drop caddy and replace with traefik

.github/workflows/checks.yml

@@ -40,5 +40,5 @@ jobs:
       - name: Install ansible $ANSIBLE_VERSION
         run: pip install ansible==$ANSIBLE_VERSION
       - name: Run Ansible test
-        run: ansible-playbook --inventory '127.0.0.1,' --connection local --become --check local.yml
+        run: ansible-playbook --inventory '127.0.0.1,' --connection local --become --check local.yml -e digitalocean_host='*' -e digitalocean_domain='example.com' -e digitalocean_token='randomtoken' -e config_deploy=true -e config_file='/tmp/config.ini'
         working-directory: ./ansible

ansible/ansible_pull.yml

@@ -28,7 +28,6 @@
       - ansible==6.7.0
       - ara==1.6.1
   tasks:
-
     - name: Remove ansible version provided by package managers
       package:
         name: ansible
@@ -58,6 +57,11 @@
         path: "{{ config_file }}"
       register: config_exists
 
+    - name: going to deploy config
+      ansible.builtin.debug:
+        msg: "Deploying config"
+      when: (not config_exists.stat.exists) or (config_deploy is defined and config_deploy)
+
     - name: Deploy a config ini file
       template:
         src: templates/root/config.ini.j2

ansible/includes/actual-server.yml

@@ -4,7 +4,6 @@
   hosts: localhost
   connection: local
   vars:
-    config_file: '/root/config.ini'
     actual_docker_image: "docker.io/actualbudget/actual-server:24.12.0"
   tasks:
     - name: "Set facts for time"
@@ -35,9 +34,14 @@
         image: "{{ actual_docker_image }}"
         env:
           TZ: 'America/Toronto'
-          # PIHOLE_DNS_: "{{ ansible_default_ipv4.address }}#5353"
-          # WEBPASSWORD: ''
-          # DNSMASQ_LISTENING: "all"
+        labels:
+          traefik.enable: "true"
+          traefik.docker.network: "app_network"
+          traefik.http.routers.actual-server.rule: "Host(`money.{{ do_domain }}`)"
+          traefik.http.routers.actual-server.entrypoints: "https"
+          traefik.http.routers.actual-server.tls: "true"
+          traefik.http.routers.actual-server.tls.certresolver: "le"
+          traefik.http.services.actual-server.loadbalancer.server.port: "5006"
         networks:
           - name: "app_network"
         restart_policy: always

ansible/includes/ara.yml

@@ -5,7 +5,6 @@
   connection: local
   vars:
     ara_docker_image: "docker.io/recordsansible/ara-api"
-    config_file: '/root/config.ini'
   tasks:
     - name: create ara required folders
       file:
@@ -21,8 +20,14 @@
         image: "{{ ara_docker_image }}"
         env:
           TZ: 'America/Toronto'
-        # ports:
-        #   - 8000:8000
+        labels:
+          traefik.enable: "true"
+          traefik.docker.network: "app_network"
+          traefik.http.routers.ara.rule: "Host(`ara.{{ do_domain }}`)"
+          traefik.http.routers.ara.entrypoints: "https"
+          traefik.http.routers.ara.tls: "true"
+          traefik.http.routers.ara.tls.certresolver: "le"
+          traefik.http.services.ara.loadbalancer.server.port: "8000"
         networks:
           - name: "app_network"
         volumes:

ansible/includes/digitalocean_dns.yml

@@ -1,19 +1,15 @@
 ---
 
+- name: Read ini config file
+  import_playbook: "read_config_file.yml"
+
 - name: Dynamic Updates under DigitalOcean DNS
   hosts: localhost
   connection: local
-  vars:
-    config_file: '/root/config.ini'
   tasks:
-    - name: Check if config file exists
-      stat:
-        path: "{{ config_file }}"
-      register: config_file_exists
-
-    - name: stop play if config file doesn't exist
+    - name: do not run in check mode - end_play
       meta: end_play
-      when: not config_file_exists.stat.exists
+      when: ansible_check_mode
 
     - name: Install via pip
       pip:
@@ -99,5 +95,5 @@
           type: "A"
           name: "*"
           data: "{{ ip }}"
-          ttl: 1800
+          ttl: 60
       no_log: true

ansible/includes/headscale.yml

@@ -1,10 +1,12 @@
 ---
 
+- name: Read ini config file
+  import_playbook: "read_config_file.yml"
+
 - name: "Headscale Setup"
   hosts: localhost
   connection: local
   vars:
-    config_file: '/root/config.ini'
     headscale_docker_image: "docker.io/headscale/headscale:v0.23.0"
   tasks:
     - name: "Set facts for time"
@@ -20,23 +22,6 @@
           - "{{ hour_now }}"
           - "{{ minute_now }}"
 
-    - name: Check if config file exists
-      stat:
-        path: "{{ config_file }}"
-      register: config_file_exists
-
-    - name: stop play if config file doesn't exist
-      meta: end_play
-      when: not config_file_exists.stat.exists
-
-    - name: Setting digital ocean facts
-      set_fact:
-        digitalocean_domain: "{{ lookup('ini', 'domain section=digitalocean file={{ config_file }}') }}"
-
-    - name: stop play if config options do not exist
-      meta: end_play
-      when: digitalocean_domain | length == 0
-
     - name: enable IP forwarding
       sysctl:
         name: net.ipv4.ip_forward
@@ -68,6 +53,14 @@
         image: "{{ headscale_docker_image }}"
         env:
           TZ: 'America/Toronto'
+        labels:
+          traefik.enable: "true"
+          traefik.docker.network: "app_network"
+          traefik.http.routers.headscale.rule: "Host(`headscale.{{ do_domain }}`)"
+          traefik.http.routers.headscale.entrypoints: "https"
+          traefik.http.routers.headscale.tls: "true"
+          traefik.http.routers.headscale.tls.certresolver: "le"
+          traefik.http.services.headscale.loadbalancer.server.port: "8080"
         networks:
           - name: "app_network"
         restart_policy: always

ansible/includes/nasmounts.yml

@@ -12,7 +12,6 @@
       - 'Syncthing'
       - 'Multimedia'
     nas_root: '/mnt/nas'
-    config_file: '/root/config.ini'
     # https://rizvir.com/articles/linux-sysadmin-cheats/
     # Tune NFS 3 mounts
     nfs_mount_opts: 'rsize=32768,wsize=32768,nfsvers=3,tcp,async'
@@ -27,22 +26,13 @@
         path: "{{ nas_root }}/{{ item }}"
       with_items: "{{ mounts }}"
 
-    - name: Check if config file exists
-      stat:
-        path: "{{ config_file }}"
-      register: config_exists
-
     - name: Adding NAS mount points to fstab
-      vars:
-        nas_ip: "{{ lookup('ini', 'ip section=nas file={{ config_file }}') | default('') }}"
       mount:
-        src: "{{ nas_ip }}:/{{ item }}"
+        src: "nas.{{ do_domain }}:/{{ item }}"
         path: "{{ nas_root }}/{{ item }}"
         fstype: nfs
         state: mounted
         opts: "{{ nfs_mount_opts }}"
       with_items: "{{ mounts }}"
       when:
         - not ansible_check_mode
-        - config_exists.stat.exists
-        - nas_ip != ''

ansible/includes/netdata.yml

@@ -23,6 +23,14 @@
         image: "{{ netdata_docker_image }}"
         env:
           TZ: 'America/Toronto'
+        labels:
+          traefik.enable: "true"
+          traefik.docker.network: "app_network"
+          traefik.http.routers.netdata.rule: "Host(`netdata.{{ do_domain }}`)"
+          traefik.http.routers.netdata.entrypoints: "https"
+          traefik.http.routers.netdata.tls: "true"
+          traefik.http.routers.netdata.tls.certresolver: "le"
+          traefik.http.services.netdata.loadbalancer.server.port: "19999"
         volumes:
           - "/opt/netdata/etc:/etc/netdata"
           - "/opt/netdata/lib:/var/lib/netdata"

ansible/includes/pihole.yml

@@ -1,5 +1,8 @@
 ---
 
+- name: Read ini config file
+  import_playbook: "read_config_file.yml"
+
 - name: "Pihole Install and setup"
   hosts: localhost
   connection: local
@@ -34,25 +37,7 @@
       - rclone
       - rclone-crypt
       - netdata
-    config_file: '/root/config.ini'
   tasks:
-    - name: Check if config file exists
-      stat:
-        path: "{{ config_file }}"
-      register: config_file_exists
-
-    - name: stop play if config file doesn't exist
-      meta: end_play
-      when: not config_file_exists.stat.exists
-
-    - name: Setting digital ocean facts
-      set_fact:
-        digitalocean_domain: "{{ lookup('ini', 'domain section=digitalocean file={{ config_file }}') }}"
-
-    - name: stop play if config options do not exist
-      meta: end_play
-      when: digitalocean_domain | length == 0
-
     - name: create role folder
       file:
         state: directory
@@ -142,7 +127,7 @@
       copy:
         dest: "/opt/pihole/etc/custom.list"
         content: |
-          {{ ansible_default_ipv4.address }} {% for service in service_list %}{{ service }}.{{ digitalocean_domain }}{% if not loop.last %} {% endif %}{% endfor %}
+          {{ ansible_default_ipv4.address }} {% for service in service_list %}{{ service }}.{{ do_domain }}{% if not loop.last %} {% endif %}{% endfor %}
         mode: 0640
         owner: 999
         group: 999
@@ -173,6 +158,14 @@
           # NOTE: infinite lease
           # DHCP_LEASETIME: "0"
           # DHCP_rapid_commit: "true"
+        labels:
+          traefik.enable: "true"
+          traefik.docker.network: "app_network"
+          traefik.http.routers.pihole.rule: "Host(`pihole.{{ do_domain }}`)"
+          traefik.http.routers.pihole.entrypoints: "https"
+          traefik.http.routers.pihole.tls: "true"
+          traefik.http.routers.pihole.tls.certresolver: "le"
+          traefik.http.services.pihole.loadbalancer.server.port: "80"
         ports:
           - "53:53/tcp"
           - "53:53/udp"

ansible/includes/rclone.yml

@@ -23,6 +23,14 @@
         image: "{{ rclone_docker_image }}"
         env:
           TZ: "America/Toronto"
+        labels:
+          traefik.enable: "true"
+          traefik.docker.network: "app_network"
+          traefik.http.routers.rclone.rule: "Host(`rclone.{{ do_domain }}`)"
+          traefik.http.routers.rclone.entrypoints: "https"
+          traefik.http.routers.rclone.tls: "true"
+          traefik.http.routers.rclone.tls.certresolver: "le"
+          traefik.http.services.rclone.loadbalancer.server.port: "8080"
         networks:
           - name: "app_network"
         restart_policy: always
@@ -49,6 +57,14 @@
         image: "{{ rclone_docker_image }}"
         env:
           TZ: "America/Toronto"
+        labels:
+          traefik.enable: "true"
+          traefik.docker.network: "app_network"
+          traefik.http.routers.rclone-crypt.rule: "Host(`rclone-crypt.{{ do_domain }}`)"
+          traefik.http.routers.rclone-crypt.entrypoints: "https"
+          traefik.http.routers.rclone-crypt.tls: "true"
+          traefik.http.routers.rclone-crypt.tls.certresolver: "le"
+          traefik.http.services.rclone-crypt.loadbalancer.server.port: "8080"
         networks:
           - name: "app_network"
         restart_policy: always

ansible/includes/read_config_file.yml

@@ -0,0 +1,24 @@
+---
+
+- name: "Read config file"
+  hosts: localhost
+  connection: local
+  vars:
+    config_file: '/root/config.ini'
+  tasks:
+    - name: Check if config file exists
+      stat:
+        path: "{{ config_file }}"
+      register: config_file_exists
+
+    - name: stop play if config file doesn't exist
+      meta: end_play
+      when: not config_file_exists.stat.exists
+
+    - name: Setting digital ocean facts
+      set_fact:
+        do_host: "{{ lookup('ini', 'host section=digitalocean file={{ config_file }}') }}"
+        do_token: "{{ lookup('ini', 'token section=digitalocean file={{ config_file }}') }}"
+        do_domain: "{{ lookup('ini', 'domain section=digitalocean file={{ config_file }}') }}"
+        syncthing_api_key: "{{ lookup('password', '/root/syncthing_api_key length=24') }}"
+        cacheable: true