From c418b61ede2035167af6fc4ef0a144224837de58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Kucharczyk?= Date: Mon, 21 Jun 2021 10:38:18 +0200 Subject: [PATCH] Improve networks Create a single external network called "external". Create container-specific networks. Only a few containers need access to these. So far: openldap, postgres. --- roles/authelia/tasks/main.yml | 4 ++-- roles/jellyfin/tasks/main.yml | 2 +- roles/keycloak/tasks/main.yml | 3 ++- roles/nginx/tasks/main.yml | 9 ++++----- roles/openldap/tasks/main.yml | 8 +++++++- roles/portainer/tasks/main.yml | 3 +-- 6 files changed, 17 insertions(+), 12 deletions(-) diff --git a/roles/authelia/tasks/main.yml b/roles/authelia/tasks/main.yml index d8e5b9e..cb9aa1d 100644 --- a/roles/authelia/tasks/main.yml +++ b/roles/authelia/tasks/main.yml @@ -17,8 +17,8 @@ ports: - "9091:9091" networks: - - name: bridge - - name: nginx-internal + - name: external + - name: openldap volumes: - "{{ data_folder }}/authelia:/config" - name: copy nginx endpoint conf diff --git a/roles/jellyfin/tasks/main.yml b/roles/jellyfin/tasks/main.yml index 1a09025..5236940 100644 --- a/roles/jellyfin/tasks/main.yml +++ b/roles/jellyfin/tasks/main.yml @@ -12,7 +12,7 @@ name: 'jellyfin' image: linuxserver/jellyfin networks: - - name: nginx-internal + - name: external volumes: - "{{ data_folder }}/jellyfin:/config" - "{{ media.tv }}:/data/tv" diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml index 066db09..2a5640b 100644 --- a/roles/keycloak/tasks/main.yml +++ b/roles/keycloak/tasks/main.yml @@ -5,8 +5,9 @@ ports: - "8080:8080" networks: + - name: external - name: postgres - - name: nginx-internal + - name: openldap env: "KEYCLOAK_USER": "{{ vault_keycloak_user }}" "KEYCLOAK_PASSWORD": "{{ vault_keycloak_password }}" diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 8f2b214..91480e5 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -14,11 +14,11 @@ - name: generate self-signed certs import_tasks: self-signed.yml when: self_signed -- name: create nginx bridge network +- name: create external bridge network docker_network: - name: nginx-internal + name: external attachable: true - internal: true + internal: false state: present - name: copy nginx.conf template: @@ -37,8 +37,7 @@ name: 'nginx' image: nginx networks: - - name: bridge - - name: nginx-internal + - name: external volumes: - "{{ data_folder }}/nginx/conf.d:/etc/nginx/conf.d" - "{{ data_folder }}/nginx/nginx.conf:/etc/nginx/nginx.conf" diff --git a/roles/openldap/tasks/main.yml b/roles/openldap/tasks/main.yml index 8b2dc3d..a1c0942 100644 --- a/roles/openldap/tasks/main.yml +++ b/roles/openldap/tasks/main.yml @@ -6,13 +6,19 @@ loop: - "{{ data_folder }}/openldap" - "{{ data_folder }}/openldap/data" +- name: create network + docker_network: + name: openldap + attachable: true + internal: true + state: present - name: run container docker_container: name: "openldap" image: osixia/openldap hostname: openldap networks: - - name: nginx-internal + - name: openldap ports: - "389:389" - "636:636" diff --git a/roles/portainer/tasks/main.yml b/roles/portainer/tasks/main.yml index 7879e89..2546423 100644 --- a/roles/portainer/tasks/main.yml +++ b/roles/portainer/tasks/main.yml @@ -3,8 +3,7 @@ name: 'portainer' image: portainer/portainer-ce networks: - - name: nginx-internal - - name: bridge + - name: external volumes: - "/var/run/docker.sock:/var/run/docker.sock" ports: