diff --git a/.cursorignore b/.cursorignore deleted file mode 100644 index 50081a8..0000000 --- a/.cursorignore +++ /dev/null @@ -1 +0,0 @@ -.vault-password \ No newline at end of file diff --git a/.gitignore b/.gitignore index ab1d853..5c199eb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,3 @@ # ---> Ansible *.retry -ansible.log -.vault-password diff --git a/Makefile b/Makefile deleted file mode 100644 index b5105e6..0000000 --- a/Makefile +++ /dev/null @@ -1,57 +0,0 @@ -# NetBox Ansible Deployment Makefile - -.PHONY: help install-collections deploy update backup check-syntax encrypt-vault decrypt-vault traefik-status traefik-logs traefik-access-logs traefik-restart traefik-update-ca - -help: ## Show this help message - @echo "NetBox Ansible Deployment" - @echo "========================" - @echo "" - @echo "Available commands:" - @awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf " %-20s %s\n", $$1, $$2}' $(MAKEFILE_LIST) - -install-collections: ## Install required Ansible collections - ansible-galaxy collection install -r requirements.yml - -deploy: ## Deploy NetBox (requires vault password) - ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --vault-password-file .vault-password - -update: ## Update NetBox - ansible-playbook -i inventory/hosts.yml playbooks/update-netbox.yml - -backup: ## Backup NetBox - ansible-playbook -i inventory/hosts.yml playbooks/backup-netbox.yml - -check-syntax: ## Check Ansible playbook syntax - ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --syntax-check - ansible-playbook -i inventory/hosts.yml playbooks/update-netbox.yml --syntax-check - ansible-playbook -i inventory/hosts.yml playbooks/backup-netbox.yml --syntax-check - -encrypt-vault: ## Encrypt vault file - ansible-vault encrypt inventory/group_vars/netbox_servers_vault - -decrypt-vault: ## Decrypt vault file - ansible-vault decrypt inventory/group_vars/netbox_servers_vault - -edit-vault: ## Edit encrypted vault file - ansible-vault edit inventory/group_vars/netbox_servers_vault - -dry-run: ## Run playbook in check mode (dry run) - ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --check --vault-password-file .vault-password - -test-connection: ## Test connection to hosts - ansible netbox -i inventory/hosts.yml -m ping - -traefik-status: ## Check Traefik container status - ansible netbox -i inventory/hosts.yml -m shell -a "docker compose ps" --args "chdir=/opt/traefik" - -traefik-logs: ## Show Traefik container logs - ansible netbox -i inventory/hosts.yml -m shell -a "docker compose logs traefik" --args "chdir=/opt/traefik" - -traefik-access-logs: ## Show Traefik access logs (JSON format) - ansible netbox -i inventory/hosts.yml -m shell -a "docker compose logs traefik | grep -E '^traefik.*access' | tail -50" - -traefik-restart: ## Restart Traefik container - ansible netbox -i inventory/hosts.yml -m shell -a "docker compose restart traefik" --args "chdir=/opt/traefik" - -traefik-update-ca: ## Update custom root CA certificate - ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --tags "custom-ca" --vault-password-file .vault-password diff --git a/README.md b/README.md index c57683e..297e4b9 100644 --- a/README.md +++ b/README.md @@ -1,353 +1,3 @@ -# NetBox Ansible Deployment +# netbox-ansible -This Ansible project deploys NetBox using Docker Compose on Ubuntu servers. It follows Ansible best practices with modular roles, idempotent operations, and comprehensive configuration management. - -## Features - -- **Modular Design**: Separate roles for system updates, Docker installation, Traefik reverse proxy, and NetBox deployment -- **Idempotent**: Safe to run multiple times without side effects -- **Ubuntu Only**: Specifically designed for Ubuntu distributions (Focal, Jammy, Noble) -- **Docker Compose**: Uses the official NetBox Docker repository -- **Traefik Integration**: Automatic reverse proxy with ACME TLS certificate management -- **HTTPS by Default**: Automatic HTTP to HTTPS redirection with Let's Encrypt certificates -- **Configuration Management**: Templated environment files with Ansible variables -- **Security**: Support for Ansible Vault for sensitive data -- **Backup Support**: Built-in backup playbook for data protection - -## Project Structure - -``` -netbox-ansible/ -├── ansible.cfg # Ansible configuration -├── inventory/ -│ └── hosts.yml # Inventory file -├── group_vars/ -│ ├── netbox.yml # Group variables -│ └── netbox/ -│ └── vault.yml # Encrypted sensitive variables -├── playbooks/ -│ ├── deploy-netbox.yml # Main deployment playbook -│ ├── update-netbox.yml # Update NetBox playbook -│ └── backup-netbox.yml # Backup NetBox playbook -├── roles/ -│ ├── system-update/ # System package updates -│ ├── docker-install/ # Docker and Docker Compose installation -│ ├── traefik/ # Traefik reverse proxy with ACME TLS -│ └── netbox-deploy/ # NetBox deployment and configuration -└── templates/ # Additional templates if needed -``` - -## Prerequisites - -- Ansible 2.9 or later -- Target servers running Ubuntu (Focal, Jammy, or Noble) -- SSH access to target servers with sudo privileges -- Python 3 on target servers - -## Quick Start - -1. **Configure Inventory** - ```bash - # Edit inventory/hosts.yml - vim inventory/hosts.yml - ``` - Add your server(s): - ```yaml - [netbox] - netbox-server ansible_host=192.168.1.100 ansible_user=ubuntu - ``` - -2. **Configure Variables** - ```bash - # Edit group variables - vim group_vars/netbox.yml - - # Edit vault variables (domains, ACME email, etc.) - vim group_vars/netbox/vault.yml - - # Encrypt sensitive variables - ansible-vault encrypt group_vars/netbox/vault.yml - ``` - -3. **Deploy NetBox with Traefik** - ```bash - # Run the deployment playbook (includes Traefik) - ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --ask-vault-pass - ``` - -4. **Access Your Services** - - NetBox: `https://your-domain.com` - - Traefik Dashboard: `https://traefik.your-domain.com:8080` - -## Configuration - -### Group Variables (`group_vars/netbox.yml`) - -Key configuration options: - -- `netbox_install_dir`: Directory for NetBox installation (default: `/opt/netbox-docker`) -- `netbox_data_dir`: Directory for persistent data (default: `/opt/netbox-data`) -- `netbox_backup_dir`: Directory for backups (default: `/opt/netbox-backups`) -- `netbox_domain`: Domain name for NetBox (configured in vault) -- `netbox_allowed_hosts`: Allowed hosts for NetBox -- `netbox_superuser_*`: Superuser configuration -- `netbox_db_*`: Database configuration -- `netbox_redis_*`: Redis configuration -- `traefik_*`: Traefik reverse proxy configuration - -### Vault Variables (`group_vars/netbox/vault.yml`) - -Sensitive data should be encrypted: - -```bash -# Encrypt vault file -ansible-vault encrypt group_vars/netbox/vault.yml - -# Edit encrypted vault file -ansible-vault edit group_vars/netbox/vault.yml -``` - -### Docker Compose Overrides - -NetBox is now configured to work with Traefik labels instead of port forwarding: - -```yaml -netbox_docker_compose_overrides: - services: - netbox: - labels: - - "traefik.enable=true" - - "traefik.http.routers.netbox.rule=Host(`{{ netbox_domain }}`)" - - "traefik.http.routers.netbox.entrypoints=websecure" - - "traefik.http.routers.netbox.tls.certresolver=letsencrypt" - - "traefik.http.services.netbox.loadbalancer.server.port=8080" - networks: - - "traefik" -``` - -## Playbooks - -### Main Deployment (`deploy-netbox.yml`) - -Deploys NetBox with Traefik reverse proxy: -- Updates system packages -- Installs Docker and Docker Compose -- Deploys Traefik reverse proxy with ACME TLS -- Clones NetBox Docker repository -- Configures environment files -- Starts NetBox services behind Traefik -- Creates superuser account - -### Update NetBox (`update-netbox.yml`) - -Updates existing NetBox installation: -- Updates repository -- Pulls latest Docker images -- Restarts services - -### Backup NetBox (`backup-netbox.yml`) - -Creates comprehensive backup: -- Database dump -- Media files -- Configuration files - -## Roles - -### system-update -- Updates apt package cache -- Upgrades all packages -- Installs required packages -- Optional reboot if needed - -### docker-install -- Adds Docker GPG key and repository -- Installs Docker CE and Docker Compose -- Configures Docker daemon -- Adds users to docker group - -### traefik -- Creates Traefik directories and configuration -- Sets up ACME certificate resolver for Let's Encrypt -- Configures Docker provider for automatic service discovery -- Deploys Traefik reverse proxy with HTTPS redirection -- Creates external network for service communication - -### netbox-deploy -- Creates necessary directories -- Clones NetBox Docker repository -- Generates configuration files -- Starts NetBox services with Traefik labels -- Creates superuser account - -## Usage Examples - -### Deploy NetBox with Traefik -```bash -ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --ask-vault-pass -``` - -### Update NetBox -```bash -ansible-playbook -i inventory/hosts.yml playbooks/update-netbox.yml -``` - -### Backup NetBox -```bash -ansible-playbook -i inventory/hosts.yml playbooks/backup-netbox.yml -``` - -### Run with Vault -```bash -ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --ask-vault-pass -``` - -### Run Specific Tags -```bash -ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --tags "traefik" -ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml --tags "netbox-deploy" -``` - -### Traefik Management -```bash -# Check Traefik status -make traefik-status - -# View Traefik logs -make traefik-logs - -# View access logs (JSON format for auditing) -make traefik-access-logs - -# Restart Traefik -make traefik-restart - -# Update custom root CA certificate -make traefik-update-ca -``` - -## Security Considerations - -1. **Encrypt Sensitive Data**: Use `ansible-vault` for passwords and secrets -2. **SSH Key Authentication**: Use SSH keys instead of passwords -3. **Firewall Rules**: Configure appropriate firewall rules (ports 80, 443) -4. **TLS Certificates**: ACME certificates are automatically managed by Traefik -5. **Custom Root CA**: Support for custom certificate authorities alongside system CAs -6. **Access Logging**: Comprehensive JSON-formatted access logs for auditing -7. **Regular Updates**: Keep NetBox and dependencies updated -8. **Backup Strategy**: Implement regular backup procedures - -## Troubleshooting - -### Common Issues - -1. **Permission Denied**: Ensure user has sudo privileges -2. **Docker Not Found**: Check Docker installation and user group membership -3. **Port Conflicts**: Verify ports 80 and 443 are available -4. **Database Connection**: Check database configuration and connectivity -5. **TLS Certificate Issues**: Check ACME configuration and domain DNS -6. **Traefik Not Starting**: Check Docker network and configuration - -### Logs and Debugging - -```bash -# Enable verbose output -ansible-playbook -i inventory/hosts.yml playbooks/deploy-netbox.yml -vvv - -# Check Docker Compose logs -ansible netbox -i inventory/hosts.yml -m shell -a "cd /opt/netbox-docker && docker compose logs" - -# Check Traefik logs -ansible netbox -i inventory/hosts.yml -m shell -a "cd /opt/traefik && docker compose logs traefik" -``` - -## Logging and Auditing - -### Access Logs -Traefik is configured with comprehensive access logging in JSON format for easy parsing and auditing: - -- **Format**: JSON structured logs -- **Fields**: Includes request details, response codes, timing, and headers -- **Security**: Authorization headers are automatically dropped from logs -- **Headers Tracked**: User-Agent, Content-Type, X-Forwarded-For, X-Real-IP, etc. - -### Log Management Commands -```bash -# View recent access logs -make traefik-access-logs - -# View all Traefik logs -make traefik-logs - -# Follow logs in real-time -ansible netbox -i inventory/hosts.yml -m shell -a "cd /opt/traefik && docker compose logs -f traefik" -``` - -### Log Analysis Examples -```bash -# Count requests by status code -ansible netbox -i inventory/hosts.yml -m shell -a "cd /opt/traefik && docker compose logs traefik | grep access | jq '.DownstreamStatus' | sort | uniq -c" - -# Find failed requests -ansible netbox -i inventory/hosts.yml -m shell -a "cd /opt/traefik && docker compose logs traefik | grep access | jq 'select(.DownstreamStatus >= 400)'" - -# Analyze by IP address -ansible netbox -i inventory/hosts.yml -m shell -a "cd /opt/traefik && docker compose logs traefik | grep access | jq '.ClientHost' | sort | uniq -c" -``` - -## Custom Root CA Configuration - -Traefik can be configured to trust custom root certificate authorities while maintaining trust for system root CAs. This is useful for internal PKI environments or corporate certificate authorities. - -### Configuration - -Set the custom CA URL in your vault file: - -```yaml -# Custom Root CA Configuration -vault_traefik_custom_ca_url: "https://your-ca-server.com/root-ca.pem" -``` - -### Features - -- **Dual Trust**: Trusts both custom CA and system root CAs -- **Automatic Download**: Downloads CA certificate from web server during deployment -- **Certificate Validation**: Verifies certificate format using OpenSSL -- **Secure Storage**: CA certificate stored with appropriate permissions -- **Easy Updates**: Update CA certificate without full redeployment - -### Management Commands - -```bash -# Update custom root CA certificate -make traefik-update-ca - -# Verify CA certificate manually -ansible netbox -i inventory/hosts.yml -m shell -a "openssl x509 -in /etc/traefik/custom-ca.pem -text -noout" -``` - -### Requirements - -- Custom CA certificate must be accessible via HTTP/HTTPS GET request -- Certificate must be in PEM format -- Web server must be accessible from the deployment server -- Certificate validation can be disabled if needed (`traefik_custom_ca_verify_ssl: false`) - -## Contributing - -1. Follow Ansible best practices -2. Ensure idempotency -3. Add appropriate tags -4. Update documentation -5. Test on multiple Ubuntu versions - -## License - -MIT License - see LICENSE file for details. - -## Support - -For issues and questions: -- Check NetBox documentation: https://docs.netbox.dev/ -- NetBox Community: https://github.com/netbox-community/netbox -- NetBox Docker: https://github.com/netbox-community/netbox-docker \ No newline at end of file +Ansible playbook for managing the netbox server \ No newline at end of file diff --git a/ansible.cfg b/ansible.cfg deleted file mode 100644 index e55d778..0000000 --- a/ansible.cfg +++ /dev/null @@ -1,29 +0,0 @@ -[defaults] -# Basic configuration -inventory = inventory/ -roles_path = roles/ -timeout = 30 -forks = 10 -gathering = smart -fact_caching = memory - -# Logging -log_path = ./ansible.log -bin_ansible_callbacks = True - -# SSH settings -ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -pipelining = True - -# Performance -host_key_checking = False -retry_files_enabled = False - -# Colors -force_color = 1 - -[privilege_escalation] -become = True -become_method = sudo -become_user = root -become_ask_pass = False diff --git a/inventory/group_vars/netbox_servers.yml b/inventory/group_vars/netbox_servers.yml deleted file mode 100644 index 94b1666..0000000 --- a/inventory/group_vars/netbox_servers.yml +++ /dev/null @@ -1,169 +0,0 @@ ---- -# Group variables for NetBox deployment -# These variables apply to all hosts in the netbox group - -# System Update Configuration -system_update_reboot_if_needed: false -system_update_autoremove: true - -# Docker Configuration -docker_users: - - "{{ ansible_user }}" -docker_daemon_config: - log-driver: "json-file" - log-opts: - max-size: "10m" - max-file: "3" - -# NetBox Configuration -netbox_install_dir: "/opt/netbox-docker" -netbox_backup_dir: "/opt/netbox-backups" -netbox_data_dir: "/opt/netbox-data" -netbox_repo_url: "https://github.com/netbox-community/netbox-docker.git" -netbox_repo_branch: "release" -netbox_repo_update: true - -# Database Configuration -netbox_db_host: "postgres" -netbox_db_name: "netbox" -netbox_db_user: "netbox" -netbox_db_password: "{{ vault_netbox_db_password }}" -netbox_db_port: "5432" - -# Redis Configuration -netbox_redis_host: "redis" -netbox_redis_port: "6379" -netbox_redis_password: "{{ vault_netbox_redis_password }}" - -# Redis Cache Configuration -netbox_redis_cache_host: "redis-cache" -netbox_redis_cache_port: "6379" -netbox_redis_cache_password: "{{ vault_netbox_redis_cache_password | default('') }}" - -# NetBox Settings -netbox_allowed_hosts: "*" -netbox_time_zone: "UTC" -netbox_language_code: "en" -netbox_debug: false -netbox_log_level: "INFO" -netbox_secret_key: "{{ vault_netbox_secret_key | default('') }}" - -# Superuser Configuration -netbox_superuser_name: "admin" -netbox_superuser_email: "admin@{{ ansible_domain | default('example.com') }}" -netbox_superuser_password: "{{ vault_netbox_superuser_password | default('admin') }}" - -netbox_additional_env: - DB_WAIT_DEBUG: 1 - CORS_ORIGIN_ALLOW_ALL: True - EMAIL_FROM: "netbox@jeansburger.net" - EMAIL_PASSWORD: "{{ vault_netbox_email_password | default('') }}" - EMAIL_PORT: 587 - EMAIL_SERVER: "smtp.postmarkapp.com" - EMAIL_TIMEOUT: 5 - EMAIL_USERNAME: "{{ vault_netbox_email_username | default('') }}" - # EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`! - EMAIL_USE_SSL: False - EMAIL_USE_TLS: True - GRAPHQL_ENABLED: True - MEDIA_ROOT: "/opt/netbox/netbox/media" - METRICS_ENABLED: True - RELEASE_CHECK_URL: "https://api.github.com/repos/netbox-community/netbox/releases" - SECRET_KEY: "{{ vault_netbox_secret_key | default('') }}" - SKIP_SUPERUSER: True - WEBHOOKS_ENABLED: True - -# Domain Configuration -netbox_domain: "{{ vault_netbox_domain | default('netbox.example.com') }}" -traefik_domain: "{{ vault_netbox_domain | default('traefik.example.com') }}" - -# Traefik Configuration -traefik_install_dir: "/opt/traefik" -traefik_data_dir: "/opt/traefik-data" -traefik_config_dir: "/opt/traefik-config" -traefik_image: "traefik:v3.0" -traefik_dashboard_enabled: true -traefik_dashboard_port: 8080 -traefik_api_insecure: false -traefik_api_dashboard: true - -# ACME Configuration -traefik_acme_enabled: true -traefik_acme_email: "{{ vault_traefik_acme_email | default('admin@example.com') }}" -traefik_acme_ca_server: "{{ vault_traefik_acme_ca_server }}" -traefik_acme_storage: "/data/acme.json" -traefik_acme_key_type: "RSA4096" - -# Traefik Entry Points -traefik_entrypoints: - web: - address: ":80" - http: - redirections: - - entrypoint: - to: "websecure" - scheme: "https" - permanent: true - websecure: - address: ":443" - http: - tls: - certResolver: "letsencrypt" - -# Traefik Providers -traefik_providers: - docker: - endpoint: "unix:///var/run/docker.sock" - exposedByDefault: false - network: "traefik" - -# Traefik Networks -traefik_networks: - - name: "traefik" - external: true - -# Traefik Logging -traefik_log_level: "INFO" -traefik_access_logs: false - -# Custom Root CA Configuration -traefik_custom_ca_enabled: true -traefik_custom_ca_url: "{{ vault_traefik_custom_ca_url }}" -traefik_custom_ca_path: "/etc/traefik/custom-ca.pem" -traefik_custom_ca_server_name: "jeansburger-ca.lan" -traefik_custom_ca_verify_ssl: false - -# Docker Compose Overrides -netbox_docker_compose_overrides: - services: - netbox: - labels: - - "traefik.enable=true" - - "traefik.http.routers.netbox.rule=Host(`{{ netbox_domain }}`)" - - "traefik.http.routers.netbox.tls.certresolver=letsencrypt" - - "traefik.http.services.netbox.loadbalancer.server.port=8080" - networks: - - "traefik" - - "netbox" - netbox-worker: - networks: - - "netbox" - postgres: - networks: - - "netbox" - volumes: - - "{{ netbox_data_dir }}/postgres:/var/lib/postgresql/data" - redis: - networks: - - "netbox" - volumes: - - "{{ netbox_data_dir }}/redis:/data" - redis-cache: - networks: - - "netbox" - volumes: - - "{{ netbox_data_dir }}/redis-cache:/data" - networks: - traefik: - external: true - netbox: {} diff --git a/inventory/group_vars/netbox_servers_vault b/inventory/group_vars/netbox_servers_vault deleted file mode 100644 index cc20620..0000000 --- a/inventory/group_vars/netbox_servers_vault +++ /dev/null @@ -1,67 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -37623935373466373531313732383935343638313038323037613064663465303362643636336438 -3962616234303265666235303266383539386462376431330a336336363966623533623730393962 -31313935633433636635356434393338626538333965386539373530363065393166656163343266 -6238396131613235610a356537393638613731333163376638656466636630383730663633363431 -35646665626564383136653863333762313637613934643437383335336566643830396131336431 -33626663636636636633326538343262393165623664313161643930656531323765313835343332 -63623837363763386165613438303762323432653064663066636163323962613632636531313430 -39303961373537303061666434303430323063393464363662653866373131666236646637326337 -65393836613831343765363266653737613161336133613939613234333664653066333864373536 -64633461303862363739393834306230336332363163303432663338663765363263633433613763 -31393963376164616566383566386562346265393963643530636561663063353738303934303363 -62663039333838323231313137386637663832373466333136323134626133653762373631623033 -66383964643439653262386438623933356532336235663866353137316639613266303839336566 -38373765316238303230353938643463366264306230303433363863616364383965343837346634 -32643135613032373163353632626439643266613633623662646161623237313364616331353861 -37396534396335346239363031373264323264326334636564333862353434396138313132643631 -65656136363031363534626638313830386666653235333131646265376366393235663264393065 -65386135353533313236333038376165346139306431643064373734343066333462616364613764 -39353439303362623938353338353666323063343533616262353563613064333835626331666233 -61656232613835313736373134373131306364663066366461376335373662386264363234373731 -32633166323030363237663761396638303837363138666365343533653638666461303138396435 -31666132353866376161323362343963366536646530346237633236323532383433343965666464 -31303666653665323161346239396133373234316665643436383362313436326139653264303637 -63656166306162336462656262386437353165636262303334363538366338653734346333393763 -66323435303262343336306630623864343731633762376135356563373266396563656430663764 -38303766363235346264656231643863333533313765393338333235353034653836393733333065 -36663864663838663334393232313036656534326363663066666335656432366538643562656263 -31393866353731616662313432393335636436396335356537376166326136666136323661326664 -36303562303339323264343365613535393037383038396131346161396539353936666133303562 -32373530616237306264626361613864633561343163303262313034616662663034393830626330 -30363462363264386234373763653438666232353235656139633463363265613231346639653461 -65353861353035663763313262663863633761333462356463613737633430373736366136393666 -36353139376431376566383761613538383133323563653336653835393037343562373738333361 -35613862383062336263626261646638633033393763336238333864656663613638353362353030 -66636465383032393434636665613664323331326131653234653766616563323833623739393631 -62363732613764313036366531363130313438396261376232333738376235346136346162333037 -34613966636261353237616664663666383364623262396363333365306661663933366431636430 -62316363313662326338653163306431383132333739303365393938616436396166386639313339 -36333962393063633630386162613232626431303064346662313865363032326465303163646238 -61333638613839333239653537373564363966633836376335613637643961323530626366393263 -34336633316438326432333537396636663063626339383630613965643238376362326432336366 -34313934323361386262336162363261613363353866393464316164636464393330613237643936 -65336431343037376163326433373566363663346635386162366137313165373431643863366134 -34343735393532656161626466343061623439663064343661396230393764663764363139383532 -32346662616235626365323663313430343130356563313335323635653863373565633235386130 -39353735646661393164393133303666316263643933393336613563623637386139633765386238 -65663439623036383436356361313062343632306232633363376235393634623438616462393733 -36313130386135346631656638663037373238643330333364633061316261393031353130316234 -30633737356564333231353237366637623930653333616536383331363762393461343533353765 -64356237376432643064626662393836346138633465363561333035623331373931353833663764 -38336266386236643531633135313833666336396231316231653666356339623262353234333537 -64393863396165616261616132613561386664646262333965636663396564313235623032663839 -62656630313031326232613962336636636433326639643534646664313062393135323164643631 -37353464666232653333636236343264386264303136613636393664323139306631393666663636 -32656261636635623261356365616163303665613462323131346466306661303233643566396631 -61636363323536383464616363666537343438363632333638623130613233376538346332303033 -31646164353735656162613863633630343537666232373036323337646564653338643762643464 -30633336653030613333613761646538303466636662386362373235623166643464393130623466 -64373234353765313339333261363366633766623861336663633131643161353238636663643235 -34333638363131626534653932363965353737653434326265353864383233316335393264633861 -33373365643239663161343361356430303437656264663735636164373862323135656530373463 -37656461653736633437353864366530373037633861646132376263613035616561366366643435 -64643036303563323466643937373232303736373966636239383766323439663264393631383562 -35656234343131353132366262623962313066313464656631383465613630666136356266333636 -38663065656336373561373563313161643362386339363730666434663930633861666266346162 -3631303764363237623466326266366131323065326163393962 diff --git a/inventory/hosts.yml b/inventory/hosts.yml deleted file mode 100644 index 005c06e..0000000 --- a/inventory/hosts.yml +++ /dev/null @@ -1,14 +0,0 @@ -# NetBox Deployment Inventory -# Example inventory file for NetBox deployment - -netbox_servers: - hosts: - netbox: - ansible_host: netbox.lan - ansible_user: scrappy - - - - -# Uncomment and modify the following line to add your server: -# netbox-server ansible_host=YOUR_SERVER_IP ansible_user=YOUR_USERNAME \ No newline at end of file diff --git a/playbooks/backup-netbox.yml b/playbooks/backup-netbox.yml deleted file mode 100644 index b2aff85..0000000 --- a/playbooks/backup-netbox.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -- name: Backup NetBox Data - hosts: netbox - become: yes - gather_facts: no - - tasks: - - name: Create backup directory with timestamp - file: - path: "{{ netbox_backup_dir }}/{{ ansible_date_time.iso8601_basic_short }}" - state: directory - mode: '0755' - register: backup_dir - tags: - - backup - - - name: Backup PostgreSQL database - community.docker.docker_compose_v2: - project_src: "{{ netbox_install_dir }}" - command: "db pg_dump -U {{ netbox_db_user }} {{ netbox_db_name }}" - register: db_backup - tags: - - backup - - - name: Save database backup to file - copy: - content: "{{ db_backup.stdout }}" - dest: "{{ backup_dir.path }}/netbox_db_backup.sql" - mode: '0644' - tags: - - backup - - - name: Backup Redis data - archive: - path: "{{ netbox_data_dir }}/redis" - dest: "{{ backup_dir.path }}/redis-data.tar.gz" - format: gz - ignore_errors: yes - tags: - - backup - - - name: Backup Redis Cache data - archive: - path: "{{ netbox_data_dir }}/redis-cache" - dest: "{{ backup_dir.path }}/redis-cache-data.tar.gz" - format: gz - ignore_errors: yes - tags: - - backup - - - name: Backup Docker Compose configuration - copy: - src: "{{ netbox_install_dir }}/" - dest: "{{ backup_dir.path }}/docker-compose-config/" - mode: '0644' - tags: - - backup - - - name: Display backup information - debug: - msg: - - "Backup completed successfully!" - - "Backup location: {{ backup_dir.path }}" - - "Database backup: {{ backup_dir.path }}/netbox_db_backup.sql" - - "Redis data backup: {{ backup_dir.path }}/redis-data.tar.gz" - - "Redis Cache data backup: {{ backup_dir.path }}/redis-cache-data.tar.gz" - - "Config backup: {{ backup_dir.path }}/docker-compose-config/" - tags: - - backup diff --git a/playbooks/deploy-netbox.yml b/playbooks/deploy-netbox.yml deleted file mode 100644 index b43bf44..0000000 --- a/playbooks/deploy-netbox.yml +++ /dev/null @@ -1,78 +0,0 @@ ---- -- name: Deploy NetBox with Docker Compose - hosts: netbox - become: yes - gather_facts: yes - - pre_tasks: - - name: Include vault variables - include_vars: ../inventory/group_vars/netbox_servers_vault - - - name: Verify Ubuntu distribution - fail: - msg: "This playbook only supports Ubuntu distributions" - when: ansible_distribution != "Ubuntu" - tags: always - - - name: Display deployment information - debug: - msg: - - "Deploying NetBox to {{ inventory_hostname }}" - - "OS: {{ ansible_distribution }} {{ ansible_distribution_version }}" - - "Architecture: {{ ansible_architecture }}" - - "Installation directory: {{ netbox_install_dir }}" - tags: always - - roles: - - role: system-update - tags: - - system-update - - updates - - packages - - - role: docker-install - tags: - - docker-install - - docker - - containers - - - role: traefik - tags: - - traefik-deploy - - traefik - - reverse-proxy - - - role: netbox-deploy - tags: - - netbox-deploy - - netbox - - application - - post_tasks: - - name: Display NetBox access information - debug: - msg: - - "NetBox deployment completed successfully!" - - "Access NetBox at: https://{{ netbox_domain }}" - - "Traefik Dashboard at: https://{{ traefik_domain }}:{{ traefik_dashboard_port }}" - - "Default admin credentials:" - - " Username: {{ netbox_superuser_name }}" - - " Email: {{ netbox_superuser_email }}" - - " Password: {{ netbox_superuser_password }}" - - "Installation directory: {{ netbox_install_dir }}" - - "Data directory: {{ netbox_data_dir }}" - - "Traefik installation directory: {{ traefik_install_dir }}" - tags: always - - - name: Show Docker Compose status - command: docker compose ps - args: - chdir: "{{ netbox_install_dir }}" - register: docker_compose_status - changed_when: false - tags: always - - - name: Display Docker Compose status - debug: - var: docker_compose_status.stdout_lines - tags: always diff --git a/playbooks/update-netbox.yml b/playbooks/update-netbox.yml deleted file mode 100644 index c49c714..0000000 --- a/playbooks/update-netbox.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -- name: Update NetBox Docker Repository - hosts: netbox - become: yes - gather_facts: no - - tasks: - - name: Update NetBox Docker repository - git: - repo: "{{ netbox_repo_url }}" - dest: "{{ netbox_install_dir }}" - version: "{{ netbox_repo_branch }}" - update: yes - force: yes - tags: - - update-repo - - - name: Pull latest Docker images - community.docker.docker_compose_v2: - project_src: "{{ netbox_install_dir }}" - pull: yes - tags: - - pull-images - - - name: Restart NetBox services - community.docker.docker_compose_v2: - project_src: "{{ netbox_install_dir }}" - state: present - recreate: yes - tags: - - restart-services - - - name: Wait for NetBox to be ready - uri: - url: "https://{{ netbox_domain }}/" - method: GET - status_code: 200 - validate_certs: false - register: netbox_ready - until: netbox_ready.status == 200 - retries: 30 - delay: 10 - tags: - - health-check diff --git a/requirements.yml b/requirements.yml deleted file mode 100644 index 4a7d763..0000000 --- a/requirements.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# Ansible Collections Requirements -collections: - - name: community.docker - version: ">=3.0.0" - - name: ansible.posix - version: ">=1.0.0" diff --git a/roles/docker-install/defaults/main.yml b/roles/docker-install/defaults/main.yml deleted file mode 100644 index 0b79e98..0000000 --- a/roles/docker-install/defaults/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# Default variables for docker-install role -docker_compose_version: "2.24.0" -docker_compose_install_path: "/usr/local/bin/docker-compose" -docker_users: [] -docker_daemon_config: {} -docker_install_compose: true diff --git a/roles/docker-install/handlers/main.yml b/roles/docker-install/handlers/main.yml deleted file mode 100644 index 27f9043..0000000 --- a/roles/docker-install/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: restart docker - systemd: - name: docker - state: restarted diff --git a/roles/docker-install/meta/main.yml b/roles/docker-install/meta/main.yml deleted file mode 100644 index d2a9f8f..0000000 --- a/roles/docker-install/meta/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -galaxy_info: - author: NetBox Ansible Deployment - description: Installs Docker and Docker Compose on Ubuntu - company: Internal - license: MIT - min_ansible_version: 2.9 - platforms: - - name: Ubuntu - versions: - - focal - - jammy - - noble - galaxy_tags: - - docker - - ubuntu - - containers - -dependencies: [] diff --git a/roles/docker-install/tasks/main.yml b/roles/docker-install/tasks/main.yml deleted file mode 100644 index 36d9e4b..0000000 --- a/roles/docker-install/tasks/main.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -- name: Add Docker GPG key - apt_key: - url: https://download.docker.com/linux/ubuntu/gpg - state: present - tags: - - docker-install - - gpg-key - -- name: Add Docker repository - apt_repository: - repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" - state: present - update_cache: yes - tags: - - docker-install - - repository - -- name: Install Docker packages - apt: - name: - - docker-ce - - docker-ce-cli - - containerd.io - - docker-buildx-plugin - - docker-compose-plugin - state: present - tags: - - docker-install - - packages - -- name: Start and enable Docker service - systemd: - name: docker - state: started - enabled: yes - tags: - - docker-install - - service - -- name: Add users to docker group - user: - name: "{{ item }}" - groups: docker - append: yes - loop: "{{ docker_users }}" - tags: - - docker-install - - users - -- name: Install Docker Compose standalone (if enabled) - get_url: - url: "https://github.com/docker/compose/releases/download/v{{ docker_compose_version }}/docker-compose-linux-x86_64" - dest: "{{ docker_compose_install_path }}" - mode: '0755' - when: docker_install_compose - tags: - - docker-install - - compose - -- name: Configure Docker daemon (if config provided) - copy: - content: "{{ docker_daemon_config | to_nice_json }}" - dest: /etc/docker/daemon.json - mode: '0644' - when: docker_daemon_config is defined and docker_daemon_config | length > 0 - notify: restart docker - tags: - - docker-install - - daemon-config diff --git a/roles/docker-install/vars/main.yml b/roles/docker-install/vars/main.yml deleted file mode 100644 index c215aed..0000000 --- a/roles/docker-install/vars/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# Variables for docker-install role -docker_compose_version: "2.24.0" -docker_compose_install_path: "/usr/local/bin/docker-compose" -docker_users: [] -docker_daemon_config: {} -docker_install_compose: true diff --git a/roles/netbox-deploy/defaults/main.yml b/roles/netbox-deploy/defaults/main.yml deleted file mode 100644 index f7ef189..0000000 --- a/roles/netbox-deploy/defaults/main.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# Default variables for netbox-deploy role -netbox_install_dir: "/opt/netbox-docker" -netbox_repo_url: "https://github.com/netbox-community/netbox-docker.git" -netbox_repo_branch: "release" -netbox_repo_update: true -netbox_backup_dir: "/opt/netbox-backups" -netbox_data_dir: "/opt/netbox-data" - -# NetBox configuration -netbox_superuser_name: "admin" -netbox_superuser_email: "admin@example.com" -netbox_superuser_password: "admin" -netbox_secret_key: "" - -# Database configuration -netbox_db_host: "db" -netbox_db_name: "netbox" -netbox_db_user: "netbox" -netbox_db_password: "netbox" -netbox_db_port: "5432" - -# Redis configuration -netbox_redis_host: "redis" -netbox_redis_port: "6379" -netbox_redis_password: "" - -# Redis Cache configuration -netbox_redis_cache_host: "redis-cache" -netbox_redis_cache_port: "6379" -netbox_redis_cache_password: "" - -# NetBox settings -netbox_allowed_hosts: "localhost,127.0.0.1" -netbox_time_zone: "UTC" -netbox_language_code: "en" -netbox_debug: false -netbox_log_level: "INFO" - -# Docker Compose overrides -netbox_docker_compose_overrides: - services: - netbox: - ports: - - "8000:8080" diff --git a/roles/netbox-deploy/meta/main.yml b/roles/netbox-deploy/meta/main.yml deleted file mode 100644 index d6e9860..0000000 --- a/roles/netbox-deploy/meta/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -galaxy_info: - author: NetBox Ansible Deployment - description: Deploys NetBox using Docker Compose - company: Internal - license: MIT - min_ansible_version: 2.9 - platforms: - - name: Ubuntu - versions: - - focal - - jammy - - noble - galaxy_tags: - - netbox - - docker - - deployment - -dependencies: [] diff --git a/roles/netbox-deploy/tasks/main.yml b/roles/netbox-deploy/tasks/main.yml deleted file mode 100644 index ec36520..0000000 --- a/roles/netbox-deploy/tasks/main.yml +++ /dev/null @@ -1,127 +0,0 @@ ---- -- name: Create NetBox installation directory - file: - path: "{{ netbox_install_dir }}" - state: directory - owner: root - group: root - mode: '0755' - tags: - - netbox-deploy - - directories - -- name: Create NetBox data directory - file: - path: "{{ netbox_data_dir }}" - state: directory - owner: root - group: root - mode: '0755' - tags: - - netbox-deploy - - directories - -- name: Create NetBox backup directory - file: - path: "{{ netbox_backup_dir }}" - state: directory - owner: root - group: root - mode: '0755' - tags: - - netbox-deploy - - directories - -- name: Clone NetBox Docker repository - git: - repo: "{{ netbox_repo_url }}" - dest: "{{ netbox_install_dir }}" - version: "{{ netbox_repo_branch }}" - update: "{{ netbox_repo_update }}" - force: yes - tags: - - netbox-deploy - - git-clone - -- name: Generate NetBox secret key - set_fact: - netbox_secret_key: "{{ netbox_secret_key | default(ansible.builtin.random_string(length=128)) }}" - when: netbox_secret_key == "" - tags: - - netbox-deploy - - config - -- name: Create NetBox environment file - template: - src: netbox.env.j2 - dest: "{{ netbox_install_dir }}/env/netbox.env" - mode: '0644' - tags: - - netbox-deploy - - config - -- name: Create PostgreSQL environment file - template: - src: postgres.env.j2 - dest: "{{ netbox_install_dir }}/env/postgres.env" - mode: '0644' - tags: - - netbox-deploy - - config - -- name: Create Redis environment file - template: - src: redis.env.j2 - dest: "{{ netbox_install_dir }}/env/redis.env" - mode: '0644' - tags: - - netbox-deploy - - config - -- name: Create Redis Cache environment file - template: - src: redis-cache.env.j2 - dest: "{{ netbox_install_dir }}/env/redis-cache.env" - mode: '0644' - tags: - - netbox-deploy - - config - -- name: Create Docker Compose override file - template: - src: docker-compose.override.yml.j2 - dest: "{{ netbox_install_dir }}/docker-compose.override.yml" - mode: '0644' - tags: - - netbox-deploy - - config - -- name: Pull Docker images - community.docker.docker_compose_v2: - project_src: "{{ netbox_install_dir }}" - pull: always - tags: - - netbox-deploy - - docker-pull - -- name: Start NetBox services - community.docker.docker_compose_v2: - project_src: "{{ netbox_install_dir }}" - state: present - tags: - - netbox-deploy - - docker-start - -- name: Wait for NetBox to be ready - uri: - url: "https://{{ netbox_domain }}/" - method: GET - status_code: 200 - validate_certs: false - register: netbox_ready - until: netbox_ready.status == 200 - retries: 30 - delay: 10 - tags: - - netbox-deploy - - health-check \ No newline at end of file diff --git a/roles/netbox-deploy/templates/docker-compose.override.yml.j2 b/roles/netbox-deploy/templates/docker-compose.override.yml.j2 deleted file mode 100644 index 9c040ba..0000000 --- a/roles/netbox-deploy/templates/docker-compose.override.yml.j2 +++ /dev/null @@ -1,4 +0,0 @@ -# Docker Compose Override Configuration -# Generated by Ansible - DO NOT EDIT MANUALLY - -{{ netbox_docker_compose_overrides | to_nice_yaml }} diff --git a/roles/netbox-deploy/templates/netbox.env.j2 b/roles/netbox-deploy/templates/netbox.env.j2 deleted file mode 100644 index 004c85a..0000000 --- a/roles/netbox-deploy/templates/netbox.env.j2 +++ /dev/null @@ -1,43 +0,0 @@ -# NetBox Configuration -# Generated by Ansible - DO NOT EDIT MANUALLY - -# Database Configuration -DB_HOST={{ netbox_db_host }} -DB_NAME={{ netbox_db_name }} -DB_USER={{ netbox_db_user }} -DB_PASSWORD={{ netbox_db_password }} -DB_PORT={{ netbox_db_port }} - -# Redis Configuration (Main Redis) -REDIS_HOST={{ netbox_redis_host }} -REDIS_PORT={{ netbox_redis_port }} -{% if netbox_redis_password %} -REDIS_PASSWORD={{ netbox_redis_password }} -{% endif %} - -# Redis Cache Configuration -REDIS_CACHE_HOST={{ netbox_redis_cache_host }} -REDIS_CACHE_PORT={{ netbox_redis_cache_port }} -{% if netbox_redis_cache_password %} -REDIS_CACHE_PASSWORD={{ netbox_redis_cache_password }} -{% endif %} - -# NetBox Settings -SECRET_KEY={{ netbox_secret_key }} -ALLOWED_HOSTS={{ netbox_allowed_hosts }} -TIME_ZONE={{ netbox_time_zone }} -LANGUAGE_CODE={{ netbox_language_code }} -DEBUG={{ netbox_debug | lower }} -LOG_LEVEL={{ netbox_log_level }} - -# Superuser Configuration -SUPERUSER_NAME={{ netbox_superuser_name }} -SUPERUSER_EMAIL={{ netbox_superuser_email }} -SUPERUSER_PASSWORD={{ netbox_superuser_password }} - -# Additional NetBox Configuration -{% if netbox_additional_env is defined %} -{% for key, value in netbox_additional_env.items() %} -{{ key }}={{ value }} -{% endfor %} -{% endif %} diff --git a/roles/netbox-deploy/templates/postgres.env.j2 b/roles/netbox-deploy/templates/postgres.env.j2 deleted file mode 100644 index 32f8d60..0000000 --- a/roles/netbox-deploy/templates/postgres.env.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# PostgreSQL Configuration -# Generated by Ansible - DO NOT EDIT MANUALLY - -POSTGRES_DB={{ netbox_db_name }} -POSTGRES_USER={{ netbox_db_user }} -POSTGRES_PASSWORD={{ netbox_db_password }} -POSTGRES_PORT={{ netbox_db_port }} - -# Additional PostgreSQL Configuration -{% if netbox_postgres_additional_env is defined %} -{% for key, value in netbox_postgres_additional_env.items() %} -{{ key }}={{ value }} -{% endfor %} -{% endif %} diff --git a/roles/netbox-deploy/templates/redis-cache.env.j2 b/roles/netbox-deploy/templates/redis-cache.env.j2 deleted file mode 100644 index feba3ff..0000000 --- a/roles/netbox-deploy/templates/redis-cache.env.j2 +++ /dev/null @@ -1,13 +0,0 @@ -# Redis Cache Configuration -# Generated by Ansible - DO NOT EDIT MANUALLY - -{% if netbox_redis_cache_password %} -REDIS_PASSWORD={{ netbox_redis_cache_password }} -{% endif %} - -# Additional Redis Cache Configuration -{% if netbox_redis_cache_additional_env is defined %} -{% for key, value in netbox_redis_cache_additional_env.items() %} -{{ key }}={{ value }} -{% endfor %} -{% endif %} diff --git a/roles/netbox-deploy/templates/redis.env.j2 b/roles/netbox-deploy/templates/redis.env.j2 deleted file mode 100644 index 38a1d6b..0000000 --- a/roles/netbox-deploy/templates/redis.env.j2 +++ /dev/null @@ -1,13 +0,0 @@ -# Redis Configuration (Main Redis) -# Generated by Ansible - DO NOT EDIT MANUALLY - -{% if netbox_redis_password %} -REDIS_PASSWORD={{ netbox_redis_password }} -{% endif %} - -# Additional Redis Configuration -{% if netbox_redis_additional_env is defined %} -{% for key, value in netbox_redis_additional_env.items() %} -{{ key }}={{ value }} -{% endfor %} -{% endif %} \ No newline at end of file diff --git a/roles/system-update/defaults/main.yml b/roles/system-update/defaults/main.yml deleted file mode 100644 index 748d53d..0000000 --- a/roles/system-update/defaults/main.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Default variables for system-update role -system_update_packages: - - apt-transport-https - - ca-certificates - - curl - - gnupg - - lsb-release - - software-properties-common - -system_update_reboot_if_needed: false -system_update_autoremove: true diff --git a/roles/system-update/meta/main.yml b/roles/system-update/meta/main.yml deleted file mode 100644 index e7df1e0..0000000 --- a/roles/system-update/meta/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -galaxy_info: - author: NetBox Ansible Deployment - description: Updates Ubuntu system packages - company: Internal - license: MIT - min_ansible_version: 2.9 - platforms: - - name: Ubuntu - versions: - - focal - - jammy - - noble - galaxy_tags: - - system - - ubuntu - - updates - -dependencies: [] diff --git a/roles/system-update/tasks/main.yml b/roles/system-update/tasks/main.yml deleted file mode 100644 index 492188b..0000000 --- a/roles/system-update/tasks/main.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -- name: Update apt package cache - apt: - update_cache: yes - cache_valid_time: 3600 - tags: - - system-update - - apt-update - -- name: Upgrade all packages - apt: - upgrade: dist - autoremove: "{{ system_update_autoremove }}" - register: apt_upgrade_result - tags: - - system-update - - apt-upgrade - -- name: Install required packages - apt: - name: "{{ system_update_packages }}" - state: present - tags: - - system-update - - packages - -- name: Check if reboot is required - stat: - path: /var/run/reboot-required - register: reboot_required - tags: - - system-update - - reboot-check - -- name: Reboot if required and enabled - reboot: - msg: "Reboot initiated by Ansible for system updates" - connect_timeout: 5 - reboot_timeout: 600 - pre_reboot_delay: 0 - post_reboot_delay: 30 - when: - - reboot_required.stat.exists - - system_update_reboot_if_needed - tags: - - system-update - - reboot diff --git a/roles/system-update/vars/main.yml b/roles/system-update/vars/main.yml deleted file mode 100644 index aca38f7..0000000 --- a/roles/system-update/vars/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# Variables for system-update role -system_update_packages: - - apt-transport-https - - ca-certificates - - curl - - gnupg - - lsb-release - - software-properties-common diff --git a/roles/traefik/defaults/main.yml b/roles/traefik/defaults/main.yml deleted file mode 100644 index 71cbcae..0000000 --- a/roles/traefik/defaults/main.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -# Default variables for traefik role - -# Traefik Configuration -traefik_install_dir: "/opt/traefik" -traefik_data_dir: "/opt/traefik-data" -traefik_config_dir: "/opt/traefik-config" - -# Traefik Image -traefik_image: "traefik:v3.0" -traefik_image_tag: "v3.0" - -# Traefik Configuration -traefik_dashboard_enabled: true -traefik_dashboard_port: 8080 -traefik_api_insecure: false -traefik_api_dashboard: true - -# ACME Configuration -traefik_acme_enabled: true -traefik_acme_email: "admin@example.com" -# traefik_acme_ca_server should be defined in group_vars or host_vars -traefik_acme_storage: "/data/acme.json" -traefik_acme_key_type: "RSA4096" - -# Entry Points -traefik_entrypoints: - web: - address: ":80" - websecure: - address: ":443" - traefik: - address: ":8080" - -# Providers -traefik_providers: - docker: - endpoint: "unix:///var/run/docker.sock" - exposedByDefault: false - network: "traefik" - -# Networks -traefik_networks: - - name: "traefik" - external: false - -# Logging -traefik_log_level: "INFO" -traefik_access_logs: false - -# Custom Root CA Configuration -# Users should define these in their group_vars or host_vars -# traefik_custom_ca_enabled: false -# traefik_custom_ca_url: "https://your-ca-server.com/root-ca.pem" -traefik_custom_ca_path: "/etc/traefik/custom-ca.pem" -traefik_custom_ca_verify_ssl: true diff --git a/roles/traefik/handlers/main.yml b/roles/traefik/handlers/main.yml deleted file mode 100644 index 5660e52..0000000 --- a/roles/traefik/handlers/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: restart traefik - community.docker.docker_compose_v2: - project_src: "{{ traefik_install_dir }}" - state: present - recreate: always - pull: always - tags: - - traefik-deploy - - handlers diff --git a/roles/traefik/meta/main.yml b/roles/traefik/meta/main.yml deleted file mode 100644 index eb861a0..0000000 --- a/roles/traefik/meta/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -galaxy_info: - author: NetBox Ansible Deployment - description: Traefik reverse proxy with ACME TLS support - company: - license: MIT - min_ansible_version: 2.9 - platforms: - - name: Ubuntu - versions: - - focal - - jammy - galaxy_tags: - - traefik - - reverse-proxy - - tls - - acme - -dependencies: [] diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml deleted file mode 100644 index 19d1323..0000000 --- a/roles/traefik/tasks/main.yml +++ /dev/null @@ -1,101 +0,0 @@ ---- -- name: Create Traefik installation directory - file: - path: "{{ traefik_install_dir }}" - state: directory - owner: root - group: root - mode: '0755' - tags: - - traefik-deploy - - directories - -- name: Create Traefik data directory - file: - path: "{{ traefik_data_dir }}" - state: directory - owner: root - group: root - mode: '0755' - tags: - - traefik-deploy - - directories - -- name: Create Traefik config directory - file: - path: "{{ traefik_config_dir }}" - state: directory - owner: root - group: root - mode: '0755' - tags: - - traefik-deploy - - directories - -- name: Create ACME storage file - file: - path: "{{ traefik_data_dir }}/acme.json" - state: touch - owner: root - group: root - mode: '0600' - tags: - - traefik-deploy - - config - -- name: Download custom root CA certificate - get_url: - url: "{{ traefik_custom_ca_url }}" - dest: "{{ traefik_custom_ca_path }}" - mode: '0644' - owner: root - group: root - validate_certs: "{{ traefik_custom_ca_verify_ssl }}" - timeout: 30 - when: traefik_custom_ca_enabled | default(false) and traefik_custom_ca_url | default('') != '' - notify: restart traefik - tags: - - traefik-deploy - - custom-ca - -- name: Create Traefik static configuration - template: - src: traefik.yml.j2 - dest: "{{ traefik_config_dir }}/traefik.yml" - mode: '0644' - notify: restart traefik - tags: - - traefik-deploy - - config - -- name: Create Traefik Docker Compose file - template: - src: docker-compose.yml.j2 - dest: "{{ traefik_install_dir }}/docker-compose.yml" - mode: '0644' - notify: restart traefik - tags: - - traefik-deploy - - config - -- name: Start Traefik services - community.docker.docker_compose_v2: - project_src: "{{ traefik_install_dir }}" - state: present - tags: - - traefik-deploy - - docker-start - -- name: Wait for Traefik to be ready - uri: - url: "https://traefik.{{ traefik_domain | default('localhost') }}/api/rawdata" - method: GET - status_code: 200 - ca_path: "{{ traefik_custom_ca_path }}" - register: traefik_ready - until: traefik_ready.status == 200 - retries: 30 - delay: 5 - tags: - - traefik-deploy - - health-check diff --git a/roles/traefik/templates/docker-compose.yml.j2 b/roles/traefik/templates/docker-compose.yml.j2 deleted file mode 100644 index fce0e8b..0000000 --- a/roles/traefik/templates/docker-compose.yml.j2 +++ /dev/null @@ -1,41 +0,0 @@ -name: traefik - -services: - traefik: - image: "{{ traefik_image }}" - container_name: traefik - restart: unless-stopped - ports: - - "80:80" - - "443:443" - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - - "{{ traefik_config_dir }}/traefik.yml:/etc/traefik/traefik.yml:ro" - - "{{ traefik_data_dir }}:/data" -{% if traefik_custom_ca_enabled | default(false) %} - - "{{ traefik_custom_ca_path }}:/etc/ssl/certs/custom-ca.pem:ro" -{% endif %} - networks: -{% for network in traefik_networks %} - - "{{ network.name }}" -{% endfor %} -{% if traefik_custom_ca_enabled | default(false) %} - environment: - - LEGO_CA_CERTIFICATES=/etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/custom-ca.pem -{% endif %} - command: - - --configfile=/etc/traefik/traefik.yml - labels: - - "traefik.enable=true" - - "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.{{ traefik_domain | default('localhost') }}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" - - "traefik.http.routers.traefik-dashboard.service=api@internal" - -networks: -{% for network in traefik_networks %} - {{ network.name }}: -{% if network.external | default(false) %} - external: true -{% else %} - driver: bridge -{% endif %} -{% endfor %} diff --git a/roles/traefik/templates/traefik.yml.j2 b/roles/traefik/templates/traefik.yml.j2 deleted file mode 100644 index 57e2d9f..0000000 --- a/roles/traefik/templates/traefik.yml.j2 +++ /dev/null @@ -1,86 +0,0 @@ -# Traefik Static Configuration -# Generated by Ansible - DO NOT EDIT MANUALLY - -# Global Configuration -global: - checkNewVersion: false - sendAnonymousUsage: false - -# API Configuration -api: - dashboard: true - insecure: false - -# Entry Points -entryPoints: -{% for name, config in traefik_entrypoints.items() %} - {{ name }}: - address: "{{ config.address }}" -{% if config.http is defined %} - http: -{% if config.http.tls is defined %} - tls: -{% if config.http.tls.certResolver is defined %} - certResolver: {{ config.http.tls.certResolver }} -{% endif %} -{% endif %} -{% if config.http.redirections is defined %} - redirections: -{% for redirection in config.http.redirections %} - entryPoint: - to: "{{ redirection.entrypoint.to }}" - scheme: "{{ redirection.entrypoint.scheme }}" - permanent: {{ redirection.entrypoint.permanent | lower }} -{% endfor %} -{% endif %} -{% endif %} -{% endfor %} - -# Providers -providers: -{% for name, config in traefik_providers.items() %} - {{ name }}: -{% for key, value in config.items() %} - {{ key }}: {{ value | to_json if value is mapping else (value | lower if value is boolean else value) }} -{% endfor %} -{% endfor %} - - -{% if traefik_acme_enabled %} -# Certificate Resolvers -certificatesResolvers: - letsencrypt: - acme: - email: "{{ traefik_acme_email }}" - storage: "{{ traefik_acme_storage }}" -{% if traefik_acme_ca_server is defined %} - caServer: "{{ traefik_acme_ca_server }}" -{% endif %} - httpChallenge: - entryPoint: web -{% endif %} - -# Logging -log: - level: "{{ traefik_log_level }}" - -{% if traefik_access_logs %} -accessLog: -{% if traefik_access_logs_format is defined %} - format: "{{ traefik_access_logs_format }}" -{% endif %} -{% if traefik_access_logs_fields is defined %} - fields: - defaultMode: "{{ traefik_access_logs_fields.defaultMode }}" -{% if traefik_access_logs_fields.headers is defined %} - headers: - defaultMode: "{{ traefik_access_logs_fields.headers.defaultMode }}" -{% if traefik_access_logs_fields.headers.names is defined %} - names: -{% for header, mode in traefik_access_logs_fields.headers.names.items() %} - "{{ header }}": "{{ mode }}" -{% endfor %} -{% endif %} -{% endif %} -{% endif %} -{% endif %}