diff --git a/.gitignore b/.gitignore index 9dd7ed4..72d385d 100644 --- a/.gitignore +++ b/.gitignore @@ -14,37 +14,3 @@ /.idea/ # Ansible /collections/ansible_collections/ -/.vagrant/bundler/global.sol -/.vagrant/machines/backend/libvirt/action_provision -/.vagrant/machines/backend/libvirt/box_meta -/.vagrant/machines/backend/libvirt/created_networks -/.vagrant/machines/backend/libvirt/creator_uid -/.vagrant/machines/backend/libvirt/id -/.vagrant/machines/backend/libvirt/index_uuid -/.vagrant/machines/backend/libvirt/private_key -/.vagrant/machines/backend/libvirt/synced_folders -/.vagrant/machines/backend/libvirt/vagrant_cwd -/.vagrant/machines/backend2/libvirt/action_provision -/.vagrant/machines/backend2/libvirt/box_meta -/.vagrant/machines/backend2/libvirt/created_networks -/.vagrant/machines/backend2/libvirt/creator_uid -/.vagrant/machines/backend2/libvirt/id -/.vagrant/machines/backend2/libvirt/index_uuid -/.vagrant/machines/backend2/libvirt/private_key -/.vagrant/machines/backend2/libvirt/synced_folders -/.vagrant/machines/backend2/libvirt/vagrant_cwd -/.vagrant/machines/dmz/libvirt/logs/ssh-forwarding-*_8080-192.168.121.139_80.log -/.vagrant/machines/dmz/libvirt/logs/ssh-forwarding-*_8443-192.168.121.139_443.log -/.vagrant/machines/dmz/libvirt/pids/ssh_8080.pid -/.vagrant/machines/dmz/libvirt/pids/ssh_8443.pid -/.vagrant/machines/dmz/libvirt/action_provision -/.vagrant/machines/dmz/libvirt/box_meta -/.vagrant/machines/dmz/libvirt/created_networks -/.vagrant/machines/dmz/libvirt/creator_uid -/.vagrant/machines/dmz/libvirt/id -/.vagrant/machines/dmz/libvirt/index_uuid -/.vagrant/machines/dmz/libvirt/private_key -/.vagrant/machines/dmz/libvirt/synced_folders -/.vagrant/machines/dmz/libvirt/vagrant_cwd -/.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory -/.vagrant/rgloader/loader.rb diff --git a/inventories/vagrant/group_vars/traefik_servers_backend.yml b/inventories/vagrant/group_vars/traefik_servers_backend.yml index c28eb89..70c5e8f 100644 --- a/inventories/vagrant/group_vars/traefik_servers_backend.yml +++ b/inventories/vagrant/group_vars/traefik_servers_backend.yml @@ -3,8 +3,8 @@ # These use Docker provider for local service discovery traefik_mode: backend -traefik_use_ssl: true -traefik_cert_mode: "selfsigned" -traefik_enable_dashboard: true -traefik_log_level: DEBUG +use_ssl: true +cert_mode: "selfsigned" +enable_dashboard: true +log_level: DEBUG traefik_network: proxy \ No newline at end of file diff --git a/inventories/vagrant/group_vars/traefik_servers_dmz.yml b/inventories/vagrant/group_vars/traefik_servers_dmz.yml index fdc8e48..b46126a 100644 --- a/inventories/vagrant/group_vars/traefik_servers_dmz.yml +++ b/inventories/vagrant/group_vars/traefik_servers_dmz.yml @@ -3,23 +3,23 @@ # These are public-facing proxies that route traffic to backend servers traefik_mode: dmz -traefik_use_ssl: true -traefik_cert_mode: "selfsigned" # Use 'acme' for production -traefik_enable_dashboard: true -traefik_dashboard_domain: "traefik.dmz.local.test" -traefik_log_level: DEBUG +use_ssl: true +cert_mode: "selfsigned" # Use 'acme' for production +enable_dashboard: true +dashboard_domain: "traefik.dmz.local.test" +log_level: DEBUG traefik_network: proxy # Backend servers to proxy (if empty, proxies to all backend_servers) # This allows multiple DMZ proxies to handle different backend servers -# traefik_backend_servers_to_proxy: +# backend_servers_to_proxy: # - backend1 # - backend2 -# ACME configuration (uncomment for production with traefik_cert_mode: acme) -# traefik_ssl_email: "admin@example.com" -# traefik_ssl_cert_resolver: "dns" -# traefik_acme_dns_zone: "digitalboard._acme.digitalboard.ch." -# traefik_acme_dns_nameserver: "192.168.1.1:53" -# traefik_acme_tsig_key: "your-tsig-key-name" -# traefik_acme_tsig_secret: "your-tsig-secret" \ No newline at end of file +# ACME configuration (uncomment for production with cert_mode: acme) +# ssl_email: "admin@example.com" +# ssl_cert_resolver: "dns" +# acme_dns_zone: "digitalboard._acme.digitalboard.ch." +# acme_dns_nameserver: "192.168.1.1:53" +# acme_tsig_key: "your-tsig-key-name" +# acme_tsig_secret: "your-tsig-secret" \ No newline at end of file diff --git a/inventories/vagrant/host_vars/backend/traefik.yml b/inventories/vagrant/host_vars/backend/traefik.yml index 3e1e5b7..8078a7a 100644 --- a/inventories/vagrant/host_vars/backend/traefik.yml +++ b/inventories/vagrant/host_vars/backend/traefik.yml @@ -1,5 +1,5 @@ # Services to be exposed through the DMZ reverse proxy -traefik_dmz_exposed_services: +traefik_services: - name: httpbin domain: httpbin.local.test port: 443 @@ -39,7 +39,7 @@ traefik_dmz_exposed_services: # port: 80 # protocol: http -traefik_use_ssl: false # disable SSL redirect for vagrant +use_ssl: false # disable SSL redirect for vagrant -traefik_use_ssl_dashboard: true # still use SSL for dashboard -traefik_dashboard_domain: "traefik.backend.local.test" \ No newline at end of file +use_ssl_dashboard: true # still use SSL for dashboard +dashboard_domain: "traefik.backend.local.test" \ No newline at end of file diff --git a/inventories/vagrant/host_vars/backend2/traefik.yml b/inventories/vagrant/host_vars/backend2/traefik.yml index 56ee12b..6837810 100644 --- a/inventories/vagrant/host_vars/backend2/traefik.yml +++ b/inventories/vagrant/host_vars/backend2/traefik.yml @@ -1,8 +1,8 @@ # Services to be exposed through the DMZ reverse proxy -traefik_dmz_exposed_services: +traefik_services: - name: httpbin-srv2 domain: "{{ httpbin_domain }}" port: 443 protocol: https -traefik_dashboard_domain: "traefik.backend2.local.test" \ No newline at end of file +dashboard_domain: "traefik.backend2.local.test" \ No newline at end of file diff --git a/inventories/vagrant/hosts.ini b/inventories/vagrant/hosts.ini new file mode 100644 index 0000000..6c85846 --- /dev/null +++ b/inventories/vagrant/hosts.ini @@ -0,0 +1,48 @@ +# This file defines the group structure for vagrant VMs +# Fixed IPs are defined in the Vagrantfile +# Additional host-specific variables should go in host_vars/ +# Group-specific variables should go in group_vars/ + +[all_servers] +dmz ansible_host=192.168.56.10 ansible_ssh_private_key_file=.vagrant/machines/dmz/libvirt/private_key ansible_user=vagrant +backend ansible_host=192.168.56.11 ansible_ssh_private_key_file=.vagrant/machines/backend/libvirt/private_key ansible_user=vagrant +backend2 ansible_host=192.168.56.12 ansible_ssh_private_key_file=.vagrant/machines/backend2/libvirt/private_key ansible_user=vagrant + +# Backend servers that host application services +[backend_servers] +backend +backend2 + +# Reverse proxy servers in DMZ (public-facing, file provider mode) +[traefik_servers_dmz] +dmz + +# Reverse proxy servers on backend (docker provider mode) +[traefik_servers_backend] +backend +backend2 + +# All reverse proxy servers +[traefik_servers:children] +traefik_servers_dmz +traefik_servers_backend + +# Application servers +[httpbin_servers] +backend +backend2 + +[keycloak_servers] +backend + +[authentik_servers] +backend + +[garage_servers] +backend + +[nextcloud_servers] +backend + +[homarr_servers] +backend \ No newline at end of file diff --git a/inventories/vagrant/hosts.yml b/inventories/vagrant/hosts.yml deleted file mode 100644 index 5f438b8..0000000 --- a/inventories/vagrant/hosts.yml +++ /dev/null @@ -1,66 +0,0 @@ ---- -all: - children: - all_servers: - hosts: - dmz: - ansible_host: 192.168.56.10 - ansible_ssh_private_key_file: .vagrant/machines/dmz/libvirt/private_key - ansible_user: vagrant - backend: - ansible_host: 192.168.56.11 - ansible_ssh_private_key_file: .vagrant/machines/backend/libvirt/private_key - ansible_user: vagrant - backend2: - ansible_host: 192.168.56.12 - ansible_ssh_private_key_file: .vagrant/machines/backend2/libvirt/private_key - ansible_user: vagrant - - # Backend servers that host application services - backend_servers: - hosts: - backend: - backend2: - - # Reverse proxy servers - traefik_servers: - children: - traefik_servers_dmz: - traefik_servers_backend: - - # DMZ reverse proxy (public-facing, file provider mode) - traefik_servers_dmz: - hosts: - dmz: - - # Backend reverse proxy (docker provider mode) - traefik_servers_backend: - hosts: - backend: - backend2: - - # Application servers - httpbin_servers: - hosts: - backend: - backend2: - - keycloak_servers: - hosts: - backend: - - authentik_servers: - hosts: - backend: - - garage_servers: - hosts: - backend: - - nextcloud_servers: - hosts: - backend: - - homarr_servers: - hosts: - backend: \ No newline at end of file