From 52d6d3c515767df01f698fad483e284b14dc0034 Mon Sep 17 00:00:00 2001 From: Ahmed Sajid Date: Tue, 31 Dec 2024 14:12:50 -0500 Subject: [PATCH 01/11] drop caddy and replace with caddy fixes #340 --- ansible/includes/actual-server.yml | 12 +- ansible/includes/ara.yml | 11 +- ansible/includes/caddy.yml | 66 ---------- ansible/includes/digitalocean_dns.yml | 17 +-- ansible/includes/headscale.yml | 29 ++--- ansible/includes/nasmounts.yml | 12 +- ansible/includes/netdata.yml | 8 ++ ansible/includes/pihole.yml | 31 ++--- ansible/includes/rclone.yml | 16 +++ ansible/includes/read_config_file.yml | 24 ++++ ansible/includes/speedtest-tracker.yml | 8 ++ ansible/includes/syncthing.yml | 16 ++- ansible/includes/traefik.yml | 79 ++++++++++++ ansible/includes/vaultwarden.yml | 8 ++ ansible/includes/webui-aria2.yml | 8 ++ ansible/includes/wireguard.yml | 70 ----------- ansible/local.yml | 3 +- ansible/templates/caddyserver/Caddyfile.j2 | 138 --------------------- 18 files changed, 208 insertions(+), 348 deletions(-) delete mode 100644 ansible/includes/caddy.yml create mode 100644 ansible/includes/read_config_file.yml create mode 100644 ansible/includes/traefik.yml delete mode 100644 ansible/includes/wireguard.yml delete mode 100644 ansible/templates/caddyserver/Caddyfile.j2 diff --git a/ansible/includes/actual-server.yml b/ansible/includes/actual-server.yml index d368549..d8f559e 100644 --- a/ansible/includes/actual-server.yml +++ b/ansible/includes/actual-server.yml @@ -4,7 +4,6 @@ hosts: localhost connection: local vars: - config_file: '/root/config.ini' actual_docker_image: "docker.io/actualbudget/actual-server:24.12.0" tasks: - name: "Set facts for time" @@ -35,9 +34,14 @@ image: "{{ actual_docker_image }}" env: TZ: 'America/Toronto' - # PIHOLE_DNS_: "{{ ansible_default_ipv4.address }}#5353" - # WEBPASSWORD: '' - # DNSMASQ_LISTENING: "all" + labels: + traefik.enable: "true" + traefik.docker.network: "app_network" + traefik.http.routers.actual-server.rule: "Host(`money.{{ do_domain }}`)" + traefik.http.routers.actual-server.entrypoints: "https" + traefik.http.routers.actual-server.tls: "true" + traefik.http.routers.actual-server.tls.certresolver: "le" + traefik.http.services.actual-server.loadbalancer.server.port: "5006" networks: - name: "app_network" restart_policy: always diff --git a/ansible/includes/ara.yml b/ansible/includes/ara.yml index bbd5505..dd92972 100644 --- a/ansible/includes/ara.yml +++ b/ansible/includes/ara.yml @@ -5,7 +5,6 @@ connection: local vars: ara_docker_image: "docker.io/recordsansible/ara-api" - config_file: '/root/config.ini' tasks: - name: create ara required folders file: @@ -21,8 +20,14 @@ image: "{{ ara_docker_image }}" env: TZ: 'America/Toronto' - # ports: - # - 8000:8000 + labels: + traefik.enable: "true" + traefik.docker.network: "app_network" + traefik.http.routers.ara.rule: "Host(`ara.{{ do_domain }}`)" + traefik.http.routers.ara.entrypoints: "https" + traefik.http.routers.ara.tls: "true" + traefik.http.routers.ara.tls.certresolver: "le" + traefik.http.services.ara.loadbalancer.server.port: "8000" networks: - name: "app_network" volumes: diff --git a/ansible/includes/caddy.yml b/ansible/includes/caddy.yml deleted file mode 100644 index 14063e8..0000000 --- a/ansible/includes/caddy.yml +++ /dev/null @@ -1,66 +0,0 @@ ---- - -- name: "Caddyserver Install and setup" - hosts: localhost - connection: local - vars: - caddy_docker_image: "ahmedsajid/caddyserver:digitalocean" - config_file: '/root/config.ini' - tasks: - - name: Check if config file exists - stat: - path: "{{ config_file }}" - register: config_file_exists - - - name: stop play if config file doesn't exist - meta: end_play - when: not config_file_exists.stat.exists - - - name: Setting digital ocean facts - set_fact: - digitalocean_host: "{{ lookup('ini', 'host section=digitalocean file={{ config_file }}') }}" - digitalocean_token: "{{ lookup('ini', 'token section=digitalocean file={{ config_file }}') }}" - digitalocean_domain: "{{ lookup('ini', 'domain section=digitalocean file={{ config_file }}') }}" - - - name: stop play if config options do not exist - meta: end_play - when: digitalocean_host | length == 0 or digitalocean_domain | length == 0 or digitalocean_token | length == 0 - - - name: create caddy required folders - file: - state: directory - path: "/opt/caddy/etc" - - - name: Deploy caddy custom config - template: - src: "../templates/caddyserver/Caddyfile.j2" - dest: "/opt/caddy/etc/Caddyfile" - mode: 0640 - - - name: Deploy caddy container - docker_container: - name: "caddy" - hostname: "caddy" - image: "{{ caddy_docker_image }}" - env: - TZ: 'America/Toronto' - ports: - - 80:80 - - 443:443 - networks: - - name: "app_network" - command: "caddy run --config /etc/caddy/Caddyfile --adapter caddyfile --watch" - restart_policy: always - state: started - pull: false - memory: '200M' - volumes: - - '/opt/caddy/etc/:/etc/caddy/' - network_mode: "default" - container_default_behavior: "compatibility" - # added retry to tasks dependant on external services - register: result - retries: 5 - delay: 3 - until: result is succeeded - when: not ansible_check_mode diff --git a/ansible/includes/digitalocean_dns.yml b/ansible/includes/digitalocean_dns.yml index a102109..fcc2e1e 100644 --- a/ansible/includes/digitalocean_dns.yml +++ b/ansible/includes/digitalocean_dns.yml @@ -1,20 +1,13 @@ --- +- name: Read ini config file + import_playbook: "read_config_file.yml" + + - name: Dynamic Updates under DigitalOcean DNS hosts: localhost connection: local - vars: - config_file: '/root/config.ini' tasks: - - name: Check if config file exists - stat: - path: "{{ config_file }}" - register: config_file_exists - - - name: stop play if config file doesn't exist - meta: end_play - when: not config_file_exists.stat.exists - - name: Install via pip pip: name: "dnspython" @@ -99,5 +92,5 @@ type: "A" name: "*" data: "{{ ip }}" - ttl: 1800 + ttl: 60 no_log: true diff --git a/ansible/includes/headscale.yml b/ansible/includes/headscale.yml index 79bede1..d955dd3 100644 --- a/ansible/includes/headscale.yml +++ b/ansible/includes/headscale.yml @@ -1,10 +1,12 @@ --- +- name: Read ini config file + import_playbook: "read_config_file.yml" + - name: "Headscale Setup" hosts: localhost connection: local vars: - config_file: '/root/config.ini' headscale_docker_image: "docker.io/headscale/headscale:v0.23.0" tasks: - name: "Set facts for time" @@ -20,23 +22,6 @@ - "{{ hour_now }}" - "{{ minute_now }}" - - name: Check if config file exists - stat: - path: "{{ config_file }}" - register: config_file_exists - - - name: stop play if config file doesn't exist - meta: end_play - when: not config_file_exists.stat.exists - - - name: Setting digital ocean facts - set_fact: - digitalocean_domain: "{{ lookup('ini', 'domain section=digitalocean file={{ config_file }}') }}" - - - name: stop play if config options do not exist - meta: end_play - when: digitalocean_domain | length == 0 - - name: enable IP forwarding sysctl: name: net.ipv4.ip_forward @@ -68,6 +53,14 @@ image: "{{ headscale_docker_image }}" env: TZ: 'America/Toronto' + labels: + traefik.enable: "true" + traefik.docker.network: "app_network" + traefik.http.routers.headscale.rule: "Host(`headscale.{{ do_domain }}`)" + traefik.http.routers.headscale.entrypoints: "https" + traefik.http.routers.headscale.tls: "true" + traefik.http.routers.headscale.tls.certresolver: "le" + traefik.http.services.headscale.loadbalancer.server.port: "8080" networks: - name: "app_network" restart_policy: always diff --git a/ansible/includes/nasmounts.yml b/ansible/includes/nasmounts.yml index 19a7b1d..999f8ed 100644 --- a/ansible/includes/nasmounts.yml +++ b/ansible/includes/nasmounts.yml @@ -12,7 +12,6 @@ - 'Syncthing' - 'Multimedia' nas_root: '/mnt/nas' - config_file: '/root/config.ini' # https://rizvir.com/articles/linux-sysadmin-cheats/ # Tune NFS 3 mounts nfs_mount_opts: 'rsize=32768,wsize=32768,nfsvers=3,tcp,async' @@ -27,16 +26,9 @@ path: "{{ nas_root }}/{{ item }}" with_items: "{{ mounts }}" - - name: Check if config file exists - stat: - path: "{{ config_file }}" - register: config_exists - - name: Adding NAS mount points to fstab - vars: - nas_ip: "{{ lookup('ini', 'ip section=nas file={{ config_file }}') | default('') }}" mount: - src: "{{ nas_ip }}:/{{ item }}" + src: "nas.{{ do_domain }}:/{{ item }}" path: "{{ nas_root }}/{{ item }}" fstype: nfs state: mounted @@ -44,5 +36,3 @@ with_items: "{{ mounts }}" when: - not ansible_check_mode - - config_exists.stat.exists - - nas_ip != '' diff --git a/ansible/includes/netdata.yml b/ansible/includes/netdata.yml index 70e4237..b7342bd 100644 --- a/ansible/includes/netdata.yml +++ b/ansible/includes/netdata.yml @@ -23,6 +23,14 @@ image: "{{ netdata_docker_image }}" env: TZ: 'America/Toronto' + labels: + traefik.enable: "true" + traefik.docker.network: "app_network" + traefik.http.routers.netdata.rule: "Host(`netdata.{{ do_domain }}`)" + traefik.http.routers.netdata.entrypoints: "https" + traefik.http.routers.netdata.tls: "true" + traefik.http.routers.netdata.tls.certresolver: "le" + traefik.http.services.netdata.loadbalancer.server.port: "19999" volumes: - "/opt/netdata/etc:/etc/netdata" - "/opt/netdata/lib:/var/lib/netdata" diff --git a/ansible/includes/pihole.yml b/ansible/includes/pihole.yml index 865fde9..a35e242 100644 --- a/ansible/includes/pihole.yml +++ b/ansible/includes/pihole.yml @@ -1,5 +1,8 @@ --- +- name: Read ini config file + import_playbook: "read_config_file.yml" + - name: "Pihole Install and setup" hosts: localhost connection: local @@ -34,25 +37,7 @@ - rclone - rclone-crypt - netdata - config_file: '/root/config.ini' tasks: - - name: Check if config file exists - stat: - path: "{{ config_file }}" - register: config_file_exists - - - name: stop play if config file doesn't exist - meta: end_play - when: not config_file_exists.stat.exists - - - name: Setting digital ocean facts - set_fact: - digitalocean_domain: "{{ lookup('ini', 'domain section=digitalocean file={{ config_file }}') }}" - - - name: stop play if config options do not exist - meta: end_play - when: digitalocean_domain | length == 0 - - name: create role folder file: state: directory @@ -142,7 +127,7 @@ copy: dest: "/opt/pihole/etc/custom.list" content: | - {{ ansible_default_ipv4.address }} {% for service in service_list %}{{ service }}.{{ digitalocean_domain }}{% if not loop.last %} {% endif %}{% endfor %} + {{ ansible_default_ipv4.address }} {% for service in service_list %}{{ service }}.{{ do_domain }}{% if not loop.last %} {% endif %}{% endfor %} mode: 0640 owner: 999 group: 999 @@ -173,6 +158,14 @@ # NOTE: infinite lease # DHCP_LEASETIME: "0" # DHCP_rapid_commit: "true" + labels: + traefik.enable: "true" + traefik.docker.network: "app_network" + traefik.http.routers.pihole.rule: "Host(`pihole.{{ do_domain }}`)" + traefik.http.routers.pihole.entrypoints: "https" + traefik.http.routers.pihole.tls: "true" + traefik.http.routers.pihole.tls.certresolver: "le" + traefik.http.services.pihole.loadbalancer.server.port: "80" ports: - "53:53/tcp" - "53:53/udp" diff --git a/ansible/includes/rclone.yml b/ansible/includes/rclone.yml index 6eab84c..cb09760 100644 --- a/ansible/includes/rclone.yml +++ b/ansible/includes/rclone.yml @@ -23,6 +23,14 @@ image: "{{ rclone_docker_image }}" env: TZ: "America/Toronto" + labels: + traefik.enable: "true" + traefik.docker.network: "app_network" + traefik.http.routers.rclone.rule: "Host(`rclone.{{ do_domain }}`)" + traefik.http.routers.rclone.entrypoints: "https" + traefik.http.routers.rclone.tls: "true" + traefik.http.routers.rclone.tls.certresolver: "le" + traefik.http.services.rclone.loadbalancer.server.port: "8080" networks: - name: "app_network" restart_policy: always @@ -49,6 +57,14 @@ image: "{{ rclone_docker_image }}" env: TZ: "America/Toronto" + labels: + traefik.enable: "true" + traefik.docker.network: "app_network" + traefik.http.routers.rclone-crypt.rule: "Host(`rclone-crypt.{{ do_domain }}`)" + traefik.http.routers.rclone-crypt.entrypoints: "https" + traefik.http.routers.rclone-crypt.tls: "true" + traefik.http.routers.rclone-crypt.tls.certresolver: "le" + traefik.http.services.rclone-crypt.loadbalancer.server.port: "8080" networks: - name: "app_network" restart_policy: always diff --git a/ansible/includes/read_config_file.yml b/ansible/includes/read_config_file.yml new file mode 100644 index 0000000..3a10634 --- /dev/null +++ b/ansible/includes/read_config_file.yml @@ -0,0 +1,24 @@ +--- + +- name: "Read config file" + hosts: localhost + connection: local + vars: + config_file: '/root/config.ini' + tasks: + - name: Check if config file exists + stat: + path: "{{ config_file }}" + register: config_file_exists + + - name: stop play if config file doesn't exist + meta: end_play + when: not config_file_exists.stat.exists + + - name: Setting digital ocean facts + set_fact: + do_host: "{{ lookup('ini', 'host section=digitalocean file={{ config_file }}') }}" + do_token: "{{ lookup('ini', 'token section=digitalocean file={{ config_file }}') }}" + do_domain: "{{ lookup('ini', 'domain section=digitalocean file={{ config_file }}') }}" + syncthing_api_key: "{{ lookup('password', '/root/syncthing_api_key length=24') }}" + cacheable: true diff --git a/ansible/includes/speedtest-tracker.yml b/ansible/includes/speedtest-tracker.yml index 075171b..6aa26e6 100644 --- a/ansible/includes/speedtest-tracker.yml +++ b/ansible/includes/speedtest-tracker.yml @@ -14,6 +14,14 @@ env: TZ: 'America/Toronto' OOKLA_EULA_GDPR: 'true' + labels: + traefik.enable: "true" + traefik.docker.network: "app_network" + traefik.http.routers.speedtest.rule: "Host(`speedtest.{{ do_domain }}`)" + traefik.http.routers.speedtest.entrypoints: "https" + traefik.http.routers.speedtest.tls: "true" + traefik.http.routers.speedtest.tls.certresolver: "le" + traefik.http.services.speedtest.loadbalancer.server.port: "80" networks: - name: "app_network" restart_policy: always diff --git a/ansible/includes/syncthing.yml b/ansible/includes/syncthing.yml index dfeb658..714f6f1 100644 --- a/ansible/includes/syncthing.yml +++ b/ansible/includes/syncthing.yml @@ -1,16 +1,14 @@ --- +- name: Read ini config file + import_playbook: "read_config_file.yml" + - name: "Syncthing deploy and setup" hosts: localhost connection: local vars: syncthing_docker_image: "syncthing/syncthing:1.18" tasks: - - name: "Random Syncthing API Key" - set_fact: - syncthing_api_key: "{{ lookup('password', '/root/syncthing_api_key length=24') }}" - when: not ansible_check_mode - - name: "Create syncthing folders" file: state: directory @@ -38,6 +36,14 @@ PUID: "1000" PGID: "1000" TZ: "America/Toronto" + labels: + traefik.enable: "true" + traefik.docker.network: "app_network" + traefik.http.routers.syncthing.rule: "Host(`syncthing.{{ do_domain }}`)" + traefik.http.routers.syncthing.entrypoints: "https" + traefik.http.routers.syncthing.tls: "true" + traefik.http.routers.syncthing.tls.certresolver: "le" + traefik.http.services.syncthing.loadbalancer.server.port: "8384" # ports: # - "8384:8384" # - "22000:22000/tcp" diff --git a/ansible/includes/traefik.yml b/ansible/includes/traefik.yml new file mode 100644 index 0000000..c952837 --- /dev/null +++ b/ansible/includes/traefik.yml @@ -0,0 +1,79 @@ +--- + +- name: Read ini config file + import_playbook: "read_config_file.yml" + +- name: "Traefik Install and setup" + hosts: localhost + connection: local + vars: + traefik_docker_image: "docker.io/traefik:v3.2.3" + tasks: + - name: create traefik required folders + file: + state: directory + path: "/opt/traefik/" + mode: 0640 + + - name: Deploy traefik container + docker_container: + name: "traefik" + hostname: "traefik" + image: "{{ traefik_docker_image }}" + env: + TZ: 'America/Toronto' + ports: + - 80:80 + - 443:443 + networks: + - name: "app_network" + command: + - --global.sendanonymoususage=false + - --entryPoints.http.address=:80 + - --entryPoints.https.address=:443 + - --api=true + - --api.dashboard=true + - --api.debug=true + - --log.level=INFO + - --providers.docker=true + - --providers.docker.endpoint=unix:///var/run/docker.sock + - --providers.docker.watch + - --providers.docker.exposedbydefault=false + - --providers.docker.network=app_network + - --certificatesResolvers.le.acme.dnsChallenge.provider=digitalocean + - --certificatesResolvers.le.acme.dnsChallenge.delayBeforeCheck=5 + - --certificatesResolvers.le.acme.storage=/opt/traefik/acme.json + - --certificatesResolvers.le.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53 + labels: + traefik.enable: "true" + traefik.docker.network: "app_network" + traefik.http.routers.dashboard.rule: "Host(`traefik.{{ do_domain }}`)" + traefik.http.routers.dashboard.service: "api@internal" + traefik.http.routers.dashboard.entrypoints: "https" + traefik.http.routers.dashboard.tls: "true" + traefik.http.services.api-svc.loadbalancer.server.port: "9999" + traefik.http.routers.http-catchall.rule: "hostregexp(`{host:.+}`)" + traefik.http.routers.http-catchall.entrypoints: "http" + traefik.http.routers.http-catchall.middlewares: "redirect-to-https" + traefik.http.middlewares.redirect-to-https.redirectscheme.scheme: "https" + traefik.http.routers.wildcard-certs.tls.certresolver: "le" + traefik.http.routers.wildcard-certs.tls.domains[0].main: "{{ do_domain }}" + traefik.http.routers.wildcard-certs.tls.domains[0].sans: "{{ do_host }}.{{ do_domain }}" + restart_policy: always + state: started + pull: false + memory: '200M' + volumes: + - /opt/traefik/:/opt/traefik/ + - /var/run/docker.sock:/var/run/docker.sock:ro + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + env: + DO_AUTH_TOKEN: "{{ do_token }}" + network_mode: "default" + container_default_behavior: "compatibility" + # added retry to tasks dependant on external services + register: result + retries: 5 + delay: 3 + until: result is succeeded diff --git a/ansible/includes/vaultwarden.yml b/ansible/includes/vaultwarden.yml index 63e2c2b..ad30c4f 100644 --- a/ansible/includes/vaultwarden.yml +++ b/ansible/includes/vaultwarden.yml @@ -34,6 +34,14 @@ image: "{{ vaultwarden_docker_image }}" env: TZ: 'America/Toronto' + labels: + traefik.enable: "true" + traefik.docker.network: "app_network" + traefik.http.routers.pass.rule: "Host(`pass.{{ do_domain }}`)" + traefik.http.routers.pass.entrypoints: "https" + traefik.http.routers.pass.tls: "true" + traefik.http.routers.pass.tls.certresolver: "le" + traefik.http.services.pass.loadbalancer.server.port: "80" networks: - name: "app_network" restart_policy: always diff --git a/ansible/includes/webui-aria2.yml b/ansible/includes/webui-aria2.yml index 061106c..1a56ae8 100644 --- a/ansible/includes/webui-aria2.yml +++ b/ansible/includes/webui-aria2.yml @@ -22,6 +22,14 @@ - '/mnt/nas/Download:/data' network_mode: "default" container_default_behavior: "compatibility" + labels: + traefik.enable: "true" + traefik.docker.network: "app_network" + traefik.http.routers.webui-aria2.rule: "Host(`webui-aria2.{{ do_domain }}`)" + traefik.http.routers.webui-aria2.entrypoints: "https" + traefik.http.routers.webui-aria2.tls: "true" + traefik.http.routers.webui-aria2.tls.certresolver: "le" + traefik.http.services.webui-aria2.loadbalancer.server.port: "8080" # added retry to tasks dependant on external services register: result retries: 5 diff --git a/ansible/includes/wireguard.yml b/ansible/includes/wireguard.yml deleted file mode 100644 index 296164a..0000000 --- a/ansible/includes/wireguard.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- - -- name: "Wireguard installation and setup" - hosts: localhost - connection: local - vars: - config_file: '/root/config.ini' - wireguard_docker_image: "embarkstudios/wireguard-ui:latest" - tasks: - - name: Check if config file exists - stat: - path: "{{ config_file }}" - register: config_file_exists - - - name: stop play if config file doesn't exist - meta: end_play - when: not config_file_exists.stat.exists - - - name: Setting digital ocean facts - set_fact: - digitalocean_domain: "{{ lookup('ini', 'domain section=digitalocean file={{ config_file }}') }}" - - - name: stop play if config options do not exist - meta: end_play - when: digitalocean_domain | length == 0 - - - name: enable IP forwarding - sysctl: - name: net.ipv4.ip_forward - value: '1' - sysctl_set: true - state: present - reload: true - - - name: create wireguard required folder - file: - state: directory - path: "/opt/wireguard" - - - name: Deploy wireguard container - docker_container: - name: "wireguard" - hostname: "wireguard" - image: "{{ wireguard_docker_image }}" - env: - TZ: 'America/Toronto' - WIREGUARD_UI_LISTEN_ADDRESS: "172.16.0.1:8080" - WIREGUARD_UI_DATA_DIR: "/data" - WIREGUARD_UI_WG_ENDPOINT: "vpn.{{ digitalocean_domain }}:51820" - WIREGUARD_UI_CLIENT_IP_RANGE: "10.6.0.1/24" - WIREGUARD_UI_WG_DNS: "{{ ansible_default_ipv4.address }}" - WIREGUARD_UI_NAT: "true" - WIREGUARD_UI_NAT_DEVICE: "{{ ansible_default_ipv4.interface }}" - WIREGUARD_UI_WG_DEVICE_NAME: "wg0" - network_mode: host - memory: '500M' - restart_policy: always - privileged: true - state: started - pull: false - volumes: - - '/opt/wireguard/:/data/' - container_default_behavior: "compatibility" - # added retry to tasks dependant on external services - register: result - retries: 5 - delay: 3 - until: result is succeeded - when: - - not ansible_check_mode diff --git a/ansible/local.yml b/ansible/local.yml index d118e53..74c797f 100644 --- a/ansible/local.yml +++ b/ansible/local.yml @@ -10,8 +10,7 @@ - import_playbook: includes/timezone.yml - import_playbook: includes/common-packages.yml - import_playbook: includes/docker.yml -- import_playbook: includes/caddy.yml -- import_playbook: includes/wireguard.yml +- import_playbook: includes/traefik.yml - import_playbook: includes/nasmounts.yml # - import_playbook: includes/headscale.yml - import_playbook: includes/jellyfin.yml diff --git a/ansible/templates/caddyserver/Caddyfile.j2 b/ansible/templates/caddyserver/Caddyfile.j2 deleted file mode 100644 index c891300..0000000 --- a/ansible/templates/caddyserver/Caddyfile.j2 +++ /dev/null @@ -1,138 +0,0 @@ -{ - admin off -} - -{{ digitalocean_host }}.{{ digitalocean_domain }} { - - tls { - dns digitalocean {{ digitalocean_token }} - } - - log { - output stdout - format transform "{common_log}" - } - - @pihole { - host pihole.{{ digitalocean_domain }} - remote_ip forwarded private_ranges - } - - handle @pihole { - redir / /admin - reverse_proxy pihole:80 - } - - @vpn { - host vpn.{{ digitalocean_domain }} - remote_ip forwarded private_ranges - } - - handle @vpn { - reverse_proxy 172.16.0.1:8080 - } - - @jellyfin { - host jellyfin.{{ digitalocean_domain }} - remote_ip forwarded private_ranges - } - - handle @jellyfin { - reverse_proxy {{ ansible_default_ipv4.address }}:8096 - } - - @webui-aria2 { - host webui-aria2.{{ digitalocean_domain }} - remote_ip forwarded private_ranges - } - - handle @webui-aria2 { - reverse_proxy webui-aria2:8080 - } - - @speedtest { - host speedtest.{{ digitalocean_domain }} - remote_ip forwarded private_ranges - } - - handle @speedtest { - reverse_proxy speedtest:80 - } - - @money { - host money.{{ digitalocean_domain }} - remote_ip forwarded private_ranges - } - - handle @money { - reverse_proxy actual:5006 - } - - @ara { - host ara.{{ digitalocean_domain }} - remote_ip forwarded private_ranges - } - - handle @ara { - reverse_proxy ara:8000 - } - - @pass { - host pass.{{ digitalocean_domain }} - remote_ip forwarded private_ranges - } - - handle @pass { - reverse_proxy vaultwarden:80 - } - - @head { - host head.{{ digitalocean_domain }} - remote_ip forwarded private_ranges - } - - handle @head { - reverse_proxy headscale:8080 - } - - @sync { - host sync.{{ digitalocean_domain }} - remote_ip forwarded private_ranges - } - - handle @sync { - reverse_proxy {{ ansible_default_ipv4.address }}:8384 - } - - @rclone { - host rclone.{{ digitalocean_domain }} - remote_ip forwarded private_ranges - } - - handle @rclone { - reverse_proxy rclone:8080 - } - - @rclone-crypt { - host rclone-crypt.{{ digitalocean_domain }} - remote_ip forwarded private_ranges - } - - handle @rclone-crypt { - reverse_proxy rclone-crypt:8080 - } - - @netdata { - host netdata.{{ digitalocean_domain }} - remote_ip forwarded private_ranges - } - - handle @netdata { - reverse_proxy {{ ansible_default_ipv4.address }}:19999 - } - - # Fallback for otherwise unhandled domains - handle { - abort - } -} From 276f0eac5c698c72a7823e4c4c3712ab21cd83a2 Mon Sep 17 00:00:00 2001 From: Ahmed Sajid Date: Tue, 31 Dec 2024 14:17:05 -0500 Subject: [PATCH 02/11] drop duplicate --- ansible/includes/traefik.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ansible/includes/traefik.yml b/ansible/includes/traefik.yml index c952837..55d354f 100644 --- a/ansible/includes/traefik.yml +++ b/ansible/includes/traefik.yml @@ -22,6 +22,7 @@ image: "{{ traefik_docker_image }}" env: TZ: 'America/Toronto' + DO_AUTH_TOKEN: "{{ do_token }}" ports: - 80:80 - 443:443 @@ -68,8 +69,6 @@ - /var/run/docker.sock:/var/run/docker.sock:ro - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - env: - DO_AUTH_TOKEN: "{{ do_token }}" network_mode: "default" container_default_behavior: "compatibility" # added retry to tasks dependant on external services From a75659cf18e808988c7e27244fefa6fc7819f0fb Mon Sep 17 00:00:00 2001 From: Ahmed Sajid Date: Tue, 31 Dec 2024 14:18:57 -0500 Subject: [PATCH 03/11] drop unnecesary ini configs --- ansible/templates/root/config.ini.j2 | 8 -------- 1 file changed, 8 deletions(-) diff --git a/ansible/templates/root/config.ini.j2 b/ansible/templates/root/config.ini.j2 index 18306c6..68f6c9d 100644 --- a/ansible/templates/root/config.ini.j2 +++ b/ansible/templates/root/config.ini.j2 @@ -8,14 +8,6 @@ callback_enabled = healthchecks, profile_tasks, ara [callback_healthchecks] uuid = {{ healthchecks_uuid | default('') }} -[nas] -ip = {{ nas_ip | default('') }} - -[namecheap] -host = {{ namecheap_host | default('') }} -domain = {{ namecheap_domain | default('') }} -password = {{ namecheap_password | default('') }} - [digitalocean] host = {{ digitalocean_host | default('*') }} domain = {{ digitalocean_domain | default('') }} From 784a183391e6426c6c91ddf2e0dcb632724516ba Mon Sep 17 00:00:00 2001 From: Ahmed Sajid Date: Tue, 31 Dec 2024 14:23:24 -0500 Subject: [PATCH 04/11] drop space --- ansible/includes/digitalocean_dns.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/ansible/includes/digitalocean_dns.yml b/ansible/includes/digitalocean_dns.yml index fcc2e1e..8d2eb3c 100644 --- a/ansible/includes/digitalocean_dns.yml +++ b/ansible/includes/digitalocean_dns.yml @@ -3,7 +3,6 @@ - name: Read ini config file import_playbook: "read_config_file.yml" - - name: Dynamic Updates under DigitalOcean DNS hosts: localhost connection: local From 5e3e4f8b17e29f0c8aee423c8dfd1160b68d03b1 Mon Sep 17 00:00:00 2001 From: Ahmed Sajid Date: Tue, 31 Dec 2024 14:30:15 -0500 Subject: [PATCH 05/11] end play when in check_mode for digital ocean --- ansible/includes/digitalocean_dns.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ansible/includes/digitalocean_dns.yml b/ansible/includes/digitalocean_dns.yml index 8d2eb3c..c37d3e3 100644 --- a/ansible/includes/digitalocean_dns.yml +++ b/ansible/includes/digitalocean_dns.yml @@ -7,6 +7,10 @@ hosts: localhost connection: local tasks: + - name: do not run in check mode - end_play + meta: end_play + when: ansible_check_mode + - name: Install via pip pip: name: "dnspython" From ca714c294ccd2a16cbbfda24e167b8492183f6ca Mon Sep 17 00:00:00 2001 From: Ahmed Sajid Date: Tue, 31 Dec 2024 14:33:40 -0500 Subject: [PATCH 06/11] traefik handling --- ansible/includes/traefik.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/includes/traefik.yml b/ansible/includes/traefik.yml index 55d354f..2f43af4 100644 --- a/ansible/includes/traefik.yml +++ b/ansible/includes/traefik.yml @@ -22,7 +22,7 @@ image: "{{ traefik_docker_image }}" env: TZ: 'America/Toronto' - DO_AUTH_TOKEN: "{{ do_token }}" + DO_AUTH_TOKEN: "{% if ansible_check_mode %}randomtoken{% else %}{{ do_token }}{% endif %}" ports: - 80:80 - 443:443 From 1518547798f54afd77cb797d4abdf376c19389c3 Mon Sep 17 00:00:00 2001 From: Ahmed Sajid Date: Tue, 31 Dec 2024 14:39:28 -0500 Subject: [PATCH 07/11] Revert "traefik handling" This reverts commit ca714c294ccd2a16cbbfda24e167b8492183f6ca. --- ansible/includes/traefik.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/includes/traefik.yml b/ansible/includes/traefik.yml index 2f43af4..55d354f 100644 --- a/ansible/includes/traefik.yml +++ b/ansible/includes/traefik.yml @@ -22,7 +22,7 @@ image: "{{ traefik_docker_image }}" env: TZ: 'America/Toronto' - DO_AUTH_TOKEN: "{% if ansible_check_mode %}randomtoken{% else %}{{ do_token }}{% endif %}" + DO_AUTH_TOKEN: "{{ do_token }}" ports: - 80:80 - 443:443 From 2f39c643919db61f0b2adbcd3ee17866313a6953 Mon Sep 17 00:00:00 2001 From: Ahmed Sajid Date: Tue, 31 Dec 2024 14:40:57 -0500 Subject: [PATCH 08/11] added some stuff --- .github/workflows/checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 6b7fe40..2de0d39 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -40,5 +40,5 @@ jobs: - name: Install ansible $ANSIBLE_VERSION run: pip install ansible==$ANSIBLE_VERSION - name: Run Ansible test - run: ansible-playbook --inventory '127.0.0.1,' --connection local --become --check local.yml + run: ansible-playbook --inventory '127.0.0.1,' --connection local --become --check local.yml -e digitalocean_host='*' -e digitalocean_domain='example.com' -e digitalocean_token='randomtoken' -e config_deploy=true working-directory: ./ansible From 33a4eef051c49d4f2c557a9815b0937450ee385f Mon Sep 17 00:00:00 2001 From: Ahmed Sajid Date: Tue, 31 Dec 2024 15:27:45 -0500 Subject: [PATCH 09/11] debug statement --- ansible/ansible_pull.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ansible/ansible_pull.yml b/ansible/ansible_pull.yml index 2e193e3..d6611bc 100644 --- a/ansible/ansible_pull.yml +++ b/ansible/ansible_pull.yml @@ -28,7 +28,6 @@ - ansible==6.7.0 - ara==1.6.1 tasks: - - name: Remove ansible version provided by package managers package: name: ansible @@ -53,6 +52,11 @@ group: root mode: 0751 + - name: going to deploy config + ansible.builtin.debug: + msg: "Deploying config" + when: (not config_exists.stat.exists) or (config_deploy is defined and config_deploy) + - name: Check if config file exists stat: path: "{{ config_file }}" From 5fc0723f30fd8cfe6824dd58059ab8c476e9da9a Mon Sep 17 00:00:00 2001 From: Ahmed Sajid Date: Tue, 31 Dec 2024 15:33:29 -0500 Subject: [PATCH 10/11] adjust --- ansible/ansible_pull.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ansible/ansible_pull.yml b/ansible/ansible_pull.yml index d6611bc..f0a8281 100644 --- a/ansible/ansible_pull.yml +++ b/ansible/ansible_pull.yml @@ -52,16 +52,16 @@ group: root mode: 0751 - - name: going to deploy config - ansible.builtin.debug: - msg: "Deploying config" - when: (not config_exists.stat.exists) or (config_deploy is defined and config_deploy) - - name: Check if config file exists stat: path: "{{ config_file }}" register: config_exists + - name: going to deploy config + ansible.builtin.debug: + msg: "Deploying config" + when: (not config_exists.stat.exists) or (config_deploy is defined and config_deploy) + - name: Deploy a config ini file template: src: templates/root/config.ini.j2 From 7832c2a4ca9c34beb148c7da743a303b2af89c16 Mon Sep 17 00:00:00 2001 From: Ahmed Sajid Date: Tue, 31 Dec 2024 15:40:13 -0500 Subject: [PATCH 11/11] config_file custom file --- .github/workflows/checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 2de0d39..bbf13ec 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -40,5 +40,5 @@ jobs: - name: Install ansible $ANSIBLE_VERSION run: pip install ansible==$ANSIBLE_VERSION - name: Run Ansible test - run: ansible-playbook --inventory '127.0.0.1,' --connection local --become --check local.yml -e digitalocean_host='*' -e digitalocean_domain='example.com' -e digitalocean_token='randomtoken' -e config_deploy=true + run: ansible-playbook --inventory '127.0.0.1,' --connection local --become --check local.yml -e digitalocean_host='*' -e digitalocean_domain='example.com' -e digitalocean_token='randomtoken' -e config_deploy=true -e config_file='/tmp/config.ini' working-directory: ./ansible