nginx, gitea, pi-hole

2024-03-11 13:24:38 +01:00
parent ca2903d731
commit 55167e20fc
11 changed files with 226 additions and 70 deletions
--- a/roles/ansible-role-security/tasks/ssh.yml
+++ b/roles/ansible-role-security/tasks/ssh.yml
@@ -29,5 +29,7 @@
      line: "GSSAPIAuthentication {{ security_ssh_gss_api_authentication }}"
    - regexp: "^X11Forwarding"
      line: "X11Forwarding {{ security_ssh_x11_forwarding }}"
+    - regexp: "^ListenAddress"
+      line: "ListenAddress {{ ip_admin }}"
  notify: restart ssh

--- a/roles/docker_spin_up/tasks/dashboard_my_public.yml
+++ b/roles/docker_spin_up/tasks/dashboard_my_public.yml
@@ -0,0 +1,9 @@
+---
+- name: "{{ docker_name }}"
+  community.docker.docker_container:
+    name: "{{ docker_name }}"
+    image: ghcr.io/gethomepage/homepage:latest
+    ports:
+      - 3000:3000
+    volumes:
+      - "{{ docker_homepath }}/config:/app/config" # Make sure your local config directory exists
--- a/roles/docker_spin_up/tasks/gitea.yml
+++ b/roles/docker_spin_up/tasks/gitea.yml
@@ -0,0 +1,24 @@
+---
+- name: gitea
+  community.docker.docker_container:
+    image: gitea/gitea:1.19.3
+    name: gitea
+    env:
+      USER_UID: "1000"
+      USER_GID: "1000"
+      GITEA__database__DB_TYPE: "mysql"
+      GITEA__database__HOST: "{{ mysql_host}}:3306"
+      GITEA__database__NAME: "{{ GITEA__database__NAME }}"
+      GITEA__database__USER: "{{ GITEA__database__USER }}"
+      GITEA__database__PASSWD: "{{ GITEA__database__PASSWD }}" 
+      ROOT_URL: "http://pi-vpn:8082/"
+    restart_policy: always
+    networks:
+      - name: http
+    volumes:
+      - "{{ docker_homepath }}/gitea:/data"
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+    #  - "8082:3000"
+      - "222:22"
--- a/roles/docker_spin_up/tasks/nextcloud.yml
+++ b/roles/docker_spin_up/tasks/nextcloud.yml
@@ -0,0 +1,19 @@
+---
+- name: nextcloud
+  community.docker.docker_container:
+    name: nextcloud
+    image: nextcloud:26.0-fpm
+    restart_policy: always
+#    ports:
+#      - 8080:80
+    volumes:
+      - "{{ docker_homepath }}/nextcloud_nextcloud_1/_data:/var/www/html"
+    env:
+      MYSQL_PASSWORD: "{{ NEXTCLOUD_MYSQL_PASSWORD }}"
+      MYSQL_DATABASE: "{{ NEXTCLOUD_MYSQL_DATABASE }}"
+      MYSQL_USER: "{{ NEXTCLOUD_MYSQL_USER }}"
+      MYSQL_HOST: "{{ mysql_host }}"
+      PHP_MEMORY_LIMIT: 2G
+      PHP_UPLOAD_LIMIT: 10G
+    networks:
+      - name: http
--- a/roles/docker_spin_up/tasks/nginx.yml
+++ b/roles/docker_spin_up/tasks/nginx.yml
@@ -6,10 +6,11 @@
    restart_policy: unless-stopped
    ports:
      - '80:80'
-      - '81:81'
+      - "{{ ip_admin }}:81:81"
      - '443:443'
    volumes:
      - "{{ docker_homepath }}/data:/data"
      - "{{ docker_homepath }}/letsencrypt:/etc/letsencrypt"
+      - "/bigpool/nextcloud/nextcloud_nextcloud_1/_data/:/var/www/html:ro"
    networks:
      - name: http
--- a/roles/docker_spin_up/tasks/pi-hole.yml
+++ b/roles/docker_spin_up/tasks/pi-hole.yml
@@ -0,0 +1,20 @@
+- name: pi-hole
+  community.docker.docker_container:
+    name: pi-hole
+    image: pihole/pihole:latest
+    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+      # - "8092:80/tcp"
+    env:
+      TZ: 'Europe/Prague'
+      WEBPASSWORD: "{{ password }}" 
+    # Volumes store your data between container upgrades
+    volumes:
+      - "{{ docker_homepath }}/etc-pihole:/etc/pihole"
+      - "{{ docker_homepath }}/etc-dnsmasq.d:/etc/dnsmasq.d"
+    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
+    restart_policy: unless-stopped
+    networks:
+      - name: http
--- a/roles/linux_config_init/tasks/main.yml
+++ b/roles/linux_config_init/tasks/main.yml
@@ -7,7 +7,7 @@
     - hostname_set.yml
     - git.yml
 #     - create_user.yml
-     - set_perma_ip.yml
+#     - set_perma_ip.yml
     - bashrc_copy.yml
     - timezone.yml

--- a/roles/linux_config_init/templates/etc_network_interface
+++ b/roles/linux_config_init/templates/etc_network_interface
@@ -4,7 +4,9 @@ iface lo inet loopback
 auto {{ in_face }}
 iface {{ in_face }} inet static
 address {{ ip }}/24
+
+iface {{ in_face }} inet static
+address {{ ip_admin }}/24
+
 gateway 192.168.5.1
-
-
 source /etc/network/interfaces.d/*