79 lines
2.1 KiB
YAML
79 lines
2.1 KiB
YAML
---
|
|
|
|
# create directories
|
|
- name: "create omni directories"
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: "directory"
|
|
mode: "0755"
|
|
loop:
|
|
- "/mnt/omni"
|
|
- "/mnt/omni/etcd-vol"
|
|
|
|
# omni etcd key
|
|
- name: "etcd key"
|
|
ansible.builtin.copy:
|
|
dest: "/mnt/omni/omni.asc"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
content: "{{ omni_etcd_priv_key }}"
|
|
notify: "restart omni"
|
|
|
|
# omni domain key
|
|
- name: "link - omni domain key"
|
|
ansible.builtin.file:
|
|
src: "/root/.acme.sh/simoncor.net_ecc/simoncor.net.key"
|
|
dest: "/mnt/omni/omni.key"
|
|
state: "link"
|
|
|
|
# omni domain cert
|
|
- name: "link - omni domain cert"
|
|
ansible.builtin.file:
|
|
src: "/root/.acme.sh/simoncor.net_ecc/fullchain.cer"
|
|
dest: "/mnt/omni/omni.pem"
|
|
state: "link"
|
|
|
|
# run omni
|
|
- name: "run omni"
|
|
community.docker.docker_container:
|
|
container_default_behavior: "no_defaults"
|
|
detach: "yes"
|
|
pull: "always"
|
|
state: "started"
|
|
name: "omni"
|
|
image: "ghcr.io/siderolabs/omni:v1.2.1"
|
|
restart_policy: "unless-stopped"
|
|
network_mode: "host"
|
|
capabilities:
|
|
- "NET_ADMIN"
|
|
|
|
devices:
|
|
- "/dev/net/tun"
|
|
|
|
volumes:
|
|
- "/mnt/omni/etcd-vol:/_out/etcd"
|
|
- "/mnt/omni/omni.asc:/omni.asc"
|
|
- "/mnt/omni/omni.pem:/tls.crt"
|
|
- "/mnt/omni/omni.key:/tls.key"
|
|
|
|
command: >-
|
|
--account-id={{ omni_account_uuid }}
|
|
--name=omni
|
|
--cert=/tls.crt
|
|
--key=/tls.key
|
|
--machine-api-cert=/tls.crt
|
|
--machine-api-key=/tls.key
|
|
--private-key-source='file:///omni.asc'
|
|
--event-sink-port=8091
|
|
--bind-addr=0.0.0.0:443
|
|
--machine-api-bind-addr=0.0.0.0:8090
|
|
--k8s-proxy-bind-addr=0.0.0.0:8100
|
|
--advertised-api-url="https://api.{{ omni_domain }}"
|
|
--advertised-kubernetes-proxy-url="https://kube.{{ omni_domain }}:8100"
|
|
--siderolink-api-advertised-url="https://{{ omni_domain }}:8090"
|
|
--siderolink-wireguard-advertised-addr="{{ omni_ip }}:50180"
|
|
--initial-users={{ omni_sso_user }}
|
|
--auth-auth0-enabled=true
|
|
--auth-auth0-domain={{ auth0_domain }}
|
|
--auth-auth0-client-id={{ auth0_client_id }}
|