Skip to content
Snippets Groups Projects
Commit a15c67f9 authored by void's avatar void
Browse files

interne Services auf https umgestellt

parent 86cffa46
No related branches found
No related tags found
No related merge requests found
Showing
with 168 additions and 78 deletions
- include: ../functions/get_secret.yml - include: ../functions/get_secret.yml
with_items: with_items:
- { path: "/srv/traefik/letsencrypt_notification_email", length: -1 } - { path: "{{ basedir }}/letsencrypt_notification_email", length: -1 }
- name: "create folder struct for {{ servicename }}" - name: "create folder struct for {{ servicename }}"
file: file:
path: "{{ item }}" path: "{{ item }}"
state: "directory" state: "directory"
with_items: with_items:
- "/srv/traefik" - "{{ basedir }}"
- "/srv/traefik/dynamic" - "{{ basedir }}/dynamic"
- name: "Create CertStore if needed and set permissions /srv/traefik/acme.json" - name: "Create CertStore if needed and set permissions"
file: file:
path: "/srv/traefik/acme.json" path: "{{ basedir }}/acme.json"
owner: root owner: root
group: root group: root
mode: '600' mode: '600'
...@@ -22,7 +22,7 @@ ...@@ -22,7 +22,7 @@
- name: Docker Compose Konfig-Datei erstellen - name: Docker Compose Konfig-Datei erstellen
template: template:
src: "{{ item }}" src: "{{ item }}"
dest: "/srv/traefik/{{ item }}" dest: "{{ basedir }}/{{ item }}"
with_items: with_items:
- docker-compose.yml - docker-compose.yml
- traefik.yml - traefik.yml
...@@ -32,12 +32,12 @@ ...@@ -32,12 +32,12 @@
- name: "stop {{ servicename}} docker" - name: "stop {{ servicename}} docker"
docker_compose: docker_compose:
project_src: "/srv/traefik" project_src: "{{ basedir }}"
state: absent state: absent
when: config.changed when: config.changed
- name: "start {{ servicename}} docker" - name: "start {{ servicename}} docker"
docker_compose: docker_compose:
project_src: "/srv/traefik" project_src: "{{ basedir }}"
state: present state: present
\ No newline at end of file
...@@ -8,14 +8,18 @@ services: ...@@ -8,14 +8,18 @@ services:
ports: ports:
- "80:80" - "80:80"
- "443:443" - "443:443"
{% if inventory_hostname == 'webserver' %} - "8448:8448" {% if matrix_federation is defined and matrix_federation == true %} - "8448:8448"
{% endif %} {% endif %}
- "{{ int_ip4 }}:8080:8080" - "{{ int_ip4 }}:8081:8080"
volumes: volumes:
- "/srv/traefik/traefik.yml:/etc/traefik/traefik.yml:ro" - "/srv/traefik/traefik.yml:/etc/traefik/traefik.yml:ro"
- "/srv/traefik/dynamic:/etc/traefik/dynamic:ro" - "/srv/traefik/dynamic:/etc/traefik/dynamic:ro"
- "/srv/traefik/acme.json:/acme.json" - "/srv/traefik/acme.json:/acme.json"
- /var/run/docker.sock:/var/run/docker.sock - "/var/run/docker.sock:/var/run/docker.sock"
{% if certFile is defined %}
- "{{ basedir }}/{{ certFile }}:/{{ certFile }}:ro"
- "{{ basedir }}/{{ keyFile }}:/{{ keyFile }}:ro"
{% endif %}
networks: networks:
- default - default
- web - web
......
...@@ -19,3 +19,4 @@ http: ...@@ -19,3 +19,4 @@ http:
redirectRegex: redirectRegex:
regex: "^https://{{ domain }}/(.*)" regex: "^https://{{ domain }}/(.*)"
replacement: "https://{{ domain_default }}/$1" replacement: "https://{{ domain_default }}/$1"
# TLS Options # TLS Options
tls: tls:
{% if certFile is defined %}
# use local certificate
certificates:
- certFile: "/{{ certFile }}"
keyFile: "/{{ keyFile }}"
{% endif %}
options: options:
default: default:
sniStrict: true sniStrict: true
...@@ -17,4 +27,3 @@ tls: ...@@ -17,4 +27,3 @@ tls:
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" - "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
\ No newline at end of file
...@@ -24,7 +24,8 @@ entryPoints: ...@@ -24,7 +24,8 @@ entryPoints:
tls: tls:
certResolver: "letsencrypt" certResolver: "letsencrypt"
{% if inventory_hostname == 'webserver' %}
{% if matrix_federation is defined and matrix_federation == true %}
# additional entrypoint for matrix-federation # additional entrypoint for matrix-federation
matrix_federation: matrix_federation:
......
...@@ -38,10 +38,11 @@ administratorenteam: ...@@ -38,10 +38,11 @@ administratorenteam:
- "void" - "void"
- "sandhome" - "sandhome"
# Docker konfigurationen # Docker konfigurationen
docker: docker:
# Interne Docker-Netzwerke # Interne Docker-Netzwerke
internal_networks:
- web
# Monitoring aktivieren # Monitoring aktivieren
alert: alert:
......
...@@ -6,9 +6,19 @@ services: ...@@ -6,9 +6,19 @@ services:
image: esphome/esphome:2022.10 image: esphome/esphome:2022.10
restart: always restart: always
# listen on Port 6052
network_mode: host
volumes: volumes:
- "{{ basedir }}/config/:/config" - "{{ basedir }}/config/:/config"
environment: environment:
ESPHOME_DASHBOARD_USE_PING: "true" ESPHOME_DASHBOARD_USE_PING: "true"
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=6052
networks:
- default
- web
networks:
web:
external: true
...@@ -12,5 +12,15 @@ services: ...@@ -12,5 +12,15 @@ services:
- TZ=Europe/Berlin - TZ=Europe/Berlin
volumes: volumes:
- "{{ basedir }}/config:/config" - "{{ basedir }}/config:/config"
ports: labels:
- "{{ heimdall_port }}:80" - traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=80
networks:
- default
- web
networks:
web:
external: true
...@@ -11,10 +11,19 @@ services: ...@@ -11,10 +11,19 @@ services:
app: app:
image: nodered/node-red:2.2.3 image: nodered/node-red:2.2.3
restart: always restart: always
ports:
- "{{ nodered_port }}:1880"
volumes: volumes:
- "{{ basedir }}/data:/data" - "{{ basedir }}/data:/data"
environment: environment:
- TZ=Europe/Berlin - TZ=Europe/Berlin
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=1880
networks:
- default
- web
networks:
web:
external: true
...@@ -2,9 +2,9 @@ ...@@ -2,9 +2,9 @@
- include: ../functions/get_secret.yml - include: ../functions/get_secret.yml
with_items: with_items:
- { path: /srv/openhab/openweathermap_apikey, length: -1 } - { path: "{{ basedir }}/openweathermap_apikey", length: -1 }
- { path: /srv/openhab/influxdb_password, length: 12 } - { path: "{{ basedir }}/influxdb_password", length: 12 }
- { path: /srv/openhab/influxdb_token, length: 32 } - { path: "{{ basedir }}/influxdb_token", length: 32 }
- name: pakete installieren - name: pakete installieren
...@@ -13,43 +13,43 @@ ...@@ -13,43 +13,43 @@
name: name:
- logrotate - logrotate
- name: openhab LogRotate config erstellen - name: openhab LogRotate config erstellen
template: template:
src: logrotate src: logrotate
dest: /etc/logrotate.d/openhab dest: /etc/logrotate.d/openhab
- name: Get a timestamp
command: "date +%Y%m%d%H%M%S"
register: timestamp
- name: create folder struct for openhab - name: "create folder struct for {{ basedir }}"
file: file:
path: "{{ item }}" path: "{{ item }}"
state: "directory" state: "directory"
with_items: with_items:
- /srv/openhab/ - "{{ basedir }}"
- /srv/openhab/addons/ - "{{ basedir }}/addons/"
- /srv/openhab/conf/ - "{{ basedir }}/conf/"
- /srv/openhab/conf/items/ - "{{ basedir }}/conf/items/"
- /srv/openhab/conf/services/ - "{{ basedir }}/conf/services/"
- /srv/openhab/conf/persistence/ - "{{ basedir }}/conf/persistence/"
- /srv/openhab/conf/rules/ - "{{ basedir }}/conf/rules/"
- /srv/openhab/conf/things/ - "{{ basedir }}/conf/things/"
- /srv/openhab/userdata/ - "{{ basedir }}/userdata/"
- /srv/openhab/influxdb/ - "{{ basedir }}/influxdb/"
- name: Docker-Konfig-Dateien erstellen - name: "copy config files for {{ basedir }}"
template: template:
src: "{{ item }}" src: "{{ item }}"
dest: "/srv/openhab/{{ item }}" dest: "{{ basedir }}/{{ item }}"
with_items: with_items:
- docker-compose.yml - docker-compose.yml
register: docker_config_files register: docker_config_files
- name: Openhab-Konfig-Dateien erstellen
- name: "copy config files for {{ basedir }} 2"
template: template:
src: "{{ item }}" src: "{{ item }}"
dest: "/srv/openhab/{{ item }}" dest: "{{ basedir }}/{{ item }}"
with_items: with_items:
- conf/items/groups.items - conf/items/groups.items
- conf/items/mqtt.items - conf/items/mqtt.items
...@@ -71,15 +71,15 @@ ...@@ -71,15 +71,15 @@
- conf/things/weather.things - conf/things/weather.things
- conf/things/wled.things - conf/things/wled.things
- name: stop openhab docker - name: stop openhab docker
docker_compose: docker_compose:
project_src: /srv/openhab/ project_src: "{{ basedir }}"
state: absent state: absent
when: docker_config_files.changed when: docker_config_files.changed
- name: start openhab docker - name: start openhab docker
docker_compose: docker_compose:
project_src: /srv/openhab/ project_src: "{{ basedir }}"
state: present state: present
version: "3" version: "3"
services: services:
...@@ -8,25 +7,28 @@ services: ...@@ -8,25 +7,28 @@ services:
image: openhab/openhab:3.3.0-debian image: openhab/openhab:3.3.0-debian
restart: always restart: always
privileged: true
network_mode: host
cap_add:
- NET_ADMIN
- NET_RAW
# The command node is very important. It overrides # The command node is very important. It overrides
# the "gosu openhab tini -s ./start.sh" command from Dockerfile and runs as root! # the "gosu openhab tini -s ./start.sh" command from Dockerfile and runs as root!
command: "tini -s ./start.sh server" command: "tini -s ./start.sh server"
volumes: volumes:
- /boot/cmdline.txt:/boot/cmdline.txt:ro - "/boot/cmdline.txt:/boot/cmdline.txt:ro"
- /etc/localtime:/etc/localtime:ro - "/etc/localtime:/etc/localtime:ro"
- /etc/timezone:/etc/timezone:ro - "/etc/timezone:/etc/timezone:ro"
- /srv/openhab/addons:/openhab/addons - "{{ basedir }}/addons:/openhab/addons"
- /srv/openhab/conf:/openhab/conf - "{{ basedir }}/conf:/openhab/conf"
- /srv/openhab/userdata:/openhab/userdata - "{{ basedir }}/userdata:/openhab/userdata"
environment: environment:
OPENHAB_HTTP_PORT: 8081 OPENHAB_HTTP_PORT: 8080
OPENHAB_HTTPS_PORT: 8444 OPENHAB_HTTPS_PORT: 8443
EXTRA_JAVA_OPTS: "-Duser.timezone=Europe/Berlin" EXTRA_JAVA_OPTS: "-Duser.timezone=Europe/Berlin"
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=8080
networks:
- default
- web
influxdb: influxdb:
...@@ -36,7 +38,7 @@ services: ...@@ -36,7 +38,7 @@ services:
ports: ports:
- {{ int_ip4 }}:{{ influxdb_port }}:8086 - {{ int_ip4 }}:{{ influxdb_port }}:8086
volumes: volumes:
- /srv/openhab/influxdb:/var/lib/influxdb2 - "{{ basedir }}/influxdb:/var/lib/influxdb2"
environment: environment:
DOCKER_INFLUXDB_INIT_MODE: setup DOCKER_INFLUXDB_INIT_MODE: setup
DOCKER_INFLUXDB_INIT_USERNAME: openhab DOCKER_INFLUXDB_INIT_USERNAME: openhab
...@@ -44,5 +46,10 @@ services: ...@@ -44,5 +46,10 @@ services:
DOCKER_INFLUXDB_INIT_ORG: openhab DOCKER_INFLUXDB_INIT_ORG: openhab
DOCKER_INFLUXDB_INIT_BUCKET: openhab DOCKER_INFLUXDB_INIT_BUCKET: openhab
DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: {{ influxdb_token }} DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: {{ influxdb_token }}
networks:
- default
networks:
web:
external: true
--- ---
- name: create folder struct for unifi - name: "create folder struct for {{ basedir }}"
file: file:
path: "/srv/unifi" path: "{{ basedir }}"
state: "directory" state: "directory"
- name: create folder struct for unifi - name: "create folder struct for {{ basedir }}"
file: file:
path: "/srv/unifi/data" path: "{{ basedir }}/data"
state: "directory" state: "directory"
- name: create docker-compose file - name: "create config files for {{ basedir }}"
template: src=docker-compose.yml dest=/srv/unifi/docker-compose.yml template:
src: "{{ item }}"
dest: "{{ basedir }}/{{ item }}"
with_items:
- docker-compose.yml
- name: start unifi docker - name: "start {{ basedir }} docker"
docker_compose: docker_compose:
project_src: /srv/unifi/ project_src: "{{ basedir }}"
state: present state: present
...@@ -7,10 +7,31 @@ services: ...@@ -7,10 +7,31 @@ services:
image: linuxserver/unifi-controller:7.2.95 image: linuxserver/unifi-controller:7.2.95
restart: always restart: always
network_mode: host ports:
- 8443:8443
- 3478:3478/udp
- 10001:10001/udp
- 8080:8080
- 1900:1900/udp
- 6789:6789
volumes: volumes:
- /srv/unifi/data:/config - "{{ basedir }}/data:/config"
environment: environment:
PGID: 1001 PGID: 1001
PUID: 1001 PUID: 1001
MEM_LIMIT: 256M MEM_LIMIT: 256M
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.serversTransport={{ servicename }}
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=8443
- traefik.http.services.{{ servicename }}.loadbalancer.server.scheme=https
- traefik.http.serversTransports.{{ servicename }}.insecureSkipVerify=true
networks:
- default
- web
networks:
web:
external: true
...@@ -41,17 +41,26 @@ ...@@ -41,17 +41,26 @@
servicename: dockerstats, servicename: dockerstats,
basedir: /srv/dockerstats basedir: /srv/dockerstats
} }
- {
role: common/docker_traefik, tags: traefik,
servicename: traefik,
basedir: /srv/traefik,
domain: "warpzone.lan",
domain_default: "services.warpzone.lan",
certFile: "warpzone+internal+services.pem",
keyFile: "warpzone+internal+services.key"
}
- { - {
role: intern/docker_esphome, tags: esphome, role: intern/docker_esphome, tags: esphome,
servicename: esphome, servicename: esphome,
basedir: /srv/esphome, basedir: /srv/esphome,
esphome_port: 6052 domain: "esphome.warpzone.lan"
} }
- { - {
role: intern/docker_heimdall, tags: heimdall, role: intern/docker_heimdall, tags: heimdall,
servicename: heimdall, servicename: heimdall,
basedir: /srv/heimdall, basedir: /srv/heimdall,
heimdall_port: 80 domain: "services.warpzone.lan"
} }
- { - {
role: intern/docker_mqtt, tags: mqtt, role: intern/docker_mqtt, tags: mqtt,
...@@ -64,18 +73,20 @@ ...@@ -64,18 +73,20 @@
role: intern/docker_nodered, tags: nodered, role: intern/docker_nodered, tags: nodered,
servicename: nodered, servicename: nodered,
basedir: /srv/nodered, basedir: /srv/nodered,
nodered_port: 1880 domain: "nodered.warpzone.lan"
} }
- { - {
role: intern/docker_openhab, tags: openhab, role: intern/docker_openhab, tags: openhab,
servicename: openhab, servicename: openhab,
basedir: /srv/openhab,
domain: "openhab.warpzone.lan",
influxdb_port: 28086 influxdb_port: 28086
} }
- { - {
role: intern/docker_unifi, tags: unifi, role: intern/docker_unifi, tags: unifi,
servicename: unifi, servicename: unifi,
unifi_port1: 8080, basedir: /srv/unifi,
unifi_port2: 8443 domain: "unifi.warpzone.lan"
} }
...@@ -101,8 +112,10 @@ ...@@ -101,8 +112,10 @@
- { - {
role: common/docker_traefik, tags: traefik, role: common/docker_traefik, tags: traefik,
servicename: traefik, servicename: traefik,
basedir: /srv/traefik,
domain: "warpzone.ms", domain: "warpzone.ms",
domain_default: "www.warpzone.ms" domain_default: "www.warpzone.ms",
matrix_federation: true
} }
- { - {
role: webserver/docker_autodiscover, tags: autodiscover, role: webserver/docker_autodiscover, tags: autodiscover,
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment