add proxy config for kiwi-labs

Diesel-Net · Jan 1, 2024 · 89d7a90 · 89d7a90
1 parent 3651ea7
commit 89d7a90
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 30 deletions.
diff --git a/.ansible/inventories/dev/group_vars/all/proxy.yaml b/.ansible/inventories/dev/group_vars/all/proxy.yaml
@@ -1,16 +1,19 @@
 proxy:
 
-  - service: '{{ git_repository }}-{{ git_branch }}-main'
+  - service: '{{ app_name }}-webui'
     port: 8081
-    router: '{{ git_repository }}-{{ git_branch }}-main'
-    host: nexus.dev.diesel.net
+    router: '{{ app_name }}-webui'
+    diesel_host: nexus.dev.diesel.net
+    kiwi_host: nexus.dev.kiwi-labs.net
 
-  - service: '{{ git_repository }}-{{ git_branch }}-docker'
+  - service: '{{ app_name }}-docker-registry'
     port: 8082
-    router: '{{ git_repository }}-{{ git_branch }}-docker'
-    host: docker.nexus.dev.diesel.net
+    router: '{{ app_ name }}-docker-registry'
+    diesel_host: docker.nexus.dev.diesel.net
+    kiwi_host: docker.nexus.dev.kiwi-labs.net
 
-  - service: '{{ git_repository }}-{{ git_branch }}-docker-proxy'
+  - service: '{{ app_name }}-dockerhub-cache'
     port: 8083
-    router: '{{ git_repository }}-{{ git_branch }}-docker-proxy'
-    host: dockerhub.nexus.dev.diesel.net
+    router: '{{ app_name }}-dockerhub-cache'
+    diesel_host: dockerhub.nexus.dev.diesel.net
+    kiwi_host: dockerhub.nexus.dev.kiwi-labs.net
diff --git a/.ansible/inventories/prod/group_vars/all/proxy.yaml b/.ansible/inventories/prod/group_vars/all/proxy.yaml
@@ -1,16 +1,19 @@
 proxy:
 
-  - service: '{{ git_repository }}-{{ git_branch }}-main'
+  - service: '{{ app_name }}-webui'
     port: 8081
-    router: '{{ git_repository }}-{{ git_branch }}-main'
-    host: nexus.diesel.net
+    router: '{{ app_name }}-webui'
+    diesel_host: nexus.diesel.net
+    kiwi_host: nexus.kiwi-labs.net
 
-  - service: '{{ git_repository }}-{{ git_branch }}-docker'
+  - service: '{{ app_name }}-docker-registry'
     port: 8082
-    router: '{{ git_repository }}-{{ git_branch }}-docker'
-    host: docker.nexus.diesel.net
+    router: '{{ app_ name }}-docker-registry'
+    diesel_host: docker.nexus.diesel.net
+    kiwi_host: docker.nexus.kiwi-labs.net
 
-  - service: '{{ git_repository }}-{{ git_branch }}-docker-proxy'
+  - service: '{{ app_name }}-dockerhub-cache'
     port: 8083
-    router: '{{ git_repository }}-{{ git_branch }}-docker-proxy'
-    host: dockerhub.nexus.diesel.net
+    router: '{{ app_name }}-dockerhub-cache'
+    diesel_host: dockerhub.nexus.diesel.net
+    kiwi_host: dockerhub.nexus.kiwi-labs.net
diff --git a/.ansible/roles/requirements.yaml b/.ansible/roles/requirements.yaml
@@ -1,14 +1,14 @@
 - name: application
   scm: git
-  src: "git@github.com:Diesel-Net/ansible-role-application.git"
-  version: 2.0.0
+  src: git@github.com:Diesel-Net/ansible-role-application.git
+  version: 2.1.1
 
 - name: docker
   scm: git
-  src: "git@github.com:Diesel-Net/ansible-role-docker.git"
-  version: 2.0.0
+  src: git@github.com:Diesel-Net/ansible-role-docker.git
+  version: 2.0.4
 
 - name: traefik
   scm: git
-  src: "git@github.com:Diesel-Net/ansible-role-traefik.git"
-  version: 2.2.0
+  src: git@github.com:Diesel-Net/ansible-role-traefik.git
+  version: 2.3.5
diff --git a/.ansible/templates/docker-compose.yaml b/.ansible/templates/docker-compose.yaml
@@ -17,11 +17,19 @@ services:
 
 {% for item in proxy %}
         - traefik.http.services.{{ item.service }}.loadbalancer.server.port={{ item.port }}
-        - traefik.http.routers.{{ item.router }}.rule=Host(`{{ item.host }}`)
-        - traefik.http.routers.{{ item.router }}.service={{ item.service }}
-        - traefik.http.routers.{{ item.router }}.tls.certresolver=step-ca
+
+        - traefik.http.routers.diesel-{{ item.router }}.rule=Host(`{{ item.diesel_host }}`)
+        - traefik.http.routers.diesel-{{ item.router }}.service={{ item.service }}@docker
+        - traefik.http.routers.diesel-{{ item.router }}.tls.certresolver=step-ca
+
+        - traefik.http.routers.kiwi-{{ item.router }}.rule=Host(`{{ item.kiwi_host }}`)
+        - traefik.http.routers.kiwi-{{ item.router }}.service={{ item.service }}@docker
+        - traefik.http.routers.kiwi-{{ item.router }}.tls.certresolver=cloudflare
+        - traefik.http.routers.kiwi-{{ item.router }}.tls.domains[0].main={{ '.'.join( item.kiwi_host.split('.')[1:] ) }}
+        - traefik.http.routers.kiwi-{{ item.router }}.tls.domains[0].sans=*.{{ '.'.join( item.kiwi_host.split('.')[1:] ) }}
 {% endfor %}
 
+
     networks:
       - {{ traefik_network }}
 

diff --git a/.drone.yaml b/.drone.yaml
@@ -5,7 +5,7 @@ name: development pipeline
 
 steps:
   - name: Clean install (data is wiped)
-    image: docker.nexus.diesel.net/drone-ansible:2.13
+    image: docker.nexus.diesel.net/drone-ansible:7.2.0
     environment:
       ANSIBLE_CONFIG: .ansible/ansible.cfg
       DOCKERHUB_USERNAME:
@@ -24,7 +24,7 @@ steps:
         from_secret: ansible_vault_password
 
   - name: Configuration update (data is not wiped)
-    image: docker.nexus.diesel.net/drone-ansible:2.13
+    image: docker.nexus.diesel.net/drone-ansible:7.2.0
     environment:
       ANSIBLE_CONFIG: .ansible/ansible.cfg
       DOCKERHUB_USERNAME:
@@ -53,7 +53,7 @@ name: production pipeline
 
 steps:
   - name: Configuration update
-    image: docker.nexus.diesel.net/drone-ansible:2.13
+    image: docker.nexus.diesel.net/drone-ansible:7.2.0
     environment:
       ANSIBLE_CONFIG: .ansible/ansible.cfg
       DOCKERHUB_USERNAME: