diff --git a/ansible/host_vars/pve-docker.yml b/ansible/host_vars/pve-docker.yml index 556a538..edca095 100644 --- a/ansible/host_vars/pve-docker.yml +++ b/ansible/host_vars/pve-docker.yml @@ -1,2 +1,4 @@ expose_ssh: true traefik_private_ip: "{{ ansible_default_ipv4.address }}" + +traefik_proxy_protocol_trusted_ips: "10.23.0.0/16" diff --git a/ansible/hosts b/ansible/hosts index 0bbfa38..751283a 100644 --- a/ansible/hosts +++ b/ansible/hosts @@ -1,5 +1,4 @@ casey -intersect walker grimes diff --git a/ansible/main.yml b/ansible/main.yml index efcab3c..f0fce6e 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -14,7 +14,6 @@ - gateway - hosts: - - intersect - walker - grimes - pve-docker @@ -32,7 +31,6 @@ # ZFS Hosts - hosts: - walker - - intersect roles: - zfs @@ -42,14 +40,11 @@ - plausible - duplicati -- hosts: intersect +- hosts: pve-docker roles: - - home_assistant - - intersect_docker - - duplicati + - pve_docker - grafana - gitlab - - scrutiny - heimdall - hosts: walker diff --git a/ansible/roles/gitlab/files/docker-compose.yml b/ansible/roles/gitlab/files/docker-compose.yml index 54e1bc0..8b7b577 100644 --- a/ansible/roles/gitlab/files/docker-compose.yml +++ b/ansible/roles/gitlab/files/docker-compose.yml @@ -22,7 +22,7 @@ services: - db - redis ports: - - "{{ wireguard.clients.intersect.ip }}:8022:22" + - "8022:22" labels: - traefik.enable=true - traefik.http.routers.gitlab.rule=Host(`git.theorangeone.net`) || Host(`git.0rng.one`) @@ -34,7 +34,7 @@ services: image: postgres:12-alpine restart: unless-stopped volumes: - - /mnt/tank/dbs/postgres/gitlab:/var/lib/postgresql/data + - ./postgres:/var/lib/postgresql/data environment: - POSTGRES_PASSWORD=gitlab - POSTGRES_USER=gitlab @@ -44,7 +44,7 @@ services: image: redis:6-alpine restart: unless-stopped volumes: - - /mnt/tank/dbs/redis/gitlab:/data + - ./redis:/data lsyncd: image: theorangeone/lsyncd:latest diff --git a/ansible/roles/gitlab/files/lsyncd.lua b/ansible/roles/gitlab/files/lsyncd.lua index 1985c07..3fee65e 100644 --- a/ansible/roles/gitlab/files/lsyncd.lua +++ b/ansible/roles/gitlab/files/lsyncd.lua @@ -6,7 +6,7 @@ settings { sync { default.rsyncssh, source = "/mnt/pages", - host = "user@{{ wireguard.clients.walker.ip }}", + host = "user@5.39.79.153", targetdir = "/config/pages", delay = 10, rsync = { diff --git a/ansible/roles/grafana/files/docker-compose.yml b/ansible/roles/grafana/files/docker-compose.yml index f07b4e9..696130f 100644 --- a/ansible/roles/grafana/files/docker-compose.yml +++ b/ansible/roles/grafana/files/docker-compose.yml @@ -9,7 +9,7 @@ services: - GF_RENDERING_SERVER_URL=http://renderer:8081/render - GF_RENDERING_CALLBACK_URL=http://grafana:3000/ volumes: - - "{{ app_data_dir }}/grafana:/var/lib/grafana" + - "./grafana:/var/lib/grafana" restart: unless-stopped depends_on: - db @@ -27,7 +27,7 @@ services: image: postgres:12-alpine restart: unless-stopped volumes: - - /mnt/tank/dbs/postgres/grafana:/var/lib/postgresql/data + - ./postgres:/var/lib/postgresql/data environment: - POSTGRES_PASSWORD=grafana - POSTGRES_USER=grafana diff --git a/ansible/roles/heimdall/files/docker-compose.yml b/ansible/roles/heimdall/files/docker-compose.yml index 855c3f4..8ba7cb7 100644 --- a/ansible/roles/heimdall/files/docker-compose.yml +++ b/ansible/roles/heimdall/files/docker-compose.yml @@ -9,7 +9,7 @@ services: - TZ=Europe/London restart: unless-stopped volumes: - - "{{ app_data_dir }}/heimdall/:/config" + - "./config:/config" labels: - traefik.enable=true - traefik.http.routers.heimdall.rule=Host(`jakehoward.tech`) diff --git a/ansible/roles/intersect_docker/files/calibre/docker-compose.yml b/ansible/roles/pve_docker/files/calibre/docker-compose.yml similarity index 90% rename from ansible/roles/intersect_docker/files/calibre/docker-compose.yml rename to ansible/roles/pve_docker/files/calibre/docker-compose.yml index aceb34e..5d450ee 100644 --- a/ansible/roles/intersect_docker/files/calibre/docker-compose.yml +++ b/ansible/roles/pve_docker/files/calibre/docker-compose.yml @@ -8,7 +8,7 @@ services: - TZ=Europe/London restart: unless-stopped volumes: - - "{{ app_data_dir }}/calibre:/config" + - "./calibre:/config" - /mnt/tank/files/ebooks:/books:ro labels: - traefik.enable=true diff --git a/ansible/roles/intersect_docker/files/gotify/docker-compose.yml b/ansible/roles/pve_docker/files/gotify/docker-compose.yml similarity index 100% rename from ansible/roles/intersect_docker/files/gotify/docker-compose.yml rename to ansible/roles/pve_docker/files/gotify/docker-compose.yml diff --git a/ansible/roles/intersect_docker/files/librespeed/docker-compose.yml b/ansible/roles/pve_docker/files/librespeed/docker-compose.yml similarity index 100% rename from ansible/roles/intersect_docker/files/librespeed/docker-compose.yml rename to ansible/roles/pve_docker/files/librespeed/docker-compose.yml diff --git a/ansible/roles/intersect_docker/files/nextcloud/config.php b/ansible/roles/pve_docker/files/nextcloud/config.php similarity index 93% rename from ansible/roles/intersect_docker/files/nextcloud/config.php rename to ansible/roles/pve_docker/files/nextcloud/config.php index 2a86801..ae1d522 100644 --- a/ansible/roles/intersect_docker/files/nextcloud/config.php +++ b/ansible/roles/pve_docker/files/nextcloud/config.php @@ -39,4 +39,6 @@ $CONFIG = array ( 'preview_max_x' => '2048', 'preview_max_y' => '2048', 'jpeg_quality' => '60', + 'has_rebuilt_cache' => true, + 'logfile' => '/config/log/nextcloud.log', ); diff --git a/ansible/roles/intersect_docker/files/nextcloud/docker-compose.yml b/ansible/roles/pve_docker/files/nextcloud/docker-compose.yml similarity index 85% rename from ansible/roles/intersect_docker/files/nextcloud/docker-compose.yml rename to ansible/roles/pve_docker/files/nextcloud/docker-compose.yml index 063c8d9..b99ae07 100644 --- a/ansible/roles/intersect_docker/files/nextcloud/docker-compose.yml +++ b/ansible/roles/pve_docker/files/nextcloud/docker-compose.yml @@ -9,10 +9,9 @@ services: - TZ=Europe/London - DOCKER_MODS=theorangeone/lsio-mod-more-processes:latest volumes: - - "{{ app_data_dir }}/nextcloud/apps:/config/www/nextcloud/apps" - - "{{ app_data_dir }}/nextcloud/config.php:/config/www/nextcloud/config/config.php" + - "./nextcloud/apps:/config/www/nextcloud/apps" + - "./nextcloud/config.php:/config/www/nextcloud/config/config.php" - /mnt/tank/files/nextcloud:/data - - /mnt/media:/content:ro - /mnt/tank/files:/mnt/files restart: unless-stopped depends_on: @@ -34,7 +33,7 @@ services: image: mariadb:10.5 restart: unless-stopped volumes: - - /mnt/tank/dbs/mariadb/nextcloud:/var/lib/mysql + - ./mariadb:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD=nextcloud - MYSQL_DATABASE=nextcloud @@ -45,7 +44,7 @@ services: image: redis:6-alpine restart: unless-stopped volumes: - - /mnt/tank/dbs/redis/nextcloud:/data + - ./redis:/data collabora: image: collabora/code:latest diff --git a/ansible/roles/intersect_docker/files/quassel/docker-compose.yml b/ansible/roles/pve_docker/files/quassel/docker-compose.yml similarity index 92% rename from ansible/roles/intersect_docker/files/quassel/docker-compose.yml rename to ansible/roles/pve_docker/files/quassel/docker-compose.yml index 4670f75..559758e 100644 --- a/ansible/roles/intersect_docker/files/quassel/docker-compose.yml +++ b/ansible/roles/pve_docker/files/quassel/docker-compose.yml @@ -17,7 +17,7 @@ services: depends_on: - db ports: - - "{{ wireguard.clients.intersect.ip }}:4242:4242" + - "4242:4242" db: image: postgres:12-alpine diff --git a/ansible/roles/intersect_docker/files/synapse/docker-compose.yml b/ansible/roles/pve_docker/files/synapse/docker-compose.yml similarity index 100% rename from ansible/roles/intersect_docker/files/synapse/docker-compose.yml rename to ansible/roles/pve_docker/files/synapse/docker-compose.yml diff --git a/ansible/roles/intersect_docker/files/synapse/homeserver.yml b/ansible/roles/pve_docker/files/synapse/homeserver.yml similarity index 100% rename from ansible/roles/intersect_docker/files/synapse/homeserver.yml rename to ansible/roles/pve_docker/files/synapse/homeserver.yml diff --git a/ansible/roles/intersect_docker/files/tt-rss/config.php b/ansible/roles/pve_docker/files/tt-rss/config.php similarity index 100% rename from ansible/roles/intersect_docker/files/tt-rss/config.php rename to ansible/roles/pve_docker/files/tt-rss/config.php diff --git a/ansible/roles/intersect_docker/files/tt-rss/docker-compose.yml b/ansible/roles/pve_docker/files/tt-rss/docker-compose.yml similarity index 78% rename from ansible/roles/intersect_docker/files/tt-rss/docker-compose.yml rename to ansible/roles/pve_docker/files/tt-rss/docker-compose.yml index ef8bf12..2894e92 100644 --- a/ansible/roles/intersect_docker/files/tt-rss/docker-compose.yml +++ b/ansible/roles/pve_docker/files/tt-rss/docker-compose.yml @@ -8,8 +8,8 @@ services: - PGID={{ docker_user.id }} - TZ=Europe/London volumes: - - "{{ app_data_dir }}/tt-rss/config.php:/config/config.php:ro" - - "{{ app_data_dir }}/tt-rss/feed-icons:/config/feed-icons" + - "./tt-rss/config.php:/config/config.php:ro" + - "./tt-rss/feed-icons:/config/feed-icons" - ./plugins:/config/plugins.local restart: unless-stopped labels: @@ -26,7 +26,7 @@ services: image: postgres:12-alpine restart: unless-stopped volumes: - - /mnt/tank/dbs/postgres/tt-rss:/var/lib/postgresql/data + - ./postgres:/var/lib/postgresql/data environment: - POSTGRES_PASSWORD=tt-rss - POSTGRES_USER=tt-rss diff --git a/ansible/roles/intersect_docker/files/wallabag/docker-compose.yml b/ansible/roles/pve_docker/files/wallabag/docker-compose.yml similarity index 74% rename from ansible/roles/intersect_docker/files/wallabag/docker-compose.yml rename to ansible/roles/pve_docker/files/wallabag/docker-compose.yml index 2410c7a..ab1cd0f 100644 --- a/ansible/roles/intersect_docker/files/wallabag/docker-compose.yml +++ b/ansible/roles/pve_docker/files/wallabag/docker-compose.yml @@ -8,8 +8,8 @@ services: - SYMFONY__ENV__SECRET={{ wallabag_secret }} - SYMFONY__ENV__DOMAIN_NAME=https://wallabag.jakehoward.tech volumes: - - "{{ app_data_dir }}/wallabag/data:/var/www/wallabag/data" - - "{{ app_data_dir }}/wallabag/images:/var/www/wallabag/images" + - "./wallabag/data:/var/www/wallabag/data" + - "./wallabag/images:/var/www/wallabag/images" labels: - traefik.enable=true - traefik.http.routers.wallabag.rule=Host(`wallabag.jakehoward.tech`) @@ -21,4 +21,4 @@ services: image: redis:6-alpine restart: unless-stopped volumes: - - /mnt/tank/dbs/redis/wallabag:/data + - ./redis:/data diff --git a/ansible/roles/intersect_docker/files/whoami/docker-compose.yml b/ansible/roles/pve_docker/files/whoami/docker-compose.yml similarity index 100% rename from ansible/roles/intersect_docker/files/whoami/docker-compose.yml rename to ansible/roles/pve_docker/files/whoami/docker-compose.yml diff --git a/ansible/roles/intersect_docker/tasks/calibre.yml b/ansible/roles/pve_docker/tasks/calibre.yml similarity index 100% rename from ansible/roles/intersect_docker/tasks/calibre.yml rename to ansible/roles/pve_docker/tasks/calibre.yml diff --git a/ansible/roles/intersect_docker/tasks/gotify.yml b/ansible/roles/pve_docker/tasks/gotify.yml similarity index 100% rename from ansible/roles/intersect_docker/tasks/gotify.yml rename to ansible/roles/pve_docker/tasks/gotify.yml diff --git a/ansible/roles/intersect_docker/tasks/librespeed.yml b/ansible/roles/pve_docker/tasks/librespeed.yml similarity index 100% rename from ansible/roles/intersect_docker/tasks/librespeed.yml rename to ansible/roles/pve_docker/tasks/librespeed.yml diff --git a/ansible/roles/intersect_docker/tasks/main.yml b/ansible/roles/pve_docker/tasks/main.yml similarity index 100% rename from ansible/roles/intersect_docker/tasks/main.yml rename to ansible/roles/pve_docker/tasks/main.yml diff --git a/ansible/roles/intersect_docker/tasks/nextcloud.yml b/ansible/roles/pve_docker/tasks/nextcloud.yml similarity index 100% rename from ansible/roles/intersect_docker/tasks/nextcloud.yml rename to ansible/roles/pve_docker/tasks/nextcloud.yml diff --git a/ansible/roles/intersect_docker/tasks/quassel.yml b/ansible/roles/pve_docker/tasks/quassel.yml similarity index 100% rename from ansible/roles/intersect_docker/tasks/quassel.yml rename to ansible/roles/pve_docker/tasks/quassel.yml diff --git a/ansible/roles/intersect_docker/tasks/synapse.yml b/ansible/roles/pve_docker/tasks/synapse.yml similarity index 100% rename from ansible/roles/intersect_docker/tasks/synapse.yml rename to ansible/roles/pve_docker/tasks/synapse.yml diff --git a/ansible/roles/intersect_docker/tasks/tt-rss.yml b/ansible/roles/pve_docker/tasks/tt-rss.yml similarity index 100% rename from ansible/roles/intersect_docker/tasks/tt-rss.yml rename to ansible/roles/pve_docker/tasks/tt-rss.yml diff --git a/ansible/roles/intersect_docker/tasks/wallabag.yml b/ansible/roles/pve_docker/tasks/wallabag.yml similarity index 100% rename from ansible/roles/intersect_docker/tasks/wallabag.yml rename to ansible/roles/pve_docker/tasks/wallabag.yml diff --git a/ansible/roles/intersect_docker/tasks/whoami.yml b/ansible/roles/pve_docker/tasks/whoami.yml similarity index 100% rename from ansible/roles/intersect_docker/tasks/whoami.yml rename to ansible/roles/pve_docker/tasks/whoami.yml diff --git a/ansible/roles/intersect_docker/vars/librespeed.yml b/ansible/roles/pve_docker/vars/librespeed.yml similarity index 100% rename from ansible/roles/intersect_docker/vars/librespeed.yml rename to ansible/roles/pve_docker/vars/librespeed.yml diff --git a/ansible/roles/intersect_docker/vars/nextcloud.yml b/ansible/roles/pve_docker/vars/nextcloud.yml similarity index 100% rename from ansible/roles/intersect_docker/vars/nextcloud.yml rename to ansible/roles/pve_docker/vars/nextcloud.yml diff --git a/ansible/roles/intersect_docker/vars/synapse.yml b/ansible/roles/pve_docker/vars/synapse.yml similarity index 100% rename from ansible/roles/intersect_docker/vars/synapse.yml rename to ansible/roles/pve_docker/vars/synapse.yml diff --git a/ansible/roles/intersect_docker/vars/wallabag.yml b/ansible/roles/pve_docker/vars/wallabag.yml similarity index 100% rename from ansible/roles/intersect_docker/vars/wallabag.yml rename to ansible/roles/pve_docker/vars/wallabag.yml diff --git a/ansible/roles/traefik/defaults/main.yml b/ansible/roles/traefik/defaults/main.yml index 263cfa3..93e1372 100644 --- a/ansible/roles/traefik/defaults/main.yml +++ b/ansible/roles/traefik/defaults/main.yml @@ -1,2 +1,4 @@ traefik_private_ip: "{{ wireguard.clients[ansible_fqdn].ip }}" traefik_influx_db_dir: ./influxdb + +traefik_proxy_protocol_trusted_ips: "{{ wireguard.cidr }}" diff --git a/ansible/roles/traefik/files/traefik.yml b/ansible/roles/traefik/files/traefik.yml index 2831e22..e8213bb 100644 --- a/ansible/roles/traefik/files/traefik.yml +++ b/ansible/roles/traefik/files/traefik.yml @@ -3,17 +3,17 @@ entryPoints: address: :80 proxyProtocol: trustedIPs: - - "{{ wireguard.cidr }}" + - "{{ traefik_proxy_protocol_trusted_ips }}" web-secure: address: :443 proxyProtocol: trustedIPs: - - "{{ wireguard.cidr }}" + - "{{ traefik_proxy_protocol_trusted_ips }}" matrix: address: :8448 proxyProtocol: trustedIPs: - - "{{ wireguard.cidr }}" + - "{{ traefik_proxy_protocol_trusted_ips }}" traefik: address: "{{ traefik_private_ip }}:8080"