From 4f544a80bd3046cd5dc39ce20a3a4b316a4c853d Mon Sep 17 00:00:00 2001 From: Jannik Kramer Date: Wed, 20 Aug 2025 10:45:49 +0200 Subject: [PATCH 1/9] renames caddy folder, fixes readme command, lints docker compose files --- README.md | 2 +- .../{reverse-proxy => caddy}/Caddyfile | 0 .../{reverse-proxy => caddy}/compose.yaml | 13 +++++++------ docker_compose_applications/metabase/compose.yaml | 1 + 4 files changed, 9 insertions(+), 7 deletions(-) rename docker_compose_applications/{reverse-proxy => caddy}/Caddyfile (100%) rename docker_compose_applications/{reverse-proxy => caddy}/compose.yaml (62%) diff --git a/README.md b/README.md index 354bba5..20ff512 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ ``` 3. Add the VM to the desired groups and set the desired variables. Do all the work you need to do (like creating new Ansible roles etc.). -4. Run `ansible-playbook -i inventories/hetzner playbooks/deploy.yaml` +4. Run `ansible-playbook -i inventories/hetzner playbooks/docker-compose.yaml` ## Open Source Software Used diff --git a/docker_compose_applications/reverse-proxy/Caddyfile b/docker_compose_applications/caddy/Caddyfile similarity index 100% rename from docker_compose_applications/reverse-proxy/Caddyfile rename to docker_compose_applications/caddy/Caddyfile diff --git a/docker_compose_applications/reverse-proxy/compose.yaml b/docker_compose_applications/caddy/compose.yaml similarity index 62% rename from docker_compose_applications/reverse-proxy/compose.yaml rename to docker_compose_applications/caddy/compose.yaml index 8bbfcbc..c51e87f 100644 --- a/docker_compose_applications/reverse-proxy/compose.yaml +++ b/docker_compose_applications/caddy/compose.yaml @@ -3,18 +3,19 @@ # - https://caddyserver.com/docs/ services: + caddy: image: caddy container_name: caddy - restart: unless-stopped - ports: - - "80:80" - - "443:443" volumes: - - "./Caddyfile:/etc/caddy/Caddyfile:ro" - - "/ansible_docker_compose/project_data/reverse-proxy/caddy/data:/data" + - ./Caddyfile:/etc/caddy/Caddyfile:ro + - /ansible_docker_compose/project_data/reverse-proxy/caddy/data:/data + ports: + - '0.0.0.0:80:80' + - '0.0.0.0:443:443' networks: - caddy_net + restart: unless-stopped networks: caddy_net: diff --git a/docker_compose_applications/metabase/compose.yaml b/docker_compose_applications/metabase/compose.yaml index ee41df0..67a195b 100644 --- a/docker_compose_applications/metabase/compose.yaml +++ b/docker_compose_applications/metabase/compose.yaml @@ -2,6 +2,7 @@ # - https://www.metabase.com/docs/latest/operations-guide/running-metabase-on-docker.html services: + metabase: image: metabase/metabase:latest container_name: metabase From 6688abcd0abb50f4f4aae98b32aa5d4b58705e7d Mon Sep 17 00:00:00 2001 From: Jannik Kramer Date: Wed, 10 Sep 2025 12:43:04 +0200 Subject: [PATCH 2/9] adds pandoc to n8n, reverts caddy rename --- README.md | 2 +- docker_compose_applications/n8n/Dockerfile | 7 +++++++ docker_compose_applications/n8n/compose.yaml | 2 +- .../{caddy => reverse-proxy}/Caddyfile | 0 .../{caddy => reverse-proxy}/compose.yaml | 0 5 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 docker_compose_applications/n8n/Dockerfile rename docker_compose_applications/{caddy => reverse-proxy}/Caddyfile (100%) rename docker_compose_applications/{caddy => reverse-proxy}/compose.yaml (100%) diff --git a/README.md b/README.md index 20ff512..b4c89a0 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ ``` 3. Add the VM to the desired groups and set the desired variables. Do all the work you need to do (like creating new Ansible roles etc.). -4. Run `ansible-playbook -i inventories/hetzner playbooks/docker-compose.yaml` +4. Run `ansible-playbook -i inventories/hetzner playbooks/docker-compose.yml` ## Open Source Software Used diff --git a/docker_compose_applications/n8n/Dockerfile b/docker_compose_applications/n8n/Dockerfile new file mode 100644 index 0000000..ea8ad11 --- /dev/null +++ b/docker_compose_applications/n8n/Dockerfile @@ -0,0 +1,7 @@ +FROM docker.n8n.io/n8nio/n8n + +USER root + +RUN apk add pandoc + +USER node diff --git a/docker_compose_applications/n8n/compose.yaml b/docker_compose_applications/n8n/compose.yaml index e707608..209a1be 100644 --- a/docker_compose_applications/n8n/compose.yaml +++ b/docker_compose_applications/n8n/compose.yaml @@ -4,7 +4,7 @@ services: n8n: - image: docker.n8n.io/n8nio/n8n + build: . container_name: n8n restart: unless-stopped env_file: diff --git a/docker_compose_applications/caddy/Caddyfile b/docker_compose_applications/reverse-proxy/Caddyfile similarity index 100% rename from docker_compose_applications/caddy/Caddyfile rename to docker_compose_applications/reverse-proxy/Caddyfile diff --git a/docker_compose_applications/caddy/compose.yaml b/docker_compose_applications/reverse-proxy/compose.yaml similarity index 100% rename from docker_compose_applications/caddy/compose.yaml rename to docker_compose_applications/reverse-proxy/compose.yaml From 2f479efee3ca1267bdfd4ee726b42c17c7083d32 Mon Sep 17 00:00:00 2001 From: Jannik Kramer Date: Wed, 29 Oct 2025 19:48:30 +0100 Subject: [PATCH 3/9] cleans up support scripts --- caddy-update.sh | 2 ++ ..._hetzer_vm.yaml => 00-init_hetzer_vm.yaml} | 0 .../{everything.yaml => 01-everything.yaml} | 2 +- .../{maintenance.yaml => 02-maintenance.yaml} | 0 .../{docker-compose.yml => 04-compose-up.yml} | 0 playbooks/05-update-caddy.yml | 28 +++++++++++++++++++ .../authorized_keys/files/cit_authorized_keys | 1 - 7 files changed, 31 insertions(+), 2 deletions(-) create mode 100755 caddy-update.sh rename playbooks/{init_hetzer_vm.yaml => 00-init_hetzer_vm.yaml} (100%) rename playbooks/{everything.yaml => 01-everything.yaml} (81%) rename playbooks/{maintenance.yaml => 02-maintenance.yaml} (100%) rename playbooks/{docker-compose.yml => 04-compose-up.yml} (100%) create mode 100644 playbooks/05-update-caddy.yml diff --git a/caddy-update.sh b/caddy-update.sh new file mode 100755 index 0000000..424ad0e --- /dev/null +++ b/caddy-update.sh @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +ansible-playbook -i inventories/hetzner playbooks/05-update-caddy.yml diff --git a/playbooks/init_hetzer_vm.yaml b/playbooks/00-init_hetzer_vm.yaml similarity index 100% rename from playbooks/init_hetzer_vm.yaml rename to playbooks/00-init_hetzer_vm.yaml diff --git a/playbooks/everything.yaml b/playbooks/01-everything.yaml similarity index 81% rename from playbooks/everything.yaml rename to playbooks/01-everything.yaml index 99f4ef1..7f4cf54 100644 --- a/playbooks/everything.yaml +++ b/playbooks/01-everything.yaml @@ -1,5 +1,5 @@ - name: Run maintenance playbook - ansible.builtin.import_playbook: maintenance.yaml + ansible.builtin.import_playbook: 02-maintenance.yaml - name: Ensure Docker for Docker_Hosts hosts: Docker_Hosts diff --git a/playbooks/maintenance.yaml b/playbooks/02-maintenance.yaml similarity index 100% rename from playbooks/maintenance.yaml rename to playbooks/02-maintenance.yaml diff --git a/playbooks/docker-compose.yml b/playbooks/04-compose-up.yml similarity index 100% rename from playbooks/docker-compose.yml rename to playbooks/04-compose-up.yml diff --git a/playbooks/05-update-caddy.yml b/playbooks/05-update-caddy.yml new file mode 100644 index 0000000..380b61c --- /dev/null +++ b/playbooks/05-update-caddy.yml @@ -0,0 +1,28 @@ +- name: Update Caddyfile and reload Caddy + hosts: cit-docker-host + tasks: + - name: Deploy desired projects, adding new ones and updating existing ones + ansible.posix.synchronize: + src: "../docker_compose_applications/reverse-proxy/Caddyfile" + dest: "/ansible_docker_compose/projects/reverse-proxy/Caddyfile" + mode: push + archive: false + copy_links: false + delete: true + dirs: false + existing_only: false + recursive: true + owner: false + group: false + perms: true + links: true + times: false + verify_host: true + become: true + + - name: Restart Caddy container + community.docker.docker_container: + name: caddy + state: started + restart: yes + become: true diff --git a/playbooks/roles/authorized_keys/files/cit_authorized_keys b/playbooks/roles/authorized_keys/files/cit_authorized_keys index 7718f26..44e7720 100644 --- a/playbooks/roles/authorized_keys/files/cit_authorized_keys +++ b/playbooks/roles/authorized_keys/files/cit_authorized_keys @@ -1,2 +1 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJsmbhT8iopyZ83la/mFZf8eUDYAwCJtsWGaGybb1fNp - From 9f5b6eeecb7793b5f58fb8ff0186f1fab0928b23 Mon Sep 17 00:00:00 2001 From: Jannik Kramer Date: Wed, 29 Oct 2025 19:49:36 +0100 Subject: [PATCH 4/9] adds ollama host alias to n8n and makes builds more consistent --- docker_compose_applications/n8n/Dockerfile | 2 +- docker_compose_applications/n8n/compose.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docker_compose_applications/n8n/Dockerfile b/docker_compose_applications/n8n/Dockerfile index ea8ad11..beb6036 100644 --- a/docker_compose_applications/n8n/Dockerfile +++ b/docker_compose_applications/n8n/Dockerfile @@ -2,6 +2,6 @@ FROM docker.n8n.io/n8nio/n8n USER root -RUN apk add pandoc +RUN apk add --no-cache pandoc USER node diff --git a/docker_compose_applications/n8n/compose.yaml b/docker_compose_applications/n8n/compose.yaml index 209a1be..3579cf8 100644 --- a/docker_compose_applications/n8n/compose.yaml +++ b/docker_compose_applications/n8n/compose.yaml @@ -14,6 +14,8 @@ services: - /ansible_docker_compose/project_data/n8n/files:/files networks: - caddy_net + extra_hosts: + - "ollama:10.20.1.2" networks: caddy_net: From 66622fbffef148113ec46a585c7af59ce3883925 Mon Sep 17 00:00:00 2001 From: Jannik Kramer Date: Wed, 29 Oct 2025 19:49:59 +0100 Subject: [PATCH 5/9] adds registry and enricher routes --- .../oauth2-proxy/oauth2-proxy.cfg | 2 +- .../reverse-proxy/Caddyfile | 48 +++++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/docker_compose_applications/oauth2-proxy/oauth2-proxy.cfg b/docker_compose_applications/oauth2-proxy/oauth2-proxy.cfg index 3772d91..58c6c68 100644 --- a/docker_compose_applications/oauth2-proxy/oauth2-proxy.cfg +++ b/docker_compose_applications/oauth2-proxy/oauth2-proxy.cfg @@ -4,6 +4,6 @@ http_address = "0.0.0.0:4180" whitelist_domains = [".consider-it.de", ".consider-funding.de"] cookie_secure = true email_domains = [ "*" ] -scope = "openid" +scope = "openid profile email" skip_provider_button = true set_xauthrequest = true diff --git a/docker_compose_applications/reverse-proxy/Caddyfile b/docker_compose_applications/reverse-proxy/Caddyfile index 6b08a84..7d14cc0 100644 --- a/docker_compose_applications/reverse-proxy/Caddyfile +++ b/docker_compose_applications/reverse-proxy/Caddyfile @@ -41,6 +41,54 @@ pdf.consider-it.de { import oauth2_protect pdf.consider-it.de http://stirling-pdf:8080 } +registry.cortex.consider-funding.de { + handle /oauth2/* { + reverse_proxy oauth2-proxy:4180 + } + + handle { + forward_auth oauth2-proxy:4180 { + uri /oauth2/auth + copy_headers Authorization + copy_headers X-Auth-Request-Email + + @bad status 4xx + handle_response @bad { + redir https://registry.cortex.consider-funding.de/oauth2/start + } + } + + reverse_proxy https://ai-registry.neukiefer.de { + header_up Host ai-registry.neukiefer.de + header_up Authorization "Basic Y2l0OnBDMVpUNVFtZjc2WWVGYzA=" + } + } +} + +enricher.cortex.consider-funding.de { + handle /oauth2/* { + reverse_proxy oauth2-proxy:4180 + } + + handle { + forward_auth oauth2-proxy:4180 { + uri /oauth2/auth + copy_headers Authorization + copy_headers X-Auth-Request-Email + + @bad status 4xx + handle_response @bad { + redir https://enricher.cortex.consider-funding.de/oauth2/start + } + } + + reverse_proxy https://ai-enricher.neukiefer.de { + header_up Host ai-enricher.neukiefer.de + header_up Authorization "Basic Y2l0OnBDMVpUNVFtZjc2WWVGYzA=" + } + } +} + n8n.consider-funding.de { reverse_proxy n8n:5678 { flush_interval -1 From a1592e2142c99f36234bef8dac880ba289336677 Mon Sep 17 00:00:00 2001 From: Jannik Kramer Date: Sat, 29 Nov 2025 08:13:47 +0100 Subject: [PATCH 6/9] updates caddy, separates caddyfiles, introduces env file for secrets, improves deployment/update process --- .../reverse-proxy/Caddyfile | 101 +----------------- .../reverse-proxy/compose.yaml | 14 +-- .../reverse-proxy/sites/oauthed.caddy | 50 +++++++++ .../reverse-proxy/sites/redirect.caddy | 11 ++ .../reverse-proxy/sites/services.caddy | 24 +++++ playbooks/05-update-caddy.yml | 4 +- 6 files changed, 96 insertions(+), 108 deletions(-) create mode 100644 docker_compose_applications/reverse-proxy/sites/oauthed.caddy create mode 100644 docker_compose_applications/reverse-proxy/sites/redirect.caddy create mode 100644 docker_compose_applications/reverse-proxy/sites/services.caddy diff --git a/docker_compose_applications/reverse-proxy/Caddyfile b/docker_compose_applications/reverse-proxy/Caddyfile index 7d14cc0..64874b5 100644 --- a/docker_compose_applications/reverse-proxy/Caddyfile +++ b/docker_compose_applications/reverse-proxy/Caddyfile @@ -1,100 +1 @@ -(oauth2_protect) { - handle /oauth2/* { - reverse_proxy oauth2-proxy:4180 - } - - handle { - forward_auth oauth2-proxy:4180 { - uri /oauth2/auth - copy_headers Authorization - - @bad status 4xx - handle_response @bad { - redir https://{args[0]}/oauth2/start - } - } - - reverse_proxy {args[1]} - } -} - -pseudo.cortex.consider-funding.de { - import oauth2_protect pseudo.cortex.consider-funding.de http://10.20.0.2:5000 -} - -# transcript-prompter -p-3001.cortex.consider-funding.de { - reverse_proxy http://10.20.0.2:3001 -} - -#hubspot-writer -p-8002.cortex.consider-funding.de { - reverse_proxy http://10.20.0.2:8002 -} - -# pseudomizer -p-8003.cortex.consider-funding.de { - reverse_proxy http://10.20.0.2:8003 -} - -pdf.consider-it.de { - import oauth2_protect pdf.consider-it.de http://stirling-pdf:8080 -} - -registry.cortex.consider-funding.de { - handle /oauth2/* { - reverse_proxy oauth2-proxy:4180 - } - - handle { - forward_auth oauth2-proxy:4180 { - uri /oauth2/auth - copy_headers Authorization - copy_headers X-Auth-Request-Email - - @bad status 4xx - handle_response @bad { - redir https://registry.cortex.consider-funding.de/oauth2/start - } - } - - reverse_proxy https://ai-registry.neukiefer.de { - header_up Host ai-registry.neukiefer.de - header_up Authorization "Basic Y2l0OnBDMVpUNVFtZjc2WWVGYzA=" - } - } -} - -enricher.cortex.consider-funding.de { - handle /oauth2/* { - reverse_proxy oauth2-proxy:4180 - } - - handle { - forward_auth oauth2-proxy:4180 { - uri /oauth2/auth - copy_headers Authorization - copy_headers X-Auth-Request-Email - - @bad status 4xx - handle_response @bad { - redir https://enricher.cortex.consider-funding.de/oauth2/start - } - } - - reverse_proxy https://ai-enricher.neukiefer.de { - header_up Host ai-enricher.neukiefer.de - header_up Authorization "Basic Y2l0OnBDMVpUNVFtZjc2WWVGYzA=" - } - } -} - -n8n.consider-funding.de { - reverse_proxy n8n:5678 { - flush_interval -1 - } -} - -metabase.consider-it.de { - reverse_proxy metabase:3000 -} +import /etc/caddy/sites/*.caddy diff --git a/docker_compose_applications/reverse-proxy/compose.yaml b/docker_compose_applications/reverse-proxy/compose.yaml index c51e87f..48fa0b6 100644 --- a/docker_compose_applications/reverse-proxy/compose.yaml +++ b/docker_compose_applications/reverse-proxy/compose.yaml @@ -3,19 +3,21 @@ # - https://caddyserver.com/docs/ services: - caddy: - image: caddy container_name: caddy + image: caddy:2.10 + restart: unless-stopped + ports: + - 0.0.0.0:80:80 + - 0.0.0.0:443:443 volumes: - ./Caddyfile:/etc/caddy/Caddyfile:ro + - ./sites/:/etc/caddy/sites/:ro - /ansible_docker_compose/project_data/reverse-proxy/caddy/data:/data - ports: - - '0.0.0.0:80:80' - - '0.0.0.0:443:443' + env_file: + - .env networks: - caddy_net - restart: unless-stopped networks: caddy_net: diff --git a/docker_compose_applications/reverse-proxy/sites/oauthed.caddy b/docker_compose_applications/reverse-proxy/sites/oauthed.caddy new file mode 100644 index 0000000..ded353f --- /dev/null +++ b/docker_compose_applications/reverse-proxy/sites/oauthed.caddy @@ -0,0 +1,50 @@ +(oauth2) { + handle /oauth2/* { + reverse_proxy oauth2-proxy:4180 + } + + handle { + forward_auth oauth2-proxy:4180 { + uri /oauth2/auth + copy_headers Authorization + copy_headers X-Auth-Request-Email + + @bad status 4xx + handle_response @bad { + redir https://{args[0]}/oauth2/start + } + } + + {block} + } +} + +registry.cortex.consider-funding.de { + import oauth2 registry.cortex.consider-funding.de { + reverse_proxy https://ai-registry.neukiefer.de { + header_up Host ai-registry.neukiefer.de + header_up Authorization {env.REGISTRY_DOWNSTREAM_AUTH} + } + } +} + +pdf.consider-it.de { + import oauth2 pdf.consider-it.de { + reverse_proxy http://stirling-pdf:8080 + } +} + +pseudo.cortex.consider-funding.de { + import oauth2 pseudo.cortex.consider-funding.de { + reverse_proxy http://10.20.0.2:5000 + } +} + +enricher.cortex.consider-funding.de { + import oauth2 enricher.cortex.consider-funding.de { + reverse_proxy https://ai-enricher.neukiefer.de { + header_up Host ai-enricher.neukiefer.de + header_up Authorization {env.ENRICHER_DOWNSTREAM_AUTH} + } + } +} diff --git a/docker_compose_applications/reverse-proxy/sites/redirect.caddy b/docker_compose_applications/reverse-proxy/sites/redirect.caddy new file mode 100644 index 0000000..db6ff88 --- /dev/null +++ b/docker_compose_applications/reverse-proxy/sites/redirect.caddy @@ -0,0 +1,11 @@ +adlerpersonal.de, www.adlerpersonal.de { + redir https://consider-it.de permanent +} + +arbeiterkneipe.de, www.arbeiterkneipe.de { + redir https://consider-it.de permanent +} + +consider-us.com, www.consider-us.com { + redir https://consider-it.de permanent +} diff --git a/docker_compose_applications/reverse-proxy/sites/services.caddy b/docker_compose_applications/reverse-proxy/sites/services.caddy new file mode 100644 index 0000000..71cc6fe --- /dev/null +++ b/docker_compose_applications/reverse-proxy/sites/services.caddy @@ -0,0 +1,24 @@ +n8n.consider-funding.de { + reverse_proxy n8n:5678 { + flush_interval -1 + } +} + +metabase.consider-it.de { + reverse_proxy metabase:3000 +} + +# transcript-prompter +p-3001.cortex.consider-funding.de { + reverse_proxy http://10.20.0.2:3001 +} + +#hubspot-writer +p-8002.cortex.consider-funding.de { + reverse_proxy http://10.20.0.2:8002 +} + +# pseudomizer +p-8003.cortex.consider-funding.de { + reverse_proxy http://10.20.0.2:8003 +} diff --git a/playbooks/05-update-caddy.yml b/playbooks/05-update-caddy.yml index 380b61c..d70a517 100644 --- a/playbooks/05-update-caddy.yml +++ b/playbooks/05-update-caddy.yml @@ -3,8 +3,8 @@ tasks: - name: Deploy desired projects, adding new ones and updating existing ones ansible.posix.synchronize: - src: "../docker_compose_applications/reverse-proxy/Caddyfile" - dest: "/ansible_docker_compose/projects/reverse-proxy/Caddyfile" + src: "../docker_compose_applications/reverse-proxy/" + dest: "/ansible_docker_compose/projects/reverse-proxy/" mode: push archive: false copy_links: false From 00541bb715e9c9bc394bd3984e588c1489a34128 Mon Sep 17 00:00:00 2001 From: Jannik Kramer Date: Mon, 1 Dec 2025 11:07:36 +0100 Subject: [PATCH 7/9] shows hidden files when debugging --- playbooks/02-maintenance.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/02-maintenance.yaml b/playbooks/02-maintenance.yaml index 11baab2..8f2122c 100644 --- a/playbooks/02-maintenance.yaml +++ b/playbooks/02-maintenance.yaml @@ -17,7 +17,7 @@ - name: Add ll alias to /etc/bash.bashrc ansible.builtin.lineinfile: path: /etc/bash.bashrc - line: "alias ll='ls -l --color=auto'" + line: "alias ll='ls -la --color=auto'" state: present create: yes From c22c969a4c1288f26e80d1e656c7d8fe40e10b63 Mon Sep 17 00:00:00 2001 From: Jannik Kramer Date: Mon, 1 Dec 2025 11:11:49 +0100 Subject: [PATCH 8/9] changes caddy playbook update (restart) to rebuild (down and up) --- playbooks/05-rebuild-caddy.yml | 36 ++++++++++++++++++++++++++++++++++ playbooks/05-update-caddy.yml | 28 -------------------------- 2 files changed, 36 insertions(+), 28 deletions(-) create mode 100644 playbooks/05-rebuild-caddy.yml delete mode 100644 playbooks/05-update-caddy.yml diff --git a/playbooks/05-rebuild-caddy.yml b/playbooks/05-rebuild-caddy.yml new file mode 100644 index 0000000..50be154 --- /dev/null +++ b/playbooks/05-rebuild-caddy.yml @@ -0,0 +1,36 @@ +- name: Update Caddyfile and reload Caddy + hosts: cit-docker-host + tasks: + + - name: Run docker compose down for Caddy + ansible.builtin.command: + cmd: /usr/bin/docker compose --project-directory "/ansible_docker_compose/projects/reverse-proxy" --project-name "reverse-proxy" down + chdir: "/ansible_docker_compose/projects/reverse-proxy" + become: true + changed_when: true + + - name: Deploy caddy project files + ansible.posix.synchronize: + src: "../docker_compose_applications/reverse-proxy/" + dest: "/ansible_docker_compose/projects/reverse-proxy/" + mode: push + archive: false + copy_links: false + delete: true + dirs: false + existing_only: false + recursive: true + owner: false + group: false + perms: true + links: true + times: false + verify_host: true + become: true + + - name: Run docker compose up for all projects + ansible.builtin.command: + cmd: /usr/bin/docker compose --project-directory "/ansible_docker_compose/projects/reverse-proxy" --project-name "reverse-proxy" up --detach --pull always --build --force-recreate + chdir: "/ansible_docker_compose/projects/reverse-proxy" + become: true + changed_when: true diff --git a/playbooks/05-update-caddy.yml b/playbooks/05-update-caddy.yml deleted file mode 100644 index d70a517..0000000 --- a/playbooks/05-update-caddy.yml +++ /dev/null @@ -1,28 +0,0 @@ -- name: Update Caddyfile and reload Caddy - hosts: cit-docker-host - tasks: - - name: Deploy desired projects, adding new ones and updating existing ones - ansible.posix.synchronize: - src: "../docker_compose_applications/reverse-proxy/" - dest: "/ansible_docker_compose/projects/reverse-proxy/" - mode: push - archive: false - copy_links: false - delete: true - dirs: false - existing_only: false - recursive: true - owner: false - group: false - perms: true - links: true - times: false - verify_host: true - become: true - - - name: Restart Caddy container - community.docker.docker_container: - name: caddy - state: started - restart: yes - become: true From 3faab9cc903c284e7801bc3eb2a91bf582d24a23 Mon Sep 17 00:00:00 2001 From: Jannik Kramer Date: Mon, 1 Dec 2025 11:12:14 +0100 Subject: [PATCH 9/9] rotates ssh keys --- playbooks/roles/authorized_keys/files/cit_authorized_keys | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/authorized_keys/files/cit_authorized_keys b/playbooks/roles/authorized_keys/files/cit_authorized_keys index 44e7720..f26452b 100644 --- a/playbooks/roles/authorized_keys/files/cit_authorized_keys +++ b/playbooks/roles/authorized_keys/files/cit_authorized_keys @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJsmbhT8iopyZ83la/mFZf8eUDYAwCJtsWGaGybb1fNp +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIENIxpFwJPfMoCNof7UySoOVW0Zjgxtz7J1+haIV8rqG