Compare commits
No commits in common. "f1b34172024d3af3c279cfcaa1bfc03377669ec0" and "d6a6e418b65475384d29ca32e418f143e041757c" have entirely different histories.
f1b3417202
...
d6a6e418b6
|
|
@ -17,8 +17,8 @@
|
|||
ports:
|
||||
- "9091:9091"
|
||||
networks:
|
||||
- name: external
|
||||
- name: openldap
|
||||
- name: bridge
|
||||
- name: nginx-internal
|
||||
volumes:
|
||||
- "{{ data_folder }}/authelia:/config"
|
||||
- name: copy nginx endpoint conf
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
server {
|
||||
server_name auth.{{ base_domain }};
|
||||
listen 80;
|
||||
return 301 https://$server_name$request_uri;
|
||||
server_name auth.{{ base_domain }};
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
|
|
|
|||
|
|
@ -26,19 +26,11 @@ authentication_backend:
|
|||
password: {{ vault_openldap_admin_password }}
|
||||
access_control:
|
||||
default_policy: deny
|
||||
networks:
|
||||
- name: local
|
||||
networks:
|
||||
- 192.168.0.0/24
|
||||
rules:
|
||||
- domain: "*.{{ base_domain }}"
|
||||
networks:
|
||||
- local
|
||||
policy: bypass
|
||||
- domain: portainer.{{ base_domain }}
|
||||
policy: one_factor
|
||||
- domain: keycloak.{{ base_domain }}
|
||||
policy: one_factor
|
||||
session:
|
||||
name: authelia_session
|
||||
secret: somerandomsecret
|
||||
|
|
|
|||
|
|
@ -3,9 +3,6 @@
|
|||
name:
|
||||
- docker
|
||||
- python-pip
|
||||
- neovim
|
||||
- fish
|
||||
- curlie
|
||||
state: present
|
||||
update_cache: true
|
||||
- name: start
|
||||
|
|
@ -15,9 +12,8 @@
|
|||
- name: add user to group
|
||||
user:
|
||||
name: lukas
|
||||
groups: docker,wheel
|
||||
groups: docker
|
||||
append: true
|
||||
shell: /usr/bin/fish
|
||||
- name: install python docker
|
||||
pip:
|
||||
name:
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@
|
|||
name: 'jellyfin'
|
||||
image: linuxserver/jellyfin
|
||||
networks:
|
||||
- name: external
|
||||
- name: nginx-internal
|
||||
volumes:
|
||||
- "{{ data_folder }}/jellyfin:/config"
|
||||
- "{{ media.tv }}:/data/tv"
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
server {
|
||||
server_name "jellyfin.{{ base_domain }}";
|
||||
listen 80;
|
||||
return 301 https://$server_name$request_uri;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
|
|
|
|||
|
|
@ -5,9 +5,8 @@
|
|||
ports:
|
||||
- "8080:8080"
|
||||
networks:
|
||||
- name: external
|
||||
- name: postgres
|
||||
- name: openldap
|
||||
- name: nginx-internal
|
||||
env:
|
||||
"KEYCLOAK_USER": "{{ vault_keycloak_user }}"
|
||||
"KEYCLOAK_PASSWORD": "{{ vault_keycloak_password }}"
|
||||
|
|
@ -21,6 +20,6 @@
|
|||
- name: copy nginx conf
|
||||
template:
|
||||
src: "keycloak.conf.j2"
|
||||
dest: "{{ data_folder }}/nginx/conf.d/{{ role_name }}.{{ base_domain }}.conf"
|
||||
dest: "{{ data_folder }}/nginx/conf.d/{{ role_name}}.{{ base_domain }}.conf"
|
||||
mode: "755"
|
||||
notify: reload nginx
|
||||
|
|
@ -1,7 +1,6 @@
|
|||
server {
|
||||
server_name "keycloak.{{ base_domain }}";
|
||||
listen 80;
|
||||
return 301 https://$server_name$request_uri;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
|
|
|
|||
|
|
@ -14,11 +14,11 @@
|
|||
- name: generate self-signed certs
|
||||
import_tasks: self-signed.yml
|
||||
when: self_signed
|
||||
- name: create external bridge network
|
||||
- name: create nginx bridge network
|
||||
docker_network:
|
||||
name: external
|
||||
name: nginx-internal
|
||||
attachable: true
|
||||
internal: false
|
||||
internal: true
|
||||
state: present
|
||||
- name: copy nginx.conf
|
||||
template:
|
||||
|
|
@ -37,7 +37,8 @@
|
|||
name: 'nginx'
|
||||
image: nginx
|
||||
networks:
|
||||
- name: external
|
||||
- name: bridge
|
||||
- name: nginx-internal
|
||||
volumes:
|
||||
- "{{ data_folder }}/nginx/conf.d:/etc/nginx/conf.d"
|
||||
- "{{ data_folder }}/nginx/nginx.conf:/etc/nginx/nginx.conf"
|
||||
|
|
|
|||
|
|
@ -6,19 +6,13 @@
|
|||
loop:
|
||||
- "{{ data_folder }}/openldap"
|
||||
- "{{ data_folder }}/openldap/data"
|
||||
- name: create network
|
||||
docker_network:
|
||||
name: openldap
|
||||
attachable: true
|
||||
internal: true
|
||||
state: present
|
||||
- name: run container
|
||||
docker_container:
|
||||
name: "openldap"
|
||||
image: osixia/openldap
|
||||
hostname: openldap
|
||||
networks:
|
||||
- name: openldap
|
||||
- name: nginx-internal
|
||||
ports:
|
||||
- "389:389"
|
||||
- "636:636"
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
name: 'portainer'
|
||||
image: portainer/portainer-ce
|
||||
networks:
|
||||
- name: external
|
||||
- name: openldap
|
||||
- name: nginx-internal
|
||||
- name: bridge
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
ports:
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
server {
|
||||
server_name portainer.{{ base_domain }};
|
||||
listen 80;
|
||||
return 301 https://$server_name$request_uri;
|
||||
server_name portainer.{{ base_domain }};
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
|
|
|
|||
Loading…
Reference in New Issue