ansible
/
homelab
1
0
Fork 0
Code Issues 33 Pull Requests Projects 1 Releases Wiki Activity

Compare commits

base: ansible:f1b34172024d3af3c279cfcaa1bfc03377669ec0
Branches Tags
ansible:main
..
compare: ansible:d6a6e418b65475384d29ca32e418f143e041757c
Branches Tags
ansible:main

No commits in common. "f1b34172024d3af3c279cfcaa1bfc03377669ec0" and "d6a6e418b65475384d29ca32e418f143e041757c" have entirely different histories.
f1b3417202 ... d6a6e418b6

12 changed files with 21 additions and 41 deletions
Show Stats Expand all files Collapse all files

4
roles/authelia/tasks/main.yml
View File

@ -17,8 +17,8 @@
ports: ports:
- "9091:9091" - "9091:9091"
networks: networks:
- name: external - name: bridge
- name: openldap - name: nginx-internal
volumes: volumes:
- "{{ data_folder }}/authelia:/config" - "{{ data_folder }}/authelia:/config"
- name: copy nginx endpoint conf - name: copy nginx endpoint conf

4
roles/authelia/templates/authelia.conf.j2
View File

@ -1,7 +1,7 @@
server { server {
server_name auth.{{ base_domain }};
listen 80; listen 80;
return 301 https://$server_name$request_uri; server_name auth.{{ base_domain }};
return 301 https://$host$request_uri;
} }
server { server {

8
roles/authelia/templates/configuration.yml.j2
View File

@ -26,19 +26,11 @@ authentication_backend:
password: {{ vault_openldap_admin_password }} password: {{ vault_openldap_admin_password }}
access_control: access_control:
default_policy: deny default_policy: deny
networks:
- name: local
networks:
- 192.168.0.0/24
rules: rules:
- domain: "*.{{ base_domain }}" - domain: "*.{{ base_domain }}"
networks:
- local
policy: bypass policy: bypass
- domain: portainer.{{ base_domain }} - domain: portainer.{{ base_domain }}
policy: one_factor policy: one_factor
- domain: keycloak.{{ base_domain }}
policy: one_factor
session: session:
name: authelia_session name: authelia_session
secret: somerandomsecret secret: somerandomsecret

6
roles/docker/tasks/main.yml
View File

@ -3,9 +3,6 @@
name: name:
- docker - docker
- python-pip - python-pip
- neovim
- fish
- curlie
state: present state: present
update_cache: true update_cache: true
- name: start - name: start
@ -15,9 +12,8 @@
- name: add user to group - name: add user to group
user: user:
name: lukas name: lukas
groups: docker,wheel groups: docker
append: true append: true
shell: /usr/bin/fish
- name: install python docker - name: install python docker
pip: pip:
name: name:

2
roles/jellyfin/tasks/main.yml
View File

@ -12,7 +12,7 @@
name: 'jellyfin' name: 'jellyfin'
image: linuxserver/jellyfin image: linuxserver/jellyfin
networks: networks:
- name: external - name: nginx-internal
volumes: volumes:
- "{{ data_folder }}/jellyfin:/config" - "{{ data_folder }}/jellyfin:/config"
- "{{ media.tv }}:/data/tv" - "{{ media.tv }}:/data/tv"

3
roles/jellyfin/templates/jellyfin.conf.j2
View File

@ -1,7 +1,6 @@
server { server {
server_name "jellyfin.{{ base_domain }}";
listen 80; listen 80;
return 301 https://$server_name$request_uri; return 301 https://$host$request_uri;
} }
server { server {

5
roles/keycloak/tasks/main.yml
View File

@ -5,9 +5,8 @@
ports: ports:
- "8080:8080" - "8080:8080"
networks: networks:
- name: external
- name: postgres - name: postgres
- name: openldap - name: nginx-internal
env: env:
"KEYCLOAK_USER": "{{ vault_keycloak_user }}" "KEYCLOAK_USER": "{{ vault_keycloak_user }}"
"KEYCLOAK_PASSWORD": "{{ vault_keycloak_password }}" "KEYCLOAK_PASSWORD": "{{ vault_keycloak_password }}"
@ -21,6 +20,6 @@
- name: copy nginx conf - name: copy nginx conf
template: template:
src: "keycloak.conf.j2" src: "keycloak.conf.j2"
dest: "{{ data_folder }}/nginx/conf.d/{{ role_name }}.{{ base_domain }}.conf" dest: "{{ data_folder }}/nginx/conf.d/{{ role_name}}.{{ base_domain }}.conf"
mode: "755" mode: "755"
notify: reload nginx notify: reload nginx

3
roles/keycloak/templates/keycloak.conf.j2
View File

@ -1,7 +1,6 @@
server { server {
server_name "keycloak.{{ base_domain }}";
listen 80; listen 80;
return 301 https://$server_name$request_uri; return 301 https://$host$request_uri;
} }
server { server {

9
roles/nginx/tasks/main.yml
View File

@ -14,11 +14,11 @@
- name: generate self-signed certs - name: generate self-signed certs
import_tasks: self-signed.yml import_tasks: self-signed.yml
when: self_signed when: self_signed
- name: create external bridge network - name: create nginx bridge network
docker_network: docker_network:
name: external name: nginx-internal
attachable: true attachable: true
internal: false internal: true
state: present state: present
- name: copy nginx.conf - name: copy nginx.conf
template: template:
@ -37,7 +37,8 @@
name: 'nginx' name: 'nginx'
image: nginx image: nginx
networks: networks:
- name: external - name: bridge
- name: nginx-internal
volumes: volumes:
- "{{ data_folder }}/nginx/conf.d:/etc/nginx/conf.d" - "{{ data_folder }}/nginx/conf.d:/etc/nginx/conf.d"
- "{{ data_folder }}/nginx/nginx.conf:/etc/nginx/nginx.conf" - "{{ data_folder }}/nginx/nginx.conf:/etc/nginx/nginx.conf"

8
roles/openldap/tasks/main.yml
View File

@ -6,19 +6,13 @@
loop: loop:
- "{{ data_folder }}/openldap" - "{{ data_folder }}/openldap"
- "{{ data_folder }}/openldap/data" - "{{ data_folder }}/openldap/data"
- name: create network
docker_network:
name: openldap
attachable: true
internal: true
state: present
- name: run container - name: run container
docker_container: docker_container:
name: "openldap" name: "openldap"
image: osixia/openldap image: osixia/openldap
hostname: openldap hostname: openldap
networks: networks:
- name: openldap - name: nginx-internal
ports: ports:
- "389:389" - "389:389"
- "636:636" - "636:636"

4
roles/portainer/tasks/main.yml
View File

@ -3,8 +3,8 @@
name: 'portainer' name: 'portainer'
image: portainer/portainer-ce image: portainer/portainer-ce
networks: networks:
- name: external - name: nginx-internal
- name: openldap - name: bridge
volumes: volumes:
- "/var/run/docker.sock:/var/run/docker.sock" - "/var/run/docker.sock:/var/run/docker.sock"
ports: ports:

4
roles/portainer/templates/portainer.conf.j2
View File

@ -1,7 +1,7 @@
server { server {
server_name portainer.{{ base_domain }};
listen 80; listen 80;
return 301 https://$server_name$request_uri; server_name portainer.{{ base_domain }};
return 301 https://$host$request_uri;
} }
server { server {