diff options
Diffstat (limited to 'playbooks/roles/nginx_proxy')
4 files changed, 135 insertions, 0 deletions
diff --git a/playbooks/roles/nginx_proxy/handlers/main.yml b/playbooks/roles/nginx_proxy/handlers/main.yml new file mode 100644 index 0000000..98486dc --- /dev/null +++ b/playbooks/roles/nginx_proxy/handlers/main.yml @@ -0,0 +1,9 @@ +--- + +- name: (Re)start nginx-proxy + ansible.builtin.service: + name: docker-compose@nginx-proxy + state: restarted + enabled: true + when: compose_mode is not defined or compose_mode != false + diff --git a/playbooks/roles/nginx_proxy/tasks/main.yml b/playbooks/roles/nginx_proxy/tasks/main.yml new file mode 100644 index 0000000..aa7f922 --- /dev/null +++ b/playbooks/roles/nginx_proxy/tasks/main.yml @@ -0,0 +1,13 @@ +--- + +- name: Deploy nginx-proxy + ansible.builtin.import_tasks: manage-docker-compose-service.yml + vars: + service_name: nginx-proxy + template_render_dir: "../templates" + service_destination_dir: "{{ nginx_proxy_base }}" + state: restarted +# can't rollout the nginx-proxy without a parent reverse proxy. which +# would need a reverse proxy to rollout. which would need a... yeah you +# get the idea. +# rollout_services: diff --git a/playbooks/roles/nginx_proxy/templates/docker-compose.yml b/playbooks/roles/nginx_proxy/templates/docker-compose.yml new file mode 100644 index 0000000..33b3243 --- /dev/null +++ b/playbooks/roles/nginx_proxy/templates/docker-compose.yml @@ -0,0 +1,58 @@ +--- + +services: + nginx-proxy: + image: nginxproxy/nginx-proxy + container_name: nginx-proxy + ports: + # http + - "80:80" + - "443:443" + # smtp + - "25:25" + - "465:465" + - "587:587" + # imap + - "993:993" + # sieve + - "4190:4190" + # src + - "2222:2222" + volumes: + - /var/run/docker.sock:/tmp/docker.sock:ro + - {{ nginx_proxy_base }}/certs:/etc/nginx/certs + - {{ nginx_proxy_base }}/toplevel.conf.d:/etc/nginx/toplevel.conf.d + environment: + - TZ={{ timezone }} + - DEPLOYMENT_TIME={{ deployment_time }} + - NO_COLOR=1 + - LOG_JSON=true + - TRUST_DOWNSTREAM_PROXY=false + networks: + - proxy + labels: + - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy + + nginx-acme-companion: + image: nginxproxy/acme-companion + depends_on: + - nginx-proxy + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - acme:/etc/acme.sh + - {{ nginx_proxy_base }}/certs:/etc/nginx/certs + environment: + - TZ={{ timezone }} + - DEPLOYMENT_TIME={{ deployment_time }} + - DEFAULT_EMAIL={{ certs_email }} + - ACME_CHALLENGE=DNS-01 + - "ACMESH_DNS_API_CONFIG={'DNS_API': 'dns_cf', 'CF_Key': '{{ cloudflare_token }}', 'CF_Email': '{{ cloudflare_email }}'}" + networks: + - proxy + +volumes: + acme: + +networks: + proxy: + name: proxy diff --git a/playbooks/roles/nginx_proxy/templates/toplevel.conf.d/stream.conf b/playbooks/roles/nginx_proxy/templates/toplevel.conf.d/stream.conf new file mode 100644 index 0000000..3e7c125 --- /dev/null +++ b/playbooks/roles/nginx_proxy/templates/toplevel.conf.d/stream.conf @@ -0,0 +1,55 @@ +{% if not homelab_build %} + +stream { + upstream imaps { + server {{ vpn_proxy_filter_container_name }}:993; + } + upstream smtps { + server {{ vpn_proxy_filter_container_name }}:465; + } + upstream smtptls { + server {{ vpn_proxy_filter_container_name }}:587; + } + upstream smtp { + server {{ vpn_proxy_filter_container_name }}:25; + } + upstream managesieve { + server {{ vpn_proxy_filter_container_name }}:4190; + } + + upstream src { + server {{ vpn_proxy_filter_container_name }}:2222; + } + + server { + listen 993; + proxy_pass imaps; + proxy_protocol on; + } + server { + listen 25; + proxy_pass smtp; + proxy_protocol on; + } + server { + listen 587; + proxy_pass smtptls; + proxy_protocol on; + } + server { + listen 465; + proxy_pass smtps; + proxy_protocol on; + } + server { + listen 4190; + proxy_pass managesieve; + proxy_protocol on; + } + server { + listen 2222; + proxy_pass src; + } +} + +{% endif %} |