Compare commits

..

4 Commits

3 changed files with 95 additions and 1 deletions

View File

@ -7,10 +7,18 @@
skip_existing: yes
data: {{ linode_api_key }}
- name: Pull linode-dyndns container image
podman_image:
name: {{ image_name }}
pull: yes
state: present
tag: {{ image_tag }}
- name: Create and start linode-dyndns container
podman_container:
name: linode-dyndns_{{ subdomain }}
image: docker.io/kvllsvm/linode-dynamic-dns:latest
hostname: linode-dyndns_{{ subdomain }}
image: "{{ image_name }}:{{ image_tag }}"
state: started
restart_policy: always
network: host
@ -24,3 +32,5 @@
- name: FREQUENCY
value: {{ update_frequency }}
command: "/bin/sh -c 'export TOKEN=$(cat /run/secrets/linode_dns_apikey) && linode-dynamic-dns -s $FREQUENCY'"
generate_systemd:
path: {{ systemd_system_unit_path }}

View File

@ -0,0 +1,13 @@
---
image_name: docker.io/traefik
image_tag: latest
docker_sock_path: # TODO: figure out how to determine this
letsencrypt_email: thurstylark@gmail.com
traefik_config_dir:
traefik_certs_dir:
traefik_dashboard_host:

View File

@ -0,0 +1,71 @@
---
- name: Ensure podman extras are installed
pacman:
name:
- podman-docker
- podman-dnsname
state: present
become: true
become_method: sudo
# TODO: This is going to be problematic unless I can figure out a way to
# get the calling user's dbus session up...
# Ref: https://wiki.archlinux.org/title/Podman#Docker_Compose
- name: Start podman service
systemd:
scope: user
name: podman.service
state: started
enabled: yes
- name: Pull traefik container image
podman_image:
name: {{ image_name }}
tag: {{ image_tag }}
pull: yes
state: present
- name: Set up podman network for traefik-public
podman_network:
name: traefik-public
- name: Create and start traefik container
podman_container:
name: traefik
hostname: traefik
image: "{{ image_name }}:{{ image_tag }}"
state: started
restart_policy: always
network: traefik-public
command:
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:433"
- "--providers.docker"
- "--providers.docker.exposedByDefault=false"
- "--api"
- "--certificatesresolvers.le.acme.email={{ letsencrypt_email }}"
- "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
- "--certificatesrecolvers.le.acme.tlschallenge=true"
- "--accesslog=true"
publish:
- 80:80
- 443:443
volumes:
- "{{ docker_sock_path }}:/var/run/docker.sock:ro"
- "{{ traefik_config_dir }}:/etc/traefik"
- "{{ traefik_certs_dir }}:/letsencrypt"
label:
- "traefik.enable=true"
# Enable dashboard
- "traefik.http.routers.traefik.rule=Host({{ traefik_dashboard_host }})"
- "traefik.http.routers.traefik.service=api@internal"
# Use TLS
- "traefik.http.routers.traefik.tls=true"
# Set up LetsEncrypt for automatic cert generation
- "traefik.http.routers.traefik.tls.certresolver=le"
- "traefik.http.routers.traefik.entrypoints=websecure"
# Set up global redirect to https
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.*)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall-middlewares=redirect-to-https"