CaZzzer/alpina
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

refactor: add https and acme to traefik

Browse Source
This commit is contained in:
Iurii Tatishchev 2023-03-29 22:19:37 -07:00
parent ed426593d4
commit c3f6bd2ea9
Signed by: CaZzzer
GPG Key ID: 9A156B7DA6398968
9 changed files with 65 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
contrib/compose_helpers.j2 Normal file
View File

@ -0,0 +1,17 @@
{% macro traefik_labels(host, service="", port="") %}
traefik.enable=true
- traefik.http.routers.{{ host }}.rule=Host(`{{ host }}.{{ domain }}`)
- traefik.http.routers.{{ host }}.entrypoints=web
- traefik.http.routers.{{ host }}-tls.rule=Host(`{{ host }}.{{ domain }}`)
- traefik.http.routers.{{ host }}-tls.entrypoints=websecure
- traefik.http.routers.{{ host }}-tls.tls=true
- traefik.http.routers.{{ host }}-tls.tls.certresolver=letsencrypt
- traefik.http.routers.{{ host }}-tls.tls.domains.0.main={{ domain }}
- traefik.http.routers.{{ host }}-tls.tls.domains.0.sans=*.{{ domain }}
{% if service -%}
- traefik.http.routers.{{ host }}.service={{ service }}
{%- endif %}
{% if port -%}
- traefik.http.services.{{ host }}.loadbalancer.server.port={{ port }}
{%- endif %}
{%- endmacro %}

18
roles/arrstack/templates/docker-compose.yml.j2
View File

@ -1,3 +1,5 @@
{% from "contrib/compose_helpers.j2" import traefik_labels with context %}
{##}
version: "3.7" version: "3.7"
networks: networks:
@ -12,9 +14,7 @@ services:
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
labels: labels:
- traefik.enable=true - {{ traefik_labels("qbit", port="8080") | indent(6) }}
- traefik.http.routers.qbittorrent.rule=Host(`qbit.{{ domain }}`)
- traefik.http.services.qbittorrent.loadbalancer.server.port=8080
restart: unless-stopped restart: unless-stopped
networks: networks:
- default - default
@ -31,9 +31,7 @@ services:
image: linuxserver/jackett:latest image: linuxserver/jackett:latest
container_name: jackett container_name: jackett
labels: labels:
- traefik.enable=true - {{ traefik_labels("jackett", port="9117") | indent(6) }}
- traefik.http.routers.jackett.rule=Host(`jackett.{{ domain }}`)
- traefik.http.services.jackett.loadbalancer.server.port=9117
restart: unless-stopped restart: unless-stopped
networks: networks:
- default - default
@ -47,9 +45,7 @@ services:
image: linuxserver/sonarr:latest image: linuxserver/sonarr:latest
container_name: sonarr container_name: sonarr
labels: labels:
- traefik.enable=true - {{ traefik_labels("sonarr", port="8989") | indent(6) }}
- traefik.http.routers.sonarr.rule=Host(`sonarr.{{ domain }}`)
- traefik.http.services.sonarr.loadbalancer.server.port=8989
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
- qbittorrent - qbittorrent
@ -66,9 +62,7 @@ services:
image: linuxserver/radarr:latest image: linuxserver/radarr:latest
container_name: radarr container_name: radarr
labels: labels:
- traefik.enable=true - {{ traefik_labels("radarr", port="7878") | indent(6) }}
- traefik.http.routers.radarr.rule=Host(`radarr.{{ domain }}`)
- traefik.http.services.radarr.loadbalancer.server.port=7878
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
- qbittorrent - qbittorrent

6
roles/gitea/templates/docker-compose.yml.j2
View File

@ -1,3 +1,5 @@
{% from "contrib/compose_helpers.j2" import traefik_labels with context %}
{##}
version: "3.7" version: "3.7"
networks: networks:
@ -10,9 +12,7 @@ services:
image: gitea/gitea:1.18 image: gitea/gitea:1.18
container_name: gitea_server container_name: gitea_server
labels: labels:
- traefik.enable=true - {{ traefik_labels("gitea", port="3000") | indent(6) }}
- traefik.http.routers.gitea.rule=Host(`gitea.{{ domain }}`)
- traefik.http.services.gitea.loadbalancer.server.port=3000
restart: unless-stopped restart: unless-stopped
env_file: env_file:
- .env.gitea - .env.gitea

6
roles/jellyfin/templates/docker-compose.yml.j2
View File

@ -1,3 +1,5 @@
{% from "contrib/compose_helpers.j2" import traefik_labels with context %}
{##}
version: "3.7" version: "3.7"
networks: networks:
@ -10,9 +12,7 @@ services:
image: jellyfin/jellyfin:10.8.6 image: jellyfin/jellyfin:10.8.6
container_name: jellyfin_jellyfin container_name: jellyfin_jellyfin
labels: labels:
- traefik.enable=true - {{ traefik_labels("jellyfin", port="8096") | indent(6) }}
- traefik.http.routers.jellyfin.rule=Host(`jellyfin.{{ domain }}`)
- traefik.http.services.jellyfin.loadbalancer.server.port=8096
restart: unless-stopped restart: unless-stopped
env_file: env_file:
- .env.jellyfin - .env.jellyfin

5
roles/nextcloud/templates/docker-compose.yml.j2
View File

@ -1,3 +1,5 @@
{% from "contrib/compose_helpers.j2" import traefik_labels with context %}
{##}
version: "3.7" version: "3.7"
networks: networks:
@ -81,8 +83,7 @@ services:
image: nginx:1.23-alpine image: nginx:1.23-alpine
container_name: nextcloud_web container_name: nextcloud_web
labels: labels:
- traefik.enable=true - {{ traefik_labels("nc") | indent(6) }}
- traefik.http.routers.nextcloud.rule=Host(`nc.{{ domain }}`)
restart: unless-stopped restart: unless-stopped
links: links:
- app - app

1
roles/traefik/templates/.env.traefik.j2
View File

@ -0,0 +1 @@
CF_DNS_API_TOKEN={{ cloudflare_api_token }}

10
roles/traefik/templates/docker-compose.yml.j2
View File

@ -1,3 +1,5 @@
{% from "contrib/compose_helpers.j2" import traefik_labels with context %}
{##}
version: "3.7" version: "3.7"
networks: networks:
@ -13,12 +15,11 @@ services:
image: traefik:v2.9 image: traefik:v2.9
container_name: traefik container_name: traefik
labels: labels:
- traefik.enable=true - {{ traefik_labels("traefik", service="api@internal") | indent(6) }}
- traefik.http.routers.traefik.rule=Host(`traefik.{{ domain }}`)
- traefik.http.services.traefik.loadbalancer.server.port=8080
restart: unless-stopped restart: unless-stopped
ports: ports:
- "80:80" - "80:80"
- "443:443"
- "8080:8080" - "8080:8080"
env_file: env_file:
- .env.traefik - .env.traefik
@ -29,5 +30,6 @@ services:
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yml:/etc/traefik/traefik.yml:ro - ./traefik.yml:/etc/traefik/traefik.yml:ro
- {{ base_volume_path }}/traefik/rules:/rules:ro
- {{ base_volume_path }}/traefik/logs:/logs - {{ base_volume_path }}/traefik/logs:/logs
- ./rules:/rules:ro - {{ base_volume_path }}/traefik/acme:/acme

16
roles/traefik/templates/traefik.yml.j2
View File

@ -14,6 +14,22 @@ entryPoints:
forwardedHeaders: forwardedHeaders:
trustedIPs: trustedIPs:
- "172.16.0.0/12" - "172.16.0.0/12"
websecure:
address: ":443"
certificatesResolvers:
letsencrypt:
acme:
email: {{ acme_email }}
storage: "/acme/acme.json"
keyType: "EC384"
dnsChallenge:
provider: "cloudflare"
delayBeforeCheck: 10
resolvers:
- 1.1.1.1
- 8.8.8.8
- 9.9.9.9
providers: providers:
docker: docker:

10
roles/traefik/vars/app_config.yml
View File

@ -0,0 +1,10 @@
$ANSIBLE_VAULT;1.2;AES256;alpina
35326636356536326332383464373937366130613966663736396135306131353463353334336364
6438346563313332313835326634383063323739643165660a353431336266353239323863363637
34383565626131353530313531663034386530373133653463353063626466613436366235393638
6432363033343336620a336265666362663861393762316137356635363834326566623462373531
62313233306533336331383964346536303362383639633337386664646535313133633164316530
62623535633062656330363931353665396431376233613936626232313264376634646237303236
38396234323931613539393034396461383564363064356635343730633233366666313434646439
34633739333964383865396133313936363166643464613132633031663065623664616365656164
62643035623261623435336462643864396135323139336662363865306661356534