tobias/infrastructure
1
0
Fork 0
Code Issues 5 Pull Requests Projects Activity

Traefik: Move to host mode

Browse Source
This commit is contained in:
Tobias Manske 2023-08-10 14:16:30 +02:00
parent 6a3cbe756c
commit 9514de0f07
Signed by: tobias
GPG Key ID: 9164B527694A0709
25 changed files with 17 additions and 360 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
coreos-config/plays/services/blog/docker-compose.yaml
View File

@ -10,10 +10,4 @@ services:
- "traefik.http.routers.tobiasmanskede.entryPoints=websecure"
- "traefik.http.services.tobiasmanskede.loadbalancer.server.port=80"
restart: always
networks:
- gateway
networks:
gateway:
external: true
...

6
coreos-config/plays/services/caddy/docker-compose.yaml
View File

@ -12,10 +12,4 @@ services:
- "traefik.http.routers.caddyredir.entryPoints=websecure"
- "traefik.http.services.caddyredir.loadbalancer.server.port=80"
restart: always
networks:
- gateway
networks:
gateway:
external: true
...

5
coreos-config/plays/services/gitea/docker-compose.yaml
View File

@ -18,8 +18,8 @@ services:
- "GITEA__service__DISABLE_REGISTRATION=true"
restart: always
networks:
- default # mirror service needs internet
- backend
- gateway
volumes:
- gitea_data:/data
- /etc/timezone:/etc/timezone:ro
@ -68,7 +68,6 @@ services:
- "DRONE_USER_CREATE=username:tobias,admin:true"
networks:
- backend
- gateway
volumes:
- drone_data:/data
labels:
@ -82,8 +81,6 @@ services:
networks:
backend:
internal: true
gateway:
external: true
volumes:
gitea_data:

3
coreos-config/plays/services/hedgedoc/docker-compose.yaml
View File

@ -66,14 +66,11 @@ services:
condition: service_healthy
networks:
- backend
- gateway
volumes:
database:
networks:
gateway:
external: true
backend:
internal: true
...

3
coreos-config/plays/services/keycloak/docker-compose.yaml
View File

@ -45,13 +45,10 @@ services:
restart: always
networks:
- backend
- gateway
networks:
backend:
internal: true
gateway:
external: true
volumes:
pg_data:

3
coreos-config/plays/services/kuma/docker-compose.yaml
View File

@ -14,15 +14,12 @@ services:
- "traefik.http.services.kuma-{{ _name }}.loadbalancer.server.port=3001"
networks:
- default
- gateway
- pantalaimon
volumes:
data:
networks:
gateway:
external: true
pantalaimon:
external: true
...

6
coreos-config/plays/services/linktree/docker-compose.yaml
View File

@ -10,10 +10,4 @@ services:
- "traefik.http.routers.unruhigeu.entryPoints=websecure"
- "traefik.http.services.unruhigeu.loadbalancer.server.port=80"
restart: always
networks:
- gateway
networks:
gateway:
external: true
...

6
coreos-config/plays/services/matrix/docker-compose.yaml
View File

@ -30,7 +30,6 @@ services:
- redis
networks:
- default
- gateway
- backend
labels:
- "traefik.enable=true"
@ -73,8 +72,6 @@ services:
- "traefik.http.routers.matrix-well-known.rule=Host(`{{ matrix.baseurl }}`) && PathPrefix(`/.well-known/matrix/`)"
- "traefik.http.routers.matrix-well-known.entrypoints=websecure"
- "traefik.http.services.matrix-well-known.loadbalancer.server.port=80"
networks:
- gateway
cinny:
image: ghcr.io/cinnyapp/cinny:latest
@ -87,7 +84,6 @@ services:
volumes:
- ./cinny-config.json:/app/config.json:ro,Z
networks:
- gateway
- default
redis:
@ -215,8 +211,6 @@ services:
networks:
backend:
internal: true
gateway:
external: true
volumes:
synapse_data:

5
coreos-config/plays/services/miniflux/docker-compose.yaml
View File

@ -33,8 +33,8 @@ services:
- "prometheus-scrape.port=8080"
networks:
- backend
- gateway
- pantalaimon
- default
db:
image: postgres:13
@ -59,9 +59,6 @@ volumes:
networks:
backend:
internal: true
gateway:
external: true
name: gateway
pantalaimon:
external: true
...

11
coreos-config/plays/services/minio/docker-compose.yaml
View File

@ -5,8 +5,10 @@ services:
minio:
image: minio/minio:latest
restart: always
networks:
- gateway
ulimits:
nofile:
soft: 4096
hard: 16000
environment:
- "MINIO_ROOT_USER={{ minio.user | mandatory }}"
- "MINIO_ROOT_PASSWORD={{ minio.password | mandatory }}"
@ -31,11 +33,6 @@ services:
timeout: 20s
retries: 3
networks:
gateway:
external: true
volumes:
data:

1
coreos-config/plays/services/nextcloud/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=nextcloud

114
coreos-config/plays/services/nextcloud/config.php
View File

@ -1,114 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
33303039656232646334643237623337356630636666303664373362346436393332663238356636
3861636233323335653863383236623739376363303263390a396232343333313631353832616633
36356233383664356533383733396330303462633762623039363361343738336238386230376532
3465343039663938630a613262333330393166353930326430316461653765623935633361383036
61336631633365396532383662303532613265633664313533623239346438373664353734306433
64303239303465383165636634313239623766303136393535363236663762373438303939396561
37663335303666363066623936326531333463363730356534393066323333346665656363323338
64326662303263353236396461663636303037633835303366353063393763666135623135366562
61653136333238393864353436396430303965626439396430356536303331623134343361363839
38366533653939663734303039356666663730363237633966363338656134313364343637666338
32323264613935636336376339393064366666353562313133326435306235636633353665393237
34366565646565656638313739633866333430326531623166373865306362343535626130343039
65653661396637353031343466376135636165363962636230376666303262393235363964336639
62303963343364643633623366643265653430323135626366653436663261303838306434663064
66663262633166396137306131383135356439366364363030626135623162393665333134663565
34356135623835333330613631663936383765643330643065626636623432356664313166363366
63373731393032316331626632306666396264373038663238363461363366383738303137333534
38326664353932613462653661383064366162613466666338663264333633643231343830333337
63353035383332393639663662663139643436323561356161313032643438633462643339626465
35376165396261336132383034393362643239633433626133323531353535306463383830343838
63323731666165646665613132333563386438323639633333653637613035636536313334386366
65656266376161386161313761333861386438343833326333666262386663623736326636616537
63613764373666383237656134313061646432313236306665656537323666636630626439383162
32383534346538323530343063313838326664653233623231653937336230383135613465653439
38373463646138356464616638303839633337356430316632303030626365623032353761326538
31643238356430386662353236303030313034653531343636353066306464363934656438663031
34656330633664343063666562376662303836613066623935386533376633643164323262366138
39633235353163316463343433653738343033333263383164353234353661653038373231353263
39356363386338323737663139373961393439346239643166653866323830323462656130336563
31643433343336653864653030343033666162306662393133303066346235663330343265353336
35313664303164623461326631303430353136616138663766616237663632373233316535333231
66636238313833336261386663653563346538636361626261653737633366373439613834346561
34656437316565363939393761313962653138326130653163383032643465633463656433356133
31373434663363663637393035613466643865623030633466326666613061316136663761326439
30313632666362663938663233666539353731373232393263653062383036323336633061383030
66393062386265303338306132313233636265316538333465303764373932633332613666303933
63333064626238616363333866626631313764313532646436356562613834633138336539306664
32316434373634623962323830643961316665343734323563316366656536353131653363383038
64333430663635323136666231363637346532363930303033626433396333353335363865316665
34323938316461383339396263393566356338646537623338333363353734316664323865663864
32373930653963623733666261616366386165373039643665663664316662663761316536376231
62323662343933326337663566643664353861646361663438323734643130323362666630313131
64383865336130313136346332656462633732343466343631346233356461656137303561353932
30333065653934333665323838323032376366376632666438306265356363656134366139333463
62363135363065633030393032303035663934383536613230646563636236336166363532633139
31313531303766356565323537333534633763663638303232656235316566633436643739663061
31646638636335333431373633656563363533373838306163326664613663626432613739376561
33303636346639313636616464396231383166303761323535616338626530363861656331303738
31346438346431343166653231373538623064326430663863663039643536356333623263623630
37323139396366613831623830313336303162643935623436643637353561383163633661303237
61363436323262316633643036646634303537613939353564326530373138373330396365336530
32626133663032383765386432626465306338373031373238653966333033393431393561386335
66613163343366323238666636373532326261616462333139653163613636313662623835623434
35383936306438333461313563346634393630396237613432316230353731313834323133376239
30643965613031366530383564623361646331323235666339623530333962643830366563313463
37396638346266666362393038373034313932353130633764343430366164656136383032363565
33316632613031346663386636376561383237366261336436653463626363306663663231613035
38653939643735316131393636373339383338363461663134613831396438623764623239636365
33616466393365373636643135613763633035396666376166616433643062363463633436396364
35633864633939303264343365316361653832393462613761323361656563343839613338653336
66333664643036343361666162633035373435343931333666353866633263646530656163626234
61336464663232323030613564383335323131656333636633633735306263303637643662376330
39373733616264656661653836326238323461306133393565303930333662383335393563353965
33643431623862313436663939616437313266343665356132393066373335656561643338633465
63373630643361633730363066383731366665393235396130326130653837656633316636653864
30613237393836383262613263393066663331393736356264663732623964336266656633333633
32663737663866383235356661343839666230636338633366393935663537363331333366396331
33663834646436303033396536353036326637383538396562613566353738303332373763333633
63663432366631323431666230373035383837626333386331356530626533363434306661663038
34376163343939386463313335623364653630316636623235653066313939303935613765303961
36646631316334633762643037353034373338326631666130366462636461393830663238393437
37623161613863656637333065343631333638663639633130633239326562656535303031636662
39353134326265616665376432396633396566663138326334386530396534343965656334356265
66383437313630306338306433316435623262653464383533313032646465616466623035353562
32343935616266626466343837326434313536393365663864663765373530643037666237633166
30303135343862386636313562373162626638363130306165346335646335363063326563353337
62373339383130623837666634643665396566333566653463303866633035346136623465363665
37323437623132316439333530373037636431636233326333656163643737663865333562386665
38656338643436366135316566306438653231383839613732336139393562633065366237313634
62646230323533623533396566303864323139633730303765326134393139303261326635386661
30383933366438663130623632383639346164393461323963313933386535306364333133613035
36626666326238633331653062636137363238613863633965373337343031383464663130643861
38376532316464363630393065376438396631376139313332616430623561373362353962383530
62653239653631316634613637663132396335636334353363363962346466326565366261653564
37633139353731303064636438616138646463373261373438646464306365326633633437356532
34626435336235373562663733376262663530343136633632623534356335363531356533613464
65303361326430643233636466333061393434643630616435306430356532333739633864376139
37666465623063646231393535313338363034626465393165333232313536313834616463626536
34353462313139343233663662336138393636336338326132623665623734623132346164353164
37383562613931363535356535353837333661336238323337306239613965623463613963613762
61363634663233626263616333643462616263383932343933386437336665346237313131623562
34303035336666383064653235316636313464343130356430666162393663396466393236666330
36623432393662373330306431623638343565306433643263316333316233383938383230323832
36336536393435636138373063306637393737346133343330636230666262363466333266656163
34663430613335656162613037346539316131323135323834623337363862373065623939343461
64623933633637313961353633653337366434386361623331336131613565633765616232346161
31386663353130653332366463316166666261613238343962363533343564316663383664356237
64663033633464633961656566303737383264663736313439336234376431653737333639663961
62303665323531356431646338373164653766326166376534663436323962343533343131326565
32653532356462646133666665326533393439386630646230383339396133643034653030353062
34363738383463313061383231336364373366643530313231633164613732663165643439336366
32653962326666356530346165356163336261633138626138636363646261646239323265383666
39353165633965343764396431653165393363376265613063653039666663326338346330393263
62653063613665633934326236653663393839653537623334366431616331613461616136303962
35363936616635613739323161396331333330303165373936323330653532393561323232623837
33626635383064386363363834653937383235366630343664386433373135643634643635306431
38613630623331336463646338643832666363663732633238393636613466636637346135353335
34663037623332306434666663613361313632356264306338313234643938386265376538646630
33303962333631353935393632333531306432396338623065346162663461323035353333666536
62626231636131353763633962326361303036343736663566383662383435303533613536346230
62653562616630623065313137623735613162316465643666666534613137363135393230633138
64303161346236373861353261393735663736643334393864303366373435376239353332356634
64346362383438623166613565643661353039633834313132636162666638363733

60
coreos-config/plays/services/nextcloud/docker-compose.yaml
View File

@ -1,60 +0,0 @@
---
version: '2'
services:
db:
image: mariadb:latest
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed
volumes:
- database:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD={{ nextcloud.db.rootpassword }}
- MYSQL_PASSWORD={{ nextcloud.db.password }}
- MYSQL_DATABASE={{ nextcloud.db.name }}
- MYSQL_USER={{ nextcloud.db.user }}
networks:
- backend
app:
image: registry.tobiasmanske.de/nextcloud:main
restart: always
depends_on:
- db
volumes:
- ./config.php:/config.php:ro,Z
- nc_custom_apps:/var/www/html/custom_apps
- nc_data:/var/www/data
environment:
- MYSQL_PASSWORD={{ nextcloud.db.password }}
- MYSQL_DATABASE={{ nextcloud.db.name }}
- MYSQL_USER={{ nextcloud.db.user }}
- MYSQL_HOST=db
networks:
- backend
- gateway
- default
labels:
- "traefik.enable=true"
- "traefik.http.routers.nextcloud.rule=Host(`wolke.chaoswg.org`)"
- "traefik.http.routers.nextcloud.entryPoints=websecure"
- "traefik.http.services.nextcloud.loadbalancer.server.port=80"
- "traefik.http.middlewares.nextcloud.headers.customrequestheaders.Front-End-Https=on"
- "traefik.http.middlewares.nextcloud.headers.customresponseheaders.Strict-Transport-Security=max-age=15768000; includeSubDomains;"
- "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
- "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/"
- "traefik.http.middlewares.compression.compress=true"
- "traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud-dav,compression"
volumes:
nc_custom_apps:
nc_data:
database:
networks:
gateway:
external: true
name: gateway
backend:
internal: true
...

9
coreos-config/plays/services/prometheus/docker-compose.yaml
View File

@ -22,7 +22,6 @@ services:
- cadvisor
- node-exporter
networks:
- gateway
- backend
- alertmanager
@ -51,7 +50,6 @@ services:
- alertmanager_data:/data
networks:
- alertmanager
- gateway
restart: unless-stopped
command:
- '--config.file=/etc/alertmanager/config.yml'
@ -80,7 +78,6 @@ services:
networks:
- alertmanager
- pantalaimon
- gateway
grafana:
@ -92,7 +89,6 @@ services:
- "traefik.http.routers.grafana.entryPoints=websecure"
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
networks:
- gateway
- backend
environment:
- "GF_SERVER_ROOT_URL=https://grafana.tobiasmanske.de"
@ -173,7 +169,6 @@ services:
- "prometheus-scrape.port=3100"
networks:
- backend
- default
promtail:
image: grafana/promtail:latest
@ -207,7 +202,6 @@ services:
- "prometheus-scrape.port=8080"
networks:
- backend
- default
volumes:
prom_data:
@ -217,11 +211,8 @@ volumes:
alertmanager_data:
mimir_data:
networks:
gateway:
external: true
pantalaimon:
external: true
backend:
internal: true
alertmanager:
internal: true

6
coreos-config/plays/services/radicale/docker-compose.yaml
View File

@ -30,12 +30,6 @@ services:
- "traefik.http.routers.radicale.entryPoints=websecure"
- "traefik.http.services.radicale.loadbalancer.server.port=5232"
restart: always
networks:
- gateway
networks:
gateway:
external: true
volumes:
data:

4
coreos-config/plays/services/registry/docker-compose.yaml
View File

@ -10,7 +10,6 @@ services:
- "traefik.http.services.registry.loadbalancer.server.port=5000"
image: 'registry:2'
networks:
- gateway
- backend
volumes:
- registry_data:/var/lib/registry
@ -34,7 +33,6 @@ services:
- "traefik.http.routers.registry-auth.middlewares=registry-auth-headers"
networks:
- backend
- gateway
volumes:
- ./auth_config.yaml:/config/auth_config.yaml:ro,Z
- ./server.pem:/server.pem:ro,Z
@ -44,8 +42,6 @@ volumes:
registry_data:
networks:
gateway:
external: true
backend:
internal: true
...

6
coreos-config/plays/services/repo_proxy/docker-compose.yaml
View File

@ -13,10 +13,4 @@ services:
- "traefik.http.routers.repoproxy.entryPoints=websecure"
- "traefik.http.services.repoproxy.loadbalancer.server.port=80"
restart: always
networks:
- gateway
networks:
gateway:
external: true
...

3
coreos-config/plays/services/search/docker-compose.yaml
View File

@ -7,7 +7,6 @@ services:
container_name: searxng
restart: always
networks:
- gateway
- default
- backend
volumes:
@ -39,8 +38,6 @@ services:
- DAC_OVERRIDE
networks:
gateway:
external: true
backend:
internal: true
...

6
coreos-config/plays/services/thelounge/docker-compose.yaml
View File

@ -12,12 +12,6 @@ services:
- "traefik.http.routers.thelounge.entryPoints=websecure"
- "traefik.http.services.thelounge.loadbalancer.server.port=9000"
restart: always
networks:
- gateway
networks:
gateway:
external: true
volumes:
data:

14
coreos-config/plays/services/traefik/docker-compose.yaml
View File

@ -10,9 +10,7 @@ services:
soft: 4000
hard: 15000
restart: always
ports:
- "443:443"
- "80:80"
network_mode: host
privileged: true
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:z"
@ -22,16 +20,11 @@ services:
labels:
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=9091"
networks:
- gateway
- default
{% if deploy_traefik_fa %}
traefik-fa:
image: quay.io/oauth2-proxy/oauth2-proxy:latest
restart: unless-stopped
networks:
- gateway
depends_on:
- traefik
labels:
@ -63,8 +56,6 @@ services:
whoami:
image: containous/whoami
networks:
- gateway
labels:
- "traefik.enable=true"
- "traefik.http.services.whoami.loadbalancer.server.port=80"
@ -78,9 +69,6 @@ volumes:
acme:
networks:
gateway:
name: gateway
internal: false
default:
driver: bridge
...

7
coreos-config/plays/services/traefik/dynamic.yaml
View File

@ -1,5 +1,12 @@
http:
middlewares:
metrics-ipwhitelist:
ipWhiteList:
sourceRange:
- "127.0.0.1/32"
- "192.168.0.0/16"
- "172.16.0.0/16"
- "10.254.1.0/24"
auth-headers:
headers:
sslRedirect: true

4
coreos-config/plays/services/traefik/traefik.yaml
View File

@ -8,7 +8,6 @@ metrics:
entryPoint: metrics
providers:
docker:
network: gateway
exposedbydefault: false
file:
filename: /etc/traefik/dynamic.yaml
@ -23,6 +22,9 @@ entryPoints:
permanent: true
metrics:
address: ":9091"
http:
middlewares:
- "metrics-ipwhitelist@file"
websecure:
address: ":443"
http:

1
coreos-config/plays/services/tubearchivist/.env
View File

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=tubearchivist

82
coreos-config/plays/services/tubearchivist/docker-compose.yaml
View File

@ -1,82 +0,0 @@
---
version: "3.4"
services:
tubearchivist:
restart: unless-stopped
image: bbilly1/tubearchivist:latest
labels:
- "traefik.enable=true"
- "traefik.http.routers.tubearchivist.middlewares=sso@file"
- "traefik.http.routers.tubearchivist.rule=Host(`tubearchivist.tobiasmanske.de`)"
- "traefik.http.routers.tubearchivist.entryPoints=websecure"
- "traefik.http.services.tubearchivist.loadbalancer.server.port=8000"
volumes:
- media:/youtube
- cache:/cache
environment:
- ES_URL=http://archivist-es:9200
- REDIS_HOST=archivist-redis
- HOST_UID=1000
- HOST_GID=1000
- TA_HOST=tubearchivist.tobiasmanske.de
- TA_USERNAME={{ tubearchivist.username }}
- TA_PASSWORD={{ tubearchivist.password }}
- ELASTIC_PASSWORD={{ tubearchivist.elastic_password }}
- TZ=Europe/Berlin # set your time zone
depends_on:
- archivist-es
- archivist-redis
networks:
- backend
- gateway
- default
archivist-redis:
image: redislabs/rejson:latest # for arm64 use bbilly1/rejson
container_name: archivist-redis
restart: unless-stopped
volumes:
- redis:/data
depends_on:
- archivist-es
networks:
- backend
archivist-es:
image: bbilly1/tubearchivist-es:latest # only for amd64, or use official es 8.3.3
container_name: archivist-es
restart: unless-stopped
environment:
- "xpack.security.enabled=true"
- "ELASTIC_PASSWORD={{ tubearchivist.elastic_password }}" # matching Elasticsearch password
- "discovery.type=single-node"
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- es:/usr/share/elasticsearch/data # check for permission error when using bind mount, see readme
networks:
- backend
volumes:
media:
driver: local
name: nobackup_ta_media
driver_opts: {{ docker.cifs.media }}
es:
driver: local
name: nobackup_ta_es
driver_opts: {{ docker.cifs.es }}
cache:
redis:
networks:
gateway:
external: true
backend:
internal: true
...

6
coreos-config/plays/services/wkd/docker-compose.yaml
View File

@ -14,10 +14,4 @@ services:
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro,z
- ./data:/data:ro,Z
networks:
- gateway
networks:
gateway:
external: true
...