web/proxy
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
feat/use-hetzner
proxy/playbooks/deploy.yml
Max Hutz 2401368316 feat: nginx proxy manager
2025-10-12 17:32:07 -04:00

140 lines
3.8 KiB
YAML
Raw Permalink Blame History

- name: Set up real host.
gather_facts: false
hosts: localhost
tags:
- deploy
vars_files:
- ../vault.yml
- ../dist/terraform_outputs.yml
- ../variables.yml
tasks:
- name: Add remote host.
ansible.builtin.add_host:
name: server
ansible_ssh_host: "{{ variables.proxy_host }}"
- name: Set-up NAT.
gather_facts: false
hosts: server
vars_files:
- ../vault.yml
- ../dist/terraform_outputs.yml
tasks:
- name: Install PIP.
ansible.builtin.apt:
name:
- python3-pip
- ifupdown
state: present
update_cache: true
- name: Install needed packages.
ansible.builtin.pip:
name:
- botocore
- boto3
- packaging
state: present
break_system_packages: true
- name: Set-up the network interfaces.
ansible.builtin.blockinfile:
dest: /etc/network/interfaces
marker: "# NAT CONFIG {marker}"
content: |
auto eth0
iface eth0 inet dhcp
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '{{ network_cidr.value }}' -o eth0 -j MASQUERADE
- name: Install Docker.
gather_facts: true
hosts: server
vars_files:
- ../vault.yml
- ../dist/terraform_outputs.yml
tasks:
- name: Download Docker repository key.
ansible.builtin.apt_key:
url: https://download.docker.com/linux/debian/gpg
state: present
- name: Download Docker repository.
ansible.builtin.apt_repository:
repo: "deb https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
state: present
- name: Remove bad packages.
ansible.builtin.apt:
state: absent
package:
- docker.io
- docker-doc
- docker-compose
- podman-docker
- containerd
- runc
- name: Download Docker dependencies.
ansible.builtin.apt:
state: present
package:
- ca-certificates
- curl
- name: Download Docker packages.
ansible.builtin.apt:
state: present
update_cache: true
package:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin
- name: Set-up reverse proxy.
gather_facts: false
hosts: server
vars_files:
- ../vault.yml
- ../dist/terraform_outputs.yml
tasks:
- name: Set-up folders.
ansible.builtin.file:
path: "{{ item }}"
state: directory
recurse: true
loop: [/root/data, /root/letsencrypt]
- name: Set-up manager.
community.docker.docker_container:
name: proxy-manager
image: 'jc21/nginx-proxy-manager:latest'
state: started
restart_policy: unless-stopped
ports: ['80:80', '443:443', '81:81']
labels: { docker-volume-backup.stop-during-backup: "true" }
volumes:
- /root/data:/data
- /root/letsencrypt:/etc/letsencrypt
- name: Run backup.
community.docker.docker_container:
name: proxy-backup
image: offen/docker-volume-backup:v2
state: started
restart_policy: unless-stopped
volumes:
- /root/data:/backup/data:ro
- /root/letsencrypt:/backup/letsencrypt:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
env:
AWS_S3_BUCKET_NAME: "{{ secret.bucket.name }}"
AWS_S3_PATH: "{{ secret.bucket.key }}"
AWS_REGION: "{{ secret.bucket.region }}"
AWS_ACCESS_KEY_ID: "{{ secret.bucket.access_key }}"
AWS_SECRET_ACCESS_KEY: "{{ secret.bucket.secret_key }}"
AWS_ENDPOINT: "{{ secret.bucket.endpoint }}"
BACKUP_CRON_EXPRESSION: "0 0 * * *"
Reference in New Issue View Git Blame Copy Permalink