feat: allow to connect to databases through traefik
This commit is contained in:
parent
4259b1e3d2
commit
e00b44896f
3 changed files with 18 additions and 2 deletions
|
|
@ -1,5 +1,5 @@
|
||||||
export ANSIBLE_VAULT_PASSWORD_FILE := ".decrypt-pass.txt"
|
export ANSIBLE_VAULT_PASSWORD_FILE := justfile_directory() + "/.decrypt-pass.txt"
|
||||||
export ANSIBLE_BECOME_PASSWORD_FILE := ".become-pass.txt"
|
export ANSIBLE_BECOME_PASSWORD_FILE := justfile_directory() + "/.become-pass.txt"
|
||||||
|
|
||||||
# Debug output, disabled in CI
|
# Debug output, disabled in CI
|
||||||
export ANSIBLE_DISPLAY_ARGS_TO_STDOUT := if env('CI', '') == 'true' { 'false' } else { 'true' }
|
export ANSIBLE_DISPLAY_ARGS_TO_STDOUT := if env('CI', '') == 'true' { 'false' } else { 'true' }
|
||||||
|
|
@ -17,6 +17,7 @@ ansible +ARGS:
|
||||||
list-host:
|
list-host:
|
||||||
uv run ansible-inventory --list
|
uv run ansible-inventory --list
|
||||||
|
|
||||||
|
[no-cd]
|
||||||
encrypt +ARGS:
|
encrypt +ARGS:
|
||||||
uv run ansible-vault encrypt {{ ARGS }}
|
uv run ansible-vault encrypt {{ ARGS }}
|
||||||
|
|
||||||
|
|
@ -26,5 +27,6 @@ encrypt-var NAME +CONTENT='':
|
||||||
decrypt-var FILE NAME:
|
decrypt-var FILE NAME:
|
||||||
uv run ansible localhost -m ansible.builtin.debug -e "@{{ FILE }}" -a var="{{ NAME }}"
|
uv run ansible localhost -m ansible.builtin.debug -e "@{{ FILE }}" -a var="{{ NAME }}"
|
||||||
|
|
||||||
|
[no-cd]
|
||||||
decrypt +ARGS:
|
decrypt +ARGS:
|
||||||
uv run ansible-vault edit {{ ARGS }}
|
uv run ansible-vault edit {{ ARGS }}
|
||||||
|
|
|
||||||
|
|
@ -41,6 +41,9 @@ services:
|
||||||
db:
|
db:
|
||||||
image: postgres
|
image: postgres
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- reverse_proxy
|
||||||
secrets:
|
secrets:
|
||||||
- index_db_pass
|
- index_db_pass
|
||||||
volumes:
|
volumes:
|
||||||
|
|
@ -61,3 +64,8 @@ services:
|
||||||
placement:
|
placement:
|
||||||
constraints:
|
constraints:
|
||||||
- node.labels.services_kind==${SERVICE_KIND:-common}
|
- node.labels.services_kind==${SERVICE_KIND:-common}
|
||||||
|
labels:
|
||||||
|
- traefik.enable=true
|
||||||
|
- traefik.tcp.routers.index_db.entrypoints=postgres
|
||||||
|
- traefik.tcp.routers.index_db.rule=HostSNI(`*`)
|
||||||
|
- traefik.tcp.services.index_db.loadbalancer.server.port=5432
|
||||||
|
|
|
||||||
|
|
@ -49,6 +49,10 @@
|
||||||
published: 443
|
published: 443
|
||||||
protocol: tcp
|
protocol: tcp
|
||||||
mode: host
|
mode: host
|
||||||
|
- target: 5432
|
||||||
|
published: 5432
|
||||||
|
protocol: tcp
|
||||||
|
mode: host
|
||||||
- target: 8080
|
- target: 8080
|
||||||
published: 8080
|
published: 8080
|
||||||
protocol: tcp
|
protocol: tcp
|
||||||
|
|
@ -57,9 +61,11 @@
|
||||||
- '--api.dashboard=true'
|
- '--api.dashboard=true'
|
||||||
- '--api.insecure=true'
|
- '--api.insecure=true'
|
||||||
- '--entrypoints.http.address=:80'
|
- '--entrypoints.http.address=:80'
|
||||||
|
- '--entrypoints.http.asDefault=true'
|
||||||
- '--entryPoints.http.forwardedHeaders.trustedIPs=10.0.10.0/24'
|
- '--entryPoints.http.forwardedHeaders.trustedIPs=10.0.10.0/24'
|
||||||
- '--entrypoints.http.http.encodequerysemicolons=true'
|
- '--entrypoints.http.http.encodequerysemicolons=true'
|
||||||
- '--entryPoints.http.http2.maxConcurrentStreams=50'
|
- '--entryPoints.http.http2.maxConcurrentStreams=50'
|
||||||
|
- '--entrypoints.postgres.address=:5432'
|
||||||
- '--providers.swarm=true'
|
- '--providers.swarm=true'
|
||||||
- '--providers.swarm.endpoint=tcp://{{ ansible_default_ipv4.address }}:2375'
|
- '--providers.swarm.endpoint=tcp://{{ ansible_default_ipv4.address }}:2375'
|
||||||
- '--providers.swarm.exposedByDefault=false'
|
- '--providers.swarm.exposedByDefault=false'
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue