parent
f175b6fef0
commit
db3e668191
@ -0,0 +1,75 @@
|
||||
---
|
||||
# deploy a media server from scratch.
|
||||
|
||||
# boot strap server
|
||||
- name: Install aptitude using apt
|
||||
apt: name=aptitude state=latest update_cache=yes force_apt_get=yes
|
||||
|
||||
- name: Install required system packages for docker install
|
||||
apt: name={{ item }} state=latest update_cache=yes
|
||||
loop: [ 'apt-transport-https', 'ca-certificates', 'software-properties-common' ]
|
||||
|
||||
- name: Add Docker GPG apt Key
|
||||
apt_key:
|
||||
url: https://download.docker.com/linux/debian/gpg
|
||||
state: present
|
||||
|
||||
- name: Add Docker Repository
|
||||
apt_repository:
|
||||
repo: deb https://download.docker.com/linux/ubuntu bionic stable
|
||||
state: present
|
||||
|
||||
- name: Update apt
|
||||
apt: update_cache=yes
|
||||
|
||||
- name: Install required system packages
|
||||
apt: name={{ sys_packages }} state=latest
|
||||
|
||||
- name: add 'josiah' to docker group
|
||||
user:
|
||||
name='josiah'
|
||||
groups=docker
|
||||
append=yes
|
||||
|
||||
|
||||
# set up mediaserver specific bullshit.
|
||||
- name: ensure traefik config directory exists
|
||||
file: state=directory path=/home/josiah/apps/traefik/ owner=josiah group=josiah mode=0700
|
||||
|
||||
- name: ensure traefik.log exists
|
||||
file: state=file path=/home/josiah/apps/traefik/traefik.log owner=josiah group=josiah mode=0700
|
||||
|
||||
- name: allow for pretty json errors
|
||||
pip:
|
||||
name: jsondiff
|
||||
|
||||
- name: Create deploy configs dir if it does not exist
|
||||
file:
|
||||
path: /home/josiah/deploys/mediaserver
|
||||
state: directory
|
||||
mode: '0755'
|
||||
|
||||
- name: copy over mediaserver config files
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
mode: 0777
|
||||
with_items:
|
||||
- {src: 'traefik-compose.yml', dest: '/home/josiah/apps/traefik/traefik-compose.yml'}
|
||||
- {src: 'traefik.toml', dest: '/home/josiah/apps/traefik/traefik.toml'}
|
||||
- {src: 'traefik.yml', dest: '/home/josiah/apps/traefik/traefik.yml'}
|
||||
|
||||
- name: Deploy network
|
||||
docker_stack:
|
||||
state: present
|
||||
name: traefik
|
||||
compose:
|
||||
- /home/josiah/apps/traefik/traefik.yml
|
||||
|
||||
|
||||
- name: Deploy traefik service
|
||||
docker_stack:
|
||||
state: present
|
||||
name: traefik-app
|
||||
compose:
|
||||
- /home/josiah/apps/traefik/traefik-compose.yml
|
@ -0,0 +1,45 @@
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:alpine
|
||||
command: |-
|
||||
--entryPoints="Name:http Address::80 Redirect.EntryPoint:https"
|
||||
--entryPoints="Name:https Address::443 TLS"
|
||||
--defaultentrypoints="http,https"
|
||||
--accesslogsfile="/var/log/access.log"
|
||||
--acme
|
||||
--acme.acmelogging="true"
|
||||
# Change this to an actual email address
|
||||
--acme.email="me@jowj.net"
|
||||
--acme.entrypoint="https"
|
||||
--acme.storage="/acme/acme.json"
|
||||
--acme.onhostrule="true"
|
||||
--docker
|
||||
--docker.swarmmode
|
||||
# Change this to your primary domain
|
||||
--docker.domain="home.jowj.net"
|
||||
--docker.watch
|
||||
--web
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
- 8080:8080
|
||||
networks:
|
||||
- traefik_public
|
||||
volumes:
|
||||
- traefik_acme:/acme/
|
||||
- traefik_logs:/var/log/access.log
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
deploy:
|
||||
placement:
|
||||
constraints:
|
||||
- node.role == manager
|
||||
|
||||
volumes:
|
||||
traefik_acme:
|
||||
traefik_logs:
|
||||
|
||||
networks:
|
||||
traefik_public:
|
||||
external: true
|
@ -0,0 +1,36 @@
|
||||
checkNewVersion = true
|
||||
defaultEntryPoints = ["http", "https"]
|
||||
|
||||
# This section enable LetsEncrypt automatic certificate generation / renewal
|
||||
[acme]
|
||||
email = "me@jowj.net"
|
||||
storage = "acme.json" # or "traefik/acme/account" if using KV store
|
||||
entryPoint = "https"
|
||||
acmeLogging = true
|
||||
onDemand = true
|
||||
OnHostRule = true
|
||||
|
||||
# Request wildcard certificates per https://docs.traefik.io/configuration/acme/#wildcard-domains
|
||||
[[acme.domains]]
|
||||
main = "hatchery.jowj.net"
|
||||
sans = ["jowj.net"]
|
||||
|
||||
# Redirect all HTTP to HTTPS (why wouldn't you?)
|
||||
[entryPoints]
|
||||
[entryPoints.http]
|
||||
address = ":80"
|
||||
[entryPoints.http.redirect]
|
||||
entryPoint = "https"
|
||||
[entryPoints.https]
|
||||
address = ":443"
|
||||
[entryPoints.https.tls]
|
||||
|
||||
[web]
|
||||
address = ":8080"
|
||||
watch = true
|
||||
|
||||
[docker]
|
||||
endpoint = "tcp://127.0.0.1:2375"
|
||||
domain = "home.jowj.net"
|
||||
watch = true
|
||||
swarmmode = true
|
@ -0,0 +1,22 @@
|
||||
version: "3.2"
|
||||
|
||||
# What is this?
|
||||
#
|
||||
# This stack exists solely to deploy the traefik_public overlay network, so that
|
||||
# other stacks (including traefik-app) can attach to it
|
||||
|
||||
services:
|
||||
scratch:
|
||||
image: scratch
|
||||
deploy:
|
||||
replicas: 0
|
||||
networks:
|
||||
- public
|
||||
|
||||
networks:
|
||||
public:
|
||||
driver: overlay
|
||||
attachable: true
|
||||
ipam:
|
||||
config:
|
||||
- subnet: 172.16.200.0/24
|
@ -0,0 +1 @@
|
||||
sys_packages: [ 'curl', 'vim', 'git', 'emacs', 'build-essential', 'mosh', 'python', 'python-pip' ]
|
Loading…
Reference in new issue