Use Docker network for Caddy instead of host networking
This commit is contained in:
parent
d952e0fdd5
commit
e08f4e1330
|
@ -34,7 +34,6 @@ services:
|
||||||
wireguard:
|
wireguard:
|
||||||
domain: "wg01.vpn.{{ base_domain }}"
|
domain: "wg01.vpn.{{ base_domain }}"
|
||||||
volume: "{{ base_volume }}/wireguard"
|
volume: "{{ base_volume }}/wireguard"
|
||||||
port: 51820
|
|
||||||
version: arm64v8-alpine
|
version: arm64v8-alpine
|
||||||
|
|
||||||
snowflake:
|
snowflake:
|
||||||
|
|
|
@ -7,6 +7,14 @@
|
||||||
mode: u=rwx,g=rx,o=rx
|
mode: u=rwx,g=rx,o=rx
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
|
- name: Create Docker network for services
|
||||||
|
docker_network:
|
||||||
|
name: services
|
||||||
|
ipam_config:
|
||||||
|
- subnet: 172.17.0.0/16
|
||||||
|
gateway: 172.17.0.1
|
||||||
|
state: present
|
||||||
|
|
||||||
- name: Deploy services
|
- name: Deploy services
|
||||||
include_tasks: "services/{{ item.service }}.yml"
|
include_tasks: "services/{{ item.service }}.yml"
|
||||||
loop: "{{ services | dict2items(key_name='service') }}"
|
loop: "{{ services | dict2items(key_name='service') }}"
|
||||||
|
|
|
@ -24,7 +24,8 @@
|
||||||
name: caddy
|
name: caddy
|
||||||
image: "caddy:{{ services.caddy.version }}"
|
image: "caddy:{{ services.caddy.version }}"
|
||||||
restart_policy: unless-stopped
|
restart_policy: unless-stopped
|
||||||
network_mode: host
|
networks:
|
||||||
|
- services
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ services.caddy.volume }}/Caddyfile:/etc/caddy/Caddyfile:ro"
|
- "{{ services.caddy.volume }}/Caddyfile:/etc/caddy/Caddyfile:ro"
|
||||||
- "{{ services.caddy.volume }}/config:/config:rw"
|
- "{{ services.caddy.volume }}/config:/config:rw"
|
||||||
|
|
|
@ -15,12 +15,14 @@
|
||||||
|
|
||||||
- name: Deploy Emby Docker container
|
- name: Deploy Emby Docker container
|
||||||
docker_container:
|
docker_container:
|
||||||
name: emby
|
name: emby_app
|
||||||
image: "emby/embyserver_arm64v8:{{ services.emby.version }}"
|
image: "emby/embyserver_arm64v8:{{ services.emby.version }}"
|
||||||
restart_policy: unless-stopped
|
restart_policy: unless-stopped
|
||||||
env:
|
env:
|
||||||
UID: '1000'
|
UID: '1000'
|
||||||
GID: '1000'
|
GID: '1000'
|
||||||
|
networks:
|
||||||
|
- services
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ services.emby.volume }}/programdata:/config:rw"
|
- "{{ services.emby.volume }}/programdata:/config:rw"
|
||||||
- "{{ services.emby.volume }}/tvshows:/mnt/share1:rw"
|
- "{{ services.emby.volume }}/tvshows:/mnt/share1:rw"
|
||||||
|
|
|
@ -7,9 +7,11 @@
|
||||||
|
|
||||||
- name: Deploy Monero node Docker container
|
- name: Deploy Monero node Docker container
|
||||||
docker_container:
|
docker_container:
|
||||||
name: monerod
|
name: monerod_node
|
||||||
image: "sethsimmons/simple-monerod:{{ services.monerod.version }}"
|
image: "sethsimmons/simple-monerod:{{ services.monerod.version }}"
|
||||||
restart_policy: unless-stopped
|
restart_policy: unless-stopped
|
||||||
|
networks:
|
||||||
|
- services
|
||||||
volumes:
|
volumes:
|
||||||
- monerod-node-blockchain:/home/monero/.bitmonero:rw
|
- monerod-node-blockchain:/home/monero/.bitmonero:rw
|
||||||
command:
|
command:
|
||||||
|
@ -20,4 +22,3 @@
|
||||||
- --enable-dns-blocklist
|
- --enable-dns-blocklist
|
||||||
published_ports:
|
published_ports:
|
||||||
- '18080:18080'
|
- '18080:18080'
|
||||||
- '127.0.0.1:18081:18089'
|
|
||||||
|
|
|
@ -74,12 +74,17 @@
|
||||||
REDIS_HOST_PASSWORD: "{{ secrets.nextcloud.redis_pw }}"
|
REDIS_HOST_PASSWORD: "{{ secrets.nextcloud.redis_pw }}"
|
||||||
PHP_MEMORY_LIMIT: 2G
|
PHP_MEMORY_LIMIT: 2G
|
||||||
PHP_UPLOAD_LIMIT: 16G
|
PHP_UPLOAD_LIMIT: 16G
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- services
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ services.nextcloud.volume }}/app:/var/www/html:rw"
|
- "{{ services.nextcloud.volume }}/app:/var/www/html:rw"
|
||||||
- "{{ services.nextcloud.volume }}/apache2/apache2.conf:/etc/apache2/apache2.conf:ro"
|
- "{{ services.nextcloud.volume }}/apache2/apache2.conf:/etc/apache2/apache2.conf:ro"
|
||||||
- "{{ services.nextcloud.volume }}/apache2/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro"
|
- "{{ services.nextcloud.volume }}/apache2/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro"
|
||||||
ports:
|
|
||||||
- '127.0.0.1:8080:80'
|
|
||||||
depends_on:
|
depends_on:
|
||||||
- postgres
|
- postgres
|
||||||
- redis
|
- redis
|
||||||
|
|
||||||
|
networks:
|
||||||
|
services:
|
||||||
|
external: true
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
restart_policy: unless-stopped
|
restart_policy: unless-stopped
|
||||||
env:
|
env:
|
||||||
SERVERURL: "{{ services.wireguard.domain }}"
|
SERVERURL: "{{ services.wireguard.domain }}"
|
||||||
SERVERPORT: "{{ services.wireguard.port }}"
|
SERVERPORT: 51820
|
||||||
PEERS: "{{ secrets.wireguard.peers }}"
|
PEERS: "{{ secrets.wireguard.peers }}"
|
||||||
PEERDNS: auto
|
PEERDNS: auto
|
||||||
TZ: "{{ timezone }}"
|
TZ: "{{ timezone }}"
|
||||||
|
@ -22,7 +22,7 @@
|
||||||
- "{{ services.wireguard.volume }}:/config:rw"
|
- "{{ services.wireguard.volume }}:/config:rw"
|
||||||
- /lib/modules:/lib/modules:rw
|
- /lib/modules:/lib/modules:rw
|
||||||
published_ports:
|
published_ports:
|
||||||
- "{{ services.wireguard.port }}:{{ services.wireguard.port }}/udp"
|
- '51820:51820/udp'
|
||||||
capabilities:
|
capabilities:
|
||||||
- net_admin
|
- net_admin
|
||||||
- sys_module
|
- sys_module
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
-Server
|
-Server
|
||||||
}
|
}
|
||||||
|
|
||||||
reverse_proxy localhost:8080
|
reverse_proxy nextcloud_app_1:80
|
||||||
}
|
}
|
||||||
|
|
||||||
{{ services.emby.domain }} {
|
{{ services.emby.domain }} {
|
||||||
|
@ -24,7 +24,7 @@
|
||||||
-Server
|
-Server
|
||||||
}
|
}
|
||||||
|
|
||||||
reverse_proxy localhost:8096
|
reverse_proxy emby_app:8096
|
||||||
}
|
}
|
||||||
|
|
||||||
{{ services.monerod.domain }}:18089 {
|
{{ services.monerod.domain }}:18089 {
|
||||||
|
@ -35,5 +35,5 @@
|
||||||
-Server
|
-Server
|
||||||
}
|
}
|
||||||
|
|
||||||
reverse_proxy localhost:18081
|
reverse_proxy monerod_node:18089
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,11 +1,5 @@
|
||||||
{
|
{
|
||||||
"data-root": "{{ ssd_mount_point }}/docker-runtime",
|
"data-root": "{{ ssd_mount_point }}/docker-runtime",
|
||||||
"default-address-pools": [
|
|
||||||
{
|
|
||||||
"base": "172.17.0.0/16",
|
|
||||||
"size": 24
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"ipv6": true,
|
"ipv6": true,
|
||||||
"fixed-cidr-v6": "fd00::/80"
|
"fixed-cidr-v6": "fd00::/80"
|
||||||
}
|
}
|
||||||
|
|
Reference in a new issue