feat: nginx proxy manager

playbooks/deploy.yml

@@ -0,0 +1,139 @@
+- name: Set up real host.
+  gather_facts: false
+  hosts: localhost
+  tags:
+    - deploy
+  vars_files:
+    - ../vault.yml
+    - ../dist/terraform_outputs.yml
+    - ../variables.yml
+  tasks:
+    - name: Add remote host.
+      ansible.builtin.add_host:
+        name: server
+        ansible_ssh_host: "{{ variables.proxy_host }}"
+
+- name: Set-up NAT.
+  gather_facts: false
+  hosts: server
+  vars_files:
+    - ../vault.yml
+    - ../dist/terraform_outputs.yml
+  tasks:
+    - name: Install PIP.
+      ansible.builtin.apt:
+        name:
+          - python3-pip
+          - ifupdown
+        state: present
+        update_cache: true
+
+    - name: Install needed packages.
+      ansible.builtin.pip:
+        name:
+          - botocore
+          - boto3
+          - packaging
+        state: present
+        break_system_packages: true
+
+    - name: Set-up the network interfaces.
+      ansible.builtin.blockinfile:
+        dest: /etc/network/interfaces
+        marker: "# NAT CONFIG {marker}"
+        content: |
+          auto eth0
+          iface eth0 inet dhcp
+              post-up echo 1 > /proc/sys/net/ipv4/ip_forward
+              post-up iptables -t nat -A POSTROUTING -s '{{ network_cidr.value }}' -o eth0 -j MASQUERADE
+
+- name: Install Docker.
+  gather_facts: true
+  hosts: server
+  vars_files:
+    - ../vault.yml
+    - ../dist/terraform_outputs.yml
+  tasks:
+    - name: Download Docker repository key.
+      ansible.builtin.apt_key:
+        url: https://download.docker.com/linux/debian/gpg
+        state: present
+
+    - name: Download Docker repository.
+      ansible.builtin.apt_repository:
+        repo: "deb https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
+        state: present
+
+    - name: Remove bad packages.
+      ansible.builtin.apt:
+        state: absent
+        package:
+          - docker.io
+          - docker-doc
+          - docker-compose
+          - podman-docker
+          - containerd
+          - runc
+
+    - name: Download Docker dependencies.
+      ansible.builtin.apt:
+        state: present
+        package:
+          - ca-certificates
+          - curl
+
+    - name: Download Docker packages.
+      ansible.builtin.apt:
+        state: present
+        update_cache: true
+        package:
+          - docker-ce
+          - docker-ce-cli
+          - containerd.io
+          - docker-buildx-plugin
+          - docker-compose-plugin
+
+- name: Set-up reverse proxy.
+  gather_facts: false
+  hosts: server
+  vars_files:
+    - ../vault.yml
+    - ../dist/terraform_outputs.yml
+  tasks:
+    - name: Set-up folders.
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        recurse: true
+      loop: [/root/data, /root/letsencrypt]
+
+    - name: Set-up manager.
+      community.docker.docker_container:
+        name: proxy-manager
+        image: 'jc21/nginx-proxy-manager:latest'
+        state: started
+        restart_policy: unless-stopped
+        ports: ['80:80', '443:443', '81:81']
+        labels: { docker-volume-backup.stop-during-backup: "true" }
+        volumes:
+          - /root/data:/data
+          - /root/letsencrypt:/etc/letsencrypt
+
+    - name: Run backup.
+      community.docker.docker_container:
+        name: proxy-backup
+        image: offen/docker-volume-backup:v2
+        state: started
+        restart_policy: unless-stopped
+        volumes:
+          - /root/data:/backup/data:ro
+          - /root/letsencrypt:/backup/letsencrypt:ro
+          - /var/run/docker.sock:/var/run/docker.sock:ro
+        env:
+          AWS_S3_BUCKET_NAME: "{{ secret.bucket.name }}"
+          AWS_S3_PATH: "{{ secret.bucket.key }}"
+          AWS_REGION: "{{ secret.bucket.region }}"
+          AWS_ACCESS_KEY_ID: "{{ secret.bucket.access_key }}"
+          AWS_SECRET_ACCESS_KEY: "{{ secret.bucket.secret_key }}"
+          AWS_ENDPOINT: "{{ secret.bucket.endpoint }}"
+          BACKUP_CRON_EXPRESSION: "0 0 * * *"