From 48d5eb83d35dc8bbdce4e63afb2b8115476506d8 Mon Sep 17 00:00:00 2001 From: Thomas Kleinendorst Date: Tue, 7 Jan 2025 13:07:37 +0100 Subject: [PATCH] Add Portainer --- playbook.yml | 1 + roles/portainer/tasks/main.yml | 27 +++++++++++++++++++++++++++ versions.yml | 1 + 3 files changed, 29 insertions(+) create mode 100644 roles/portainer/tasks/main.yml diff --git a/playbook.yml b/playbook.yml index 64d9b1b..73138e8 100644 --- a/playbook.yml +++ b/playbook.yml @@ -28,6 +28,7 @@ - role: monitoring - role: immich - role: hoarder + - role: portainer vars: # devsec.hardening.ssh_hardening vars: ssh_client_port: 22 # Default, but duplicated here for documentation purpose. Not changed because its only accessible via LAN. diff --git a/roles/portainer/tasks/main.yml b/roles/portainer/tasks/main.yml new file mode 100644 index 0000000..b8ee960 --- /dev/null +++ b/roles/portainer/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- name: Create portainer volume + become: true + community.docker.docker_volume: + volume_name: portainer_data +- name: Install the container + become: true + community.docker.docker_container: + name: portainer + image: "portainer/portainer-ce:{{ versions.portainer }}" + ports: + # - "127.0.0.1:9443:9443/tcp" # TCP port, not used + # But the opened http port is only opened for "legacy reasons", see: https://docs.portainer.io/start/install-ce/server/docker/linux + - "127.0.0.1:9000:9000/tcp" + mounts: + - source: portainer_data + target: /data + - source: /var/run/docker.sock + target: /var/run/docker.sock + type: bind + restart_policy: always +- name: Include simple-reverse-proxy role + ansible.builtin.include_role: + name: simple-reverse-proxy + vars: + simple_reverse_proxy_internal_port: 9000 + simple_reverse_proxy_internal_subdomain: portainer diff --git a/versions.yml b/versions.yml index 2775410..64b05b2 100644 --- a/versions.yml +++ b/versions.yml @@ -31,3 +31,4 @@ versions: cloudflared: 2024.12.2 # Releases: https://github.com/hoarder-app/hoarder/releases hoarder_version: 0.20.0 + portainer: 2.21.5