From 7aa170c8a3bf8ef370fd4597353a91b6be94aefd Mon Sep 17 00:00:00 2001 From: David Stephens Date: Thu, 11 Apr 2019 23:03:11 +0100 Subject: [PATCH] Allow all applications to be made available through Traefik, add docs --- docs/applications/traefik.md | 7 ++- docs/configuration/external_access.md | 37 +++++++++++++++ docs/configuration/router_confiiguration.md | 5 --- group_vars/all.yml.dist | 50 +++++++++++++++++---- tasks/airsonic.yml | 6 +-- tasks/cloudflare_ddns.yml | 1 + tasks/couchpotato.yml | 7 ++- tasks/duplicati.yml | 5 +++ tasks/emby.yml | 5 +++ tasks/gitea.yml | 5 +++ tasks/glances.yml | 5 +++ tasks/guacamole.yml | 6 +-- tasks/heimdall.yml | 5 +++ tasks/jackett.yml | 7 ++- tasks/miniflux.yml | 5 +++ tasks/netdata.yml | 5 +++ tasks/nextcloud.yml | 6 +-- tasks/plex.yml | 5 +++ tasks/portainer.yml | 5 +++ tasks/radarr.yml | 5 +++ tasks/sickrage.yml | 7 ++- tasks/sonarr.yml | 5 +++ tasks/stats.yml | 7 ++- tasks/tautulli.yml | 5 +++ tasks/transmission.yml | 6 ++- tasks/transmission_with_openvpn.yml | 5 +++ tasks/znc.yml | 5 +++ templates/traefik/traefik.toml | 8 ++-- tests/test.yml | 43 +++++++++++++++--- 29 files changed, 235 insertions(+), 38 deletions(-) create mode 100644 docs/configuration/external_access.md delete mode 100644 docs/configuration/router_confiiguration.md diff --git a/docs/applications/traefik.md b/docs/applications/traefik.md index 0c68c597..344aea8f 100644 --- a/docs/applications/traefik.md +++ b/docs/applications/traefik.md @@ -4,6 +4,11 @@ Homepage: [https://traefik.io](https://traefik.io) Traefik is used to provide external access to your Ansible-NAS box. Additionally, Traefik will automatically request and renew SSL certificates for you. +You can configure which applications are available externally by enabling the `_available_externally` setting +for each application in the Advanced Settings section of your `all.yml`. + +See [External Access](configuration/external_access) for more info. + ## Usage Set `traefik_enabled: true` in your `group_vars/all.yml` file. @@ -12,4 +17,4 @@ Traefik's web interface can be found at http://ansible_nas_host_or_ip:8083. ## Specific Configuration -You'll need to map port 80 and 443 from your router to your Ansible-NAS box. A quick search should reveal instruction for your model of router. \ No newline at end of file +You'll need to map port 80 and 443 from your router to your Ansible-NAS box. A quick search should reveal instruction for your model of router. diff --git a/docs/configuration/external_access.md b/docs/configuration/external_access.md new file mode 100644 index 00000000..9daba0bd --- /dev/null +++ b/docs/configuration/external_access.md @@ -0,0 +1,37 @@ +# External Access + +There are a number of steps required to enable external access to the applications running on your NAS: + +- Enable Traefik +- Domain name and DNS configuration +- Router configuration +- Enable specific applications for external access + +## :skull: :skull: :skull: Warning! :skull: :skull: :skull: + +Enabling access to applications externally **does not** automatically secure them. If you can access an application from within your own network without a username and password, this will also be the case externally. + +It is your responsiblity to ensure that applications you enable external access to are secured appropriately! + +## Enable Traefik + +Traefik routes traffic from ports 80 (HTTP) and 443 (HTTPS) on your Ansible-NAS box to the relevant application, based on hostname. + +Simply set `traefik_enabled: true` in your `all.yml`. By default it listens on ports 80 and 443, but doesn't route any traffic. + +## Domain Name and DNS Configuration + +Set `ansible_nas_domain` to the domain name you want to use for your Ansible-NAS. You'll need somewhere to host the DNS for that domain - Cloudflare is a good free solution. Once you have an account and Cloudflare is hosting the DNS for your domain, create a wildcard DNS entry (`*.myawesomedomain.com`) and set it to your current IP address. + +You then need to enable the Cloudflare Dynamic DNS container (`cloudflare_ddns_enabled: true`) so the wildcard DNS entry for your +domain name is updated if/when your ISP issues you a new IP address. + +## Router Configuration + +You need to map ports 80 and 443 from your router to your Ansible-NAS box. + +How to do this is entirely dependent on your router (and out of scope of these docs), but if you're using Ansible-NAS then this should be within your skillset. :) + +## Enable Specific Applications + +Every application has a `_available_externally` setting in the Advanced Settings section of `all.yml`. Setting this to `true` will configure Traefik to route `.yourdomain.com` to the application, making it available externally. diff --git a/docs/configuration/router_confiiguration.md b/docs/configuration/router_confiiguration.md deleted file mode 100644 index 1b6b9f42..00000000 --- a/docs/configuration/router_confiiguration.md +++ /dev/null @@ -1,5 +0,0 @@ -# Router Configuration - -If you want to make certain Ansible-NAS applications available outside of your home (for example Nextcloud), then you need to map ports 80 and 443 from your router to your Ansible-NAS box. - -How to do this is entirely dependent on your router (and out of scope of these docs), but if you're using Ansible-NAS then this should be within your skillset. :) \ No newline at end of file diff --git a/group_vars/all.yml.dist b/group_vars/all.yml.dist index e15dfa71..f6872951 100644 --- a/group_vars/all.yml.dist +++ b/group_vars/all.yml.dist @@ -4,9 +4,10 @@ # Set these options to true or false to toggle specific features # External Access -# Traefik will allow access to certain applications externally. To enable this you'll need a domain name that points to your -# home static IP address, cloudflare with the cloudflare_ddns dynamic DNS container enabled, or use a dynamic DNS provider like no-ip. -# You'll also need to map ports 80 and 443 from your router to your ansible-nas server. +# Traefik will allow access to certain applications externally. To enable this you'll either; a domain name that points to your +# home static IP address, the cloudflare with the cloudflare_ddns dynamic DNS container enabled, or use a dynamic DNS provider like no-ip. +# You'll also need to map ports 80 and 443 from your router to your ansible-nas server, then enable the per-app "availble_externally" +# settings. traefik_enabled: false # BitTorrent @@ -196,20 +197,21 @@ samba_shares: # set the options below. # Your domain name -cloudflare_zone: awesomedomain.com +cloudflare_zone: "{{ ansible_nas_domain }}" # The hostname you want the container to update. You shouldn't need to change this. cloudflare_host: "*.{{ cloudflare_zone }}" # Email address used to register for Cloudflare -cloudflare_email: dave@awesomedomain.com +cloudflare_email: "{{ ansible_nas_email }}" # Cloudflare 'Global API Key', can be found on the 'My Profile' page cloudflare_api_key: abcdeabcdeabcdeabcde1234512345 -################################################################## -###### You shouldn't need to edit anything below this point ###### -################################################################## +###################################################################################### +###### Advanced Settings ###### +###### Ensure you know what you're doing before getting stuck in down here 8-) ###### +###################################################################################### ### ### General @@ -244,18 +246,22 @@ samba_netbios_name: "{{ ansible_nas_hostname }}" ### ### Traefik ### -traefik_docker_image: traefik:1.7 +traefik_docker_image: traefik:latest traefik_data_directory: "{{ docker_home }}/traefik" +traefik_debug: "false" ### ### Heimdall ### +heimdall_available_externally: "false" heimdall_docker_image: linuxserver/heimdall:latest heimdall_data_directory: "{{ docker_home }}/heimdall" ### ### Transmission ### +transmission_available_externally: "false" +transmission_with_openvpn_available_externally: "false" transmission_config_directory: "{{ docker_home }}/transmission/config" transmission_download_directory: "{{ downloads_root }}" transmission_watch_directory: "{{ torrents_root }}" @@ -267,6 +273,7 @@ transmission_local_network: "192.168.1.0/24" ### ### Plex ### +plex_available_externally: "false" plex_config_directory: "{{ docker_home }}/plex/config" plex_movies_directory: "{{ movies_root }}" plex_tv_directory: "{{ tv_root }}" @@ -276,6 +283,7 @@ plex_group_id: 0 ### ### Emby ### +emby_available_externally: "false" emby_config_directory: "{{ docker_home }}/emby/config" emby_movies_directory: "{{ movies_root }}" emby_tv_directory: "{{ tv_root }}" @@ -285,6 +293,7 @@ emby_group_id: 0 ### ### Tautulli ### +tautulli_available_externally: "false" tautulli_config_directory: "{{ docker_home }}/tautulli/config" tautulli_user_id: 0 tautulli_group_id: 0 @@ -293,12 +302,14 @@ tautulli_group_id: 0 ### ### Duplicati ### +duplicati_available_externally: "false" duplicati_data_directory: "{{ docker_home }}/duplicati/config" ### ### Sonarr ### +sonarr_available_externally: "false" sonarr_data_directory: "{{ docker_home }}/sonarr/config" sonarr_tv_directory: "{{ tv_root }}" sonarr_download_directory: "{{ downloads_root }}" @@ -309,6 +320,7 @@ sonarr_group_id: 0 ### ### Radarr ### +radarr_available_externally: "false" radarr_movies_directory: "{{ movies_root }}" radarr_download_directory: "{{ downloads_root }}" radarr_data_directory: "{{ docker_home }}/radarr" @@ -319,6 +331,7 @@ radarr_group_id: 0 ### ### Couchpotato ### +couchpotato_available_externally: "false" couchpotato_config_directory: "{{ docker_home }}/couchpotato/config" couchpotato_movies_directory: "{{ movies_root }}" couchpotato_downloads_directory: "{{ downloads_root }}" @@ -330,12 +343,17 @@ couchpotato_group_id: 0 ### ### Sickrage ### +sickrage_available_externally: "false" sickrage_config_directory: "{{ docker_home }}/sickrage/config" sickrage_tv_directory: "{{ tv_root }}" sickrage_downloads_directory: "{{ downloads_root }}" sickrage_user_id: 0 sickrage_group_id: 0 +### +### Netdata +### +netdata_available_externally: "false" ### ### OpenVPN @@ -346,12 +364,14 @@ openvpn_config_directory: "{{ docker_home }}/openvpn" ### ### Portainer ### +portainer_available_externally: "false" portainer_data_directory: "{{ docker_home }}/portainer/config" ### ### ZNC ### +znc_available_externally: "false" znc_data_directory: "{{ docker_home }}/znc" znc_user_id: 0 znc_group_id: 0 @@ -360,6 +380,7 @@ znc_group_id: 0 ### ### Stats ### +grafana_available_externally: "false" telegraf_data_directory: "{{ docker_home }}/telegraf" influxdb_data_directory: "{{ docker_home }}/influxdb" grafana_data_directory: "{{ docker_home }}/grafana" @@ -368,11 +389,18 @@ stat_collection_interval: 15s ### ### Gitea ### +gitea_available_externally: "false" gitea_data_directory: "{{ docker_home }}/gitea" +### +### Glances +### +glances_available_externally: "false" + ### ### Nextcloud ### +nextcloud_available_externally: "false" nextcloud_data_directory: "{{ docker_home }}/nextcloud" ### @@ -383,6 +411,7 @@ nginx_data_directory: "{{ docker_home }}/nginx" ### ### Guacamole ### +guacamole_available_externally: "false" guacamole_docker_image: guacamole/guacamole:0.9.14 guacamole_guacd_docker_image: guacamole/guacd:0.9.14 guacamole_data_directory: "{{ docker_home }}/guacamole" @@ -390,6 +419,7 @@ guacamole_data_directory: "{{ docker_home }}/guacamole" ### ### Miniflux ### +miniflux_available_externally: "false" miniflux_data_directory: "{{ docker_home }}/miniflux" miniflux_admin_username: admin miniflux_admin_password: supersecure @@ -397,6 +427,7 @@ miniflux_admin_password: supersecure ### ### Airsonic ### +airsonic_available_externally: "false" airsonic_data_directory: "{{ docker_home }}/airsonic" ### @@ -448,4 +479,5 @@ mymediaforalexa_data_directory: "{{ docker_home }}/mymediaforalexa" ### ### jackett ### +jackett_available_externally: "false" jackett_data_directory: "{{ docker_home }}/jackett" diff --git a/tasks/airsonic.yml b/tasks/airsonic.yml index 9bd7c70a..c28bbf57 100644 --- a/tasks/airsonic.yml +++ b/tasks/airsonic.yml @@ -20,11 +20,11 @@ - "{{ samba_shares_root }}/podcasts:/airsonic/podcasts:rw" ports: - "4040:4040" + restart_policy: unless-stopped + memory: 1g labels: traefik.backend: "airsonic" traefik.frontend.rule: "Host:airsonic.{{ ansible_nas_domain }}" - traefik.enable: "true" + traefik.enable: "{{ airsonic_available_externally }}" traefik.port: "4040" - restart_policy: unless-stopped - memory: 1g diff --git a/tasks/cloudflare_ddns.yml b/tasks/cloudflare_ddns.yml index 06930f4b..77650b0a 100644 --- a/tasks/cloudflare_ddns.yml +++ b/tasks/cloudflare_ddns.yml @@ -8,6 +8,7 @@ HOST: "{{ cloudflare_host }}" EMAIL: "{{ cloudflare_email }}" API: "{{ cloudflare_api_key }}" + PROXY: "false" restart_policy: unless-stopped memory: 512MB diff --git a/tasks/couchpotato.yml b/tasks/couchpotato.yml index f87d9cff..04dacb7b 100644 --- a/tasks/couchpotato.yml +++ b/tasks/couchpotato.yml @@ -24,4 +24,9 @@ PUID: "{{ couchpotato_user_id }}" PGID: "{{ couchpotato_group_id }}" restart_policy: unless-stopped - memory: 1g \ No newline at end of file + memory: 1g + labels: + traefik.backend: "couchpotato" + traefik.frontend.rule: "Host:couchpotato.{{ ansible_nas_domain }}" + traefik.enable: "{{ couchpotato_available_externally }}" + traefik.port: "5050" \ No newline at end of file diff --git a/tasks/duplicati.yml b/tasks/duplicati.yml index 325278e9..3b6145e2 100644 --- a/tasks/duplicati.yml +++ b/tasks/duplicati.yml @@ -20,3 +20,8 @@ - "/etc/timezone:/etc/timezone:ro" restart_policy: unless-stopped memory: 1g + labels: + traefik.backend: "duplicati" + traefik.frontend.rule: "Host:duplicati.{{ ansible_nas_domain }}" + traefik.enable: "{{ duplicati_available_externally }}" + traefik.port: "8200" diff --git a/tasks/emby.yml b/tasks/emby.yml index 6e73ad12..eb31130e 100644 --- a/tasks/emby.yml +++ b/tasks/emby.yml @@ -24,3 +24,8 @@ PGID: "{{ emby_group_id }}" restart_policy: unless-stopped memory: 1g + labels: + traefik.backend: "emby" + traefik.frontend.rule: "Host:emby.{{ ansible_nas_domain }}" + traefik.enable: "{{ emby_available_externally }}" + traefik.port: "8096" diff --git a/tasks/gitea.yml b/tasks/gitea.yml index 176213c8..fb1a43cd 100644 --- a/tasks/gitea.yml +++ b/tasks/gitea.yml @@ -67,3 +67,8 @@ USER_GID: 1309 restart_policy: unless-stopped memory: 1g + labels: + traefik.backend: "gitea" + traefik.frontend.rule: "Host:gitea.{{ ansible_nas_domain }}" + traefik.enable: "{{ gitea_available_externally }}" + traefik.port: "3000" diff --git a/tasks/glances.yml b/tasks/glances.yml index 3c5accb2..8e3808c2 100644 --- a/tasks/glances.yml +++ b/tasks/glances.yml @@ -16,3 +16,8 @@ GLANCES_OPT: "-w" restart_policy: unless-stopped memory: 1g + labels: + traefik.backend: "glances" + traefik.frontend.rule: "Host:glances.{{ ansible_nas_domain }}" + traefik.enable: "{{ glances_available_externally }}" + traefik.port: "61208" diff --git a/tasks/guacamole.yml b/tasks/guacamole.yml index ce1205e4..d382157d 100644 --- a/tasks/guacamole.yml +++ b/tasks/guacamole.yml @@ -49,10 +49,10 @@ MYSQL_DATABASE: guacamole MYSQL_USER: guacamole-user MYSQL_PASSWORD: guacamole-pass + restart_policy: unless-stopped + memory: 1g labels: traefik.backend: "guacamole" traefik.frontend.rule: "Host:guacamole.{{ ansible_nas_domain }}" - traefik.enable: "true" + traefik.enable: "{{ guacamole_available_externally }}" traefik.port: "8080" - restart_policy: unless-stopped - memory: 1g diff --git a/tasks/heimdall.yml b/tasks/heimdall.yml index 303f6e92..82889e6f 100644 --- a/tasks/heimdall.yml +++ b/tasks/heimdall.yml @@ -40,3 +40,8 @@ - "10443:443" restart_policy: unless-stopped memory: 1g + labels: + traefik.backend: "heimdall" + traefik.frontend.rule: "Host:heimdall.{{ ansible_nas_domain }}" + traefik.enable: "{{ heimdall_available_externally }}" + traefik.port: "80" diff --git a/tasks/jackett.yml b/tasks/jackett.yml index 892de250..02c09e9f 100644 --- a/tasks/jackett.yml +++ b/tasks/jackett.yml @@ -18,4 +18,9 @@ - "9117:9117" env: TZ: "{{ ansible_nas_timezone }}" - restart_policy: unless-stopped \ No newline at end of file + restart_policy: unless-stopped + labels: + traefik.backend: "jackett" + traefik.frontend.rule: "Host:jackett.{{ ansible_nas_domain }}" + traefik.enable: "{{ jackett_available_externally }}" + traefik.port: "9117" \ No newline at end of file diff --git a/tasks/miniflux.yml b/tasks/miniflux.yml index f0783aad..31ac4a36 100644 --- a/tasks/miniflux.yml +++ b/tasks/miniflux.yml @@ -35,3 +35,8 @@ ADMIN_PASSWORD: "{{ miniflux_admin_password }}" restart_policy: unless-stopped memory: 1g + labels: + traefik.backend: "miniflux" + traefik.frontend.rule: "Host:miniflux.{{ ansible_nas_domain }}" + traefik.enable: "{{ miniflux_available_externally }}" + traefik.port: "8080" diff --git a/tasks/netdata.yml b/tasks/netdata.yml index 4dda6a1c..d4c7a5c8 100644 --- a/tasks/netdata.yml +++ b/tasks/netdata.yml @@ -25,3 +25,8 @@ - apparmor:unconfined restart_policy: unless-stopped memory: 1g + labels: + traefik.backend: "netdata" + traefik.frontend.rule: "Host:netdata.{{ ansible_nas_domain }}" + traefik.enable: "{{ netdata_available_externally }}" + traefik.port: "19999" \ No newline at end of file diff --git a/tasks/nextcloud.yml b/tasks/nextcloud.yml index 5e7ed2bb..e7c29215 100644 --- a/tasks/nextcloud.yml +++ b/tasks/nextcloud.yml @@ -38,10 +38,10 @@ MYSQL_DATABASE: nextcloud MYSQL_USER: nextcloud-user MYSQL_PASSWORD: nextcloud-pass + restart_policy: unless-stopped + memory: 1g labels: traefik.backend: "nextcloud" traefik.frontend.rule: "Host:nextcloud.{{ ansible_nas_domain }}" - traefik.enable: "true" + traefik.enable: "{{ nextcloud_available_externally }}" traefik.port: "80" - restart_policy: unless-stopped - memory: 1g diff --git a/tasks/plex.yml b/tasks/plex.yml index 7c30efe0..b43c2631 100644 --- a/tasks/plex.yml +++ b/tasks/plex.yml @@ -22,3 +22,8 @@ PGID: "{{ plex_group_id }}" restart_policy: unless-stopped memory: 1g + labels: + traefik.backend: "plex" + traefik.frontend.rule: "Host:plex.{{ ansible_nas_domain }}" + traefik.enable: "{{ plex_available_externally }}" + traefik.port: "32400" diff --git a/tasks/portainer.yml b/tasks/portainer.yml index bb072c9d..3ac0bf39 100644 --- a/tasks/portainer.yml +++ b/tasks/portainer.yml @@ -19,4 +19,9 @@ - "9000:9000" restart_policy: unless-stopped memory: 1g + labels: + traefik.backend: "portainer" + traefik.frontend.rule: "Host:portainer.{{ ansible_nas_domain }}" + traefik.enable: "{{ portainer_available_externally }}" + traefik.port: "9000" diff --git a/tasks/radarr.yml b/tasks/radarr.yml index 4c973762..18876e45 100644 --- a/tasks/radarr.yml +++ b/tasks/radarr.yml @@ -23,3 +23,8 @@ PGID: "{{ radarr_group_id }}" restart_policy: unless-stopped memory: 1g + labels: + traefik.backend: "radarr" + traefik.frontend.rule: "Host:radarr.{{ ansible_nas_domain }}" + traefik.enable: "{{ radarr_available_externally }}" + traefik.port: "7878" \ No newline at end of file diff --git a/tasks/sickrage.yml b/tasks/sickrage.yml index bdb26fd8..ae4e79a3 100644 --- a/tasks/sickrage.yml +++ b/tasks/sickrage.yml @@ -23,4 +23,9 @@ PUID: "{{ sickrage_user_id }}" PGID: "{{ sickrage_group_id }}" restart_policy: unless-stopped - memory: 1g \ No newline at end of file + memory: 1g + labels: + traefik.backend: "sickrage" + traefik.frontend.rule: "Host:sickrage.{{ ansible_nas_domain }}" + traefik.enable: "{{ sickrage_available_externally }}" + traefik.port: "8081" \ No newline at end of file diff --git a/tasks/sonarr.yml b/tasks/sonarr.yml index bbe7bfc6..40d2858a 100644 --- a/tasks/sonarr.yml +++ b/tasks/sonarr.yml @@ -23,3 +23,8 @@ PGID: "{{ sonarr_group_id }}" restart_policy: unless-stopped memory: 1g + labels: + traefik.backend: "sonarr" + traefik.frontend.rule: "Host:sonarr.{{ ansible_nas_domain }}" + traefik.enable: "{{ sonarr_available_externally }}" + traefik.port: "8989" \ No newline at end of file diff --git a/tasks/stats.yml b/tasks/stats.yml index f18576ed..7dc7dc47 100644 --- a/tasks/stats.yml +++ b/tasks/stats.yml @@ -64,4 +64,9 @@ ports: - "3000:3000" restart_policy: unless-stopped - memory: 1g \ No newline at end of file + memory: 1g + labels: + traefik.backend: "grafana" + traefik.frontend.rule: "Host:grafana.{{ ansible_nas_domain }}" + traefik.enable: "{{ grafana_available_externally }}" + traefik.port: "3000" \ No newline at end of file diff --git a/tasks/tautulli.yml b/tasks/tautulli.yml index 29ba4be7..aa793cb4 100644 --- a/tasks/tautulli.yml +++ b/tasks/tautulli.yml @@ -20,3 +20,8 @@ PGID: "{{ tautulli_group_id }}" restart_policy: unless-stopped memory: 1g + labels: + traefik.backend: "tautulli" + traefik.frontend.rule: "Host:tautulli.{{ ansible_nas_domain }}" + traefik.enable: "{{ tautulli_available_externally }}" + traefik.port: "8181" \ No newline at end of file diff --git a/tasks/transmission.yml b/tasks/transmission.yml index f45d6c65..16c08ee6 100644 --- a/tasks/transmission.yml +++ b/tasks/transmission.yml @@ -27,4 +27,8 @@ PGID: "{{ transmission_group_id }}" restart_policy: unless-stopped memory: 1g - + labels: + traefik.backend: "transmission" + traefik.frontend.rule: "Host:transmission.{{ ansible_nas_domain }}" + traefik.enable: "{{ transmission_available_externally }}" + traefik.port: "9091" diff --git a/tasks/transmission_with_openvpn.yml b/tasks/transmission_with_openvpn.yml index 7f6a5245..47f34742 100644 --- a/tasks/transmission_with_openvpn.yml +++ b/tasks/transmission_with_openvpn.yml @@ -45,3 +45,8 @@ - NET_ADMIN restart_policy: unless-stopped memory: 1g + labels: + traefik.backend: "transmission-openvpn" + traefik.frontend.rule: "Host:transmission-openvpn.{{ ansible_nas_domain }}" + traefik.enable: "{{ transmission_with_openvpn_available_externally }}" + traefik.port: "9091" \ No newline at end of file diff --git a/tasks/znc.yml b/tasks/znc.yml index 7c0119dc..2b5b5c09 100644 --- a/tasks/znc.yml +++ b/tasks/znc.yml @@ -21,3 +21,8 @@ PGID: "{{ znc_group_id }}" restart_policy: unless-stopped memory: 1g + labels: + traefik.backend: "znc" + traefik.frontend.rule: "Host:znc.{{ ansible_nas_domain }}" + traefik.enable: "{{ znc_available_externally }}" + traefik.port: "6677" \ No newline at end of file diff --git a/templates/traefik/traefik.toml b/templates/traefik/traefik.toml index 69eba793..bb080781 100644 --- a/templates/traefik/traefik.toml +++ b/templates/traefik/traefik.toml @@ -7,7 +7,7 @@ # Optional # Default: false # -debug = false +debug = {{ traefik_debug }} # Log level # @@ -37,7 +37,7 @@ defaultEntryPoints = ["http", "https"] [entryPoints.https] address = ":443" [entryPoints.https.tls] - + [entryPoints.traefik] address = ":8083" @@ -171,7 +171,7 @@ onDemand = false # create certificate when container is created # [acme.httpChallenge] # entryPoint = "http" - + [acme.tlsChallenge] [[acme.domains]] @@ -188,6 +188,7 @@ onDemand = false # create certificate when container is created "grafana.{{ ansible_nas_domain }}", "guacamole.{{ ansible_nas_domain }}", "heimdall.{{ ansible_nas_domain }}", + "jackett.{{ ansible_nas_domain }}", "miniflux.{{ ansible_nas_domain }}", "netdata.{{ ansible_nas_domain }}", "nextcloud.{{ ansible_nas_domain }}", @@ -198,4 +199,5 @@ onDemand = false # create certificate when container is created "sonarr.{{ ansible_nas_domain }}", "tautulli.{{ ansible_nas_domain }}", "transmission.{{ ansible_nas_domain }}", + "transmission-openvpn.{{ ansible_nas_domain }}", "znc.{{ ansible_nas_domain }}"] \ No newline at end of file diff --git a/tests/test.yml b/tests/test.yml index a9a8f3f2..ef10c35c 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -207,15 +207,16 @@ cloudflare_email: dave@awesomedomain.com # Cloudflare 'Global API Key', can be found on the 'My Profile' page cloudflare_api_key: abcdeabcdeabcdeabcde1234512345 -################################################################## -###### You shouldn't need to edit anything below this point ###### -################################################################## +###################################################################################### +###### Advanced Settings ###### +###### Ensure you know what you're doing before getting stuck in down here 8-) ###### +###################################################################################### ### ### General ### # Extra packages to install -ansible_nas_extra_packages: +ansible_nas_extra_packages: - smartmontools - htop - zfsutils-linux @@ -244,18 +245,22 @@ samba_netbios_name: "{{ ansible_nas_hostname }}" ### ### Traefik ### -traefik_docker_image: traefik:1.7 +traefik_docker_image: traefik:latest traefik_data_directory: "{{ docker_home }}/traefik" +traefik_debug: "false" ### ### Heimdall ### +heimdall_available_externally: "false" heimdall_docker_image: linuxserver/heimdall:latest heimdall_data_directory: "{{ docker_home }}/heimdall" ### ### Transmission ### +transmission_available_externally: "false" +transmission_with_openvpn_available_externally: "false" transmission_config_directory: "{{ docker_home }}/transmission/config" transmission_download_directory: "{{ downloads_root }}" transmission_watch_directory: "{{ torrents_root }}" @@ -267,6 +272,7 @@ transmission_local_network: "192.168.1.0/24" ### ### Plex ### +plex_available_externally: "false" plex_config_directory: "{{ docker_home }}/plex/config" plex_movies_directory: "{{ movies_root }}" plex_tv_directory: "{{ tv_root }}" @@ -276,6 +282,7 @@ plex_group_id: 0 ### ### Emby ### +emby_available_externally: "false" emby_config_directory: "{{ docker_home }}/emby/config" emby_movies_directory: "{{ movies_root }}" emby_tv_directory: "{{ tv_root }}" @@ -285,6 +292,7 @@ emby_group_id: 0 ### ### Tautulli ### +tautulli_available_externally: "false" tautulli_config_directory: "{{ docker_home }}/tautulli/config" tautulli_user_id: 0 tautulli_group_id: 0 @@ -293,12 +301,14 @@ tautulli_group_id: 0 ### ### Duplicati ### +duplicati_available_externally: "false" duplicati_data_directory: "{{ docker_home }}/duplicati/config" ### ### Sonarr ### +sonarr_available_externally: "false" sonarr_data_directory: "{{ docker_home }}/sonarr/config" sonarr_tv_directory: "{{ tv_root }}" sonarr_download_directory: "{{ downloads_root }}" @@ -309,6 +319,7 @@ sonarr_group_id: 0 ### ### Radarr ### +radarr_available_externally: "false" radarr_movies_directory: "{{ movies_root }}" radarr_download_directory: "{{ downloads_root }}" radarr_data_directory: "{{ docker_home }}/radarr" @@ -319,6 +330,7 @@ radarr_group_id: 0 ### ### Couchpotato ### +couchpotato_available_externally: "false" couchpotato_config_directory: "{{ docker_home }}/couchpotato/config" couchpotato_movies_directory: "{{ movies_root }}" couchpotato_downloads_directory: "{{ downloads_root }}" @@ -330,12 +342,17 @@ couchpotato_group_id: 0 ### ### Sickrage ### +sickrage_available_externally: "false" sickrage_config_directory: "{{ docker_home }}/sickrage/config" sickrage_tv_directory: "{{ tv_root }}" sickrage_downloads_directory: "{{ downloads_root }}" sickrage_user_id: 0 sickrage_group_id: 0 +### +### Netdata +### +netdata_available_externally: "false" ### ### OpenVPN @@ -346,12 +363,14 @@ openvpn_config_directory: "{{ docker_home }}/openvpn" ### ### Portainer ### +portainer_available_externally: "false" portainer_data_directory: "{{ docker_home }}/portainer/config" ### ### ZNC ### +znc_available_externally: "false" znc_data_directory: "{{ docker_home }}/znc" znc_user_id: 0 znc_group_id: 0 @@ -360,6 +379,7 @@ znc_group_id: 0 ### ### Stats ### +grafana_available_externally: "false" telegraf_data_directory: "{{ docker_home }}/telegraf" influxdb_data_directory: "{{ docker_home }}/influxdb" grafana_data_directory: "{{ docker_home }}/grafana" @@ -368,11 +388,18 @@ stat_collection_interval: 15s ### ### Gitea ### +gitea_available_externally: "false" gitea_data_directory: "{{ docker_home }}/gitea" +### +### Glances +### +glances_available_externally: "false" + ### ### Nextcloud ### +nextcloud_available_externally: "false" nextcloud_data_directory: "{{ docker_home }}/nextcloud" ### @@ -383,6 +410,7 @@ nginx_data_directory: "{{ docker_home }}/nginx" ### ### Guacamole ### +guacamole_available_externally: "false" guacamole_docker_image: guacamole/guacamole:0.9.14 guacamole_guacd_docker_image: guacamole/guacd:0.9.14 guacamole_data_directory: "{{ docker_home }}/guacamole" @@ -390,6 +418,7 @@ guacamole_data_directory: "{{ docker_home }}/guacamole" ### ### Miniflux ### +miniflux_available_externally: "false" miniflux_data_directory: "{{ docker_home }}/miniflux" miniflux_admin_username: admin miniflux_admin_password: supersecure @@ -397,6 +426,7 @@ miniflux_admin_password: supersecure ### ### Airsonic ### +airsonic_available_externally: "false" airsonic_data_directory: "{{ docker_home }}/airsonic" ### @@ -420,7 +450,7 @@ watchtower_command: "--schedule '{{ watchtower_cron_schedule }}' --debug" ### ### Time Machine ### -timemachine_data_directory: "{{ docker_home }}/timemachine" # needs to be an absolute path +timemachine_data_directory: "{{ docker_home }}/timemachine" timemachine_volume_size_limit: 0 timemachine_password: timemachine timemachine_share_name: TimeMachine @@ -448,4 +478,5 @@ mymediaforalexa_data_directory: "{{ docker_home }}/mymediaforalexa" ### ### jackett ### +jackett_available_externally: "false" jackett_data_directory: "{{ docker_home }}/jackett"