From 95832941c05a59ad005e411a70e13d32e8d4cb78 Mon Sep 17 00:00:00 2001 From: Marty Oehme Date: Fri, 30 Jul 2021 11:10:05 +0200 Subject: [PATCH] Ensure stacks can inject their upstream to caddy Created bind volume for caddy which takes the json fragments which will later be injected through the caddy api to dynamically set their individual reverse proxy addresses. This is not entirely necessary if the injection should be done as a variable instead, but makes it easier to change routes and especially more complicated ones (I'm thinking of gitea with ssh access e.g.). --- roles/caddy/tasks/main.yml | 33 +++++++++++++++++++++++ roles/caddy/templates/docker-stack.yml.j2 | 1 + 2 files changed, 34 insertions(+) diff --git a/roles/caddy/tasks/main.yml b/roles/caddy/tasks/main.yml index 4dbe265..d9bac59 100644 --- a/roles/caddy/tasks/main.yml +++ b/roles/caddy/tasks/main.yml @@ -31,3 +31,36 @@ become: yes tags: - docker-swarm + +- name: Register caddy container id + ansible.builtin.command: + cmd: docker ps -q -f name={{ item.name }} + with_items: "{{ caddy_stack }}" + become: yes + register: caddy_container_info + +- name: Set fact + ansible.builtin.set_fact: caddy_container_id={{ caddy_container_info.results[0].stdout }} + notify: + - debug caddy container + +# FIXME this should be taken care of in Dockerfile not here +- name: Ensure caddy curl available + community.docker.docker_container_exec: + container: "{{ caddy_container_id }}" + command: > + apk add curl + become: yes + +# TODO FIXME UP +# - name: Allow access to services +# firewalld: +# service: "{{ item }}" +# permanent: true +# state: enabled +# with_items: +# - http +# - https +# become: true +# tags: +# - firewall diff --git a/roles/caddy/templates/docker-stack.yml.j2 b/roles/caddy/templates/docker-stack.yml.j2 index 1ceb8ce..cbfcd5b 100644 --- a/roles/caddy/templates/docker-stack.yml.j2 +++ b/roles/caddy/templates/docker-stack.yml.j2 @@ -8,6 +8,7 @@ services: - "443:443" volumes: - "{{ caddy_caddyfile_dir }}:/etc/caddy" + - "{{ docker_stack_files_dir }}:/stacks:ro" - data:/data - config:/config networks: