Skip to content

Commit

Permalink
implement per-container public exposure
Browse files Browse the repository at this point in the history
  • Loading branch information
ahembree committed May 23, 2022
1 parent ba1b1bf commit 588eeca
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 0 deletions.
12 changes: 12 additions & 0 deletions roles/hmsdocker/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -341,6 +341,7 @@ hms_docker_compose_container_state: present
# `enabled`: Enables or disables the container
# `directory`: Creates the container directory within the apps folder
# `traefik`: Enables or disables accessing the container via Traefik
# `expose_to_public`: Enables or disables exposing the container to the public internet via Traefik (removes allowlist restrictions)
hms_docker_container_map:
traefik:
enabled: yes
Expand All @@ -350,46 +351,57 @@ hms_docker_container_map:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no
radarr:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no
bazarr:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no
transmission:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no
portainer:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no
overseerr:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no
prowlarr:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no
requestrr:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no
plex:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no
tautulli:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no
nzbget:
enabled: yes
directory: yes
traefik: yes
expose_to_public: no

plex_transcode_folder: "{{ hms_docker_apps_path }}/plex/transcode_temp" # default: "{{ hms_docker_apps_path }}/plex/transcode_temp"

Expand Down
20 changes: 20 additions & 0 deletions roles/hmsdocker/templates/docker-compose.yml.j2
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,11 @@ services:
labels:
- traefik.enable=true
- traefik.http.services.portainer-{{ project_name }}.loadbalancer.server.port=9000
{% if not hms_docker_container_map['portainer']['expose_to_public'] %}
- "traefik.http.routers.portainer-{{ project_name }}.middlewares=internal-ipwhitelist"
{% endif %}
{% endif %}
{% endif %}

{% if container_enable_auto_updates %}
# Watchtower container, automatic updates
Expand Down Expand Up @@ -114,9 +116,11 @@ services:
labels:
- traefik.enable=true
- traefik.http.services.nzbget-{{ project_name }}.loadbalancer.server.port=6789
{% if not hms_docker_container_map['nzbget']['expose_to_public'] %}
- "traefik.http.routers.nzbget-{{ project_name }}.middlewares=internal-ipwhitelist"
{% endif %}
{% endif %}
{% endif %}

{% if hms_docker_container_map['transmission']['enabled'] and transmission_vpn_provider is defined and transmission_vpn_user is defined and transmission_vpn_pass is defined %}
# Transmission container, torrent client/VPN
Expand Down Expand Up @@ -199,9 +203,11 @@ services:
# for the transmission container web UI, so we have traefik point to this one instead when trying to access the transmission web UI
- traefik.http.routers.proxy-{{ project_name }}.rule=Host(`transmission.{{ hms_docker_domain }}`)
- traefik.http.services.proxy-{{ project_name }}.loadbalancer.server.port=8080
{% if not hms_docker_container_map['transmission']['expose_to_public'] %}
- "traefik.http.routers.proxy-{{ project_name }}.middlewares=internal-ipwhitelist"
{% endif %}
{% endif %}
{% endif %}

{% if hms_docker_container_map['requestrr']['enabled'] %}
# Requestrr container, chat client for requests
Expand Down Expand Up @@ -230,9 +236,11 @@ services:
labels:
- traefik.enable=true
- traefik.http.services.requestrr-{{ project_name }}.loadbalancer.server.port=4545
{% if not hms_docker_container_map['requestrr']['expose_to_public'] %}
- "traefik.http.routers.requestrr-{{ project_name }}.middlewares=internal-ipwhitelist"
{% endif %}
{% endif %}
{% endif %}

{% if hms_docker_container_map['prowlarr']['enabled'] %}
# Prowlarr container, torrent indexer
Expand Down Expand Up @@ -261,9 +269,11 @@ services:
labels:
- traefik.enable=true
- traefik.http.services.prowlarr-{{ project_name }}.loadbalancer.server.port=9696
{% if not hms_docker_container_map['prowlarr']['expose_to_public'] %}
- "traefik.http.routers.prowlarr-{{ project_name }}.middlewares=internal-ipwhitelist"
{% endif %}
{% endif %}
{% endif %}

{% if hms_docker_container_map['sonarr']['enabled'] %}
# Sonarr container, tv show indexer
Expand All @@ -286,7 +296,9 @@ services:
labels:
- traefik.enable=true
- traefik.http.services.sonarr-{{ project_name }}.loadbalancer.server.port=8989
{% if not hms_docker_container_map['sonarr']['expose_to_public'] %}
- "traefik.http.routers.sonarr-{{ project_name }}.middlewares=internal-ipwhitelist"
{% endif %}
{% endif %}
volumes:
- {{ hms_docker_apps_path }}/sonarr/config:/config
Expand Down Expand Up @@ -330,7 +342,9 @@ services:
labels:
- traefik.enable=true
- traefik.http.services.radarr-{{ project_name }}.loadbalancer.server.port=7878
{% if not hms_docker_container_map['radarr']['expose_to_public'] %}
- "traefik.http.routers.radarr-{{ project_name }}.middlewares=internal-ipwhitelist"
{% endif %}
{% endif %}
volumes:
- {{ hms_docker_apps_path }}/radarr/config:/config
Expand Down Expand Up @@ -385,9 +399,11 @@ services:
labels:
- traefik.enable=true
- traefik.http.services.bazarr-{{ project_name }}.loadbalancer.server.port=6767
{% if not hms_docker_container_map['bazarr']['expose_to_public'] %}
- "traefik.http.routers.bazarr-{{ project_name }}.middlewares=internal-ipwhitelist"
{% endif %}
{% endif %}
{% endif %}

{% if hms_docker_container_map['overseerr']['enabled'] %}
# Overseer container, request platform
Expand Down Expand Up @@ -475,9 +491,11 @@ services:
labels:
- traefik.enable=true
- traefik.http.services.plex-{{ project_name }}.loadbalancer.server.port=32400
{% if not hms_docker_container_map['plex']['expose_to_public'] %}
- "traefik.http.routers.plex-{{ project_name }}.middlewares=internal-ipwhitelist"
{% endif %}
{% endif %}
{% endif %}

{% if hms_docker_container_map['tautulli']['enabled'] %}
# Tautulli container, analytics
Expand All @@ -500,8 +518,10 @@ services:
labels:
- traefik.enable=true
- traefik.http.services.tautulli-{{ project_name }}.loadbalancer.server.port=8181
{% if not hms_docker_container_map['tautulli']['expose_to_public'] %}
- "traefik.http.routers.tautulli-{{ project_name }}.middlewares=internal-ipwhitelist"
{% endif %}
{% endif %}
{% if container_expose_ports or not hms_docker_container_map['traefik']['enabled'] %}
ports:
- 8181:8181
Expand Down

0 comments on commit 588eeca

Please sign in to comment.