feat: allow to connect to databases through traefik

2025-01-10 10:26:03 -03:00 · 2025-01-10 10:26:03 -03:00 · e00b44896f
commit e00b44896f
parent 4259b1e3d2
3 changed files with 18 additions and 2 deletions
--- a/.justfile
+++ b/.justfile
@ -1,5 +1,5 @@
-export ANSIBLE_VAULT_PASSWORD_FILE := ".decrypt-pass.txt"
-export ANSIBLE_BECOME_PASSWORD_FILE := ".become-pass.txt"
+export ANSIBLE_VAULT_PASSWORD_FILE := justfile_directory() + "/.decrypt-pass.txt"
+export ANSIBLE_BECOME_PASSWORD_FILE := justfile_directory() + "/.become-pass.txt"

 # Debug output, disabled in CI
 export ANSIBLE_DISPLAY_ARGS_TO_STDOUT := if env('CI', '') == 'true' { 'false' } else { 'true' }
@ -17,6 +17,7 @@ ansible +ARGS:
 list-host:
  uv run ansible-inventory --list

+[no-cd]
 encrypt +ARGS:
  uv run ansible-vault encrypt {{ ARGS }}

@ -26,5 +27,6 @@ encrypt-var NAME +CONTENT='':
 decrypt-var FILE NAME:
  uv run ansible localhost -m ansible.builtin.debug -e "@{{ FILE }}" -a var="{{ NAME }}"

+[no-cd]
 decrypt +ARGS:
  uv run ansible-vault edit {{ ARGS }}
--- a/files/docker/index/docker-stack.yaml
+++ b/files/docker/index/docker-stack.yaml
@ -41,6 +41,9 @@ services:
  db:
    image: postgres
    restart: unless-stopped
+    networks:
+      - default
+      - reverse_proxy
    secrets:
      - index_db_pass
    volumes:
@ -61,3 +64,8 @@ services:
      placement:
        constraints:
          - node.labels.services_kind==${SERVICE_KIND:-common}
+      labels:
+        - traefik.enable=true
+        - traefik.tcp.routers.index_db.entrypoints=postgres
+        - traefik.tcp.routers.index_db.rule=HostSNI(`*`)
+        - traefik.tcp.services.index_db.loadbalancer.server.port=5432
--- a/roles/docker/tasks/swarm_manager.yaml
+++ b/roles/docker/tasks/swarm_manager.yaml
@ -49,6 +49,10 @@
                published: 443
                protocol: tcp
                mode: host
+              - target: 5432
+                published: 5432
+                protocol: tcp
+                mode: host
              - target: 8080
                published: 8080
                protocol: tcp
@ -57,9 +61,11 @@
              - '--api.dashboard=true'
              - '--api.insecure=true'
              - '--entrypoints.http.address=:80'
+              - '--entrypoints.http.asDefault=true'
              - '--entryPoints.http.forwardedHeaders.trustedIPs=10.0.10.0/24'
              - '--entrypoints.http.http.encodequerysemicolons=true'
              - '--entryPoints.http.http2.maxConcurrentStreams=50'
+              - '--entrypoints.postgres.address=:5432'
              - '--providers.swarm=true'
              - '--providers.swarm.endpoint=tcp://{{ ansible_default_ipv4.address }}:2375'
              - '--providers.swarm.exposedByDefault=false'