kadet.net/servers
1
0
Fork 0
Code Releases Activity

Compare commits

base: kadet.net:e93948d378629193c7b04e298957f49911b48131
Branches Tags
kadet.net:master
kadet.net:feature/mgmt-server
..
compare: kadet.net:928d0fcb60d9abfd3061739f7652533521520805
Branches Tags
kadet.net:master
kadet.net:feature/mgmt-server

No commits in common. "e93948d378629193c7b04e298957f49911b48131" and "928d0fcb60d9abfd3061739f7652533521520805" have entirely different histories.
e93948d378 ... 928d0fcb60

19 changed files with 8 additions and 170 deletions
Show Stats Expand all files Collapse all files

7
inventory/m2.ini
View File

@ -1,7 +0,0 @@
[main]
m2.kadet.net
[main:vars]
ansible_user=kadet
main_domain=kadet.net
swarm_addr=2a01:4f8:c2c:db18::1

5
inventory/vagrant.ini
View File

@ -4,7 +4,4 @@
[main:vars] [main:vars]
ansible_user=vagrant ansible_user=vagrant
ansible_ssh_private_key_file=./.vagrant/machines/default/virtualbox/private_key ansible_ssh_private_key_file=./.vagrant/machines/default/virtualbox/private_key
ansible_ssh_common_args='-o StrictHostKeyChecking=no' ansible_ssh_common_args='-o StrictHostKeyChecking=no'
main_domain=kadet.local
swarm_addr=eth0
lets_encrypt_url=https://acme-staging-v02.api.letsencrypt.org/directory

6
services/cojedzie/stack.yml
View File

@ -8,8 +8,6 @@ services:
- default - default
volumes: volumes:
- db_data:/var/db - db_data:/var/db
environment:
- TRUSTED_PROXIES=10.0.0.0/8
deploy: deploy:
mode: replicated mode: replicated
replicas: 1 replicas: 1
@ -17,8 +15,6 @@ services:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.{{ service }}-api.rule=(Host(`{{ service }}.{{ main_domain }}`) || Host(`cojedzie.pl`)) && PathPrefix(`/api/`) - traefik.http.routers.{{ service }}-api.rule=(Host(`{{ service }}.{{ main_domain }}`) || Host(`cojedzie.pl`)) && PathPrefix(`/api/`)
- traefik.http.routers.{{ service }}-api.priority=100 - traefik.http.routers.{{ service }}-api.priority=100
- traefik.http.routers.{{ service }}-api.tls=true
- traefik.http.routers.{{ service }}-api.tls.certresolver=lets-encrypt
- traefik.http.services.{{ service }}-api.loadbalancer.server.port=8080 - traefik.http.services.{{ service }}-api.loadbalancer.server.port=8080
update-job: update-job:
@ -59,8 +55,6 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.{{ service }}-front.rule=Host(`{{ service }}.{{ main_domain }}`) || Host(`cojedzie.pl`) - traefik.http.routers.{{ service }}-front.rule=Host(`{{ service }}.{{ main_domain }}`) || Host(`cojedzie.pl`)
- traefik.http.routers.{{ service }}-front.tls=true
- traefik.http.routers.{{ service }}-front.tls.certresolver=lets-encrypt
- traefik.http.services.{{ service }}-front.loadbalancer.server.port=3000 - traefik.http.services.{{ service }}-front.loadbalancer.server.port=3000
volumes: volumes:

2
services/gitea/stack.yml
View File

@ -29,6 +29,4 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.{{ service }}.rule=Host(`git.{{ main_domain }}`) - traefik.http.routers.{{ service }}.rule=Host(`git.{{ main_domain }}`)
- traefik.http.routers.{{ service }}.tls=true
- traefik.http.routers.{{ service }}.tls.certresolver=lets-encrypt
- traefik.http.services.{{ service }}.loadbalancer.server.port=3000 - traefik.http.services.{{ service }}.loadbalancer.server.port=3000

4
services/portainer/stack.yml
View File

@ -20,7 +20,7 @@ services:
- portainer_data:/data - portainer_data:/data
networks: networks:
- agent_network - agent_network
- "{{ ingress_network }}" - {{ ingress_network }}
deploy: deploy:
mode: replicated mode: replicated
replicas: 1 replicas: 1
@ -29,8 +29,6 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.{{ service }}.rule=Host(`{{ service }}.{{ main_domain }}`) - traefik.http.routers.{{ service }}.rule=Host(`{{ service }}.{{ main_domain }}`)
- traefik.http.routers.{{ service }}.tls=true
- traefik.http.routers.{{ service }}.tls.certresolver=lets-encrypt
- traefik.http.services.{{ service }}.loadbalancer.server.port=9000 - traefik.http.services.{{ service }}.loadbalancer.server.port=9000
networks: networks:

21
services/registry/config/config.yml
View File

@ -1,21 +0,0 @@
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
{{ registry_storage|to_nice_yaml(indent=2, width=140)|indent(2) }}
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
auth:
htpasswd:
realm: basic-realm
path: /etc/docker/registry/htpasswd
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3

30
services/registry/stack.yml
View File

@ -1,30 +0,0 @@
version: "{{ compose_version }}"
services:
registry:
image: registry:2
secrets:
- source: htpasswd_{{ registry_htpasswd.stat.checksum }}
target: /etc/docker/registry/htpasswd
configs:
- source: registry_{{ registry_config.checksum }}
target: /etc/docker/registry/config.yml
deploy:
placement:
constraints:
- node.role == manager
labels:
- traefik.enable=true
- traefik.http.routers.{{ service }}.rule=Host(`{{ service }}.{{ main_domain }}`)
- traefik.http.routers.{{ service }}.tls=true
- traefik.http.routers.{{ service }}.tls.certresolver=lets-encrypt
- traefik.http.services.{{ service }}.loadbalancer.server.port=5000
networks: ['{{ ingress_network }}']
configs:
registry_{{ registry_config.checksum }}:
file: ./config/config.yml
secrets:
htpasswd_{{ registry_htpasswd.stat.checksum }}:
file: ./config/htpasswd

29
services/registry/tasks/config.yml
View File

@ -1,29 +0,0 @@
---
- name: 'Copy config for "{{ service }}"'
template:
src: "{{ service_path }}/config/config.yml"
dest: "{{ remote_service_path }}/config/config.yml"
register: registry_config
tags:
- config
- name: 'Generate passwords file for "{{ service }}"'
community.general.htpasswd:
path: "{{ remote_service_path }}/config/htpasswd"
name: "{{ registry_user.name }}"
crypt_scheme: bcrypt
password: "{{ registry_user.password }}"
loop: "{{ registry_users }}"
loop_control:
loop_var: registry_user
label: "{{ registry_user.name }}"
tags:
- config
- name: 'Compute config hash for passwords file of "{{ service }}"'
ansible.builtin.stat:
path: "{{ remote_service_path }}/config/htpasswd"
get_mime: no
get_attributes: no
get_checksum: yes
register: registry_htpasswd

2
services/traefik/config/dynamic/alcoholic-calendar.yaml
View File

@ -4,5 +4,3 @@ http:
alcoholic-calendar: alcoholic-calendar:
rule: Host(`alcoholic.{{ main_domain }}`) rule: Host(`alcoholic.{{ main_domain }}`)
service: legacy@docker service: legacy@docker
tls:
certresolver: lets-encrypt

2
services/traefik/config/dynamic/dashboard.yaml
View File

@ -6,8 +6,6 @@ http:
dashboard: dashboard:
rule: Host(`traefik.{{ main_domain }}`) rule: Host(`traefik.{{ main_domain }}`)
service: api@internal service: api@internal
tls:
certresolver: lets-encrypt
{% if dashboard_users is defined %} {% if dashboard_users is defined %}
middlewares: middlewares:
- dashboard_auth - dashboard_auth

2
services/traefik/config/dynamic/nginx.yaml
View File

@ -4,5 +4,3 @@ http:
nginx: nginx:
rule: Host(`{{ main_domain }}`) rule: Host(`{{ main_domain }}`)
service: legacy@docker service: legacy@docker
tls:
certresolver: lets-encrypt

2
services/traefik/config/dynamic/paa.yaml
View File

@ -4,5 +4,3 @@ http:
paa: paa:
rule: Host(`paa.{{ main_domain }}`) rule: Host(`paa.{{ main_domain }}`)
service: legacy@docker service: legacy@docker
tls:
certresolver: lets-encrypt

2
services/traefik/config/dynamic/pastebin.yaml
View File

@ -4,5 +4,3 @@ http:
pastebin: pastebin:
rule: Host(`bin.{{ main_domain }}`) rule: Host(`bin.{{ main_domain }}`)
service: legacy@docker service: legacy@docker
tls:
certresolver: lets-encrypt

14
services/traefik/config/traefik.yaml
View File

@ -9,12 +9,6 @@ global:
entryPoints: entryPoints:
web: web:
address: :80 address: :80
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure: websecure:
address: :443 address: :443
@ -65,11 +59,3 @@ providers:
swarmMode: true swarmMode: true
exposedByDefault: false exposedByDefault: false
network: "traefik" network: "traefik"
certificatesResolvers:
lets-encrypt:
acme:
caServer: "{{ lets_encrypt_url|default('https://acme-v02.api.letsencrypt.org/directory') }}"
email: "kacper@kadet.net"
storage: "/etc/traefik/acme/lets-encrypt.json"
tlsChallenge: {}

2
services/traefik/stack.yml
View File

@ -5,9 +5,9 @@ services:
image: traefik:v2.4 image: traefik:v2.4
ports: ports:
- 80:80 - 80:80
- 8080:8080
- 443:443 - 443:443
volumes: volumes:
- ./config/acme:/etc/traefik/acme
- ./config/traefik.yaml:/etc/traefik/traefik.yaml:ro - ./config/traefik.yaml:/etc/traefik/traefik.yaml:ro
- ./config/dynamic:/etc/traefik/dynamic:ro - ./config/dynamic:/etc/traefik/dynamic:ro
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro

10
services/traefik/tasks/config.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: 'Copy static config for "{{ service }}"' - name: 'Copy static config for "{{ service }}"'
template: copy:
src: "{{ service_path }}/config/traefik.yaml" src: "{{ service_path }}/config/traefik.yaml"
dest: "{{ remote_service_path }}/config/traefik.yaml" dest: "{{ remote_service_path }}/config/traefik.yaml"
tags: tags:
@ -14,14 +14,6 @@
tags: tags:
- config - config
- name: 'Ensure acme config directory exists'
file:
path: "{{ remote_service_path }}/config/acme"
state: directory
owner: "{{ ansible_user }}"
tags:
- config
- name: 'Copy dynamic config' - name: 'Copy dynamic config'
template: template:
src: "{{ file }}" src: "{{ file }}"

1
tasks/deploy.yml
View File

@ -13,7 +13,6 @@
with_dict: "{{ service_config[service]|default({}) }}" with_dict: "{{ service_config[service]|default({}) }}"
loop_control: loop_control:
loop_var: variable loop_var: variable
label: "{{ variable.key }}"
tags: tags:
- always - always

3
vars/environment.yml
View File

@ -4,12 +4,11 @@ pip_install_packages:
- docker - docker
- jsondiff - jsondiff
- pyyaml - pyyaml
- passlib
- bcrypt
ansible_python_interpreter: /usr/bin/python3 ansible_python_interpreter: /usr/bin/python3
pip_package: python3-pip pip_package: python3-pip
pip_executable: pip3 pip_executable: pip3
swarm_addr: eth0
swarm_global_networks: swarm_global_networks:
- name: traefik - name: traefik
swarm_host_address: "{{ ansible_docker0.ipv4.address }}" swarm_host_address: "{{ ansible_docker0.ipv4.address }}"

34
vars/services.yml
View File

@ -8,8 +8,11 @@ remote_services_root: /var/services
remote_service_path: "{{ remote_services_root }}/{{ service }}" remote_service_path: "{{ remote_services_root }}/{{ service }}"
compose_version: "3.7" compose_version: "3.7"
ingress_network: traefik ingress_network: traefik
main_domain: kadet.local
database_mysql_host: "{{ swarm_host_address }}" database_mysql_host: "{{ swarm_host_address }}"
services_to_restart: [] services_to_restart: []
@ -38,36 +41,5 @@ service_config:
cojedzie: cojedzie:
cojedzie_gtm: GTM-TQNX386 cojedzie_gtm: GTM-TQNX386
registry:
registry_users:
- name: kadet
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
62613965333632643231306232323064306439313330353830663132393137633632613839656463
6335356336383632313765393634356563393066316261660a643762366532623735626430636634
35333465663730383033313762353539323663613038366531626163336430663062313466626137
6330386139356263390a663366633232346637346233653261373330343864613262313465336432
31366633323433653632366633376533343764343565653737633837383330323630313433323836
6530363533656439663631636532363864373666343163376632
registry_storage:
s3:
accesskey: !vault |
$ANSIBLE_VAULT;1.1;AES256
62343638373430393732616566373062633161316565646161613739363364346266663461386134
6662356631333130323835386365393864633332643064360a313738373234323336376434663234
66666137653065383762303365643663303365376662663931316430346331373538323963353263
3961663835393334370a613137316433396637316437616662356364626535626166333930356139
36323930633662363664663064346239386230616537353332356338653463356365
secretkey: !vault |
$ANSIBLE_VAULT;1.1;AES256
62386333363935343736626233333035373534316636303063313039633764653162643761393431
6137393061623538346562623731373937643361353839620a356662373131623263636663626334
35353435613763346139613931316537626434363462646139366539636139336161623463343433
6563656236663563650a313965336364323134336531373135666162663232623261313362663363
36363165623231616331613165626563383038613534303465646530303132623930
region: eu-central-003
regionendpoint: https://s3.eu-central-003.backblazeb2.com
bucket: kadet-docker
www_data_users: www_data_users:
- vagrant - vagrant