Add pgadmin to pod-database
This commit is contained in:
parent
4b38982e46
commit
d09b2ae893
@ -69,7 +69,11 @@ services:
|
||||
token: "{{ vault_services.www.repo.token }}"
|
||||
lrproxy: {}
|
||||
database:
|
||||
password: "{{ vault_services.database.password }}"
|
||||
pgadmin:
|
||||
email: "{{ vault_services.database.pgadmin.email }}"
|
||||
password: "{{ vault_services.database.pgadmin.password }}"
|
||||
postgres:
|
||||
password: "{{ vault_services.database.postgres.password }}"
|
||||
cloud:
|
||||
domain: "{{ vault_services.cloud.domain }}"
|
||||
database:
|
||||
|
@ -14,14 +14,22 @@ server {
|
||||
}
|
||||
|
||||
server {
|
||||
listen [::1]:443 ssl;
|
||||
listen 127.0.0.1:443 ssl;
|
||||
listen [::]:8443 ssl proxy_protocol;
|
||||
listen 8443 ssl proxy_protocol;
|
||||
server_name archive.music.thenineworlds.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/archive.music.thenineworlds.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/archive.music.thenineworlds.net/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/archive.music.thenineworlds.net/chain.pem;
|
||||
|
||||
set_real_ip_from {{ services_all_services.rproxy.inet_address }};
|
||||
set_real_ip_from {{ services_all_services.rproxy.inet6_address }};
|
||||
|
||||
set_real_ip_from {{ services_all_services.lrproxy.inet_address }};
|
||||
set_real_ip_from {{ services_all_services.lrproxy.inet6_address }};
|
||||
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
@ -14,14 +14,22 @@ server {
|
||||
}
|
||||
|
||||
server {
|
||||
listen [::1]:443 ssl;
|
||||
listen 127.0.0.1:443 ssl;
|
||||
listen [::]:8443 ssl proxy_protocol;
|
||||
listen 8443 ssl proxy_protocol;
|
||||
server_name cloud.wojciechkozlowski.eu;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/cloud.wojciechkozlowski.eu/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/cloud.wojciechkozlowski.eu/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/cloud.wojciechkozlowski.eu/chain.pem;
|
||||
|
||||
set_real_ip_from {{ services_all_services.rproxy.inet_address }};
|
||||
set_real_ip_from {{ services_all_services.rproxy.inet6_address }};
|
||||
|
||||
set_real_ip_from {{ services_all_services.lrproxy.inet_address }};
|
||||
set_real_ip_from {{ services_all_services.lrproxy.inet6_address }};
|
||||
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
# Values copied and adjusted from
|
||||
# https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html.
|
||||
client_max_body_size 0;
|
||||
@ -32,16 +40,16 @@ server {
|
||||
# https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html.
|
||||
location ^~ /.well-known {
|
||||
location = /.well-known/webfinger {
|
||||
return 301 /index.php$uri;
|
||||
return 301 $scheme://$host:443/index.php$uri;
|
||||
}
|
||||
location = /.well-known/nodeinfo {
|
||||
return 301 /index.php$uri;
|
||||
return 301 $scheme://$host:443/index.php$uri;
|
||||
}
|
||||
location = /.well-known/carddav {
|
||||
return 301 /remote.php/dav/;
|
||||
return 301 $scheme://$host:443/remote.php/dav;
|
||||
}
|
||||
location = /.well-known/caldav {
|
||||
return 301 /remote.php/dav/;
|
||||
return 301 $scheme://$host:443/remote.php/dav;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -0,0 +1,49 @@
|
||||
server {
|
||||
listen [::]:80;
|
||||
listen 80;
|
||||
server_name database.thenineworlds.net;
|
||||
|
||||
location ^~ /.well-known {
|
||||
allow all;
|
||||
root /var/www/html;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen [::]:8443 ssl proxy_protocol;
|
||||
listen 8443 ssl proxy_protocol;
|
||||
server_name database.thenineworlds.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/database.thenineworlds.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/database.thenineworlds.net/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/database.thenineworlds.net/chain.pem;
|
||||
|
||||
set_real_ip_from {{ services_all_services.rproxy.inet_address }};
|
||||
set_real_ip_from {{ services_all_services.rproxy.inet6_address }};
|
||||
|
||||
set_real_ip_from {{ services_all_services.lrproxy.inet_address }};
|
||||
set_real_ip_from {{ services_all_services.lrproxy.inet6_address }};
|
||||
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
allow {{ local_inet_network }};
|
||||
allow {{ local_inet6_network }};
|
||||
deny all;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://pod-database;
|
||||
}
|
||||
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
|
||||
}
|
@ -14,14 +14,22 @@ server {
|
||||
}
|
||||
|
||||
server {
|
||||
listen [::1]:443 ssl;
|
||||
listen 127.0.0.1:443 ssl;
|
||||
listen [::]:8443 ssl proxy_protocol;
|
||||
listen 8443 ssl proxy_protocol;
|
||||
server_name git.thenineworlds.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/git.thenineworlds.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/git.thenineworlds.net/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/git.thenineworlds.net/chain.pem;
|
||||
|
||||
set_real_ip_from {{ services_all_services.rproxy.inet_address }};
|
||||
set_real_ip_from {{ services_all_services.rproxy.inet6_address }};
|
||||
|
||||
set_real_ip_from {{ services_all_services.lrproxy.inet_address }};
|
||||
set_real_ip_from {{ services_all_services.lrproxy.inet6_address }};
|
||||
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
@ -14,14 +14,22 @@ server {
|
||||
}
|
||||
|
||||
server {
|
||||
listen [::1]:443 ssl;
|
||||
listen 127.0.0.1:443 ssl;
|
||||
listen [::]:8443 ssl proxy_protocol;
|
||||
listen 8443 ssl proxy_protocol;
|
||||
server_name music.thenineworlds.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/music.thenineworlds.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/music.thenineworlds.net/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/music.thenineworlds.net/chain.pem;
|
||||
|
||||
set_real_ip_from {{ services_all_services.rproxy.inet_address }};
|
||||
set_real_ip_from {{ services_all_services.rproxy.inet6_address }};
|
||||
|
||||
set_real_ip_from {{ services_all_services.lrproxy.inet_address }};
|
||||
set_real_ip_from {{ services_all_services.lrproxy.inet6_address }};
|
||||
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
@ -14,14 +14,22 @@ server {
|
||||
}
|
||||
|
||||
server {
|
||||
listen [::1]:443 ssl;
|
||||
listen 127.0.0.1:443 ssl;
|
||||
listen [::]:8443 ssl proxy_protocol;
|
||||
listen 8443 ssl proxy_protocol;
|
||||
server_name notes.thenineworlds.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/notes.thenineworlds.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/notes.thenineworlds.net/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/notes.thenineworlds.net/chain.pem;
|
||||
|
||||
set_real_ip_from {{ services_all_services.rproxy.inet_address }};
|
||||
set_real_ip_from {{ services_all_services.rproxy.inet6_address }};
|
||||
|
||||
set_real_ip_from {{ services_all_services.lrproxy.inet_address }};
|
||||
set_real_ip_from {{ services_all_services.lrproxy.inet6_address }};
|
||||
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
# Values copied from
|
||||
# https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html and adjusted to
|
||||
# 16G.
|
||||
|
@ -14,14 +14,22 @@ server {
|
||||
}
|
||||
|
||||
server {
|
||||
listen [::1]:443 ssl;
|
||||
listen 127.0.0.1:443 ssl;
|
||||
listen [::]:8443 ssl proxy_protocol;
|
||||
listen 8443 ssl proxy_protocol;
|
||||
server_name wojciechkozlowski.eu;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/wojciechkozlowski.eu/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/wojciechkozlowski.eu/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/wojciechkozlowski.eu/chain.pem;
|
||||
|
||||
set_real_ip_from {{ services_all_services.rproxy.inet_address }};
|
||||
set_real_ip_from {{ services_all_services.rproxy.inet6_address }};
|
||||
|
||||
set_real_ip_from {{ services_all_services.lrproxy.inet_address }};
|
||||
set_real_ip_from {{ services_all_services.lrproxy.inet6_address }};
|
||||
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
@ -14,14 +14,22 @@ server {
|
||||
}
|
||||
|
||||
server {
|
||||
listen [::1]:443 ssl;
|
||||
listen 127.0.0.1:443 ssl;
|
||||
listen [::]:8443 ssl proxy_protocol;
|
||||
listen 8443 ssl proxy_protocol;
|
||||
server_name www.wojciechkozlowski.eu;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/www.wojciechkozlowski.eu/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/www.wojciechkozlowski.eu/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/www.wojciechkozlowski.eu/chain.pem;
|
||||
|
||||
set_real_ip_from {{ services_all_services.rproxy.inet_address }};
|
||||
set_real_ip_from {{ services_all_services.rproxy.inet6_address }};
|
||||
|
||||
set_real_ip_from {{ services_all_services.lrproxy.inet_address }};
|
||||
set_real_ip_from {{ services_all_services.lrproxy.inet6_address }};
|
||||
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
@ -1,22 +0,0 @@
|
||||
stream {
|
||||
|
||||
map $ssl_preread_server_name $name {
|
||||
wojciechkozlowski.eu rproxy;
|
||||
www.wojciechkozlowski.eu rproxy;
|
||||
default lrproxy;
|
||||
}
|
||||
|
||||
upstream rproxy {
|
||||
server localhost:443;
|
||||
}
|
||||
|
||||
upstream lrproxy {
|
||||
server pod-lrproxy:443;
|
||||
}
|
||||
|
||||
server {
|
||||
listen pod-rproxy:443;
|
||||
proxy_pass $name;
|
||||
ssl_preread on;
|
||||
}
|
||||
}
|
@ -7,15 +7,16 @@ stream {
|
||||
}
|
||||
|
||||
upstream rproxy {
|
||||
server pod-rproxy:443;
|
||||
server pod-rproxy:8443;
|
||||
}
|
||||
|
||||
upstream lrproxy {
|
||||
server localhost:443;
|
||||
server pod-lrproxy:8443;
|
||||
}
|
||||
|
||||
server {
|
||||
listen pod-lrproxy:443;
|
||||
listen {{ services_service_user_name }}:443;
|
||||
proxy_protocol on;
|
||||
proxy_pass $name;
|
||||
ssl_preread on;
|
||||
}
|
@ -11,7 +11,14 @@
|
||||
src: "./postgres/database.password"
|
||||
dest: "{{ services_service_user_home }}/.config/service/database.password"
|
||||
mode: 0600
|
||||
register: services_deploy_database_password_file
|
||||
register: services_deploy_database_postgres_password_file
|
||||
|
||||
- name: "configure pgadmin password"
|
||||
ansible.builtin.template:
|
||||
src: "./pgadmin/pgadmin.password"
|
||||
dest: "{{ services_service_user_home }}/.config/service/pgadmin.password"
|
||||
mode: 0600
|
||||
register: services_deploy_database_pgadmin_password_file
|
||||
|
||||
- name: "configure systemd service"
|
||||
ansible.builtin.template:
|
||||
@ -21,6 +28,8 @@
|
||||
loop:
|
||||
- "pod-database.service"
|
||||
- "container-database-postgres.service"
|
||||
- "container-database-pgadmin-chown.service"
|
||||
- "container-database-pgadmin.service"
|
||||
register: services_deploy_database_systemd_files
|
||||
|
||||
- name: "systemd user daemon reload"
|
||||
@ -50,7 +59,8 @@
|
||||
state: "restarted"
|
||||
scope: "user"
|
||||
when:
|
||||
(services_deploy_database_password_file.changed or
|
||||
(services_deploy_database_postgres_password_file.changed or
|
||||
services_deploy_database_pgadmin_password_file.changed or
|
||||
services_deploy_database_systemd_files.changed) and
|
||||
services_deploy_database_service_active_state.stdout == "active"
|
||||
|
||||
|
@ -0,0 +1 @@
|
||||
{{ services[services_service_name].pgadmin.password }}
|
@ -1 +1 @@
|
||||
{{ services[services_service_name].password }}
|
||||
{{ services[services_service_name].postgres.password }}
|
||||
|
@ -0,0 +1,29 @@
|
||||
[Unit]
|
||||
Description=Podman container-database-pgadmin-chown.service
|
||||
Documentation=man:podman-generate-systemd(1)
|
||||
After=pod-database.service
|
||||
Before=container-database-pgadmin.service
|
||||
OnFailure=status-mail@%n.service
|
||||
|
||||
[Service]
|
||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||
TimeoutStopSec=70
|
||||
ExecStartPre=/bin/rm -f %t/container-database-pgadmin-chown.pid %t/container-database-pgadmin-chown.ctr-id
|
||||
ExecStart=/usr/bin/podman run \
|
||||
--conmon-pidfile %t/container-database-pgadmin-chown.pid \
|
||||
--cidfile %t/container-database-pgadmin-chown.ctr-id \
|
||||
--cgroups=no-conmon \
|
||||
--pod-id-file %t/pod-database.pod-id \
|
||||
--replace \
|
||||
-v {{ services_data_directory }}/pod-database/pgadmin/_data:/var/lib/pgadmin \
|
||||
-v ./.config/service/pgadmin.password:/run/secrets/pgadmin.password \
|
||||
--user=0 \
|
||||
--entrypoint="/bin/sh" \
|
||||
--name=pod-database-pgadmin-chown \
|
||||
docker.io/dpage/pgadmin4:{{ services_service_deploy_versions.pgadmin4 }} \
|
||||
-c "chown -R 5050:5050 /var/lib/pgadmin /run/secrets/pgadmin.password"
|
||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-database-pgadmin-chown.ctr-id
|
||||
Type=oneshot
|
||||
|
||||
[Install]
|
||||
WantedBy=container-database-pgadmin.service
|
@ -0,0 +1,38 @@
|
||||
[Unit]
|
||||
Description=Podman container-database-pgadmin.service
|
||||
Documentation=man:podman-generate-systemd(1)
|
||||
Wants=network.target
|
||||
After=network-online.target
|
||||
BindsTo=pod-database.service container-database-postgres.service
|
||||
Requires=container-database-pgadmin-chown.service
|
||||
After=pod-database.service container-database-postgres.service container-database-pgadmin-chown.service
|
||||
OnFailure=status-mail@%n.service
|
||||
|
||||
[Service]
|
||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||
Restart=on-failure
|
||||
TimeoutStopSec=70
|
||||
ExecStartPre=/bin/rm -f %t/container-database-pgadmin.pid %t/container-database-pgadmin.ctr-id
|
||||
ExecStart=/usr/bin/podman run \
|
||||
--conmon-pidfile %t/container-database-pgadmin.pid \
|
||||
--cidfile %t/container-database-pgadmin.ctr-id \
|
||||
--cgroups=no-conmon \
|
||||
--pod-id-file %t/pod-database.pod-id \
|
||||
--replace \
|
||||
--label "io.containers.autoupdate=image" \
|
||||
--log-driver=journald \
|
||||
-dt \
|
||||
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||
-v {{ services_data_directory }}/pod-database/pgadmin/_data:/var/lib/pgadmin \
|
||||
-v ./.config/service/pgadmin.password:/run/secrets/pgadmin.password:ro \
|
||||
-e PGADMIN_DEFAULT_EMAIL="{{ services[services_service_name].pgadmin.email }}" \
|
||||
-e PGADMIN_DEFAULT_PASSWORD_FILE=/run/secrets/pgadmin.password \
|
||||
--name=pod-database-pgadmin \
|
||||
docker.io/dpage/pgadmin4:{{ services_service_deploy_versions.pgadmin4 }}
|
||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-database-pgadmin.ctr-id -t 10
|
||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-database-pgadmin.ctr-id
|
||||
PIDFile=%t/container-database-pgadmin.pid
|
||||
Type=forking
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target default.target
|
@ -3,8 +3,8 @@ Description=Podman pod-database.service
|
||||
Documentation=man:podman-generate-systemd(1)
|
||||
Wants=network.target
|
||||
After=network-online.target
|
||||
Requires=container-database-postgres.service
|
||||
Before=container-database-postgres.service
|
||||
Requires=container-database-postgres.service container-database-pgadmin.service
|
||||
Before=container-database-postgres.service container-database-pgadmin.service
|
||||
OnFailure=status-mail@%n.service
|
||||
|
||||
[Service]
|
||||
|
@ -24,14 +24,14 @@
|
||||
register: services_deploy_rproxy_generic_config
|
||||
|
||||
- name: "{{ services_service_name }} : stream nginx reverse proxy configuration"
|
||||
ansible.builtin.copy:
|
||||
ansible.builtin.template:
|
||||
src: "{{ services_deploy_rproxy_nginx_stream_config }}"
|
||||
dest: "{{ services_service_user_home }}/.config/service/stream.conf"
|
||||
mode: 0644
|
||||
register: services_deploy_rproxy_stream_config
|
||||
|
||||
- name: "{{ services_service_name }} : subdomain nginx reverse proxy configuration"
|
||||
ansible.builtin.copy:
|
||||
ansible.builtin.template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ services_service_user_home }}/.config/service/nginx-conf.d/{{ item | basename }}"
|
||||
mode: 0644
|
||||
|
@ -63,7 +63,7 @@
|
||||
- "services:rproxy:deploy"
|
||||
vars:
|
||||
services_service_name: "rproxy"
|
||||
services_deploy_rproxy_nginx_stream_config: "files/services/deploy/rproxy/stream.conf"
|
||||
services_deploy_rproxy_nginx_stream_config: "files/services/deploy/stream.conf"
|
||||
services_deploy_rproxy_nginx_subdomain_config_files:
|
||||
- "files/services/deploy/rproxy/nginx-conf.d/http-default.conf"
|
||||
- "files/services/deploy/rproxy/nginx-conf.d/wojciechkozlowski.eu.conf"
|
||||
@ -83,10 +83,11 @@
|
||||
- "services:lrproxy:deploy"
|
||||
vars:
|
||||
services_service_name: "lrproxy"
|
||||
services_deploy_rproxy_nginx_stream_config: "files/services/deploy/lrproxy/stream.conf"
|
||||
services_deploy_rproxy_nginx_stream_config: "files/services/deploy/stream.conf"
|
||||
services_deploy_rproxy_nginx_subdomain_config_files:
|
||||
- "files/services/deploy/lrproxy/nginx-conf.d/archive.music.thenineworlds.net.conf"
|
||||
- "files/services/deploy/lrproxy/nginx-conf.d/cloud.wojciechkozlowski.eu.conf"
|
||||
- "files/services/deploy/lrproxy/nginx-conf.d/database.thenineworlds.net.conf"
|
||||
- "files/services/deploy/lrproxy/nginx-conf.d/git.thenineworlds.net.conf"
|
||||
- "files/services/deploy/lrproxy/nginx-conf.d/music.thenineworlds.net.conf"
|
||||
- "files/services/deploy/lrproxy/nginx-conf.d/notes.thenineworlds.net.conf"
|
||||
|
@ -8,6 +8,7 @@ services_deploy_versions:
|
||||
nginx: "stable"
|
||||
database:
|
||||
postgres: "15"
|
||||
pgadmin4: "7"
|
||||
cloud:
|
||||
nginx: "stable"
|
||||
nextcloud: "27-fpm"
|
||||
|
@ -6,6 +6,7 @@ services_volumes:
|
||||
lrproxy:
|
||||
etc-letsencrypt:
|
||||
database:
|
||||
pgadmin:
|
||||
wal:
|
||||
extra_zfs_properties:
|
||||
recordsize: "8192" # 8K
|
||||
|
Loading…
Reference in New Issue
Block a user