From ed426593d4e30280c23fdc9edc51936e4c9f50a9 Mon Sep 17 00:00:00 2001 From: Iurii Tatishchev Date: Sat, 25 Mar 2023 04:28:41 -0700 Subject: [PATCH] refactor: move to Debian on truenas scale --- .idea/alpina.iml | 2 + .idea/jsonSchemas.xml | 16 ++++ Makefile | 2 +- README.md | 3 +- contrib/docker_compose_template_task_list.yml | 6 +- inventories/prod/group_vars/all.yml | 9 ++ inventories/prod/hosts | 2 +- inventories/staging/group_vars/all.yml | 9 ++ inventories/staging/hosts | 2 +- poetry.lock | 40 ++++++++- pyproject.toml | 1 + roles/{jackett => arrstack}/tasks/main.yml | 0 .../templates/custom-init/setup-wg.sh.j2 | 23 ++++++ .../arrstack/templates/docker-compose.yml.j2 | 82 +++++++++++++++++++ .../arrstack/templates/wireguard/wg0.conf.j2 | 11 +++ roles/arrstack/vars/app_config.yml | 12 +++ roles/{jackett => arrstack}/vars/main.yml | 2 +- roles/common/tasks/main.yml | 55 +++---------- roles/gitea/templates/docker-compose.yml.j2 | 10 +-- roles/jackett/templates/docker-compose.yml.j2 | 26 ------ roles/jackett/vars/app_config.yml | 0 .../jellyfin/templates/docker-compose.yml.j2 | 26 ++---- .../nextcloud/templates/docker-compose.yml.j2 | 34 ++++---- roles/traefik/templates/docker-compose.yml.j2 | 9 +- .../traefik/templates/rules/app-sonarr.yml.j2 | 25 ------ services.yml | 2 +- 26 files changed, 251 insertions(+), 158 deletions(-) rename roles/{jackett => arrstack}/tasks/main.yml (100%) create mode 100644 roles/arrstack/templates/custom-init/setup-wg.sh.j2 create mode 100644 roles/arrstack/templates/docker-compose.yml.j2 create mode 100644 roles/arrstack/templates/wireguard/wg0.conf.j2 create mode 100644 roles/arrstack/vars/app_config.yml rename roles/{jackett => arrstack}/vars/main.yml (80%) delete mode 100644 roles/jackett/templates/docker-compose.yml.j2 delete mode 100644 roles/jackett/vars/app_config.yml delete mode 100644 roles/traefik/templates/rules/app-sonarr.yml.j2 diff --git a/.idea/alpina.iml b/.idea/alpina.iml index d186344..9a0025f 100644 --- a/.idea/alpina.iml +++ b/.idea/alpina.iml @@ -26,6 +26,8 @@ diff --git a/.idea/jsonSchemas.xml b/.idea/jsonSchemas.xml index 19702f5..8326774 100644 --- a/.idea/jsonSchemas.xml +++ b/.idea/jsonSchemas.xml @@ -37,6 +37,22 @@ + + + + + + + diff --git a/Makefile b/Makefile index cf95f7c..6566365 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ vault_id ?= alpina@contrib/rbw-client.sh all: site setup: - poetry install + poetry install --quiet site: setup poetry run ansible-playbook --vault-id ${vault_id} -i inventories/${env} site.yml diff --git a/README.md b/README.md index b9cdc5e..3cb9d0b 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,4 @@ # Alpina -A home for configuring all of my homelab containers on an Alpine Linux machine. +A home for configuring all of my homelab containers on a Debian Linux machine. +This assumes a Debian Linux machine with Docker and Docker Compose installed. diff --git a/contrib/docker_compose_template_task_list.yml b/contrib/docker_compose_template_task_list.yml index 4c3698f..31b32b3 100644 --- a/contrib/docker_compose_template_task_list.yml +++ b/contrib/docker_compose_template_task_list.yml @@ -4,13 +4,13 @@ file: path: "{{ current_svc_path }}" state: directory - mode: "500" + mode: "700" - name: Ensure directory structure exists file: path: "{{ current_svc_path }}/{{ item.path }}" state: directory - mode: "500" + mode: "700" with_community.general.filetree: "{{ templates_source }}" when: item.state == "directory" @@ -23,7 +23,7 @@ template: src: "{{ item.src }}" dest: "{{ current_svc_path }}/{{ item.path | regex_replace('\\.j2$', '') }}" - mode: "400" + mode: "600" with_community.general.filetree: "{{ templates_source }}" when: item.state == "file" diff --git a/inventories/prod/group_vars/all.yml b/inventories/prod/group_vars/all.yml index ceeb024..3c54186 100644 --- a/inventories/prod/group_vars/all.yml +++ b/inventories/prod/group_vars/all.yml @@ -1 +1,10 @@ domain: cazzzer.com + +wg_privkey: !vault | + $ANSIBLE_VAULT;1.2;AES256;alpina + 61346533346138643038616365373264333063626539316266326164353935666464346534643433 + 3634353332373937323464346634643639623039366163350a666161323932633866633264303034 + 32303833613236316463643066363565333536323833373562343832333435303732626264353337 + 3831353935663865390a383335333133613039386237653665653663346666626666616439323530 + 33626333383830383430313765386439323738336336333234303738383837356135353635366365 + 3066313962653537376430613963316132613663356665316238 diff --git a/inventories/prod/hosts b/inventories/prod/hosts index 483f02b..50fea0c 100644 --- a/inventories/prod/hosts +++ b/inventories/prod/hosts @@ -1,2 +1,2 @@ [docker_hosts] -root@alpina.lab.home +debbi.lab.home diff --git a/inventories/staging/group_vars/all.yml b/inventories/staging/group_vars/all.yml index b64c48e..4d14df2 100644 --- a/inventories/staging/group_vars/all.yml +++ b/inventories/staging/group_vars/all.yml @@ -1 +1,10 @@ domain: lab.cazzzer.com + +wg_privkey: !vault | + $ANSIBLE_VAULT;1.2;AES256;alpina + 66323965396438656630376232373462616536303233663163373933306261396634623164653536 + 3964323735386530303932616135346461353036393635350a353434303730633265343035623434 + 35323064373733373436383939386335306463316634363436396264313432363961353766633930 + 3662633131636332620a313334396161386230303936646566363162643831393965376563386432 + 37613538613466353266666566373836663037363139316463313335633335633536613232323062 + 3765366135356362326138313636646263646235656333386132 diff --git a/inventories/staging/hosts b/inventories/staging/hosts index abac7a9..05ded5f 100644 --- a/inventories/staging/hosts +++ b/inventories/staging/hosts @@ -1,2 +1,2 @@ [docker_hosts] -root@etapp.lab.home +etappi.lab.home diff --git a/poetry.lock b/poetry.lock index 2514771..fe2af72 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,4 +1,4 @@ -# This file is automatically @generated by Poetry 1.4.0 and should not be changed by hand. +# This file is automatically @generated by Poetry 1.4.1 and should not be changed by hand. [[package]] name = "ansible" @@ -34,6 +34,25 @@ packaging = "*" PyYAML = ">=5.1" resolvelib = ">=0.5.3,<0.9.0" +[[package]] +name = "ansible-vault" +version = "2.1.0" +description = "R/W an ansible-vault yaml file" +category = "main" +optional = false +python-versions = "*" +files = [ + {file = "ansible-vault-2.1.0.tar.gz", hash = "sha256:5ce8fdb5470f1449b76bf07ae2abc56480dad48356ae405c85b686efb64dbd5e"}, +] + +[package.dependencies] +ansible = "*" +setuptools = "*" + +[package.extras] +dev = ["black", "flake8", "isort[pyproject]", "pytest"] +release = ["twine"] + [[package]] name = "cffi" version = "1.15.1" @@ -327,7 +346,24 @@ lint = ["black", "flake8", "isort", "mypy", "types-requests"] release = ["build", "towncrier", "twine"] test = ["commentjson", "packaging", "pytest"] +[[package]] +name = "setuptools" +version = "67.6.0" +description = "Easily download, build, install, upgrade, and uninstall Python packages" +category = "main" +optional = false +python-versions = ">=3.7" +files = [ + {file = "setuptools-67.6.0-py3-none-any.whl", hash = "sha256:b78aaa36f6b90a074c1fa651168723acbf45d14cb1196b6f02c0fd07f17623b2"}, + {file = "setuptools-67.6.0.tar.gz", hash = "sha256:2ee892cd5f29f3373097f5a814697e397cf3ce313616df0af11231e2ad118077"}, +] + +[package.extras] +docs = ["furo", "jaraco.packaging (>=9)", "jaraco.tidelift (>=1.4)", "pygments-github-lexers (==0.0.5)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-favicon", "sphinx-hoverxref (<2)", "sphinx-inline-tabs", "sphinx-lint", "sphinx-notfound-page (==0.8.3)", "sphinx-reredirects", "sphinxcontrib-towncrier"] +testing = ["build[virtualenv]", "filelock (>=3.4.0)", "flake8 (<5)", "flake8-2020", "ini2toml[lite] (>=0.9)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "pip (>=19.1)", "pip-run (>=8.8)", "pytest (>=6)", "pytest-black (>=0.3.7)", "pytest-checkdocs (>=2.4)", "pytest-cov", "pytest-enabler (>=1.3)", "pytest-flake8", "pytest-mypy (>=0.9.1)", "pytest-perf", "pytest-timeout", "pytest-xdist", "tomli-w (>=1.0.0)", "virtualenv (>=13.0.0)", "wheel"] +testing-integration = ["build[virtualenv]", "filelock (>=3.4.0)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "pytest", "pytest-enabler", "pytest-xdist", "tomli", "virtualenv (>=13.0.0)", "wheel"] + [metadata] lock-version = "2.0" python-versions = "^3.10" -content-hash = "fdbbbb1f3c9578e994fc064c9036557f370fe659bb84e4a5cf5ad29247968141" +content-hash = "4c3656f66006d184debf3777b8df073898df0eb1f53611cdd47ec4c543071595" diff --git a/pyproject.toml b/pyproject.toml index a09b06b..4da5834 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -8,6 +8,7 @@ readme = "README.md" [tool.poetry.dependencies] python = "^3.10" ansible = "^7.3.0" +ansible-vault = "^2.1.0" [build-system] diff --git a/roles/jackett/tasks/main.yml b/roles/arrstack/tasks/main.yml similarity index 100% rename from roles/jackett/tasks/main.yml rename to roles/arrstack/tasks/main.yml diff --git a/roles/arrstack/templates/custom-init/setup-wg.sh.j2 b/roles/arrstack/templates/custom-init/setup-wg.sh.j2 new file mode 100644 index 0000000..e5ea992 --- /dev/null +++ b/roles/arrstack/templates/custom-init/setup-wg.sh.j2 @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +apk add --no-cache wireguard-tools-wg + +local_gateway=$(ip route | grep default | awk '{print $3}') +# This used as the gateway address for NAT-PMP to work properly +wg_gateway="{{ wg_dns }}" +wg_peer_address=$(echo "{{ wg_peer_endpoint }}" | cut -d: -f1) + +ip route add "$wg_peer_address" via "$local_gateway" +ip link add wg0 type wireguard +wg setconf wg0 /etc/wireguard/wg0.conf +ip address add dev wg0 "{{ wg_address }}" +ip link set wg0 up +ip route add "$wg_gateway" dev wg0 +ip route del default +ip route add default via "$wg_gateway" + +# Note that the DNS isn't changed, so there's actually a leak there +# That's on purpose, just in case I want to access local jackett from qbit + +# Finally, optionally allow access to the home network +# ip route add "\{\{ home_network }}" via "$local_gateway" diff --git a/roles/arrstack/templates/docker-compose.yml.j2 b/roles/arrstack/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..7776b14 --- /dev/null +++ b/roles/arrstack/templates/docker-compose.yml.j2 @@ -0,0 +1,82 @@ +version: "3.7" + +networks: + default: + traefik_traefik: + external: true + +services: + qbittorrent: + image: linuxserver/qbittorrent:latest + container_name: qbittorrent + cap_add: + - NET_ADMIN + labels: + - traefik.enable=true + - traefik.http.routers.qbittorrent.rule=Host(`qbit.{{ domain }}`) + - traefik.http.services.qbittorrent.loadbalancer.server.port=8080 + restart: unless-stopped + networks: + - default + - traefik_traefik + volumes: + - ./wireguard:/etc/wireguard:ro + - ./custom-init:/custom-cont-init.d:ro + - {{ base_volume_path }}/arrstack/config/qbittorrent:/config + - {{ base_volume_path }}/arrstack/downloads:/downloads + - {{ media_volume_path }}/Plex:/media/Plex + - {{ media_volume_path }}/iso-img:/media/iso-img + + jackett: + image: linuxserver/jackett:latest + container_name: jackett + labels: + - traefik.enable=true + - traefik.http.routers.jackett.rule=Host(`jackett.{{ domain }}`) + - traefik.http.services.jackett.loadbalancer.server.port=9117 + restart: unless-stopped + networks: + - default + - traefik_traefik + volumes: + - {{ base_volume_path }}/arrstack/config/jackett:/config + - {{ base_volume_path }}/arrstack/downloads:/downloads + - {{ media_volume_path }}/Plex:/media/Plex + + sonarr: + image: linuxserver/sonarr:latest + container_name: sonarr + labels: + - traefik.enable=true + - traefik.http.routers.sonarr.rule=Host(`sonarr.{{ domain }}`) + - traefik.http.services.sonarr.loadbalancer.server.port=8989 + restart: unless-stopped + depends_on: + - qbittorrent + - jackett + networks: + - default + - traefik_traefik + volumes: + - {{ base_volume_path }}/arrstack/config/sonarr:/config + - {{ base_volume_path }}/arrstack/downloads:/downloads + - {{ media_volume_path }}/Plex:/media/Plex + + radarr: + image: linuxserver/radarr:latest + container_name: radarr + labels: + - traefik.enable=true + - traefik.http.routers.radarr.rule=Host(`radarr.{{ domain }}`) + - traefik.http.services.radarr.loadbalancer.server.port=7878 + restart: unless-stopped + depends_on: + - qbittorrent + - jackett + networks: + - default + - traefik_traefik + volumes: + - {{ base_volume_path }}/arrstack/config/radarr:/config + - {{ base_volume_path }}/arrstack/downloads:/downloads + - {{ media_volume_path }}/Plex:/media/Plex diff --git a/roles/arrstack/templates/wireguard/wg0.conf.j2 b/roles/arrstack/templates/wireguard/wg0.conf.j2 new file mode 100644 index 0000000..34de02b --- /dev/null +++ b/roles/arrstack/templates/wireguard/wg0.conf.j2 @@ -0,0 +1,11 @@ +# Stripped version of the wg config + +[Interface] +PrivateKey = {{ wg_privkey }} +# Address = {{ wg_address }} +# DNS = {{ wg_dns }} # This is also used as the gateway address for NAT-PMP to work properly + +[Peer] +PublicKey = {{ wg_peer_pubkey }} +AllowedIPs = 0.0.0.0/0 +Endpoint = {{ wg_peer_endpoint }} diff --git a/roles/arrstack/vars/app_config.yml b/roles/arrstack/vars/app_config.yml new file mode 100644 index 0000000..6491f2c --- /dev/null +++ b/roles/arrstack/vars/app_config.yml @@ -0,0 +1,12 @@ +$ANSIBLE_VAULT;1.2;AES256;alpina +37653839366635373530306432303538626233356164633761316231623732316138643532383735 +3132613432333636383363383162643434626638613234320a343337333435393461323735646338 +34353764366561633738383933626261643734343266333364353162366161313738663064656530 +6666313731343663650a343761646664356238373763383136366431383337313065613663303233 +36613233653666306338373839623130323833393932386161353933613338613836326632653262 +31646131646637646237373964376365336337386639396266393731623761393038396233663663 +32393964313361326463356435343064643964343731386238643263653738356534383536353330 +32376162376235663636626562646436613265656461656133643762396137313238383533653831 +31396632656630626138326335363462383131343431336264656236346665366236353863326237 +66653064653166373838653631653563303834303334633830383064323965393563663563636361 +653139663339346331336435313263343936 \ No newline at end of file diff --git a/roles/jackett/vars/main.yml b/roles/arrstack/vars/main.yml similarity index 80% rename from roles/jackett/vars/main.yml rename to roles/arrstack/vars/main.yml index b00d642..50ad2aa 100644 --- a/roles/jackett/vars/main.yml +++ b/roles/arrstack/vars/main.yml @@ -1,5 +1,5 @@ --- -current_svc_name: jackett +current_svc_name: arrstack current_svc_path: "{{ my_svc_path }}/{{ current_svc_name }}" templates_source: "{{ role_path }}/templates" diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 09b8863..9776fe3 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -1,49 +1,14 @@ -- name: Upgrade alpine packages - community.general.apk: - upgrade: yes +- name: Upgrade Debian packages + become: yes + ansible.builtin.apt: + upgrade: dist update_cache: yes - register: apk_upgrades - -- name: Install alpine packages - community.general.apk: - name: - - qemu-guest-agent - - dhcpcd - - python3 - - fish - - docker - - docker-compose - - docker-fish-completion - - docker-compose-fish-completion - - zfs - - zfs-utils-py + cache_valid_time: 3600 + autoremove: yes state: latest - update_cache: yes - register: apk_installs - -- name: Enable qemu-guest-agent service - service: - name: qemu-guest-agent - runlevel: boot - enabled: yes - -- name: Enable zfs-import service - service: - name: zfs-import - runlevel: sysinit - enabled: yes - -- name: Enable zfs-mount service - service: - name: zfs-mount - runlevel: sysinit - enabled: yes - -- name: Enable docker service - service: - name: docker - enabled: yes + register: apt_upgrades - name: Reboot if needed - reboot: - when: apk_upgrades.changed or apk_installs.changed + become: yes + ansible.builtin.reboot: + when: apt_upgrades.changed diff --git a/roles/gitea/templates/docker-compose.yml.j2 b/roles/gitea/templates/docker-compose.yml.j2 index 549c891..af632ed 100644 --- a/roles/gitea/templates/docker-compose.yml.j2 +++ b/roles/gitea/templates/docker-compose.yml.j2 @@ -1,14 +1,10 @@ -version: "3.9" +version: "3.7" networks: default: traefik_traefik: external: true -volumes: - gitea: - postgres: - services: server: image: gitea/gitea:1.18 @@ -24,7 +20,7 @@ services: - default - traefik_traefik volumes: - - gitea:/data + - {{ base_volume_path }}/gitea/gitea:/data depends_on: - db db: @@ -36,4 +32,4 @@ services: networks: - default volumes: - - postgres:/var/lib/postgresql/data + - {{ base_volume_path }}/gitea/postgres:/var/lib/postgresql/data diff --git a/roles/jackett/templates/docker-compose.yml.j2 b/roles/jackett/templates/docker-compose.yml.j2 deleted file mode 100644 index d768c8a..0000000 --- a/roles/jackett/templates/docker-compose.yml.j2 +++ /dev/null @@ -1,26 +0,0 @@ -version: "3.9" - -networks: - default: - traefik_traefik: - external: true - -volumes: - config: - torrent_blackhole: - -services: - jackett: - image: linuxserver/jackett:latest - container_name: jackett - labels: - - traefik.enable=true - - traefik.http.routers.jackett.rule=Host(`jackett.{{ domain }}`) - - traefik.http.services.jackett.loadbalancer.server.port=9117 - restart: unless-stopped - networks: - - default - - traefik_traefik - volumes: - - config:/config - - torrent_blackhole:/downloads diff --git a/roles/jackett/vars/app_config.yml b/roles/jackett/vars/app_config.yml deleted file mode 100644 index e69de29..0000000 diff --git a/roles/jellyfin/templates/docker-compose.yml.j2 b/roles/jellyfin/templates/docker-compose.yml.j2 index 0520e3a..9c89ef4 100644 --- a/roles/jellyfin/templates/docker-compose.yml.j2 +++ b/roles/jellyfin/templates/docker-compose.yml.j2 @@ -1,26 +1,10 @@ -version: "3.9" +version: "3.7" networks: default: traefik_traefik: external: true -volumes: - config: - cache: - media: - driver: local - driver_opts: - type: nfs - o: "addr=truenas.lab.home,nfsvers=4,ro,noatime" - device: ":/mnt/Mass-Storage-New/JailStorage/Plex/media" - other_videos: - driver: local - driver_opts: - type: nfs - o: "addr=truenas.lab.home,nfsvers=4,ro,noatime" - device: ":/mnt/Mass-Storage-New/syncThingData/Videos" - services: jellyfin: image: jellyfin/jellyfin:10.8.6 @@ -36,10 +20,10 @@ services: - default - traefik_traefik volumes: - - config:/config - - cache:/cache - - media:/data/media - - other_videos:/data/other_videos + - {{ base_volume_path }}/jellyfin/config:/config + - {{ base_volume_path }}/jellyfin/cache:/cache + - {{ media_volume_path }}/Plex/media:/data/media:ro + - {{ media_volume_path }}/other_videos:/data/other_videos:ro tmpfs: - /tmp/transcodes devices: diff --git a/roles/nextcloud/templates/docker-compose.yml.j2 b/roles/nextcloud/templates/docker-compose.yml.j2 index de4cc9c..e22e789 100644 --- a/roles/nextcloud/templates/docker-compose.yml.j2 +++ b/roles/nextcloud/templates/docker-compose.yml.j2 @@ -1,15 +1,10 @@ -version: "3.9" +version: "3.7" networks: default: traefik_traefik: external: true -volumes: - nextcloud: - nextcloud_config: - nextcloud_data: - db: services: app: @@ -24,9 +19,9 @@ services: networks: - default volumes: - - nextcloud:/var/www/html - - nextcloud_config:/var/www/html/config - - nextcloud_data:/var/www/html/data + - {{ base_volume_path }}/nextcloud/nextcloud:/var/www/html + - {{ base_volume_path }}/nextcloud/nextcloud_config:/var/www/html/config + - {{ base_volume_path }}/nextcloud/nextcloud_data:/var/www/html/data cron: image: nextcloud:${NEXTCLOUD_VERSION} @@ -37,8 +32,10 @@ services: entrypoint: /cron.sh networks: - default - volumes_from: - - app + volumes: + - {{ base_volume_path }}/nextcloud/nextcloud:/var/www/html + - {{ base_volume_path }}/nextcloud/nextcloud_config:/var/www/html/config + - {{ base_volume_path }}/nextcloud/nextcloud_data:/var/www/html/data notify_push: image: nextcloud:${NEXTCLOUD_VERSION} @@ -51,8 +48,10 @@ services: - /var/www/html/config/config.php networks: - default - volumes_from: - - app + volumes: + - {{ base_volume_path }}/nextcloud/nextcloud:/var/www/html + - {{ base_volume_path }}/nextcloud/nextcloud_config:/var/www/html/config + - {{ base_volume_path }}/nextcloud/nextcloud_data:/var/www/html/data db: image: postgres:13-alpine @@ -63,7 +62,7 @@ services: networks: - default volumes: - - db:/var/lib/postgresql/data + - {{ base_volume_path }}/nextcloud/db:/var/lib/postgresql/data redis: image: redis:7-alpine @@ -91,6 +90,7 @@ services: - traefik_traefik - default volumes: - - ./nginx.conf:/etc/nginx/nginx.conf - volumes_from: - - app + - ./nginx.conf:/etc/nginx/nginx.conf:ro + - {{ base_volume_path }}/nextcloud/nextcloud:/var/www/html + - {{ base_volume_path }}/nextcloud/nextcloud_config:/var/www/html/config + - {{ base_volume_path }}/nextcloud/nextcloud_data:/var/www/html/data diff --git a/roles/traefik/templates/docker-compose.yml.j2 b/roles/traefik/templates/docker-compose.yml.j2 index 50bc863..220766c 100644 --- a/roles/traefik/templates/docker-compose.yml.j2 +++ b/roles/traefik/templates/docker-compose.yml.j2 @@ -1,4 +1,4 @@ -version: "3.9" +version: "3.7" networks: default: @@ -8,9 +8,6 @@ networks: config: - subnet: {{ traefik_ip }}/24 -volumes: - logs: - services: traefik: image: traefik:v2.9 @@ -32,5 +29,5 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./traefik.yml:/etc/traefik/traefik.yml:ro - - logs:/logs - - {{ current_svc_path }}/rules:/rules:ro + - {{ base_volume_path }}/traefik/logs:/logs + - ./rules:/rules:ro diff --git a/roles/traefik/templates/rules/app-sonarr.yml.j2 b/roles/traefik/templates/rules/app-sonarr.yml.j2 deleted file mode 100644 index ef4f04a..0000000 --- a/roles/traefik/templates/rules/app-sonarr.yml.j2 +++ /dev/null @@ -1,25 +0,0 @@ -http: - routers: - sonarr: - rule: "Host(`sonarr.{{ domain }}`)" - service: sonarr - radarr: - rule: "Host(`radarr.{{ domain }}`)" - service: radarr - serversTransports: - sonarrTransport: - insecureSkipVerify: true - forwardingTimeouts: - dialTimeout: "180s" - - services: - sonarr: - loadBalancer: - servers: - - url: "http://sonarr.lab.home:8989" - serversTransport: "sonarrTransport" - radarr: - loadBalancer: - servers: - - url: "http://radarr.lab.home:7878" - serversTransport: "sonarrTransport" diff --git a/services.yml b/services.yml index 22a65fb..4914e51 100644 --- a/services.yml +++ b/services.yml @@ -5,7 +5,7 @@ - nextcloud - jellyfin - gitea - - jackett + - arrstack post_tasks: - name: Docker prune objects docker_prune: