acme-v02.api.letsencrypt.org/directory') }}"
-      email: "kacper@kadet.net"
-      storage: "/etc/traefik/acme/lets-encrypt.json"
-      tlsChallenge: {}

services/traefik/stack.yml

@@ -5,9 +5,9 @@ services:
     image: traefik:v2.4
     ports:
       - 80:80
+      - 8080:8080
       - 443:443
     volumes:
-      - ./config/acme:/etc/traefik/acme
       - ./config/traefik.yaml:/etc/traefik/traefik.yaml:ro
       - ./config/dynamic:/etc/traefik/dynamic:ro
       - /var/run/docker.sock:/var/run/docker.sock:ro

services/traefik/tasks/config.yml

@@ -1,6 +1,6 @@
 ---
 - name: 'Copy static config for "{{ service }}"'
-  template:
+  copy:
     src: "{{ service_path }}/config/traefik.yaml"
     dest: "{{ remote_service_path }}/config/traefik.yaml"
   tags:
@@ -14,14 +14,6 @@
   tags:
     - config
 
-- name: 'Ensure acme config directory exists'
-  file:
-    path: "{{ remote_service_path }}/config/acme"
-    state: directory
-    owner: "{{ ansible_user }}"
-  tags:
-    - config
-
 - name: 'Copy dynamic config'
   template:
     src: "{{ file }}"

tasks/deploy.yml

@@ -13,7 +13,6 @@
   with_dict: "{{ service_config[service]|default({}) }}"
   loop_control:
     loop_var: variable
-    label: "{{ variable.key }}"
   tags:
     - always
 

vars/environment.yml

@@ -4,12 +4,11 @@ pip_install_packages:
   - docker
   - jsondiff
   - pyyaml
-  - passlib
-  - bcrypt
 ansible_python_interpreter: /usr/bin/python3  
 pip_package: python3-pip
 pip_executable: pip3
 
+swarm_addr: eth0
 swarm_global_networks:
  - name: traefik
 swarm_host_address: "{{ ansible_docker0.ipv4.address }}"

vars/services.yml

@@ -8,8 +8,11 @@ remote_services_root: /var/services
 remote_service_path: "{{ remote_services_root }}/{{ service }}"
 
 compose_version: "3.7"
+
 ingress_network: traefik
 
+main_domain: kadet.local
+
 database_mysql_host: "{{ swarm_host_address }}"
 
 services_to_restart: []
@@ -38,36 +41,5 @@ service_config:
   cojedzie:
     cojedzie_gtm: GTM-TQNX386
 
-  registry:
-    registry_users:
-      - name: kadet
-        password: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          62613965333632643231306232323064306439313330353830663132393137633632613839656463
-          6335356336383632313765393634356563393066316261660a643762366532623735626430636634
-          35333465663730383033313762353539323663613038366531626163336430663062313466626137
-          6330386139356263390a663366633232346637346233653261373330343864613262313465336432
-          31366633323433653632366633376533343764343565653737633837383330323630313433323836
-          6530363533656439663631636532363864373666343163376632
-    registry_storage:
-      s3:
-        accesskey: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          62343638373430393732616566373062633161316565646161613739363364346266663461386134
-          6662356631333130323835386365393864633332643064360a313738373234323336376434663234
-          66666137653065383762303365643663303365376662663931316430346331373538323963353263
-          3961663835393334370a613137316433396637316437616662356364626535626166333930356139
-          36323930633662363664663064346239386230616537353332356338653463356365
-        secretkey: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          62386333363935343736626233333035373534316636303063313039633764653162643761393431
-          6137393061623538346562623731373937643361353839620a356662373131623263636663626334
-          35353435613763346139613931316537626434363462646139366539636139336161623463343433
-          6563656236663563650a313965336364323134336531373135666162663232623261313362663363
-          36363165623231616331613165626563383038613534303465646530303132623930
-        region: eu-central-003
-        regionendpoint: https://s3.eu-central-003.backblazeb2.com
-        bucket: kadet-docker
-
 www_data_users:
   - vagrant