samsapti/pi-ansible
Archived
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Use Docker network for Caddy instead of host networking

Browse source
This commit is contained in:
Sam A. 2022-12-28 17:51:02 +01:00
parent d952e0fdd5
commit e08f4e1330
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
9 changed files with 28 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
roles/docker/defaults/main.yml
View file

@ -34,7 +34,6 @@ services:
wireguard:
domain: "wg01.vpn.{{ base_domain }}"
volume: "{{ base_volume }}/wireguard"
port: 51820
version: arm64v8-alpine
snowflake:

8
roles/docker/tasks/services.yml
View file

@ -7,6 +7,14 @@
mode: u=rwx,g=rx,o=rx
state: directory
- name: Create Docker network for services
docker_network:
name: services
ipam_config:
- subnet: 172.17.0.0/16
gateway: 172.17.0.1
state: present
- name: Deploy services
include_tasks: "services/{{ item.service }}.yml"
loop: "{{ services | dict2items(key_name='service') }}"

3
roles/docker/tasks/services/caddy.yml
View file

@ -24,7 +24,8 @@
name: caddy
image: "caddy:{{ services.caddy.version }}"
restart_policy: unless-stopped
network_mode: host
networks:
- services
volumes:
- "{{ services.caddy.volume }}/Caddyfile:/etc/caddy/Caddyfile:ro"
- "{{ services.caddy.volume }}/config:/config:rw"

4
roles/docker/tasks/services/emby.yml
View file

@ -15,12 +15,14 @@
- name: Deploy Emby Docker container
docker_container:
name: emby
name: emby_app
image: "emby/embyserver_arm64v8:{{ services.emby.version }}"
restart_policy: unless-stopped
env:
UID: '1000'
GID: '1000'
networks:
- services
volumes:
- "{{ services.emby.volume }}/programdata:/config:rw"
- "{{ services.emby.volume }}/tvshows:/mnt/share1:rw"

5
roles/docker/tasks/services/monerod.yml
View file

@ -7,9 +7,11 @@
- name: Deploy Monero node Docker container
docker_container:
name: monerod
name: monerod_node
image: "sethsimmons/simple-monerod:{{ services.monerod.version }}"
restart_policy: unless-stopped
networks:
- services
volumes:
- monerod-node-blockchain:/home/monero/.bitmonero:rw
command:
@ -20,4 +22,3 @@
- --enable-dns-blocklist
published_ports:
- '18080:18080'
- '127.0.0.1:18081:18089'

9
roles/docker/tasks/services/nextcloud.yml
View file

@ -74,12 +74,17 @@
REDIS_HOST_PASSWORD: "{{ secrets.nextcloud.redis_pw }}"
PHP_MEMORY_LIMIT: 2G
PHP_UPLOAD_LIMIT: 16G
networks:
- default
- services
volumes:
- "{{ services.nextcloud.volume }}/app:/var/www/html:rw"
- "{{ services.nextcloud.volume }}/apache2/apache2.conf:/etc/apache2/apache2.conf:ro"
- "{{ services.nextcloud.volume }}/apache2/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro"
ports:
- '127.0.0.1:8080:80'
depends_on:
- postgres
- redis
networks:
services:
external: true

4
roles/docker/tasks/services/wireguard.yml
View file

@ -14,7 +14,7 @@
restart_policy: unless-stopped
env:
SERVERURL: "{{ services.wireguard.domain }}"
SERVERPORT: "{{ services.wireguard.port }}"
SERVERPORT: 51820
PEERS: "{{ secrets.wireguard.peers }}"
PEERDNS: auto
TZ: "{{ timezone }}"
@ -22,7 +22,7 @@
- "{{ services.wireguard.volume }}:/config:rw"
- /lib/modules:/lib/modules:rw
published_ports:
- "{{ services.wireguard.port }}:{{ services.wireguard.port }}/udp"
- '51820:51820/udp'
capabilities:
- net_admin
- sys_module

6
roles/docker/templates/Caddyfile.j2
View file

@ -13,7 +13,7 @@
-Server
}
reverse_proxy localhost:8080
reverse_proxy nextcloud_app_1:80
}
{{ services.emby.domain }} {
@ -24,7 +24,7 @@
-Server
}
reverse_proxy localhost:8096
reverse_proxy emby_app:8096
}
{{ services.monerod.domain }}:18089 {
@ -35,5 +35,5 @@
-Server
}
reverse_proxy localhost:18081
reverse_proxy monerod_node:18089
}

6
roles/docker/templates/daemon.json.j2
View file

@ -1,11 +1,5 @@
{
"data-root": "{{ ssd_mount_point }}/docker-runtime",
"default-address-pools": [
{
"base": "172.17.0.0/16",
"size": 24
}
],
"ipv6": true,
"fixed-cidr-v6": "fd00::/80"
}