Compare commits

..

17 Commits

Author SHA1 Message Date
08572f6ef8 jellyfin, nginx, openldap: do not restart 2021-06-21 11:54:24 +02:00
c542668491 openldap: remove cruft 2021-06-21 11:54:03 +02:00
79170487c7 openldap: move above portainer 2021-06-21 11:53:49 +02:00
f1b3417202 docker: add convenience packages 2021-06-21 11:32:43 +02:00
57c7b06f03 authelia: secure portainer, keycloak, allow local 2021-06-21 11:32:24 +02:00
11c96fe48d portainer: allow access to ldap 2021-06-21 11:28:52 +02:00
8175a62c0b nginx: make sure https redirect works 2021-06-21 11:28:36 +02:00
53570a1f08 minor: fix space 2021-06-21 11:11:27 +02:00
a0b1b75a73 Improve networks
Create a single external network called "external".
Create container-specific networks.
Only a few containers need access to these.
So far: openldap, postgres.
2021-06-21 10:38:18 +02:00
d6a6e418b6 nginx: log subrequests 2021-06-21 09:53:47 +02:00
f07c3128e1 portainer: copy nginx conf 2021-06-20 23:26:54 +02:00
a2651e5f79 portainer: add nginx-internal network 2021-06-20 23:09:33 +02:00
7e2c66c907 Set portainer to one_factor 2021-06-20 23:09:22 +02:00
e28b445cd8 portainer: add nginx conf 2021-06-20 23:07:20 +02:00
f2d80dbe15 portainer: add main task 2021-06-20 23:07:19 +02:00
7e7c28d68c portainer: add role to playbook 2021-06-20 23:07:18 +02:00
8ab660cebb Fix error introduced in 9cf68c4fda 2021-06-20 23:06:48 +02:00
6 changed files with 4 additions and 68 deletions

View File

@ -12,14 +12,12 @@ homelab.
=== Containers
* Authelia
* Jellyfin
* Keycloak
* NGINX
* Jellyfin
* OpenLDAP
* Portainer
* PostgreSQL
* Radarr
* Keycloak
* Authelia
=== Testing
To run locally, specify the inventory file with `-i hosts`.

View File

@ -13,9 +13,4 @@ pgid: "1000"
tz: "Europe/Prague"
media:
tv: "{{ data_folder }}/media/tv"
movies: "{{ data_folder }}/media/movies"
downloads:
nzb: "{{ data_folder }}/downloads/nzb"
torrent: "{{ data_folder }}/downloads/torrent"
torrent_blackhole: "{{ data_folder }}/downloads/blackhole"
music: "{{ data_folder }}/downloads/music"
movies: "{{ data_folder }}/media/movies"

View File

@ -9,7 +9,6 @@
- postgres
- authelia
- keycloak
- radarr
vars_files:
- vault/certs/{{ base_domain }}.yml
- vault/passwords.yml

View File

@ -39,8 +39,6 @@ access_control:
policy: one_factor
- domain: keycloak.{{ base_domain }}
policy: one_factor
- domain: radarr.{{ base_domain }}
policy: two_factor
session:
name: authelia_session
secret: somerandomsecret

View File

@ -1,34 +0,0 @@
- name: ensure directories exist
file:
path: "{{ item }}"
state: directory
mode: '0755'
loop:
- "{{ data_folder }}/radarr"
- "{{ media.tv }}"
- "{{ media.movies }}"
- "{{ downloads.nzb }}"
- name: run container
docker_container:
name: "{{ role_name }}"
image: "linuxserver/radarr"
networks:
- name: external
env:
"TZ": "{{ tz }}"
"PUID": "{{ puid }}"
"PGID": "{{ pgid }}"
"UMASK": "022"
volumes:
- "{{ data_folder }}/radarr:/config"
- "{{ downloads.nzb }}:/downloads"
- "{{ media.movies }}:/movies"
ports:
- "7878:7878"
state: started
- name: copy nginx conf
template:
src: "{{ role_name }}.conf.j2"
dest: "{{ data_folder }}/nginx/conf.d/{{ role_name }}.{{ base_domain }}.conf"
mode: "755"
notify: reload nginx

View File

@ -1,20 +0,0 @@
server {
server_name {{ role_name }}.{{ base_domain }};
listen 80;
return 301 https://$server_name$request_uri;
}
server {
server_name {{ role_name }}.{{ base_domain }};
listen 443 ssl http2;
include /etc/nginx/snippets/authelia-endpoint.conf;
location / {
include /etc/nginx/snippets/proxy.conf;
include /etc/nginx/snippets/authelia-auth.conf;
set $upstream http://{{ role_name }}:7878;
proxy_pass $upstream;
}
}