From e00b44896fec79b69a617a83b548436c77205c4e Mon Sep 17 00:00:00 2001
From: aleidk <ale.navarro.parra@gmail.com>
Date: Fri, 10 Jan 2025 10:26:03 -0300
Subject: [PATCH] feat: allow to connect to databases through traefik

---
 .justfile                             | 6 ++++--
 files/docker/index/docker-stack.yaml  | 8 ++++++++
 roles/docker/tasks/swarm_manager.yaml | 6 ++++++
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/.justfile b/.justfile
index b37ae07..93d7c2b 100644
--- a/.justfile
+++ b/.justfile
@@ -1,5 +1,5 @@
-export ANSIBLE_VAULT_PASSWORD_FILE := ".decrypt-pass.txt"
-export ANSIBLE_BECOME_PASSWORD_FILE := ".become-pass.txt"
+export ANSIBLE_VAULT_PASSWORD_FILE := justfile_directory() + "/.decrypt-pass.txt"
+export ANSIBLE_BECOME_PASSWORD_FILE := justfile_directory() + "/.become-pass.txt"
 
 # Debug output, disabled in CI
 export ANSIBLE_DISPLAY_ARGS_TO_STDOUT := if env('CI', '') == 'true' { 'false' } else { 'true' }
@@ -17,6 +17,7 @@ ansible +ARGS:
 list-host:
   uv run ansible-inventory --list
 
+[no-cd]
 encrypt +ARGS:
   uv run ansible-vault encrypt {{ ARGS }}
 
@@ -26,5 +27,6 @@ encrypt-var NAME +CONTENT='':
 decrypt-var FILE NAME:
   uv run ansible localhost -m ansible.builtin.debug -e "@{{ FILE }}" -a var="{{ NAME }}"
 
+[no-cd]
 decrypt +ARGS:
   uv run ansible-vault edit {{ ARGS }}
diff --git a/files/docker/index/docker-stack.yaml b/files/docker/index/docker-stack.yaml
index 5d8539f..b7bb787 100644
--- a/files/docker/index/docker-stack.yaml
+++ b/files/docker/index/docker-stack.yaml
@@ -41,6 +41,9 @@ services:
   db:
     image: postgres
     restart: unless-stopped
+    networks:
+      - default
+      - reverse_proxy
     secrets:
       - index_db_pass
     volumes:
@@ -61,3 +64,8 @@ services:
       placement:
         constraints:
           - node.labels.services_kind==${SERVICE_KIND:-common}
+      labels:
+        - traefik.enable=true
+        - traefik.tcp.routers.index_db.entrypoints=postgres
+        - traefik.tcp.routers.index_db.rule=HostSNI(`*`)
+        - traefik.tcp.services.index_db.loadbalancer.server.port=5432
diff --git a/roles/docker/tasks/swarm_manager.yaml b/roles/docker/tasks/swarm_manager.yaml
index 70f03c3..3bab21d 100644
--- a/roles/docker/tasks/swarm_manager.yaml
+++ b/roles/docker/tasks/swarm_manager.yaml
@@ -49,6 +49,10 @@
                 published: 443
                 protocol: tcp
                 mode: host
+              - target: 5432
+                published: 5432
+                protocol: tcp
+                mode: host
               - target: 8080
                 published: 8080
                 protocol: tcp
@@ -57,9 +61,11 @@
               - '--api.dashboard=true'
               - '--api.insecure=true'
               - '--entrypoints.http.address=:80'
+              - '--entrypoints.http.asDefault=true'
               - '--entryPoints.http.forwardedHeaders.trustedIPs=10.0.10.0/24'
               - '--entrypoints.http.http.encodequerysemicolons=true'
               - '--entryPoints.http.http2.maxConcurrentStreams=50'
+              - '--entrypoints.postgres.address=:5432'
               - '--providers.swarm=true'
               - '--providers.swarm.endpoint=tcp://{{ ansible_default_ipv4.address }}:2375'
               - '--providers.swarm.exposedByDefault=false'