feat: nginx proxy manager

2025-10-12 17:32:07 -04:00
parent 8ca2011d77
commit 2401368316
13 changed files with 309 additions and 67 deletions
--- a/playbooks/deploy.yml
+++ b/playbooks/deploy.yml
@@ -0,0 +1,139 @@
+- name: Set up real host.
+  gather_facts: false
+  hosts: localhost
+  tags:
+    - deploy
+  vars_files:
+    - ../vault.yml
+    - ../dist/terraform_outputs.yml
+    - ../variables.yml
+  tasks:
+    - name: Add remote host.
+      ansible.builtin.add_host:
+        name: server
+        ansible_ssh_host: "{{ variables.proxy_host }}"
+
+- name: Set-up NAT.
+  gather_facts: false
+  hosts: server
+  vars_files:
+    - ../vault.yml
+    - ../dist/terraform_outputs.yml
+  tasks:
+    - name: Install PIP.
+      ansible.builtin.apt:
+        name:
+          - python3-pip
+          - ifupdown
+        state: present
+        update_cache: true
+
+    - name: Install needed packages.
+      ansible.builtin.pip:
+        name:
+          - botocore
+          - boto3
+          - packaging
+        state: present
+        break_system_packages: true
+
+    - name: Set-up the network interfaces.
+      ansible.builtin.blockinfile:
+        dest: /etc/network/interfaces
+        marker: "# NAT CONFIG {marker}"
+        content: |
+          auto eth0
+          iface eth0 inet dhcp
+              post-up echo 1 > /proc/sys/net/ipv4/ip_forward
+              post-up iptables -t nat -A POSTROUTING -s '{{ network_cidr.value }}' -o eth0 -j MASQUERADE
+
+- name: Install Docker.
+  gather_facts: true
+  hosts: server
+  vars_files:
+    - ../vault.yml
+    - ../dist/terraform_outputs.yml
+  tasks:
+    - name: Download Docker repository key.
+      ansible.builtin.apt_key:
+        url: https://download.docker.com/linux/debian/gpg
+        state: present
+
+    - name: Download Docker repository.
+      ansible.builtin.apt_repository:
+        repo: "deb https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
+        state: present
+
+    - name: Remove bad packages.
+      ansible.builtin.apt:
+        state: absent
+        package:
+          - docker.io
+          - docker-doc
+          - docker-compose
+          - podman-docker
+          - containerd
+          - runc
+
+    - name: Download Docker dependencies.
+      ansible.builtin.apt:
+        state: present
+        package:
+          - ca-certificates
+          - curl
+
+    - name: Download Docker packages.
+      ansible.builtin.apt:
+        state: present
+        update_cache: true
+        package:
+          - docker-ce
+          - docker-ce-cli
+          - containerd.io
+          - docker-buildx-plugin
+          - docker-compose-plugin
+
+- name: Set-up reverse proxy.
+  gather_facts: false
+  hosts: server
+  vars_files:
+    - ../vault.yml
+    - ../dist/terraform_outputs.yml
+  tasks:
+    - name: Set-up folders.
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        recurse: true
+      loop: [/root/data, /root/letsencrypt]
+
+    - name: Set-up manager.
+      community.docker.docker_container:
+        name: proxy-manager
+        image: 'jc21/nginx-proxy-manager:latest'
+        state: started
+        restart_policy: unless-stopped
+        ports: ['80:80', '443:443', '81:81']
+        labels: { docker-volume-backup.stop-during-backup: "true" }
+        volumes:
+          - /root/data:/data
+          - /root/letsencrypt:/etc/letsencrypt
+
+    - name: Run backup.
+      community.docker.docker_container:
+        name: proxy-backup
+        image: offen/docker-volume-backup:v2
+        state: started
+        restart_policy: unless-stopped
+        volumes:
+          - /root/data:/backup/data:ro
+          - /root/letsencrypt:/backup/letsencrypt:ro
+          - /var/run/docker.sock:/var/run/docker.sock:ro
+        env:
+          AWS_S3_BUCKET_NAME: "{{ secret.bucket.name }}"
+          AWS_S3_PATH: "{{ secret.bucket.key }}"
+          AWS_REGION: "{{ secret.bucket.region }}"
+          AWS_ACCESS_KEY_ID: "{{ secret.bucket.access_key }}"
+          AWS_SECRET_ACCESS_KEY: "{{ secret.bucket.secret_key }}"
+          AWS_ENDPOINT: "{{ secret.bucket.endpoint }}"
+          BACKUP_CRON_EXPRESSION: "0 0 * * *"
--- a/playbooks/deployment.yml
+++ b/playbooks/deployment.yml
@@ -1,30 +0,0 @@
- name: Deploy artifact to instance.
-  hosts: localhost
-  vars_files:
-    - ../config/proxy.json
-    - ../secrets/infrastructure.secret.json
-  vars:
-    ansible_connection: aws_ssm
-    ansible_python_interpreter: /usr/bin/python3
-    ansible_aws_ssm_plugin: "{{ ssm_plugin }}"
-    ansible_aws_ssm_bucket_name: "{{ image_bucket }}"
-    ansible_aws_ssm_instance_id: "{{ public_instance_id.value }}"
-
-    ansible_aws_ssm_region: "{{ aws_region }}"
-    ansible_aws_ssm_access_key_id: "{{ aws_access_key }}"
-    ansible_aws_ssm_secret_access_key: "{{ aws_secret_key }}"
-  tasks:
-    - name: Run image.
-      community.docker.docker_container:
-        name: server
-        image: "jc21/nginx-proxy-manager:latest"
-        state: started
-        recreate: true
-        restart_policy: always
-        ports: ["80:80", "443:443", "81:81", "22:22"]
-        env:
-          INITIAL_ADMIN_EMAIL: "{{ email }}"
-          INITIAL_ADMIN_PASSWORD: "{{ password }}"
-        volumes:
-          - ./data:/data
-          - ./letsencrypt:/etc/letsencrypt
--- a/playbooks/provision.yml
+++ b/playbooks/provision.yml
@@ -37,3 +37,23 @@
        content: "{{ terraform_apply.outputs }}"
        dest: ../dist/terraform_outputs.yml
        mode: '0755'
+
+
+- name: Update SSH config.
+  hosts: localhost
+  gather_facts: false
+  tags: hosts
+  vars_files:
+    - ../vault.yml
+    - ../dist/terraform_outputs.yml
+    - ../variables.yml
+  tasks:
+    - name: Add proxy host.
+      community.general.ssh_config:
+        host: "{{ variables.proxy_host }}"
+        hostname: "{{ proxy_ip.value }}"
+        remote_user: root
+        forward_agent: true
+        user: user
+        port: 22
+        identity_file: "{{ secret.private_ssh_key_path }}"