Improve networks

Create a single external network called "external". Create container-specific networks. Only a few containers need access to these. So far: openldap, postgres.
2021-06-21 10:38:18 +02:00 · 2021-06-21 10:38:18 +02:00 · c418b61ede
parent f5824a5ffe
commit c418b61ede
6 changed files with 17 additions and 12 deletions
--- a/roles/authelia/tasks/main.yml
+++ b/roles/authelia/tasks/main.yml
@ -17,8 +17,8 @@
    ports:
      - "9091:9091"
    networks:
-      - name: bridge
-      - name: nginx-internal
+      - name: external
+      - name: openldap
    volumes:
      - "{{ data_folder }}/authelia:/config"
 - name: copy nginx endpoint conf
--- a/roles/jellyfin/tasks/main.yml
+++ b/roles/jellyfin/tasks/main.yml
@ -12,7 +12,7 @@
    name: 'jellyfin'
    image: linuxserver/jellyfin
    networks:
-      - name: nginx-internal
+      - name: external
    volumes:
      - "{{ data_folder }}/jellyfin:/config"
      - "{{ media.tv }}:/data/tv"
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@ -5,8 +5,9 @@
    ports:
      - "8080:8080"
    networks:
+      - name: external
      - name: postgres
-      - name: nginx-internal
+      - name: openldap
    env:
      "KEYCLOAK_USER": "{{ vault_keycloak_user }}"
      "KEYCLOAK_PASSWORD": "{{ vault_keycloak_password }}"
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -14,11 +14,11 @@
 - name: generate self-signed certs
  import_tasks: self-signed.yml
  when: self_signed
- name: create nginx bridge network
+- name: create external bridge network
  docker_network:
-    name: nginx-internal
+    name: external
    attachable: true
-    internal: true
+    internal: false
    state: present
 - name: copy nginx.conf
  template:
@ -37,8 +37,7 @@
    name: 'nginx'
    image: nginx
    networks:
-      - name: bridge
-      - name: nginx-internal
+      - name: external
    volumes:
      - "{{ data_folder }}/nginx/conf.d:/etc/nginx/conf.d"
      - "{{ data_folder }}/nginx/nginx.conf:/etc/nginx/nginx.conf"
--- a/roles/openldap/tasks/main.yml
+++ b/roles/openldap/tasks/main.yml
@ -6,13 +6,19 @@
  loop:
    - "{{ data_folder }}/openldap"
    - "{{ data_folder }}/openldap/data"
+- name: create network
+  docker_network:
+    name: openldap
+    attachable: true
+    internal: true
+    state: present
 - name: run container
  docker_container:
    name: "openldap"
    image: osixia/openldap
    hostname: openldap
    networks:
-      - name: nginx-internal
+      - name: openldap
    ports:
      - "389:389"
      - "636:636"
--- a/roles/portainer/tasks/main.yml
+++ b/roles/portainer/tasks/main.yml
@ -3,8 +3,7 @@
    name: 'portainer'
    image: portainer/portainer-ce
    networks:
-      - name: nginx-internal
-      - name: bridge
+      - name: external
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    ports: