bootstrap.yml

@@ -1,6 +1,6 @@
 ---
 - name: Creating compose from template
-  hosts: server
+  hosts: localhost
   gather_facts: false
   tasks:
   - name: Generate password for Keycloak password
@@ -71,6 +71,32 @@
     ansible.builtin.wait_for:
       timeout: 30
 
+    #  - name: Adding root cert to grafana image
+    #    community.docker.docker_container_copy_into:
+    #      container: infra-grafana
+    #      path: files/mforcen.crt
+    #      container_path: /etc/ssl/mforcen.crt
+    #
+    #  - name: Creating ssl folder
+    #    community.docker.docker_container_exec:
+    #      container: infra-grafana
+    #      command: mkdir /ssl
+    #      user: 0
+    #
+    #  - name: Adding fullchain cert to grafana container
+    #    community.docker.docker_container_copy_into:
+    #      container: infra-grafana
+    #      path: files/grafana.mforcen.dev.fullchain.pem
+    #      container_path: /ssl/grafana.mforcen.dev.fullchain.pem
+    #      mode: 0755
+    #
+    #  - name: Adding key to grafana container
+    #    community.docker.docker_container_copy_into:
+    #      container: infra-grafana
+    #      path: files/grafana.mforcen.dev.key
+    #      container_path: /ssl/grafana.mforcen.dev.key
+    #      mode: 0755
+
   - name: Wait for keycloak to be ready
     ansible.builtin.wait_for:
       timeout: 60
@@ -109,3 +135,18 @@
       client_authenticator_type: client-secret
       id: a6960246-4aa9-495f-8843-69d664dba0ea
       secret: "{{ grafana_kc_client_secret }}"
+
+    #  - name: Create grafana config ini file
+    #    ansible.builtin.template:
+    #      src: grafana.ini
+    #      dest: ../grafana.ini
+    #        
+    #  - name: Stopping grafana container
+    #    community.docker.docker_container:
+    #      name: infra-grafana
+    #      state: stopped
+    #
+    #  - name: Starting grafana container
+    #    community.docker.docker_container:
+    #      name: infra-grafana
+    #      state: started

inventory.yml

@@ -1,5 +1,3 @@
-server:
-  hosts:
-    mforcen.dev:
+mforcen.dev:
   ansible_user: forcen
   ansible_port: 9022

teardown.yml

@@ -1,15 +0,0 @@
----
-- name: Creating compose from template
-  hosts: server
-  gather_facts: false
-  tasks:
-  - name: Tearing down Compose file
-    community.docker.docker_compose_v2:
-      project_src: /opt/infra
-      files:
-      - compose.yml
-      state: absent
-      remove_volumes: true
-
-  - name: Deleting infra folder contents
-    ansible.builtin.command: rm -r /opt/infra/*

templates/compose.yml

@@ -1,5 +1,6 @@
 services:
   database:
+
     image: postgres:17
     container_name: infra-db
     restart: unless-stopped
@@ -42,14 +43,6 @@ services:
       KC_HTTPS_PORT: 443
     depends_on:
       - database
-    labels:
-      - traefik.enable=true
-      - traefik.tcp.routers.keycloak.rule=HostSNI(`sso.mforcen.dev`)
-      - traefik.tcp.routers.keycloak.entrypoints=websecure
-      - traefik.tcp.routers.keycloak.service=keycloak
-      - traefik.tcp.routers.keycloak.tls=true
-      - traefik.tcp.routers.keycloak.tls.passthrough=true
-      - traefik.tcp.services.keycloak.loadbalancer.server.port=443
       
   grafana:
     container_name: infra-grafana
@@ -80,7 +73,7 @@ services:
       GF_SERVER_PORT: 443
       GF_SERVER_DOMAIN: grafana.mforcen.dev
       GF_SERVER_CERT_FILE: /ssl/grafana.mforcen.dev.fullchain.pem
-      GF_SERVER_CERT_KEY: /ssl/grafana.mforcen.dev.key
+      GF_SERVER_KEY_FILE: /ssl/grafana.mforcen.dev.key
       GF_AUTH_GENERIC_OAUTH_NAME: SSO
       GF_AUTH_GENERIC_OAUTH_ENABLED: true
       GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana
@@ -92,14 +85,6 @@ services:
       GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/auth
       GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/token
       GF_AUTH_GENERIC_OAUTH_API_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/userinfo
-    labels:
-      - traefik.enable=true
-      - traefik.tcp.routers.grafana.rule=HostSNI(`grafana.mforcen.dev`)
-      - traefik.tcp.routers.grafana.entrypoints=websecure
-      - traefik.tcp.routers.grafana.service=grafana
-      - traefik.tcp.routers.grafana.tls=true
-      - traefik.tcp.routers.grafana.tls.passthrough=true
-      - traefik.tcp.services.grafana.loadbalancer.server.port=443
 
 volumes:
   psql-data: