gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

DEV-647 added hetzner domain smardigo.dev

Browse Source
feature/DEV-655
Ketelsen, Sven 3 years ago committed by Görz, Friedrich
parent 8f4b884ba1
commit 7cdc602534
32 changed files with 731 additions and 734 deletions
Show Stats Download Patch File Download Diff File

2
evil-remove-server.yml
Unescape Escape View File

@ -42,7 +42,7 @@
- server_state: "absent" - server_state: "absent"
- name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>" - name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"
include_role: include_role:
name: sma_digitalocean name: dns
tasks_from: _remove_dns tasks_from: _remove_dns
vars: vars:
record_to_remove: '{{ inventory_hostname }}' record_to_remove: '{{ inventory_hostname }}'

8
group_vars/all/dns.yml
Unescape Escape View File

@ -0,0 +1,8 @@
---
dns: digitalocean
domain: "smardigo.digital"
traefik_letsencrypt_provider: "digitalocean"
hetzner_dns_api_key: '{{ hetzner_dns_api_key_vault }}'
digitalocean_authentication_token: '{{ digitalocean_authentication_token_vault }}'

2
group_vars/all/plain.yml
Unescape Escape View File

@ -47,11 +47,11 @@ common_apt_dependencies:
common_pip_dependencies: common_pip_dependencies:
- docker-compose - docker-compose
- requests - requests
- passlib
use_ssl: true use_ssl: true
http_s: "http{{ use_ssl | ternary('s', '', omit) }}" http_s: "http{{ use_ssl | ternary('s', '', omit) }}"
domain: "smardigo.digital"
stage_server_domain: "{{ inventory_hostname }}.{{ domain }}" stage_server_domain: "{{ inventory_hostname }}.{{ domain }}"
stage_server_url: "{{ http_s }}://{{ stage_server_domain }}" stage_server_url: "{{ http_s }}://{{ stage_server_domain }}"

45
group_vars/stage_dev/plain.yml
Unescape Escape View File

@ -147,27 +147,30 @@ shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03"
shared_service_elastic_stack_logstash_01_hostname: "{{ stage }}-elastic-stack-logstash-01" shared_service_elastic_stack_logstash_01_hostname: "{{ stage }}-elastic-stack-logstash-01"
shared_service_elastic_stack_kibana_01_hostname: "{{ stage }}-elastic-stack-kibana-01" shared_service_elastic_stack_kibana_01_hostname: "{{ stage }}-elastic-stack-kibana-01"
kube_master_01_hostname: "{{ stage }}-kube-master-01.{{ domain }}" # TODO use {{ domain }} agai when moved to smardigo.dev
kube_master_02_hostname: "{{ stage }}-kube-master-02.{{ domain }}" kube_master_01_hostname: "{{ stage }}-kube-master-01.smardigo.digital"
kube_master_03_hostname: "{{ stage }}-kube-master-03.{{ domain }}" kube_master_02_hostname: "{{ stage }}-kube-master-02.smardigo.digital"
kube_node_01_hostname: "{{ stage }}-kube-node-01.{{ domain }}" kube_master_03_hostname: "{{ stage }}-kube-master-03.smardigo.digital"
kube_node_02_hostname: "{{ stage }}-kube-node-02.{{ domain }}" kube_node_01_hostname: "{{ stage }}-kube-node-01.smardigo.digital"
kube_node_03_hostname: "{{ stage }}-kube-node-03.{{ domain }}" kube_node_02_hostname: "{{ stage }}-kube-node-02.smardigo.digital"
kube_node_03_hostname: "{{ stage }}-kube-node-03.smardigo.digital"
shared_service_iam_hostname: "{{ stage }}-iam-01.{{ domain }}"
shared_service_mail_hostname: "{{ stage }}-mail-01.{{ domain }}" # TODO use {{ domain }} agai when moved to smardigo.dev
shared_service_gitea_hostname: "{{ stage }}-gitea-01.{{ domain }}" shared_service_iam_hostname: "{{ stage }}-iam-01.smardigo.digital"
shared_service_redis_hostname: "{{ stage }}-redis-01.{{ domain }}" shared_service_mail_hostname: "{{ stage }}-mail-01.smardigo.digital"
shared_service_kube_argocd_hostname: "{{ stage }}-kube-argocd.{{ domain }}" shared_service_gitea_hostname: "{{ stage }}-gitea-01.smardigo.digital"
shared_service_kube_awx_hostname: "{{ stage }}-kube-awx.{{ domain }}" shared_service_redis_hostname: "{{ stage }}-redis-01.smardigo.digital"
shared_service_kube_prometheus_hostname: "{{ stage }}-kube-prometheus.{{ domain }}" shared_service_kube_argocd_hostname: "{{ stage }}-kube-argocd.smardigo.digital"
shared_service_kube_jaeger_collector_hostname: "{{ stage }}-kube-jaeger-collector.{{ domain }}" shared_service_kube_awx_hostname: "{{ stage }}-kube-awx.smardigo.digital"
shared_service_pdns_hostname: "{{ stage }}-pdns-01.{{ domain }}" shared_service_kube_prometheus_hostname: "{{ stage }}-kube-prometheus.smardigo.digital"
shared_service_webdav_hostname: "{{ stage }}-webdav-01.{{ domain }}" shared_service_kube_jaeger_collector_hostname: "{{ stage }}-kube-jaeger-collector.smardigo.digital"
shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.{{ domain }}" shared_service_pdns_hostname: "{{ stage }}-pdns-01.smardigo.digital"
shared_service_harbor_hostname: "{{ stage }}-harbor-01.{{ domain }}" shared_service_webdav_hostname: "{{ stage }}-webdav-01.smardigo.digital"
shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.smardigo.digital"
management_service_connect_hostname: "{{ stage }}-management-01-connect.{{ domain }}" shared_service_harbor_hostname: "{{ stage }}-harbor-01.smardigo.digital"
# TODO use {{ domain }} agai when moved to smardigo.dev
management_service_connect_hostname: "{{ stage }}-management-01-connect.smardigo.digital"
keycloak_server_url: "https://{{ shared_service_keycloak_hostname }}" keycloak_server_url: "https://{{ shared_service_keycloak_hostname }}"

1148
group_vars/stage_dev/vault.yml
View File

File diff suppressed because it is too large Load Diff

8
group_vars/ubuntu_docker/plain.yml
Unescape Escape View File

@ -0,0 +1,8 @@
---
dns: hetzner
domain: "smardigo.dev"
traefik_letsencrypt_provider: "hetzner"
hetzner_server_type: cpx21
hetzner_server_labels: "stage={{ stage }} service=ubuntu_docker"

3
provisioning.yml
Unescape Escape View File

@ -61,10 +61,11 @@
hetzner_state: 'started' hetzner_state: 'started'
when: when:
- "'hcloud' in group_names" - "'hcloud' in group_names"
tasks: tasks:
- name: "Create server in DO-cloud via include_tasks" - name: "Create server in DO-cloud via include_tasks"
include_role: include_role:
name: sma_digitalocean name: digitalocean
tasks_from: _create_server tasks_from: _create_server
vars: vars:
droplet: droplet:

2
remove-server.yml
Unescape Escape View File

@ -73,7 +73,7 @@
- name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>" - name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"
include_role: include_role:
name: sma_digitalocean name: dns
tasks_from: _remove_dns tasks_from: _remove_dns
vars: vars:
record_to_remove: '{{ inventory_hostname }}' record_to_remove: '{{ inventory_hostname }}'

4
remove-service.yml
Unescape Escape View File

@ -63,7 +63,7 @@
tasks: tasks:
- name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>" - name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"
include_role: include_role:
name: sma_digitalocean name: dns
tasks_from: _remove_dns tasks_from: _remove_dns
vars: vars:
record_to_remove: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-01-connect' record_to_remove: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-01-connect'
@ -71,7 +71,7 @@
- name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>" - name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"
include_role: include_role:
name: sma_digitalocean name: dns
tasks_from: _remove_dns tasks_from: _remove_dns
vars: vars:
record_to_remove: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-01-wordpress' record_to_remove: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-01-wordpress'

2
restore-remote-database-backup.yml
Unescape Escape View File

@ -243,7 +243,7 @@
- name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>" - name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"
include_role: include_role:
name: sma_digitalocean name: dns
tasks_from: _remove_dns tasks_from: _remove_dns
vars: vars:
record_to_remove: '{{ inventory_hostname }}' record_to_remove: '{{ inventory_hostname }}'

3
roles/connect/tasks/main.yml
Unescape Escape View File

@ -6,8 +6,7 @@
- name: "Setup DNS configuration for <{{ connect_id }}> to <{{ stage_server_ip }}>" - name: "Setup DNS configuration for <{{ connect_id }}> to <{{ stage_server_ip }}>"
include_role: include_role:
name: sma_digitalocean name: dns
tasks_from: domain
vars: vars:
record_data: "{{ stage_server_ip }}" record_data: "{{ stage_server_ip }}"
record_name: "{{ connect_id }}" record_name: "{{ connect_id }}"

6
roles/connect_compact/tasks/main.yml
Unescape Escape View File

@ -2,16 +2,14 @@
- name: "Setup DNS configuration for <{{ connect_id }}> to <{{ stage_server_ip }}>" - name: "Setup DNS configuration for <{{ connect_id }}> to <{{ stage_server_ip }}>"
include_role: include_role:
name: sma_digitalocean name: dns
tasks_from: domain
vars: vars:
record_data: "{{ stage_server_ip }}" record_data: "{{ stage_server_ip }}"
record_name: "{{ connect_id }}" record_name: "{{ connect_id }}"
- name: "Setup DNS configuration for <{{ connect_external_domain }}> to <{{ stage_server_ip }}>" - name: "Setup DNS configuration for <{{ connect_external_domain }}> to <{{ stage_server_ip }}>"
include_role: include_role:
name: sma_digitalocean name: dns
tasks_from: domain
vars: vars:
record_data: "{{ stage_server_ip }}" record_data: "{{ stage_server_ip }}"
record_name: "{{ connect_external_domain }}" record_name: "{{ connect_external_domain }}"

3
roles/connect_wordpress/tasks/main.yml
Unescape Escape View File

@ -21,8 +21,7 @@
- name: "Setup DNS configuration for {{ wordpress_id }}" - name: "Setup DNS configuration for {{ wordpress_id }}"
include_role: include_role:
name: sma_digitalocean name: dns
tasks_from: domain
vars: vars:
record_data: "{{ stage_server_ip }}" record_data: "{{ stage_server_ip }}"
record_name: "{{ inventory_hostname }}-wordpress" record_name: "{{ inventory_hostname }}-wordpress"

24
roles/sma_digitalocean/tasks/_create_server.yml → roles/digitalocean/tasks/_create_server.yml
Unescape Escape View File

@ -1,3 +1,5 @@
---
- name: "Create ssh key" - name: "Create ssh key"
delegate_to: localhost delegate_to: localhost
community.digitalocean.digital_ocean_sshkey: community.digitalocean.digital_ocean_sshkey:
@ -39,7 +41,7 @@
register: new_droplet register: new_droplet
vars: vars:
querystring: "[*].fingerprint" querystring: "[*].fingerprint"
- name: "Tag new server" - name: "Tag new server"
delegate_to: localhost delegate_to: localhost
community.digitalocean.digital_ocean_tag: community.digitalocean.digital_ocean_tag:
@ -57,15 +59,11 @@
loop: "{{ new_droplet.data | community.general.json_query(jsonquery_ipaddress) }}" loop: "{{ new_droplet.data | community.general.json_query(jsonquery_ipaddress) }}"
vars: vars:
jsonquery_ipaddress: "droplet.networks.v4[?type=='public'].ip_address" jsonquery_ipaddress: "droplet.networks.v4[?type=='public'].ip_address"
# TODO: abolish _digitalocean/tasks/domain.yml - name: "Setup DNS configuration for <{{ connect_id }}> to <{{ stage_server_ip }}>"
- name: "Create dns record for droplet" include_role:
delegate_to: localhost name: dns
community.digitalocean.digital_ocean_domain_record: vars:
oauth_token: "{{ digitalocean_authentication_token }}" record_state: present
state: present record_data: "{{ stage_server_ip }}"
domain: "{{ domain }}" record_name: "{{ new_droplet.data.droplet.name }}"
type: A
name: "{{ new_droplet.data.droplet.name }}"
data: "{{ stage_server_ip }}"
force_update: yes

0
roles/sma_digitalocean/tasks/_remove_dns.yml → roles/dns/tasks/_remove_dns.yml
Unescape Escape View File

33
roles/dns/tasks/main.yml
Unescape Escape View File

@ -0,0 +1,33 @@
---
- name: "Create DO DNS entry for <{{ record_name }}.{{ domain }}> to <{{ record_data }}> if necessary"
community.digitalocean.digital_ocean_domain_record:
oauth_token: "{{ digitalocean_authentication_token }}"
state: "{{ record_state | default('present') }}"
domain: "{{ domain }}"
type: A
name: "{{ record_name }}"
data: "{{ record_data }}"
ttl: "{{ dns_ttl | default(1800) }}"
delegate_to: localhost
become: false
when:
- dns == 'digitalocean'
tags:
- update_dns
- name: "Create Hetzner DNS entry for <{{ record_name }}.{{ domain }}> to <{{ record_data }}> if necessary"
community.dns.hetzner_dns_record:
hetzner_token: "{{ hetzner_dns_api_key }}"
state: "{{ record_state | default('present') }}"
zone: "{{ domain }}"
type: A
record: "{{ record_name }}.{{ domain }}"
ttl: "{{ sma_digitalocean_ttl | default(1800) }}"
value: "{{ stage_server_ip }}"
delegate_to: localhost
become: false
when:
- dns == 'hetzner'
tags:
- update_dns

3
roles/harbor/tasks/install.yml
Unescape Escape View File

@ -4,8 +4,7 @@
- name: "Setup DNS configuration for {{ inventory_hostname }} harbor" - name: "Setup DNS configuration for {{ inventory_hostname }} harbor"
include_role: include_role:
name: sma_digitalocean name: dns
tasks_from: domain
vars: vars:
record_data: "{{ stage_server_ip }}" record_data: "{{ stage_server_ip }}"
record_name: "{{ inventory_hostname }}" record_name: "{{ inventory_hostname }}"

3
roles/hcloud/tasks/main.yml
Unescape Escape View File

@ -77,8 +77,7 @@
- name: "Checking present state of dns for {{ inventory_hostname }}" - name: "Checking present state of dns for {{ inventory_hostname }}"
include_role: include_role:
name: sma_digitalocean name: dns
tasks_from: domain
vars: vars:
record_data: "{{ stage_server_ip }}" record_data: "{{ stage_server_ip }}"
record_name: "{{ inventory_hostname }}" record_name: "{{ inventory_hostname }}"

3
roles/keycloak/tasks/main.yml
Unescape Escape View File

@ -6,8 +6,7 @@
- name: "Setup DNS configuration for {{ inventory_hostname }}" - name: "Setup DNS configuration for {{ inventory_hostname }}"
include_role: include_role:
name: sma_digitalocean name: dns
tasks_from: domain
vars: vars:
record_data: "{{ stage_server_ip }}" record_data: "{{ stage_server_ip }}"
record_name: "{{ inventory_hostname }}" record_name: "{{ inventory_hostname }}"

6
roles/keycloak_compact/tasks/main.yml
Unescape Escape View File

@ -5,16 +5,14 @@
- name: "Setup DNS configuration for <{{ keycloak_id }}> to <{{ stage_server_ip }}>" - name: "Setup DNS configuration for <{{ keycloak_id }}> to <{{ stage_server_ip }}>"
include_role: include_role:
name: sma_digitalocean name: dns
tasks_from: domain
vars: vars:
record_data: "{{ stage_server_ip }}" record_data: "{{ stage_server_ip }}"
record_name: "{{ keycloak_id }}" record_name: "{{ keycloak_id }}"
- name: "Setup DNS configuration for <{{ keycloak_external_domain }}> to <{{ stage_server_ip }}>" - name: "Setup DNS configuration for <{{ keycloak_external_domain }}> to <{{ stage_server_ip }}>"
include_role: include_role:
name: sma_digitalocean name: dns
tasks_from: domain
vars: vars:
record_data: "{{ stage_server_ip }}" record_data: "{{ stage_server_ip }}"
record_name: "{{ keycloak_external_domain }}" record_name: "{{ keycloak_external_domain }}"

3
roles/kibana/tasks/main.yaml
Unescape Escape View File

@ -7,8 +7,7 @@
- name: "Setup DNS configuration for {{ kibana_id }}" - name: "Setup DNS configuration for {{ kibana_id }}"
include_role: include_role:
name: sma_digitalocean name: dns
tasks_from: domain
vars: vars:
record_data: "{{ stage_server_ip }}" record_data: "{{ stage_server_ip }}"
record_name: "{{ kibana_id }}" record_name: "{{ kibana_id }}"

2
roles/kubernetes/prometheus/tasks/_create_auth_secret.yml
Unescape Escape View File

@ -4,6 +4,7 @@
file: file:
path: "{{ htpasswd_file_path }}" path: "{{ htpasswd_file_path }}"
state: touch state: touch
mode: '0600'
- name: "Install latest passlib with pip" - name: "Install latest passlib with pip"
pip: name=passlib pip: name=passlib
@ -13,6 +14,7 @@
path: "{{ htpasswd_file_path }}" path: "{{ htpasswd_file_path }}"
name: "{{ basic_auth_username }}" name: "{{ basic_auth_username }}"
password: "{{ basic_auth_password }}" password: "{{ basic_auth_password }}"
mode: '0600'
- name: "Read credentials out of htpasswd file" - name: "Read credentials out of htpasswd file"
ansible.builtin.slurp: ansible.builtin.slurp:

3
roles/pgadmin4/tasks/main.yml
Unescape Escape View File

@ -6,8 +6,7 @@
- name: "Setup DNS configuration for {{ inventory_hostname }} pgadmin4" - name: "Setup DNS configuration for {{ inventory_hostname }} pgadmin4"
include_role: include_role:
name: sma_digitalocean name: dns
tasks_from: domain
vars: vars:
record_data: "{{ stage_server_ip }}" record_data: "{{ stage_server_ip }}"
record_name: "{{ inventory_hostname }}-pgadmin4" record_name: "{{ inventory_hostname }}-pgadmin4"

3
roles/prometheus/tasks/main.yml
Unescape Escape View File

@ -17,8 +17,7 @@
- name: "Setup DNS configuration for <{{ inventory_hostname }}>" - name: "Setup DNS configuration for <{{ inventory_hostname }}>"
include_role: include_role:
name: sma_digitalocean name: dns
tasks_from: domain
vars: vars:
record_data: "{{ stage_server_ip }}" record_data: "{{ stage_server_ip }}"
record_name: "{{ item }}" record_name: "{{ item }}"

6
roles/shared_service/tasks/main.yml
Unescape Escape View File

@ -16,16 +16,14 @@
- name: "Updating DNS for <{{ current_dns_entry }}> to <{{ current_server_ip }}>" - name: "Updating DNS for <{{ current_dns_entry }}> to <{{ current_server_ip }}>"
include_role: include_role:
name: sma_digitalocean name: dns
tasks_from: domain
vars: vars:
record_data: "{{ current_server_ip }}" record_data: "{{ current_server_ip }}"
record_name: "{{ current_dns_entry }}" record_name: "{{ current_dns_entry }}"
- name: "Updating public DNS for <{{ current_host }}>" - name: "Updating public DNS for <{{ current_host }}>"
include_role: include_role:
name: sma_digitalocean name: dns
tasks_from: domain
vars: vars:
record_data: "{{ item.ip }}" record_data: "{{ item.ip }}"
record_name: "{{ item.name }}" record_name: "{{ item.name }}"

27
roles/sma_deploy/tasks/htpasswd.yml
Unescape Escape View File

@ -0,0 +1,27 @@
---
- name: "Create empty htpswd file"
ansible.builtin.file:
path: "{{ htpasswd_file_path }}"
state: touch
mode: '0600'
- name: "Add a user and password to empty htpswd file>"
community.general.htpasswd:
path: "{{ htpasswd_file_path }}"
name: "{{ basic_auth_username }}"
password: "{{ basic_auth_password }}"
mode: '0600'
- name: "Read credentials out of htpasswd file"
ansible.builtin.slurp:
src: "{{ htpasswd_file_path }}"
register: "credentials"
- name: "Delete htpasswd file"
ansible.builtin.file:
path: "{{ htpasswd_file_path }}"
state: absent
- name: "Setting htpasswd to <{{ credentials_name }}>" ## noqa var-naming
ansible.builtin.set_fact: "{{ credentials_name }}={{ credentials.content | b64decode | trim | replace('$','$$') }}"

1
roles/sma_digitalocean/defaults/main.yml
Unescape Escape View File

@ -1 +0,0 @@
---

81
roles/sma_digitalocean/tasks/domain.yml
Unescape Escape View File

@ -1,81 +0,0 @@
---
- name: "Read DNS entry for {{ record_name }}.{{ domain }} from digitalocean"
uri:
url: "https://api.digitalocean.com/v2/domains/{{ domain }}/records?name={{ record_name }}.{{ domain }}"
headers:
accept: application/json
authorization: Bearer {{ digitalocean_authentication_token }}
return_content: yes
register: domain_records_response
delegate_to: 127.0.0.1
become: false
tags:
- update_dns
- name: "Save DNS entry as variable (fact)"
set_fact:
domain_records_response_json: "{{ domain_records_response.json }}"
delegate_to: 127.0.0.1
become: false
tags:
- update_dns
- name: "Parse DNS entry for {{ record_name }}.{{ domain }}"
set_fact:
domain_record: "{{ domain_records_response_json.domain_records | json_query(jmesquery) | first | default({'name': '-', 'ip': '-'}) }}"
vars:
jmesquery: '[*].{id: id, name: name, ip: data}'
delegate_to: 127.0.0.1
become: false
tags:
- update_dns
- name: "Print DNS entry for {{ record_name }}.{{ domain }}"
debug:
msg: "{{ domain_record }}"
delegate_to: 127.0.0.1
become: false
tags:
- update_dns
- name: "Delete DNS entry for <{{ record_data }}:{{ record_name }}> if necessary"
uri:
method: DELETE
url: "https://api.digitalocean.com/v2/domains/{{ domain }}/records/{{ domain_record.id }}"
headers:
authorization: Bearer {{ digitalocean_authentication_token }}
return_content: yes
status_code: 204
when:
- domain_record.ip != '-'
- record_data != domain_record.ip
delegate_to: 127.0.0.1
become: false
tags:
- update_dns
- name: "Create DNS entry for <{{ record_name }}> if necessary"
uri:
method: POST
url: "https://api.digitalocean.com/v2/domains/{{ domain }}/records"
headers:
authorization: Bearer {{ digitalocean_authentication_token }}
body: '{{ create_record | to_json }}'
body_format: json
return_content: yes
status_code: 201
vars:
create_record:
type: 'A'
ttl: "{{ sma_digitalocean_ttl | default(1800) }}"
data: "{{ record_data }}"
name: "{{ record_name }}"
when:
domain_record.ip == '-'
or record_data != domain_record.ip
or record_name != domain_record.name
delegate_to: 127.0.0.1
become: false
tags:
- update_dns

1
roles/sma_digitalocean/vars/main.yml
Unescape Escape View File

@ -1 +0,0 @@
---

12
roles/traefik/vars/main.yml
Unescape Escape View File

@ -2,6 +2,14 @@
traefik_id: "{{ inventory_hostname }}-traefik" traefik_id: "{{ inventory_hostname }}-traefik"
traefik_environment_digitalocean: [
'DO_AUTH_TOKEN: "{% if traefik_dns_01_challenge %}{{ digitalocean_authentication_token }}{% else %}{% endif %}"',
]
traefik_environment_hetzner: [
'HETZNER_API_KEY: "{% if traefik_dns_01_challenge %}{{ hetzner_dns_api_key }}{% else %}{% endif %}"',
]
traefik_environment_dns: "{{ traefik_environment_digitalocean if dns == 'digitalocean' else traefik_environment_hetzner if dns == 'hetzner' else [] }}"
traefik_docker: { traefik_docker: {
networks: [ networks: [
{ {
@ -14,9 +22,7 @@ traefik_docker: {
name: "{{ traefik_id }}", name: "{{ traefik_id }}",
image_name: "{{ traefik_image_name }}", image_name: "{{ traefik_image_name }}",
image_version: "{{ traefik_version }}", image_version: "{{ traefik_version }}",
environment: [ environment: "{{ traefik_environment_dns }}",
'DO_AUTH_TOKEN: "{% if traefik_dns_01_challenge %}{{ digitalocean_authentication_token }}{% else %}{% endif %}"',
],
volumes: [ volumes: [
'"./acme.json:/acme.json"', '"./acme.json:/acme.json"',
'"./traefik.toml:/traefik.toml:ro"', '"./traefik.toml:/traefik.toml:ro"',

16
stage-dev
Unescape Escape View File

@ -4,9 +4,6 @@ dev-backup-01
[connect] [connect]
dev-management-01 dev-management-01
[pdns]
#dev-pdns-01
[elastic] [elastic]
dev-elastic-stack-elastic-01 dev-elastic-stack-elastic-01
dev-elastic-stack-elastic-02 dev-elastic-stack-elastic-02
@ -37,12 +34,15 @@ dev-management-01
[maria] [maria]
dev-maria-01 dev-maria-01
[postfix] [pdns]
dev-mail-01 #dev-pdns-01
[pgadmin4] [pgadmin4]
dev-pgadmin4-01 dev-pgadmin4-01
[postfix]
dev-mail-01
[postgres] [postgres]
dev-postgres-01 dev-postgres-01
dev-postgres-02 dev-postgres-02
@ -53,6 +53,9 @@ dev-prometheus-01
[redis] [redis]
#dev-redis-01 #dev-redis-01
[ubuntu_docker]
dev-devops-iaas-01
[webdav] [webdav]
#dev-webdav-01 #dev-webdav-01
@ -79,7 +82,6 @@ kube_node
backup backup
connect connect
elastic elastic
pdns
gitea gitea
harbor harbor
iam iam
@ -89,11 +91,13 @@ kibana
logstash logstash
management management
maria maria
pdns
pgadmin4 pgadmin4
postfix postfix
postgres postgres
prometheus prometheus
redis redis
ubuntu_docker
webdav webdav
[all:children] [all:children]

2
templates/traefik/traefik.toml.j2
Unescape Escape View File

@ -89,7 +89,7 @@
caserver = "{{ letsencrypt_caserver_directory_url }}" caserver = "{{ letsencrypt_caserver_directory_url }}"
{% endif %} {% endif %}
[certificatesResolvers.letsencrypt.acme.dnsChallenge] [certificatesResolvers.letsencrypt.acme.dnsChallenge]
provider = "digitalocean" provider = "{{ traefik_letsencrypt_provider }}"
resolvers = ["8.8.8.8:53"] resolvers = ["8.8.8.8:53"]
[certificatesResolvers.letsencrypt-http.acme] [certificatesResolvers.letsencrypt-http.acme]

Write Preview
Loading…
Cancel
Save