Update traefik Docker tag to v3.3

Gitea runner restart always
Moved Wireguard server to wireguard container
2025-01-07 05:01:34 +00:00 · 2024-12-17 06:40:48 -05:00 · 2024-12-17 06:40:48 -05:00 · 2024-12-17 06:40:48 -05:00 · 2024-12-17 06:40:48 -05:00 · 2024-12-17 06:40:48 -05:00
14 changed files with 76 additions and 40 deletions
--- a/ansible/assets/basementpi/compose.yml.j2
+++ b/ansible/assets/basementpi/compose.yml.j2
@ -82,6 +82,7 @@ services:
      - 'gitea.mycomputer.party:10.11.1.15'
      - 'pbs pbs.mycomputer.party:10.11.1.30'
      - 'immich immich.mycomputer.party:10.11.1.13'
      - 'wireguard wireguard.injust.us:10.11.1.9'
    restart: always
--- a/ansible/assets/bastion/wg0.conf.j2
+++ b/ansible/assets/bastion/wg0.conf.j2
@ -1,7 +1,7 @@
 [Interface]
 Address = {{ wg_interface_ip }}
 ListenPort = 51820
-PrivateKey = {{ wg_private_key}}
+PrivateKey = {{ bastion_wg_private_key}}
 #https://serverfault.com/questions/1162475/iptables-exclude-a-specific-port-from-being-forwarded-to-the-destination
 PostUp = iptables -t nat -N Inbound
 PostUp = iptables -t nat -A PREROUTING -d {{ public_ip }} -j Inbound
--- a/ansible/assets/docker-ext/compose.yml.j2
+++ b/ansible/assets/docker-ext/compose.yml.j2
@ -4,7 +4,7 @@ services:
  traefik:
    container_name: traefik
    # The official v2 Traefik docker image
-    image: traefik:v3.1
+    image: traefik:v3.3
    restart: unless-stopped
    depends_on:
      - crowdsec
@ -353,7 +353,7 @@ services:
    restart: unless-stopped
    # To use a pre-built image, remove the above "build" section
    # and uncomment the following line:
-    image: healthchecks/healthchecks:v3.7
+    image: healthchecks/healthchecks:v3.8
    env_file:
      - .healthchecks-env
    ports:
--- a/ansible/assets/docker-ext/wg0.conf.j2
+++ b/ansible/assets/docker-ext/wg0.conf.j2
@ -1,8 +1,7 @@
 [Interface]
-PrivateKey = {{ docker_ext_wg_private_key }}
+PrivateKey = {{ homeserver_wg_private_key }}
 Address = 10.11.20.2/24
 ListenPort = 51820
 DNS = 10.11.1.10
 [Peer]
 PublicKey = {{ bastion_wg_public_key }}
@ -10,15 +9,3 @@ AllowedIPs = 0.0.0.0/0
 Endpoint = vps.mycomputer.party:51820
 PersistentKeepalive = 25
 #MacBook
 [Peer]
 PublicKey = /A0WduzRrt/LwKmGm6lq/+TS/1gBekU86FSdhvUo82M=
 AllowedIPs = 10.11.20.4
 [Peer]
 PublicKey = eEHA7CSOR5nha9w4SCB+tOXcuCxgkxIXtNU3xB7wZn4=
 AllowedIPs = 10.11.20.5/32
 [Peer]
 PublicKey = QJmTVggRFs6Df/snbb3Fx3PeFFeaOqy3eUruV0eIXyE=
 AllowedIPs = 10.11.20.6/32
--- a/ansible/assets/docker-int/compose.yml.j2
+++ b/ansible/assets/docker-int/compose.yml.j2
@ -3,7 +3,7 @@ services:
  traefik:
    container_name: traefik
    # The official v2 Traefik docker image
-    image: traefik:v2.11
+    image: traefik:v3.3
    # Enables the web UI and tells Traefik to listen to docker
    command:
      - --api.insecure=true
--- a/ansible/assets/gitea/compose.yml.j2
+++ b/ansible/assets/gitea/compose.yml.j2
@ -8,6 +8,7 @@ services:
      GITEA_INSTANCE_URL: "{{ gitea_instance_url }}"
      GITEA_RUNNER_REGISTRATION_TOKEN: "{{ gitea_runner_token }}"
      GITEA_RUNNER_NAME: "{{ gitea_runner_name }}"
    restart: always
    volumes:
      - ./config.yaml:/config.yaml
      - ./data:/data
--- a/ansible/assets/wireguard/wg0.conf.j2
+++ b/ansible/assets/wireguard/wg0.conf.j2
@ -0,0 +1,22 @@
 [Interface]
 PrivateKey = {{ docker_int_wg_private_key }}
 #pub V7kI33VgyxtJXRGWH0yTnbUXPqE4ZK8wQGPilVUXlWo=
 Address = 10.11.19.1/24
 ListenPort = 51820
 #PostUp = iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE
 #PostDown = iptables -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE -t nat
 #MacBook
 [Peer]
 PublicKey = /A0WduzRrt/LwKmGm6lq/+TS/1gBekU86FSdhvUo82M=
 AllowedIPs = 10.11.19.4
 #Work
 [Peer]
 PublicKey = eEHA7CSOR5nha9w4SCB+tOXcuCxgkxIXtNU3xB7wZn4=
 AllowedIPs = 10.11.19.5/32
 #Phone
 [Peer]
 PublicKey = QJmTVggRFs6Df/snbb3Fx3PeFFeaOqy3eUruV0eIXyE=
 AllowedIPs = 10.11.19.6/32
--- a/ansible/buildHomelab.yaml
+++ b/ansible/buildHomelab.yaml
@ -94,18 +94,27 @@
    - name: Prune images
      ansible.builtin.shell: docker image prune -f
- name: Local server Wireguard
+- name: Homeserver wireguard
  hosts: 
    - docker-ext
  tags:
    - bastion
  tasks:
-    - name: "Local server Wireguard"
+    - name: "Homeserver Wireguard config"
      ansible.builtin.template:
        src: assets/{{ inventory_hostname }}/wg0.conf.j2
        dest: /etc/wireguard/wg0.conf
        backup: true
 - name: Setup Wireguard wireguard
  hosts: wireguard
  vars:
  tags:
    - wireguard
  roles:
    - bastion
 - name: Traefik config
  hosts:
    - docker-ext
@ -117,4 +126,3 @@
        src: assets/{{ inventory_hostname }}/rules.yaml.j2
        dest: /root/docker/traefik/rules.yaml
        backup: true
--- a/ansible/inventory/group_vars/external_access/vars
+++ b/ansible/inventory/group_vars/external_access/vars
@ -0,0 +1,4 @@
 bastion_wg_public_key: s3Ch/zcv5IeSpIbHBT5pdzpHWwV2qh4Z9W/0DSZg/CQ=
 bastion_wg_private_key: "{{ vault_bastion_wg_private_key }}"
 homeserver_wg_public_key: 84ITOv/sB0f/h7fIY+uLQeTmMDgTCjvVzIQmEsLAZmo=
 homeserver_wg_private_key: "{{ vault_homeserver_wg_private_key }}"
--- a/ansible/inventory/group_vars/external_access/vault
+++ b/ansible/inventory/group_vars/external_access/vault
@ -0,0 +1,13 @@
 $ANSIBLE_VAULT;1.1;AES256
 63313365346334336431303631306338366438616433623333343531653765363531303966653661
 6265393431346631346661363264393937663663333832360a346634306132633839383731353036
 65353434616566623963323134353234316362663636333162366561386137363431393936363437
 3636326139363765640a333736363530616238303531663637303064633961323332353766323134
 39306535636566333165623835363239333331383830616564626437656463376464663238663731
 64373335343135333535356231613733633565623530396165663237656135333032626138643364
 62343665663832653165323263643230343738363066633938373961386332333131306636643564
 65616635343065646261333930363635376133626462646532326436323130396266653263376331
 65653430373333633536356233616230363538323032616337363139666330353836653036376264
 35326439323939656639616665633265623264396132313337376661373731313138376136336664
 37656138373131303263343266643439333035356635636664646638373539373130336638383233
 31303139366130303137
--- a/ansible/inventory/group_vars/wireguard/vars
+++ b/ansible/inventory/group_vars/wireguard/vars
@ -1,4 +1 @@
-bastion_wg_public_key: uBjwOBqEeH/2V7qo5GLGQaX159I1YBztzxvYE9pXOnI=
+docker_int_wg_private_key: "{{ vault_docker_int_wg_private_key }}"
 bastion_wg_private_key: "{{ vault_bastion_wg_private_key }}"
 docker_ext_wg_public_key: 84ITOv/sB0f/h7fIY+uLQeTmMDgTCjvVzIQmEsLAZmo=
 docker_ext_wg_private_key: "{{ vault_docker_ext_wg_private_key }}"
--- a/ansible/inventory/group_vars/wireguard/vault
+++ b/ansible/inventory/group_vars/wireguard/vault
@ -1,13 +1,9 @@
 $ANSIBLE_VAULT;1.1;AES256
-65633461333438396463383333323364616536316536363136646361613837353938316562363466
+62643663333863323162613131393738396338666162623530336235613164636337666235333166
-6431373436363535666662323636623439643532323865610a356334333430356138363561363039
+3533366265333931623439666134346130356430333531330a636561363132666339353861396332
-37613232333932663833303038353531636261663830653436633132386432623835643433663532
+37646564626364306264636539633362663139643238353532393661666165643531343930316637
-6533343630353634320a326139346666643135326566336263653965623835396236366433313031
+3365663330326131630a663062343535376438343462373733363762343637333730396463643638
-37656666613035663764626430366635316430303835396436666563653531373635303633383264
+62363235623765386133336466663433633430316531316364643233303061626664653761303930
-64356631393433303337373631313034323339623338383937653565376261633034666330656331
+31366162666239656333626232323334373865653561326131336262343133663030306363626461
-38663262656264323639643261623263646537343430396265663762393835646566646563353766
+64306466373764343132333564626638633932633538306536626666636338316433346666656135
-61363237393033643034343862663739303736336636326230386131356632626630633361646664
+34643761633861656135
 66343637393439393463363434303331343161656364386535366535666433356332396364353630
 62376262373839656339353530656666626235643630303665643633326365616266656330333538
 62626237383835306534643839353465316664643161373465306461373366356433343863393635
 63363235633339373538
--- a/ansible/inventory/hosts.yaml
+++ b/ansible/inventory/hosts.yaml
@ -1,4 +1,8 @@
 ---
 all:
  vars:
    ansible_ssh_user: root
 ungrouped:
  hosts:
    bastion:
@ -16,10 +20,12 @@ docker:
      ansible_ssh_user: root
    gitea:
      ansible_ssh_user: root
 wireguard:
  hosts:
    wireguard:
 external_access:
  hosts:
    docker-ext:
      ansible_ssh_user: root
    bastion:
      ansible_host: 51.222.155.202 
      ansible_ssh_user: root
--- a/ansible/roles/bastion/tasks/main.yml
+++ b/ansible/roles/bastion/tasks/main.yml
@ -7,6 +7,7 @@
  ansible.builtin.package:
    name: wireguard
    state: present
    update_cache: true
 - name: Shutdown Wireguard (remove iptables rules)
  ansible.builtin.shell: wg-quick down wg0
  ignore_errors: true
Author	SHA1	Message	Date
Renovate Bot	8500d2b8b1	Update traefik Docker tag to v3.3	2025-01-07 05:01:34 +00:00
Justus Grunow	75e2382994	Gitea runner restart always Some checks failed Ansible Deploy / Homelab-Deploy (ansible/buildHomelab.yaml) (push) Failing after 13m43s Details	2024-12-17 06:40:48 -05:00
Justus Grunow	a7948364cd	Moved Wireguard server to wireguard container	2024-12-17 06:40:48 -05:00
Justus Grunow	9815713717	Added WG config for docker-int	2024-12-17 06:40:48 -05:00
Justus Grunow	c0ff6196b1	Cleaned up wireguard variables	2024-12-17 06:40:48 -05:00
Justus Grunow	df3eb83f27	Consolidated inventory vars	2024-12-17 06:40:48 -05:00
Justus Grunow	5dcf5798e7	Added Wireguard container IP to Pi-hole	2024-12-17 06:40:48 -05:00
justus	1892efe587	Merge pull request 'Update healthchecks/healthchecks Docker tag to v3.8' (#31 ) from renovate/healthchecks-healthchecks-3.x into main All checks were successful Ansible Deploy / Homelab-Deploy (ansible/buildHomelab.yaml) (push) Successful in 2m28s Details Reviewed-on: #31	2024-12-16 20:25:16 -05:00
Renovate Bot	0a6bbf4256	Update healthchecks/healthchecks Docker tag to v3.8	2024-12-16 22:00:31 +00:00