diff --git a/files/caddyproxy/Caddyfile.j2 b/files/caddyproxy/Caddyfile.j2 new file mode 100644 index 0000000..db6859b --- /dev/null +++ b/files/caddyproxy/Caddyfile.j2 @@ -0,0 +1,67 @@ +# ------------------------------------------------------------------- +# Global options +# ------------------------------------------------------------------- + +{ + grace_period 15s +} + +# ------------------------------------------------------------------- +# Netdata service +# ------------------------------------------------------------------- + +status.vakhrushev.me, :29999 { + tls anwinged@ya.ru + + reverse_proxy { + to netdata:19999 + } + + basicauth / { + {{ netdata.login }} {{ netdata.password_hash }} + } +} + +# ------------------------------------------------------------------- +# Applications +# ------------------------------------------------------------------- + +vakhrushev.me { + tls anwinged@ya.ru + + reverse_proxy { + to homepage_app:80 + } +} + +git.vakhrushev.me { + tls anwinged@ya.ru + + reverse_proxy { + to gitea_app:3000 + } +} + +kk.vakhrushev.me { + tls anwinged@ya.ru + + reverse_proxy { + to keycloak_app:8080 + } +} + +outline.vakhrushev.me { + tls anwinged@ya.ru + + reverse_proxy { + to outline_app:3000 + } +} + +gramps.vakhrushev.me { + tls anwinged@ya.ru + + reverse_proxy { + to gramps_app:5000 + } +} diff --git a/files/caddyproxy/docker-compose.yml.j2 b/files/caddyproxy/docker-compose.yml.j2 new file mode 100644 index 0000000..a03dbd0 --- /dev/null +++ b/files/caddyproxy/docker-compose.yml.j2 @@ -0,0 +1,22 @@ +services: + + {{ service_name }}: + image: caddy:2.9.1 + restart: unless-stopped + container_name: {{ service_name }} + ports: + - "80:80" + - "443:443" + - "443:443/udp" + cap_add: + - NET_ADMIN + volumes: + - {{ caddy_file_dir }}:/etc/caddy + - {{ data_dir }}:/data + - {{ config_dir }}:/config + networks: + - "{{ web_proxy_network }}" + +networks: + {{ web_proxy_network }}: + external: true diff --git a/playbook-caddyproxy.yml b/playbook-caddyproxy.yml new file mode 100644 index 0000000..66f3f32 --- /dev/null +++ b/playbook-caddyproxy.yml @@ -0,0 +1,67 @@ +--- +- name: "Configure caddy reverse proxy service" + hosts: all + + vars_files: + - vars/ports.yml + - vars/vars.yml + + vars: + app_name: "caddyproxy" + app_user: "{{ app_name }}" + base_dir: "/home/{{ app_user }}" + + data_dir: "{{ (base_dir, 'data') | path_join }}" + config_dir: "{{ (base_dir, 'config') | path_join }}" + caddy_file_dir: "{{ (base_dir, 'caddy_file') | path_join }}" + + service_name: "{{ app_name }}" + + tasks: + - name: "Create user and environment" + ansible.builtin.import_role: + name: owner + vars: + owner_name: "{{ app_user }}" + owner_extra_groups: + - "docker" + + - name: "Create internal application directories" + ansible.builtin.file: + path: "{{ item }}" + state: "directory" + owner: "{{ app_user }}" + group: "{{ app_user }}" + mode: "0770" + loop: + - "{{ data_dir }}" + - "{{ config_dir }}" + - "{{ caddy_file_dir }}" + + - name: "Copy caddy file" + ansible.builtin.template: + src: "./files/{{ app_name }}/Caddyfile.j2" + dest: "{{ (caddy_file_dir, 'Caddyfile') | path_join }}" + owner: "{{ app_user }}" + group: "{{ app_user }}" + mode: "0640" + + - name: "Copy docker compose file" + ansible.builtin.template: + src: "./files/{{ app_name }}/docker-compose.yml.j2" + dest: "{{ base_dir }}/docker-compose.yml" + owner: "{{ app_user }}" + group: "{{ app_user }}" + mode: "0640" + + - name: "Run application with docker compose" + community.docker.docker_compose_v2: + project_src: "{{ base_dir }}" + state: "present" + remove_orphans: true + + - name: "Reload caddy" + community.docker.docker_compose_v2_exec: + project_src: '{{ base_dir }}' + service: "{{ service_name }}" + command: caddy reload --config /etc/caddy/Caddyfile