Move web1 over to a containerized setup, containerize Nextcloud
This commit is contained in:
parent
a6cc1ecece
commit
1fb222fb15
@ -15,6 +15,80 @@
|
||||
restart_policy: unless-stopped
|
||||
pull: yes
|
||||
tasks:
|
||||
- name: ensure docker network
|
||||
docker_network: name=web
|
||||
tags: [ docker ]
|
||||
- name: ensure docker nginx config
|
||||
copy:
|
||||
dest: /data/nginx-certbot/user_conf.d/vhosts.conf
|
||||
mode: "0750"
|
||||
content: |
|
||||
server {
|
||||
listen 443 ssl default_server;
|
||||
server_name desu.ltd;
|
||||
ssl_certificate /etc/letsencrypt/live/desu.ltd/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/desu.ltd/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/desu.ltd/chain.pem;
|
||||
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://desultd:80;
|
||||
}
|
||||
}
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name 9iron.club;
|
||||
ssl_certificate /etc/letsencrypt/live/desu.ltd/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/desu.ltd/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/desu.ltd/chain.pem;
|
||||
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://9iron:80;
|
||||
}
|
||||
}
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name git.desu.ltd;
|
||||
ssl_certificate /etc/letsencrypt/live/desu.ltd/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/desu.ltd/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/desu.ltd/chain.pem;
|
||||
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://gitea:3000;
|
||||
}
|
||||
}
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name nc.desu.ltd;
|
||||
ssl_certificate /etc/letsencrypt/live/desu.ltd/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/desu.ltd/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/desu.ltd/chain.pem;
|
||||
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://nextcloud:80;
|
||||
}
|
||||
}
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name srv.9iron.club;
|
||||
ssl_certificate /etc/letsencrypt/live/desu.ltd/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/desu.ltd/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/desu.ltd/chain.pem;
|
||||
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://srv:80;
|
||||
}
|
||||
}
|
||||
tags: [ docker, ingress ]
|
||||
- name: include tasks for apps
|
||||
include_tasks: tasks/app/{{ task }}
|
||||
with_items:
|
||||
@ -28,6 +102,9 @@
|
||||
- 9iron.yml
|
||||
- desultd.yml
|
||||
- gitea.yml
|
||||
- nextcloud.yml
|
||||
- srv.yml
|
||||
- ingress-generic.yml
|
||||
loop_control:
|
||||
loop_var: task
|
||||
tags: [ always ]
|
||||
@ -47,20 +124,12 @@
|
||||
- /var/lib/gitea/log
|
||||
- /data/gitea/data/gitea/log
|
||||
tags: [ backup ]
|
||||
- role: certbot
|
||||
tags: [ web, certbot ]
|
||||
- role: php
|
||||
tags: [ web, php ]
|
||||
- role: apache
|
||||
tags: [ web, apache ]
|
||||
- role: git
|
||||
vars:
|
||||
git_repos:
|
||||
- repo: https://git.desu.ltd/salt/gitea-custom
|
||||
dest: /data/gitea/data/gitea/custom
|
||||
tags: [ web, git ]
|
||||
- role: nextcloud
|
||||
tags: [ web, nextcloud ]
|
||||
- hosts: web2.desu.ltd
|
||||
module_defaults:
|
||||
docker_container:
|
||||
|
@ -3,8 +3,9 @@
|
||||
docker_container:
|
||||
name: 9iron
|
||||
image: rehashedsalt/9iron:latest
|
||||
ports:
|
||||
- 8001:80
|
||||
networks:
|
||||
- name: web
|
||||
aliases: [ "9iron" ]
|
||||
volumes:
|
||||
- /data/9iron/files:/var/www/html/files
|
||||
- /data/9iron/packs:/var/www/html/minecraft/packs
|
||||
|
@ -3,8 +3,9 @@
|
||||
docker_container:
|
||||
name: desultd
|
||||
image: rehashedsalt/desultd:latest
|
||||
ports:
|
||||
- 8002:80
|
||||
networks:
|
||||
- name: web
|
||||
aliases: [ "desultd" ]
|
||||
volumes:
|
||||
- /data/9iron/files:/var/www/html/files
|
||||
tags: [ docker, 9iron ]
|
||||
|
@ -12,8 +12,10 @@
|
||||
GITEA__database_USER: gitea-desultd
|
||||
GITEA__database_PASSWD: "{{ secret_gitea_db_pass }}"
|
||||
ports:
|
||||
- 3000:3000
|
||||
- 127.0.0.1:2222:22
|
||||
networks:
|
||||
- name: web
|
||||
aliases: [ "gitea" ]
|
||||
volumes:
|
||||
- /data/gitea/data:/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
|
14
playbooks/tasks/web/nextcloud.yml
Normal file
14
playbooks/tasks/web/nextcloud.yml
Normal file
@ -0,0 +1,14 @@
|
||||
# vim:ft=ansible:
|
||||
- name: docker deploy nextcloud
|
||||
docker_container:
|
||||
name: nextcloud
|
||||
image: nextcloud:21
|
||||
networks:
|
||||
- name: web
|
||||
aliases: [ "nextcloud" ]
|
||||
volumes:
|
||||
- /data/nextcloud/apps:/var/www/html/apps
|
||||
- /data/nextcloud/config:/var/www/html/config
|
||||
- /data/nextcloud/themes:/var/www/html/themes
|
||||
- /srv/desu.ltd/nc:/var/www/html/data
|
||||
tags: [ docker, nextcloud ]
|
13
playbooks/tasks/web/srv.yml
Normal file
13
playbooks/tasks/web/srv.yml
Normal file
@ -0,0 +1,13 @@
|
||||
# vim:ft=ansible:
|
||||
- name: docker deploy nextcloud shim
|
||||
docker_container:
|
||||
# NOTE: We depend on the default configuration of Apache here, specifically
|
||||
# the default to have server-generated indexes. Makes srv easier to navigate
|
||||
name: srv
|
||||
image: httpd:latest
|
||||
networks:
|
||||
- name: web
|
||||
aliases: [ "srv" ]
|
||||
volumes:
|
||||
- /var/www/srv.9iron.club:/usr/local/apache2/htdocs
|
||||
tags: [ docker, 9iron ]
|
Loading…
Reference in New Issue
Block a user