diff --git a/.gitignore b/.gitignore index 72d385d..9dd7ed4 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,37 @@ /.idea/ # Ansible /collections/ansible_collections/ +/.vagrant/bundler/global.sol +/.vagrant/machines/backend/libvirt/action_provision +/.vagrant/machines/backend/libvirt/box_meta +/.vagrant/machines/backend/libvirt/created_networks +/.vagrant/machines/backend/libvirt/creator_uid +/.vagrant/machines/backend/libvirt/id +/.vagrant/machines/backend/libvirt/index_uuid +/.vagrant/machines/backend/libvirt/private_key +/.vagrant/machines/backend/libvirt/synced_folders +/.vagrant/machines/backend/libvirt/vagrant_cwd +/.vagrant/machines/backend2/libvirt/action_provision +/.vagrant/machines/backend2/libvirt/box_meta +/.vagrant/machines/backend2/libvirt/created_networks +/.vagrant/machines/backend2/libvirt/creator_uid +/.vagrant/machines/backend2/libvirt/id +/.vagrant/machines/backend2/libvirt/index_uuid +/.vagrant/machines/backend2/libvirt/private_key +/.vagrant/machines/backend2/libvirt/synced_folders +/.vagrant/machines/backend2/libvirt/vagrant_cwd +/.vagrant/machines/dmz/libvirt/logs/ssh-forwarding-*_8080-192.168.121.139_80.log +/.vagrant/machines/dmz/libvirt/logs/ssh-forwarding-*_8443-192.168.121.139_443.log +/.vagrant/machines/dmz/libvirt/pids/ssh_8080.pid +/.vagrant/machines/dmz/libvirt/pids/ssh_8443.pid +/.vagrant/machines/dmz/libvirt/action_provision +/.vagrant/machines/dmz/libvirt/box_meta +/.vagrant/machines/dmz/libvirt/created_networks +/.vagrant/machines/dmz/libvirt/creator_uid +/.vagrant/machines/dmz/libvirt/id +/.vagrant/machines/dmz/libvirt/index_uuid +/.vagrant/machines/dmz/libvirt/private_key +/.vagrant/machines/dmz/libvirt/synced_folders +/.vagrant/machines/dmz/libvirt/vagrant_cwd +/.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory +/.vagrant/rgloader/loader.rb diff --git a/inventories/vagrant/group_vars/traefik_servers_backend.yml b/inventories/vagrant/group_vars/traefik_servers_backend.yml index 70c5e8f..c28eb89 100644 --- a/inventories/vagrant/group_vars/traefik_servers_backend.yml +++ b/inventories/vagrant/group_vars/traefik_servers_backend.yml @@ -3,8 +3,8 @@ # These use Docker provider for local service discovery traefik_mode: backend -use_ssl: true -cert_mode: "selfsigned" -enable_dashboard: true -log_level: DEBUG +traefik_use_ssl: true +traefik_cert_mode: "selfsigned" +traefik_enable_dashboard: true +traefik_log_level: DEBUG traefik_network: proxy \ No newline at end of file diff --git a/inventories/vagrant/group_vars/traefik_servers_dmz.yml b/inventories/vagrant/group_vars/traefik_servers_dmz.yml index b46126a..fdc8e48 100644 --- a/inventories/vagrant/group_vars/traefik_servers_dmz.yml +++ b/inventories/vagrant/group_vars/traefik_servers_dmz.yml @@ -3,23 +3,23 @@ # These are public-facing proxies that route traffic to backend servers traefik_mode: dmz -use_ssl: true -cert_mode: "selfsigned" # Use 'acme' for production -enable_dashboard: true -dashboard_domain: "traefik.dmz.local.test" -log_level: DEBUG +traefik_use_ssl: true +traefik_cert_mode: "selfsigned" # Use 'acme' for production +traefik_enable_dashboard: true +traefik_dashboard_domain: "traefik.dmz.local.test" +traefik_log_level: DEBUG traefik_network: proxy # Backend servers to proxy (if empty, proxies to all backend_servers) # This allows multiple DMZ proxies to handle different backend servers -# backend_servers_to_proxy: +# traefik_backend_servers_to_proxy: # - backend1 # - backend2 -# ACME configuration (uncomment for production with cert_mode: acme) -# ssl_email: "admin@example.com" -# ssl_cert_resolver: "dns" -# acme_dns_zone: "digitalboard._acme.digitalboard.ch." -# acme_dns_nameserver: "192.168.1.1:53" -# acme_tsig_key: "your-tsig-key-name" -# acme_tsig_secret: "your-tsig-secret" \ No newline at end of file +# ACME configuration (uncomment for production with traefik_cert_mode: acme) +# traefik_ssl_email: "admin@example.com" +# traefik_ssl_cert_resolver: "dns" +# traefik_acme_dns_zone: "digitalboard._acme.digitalboard.ch." +# traefik_acme_dns_nameserver: "192.168.1.1:53" +# traefik_acme_tsig_key: "your-tsig-key-name" +# traefik_acme_tsig_secret: "your-tsig-secret" \ No newline at end of file diff --git a/inventories/vagrant/host_vars/backend/traefik.yml b/inventories/vagrant/host_vars/backend/traefik.yml index 8078a7a..3e1e5b7 100644 --- a/inventories/vagrant/host_vars/backend/traefik.yml +++ b/inventories/vagrant/host_vars/backend/traefik.yml @@ -1,5 +1,5 @@ # Services to be exposed through the DMZ reverse proxy -traefik_services: +traefik_dmz_exposed_services: - name: httpbin domain: httpbin.local.test port: 443 @@ -39,7 +39,7 @@ traefik_services: # port: 80 # protocol: http -use_ssl: false # disable SSL redirect for vagrant +traefik_use_ssl: false # disable SSL redirect for vagrant -use_ssl_dashboard: true # still use SSL for dashboard -dashboard_domain: "traefik.backend.local.test" \ No newline at end of file +traefik_use_ssl_dashboard: true # still use SSL for dashboard +traefik_dashboard_domain: "traefik.backend.local.test" \ No newline at end of file diff --git a/inventories/vagrant/host_vars/backend2/traefik.yml b/inventories/vagrant/host_vars/backend2/traefik.yml index 6837810..56ee12b 100644 --- a/inventories/vagrant/host_vars/backend2/traefik.yml +++ b/inventories/vagrant/host_vars/backend2/traefik.yml @@ -1,8 +1,8 @@ # Services to be exposed through the DMZ reverse proxy -traefik_services: +traefik_dmz_exposed_services: - name: httpbin-srv2 domain: "{{ httpbin_domain }}" port: 443 protocol: https -dashboard_domain: "traefik.backend2.local.test" \ No newline at end of file +traefik_dashboard_domain: "traefik.backend2.local.test" \ No newline at end of file diff --git a/inventories/vagrant/hosts.ini b/inventories/vagrant/hosts.ini deleted file mode 100644 index 6c85846..0000000 --- a/inventories/vagrant/hosts.ini +++ /dev/null @@ -1,48 +0,0 @@ -# This file defines the group structure for vagrant VMs -# Fixed IPs are defined in the Vagrantfile -# Additional host-specific variables should go in host_vars/ -# Group-specific variables should go in group_vars/ - -[all_servers] -dmz ansible_host=192.168.56.10 ansible_ssh_private_key_file=.vagrant/machines/dmz/libvirt/private_key ansible_user=vagrant -backend ansible_host=192.168.56.11 ansible_ssh_private_key_file=.vagrant/machines/backend/libvirt/private_key ansible_user=vagrant -backend2 ansible_host=192.168.56.12 ansible_ssh_private_key_file=.vagrant/machines/backend2/libvirt/private_key ansible_user=vagrant - -# Backend servers that host application services -[backend_servers] -backend -backend2 - -# Reverse proxy servers in DMZ (public-facing, file provider mode) -[traefik_servers_dmz] -dmz - -# Reverse proxy servers on backend (docker provider mode) -[traefik_servers_backend] -backend -backend2 - -# All reverse proxy servers -[traefik_servers:children] -traefik_servers_dmz -traefik_servers_backend - -# Application servers -[httpbin_servers] -backend -backend2 - -[keycloak_servers] -backend - -[authentik_servers] -backend - -[garage_servers] -backend - -[nextcloud_servers] -backend - -[homarr_servers] -backend \ No newline at end of file diff --git a/inventories/vagrant/hosts.yml b/inventories/vagrant/hosts.yml new file mode 100644 index 0000000..5f438b8 --- /dev/null +++ b/inventories/vagrant/hosts.yml @@ -0,0 +1,66 @@ +--- +all: + children: + all_servers: + hosts: + dmz: + ansible_host: 192.168.56.10 + ansible_ssh_private_key_file: .vagrant/machines/dmz/libvirt/private_key + ansible_user: vagrant + backend: + ansible_host: 192.168.56.11 + ansible_ssh_private_key_file: .vagrant/machines/backend/libvirt/private_key + ansible_user: vagrant + backend2: + ansible_host: 192.168.56.12 + ansible_ssh_private_key_file: .vagrant/machines/backend2/libvirt/private_key + ansible_user: vagrant + + # Backend servers that host application services + backend_servers: + hosts: + backend: + backend2: + + # Reverse proxy servers + traefik_servers: + children: + traefik_servers_dmz: + traefik_servers_backend: + + # DMZ reverse proxy (public-facing, file provider mode) + traefik_servers_dmz: + hosts: + dmz: + + # Backend reverse proxy (docker provider mode) + traefik_servers_backend: + hosts: + backend: + backend2: + + # Application servers + httpbin_servers: + hosts: + backend: + backend2: + + keycloak_servers: + hosts: + backend: + + authentik_servers: + hosts: + backend: + + garage_servers: + hosts: + backend: + + nextcloud_servers: + hosts: + backend: + + homarr_servers: + hosts: + backend: \ No newline at end of file