diff --git a/ansible/roles/awfulAll/readme.org b/ansible/roles/awfulAll/readme.org new file mode 100644 index 0000000..d6a2146 --- /dev/null +++ b/ansible/roles/awfulAll/readme.org @@ -0,0 +1,7 @@ +* awful-1 +this shit does too much. I should probably break it out a bit. + +** things to note +i have gitea shit set up on a single network so that it can be isolated from the rest of my services. the traefik container ALSO must have access to that instance or it won't be able to forward data to the gt server. + +real fucking confused there for like 30 minutes. diff --git a/ansible/roles/awfulAll/templates/awful-compose.yml b/ansible/roles/awfulAll/templates/awful-compose.yml index 6c200d8..6cffec9 100644 --- a/ansible/roles/awfulAll/templates/awful-compose.yml +++ b/ansible/roles/awfulAll/templates/awful-compose.yml @@ -18,15 +18,23 @@ services: ports: - "80:80" - "443:443" - - "222:222" + - "222:222" # gitea ssh - "8080:8080" environment: DO_AUTH_TOKEN: "{{ DO_AUTH_TOKEN }}" + networks: + gitea: volumes: - "/home/josiah/apps/awful/letsencrypt/:/letsencrypt" - "/var/run/docker.sock:/var/run/docker.sock:ro" - - "/home/josiah/apps/test/traefik.yml:/etc/traefik/traefik.yml" + - "/home/josiah/apps/awful/traefik.yml:/etc/traefik/traefik.yml" - traefik_logs:/log + labels: + - "traefik.enable=true" + - "traefik.http.routers.edge.rule=hostregexp(`{host:.+}`)" + - "traefik.http.routers.edge.entrypoints=web" + - "traefik.http.routers.edge.middlewares=redirect-to-https" + - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" whoami: image: "containous/whoami" @@ -35,7 +43,8 @@ services: - "traefik.http.routers.whoami.rule=Host(`whoami.awful.club`)" - "traefik.http.routers.whoami.entrypoints=websecure" - "traefik.http.routers.whoami.tls.certresolver=awful-letsencrypt" - + - "traefik.http.routers.whoami.tls=true" + nginx: image: nginx:1.17.10 volumes: @@ -48,3 +57,52 @@ services: - "traefik.http.routers.nginx.rule=Host(`awful.club`)||Host(`jowj.net`)" - "traefik.http.routers.nginx.entrypoints=websecure" - "traefik.http.routers.nginx.tls.certresolver=awful-letsencrypt" + + gitea-server: + image: gitea/gitea:latest + environment: + - USER_UID=1000 + - USER_GID=1000 + - DB_TYPE=postgres + - DB_HOST=172.28.1.3:5432 + - DB_NAME={{ GITEA_DB_NAME }} + - DB_USER={{ GITEA_DB_USER }} + - DB_PASSWD={{ GITEA_DB_PASSWD }} + networks: + gitea: + ipv4_address: 172.28.1.2 + volumes: + - /mnt/volume_sfo2_01/gitea:/data + depends_on: + - gitea-db + labels: + # global rules + - "traefik.enable=true" + + # the web ui + - "traefik.http.routers.gitea-web.rule=Host(`git.awful.club`)" + - "traefik.http.routers.gitea-web.entrypoints=websecure" + - "traefik.http.routers.gitea-web.service=gitea-web-svc" + - "traefik.http.routers.gitea-web.tls=true" + - "traefik.http.routers.gitea-web.tls.certresolver=awful-letsencrypt" + - "traefik.http.services.gitea-web-svc.loadbalancer.server.port=3000" + + + # handle ssh + - "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)" + - "traefik.tcp.routers.gitea-ssh.entrypoints=ssh" + - "traefik.tcp.routers.gitea-ssh.service=gitea-ssh-svc" + - "traefik.tcp.services.gitea-ssh-svc.loadbalancer.server.port=22" + + gitea-db: + image: postgres:9.6 + environment: + - POSTGRES_USER={{ GITEA_POSTGRES_USER }} + - POSTGRES_PASSWORD={{ GITEA_POSTGRES_USER }} + - POSTGRES_DB={{ GITEA_POSTGRES_USER }} + networks: + gitea: + ipv4_address: 172.28.1.3 + volumes: + - /mnt/volume_sfo2_01/psql:/var/lib/postgresql/data + diff --git a/ansible/roles/awfulAll/templates/traefik.yml b/ansible/roles/awfulAll/templates/traefik.yml index 5c562d2..c7f4b45 100644 --- a/ansible/roles/awfulAll/templates/traefik.yml +++ b/ansible/roles/awfulAll/templates/traefik.yml @@ -11,7 +11,9 @@ api: insecure: false entryPoints: ssh: - address: ":22" + address: ":222" + gitea-web: + address: ":3000" web: address: ":80" websecure: