Compare commits
4 Commits
83486be84e
...
master
Author | SHA1 | Date |
---|---|---|
David Thurstenson | 6965862799 | |
David Thurstenson | 4d4a913abe | |
David Thurstenson | 0237b81f36 | |
David Thurstenson | 59b09ef819 |
|
@ -7,10 +7,18 @@
|
||||||
skip_existing: yes
|
skip_existing: yes
|
||||||
data: {{ linode_api_key }}
|
data: {{ linode_api_key }}
|
||||||
|
|
||||||
|
- name: Pull linode-dyndns container image
|
||||||
|
podman_image:
|
||||||
|
name: {{ image_name }}
|
||||||
|
pull: yes
|
||||||
|
state: present
|
||||||
|
tag: {{ image_tag }}
|
||||||
|
|
||||||
- name: Create and start linode-dyndns container
|
- name: Create and start linode-dyndns container
|
||||||
podman_container:
|
podman_container:
|
||||||
name: linode-dyndns_{{ subdomain }}
|
name: linode-dyndns_{{ subdomain }}
|
||||||
image: docker.io/kvllsvm/linode-dynamic-dns:latest
|
hostname: linode-dyndns_{{ subdomain }}
|
||||||
|
image: "{{ image_name }}:{{ image_tag }}"
|
||||||
state: started
|
state: started
|
||||||
restart_policy: always
|
restart_policy: always
|
||||||
network: host
|
network: host
|
||||||
|
@ -24,3 +32,5 @@
|
||||||
- name: FREQUENCY
|
- name: FREQUENCY
|
||||||
value: {{ update_frequency }}
|
value: {{ update_frequency }}
|
||||||
command: "/bin/sh -c 'export TOKEN=$(cat /run/secrets/linode_dns_apikey) && linode-dynamic-dns -s $FREQUENCY'"
|
command: "/bin/sh -c 'export TOKEN=$(cat /run/secrets/linode_dns_apikey) && linode-dynamic-dns -s $FREQUENCY'"
|
||||||
|
generate_systemd:
|
||||||
|
path: {{ systemd_system_unit_path }}
|
||||||
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
image_name: docker.io/traefik
|
||||||
|
image_tag: latest
|
||||||
|
|
||||||
|
docker_sock_path: # TODO: figure out how to determine this
|
||||||
|
|
||||||
|
letsencrypt_email: thurstylark@gmail.com
|
||||||
|
|
||||||
|
traefik_config_dir:
|
||||||
|
traefik_certs_dir:
|
||||||
|
|
||||||
|
traefik_dashboard_host:
|
|
@ -0,0 +1,71 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Ensure podman extras are installed
|
||||||
|
pacman:
|
||||||
|
name:
|
||||||
|
- podman-docker
|
||||||
|
- podman-dnsname
|
||||||
|
state: present
|
||||||
|
become: true
|
||||||
|
become_method: sudo
|
||||||
|
|
||||||
|
# TODO: This is going to be problematic unless I can figure out a way to
|
||||||
|
# get the calling user's dbus session up...
|
||||||
|
# Ref: https://wiki.archlinux.org/title/Podman#Docker_Compose
|
||||||
|
- name: Start podman service
|
||||||
|
systemd:
|
||||||
|
scope: user
|
||||||
|
name: podman.service
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
||||||
|
|
||||||
|
- name: Pull traefik container image
|
||||||
|
podman_image:
|
||||||
|
name: {{ image_name }}
|
||||||
|
tag: {{ image_tag }}
|
||||||
|
pull: yes
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Set up podman network for traefik-public
|
||||||
|
podman_network:
|
||||||
|
name: traefik-public
|
||||||
|
|
||||||
|
- name: Create and start traefik container
|
||||||
|
podman_container:
|
||||||
|
name: traefik
|
||||||
|
hostname: traefik
|
||||||
|
image: "{{ image_name }}:{{ image_tag }}"
|
||||||
|
state: started
|
||||||
|
restart_policy: always
|
||||||
|
network: traefik-public
|
||||||
|
command:
|
||||||
|
- "--entrypoints.web.address=:80"
|
||||||
|
- "--entrypoints.websecure.address=:433"
|
||||||
|
- "--providers.docker"
|
||||||
|
- "--providers.docker.exposedByDefault=false"
|
||||||
|
- "--api"
|
||||||
|
- "--certificatesresolvers.le.acme.email={{ letsencrypt_email }}"
|
||||||
|
- "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
|
||||||
|
- "--certificatesrecolvers.le.acme.tlschallenge=true"
|
||||||
|
- "--accesslog=true"
|
||||||
|
publish:
|
||||||
|
- 80:80
|
||||||
|
- 443:443
|
||||||
|
volumes:
|
||||||
|
- "{{ docker_sock_path }}:/var/run/docker.sock:ro"
|
||||||
|
- "{{ traefik_config_dir }}:/etc/traefik"
|
||||||
|
- "{{ traefik_certs_dir }}:/letsencrypt"
|
||||||
|
label:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
# Enable dashboard
|
||||||
|
- "traefik.http.routers.traefik.rule=Host({{ traefik_dashboard_host }})"
|
||||||
|
- "traefik.http.routers.traefik.service=api@internal"
|
||||||
|
# Use TLS
|
||||||
|
- "traefik.http.routers.traefik.tls=true"
|
||||||
|
# Set up LetsEncrypt for automatic cert generation
|
||||||
|
- "traefik.http.routers.traefik.tls.certresolver=le"
|
||||||
|
- "traefik.http.routers.traefik.entrypoints=websecure"
|
||||||
|
# Set up global redirect to https
|
||||||
|
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.*)"
|
||||||
|
- "traefik.http.routers.http-catchall.entrypoints=web"
|
||||||
|
- "traefik.http.routers.http-catchall-middlewares=redirect-to-https"
|
Loading…
Reference in New Issue