Prepare services for lego certificate service

This commit is contained in:
Tobias Reisinger 2023-12-20 01:29:53 +01:00
parent 6c6ade1b9a
commit da5d6eef8c
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
8 changed files with 28 additions and 9 deletions

View file

@ -5,6 +5,16 @@ compose_file_main:
restart: always restart: always
labels: labels:
com.centurylinklabs.watchtower.enable: "{{ compose.watchtower | default(false) }}" com.centurylinklabs.watchtower.enable: "{{ compose.watchtower | default(false) }}"
compose_file_env:
services:
app:
env_file:
- service.env
compose_file_networks:
services:
app:
networks: networks:
default: default:
apps: apps:
@ -15,12 +25,6 @@ compose_file_main:
apps: apps:
external: true external: true
compose_file_env:
services:
app:
env_file:
- service.env
compose_file_volumes: compose_file_volumes:
services: services:
app: app:

View file

@ -14,6 +14,9 @@ acme_dns:
services_path: /opt/services/ services_path: /opt/services/
caddy_path: "{{ (services_path, 'caddy') | path_join }}" caddy_path: "{{ (services_path, 'caddy') | path_join }}"
caddy_config_path: "{{ (caddy_path, 'config', 'conf.d') | path_join }}" caddy_config_path: "{{ (caddy_path, 'config', 'conf.d') | path_join }}"
managed_sites: [] managed_sites: []
certificates_path: "{{ (services_path, '_certificates') | path_join }}"

View file

@ -26,6 +26,12 @@
src: config.cfg.j2 src: config.cfg.j2
dest: "{{ (config_path, 'config.cfg') | path_join }}" dest: "{{ (config_path, 'config.cfg') | path_join }}"
mode: "0600" mode: "0600"
register: cmd_result
- name: Set the docker force-recreate flag
ansible.builtin.set_fact:
docker_force_recreate: --force-recreate
when: cmd_result.changed # noqa: no-handler We need to handle the restart per service. Handlers don't support variables.
- name: Import start tasks for common service - name: Import start tasks for common service
ansible.builtin.import_tasks: tasks/start-common-service.yml ansible.builtin.import_tasks: tasks/start-common-service.yml

View file

@ -6,6 +6,7 @@ nsname = "{{ svc.domain }}"
nsadmin = "{{ svc.nsadmin }}" nsadmin = "{{ svc.nsadmin }}"
records = [ records = [
"{{ svc.domain }}. A {{ svc.records.a }}", "{{ svc.domain }}. A {{ svc.records.a }}",
"{{ svc.domain }}. AAAA {{ svc.records.aaaa }}",
"{{ svc.domain }}. NS {{ svc.domain }}.", "{{ svc.domain }}. NS {{ svc.domain }}.",
] ]
debug = false debug = false

View file

@ -6,6 +6,7 @@ acme_dns_svc:
nsadmin: "{{ admin_email | regex_replace('@', '.') }}" nsadmin: "{{ admin_email | regex_replace('@', '.') }}"
records: records:
a: "{{ ansible_facts.default_ipv4.address }}" a: "{{ ansible_facts.default_ipv4.address }}"
aaaa: "{{ ansible_facts.default_ipv6.address }}"
db: db:
host: "{{ postgres.host }}" host: "{{ postgres.host }}"
port: "{{ postgres.port }}" port: "{{ postgres.port }}"

View file

@ -36,8 +36,8 @@ harbor_yml:
port: "{{ harbor_port_http }}" port: "{{ harbor_port_http }}"
https: https:
port: "{{ harbor_port_https }}" port: "{{ harbor_port_https }}"
certificate: /opt/services/.lego/certificates/registry.serguzim.me.crt # TODO certificate: "{{ (service_path, 'server.crt') | path_join }}"
private_key: /opt/services/.lego/certificates/registry.serguzim.me.key # TODO private_key: "{{ (service_path, 'server.key') | path_join }}"
external_url: https://registry.serguzim.me external_url: https://registry.serguzim.me
harbor_admin_password: "{{ vault_harbor.admin_password }}" harbor_admin_password: "{{ vault_harbor.admin_password }}"
data_volume: "{{ (service_path, 'data') | path_join }}" data_volume: "{{ (service_path, 'data') | path_join }}"

View file

@ -28,7 +28,7 @@ check_url ()
fi fi
} }
check_url "acme.serguzim.me" "/health" #check_url "acme.serguzim.me" "/health"
check_url "analytics.serguzim.me" check_url "analytics.serguzim.me"
check_url "auth.serguzim.me" check_url "auth.serguzim.me"
check_url "ci.serguzim.me" check_url "ci.serguzim.me"

View file

@ -5,6 +5,10 @@
{%- set compose_file = compose_file | combine(compose_file_env, recursive=True) -%} {%- set compose_file = compose_file | combine(compose_file_env, recursive=True) -%}
{%- endif -%} {%- endif -%}
{%- if compose.network | default(True) -%}
{%- set compose_file = compose_file | combine(compose_file_networks, recursive=True) -%}
{%- endif -%}
{%- if compose.volumes | default(False) -%} {%- if compose.volumes | default(False) -%}
{%- set compose_file = compose_file | combine(compose_file_volumes, recursive=True) -%} {%- set compose_file = compose_file | combine(compose_file_volumes, recursive=True) -%}
{%- endif -%} {%- endif -%}