systems/infrastructure
1
Fork 0
Code Issues 1 Pull requests 17 Activity Actions

Move docker containers to new PVE container

Browse source
This commit is contained in:
Jake Howard 2021-01-09 18:02:17 +00:00
parent a35f2f91ff
commit fef7f2c2b4
Signed by: jake
GPG key ID: 57AFB45680EDD477
35 changed files with 30 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ansible/host_vars/pve-docker.yml
View file

@ -1,2 +1,4 @@
expose_ssh: true expose_ssh: true
traefik_private_ip: "{{ ansible_default_ipv4.address }}" traefik_private_ip: "{{ ansible_default_ipv4.address }}"
traefik_proxy_protocol_trusted_ips: "10.23.0.0/16"

1
ansible/hosts
View file

@ -1,5 +1,4 @@
casey casey
intersect
walker walker
grimes grimes

9
ansible/main.yml
View file

@ -14,7 +14,6 @@
- gateway - gateway
- hosts: - hosts:
- intersect
- walker - walker
- grimes - grimes
- pve-docker - pve-docker
@ -32,7 +31,6 @@
# ZFS Hosts # ZFS Hosts
- hosts: - hosts:
- walker - walker
- intersect
roles: roles:
- zfs - zfs
@ -42,14 +40,11 @@
- plausible - plausible
- duplicati - duplicati
- hosts: intersect - hosts: pve-docker
roles: roles:
- home_assistant - pve_docker
- intersect_docker
- duplicati
- grafana - grafana
- gitlab - gitlab
- scrutiny
- heimdall - heimdall
- hosts: walker - hosts: walker

6
ansible/roles/gitlab/files/docker-compose.yml
View file

@ -22,7 +22,7 @@ services:
- db - db
- redis - redis
ports: ports:
- "{{ wireguard.clients.intersect.ip }}:8022:22" - "8022:22"
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.gitlab.rule=Host(`git.theorangeone.net`) || Host(`git.0rng.one`) - traefik.http.routers.gitlab.rule=Host(`git.theorangeone.net`) || Host(`git.0rng.one`)
@ -34,7 +34,7 @@ services:
image: postgres:12-alpine image: postgres:12-alpine
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- /mnt/tank/dbs/postgres/gitlab:/var/lib/postgresql/data - ./postgres:/var/lib/postgresql/data
environment: environment:
- POSTGRES_PASSWORD=gitlab - POSTGRES_PASSWORD=gitlab
- POSTGRES_USER=gitlab - POSTGRES_USER=gitlab
@ -44,7 +44,7 @@ services:
image: redis:6-alpine image: redis:6-alpine
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- /mnt/tank/dbs/redis/gitlab:/data - ./redis:/data
lsyncd: lsyncd:
image: theorangeone/lsyncd:latest image: theorangeone/lsyncd:latest

2
ansible/roles/gitlab/files/lsyncd.lua
View file

@ -6,7 +6,7 @@ settings {
sync { sync {
default.rsyncssh, default.rsyncssh,
source = "/mnt/pages", source = "/mnt/pages",
host = "user@{{ wireguard.clients.walker.ip }}", host = "user@5.39.79.153",
targetdir = "/config/pages", targetdir = "/config/pages",
delay = 10, delay = 10,
rsync = { rsync = {

4
ansible/roles/grafana/files/docker-compose.yml
View file

@ -9,7 +9,7 @@ services:
- GF_RENDERING_SERVER_URL=http://renderer:8081/render - GF_RENDERING_SERVER_URL=http://renderer:8081/render
- GF_RENDERING_CALLBACK_URL=http://grafana:3000/ - GF_RENDERING_CALLBACK_URL=http://grafana:3000/
volumes: volumes:
- "{{ app_data_dir }}/grafana:/var/lib/grafana" - "./grafana:/var/lib/grafana"
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
- db - db
@ -27,7 +27,7 @@ services:
image: postgres:12-alpine image: postgres:12-alpine
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- /mnt/tank/dbs/postgres/grafana:/var/lib/postgresql/data - ./postgres:/var/lib/postgresql/data
environment: environment:
- POSTGRES_PASSWORD=grafana - POSTGRES_PASSWORD=grafana
- POSTGRES_USER=grafana - POSTGRES_USER=grafana

2
ansible/roles/heimdall/files/docker-compose.yml
View file

@ -9,7 +9,7 @@ services:
- TZ=Europe/London - TZ=Europe/London
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- "{{ app_data_dir }}/heimdall/:/config" - "./config:/config"
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.heimdall.rule=Host(`jakehoward.tech`) - traefik.http.routers.heimdall.rule=Host(`jakehoward.tech`)

2
ansible/roles/intersect_docker/files/calibre/docker-compose.yml → ansible/roles/pve_docker/files/calibre/docker-compose.yml
View file

@ -8,7 +8,7 @@ services:
- TZ=Europe/London - TZ=Europe/London
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- "{{ app_data_dir }}/calibre:/config" - "./calibre:/config"
- /mnt/tank/files/ebooks:/books:ro - /mnt/tank/files/ebooks:/books:ro
labels: labels:
- traefik.enable=true - traefik.enable=true

0
ansible/roles/intersect_docker/files/gotify/docker-compose.yml → ansible/roles/pve_docker/files/gotify/docker-compose.yml
View file

0
ansible/roles/intersect_docker/files/librespeed/docker-compose.yml → ansible/roles/pve_docker/files/librespeed/docker-compose.yml
View file

2
ansible/roles/intersect_docker/files/nextcloud/config.php → ansible/roles/pve_docker/files/nextcloud/config.php
View file

@ -39,4 +39,6 @@ $CONFIG = array (
'preview_max_x' => '2048', 'preview_max_x' => '2048',
'preview_max_y' => '2048', 'preview_max_y' => '2048',
'jpeg_quality' => '60', 'jpeg_quality' => '60',
'has_rebuilt_cache' => true,
'logfile' => '/config/log/nextcloud.log',
); );

9
ansible/roles/intersect_docker/files/nextcloud/docker-compose.yml → ansible/roles/pve_docker/files/nextcloud/docker-compose.yml
View file

@ -9,10 +9,9 @@ services:
- TZ=Europe/London - TZ=Europe/London
- DOCKER_MODS=theorangeone/lsio-mod-more-processes:latest - DOCKER_MODS=theorangeone/lsio-mod-more-processes:latest
volumes: volumes:
- "{{ app_data_dir }}/nextcloud/apps:/config/www/nextcloud/apps" - "./nextcloud/apps:/config/www/nextcloud/apps"
- "{{ app_data_dir }}/nextcloud/config.php:/config/www/nextcloud/config/config.php" - "./nextcloud/config.php:/config/www/nextcloud/config/config.php"
- /mnt/tank/files/nextcloud:/data - /mnt/tank/files/nextcloud:/data
- /mnt/media:/content:ro
- /mnt/tank/files:/mnt/files - /mnt/tank/files:/mnt/files
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
@ -34,7 +33,7 @@ services:
image: mariadb:10.5 image: mariadb:10.5
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- /mnt/tank/dbs/mariadb/nextcloud:/var/lib/mysql - ./mariadb:/var/lib/mysql
environment: environment:
- MYSQL_ROOT_PASSWORD=nextcloud - MYSQL_ROOT_PASSWORD=nextcloud
- MYSQL_DATABASE=nextcloud - MYSQL_DATABASE=nextcloud
@ -45,7 +44,7 @@ services:
image: redis:6-alpine image: redis:6-alpine
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- /mnt/tank/dbs/redis/nextcloud:/data - ./redis:/data
collabora: collabora:
image: collabora/code:latest image: collabora/code:latest

2
ansible/roles/intersect_docker/files/quassel/docker-compose.yml → ansible/roles/pve_docker/files/quassel/docker-compose.yml
View file

@ -17,7 +17,7 @@ services:
depends_on: depends_on:
- db - db
ports: ports:
- "{{ wireguard.clients.intersect.ip }}:4242:4242" - "4242:4242"
db: db:
image: postgres:12-alpine image: postgres:12-alpine

0
ansible/roles/intersect_docker/files/synapse/docker-compose.yml → ansible/roles/pve_docker/files/synapse/docker-compose.yml
View file

0
ansible/roles/intersect_docker/files/synapse/homeserver.yml → ansible/roles/pve_docker/files/synapse/homeserver.yml
View file

0
ansible/roles/intersect_docker/files/tt-rss/config.php → ansible/roles/pve_docker/files/tt-rss/config.php
View file

6
ansible/roles/intersect_docker/files/tt-rss/docker-compose.yml → ansible/roles/pve_docker/files/tt-rss/docker-compose.yml
View file

@ -8,8 +8,8 @@ services:
- PGID={{ docker_user.id }} - PGID={{ docker_user.id }}
- TZ=Europe/London - TZ=Europe/London
volumes: volumes:
- "{{ app_data_dir }}/tt-rss/config.php:/config/config.php:ro" - "./tt-rss/config.php:/config/config.php:ro"
- "{{ app_data_dir }}/tt-rss/feed-icons:/config/feed-icons" - "./tt-rss/feed-icons:/config/feed-icons"
- ./plugins:/config/plugins.local - ./plugins:/config/plugins.local
restart: unless-stopped restart: unless-stopped
labels: labels:
@ -26,7 +26,7 @@ services:
image: postgres:12-alpine image: postgres:12-alpine
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- /mnt/tank/dbs/postgres/tt-rss:/var/lib/postgresql/data - ./postgres:/var/lib/postgresql/data
environment: environment:
- POSTGRES_PASSWORD=tt-rss - POSTGRES_PASSWORD=tt-rss
- POSTGRES_USER=tt-rss - POSTGRES_USER=tt-rss

6
ansible/roles/intersect_docker/files/wallabag/docker-compose.yml → ansible/roles/pve_docker/files/wallabag/docker-compose.yml
View file

@ -8,8 +8,8 @@ services:
- SYMFONY__ENV__SECRET={{ wallabag_secret }} - SYMFONY__ENV__SECRET={{ wallabag_secret }}
- SYMFONY__ENV__DOMAIN_NAME=https://wallabag.jakehoward.tech - SYMFONY__ENV__DOMAIN_NAME=https://wallabag.jakehoward.tech
volumes: volumes:
- "{{ app_data_dir }}/wallabag/data:/var/www/wallabag/data" - "./wallabag/data:/var/www/wallabag/data"
- "{{ app_data_dir }}/wallabag/images:/var/www/wallabag/images" - "./wallabag/images:/var/www/wallabag/images"
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.wallabag.rule=Host(`wallabag.jakehoward.tech`) - traefik.http.routers.wallabag.rule=Host(`wallabag.jakehoward.tech`)
@ -21,4 +21,4 @@ services:
image: redis:6-alpine image: redis:6-alpine
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- /mnt/tank/dbs/redis/wallabag:/data - ./redis:/data

0
ansible/roles/intersect_docker/files/whoami/docker-compose.yml → ansible/roles/pve_docker/files/whoami/docker-compose.yml
View file

0
ansible/roles/intersect_docker/tasks/calibre.yml → ansible/roles/pve_docker/tasks/calibre.yml
View file

0
ansible/roles/intersect_docker/tasks/gotify.yml → ansible/roles/pve_docker/tasks/gotify.yml
View file

0
ansible/roles/intersect_docker/tasks/librespeed.yml → ansible/roles/pve_docker/tasks/librespeed.yml
View file

0
ansible/roles/intersect_docker/tasks/main.yml → ansible/roles/pve_docker/tasks/main.yml
View file

0
ansible/roles/intersect_docker/tasks/nextcloud.yml → ansible/roles/pve_docker/tasks/nextcloud.yml
View file

0
ansible/roles/intersect_docker/tasks/quassel.yml → ansible/roles/pve_docker/tasks/quassel.yml
View file

0
ansible/roles/intersect_docker/tasks/synapse.yml → ansible/roles/pve_docker/tasks/synapse.yml
View file

0
ansible/roles/intersect_docker/tasks/tt-rss.yml → ansible/roles/pve_docker/tasks/tt-rss.yml
View file

0
ansible/roles/intersect_docker/tasks/wallabag.yml → ansible/roles/pve_docker/tasks/wallabag.yml
View file

0
ansible/roles/intersect_docker/tasks/whoami.yml → ansible/roles/pve_docker/tasks/whoami.yml
View file

0
ansible/roles/intersect_docker/vars/librespeed.yml → ansible/roles/pve_docker/vars/librespeed.yml
View file

0
ansible/roles/intersect_docker/vars/nextcloud.yml → ansible/roles/pve_docker/vars/nextcloud.yml
View file

0
ansible/roles/intersect_docker/vars/synapse.yml → ansible/roles/pve_docker/vars/synapse.yml
View file

0
ansible/roles/intersect_docker/vars/wallabag.yml → ansible/roles/pve_docker/vars/wallabag.yml
View file

2
ansible/roles/traefik/defaults/main.yml
View file

@ -1,2 +1,4 @@
traefik_private_ip: "{{ wireguard.clients[ansible_fqdn].ip }}" traefik_private_ip: "{{ wireguard.clients[ansible_fqdn].ip }}"
traefik_influx_db_dir: ./influxdb traefik_influx_db_dir: ./influxdb
traefik_proxy_protocol_trusted_ips: "{{ wireguard.cidr }}"

6
ansible/roles/traefik/files/traefik.yml
View file

@ -3,17 +3,17 @@ entryPoints:
address: :80 address: :80
proxyProtocol: proxyProtocol:
trustedIPs: trustedIPs:
- "{{ wireguard.cidr }}" - "{{ traefik_proxy_protocol_trusted_ips }}"
web-secure: web-secure:
address: :443 address: :443
proxyProtocol: proxyProtocol:
trustedIPs: trustedIPs:
- "{{ wireguard.cidr }}" - "{{ traefik_proxy_protocol_trusted_ips }}"
matrix: matrix:
address: :8448 address: :8448
proxyProtocol: proxyProtocol:
trustedIPs: trustedIPs:
- "{{ wireguard.cidr }}" - "{{ traefik_proxy_protocol_trusted_ips }}"
traefik: traefik:
address: "{{ traefik_private_ip }}:8080" address: "{{ traefik_private_ip }}:8080"