Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

implement per-container public exposure #4

Merged
merged 1 commit into from
May 28, 2022
Merged

implement per-container public exposure #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions roles/hmsdocker/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -341,6 +341,7 @@ hms_docker_compose_container_state: present
# `enabled`: Enables or disables the container
# `directory`: Creates the container directory within the apps folder
# `traefik`: Enables or disables accessing the container via Traefik
# `expose_to_public`: Enables or disables exposing the container to the public internet via Traefik (removes allowlist restrictions)
hms_docker_container_map:
traefik:
enabled: yes
Expand All @@ -350,46 +351,57 @@ hms_docker_container_map:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no
radarr:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no
bazarr:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no
transmission:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no
portainer:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no
overseerr:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no
prowlarr:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no
requestrr:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no
plex:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no
tautulli:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no
nzbget:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no

plex_transcode_folder: "{{ hms_docker_apps_path }}/plex/transcode_temp" # default: "{{ hms_docker_apps_path }}/plex/transcode_temp"

Expand Down
20 changes: 20 additions & 0 deletions roles/hmsdocker/templates/docker-compose.yml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,11 @@ services:
labels:
- traefik.enable=true
- traefik.http.services.portainer-{{ project_name }}.loadbalancer.server.port=9000
{% if not hms_docker_container_map['portainer']['expose_to_public'] %}
- "traefik.http.routers.portainer-{{ project_name }}.middlewares=internal-ipwhitelist"
{% endif %}
{% endif %}
{% endif %}

{% if container_enable_auto_updates %}
# Watchtower container, automatic updates
Expand Down Expand Up @@ -114,9 +116,11 @@ services:
labels:
- traefik.enable=true
- traefik.http.services.nzbget-{{ project_name }}.loadbalancer.server.port=6789
{% if not hms_docker_container_map['nzbget']['expose_to_public'] %}
- "traefik.http.routers.nzbget-{{ project_name }}.middlewares=internal-ipwhitelist"
{% endif %}
{% endif %}
{% endif %}

{% if hms_docker_container_map['transmission']['enabled'] and transmission_vpn_provider is defined and transmission_vpn_user is defined and transmission_vpn_pass is defined %}
# Transmission container, torrent client/VPN
Expand Down Expand Up @@ -199,9 +203,11 @@ services:
# for the transmission container web UI, so we have traefik point to this one instead when trying to access the transmission web UI
- traefik.http.routers.proxy-{{ project_name }}.rule=Host(`transmission.{{ hms_docker_domain }}`)
- traefik.http.services.proxy-{{ project_name }}.loadbalancer.server.port=8080
{% if not hms_docker_container_map['transmission']['expose_to_public'] %}
- "traefik.http.routers.proxy-{{ project_name }}.middlewares=internal-ipwhitelist"
{% endif %}
{% endif %}
{% endif %}

{% if hms_docker_container_map['requestrr']['enabled'] %}
# Requestrr container, chat client for requests
Expand Down Expand Up @@ -230,9 +236,11 @@ services:
labels:
- traefik.enable=true
- traefik.http.services.requestrr-{{ project_name }}.loadbalancer.server.port=4545
{% if not hms_docker_container_map['requestrr']['expose_to_public'] %}
- "traefik.http.routers.requestrr-{{ project_name }}.middlewares=internal-ipwhitelist"
{% endif %}
{% endif %}
{% endif %}

{% if hms_docker_container_map['prowlarr']['enabled'] %}
# Prowlarr container, torrent indexer
Expand Down Expand Up @@ -261,9 +269,11 @@ services:
labels:
- traefik.enable=true
- traefik.http.services.prowlarr-{{ project_name }}.loadbalancer.server.port=9696
{% if not hms_docker_container_map['prowlarr']['expose_to_public'] %}
- "traefik.http.routers.prowlarr-{{ project_name }}.middlewares=internal-ipwhitelist"
{% endif %}
{% endif %}
{% endif %}

{% if hms_docker_container_map['sonarr']['enabled'] %}
# Sonarr container, tv show indexer
Expand All @@ -286,7 +296,9 @@ services:
labels:
- traefik.enable=true
- traefik.http.services.sonarr-{{ project_name }}.loadbalancer.server.port=8989
{% if not hms_docker_container_map['sonarr']['expose_to_public'] %}
- "traefik.http.routers.sonarr-{{ project_name }}.middlewares=internal-ipwhitelist"
{% endif %}
{% endif %}
volumes:
- {{ hms_docker_apps_path }}/sonarr/config:/config
Expand Down Expand Up @@ -330,7 +342,9 @@ services:
labels:
- traefik.enable=true
- traefik.http.services.radarr-{{ project_name }}.loadbalancer.server.port=7878
{% if not hms_docker_container_map['radarr']['expose_to_public'] %}
- "traefik.http.routers.radarr-{{ project_name }}.middlewares=internal-ipwhitelist"
{% endif %}
{% endif %}
volumes:
- {{ hms_docker_apps_path }}/radarr/config:/config
Expand Down Expand Up @@ -385,9 +399,11 @@ services:
labels:
- traefik.enable=true
- traefik.http.services.bazarr-{{ project_name }}.loadbalancer.server.port=6767
{% if not hms_docker_container_map['bazarr']['expose_to_public'] %}
- "traefik.http.routers.bazarr-{{ project_name }}.middlewares=internal-ipwhitelist"
{% endif %}
{% endif %}
{% endif %}

{% if hms_docker_container_map['overseerr']['enabled'] %}
# Overseer container, request platform
Expand Down Expand Up @@ -475,9 +491,11 @@ services:
labels:
- traefik.enable=true
- traefik.http.services.plex-{{ project_name }}.loadbalancer.server.port=32400
{% if not hms_docker_container_map['plex']['expose_to_public'] %}
- "traefik.http.routers.plex-{{ project_name }}.middlewares=internal-ipwhitelist"
{% endif %}
{% endif %}
{% endif %}

{% if hms_docker_container_map['tautulli']['enabled'] %}
# Tautulli container, analytics
Expand All @@ -500,8 +518,10 @@ services:
labels:
- traefik.enable=true
- traefik.http.services.tautulli-{{ project_name }}.loadbalancer.server.port=8181
{% if not hms_docker_container_map['tautulli']['expose_to_public'] %}
- "traefik.http.routers.tautulli-{{ project_name }}.middlewares=internal-ipwhitelist"
{% endif %}
{% endif %}
{% if container_expose_ports or not hms_docker_container_map['traefik']['enabled'] %}
ports:
- 8181:8181
Expand Down