Move docker containers to new PVE container

ansible/host_vars/pve-docker.yml

@@ -1,2 +1,4 @@
 expose_ssh: true
 traefik_private_ip: "{{ ansible_default_ipv4.address }}"
+
+traefik_proxy_protocol_trusted_ips: "10.23.0.0/16"

ansible/hosts

@@ -1,5 +1,4 @@
 casey
-intersect
 walker
 grimes
 

ansible/main.yml

@@ -14,7 +14,6 @@
     - gateway
 
 - hosts:
-    - intersect
     - walker
     - grimes
     - pve-docker
@@ -32,7 +31,6 @@
 # ZFS Hosts
 - hosts:
     - walker
-    - intersect
   roles:
     - zfs
 
@@ -42,14 +40,11 @@
     - plausible
     - duplicati
 
-- hosts: intersect
+- hosts: pve-docker
   roles:
-    - home_assistant
-    - intersect_docker
-    - duplicati
+    - pve_docker
     - grafana
     - gitlab
-    - scrutiny
     - heimdall
 
 - hosts: walker

ansible/roles/gitlab/files/docker-compose.yml

@@ -22,7 +22,7 @@ services:
       - db
       - redis
     ports:
-      - "{{ wireguard.clients.intersect.ip }}:8022:22"
+      - "8022:22"
     labels:
       - traefik.enable=true
       - traefik.http.routers.gitlab.rule=Host(`git.theorangeone.net`) || Host(`git.0rng.one`)
@@ -34,7 +34,7 @@ services:
     image: postgres:12-alpine
     restart: unless-stopped
     volumes:
-      - /mnt/tank/dbs/postgres/gitlab:/var/lib/postgresql/data
+      - ./postgres:/var/lib/postgresql/data
     environment:
       - POSTGRES_PASSWORD=gitlab
       - POSTGRES_USER=gitlab
@@ -44,7 +44,7 @@ services:
     image: redis:6-alpine
     restart: unless-stopped
     volumes:
-      - /mnt/tank/dbs/redis/gitlab:/data
+      - ./redis:/data
 
   lsyncd:
     image: theorangeone/lsyncd:latest

ansible/roles/gitlab/files/lsyncd.lua

@@ -6,7 +6,7 @@ settings {
 sync {
     default.rsyncssh,
     source    = "/mnt/pages",
-    host      = "user@{{ wireguard.clients.walker.ip }}",
+    host      = "user@5.39.79.153",
     targetdir = "/config/pages",
     delay     = 10,
     rsync     = {

ansible/roles/grafana/files/docker-compose.yml

@@ -9,7 +9,7 @@ services:
       - GF_RENDERING_SERVER_URL=http://renderer:8081/render
       - GF_RENDERING_CALLBACK_URL=http://grafana:3000/
     volumes:
-      - "{{ app_data_dir }}/grafana:/var/lib/grafana"
+      - "./grafana:/var/lib/grafana"
     restart: unless-stopped
     depends_on:
       - db
@@ -27,7 +27,7 @@ services:
     image: postgres:12-alpine
     restart: unless-stopped
     volumes:
-      - /mnt/tank/dbs/postgres/grafana:/var/lib/postgresql/data
+      - ./postgres:/var/lib/postgresql/data
     environment:
       - POSTGRES_PASSWORD=grafana
       - POSTGRES_USER=grafana

ansible/roles/heimdall/files/docker-compose.yml

@@ -9,7 +9,7 @@ services:
       - TZ=Europe/London
     restart: unless-stopped
     volumes:
-      - "{{ app_data_dir }}/heimdall/:/config"
+      - "./config:/config"
     labels:
       - traefik.enable=true
       - traefik.http.routers.heimdall.rule=Host(`jakehoward.tech`)

ansible/roles/pve_docker/files/calibre/docker-compose.yml

@@ -8,7 +8,7 @@ services:
       - TZ=Europe/London
     restart: unless-stopped
     volumes:
-      - "{{ app_data_dir }}/calibre:/config"
+      - "./calibre:/config"
       - /mnt/tank/files/ebooks:/books:ro
     labels:
       - traefik.enable=true

ansible/roles/pve_docker/files/nextcloud/config.php

@@ -39,4 +39,6 @@ $CONFIG = array (
   'preview_max_x' => '2048',
   'preview_max_y' => '2048',
   'jpeg_quality' => '60',
+  'has_rebuilt_cache' => true,
+  'logfile' => '/config/log/nextcloud.log',
 );

ansible/roles/pve_docker/files/nextcloud/docker-compose.yml

@@ -9,10 +9,9 @@ services:
       - TZ=Europe/London
       - DOCKER_MODS=theorangeone/lsio-mod-more-processes:latest
     volumes:
-      - "{{ app_data_dir }}/nextcloud/apps:/config/www/nextcloud/apps"
-      - "{{ app_data_dir }}/nextcloud/config.php:/config/www/nextcloud/config/config.php"
+      - "./nextcloud/apps:/config/www/nextcloud/apps"
+      - "./nextcloud/config.php:/config/www/nextcloud/config/config.php"
       - /mnt/tank/files/nextcloud:/data
-      - /mnt/media:/content:ro
       - /mnt/tank/files:/mnt/files
     restart: unless-stopped
     depends_on:
@@ -34,7 +33,7 @@ services:
     image: mariadb:10.5
     restart: unless-stopped
     volumes:
-      - /mnt/tank/dbs/mariadb/nextcloud:/var/lib/mysql
+      - ./mariadb:/var/lib/mysql
     environment:
       - MYSQL_ROOT_PASSWORD=nextcloud
       - MYSQL_DATABASE=nextcloud
@@ -45,7 +44,7 @@ services:
     image: redis:6-alpine
     restart: unless-stopped
     volumes:
-      - /mnt/tank/dbs/redis/nextcloud:/data
+      - ./redis:/data
 
   collabora:
     image: collabora/code:latest

ansible/roles/pve_docker/files/quassel/docker-compose.yml

@@ -17,7 +17,7 @@ services:
     depends_on:
       - db
     ports:
-      - "{{ wireguard.clients.intersect.ip }}:4242:4242"
+      - "4242:4242"
 
   db:
     image: postgres:12-alpine

ansible/roles/pve_docker/files/tt-rss/docker-compose.yml

@@ -8,8 +8,8 @@ services:
       - PGID={{ docker_user.id }}
       - TZ=Europe/London
     volumes:
-      - "{{ app_data_dir }}/tt-rss/config.php:/config/config.php:ro"
-      - "{{ app_data_dir }}/tt-rss/feed-icons:/config/feed-icons"
+      - "./tt-rss/config.php:/config/config.php:ro"
+      - "./tt-rss/feed-icons:/config/feed-icons"
       - ./plugins:/config/plugins.local
     restart: unless-stopped
     labels:
@@ -26,7 +26,7 @@ services:
     image: postgres:12-alpine
     restart: unless-stopped
     volumes:
-      - /mnt/tank/dbs/postgres/tt-rss:/var/lib/postgresql/data
+      - ./postgres:/var/lib/postgresql/data
     environment:
       - POSTGRES_PASSWORD=tt-rss
       - POSTGRES_USER=tt-rss

ansible/roles/pve_docker/files/wallabag/docker-compose.yml

@@ -8,8 +8,8 @@ services:
       - SYMFONY__ENV__SECRET={{ wallabag_secret }}
       - SYMFONY__ENV__DOMAIN_NAME=https://wallabag.jakehoward.tech
     volumes:
-      - "{{ app_data_dir }}/wallabag/data:/var/www/wallabag/data"
-      - "{{ app_data_dir }}/wallabag/images:/var/www/wallabag/images"
+      - "./wallabag/data:/var/www/wallabag/data"
+      - "./wallabag/images:/var/www/wallabag/images"
     labels:
       - traefik.enable=true
       - traefik.http.routers.wallabag.rule=Host(`wallabag.jakehoward.tech`)
@@ -21,4 +21,4 @@ services:
     image: redis:6-alpine
     restart: unless-stopped
     volumes:
-      - /mnt/tank/dbs/redis/wallabag:/data
+      - ./redis:/data

ansible/roles/traefik/defaults/main.yml

@@ -1,2 +1,4 @@
 traefik_private_ip: "{{ wireguard.clients[ansible_fqdn].ip }}"
 traefik_influx_db_dir: ./influxdb
+
+traefik_proxy_protocol_trusted_ips: "{{ wireguard.cidr }}"

ansible/roles/traefik/files/traefik.yml

@@ -3,17 +3,17 @@ entryPoints:
     address: :80
     proxyProtocol:
       trustedIPs:
-        - "{{ wireguard.cidr }}"
+        - "{{ traefik_proxy_protocol_trusted_ips }}"
   web-secure:
     address: :443
     proxyProtocol:
       trustedIPs:
-        - "{{ wireguard.cidr }}"
+        - "{{ traefik_proxy_protocol_trusted_ips }}"
   matrix:
     address: :8448
     proxyProtocol:
       trustedIPs:
-        - "{{ wireguard.cidr }}"
+        - "{{ traefik_proxy_protocol_trusted_ips }}"
   traefik:
     address: "{{ traefik_private_ip }}:8080"