feat: media+app VMs, Komodo periphery working

2026-04-09 23:20:40 +01:00
parent 3b6267e1db
commit d717013e6d
15 changed files with 152 additions and 164 deletions
@@ -1,17 +1,21 @@
 services:
  periphery:
-    image: ghcr.io/moghtech/komodo-periphery:2
+    image: ghcr.io/moghtech/komodo-periphery:2.1.0
    init: true
    container_name: komodo-periphery
    restart: unless-stopped
    environment:
-      PERIPHERY_CORE_ADDRESS: 10.0.4.10:9120
+      PERIPHERY_CORE_ADDRESS: {{ komodo_core_address }}
      PERIPHERY_CONNECT_AS: {{ inventory_hostname }}
      PERIPHERY_CORE_PUBLIC_KEYS: file:/config/keys/core.pub
      PERIPHERY_ROOT_DIRECTORY: /etc/komodo
      PERIPHERY_DISABLE_TERMINALS: false
      PERIPHERY_DISABLE_CONTAINER_TERMINALS: false
      PERIPHERY_INCLUDE_DISK_MOUNTS: /etc/hostname
+      KOMODO_SSL_ENABLED: false
+      PERIPHERY_BIND_IP: 0.0.0.0
+      PERIPHERY_ONBOARDING_KEY: "{{ komodo_onboarding_key }}"
+      PERIPHERY_CORE_TLS_INSECURE_SKIP_VERIFY: true
      TZ: Europe/Lisbon
    volumes:
      - /data/komodo/app/keys:/config/keys
@@ -38,30 +38,10 @@ services:
      KOMODO_RESOURCE_POLL_INTERVAL: "1-hr"
      KOMODO_DISABLE_USER_REGISTRATION: true
      KOMODO_ENABLE_NEW_USERS: false
+      KOMODO_SSL_ENABLED: false
+      KOMODO_TLS_INSECURE_SKIP_VERIFY: true
      TZ: "Europe/Lisbon"
    volumes:
      - /data/komodo/app/keys:/config/keys
      - /data/komodo/app/backups:/backups
      - /var/run/docker.sock:/var/run/docker.sock
-
-  periphery:
-    image: ghcr.io/moghtech/komodo-periphery:2
-    init: true
-    container_name: komodo-periphery
-    restart: unless-stopped
-    depends_on:
-      - komodo-core
-    environment:
-      PERIPHERY_CORE_ADDRESS: ws://komodo-core:9120
-      PERIPHERY_CONNECT_AS: "infra-core-1"
-      PERIPHERY_CORE_PUBLIC_KEYS: file:/config/keys/core.pub
-      PERIPHERY_ROOT_DIRECTORY: /etc/komodo
-      PERIPHERY_DISABLE_TERMINALS: false
-      PERIPHERY_DISABLE_CONTAINER_TERMINALS: false
-      PERIPHERY_INCLUDE_DISK_MOUNTS: /etc/hostname
-      TZ: "Europe/Lisbon"
-    volumes:
-      - /data/komodo/app/keys:/config/keys
-      - /var/run/docker.sock:/var/run/docker.sock
-      - /proc:/proc
-      - /etc/komodo:/etc/komodo
@@ -122,6 +122,22 @@ http:
      tls:
        certResolver: cloudflare
 {% endfor %}
+{% endif %}
+{% if config.auth_required | default(true) %}
+    # {{ service_name }} - internal network (no auth)
+    {{ service_name }}-int:
+      rule: "Host(`{{ config.subdomain }}.{{ domain }}`) && ClientIP(`10.0.0.0/21`)"
+      entryPoints:
+        - https
+      priority: 50
+{% if config.forward_https | default(false) %}
+      middlewares:
+        - {{ service_name }}-https-headers
+{% endif %}
+      service: {{ service_name }}
+      tls:
+        certResolver: cloudflare
+{% endif %}
    # {{ service_name }} - default path (with auth if required)
    {{ service_name }}:
      rule: "Host(`{{ config.subdomain }}.{{ domain }}`)"
@@ -140,24 +156,6 @@ http:
      service: {{ service_name }}
      tls:
        certResolver: cloudflare
-{% else %}
-    {{ service_name }}:
-      rule: "Host(`{{ config.subdomain }}.{{ domain }}`)"
-      entryPoints:
-        - https
-{% if config.auth_required | default(true) or config.forward_https | default(false) %}
-      middlewares:
-{% if config.auth_required | default(true) %}
-        - pocketid-auth
-{% endif %}
-{% if config.forward_https | default(false) %}
-        - {{ service_name }}-https-headers
-{% endif %}
-{% endif %}
-      service: {{ service_name }}
-      tls:
-        certResolver: cloudflare
-{% endif %}
 {% endfor %}

    # Auto-configured services - HTTP to HTTPS redirect
@@ -1,11 +0,0 @@
---
- name: Create app directories
-  ansible.builtin.file:
-    path: "/data/{{ item }}"
-    state: directory
-    mode: "0755"
-  loop:
-    - paperless
-    - nextcloud
-    - mealie
-    - outline
@@ -1,10 +0,0 @@
---
- name: Create infra directories
-  ansible.builtin.file:
-    path: "/data/{{ item }}"
-    state: directory
-    mode: "0755"
-  loop:
-    - vaultwarden
-    - pi-hole
-    - uptime-kuma
@@ -1,10 +0,0 @@
---
- name: Ensure VM has iGPU passthrough (requires Proxmox pre-config)
-  ansible.builtin.debug:
-    msg: "Ensure /dev/dri is passed through on this VM: {{ inventory_hostname }}"
-
- name: Mount media storage
-  ansible.builtin.file:
-    path: /data/media
-    state: directory
-    mode: "0755"