lino/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Added personal website

Browse Source
This commit is contained in:
Lino Silva
2026-04-01 23:31:05 +01:00
parent 06ba9b4688
commit 03865d6f16
39 changed files with 36951 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ansible/inventories/group_vars/all/main.yml
+4
View File
@@ -220,3 +220,7 @@ tinyauth_port: 3000
tinyauth_oidc_provider: "https://auth.{{ domain }}"
tinyauth_client_id: "{{ vault_tinyauth_client_id }}"
tinyauth_client_secret: "{{ vault_tinyauth_client_secret }}"
# Website configuration (root domain)
website_host: 10.0.4.10
website_port: 8080
ansible/inventories/production.yml
+1 -1
View File
@@ -10,7 +10,7 @@ all:
ansible_host: 10.0.4.1
edge-2:
ansible_host: 10.0.4.2
purah:
infra:
hosts:
infra-core-1:
ansible_host: 10.0.4.10
ansible/playbooks/provision_vms.yml
+2 -1
View File
@@ -12,13 +12,14 @@
- keepalived
- traefik
- hosts: purah
- hosts: infra
become: yes
roles:
- base
- docker
- tinyauth
- pocketid
- website
# - hosts: all
# become: yes
ansible/roles/traefik/templates/remote-services.yml.j2
+22
View File
@@ -47,6 +47,14 @@ http:
tls:
certResolver: cloudflare
website:
rule: "Host(`{{ domain }}`)"
entryPoints:
- https
service: website
tls:
certResolver: cloudflare
# Static services - HTTP to HTTPS redirect
traefik-redirect:
rule: "Host(`traefik.{{ domain }}`)"
@@ -72,6 +80,14 @@ http:
- traefik-https-redirect
service: tinyauth
website-redirect:
rule: "Host(`{{ domain }}`)"
entryPoints:
- http
middlewares:
- traefik-https-redirect
service: website
# Auto-configured services - HTTPS
{% for service_name, config in auto_configure_traefik.items() %}
{% if config.auth_bypass_paths is defined %}
@@ -152,6 +168,12 @@ http:
servers:
- url: "http://{{ tinyauth_host }}:{{ tinyauth_port }}"
website:
loadBalancer:
passHostHeader: true
servers:
- url: "http://{{ website_host }}:{{ website_port }}"
# Auto-configured services
{% for service_name, config in auto_configure_traefik.items() %}
{{ service_name }}:
ansible/roles/website/tasks/main.yml
+44
View File
@@ -0,0 +1,44 @@
---
- name: Install rsync
apt:
name: rsync
state: present
update_cache: yes
- name: Ensure website directory exists
file:
path: /opt/website
state: directory
mode: '0755'
- name: Ensure website html directory exists
file:
path: /opt/website/html
state: directory
mode: '0755'
- name: Copy website build files
synchronize:
src: "{{ playbook_dir }}/../../website/build/"
dest: /opt/website/html/
delete: yes
recursive: yes
delegate_to: localhost
become: no
- name: Deploy nginx configuration
template:
src: nginx.conf.j2
dest: /opt/website/nginx.conf
mode: '0644'
- name: Deploy website docker-compose
template:
src: docker-compose.yml.j2
dest: /opt/website/docker-compose.yml
mode: '0644'
- name: Start website container
shell: cd /opt/website && docker compose down && docker compose up -d
args:
chdir: /opt/website
ansible/roles/website/templates/docker-compose.yml.j2
+10
View File
@@ -0,0 +1,10 @@
services:
website:
image: nginx:alpine
container_name: website
restart: unless-stopped
ports:
- "{{ website_port }}:80"
volumes:
- ./html:/usr/share/nginx/html:ro
- ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
ansible/roles/website/templates/nginx.conf.j2
+28
View File
@@ -0,0 +1,28 @@
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
index index.html;
# SPA routing - serve index.html for all routes
location / {
try_files $uri $uri/ /index.html;
}
# Cache static assets
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# Gzip compression
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml+rss application/json application/javascript;
}