Initial Commit

roles/docker/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for docker

roles/docker/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Matthew McKinnon
+  description: Mounting NFS filesystem
+  company: support@comprofix.com
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

roles/docker/tasks/main.yml

@@ -0,0 +1,48 @@
+---
+- name: Add Docker apt key.
+  ansible.builtin.get_url:
+    url: "{{ docker_apt_gpg_key }}"
+    dest: /etc/apt/trusted.gpg.d/docker.asc
+    mode: '0644'
+    force: false
+    checksum: "{{ docker_apt_gpg_key_checksum | default(omit) }}"
+  ignore_errors: true
+
+- name: Add Docker repository.
+  apt_repository:
+    repo: "{{ docker_apt_repository }}"
+    state: present
+    filename: "{{ docker_apt_filename }}"
+    update_cache: true
+
+- name: Install Docker packages.
+  package:
+    name: "{{ docker_packages }}"
+    state: "present"
+
+- name: Install Docker Module for Python
+  pip:
+    name:
+      - PyYAML==5.3.1
+      - docker
+      - docker-compose
+      - pymysql
+      - passlib
+    state: "present"
+
+- name: Ensure docker users are added to the docker group.
+  user:
+    name: "{{ item }}"
+    groups: docker
+    append: true
+  with_items: "{{ docker_users }}"
+
+- name: Reset ssh connection to apply user changes.
+  meta: reset_connection
+
+- name: Setup cron job for backup
+  cron:
+    name: Docker Prune
+    minute: 0
+    hour: 5
+    job: "docker system prune -af && docker image prune -af && docker system prune -af --volumes"

roles/docker/vars/main.yml

@@ -0,0 +1,51 @@
+$ANSIBLE_VAULT;1.1;AES256
+36326633353666613166393030633363373435666230663138303735323132663930663663383138
+3131616265626633663430353835663866356436373533390a623564333539306162613532393661
+61326437363033383862343034356639316162363364356135616132396136383962333062653566
+3966323033663162640a323461656637633062373134656237323339346638663338353266386164
+30653839343165663937653534313335316336356262303331643839643733663264643265633337
+62633265656330353536663762643130636466353165336535393033663937396364373064363133
+66323931663164313235316638393838326532643233636663333635656162343333643233646131
+33336239393035613839646434643633313239393764613836343039383361613437626334643534
+33373461336363636162646631323266353235326361393338366563653663343537633765653261
+30393863323134376466346663376432623938376638393135356439326562656534376233646364
+31353336396362323363323964383635303264646661626662333161303961383333636437393264
+61623638303066343832303034633736343031333732633437356134393837663637653738303837
+65643264663564643432363830373861323062393561386261323638353339663835663830653633
+35373865383832656665333263323463303631343239346632336565393032333865353364386431
+34633064356233626337646439623665613039666632366162346534656438393965623836366230
+38323765633333663266656161376233343131646165343538653335653061363435316536313339
+65366539313338623030663233633766373865653938616437323664633537306162353438373564
+30383831353563663834373731356330393535613162313461303265353461643434613833376330
+39653063363666353261373161636434366464306539306538623533373764666466383766646166
+63313263626539316163656431393534393266666632366430323439373931636235663137393363
+66323338643835356338646565653235333762343162636434653561626630333233343232633365
+64353139376236363039343432636563316562383263336434376236613734396564393137366531
+35613232646638313435326234366335356538393331363862353232353961373734646332646635
+37323930623932326164323831393462653331373562336264613635396339653161303863623739
+34303532376335623533373466366464666662653533363963326536633938333833376432616330
+62326261366463323934663939316338306535323935623935323337333866353539336132326564
+64623739623064333932386363353235356431656339663039643631353264376234316430356235
+33326233356638646163633333613736343732626263333631336333343434353164333436653331
+64376539336562393538613134633933373339363737363364623066383130653033633966316665
+36323361656131623435346565323638313030343762313765646264396461616165393762366436
+65363563313439376437626533386262323036346436663030303736363061396639633338386337
+65623534393561643662653538633630363663326430383030393062323934326465313533303662
+30323861613333353465396536653632373934363162393465373466636132383064663063383834
+66653938346463663335333737386339666430643034386335353938633232323333633238643035
+37643239383936393233353735333164663566663833383763306635646666666365336161316437
+64343032376139373036366433376263376565656435336662656661336530323130356266353265
+32316361623238386530303533343763646533653631613965386639386237303965636634353366
+31363137376633376532383361376631663734653262616237373933363330323337386434623261
+63656364653162323463626361633533353132666563393538383332306263316639396530323131
+63646566623064393930343137623564323234383430363365313834336464333432623466646139
+33343833353339633236613439623735316538373962663365623963663639663264396238363465
+61313338343435313035643163316631303433383738393162633032613830663264386538343763
+30363434653461396239306334333366333232373732353362666538323063313934346433666334
+35363236333038333363653737656362653362376338653364636566346637376566306632326438
+32663930613066343361616665396334393863643963316239313735363539333263656133356665
+62663236366665373637373436656630336630393333393164343265306533666366333964333338
+36376337376366333835326565323735613961323264663466356635653763343331373561666632
+61343466643661636335373663386466333232393064623538666636653439363639386462373238
+38613862656363373434353037613135363464313864386361323136613762306632653838616463
+3438636539363664613934313333336535623165306438353130

roles/nfs/defaults/main.yml

@@ -0,0 +1,8 @@
+---
+# defaults file for roles/nfs-mount
+
+# List of NFS shares
+nfs_share_mounts: []
+
+# Default NFS4 mount options
+nfs_mount_opts: "rw,sync,hard"

roles/nfs/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Matthew McKinnon
+  description: Mounting NFS filesystem
+  company: support@comprofix.com
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

roles/nfs/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+  
+- name: Install NFS mount utility
+  ansible.builtin.apt:
+    update_cache: true
+    pkg: nfs-common
+    state: present
+  when: ansible_os_family == "Debian"
+
+- name: Mount an NFS volume
+  ansible.posix.mount:
+    src: "{{ item.src }}"
+    path: "{{ item.path }}"
+    opts: "{{ item.opts | default(nfs_mount_opts) }}"
+    state: "{{ item.state | default( 'mounted' ) }}"
+    fstype: nfs
+  with_items: "{{ mounts }}"
+    
+
+

roles/portainer/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for common

roles/portainer/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Matthew McKinnon
+  description: Portainer CE
+  company: support@comprofix.com
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

roles/portainer/tasks/main.yml

@@ -0,0 +1,29 @@
+---
+- name: Create directories
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ data_folder }}/portainer"
+ 
+- name: Create Portainer Container
+  docker_container:
+    name: portainer
+    image: portainer/portainer-ce:2.21.0
+    command: --admin-password "{{PORTAINER_ADMIN_PASSWORD}}"
+    restart_policy: unless-stopped
+    volumes:
+      - "{{ data_folder }}/portainer/data:/data"
+      - '/var/run/docker.sock:/var/run/docker.sock'
+    networks:
+      - name: proxy
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.portainer-secure.rule: "Host(`{{portainer_host}}`)"
+      traefik.http.routers.portainer-secure.entrypoints: "https"
+      traefik.http.routers.portainer-secure.tls: "true"
+      traefik.http.routers.portainer-secure.service: "portainer"
+      traefik.http.services.portainer.loadbalancer.server.port: "9443"
+      traefik.http.services.portainer.loadbalancer.server.scheme: "https"
+  register: container_portainer
+

roles/portainer/vars/main.yml

@@ -0,0 +1,14 @@
+$ANSIBLE_VAULT;1.1;AES256
+66663364383263343838636561393437373730633165306539633566356166313664656166633537
+6333663336336463613565666465663430303665323766300a393063366230643139363061633636
+65303631383230396461303836386335306261613664393762393266636437333634663464353137
+6563366664663331380a346534323264633738663063356565643137323964663964656137633363
+33333264383830666637376337633432353732353630333134353638653234333730636166356164
+33363433343432623762393834336637626562613633393963323963623661643862636362313930
+37346233373231663762346633323634666436323364653136656630636462333638316632626435
+30336433353961333334386134383032356633643261656639623237386439653739363133633836
+65333065336464386164363037363766353066396163386561323338326439376138316131306636
+65376230383666393762393938313535386131313134613033393936633139363366373065623033
+33353733613439383366393864623130396231323433393732653966653132313262346538646334
+63303831333465613962653661656237326364396465366234383663333431366233363133623936
+62663632356361323930326230326565366366663733633137633938643564373766

roles/traefik/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for common

roles/traefik/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Matthew McKinnon
+  description: Traefik Proxy
+  company: support@comprofix.com
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

roles/traefik/tasks/main.yml

@@ -0,0 +1,86 @@
+---
+- name: Create directories
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ data_folder }}/traefik"
+    - "{{ data_folder }}/traefik/data"
+
+- name: Create a network
+  docker_network:
+    name: proxy
+  register: network
+
+- name: Copy Traefik config
+  template:
+    src: templates/traefik.yml.j2
+    dest: "{{ data_folder }}/traefik/data/traefik.yml"
+    mode: '0600'
+
+- name: Check if {{ data_folder }}/traefik/data/acme.json exists
+  ansible.builtin.stat:
+    path: "{{ data_folder }}/traefik/data/acme.json"
+  register: file_status
+
+- name: Creates {{ data_folder }}/traefik/data/acme.json if it doesn't exists
+  ansible.builtin.file:
+    path: "{{ data_folder }}/traefik/data/acme.json"
+    state: touch
+    owner: root
+    group: root
+    mode: '0600'
+  when: not file_status.stat.exists
+
+- name: Check if {{ data_folder }}/traefik/data/traefik.json.log exists
+  ansible.builtin.stat:
+    path: "{{ data_folder }}/traefik/data/traefik.json.log"
+  register: file_status
+
+- name: Creates {{ data_folder }}/traefik/data/traefik.json.log if it doesn't exists
+  ansible.builtin.file:
+    path: "{{ data_folder }}/traefik/data/traefik.json.log"
+    state: touch
+    owner: root
+    group: root
+    mode: '0600'
+  when: not file_status.stat.exists
+
+- name: Create traefik Container
+  docker_container:
+    name: traefik
+    image: traefik:v3.1
+    restart_policy: unless-stopped
+    networks:
+      - name: "proxy"
+    ports:
+      - 80:80
+      - 443:443
+    env:
+      CF_API_EMAIL: "{{ CF_API_EMAIL }}"
+      CF_DNS_API_TOKEN: "{{CF_DNS_API_TOKEN}}"
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - "{{ data_folder }}/traefik/data/traefik.yml:/traefik.yml:ro"
+      - "{{ data_folder }}/traefik/data/acme.json:/acme.json"
+      - "{{ data_folder }}/traefik/data/traefik.json.log:/traefik.json.log"
+      # - ./data/config.yml:/config.yml:ro
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.traefik.entrypoints: "http"
+      traefik.http.routers.traefik.rule: "Host(`{{traefik_host}}`)"
+      traefik.http.middlewares.traefik-auth.basicauth.users: "{{ traefik_api_user }}:{{ traefik_api_password | password_hash('blowfish','1234567890123456789012') }}"
+      traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme: "https"
+      traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto: "https"
+      traefik.http.routers.traefik.middlewares: "traefik-https-redirect"
+      traefik.http.routers.traefik-secure.entrypoints: "https"
+      traefik.http.routers.traefik-secure.rule: "Host(`{{traefik_host}}`)"
+      traefik.http.routers.traefik-secure.middlewares: "traefik-auth"
+      traefik.http.routers.traefik-secure.tls: "true"
+      traefik.http.routers.traefik-secure.tls.certresolver: "cloudflare"
+      traefik.http.routers.traefik-secure.tls.domains[0].main: "comprofix.com"
+      traefik.http.routers.traefik-secure.tls.domains[0].sans: "*.comprofix.com"
+      traefik.http.routers.traefik-secure.tls.domains[1].main: "comprofix.xyz"
+      traefik.http.routers.traefik-secure.tls.domains[1].sans: "*.comprofix.xyz"
+      traefik.http.routers.traefik-secure.service: "api@internal"

roles/traefik/templates/traefik.yml.j2

@@ -0,0 +1,42 @@
+api:
+  dashboard: true
+  debug: true
+
+entryPoints:
+  http:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: https
+          scheme: https
+  https:
+    address: ":443"
+
+serversTransport:
+  insecureSkipVerify: true
+
+log:
+  level: DEBUG
+  filePath: /traefik.json.log
+  format: json
+
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+  file:
+    filename: /config.yml
+
+certificatesResolvers:
+  cloudflare:
+    acme:
+      email: {{ CF_API_EMAIL }}
+      storage: acme.json
+      dnsChallenge:
+        provider: cloudflare
+        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
+        resolvers:
+          - "1.1.1.1:53"
+          - "1.0.0.1:53"
+  

roles/traefik/vars/main.yml

@@ -0,0 +1,14 @@
+$ANSIBLE_VAULT;1.1;AES256
+65353236643865303034613264613133353338613962646164333936353761336231643332303164
+3834613038663965376661373336646433353437373132300a353663633034643265653937396238
+66326632323432646239663762626230326338666138653330323566633864623734396639323062
+3735326666306239370a383439646335343965316464386265613437646163636335393139316232
+61396631356263333933626334313438633132663764326539393663636631303538636131303830
+31633037376231326436306463376134633031666431303133383237316530646261383733313132
+62343261303266613764633861393939343937343038383231353137333337383936623338313561
+64633330356639643863336437653137393364653833653934633762333461393035393963313432
+39633563636164363461326231306237343265626533366562626136643561636464663866303434
+64363663396334623738316238316135616162393566613631396163666134663765343230656135
+35646364666531303361623833643136663832363737623161386562393234393533306636363265
+37343438386439303931633434303939393062363138353732373163663761366337326437316537
+6137