forcen/infra-iac
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: forcen:1ea1baa57c3809111174a2f64a63f8039b9d7060
Branches Tags
forcen:main
..
compare: forcen:5a8faf7d566302f5b8a6c85aeb4c668f3ce07673
Branches Tags
forcen:main

No commits in common. "1ea1baa57c3809111174a2f64a63f8039b9d7060" and "5a8faf7d566302f5b8a6c85aeb4c668f3ce07673" have entirely different histories.
1ea1baa57c ... 5a8faf7d56

4 changed files with 47 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

43
bootstrap.yml
View file

@ -1,6 +1,6 @@
--- ---
- name: Creating compose from template - name: Creating compose from template
hosts: server hosts: localhost
gather_facts: false gather_facts: false
tasks: tasks:
- name: Generate password for Keycloak password - name: Generate password for Keycloak password
@ -71,6 +71,32 @@
ansible.builtin.wait_for: ansible.builtin.wait_for:
timeout: 30 timeout: 30
# - name: Adding root cert to grafana image
# community.docker.docker_container_copy_into:
# container: infra-grafana
# path: files/mforcen.crt
# container_path: /etc/ssl/mforcen.crt
#
# - name: Creating ssl folder
# community.docker.docker_container_exec:
# container: infra-grafana
# command: mkdir /ssl
# user: 0
#
# - name: Adding fullchain cert to grafana container
# community.docker.docker_container_copy_into:
# container: infra-grafana
# path: files/grafana.mforcen.dev.fullchain.pem
# container_path: /ssl/grafana.mforcen.dev.fullchain.pem
# mode: 0755
#
# - name: Adding key to grafana container
# community.docker.docker_container_copy_into:
# container: infra-grafana
# path: files/grafana.mforcen.dev.key
# container_path: /ssl/grafana.mforcen.dev.key
# mode: 0755
- name: Wait for keycloak to be ready - name: Wait for keycloak to be ready
ansible.builtin.wait_for: ansible.builtin.wait_for:
timeout: 60 timeout: 60
@ -109,3 +135,18 @@
client_authenticator_type: client-secret client_authenticator_type: client-secret
id: a6960246-4aa9-495f-8843-69d664dba0ea id: a6960246-4aa9-495f-8843-69d664dba0ea
secret: "{{ grafana_kc_client_secret }}" secret: "{{ grafana_kc_client_secret }}"
# - name: Create grafana config ini file
# ansible.builtin.template:
# src: grafana.ini
# dest: ../grafana.ini
#
# - name: Stopping grafana container
# community.docker.docker_container:
# name: infra-grafana
# state: stopped
#
# - name: Starting grafana container
# community.docker.docker_container:
# name: infra-grafana
# state: started

4
inventory.yml
View file

@ -1,5 +1,3 @@
server: mforcen.dev:
hosts:
mforcen.dev:
ansible_user: forcen ansible_user: forcen
ansible_port: 9022 ansible_port: 9022

15
teardown.yml
View file

@ -1,15 +0,0 @@
---
- name: Creating compose from template
hosts: server
gather_facts: false
tasks:
- name: Tearing down Compose file
community.docker.docker_compose_v2:
project_src: /opt/infra
files:
- compose.yml
state: absent
remove_volumes: true
- name: Deleting infra folder contents
ansible.builtin.command: rm -r /opt/infra/*

19
templates/compose.yml
View file

@ -1,5 +1,6 @@
services: services:
database: database:
image: postgres:17 image: postgres:17
container_name: infra-db container_name: infra-db
restart: unless-stopped restart: unless-stopped
@ -42,14 +43,6 @@ services:
KC_HTTPS_PORT: 443 KC_HTTPS_PORT: 443
depends_on: depends_on:
- database - database
labels:
- traefik.enable=true
- traefik.tcp.routers.keycloak.rule=HostSNI(`sso.mforcen.dev`)
- traefik.tcp.routers.keycloak.entrypoints=websecure
- traefik.tcp.routers.keycloak.service=keycloak
- traefik.tcp.routers.keycloak.tls=true
- traefik.tcp.routers.keycloak.tls.passthrough=true
- traefik.tcp.services.keycloak.loadbalancer.server.port=443
grafana: grafana:
container_name: infra-grafana container_name: infra-grafana
@ -80,7 +73,7 @@ services:
GF_SERVER_PORT: 443 GF_SERVER_PORT: 443
GF_SERVER_DOMAIN: grafana.mforcen.dev GF_SERVER_DOMAIN: grafana.mforcen.dev
GF_SERVER_CERT_FILE: /ssl/grafana.mforcen.dev.fullchain.pem GF_SERVER_CERT_FILE: /ssl/grafana.mforcen.dev.fullchain.pem
GF_SERVER_CERT_KEY: /ssl/grafana.mforcen.dev.key GF_SERVER_KEY_FILE: /ssl/grafana.mforcen.dev.key
GF_AUTH_GENERIC_OAUTH_NAME: SSO GF_AUTH_GENERIC_OAUTH_NAME: SSO
GF_AUTH_GENERIC_OAUTH_ENABLED: true GF_AUTH_GENERIC_OAUTH_ENABLED: true
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana
@ -92,14 +85,6 @@ services:
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/auth GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/auth
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/token GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/token
GF_AUTH_GENERIC_OAUTH_API_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/userinfo GF_AUTH_GENERIC_OAUTH_API_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/userinfo
labels:
- traefik.enable=true
- traefik.tcp.routers.grafana.rule=HostSNI(`grafana.mforcen.dev`)
- traefik.tcp.routers.grafana.entrypoints=websecure
- traefik.tcp.routers.grafana.service=grafana
- traefik.tcp.routers.grafana.tls=true
- traefik.tcp.routers.grafana.tls.passthrough=true
- traefik.tcp.services.grafana.loadbalancer.server.port=443
volumes: volumes:
psql-data: psql-data: