diff --git a/host_vars/uisp.yml b/host_vars/uisp.yml new file mode 100644 index 0000000..845a7b7 --- /dev/null +++ b/host_vars/uisp.yml @@ -0,0 +1,4 @@ +ansible_host: 5.9.220.117 +ansible_port: 22 +ansible_ssh_user: root +ansible_python_interpreter: /usr/bin/python3 \ No newline at end of file diff --git a/hosts.yml b/hosts.yml index 3a1510c..d1d3772 100644 --- a/hosts.yml +++ b/hosts.yml @@ -23,6 +23,9 @@ all: unifi: hosts: unifi: + uisp: + hosts: + uisp: edge_router: hosts: edge1: diff --git a/roles/21.1-portainer-compose/files/portainer.yml b/roles/21.1-portainer-compose/files/portainer.yml new file mode 100644 index 0000000..1da58df --- /dev/null +++ b/roles/21.1-portainer-compose/files/portainer.yml @@ -0,0 +1,106 @@ +version: "3" +services: + portainer: + image: portainer/portainer-ce:2.18.1 + ports: + - 9443:9443 + volumes: + - portainer_data:/data + - /var/run/docker.sock:/var/run/docker.sock + networks: + - traefik-public + labels: + - traefik.enable=true + - traefik.docker.network=traefik-public + - traefik.constraint-label=traefik-public + - traefik.http.routers.portainer-http.rule=Host(`portainer-unifi.freifunk-troisdorf.de`) + - traefik.http.routers.portainer-http.entrypoints=http + - traefik.http.routers.portainer-http.middlewares=https-redirect + - traefik.http.routers.portainer-http.service=portainer + - traefik.http.routers.portainer-https.rule=Host(`portainer-unifi.freifunk-troisdorf.de`) + - traefik.http.routers.portainer-https.entrypoints=https + - traefik.http.routers.portainer-https.tls=true + - traefik.http.routers.portainer-https.tls.certresolver=le + - traefik.http.routers.portainer-https.service=portainer + - traefik.http.services.portainer.loadbalancer.server.port=9000 + + + traefik: + image: traefik:v2.4.8 + ports: + # Listen on port 80, default for HTTP, necessary to redirect to HTTPS + - 80:80 + # Listen on port 443, default for HTTPS + - 443:443 + # Listen on 2222 for SSH Gitea + - 2222:2222 + labels: + - traefik.enable=true + - traefik.docker.network=traefik-public + - traefik.constraint-label=traefik-public + - traefik.http.middlewares.admin-auth.basicauth.users=admin:$$2y$$05$$HmqkgwL5AxrYrwBWvvlVIuMVb5UMWrrChmhmRYFFkMXpLCFgi60US + - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https + - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true + - traefik.http.routers.traefik-public-http.rule=Host(`traefik-unifi.freifunk-troisdorf.de`) + - traefik.http.routers.traefik-public-http.entrypoints=http + - traefik.http.routers.traefik-public-http.middlewares=https-redirect + - traefik.http.routers.traefik-public-https.rule=Host(`traefik-unifi.freifunk-troisdorf.de`) + - traefik.http.routers.traefik-public-https.entrypoints=https + - traefik.http.routers.traefik-public-https.tls=true + # Use the special Traefik service api@internal with the web UI/Dashboard + - traefik.http.routers.traefik-public-https.service=api@internal + # Use the "le" (Let's Encrypt) resolver created below + - traefik.http.routers.traefik-public-https.tls.certresolver=le + # Enable HTTP Basic auth, using the middleware created above + - traefik.http.routers.traefik-public-https.middlewares=admin-auth + # Define the port inside of the Docker service to use + - traefik.http.services.traefik-public.loadbalancer.server.port=8080 + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - traefik-public-certificates:/certificates + #- /opt/docker/traefik:/etc/traefik + command: + # Enable Docker in Traefik, so that it reads labels from Docker services + - --providers.docker + # Add a constraint to only use services with the label "traefik.constraint-label=traefik-public" + - --providers.docker.constraints=Label(`traefik.constraint-label`, `traefik-public`) + # Do not expose all Docker services, only the ones explicitly exposed + - --providers.docker.exposedbydefault=false + # Enable Docker Swarm mode + #- --providers.docker.swarmmode + # Create an entrypoint "http" listening on port 80 + - --entrypoints.http.address=:80 + # Create an entrypoint "https" listening on port 443 + - --entrypoints.https.address=:443 + # Create an entrypoint for SSH + - --entrypoints.ssh.address=:2222/tcp + # Create an entrypoint for DNS + #- --entrypoints.dns-tcp.address=:5353/tcp + # Create an entrypoint for DNS + #- --entrypoints.dns-udp.address=:5353/udp + # Create the certificate resolver "le" for Let's Encrypt, uses the environment variable EMAIL + - --certificatesresolvers.le.acme.email=info@hoffmann-hosting.de + # Store the Let's Encrypt certificates in the mounted volume + - --certificatesresolvers.le.acme.storage=/certificates/acme.json + # Use the TLS Challenge for Let's Encrypt + - --certificatesresolvers.le.acme.tlschallenge=true + # Enable the access log, with HTTP requests + - --accesslog + # Enable the Traefik log, for configurations and errors + - --log + # Enable the Dashboard and API + - --api + - --serverstransport.insecureskipverify=true + networks: + # Use the public network created to be shared between Traefik and + # any other service that needs to be publicly available with HTTPS + - traefik-public + +volumes: + traefik-public-certificates: + portainer_data: + +networks: + traefik-public: + driver: bridge + attachable: true \ No newline at end of file diff --git a/roles/21.1-portainer-compose/tasks/main.yml b/roles/21.1-portainer-compose/tasks/main.yml new file mode 100644 index 0000000..77cbaa2 --- /dev/null +++ b/roles/21.1-portainer-compose/tasks/main.yml @@ -0,0 +1,11 @@ +--- +- name: Create Docker Folder + ansible.builtin.file: + path: /opt/docker + state: directory + mode: '0755' + +- name: Copy Docker-Compose File + copy: + src: portainer.yml + dest: /opt/docker/docker-compose.yml \ No newline at end of file diff --git a/system-setup-unifi.yml b/system-setup-unifi.yml new file mode 100644 index 0000000..66e8554 --- /dev/null +++ b/system-setup-unifi.yml @@ -0,0 +1,16 @@ +# ansible-playbook -i hosts.yml system-setup-unifi.yml +- name: System preperation + hosts: service_server + roles: + - 00-ubuntu-basic + +- name: Docker Setup + hosts: unifi + roles: + - 21-docker + - 21.1-portainer-compose + +- name: Docker Setup + hosts: uisp + roles: + - 21-docker \ No newline at end of file