Use Docker network for Caddy instead of host networking

This commit is contained in:
Sam A. 2022-12-28 17:51:02 +01:00
parent d952e0fdd5
commit e08f4e1330
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
9 changed files with 28 additions and 18 deletions

View file

@ -34,7 +34,6 @@ services:
wireguard: wireguard:
domain: "wg01.vpn.{{ base_domain }}" domain: "wg01.vpn.{{ base_domain }}"
volume: "{{ base_volume }}/wireguard" volume: "{{ base_volume }}/wireguard"
port: 51820
version: arm64v8-alpine version: arm64v8-alpine
snowflake: snowflake:

View file

@ -7,6 +7,14 @@
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx
state: directory state: directory
- name: Create Docker network for services
docker_network:
name: services
ipam_config:
- subnet: 172.17.0.0/16
gateway: 172.17.0.1
state: present
- name: Deploy services - name: Deploy services
include_tasks: "services/{{ item.service }}.yml" include_tasks: "services/{{ item.service }}.yml"
loop: "{{ services | dict2items(key_name='service') }}" loop: "{{ services | dict2items(key_name='service') }}"

View file

@ -24,7 +24,8 @@
name: caddy name: caddy
image: "caddy:{{ services.caddy.version }}" image: "caddy:{{ services.caddy.version }}"
restart_policy: unless-stopped restart_policy: unless-stopped
network_mode: host networks:
- services
volumes: volumes:
- "{{ services.caddy.volume }}/Caddyfile:/etc/caddy/Caddyfile:ro" - "{{ services.caddy.volume }}/Caddyfile:/etc/caddy/Caddyfile:ro"
- "{{ services.caddy.volume }}/config:/config:rw" - "{{ services.caddy.volume }}/config:/config:rw"

View file

@ -15,12 +15,14 @@
- name: Deploy Emby Docker container - name: Deploy Emby Docker container
docker_container: docker_container:
name: emby name: emby_app
image: "emby/embyserver_arm64v8:{{ services.emby.version }}" image: "emby/embyserver_arm64v8:{{ services.emby.version }}"
restart_policy: unless-stopped restart_policy: unless-stopped
env: env:
UID: '1000' UID: '1000'
GID: '1000' GID: '1000'
networks:
- services
volumes: volumes:
- "{{ services.emby.volume }}/programdata:/config:rw" - "{{ services.emby.volume }}/programdata:/config:rw"
- "{{ services.emby.volume }}/tvshows:/mnt/share1:rw" - "{{ services.emby.volume }}/tvshows:/mnt/share1:rw"

View file

@ -7,9 +7,11 @@
- name: Deploy Monero node Docker container - name: Deploy Monero node Docker container
docker_container: docker_container:
name: monerod name: monerod_node
image: "sethsimmons/simple-monerod:{{ services.monerod.version }}" image: "sethsimmons/simple-monerod:{{ services.monerod.version }}"
restart_policy: unless-stopped restart_policy: unless-stopped
networks:
- services
volumes: volumes:
- monerod-node-blockchain:/home/monero/.bitmonero:rw - monerod-node-blockchain:/home/monero/.bitmonero:rw
command: command:
@ -20,4 +22,3 @@
- --enable-dns-blocklist - --enable-dns-blocklist
published_ports: published_ports:
- '18080:18080' - '18080:18080'
- '127.0.0.1:18081:18089'

View file

@ -74,12 +74,17 @@
REDIS_HOST_PASSWORD: "{{ secrets.nextcloud.redis_pw }}" REDIS_HOST_PASSWORD: "{{ secrets.nextcloud.redis_pw }}"
PHP_MEMORY_LIMIT: 2G PHP_MEMORY_LIMIT: 2G
PHP_UPLOAD_LIMIT: 16G PHP_UPLOAD_LIMIT: 16G
networks:
- default
- services
volumes: volumes:
- "{{ services.nextcloud.volume }}/app:/var/www/html:rw" - "{{ services.nextcloud.volume }}/app:/var/www/html:rw"
- "{{ services.nextcloud.volume }}/apache2/apache2.conf:/etc/apache2/apache2.conf:ro" - "{{ services.nextcloud.volume }}/apache2/apache2.conf:/etc/apache2/apache2.conf:ro"
- "{{ services.nextcloud.volume }}/apache2/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro" - "{{ services.nextcloud.volume }}/apache2/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro"
ports:
- '127.0.0.1:8080:80'
depends_on: depends_on:
- postgres - postgres
- redis - redis
networks:
services:
external: true

View file

@ -14,7 +14,7 @@
restart_policy: unless-stopped restart_policy: unless-stopped
env: env:
SERVERURL: "{{ services.wireguard.domain }}" SERVERURL: "{{ services.wireguard.domain }}"
SERVERPORT: "{{ services.wireguard.port }}" SERVERPORT: 51820
PEERS: "{{ secrets.wireguard.peers }}" PEERS: "{{ secrets.wireguard.peers }}"
PEERDNS: auto PEERDNS: auto
TZ: "{{ timezone }}" TZ: "{{ timezone }}"
@ -22,7 +22,7 @@
- "{{ services.wireguard.volume }}:/config:rw" - "{{ services.wireguard.volume }}:/config:rw"
- /lib/modules:/lib/modules:rw - /lib/modules:/lib/modules:rw
published_ports: published_ports:
- "{{ services.wireguard.port }}:{{ services.wireguard.port }}/udp" - '51820:51820/udp'
capabilities: capabilities:
- net_admin - net_admin
- sys_module - sys_module

View file

@ -13,7 +13,7 @@
-Server -Server
} }
reverse_proxy localhost:8080 reverse_proxy nextcloud_app_1:80
} }
{{ services.emby.domain }} { {{ services.emby.domain }} {
@ -24,7 +24,7 @@
-Server -Server
} }
reverse_proxy localhost:8096 reverse_proxy emby_app:8096
} }
{{ services.monerod.domain }}:18089 { {{ services.monerod.domain }}:18089 {
@ -35,5 +35,5 @@
-Server -Server
} }
reverse_proxy localhost:18081 reverse_proxy monerod_node:18089
} }

View file

@ -1,11 +1,5 @@
{ {
"data-root": "{{ ssd_mount_point }}/docker-runtime", "data-root": "{{ ssd_mount_point }}/docker-runtime",
"default-address-pools": [
{
"base": "172.17.0.0/16",
"size": 24
}
],
"ipv6": true, "ipv6": true,
"fixed-cidr-v6": "fd00::/80" "fixed-cidr-v6": "fd00::/80"
} }