serguzim/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor all_services to remove name attribute

Browse source
This commit is contained in:
Tobias Reisinger 2024-10-22 18:29:03 +02:00
parent 6f9f888478
commit 1d14ac888e
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
16 changed files with 42 additions and 71 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Makefile
View file

@ -10,8 +10,8 @@ PWD := $(shell pwd)
.FORCE:
./inventory/group_vars/all/all_services.yml: .FORCE
tofu output --json \
| yq -y '{all_services: with_entries(.value |= .value).services | to_entries | map(.value)}' \
tofu output --json services \
| yq -y '{all_services: .}' \
> ./inventory/group_vars/all/all_services.yml
./inventory/group_vars/all/opentofu.yml: .FORCE

4
modules/infrastructure/scaleway.tf
View file

@ -13,7 +13,7 @@ data "scaleway_iam_user" "serguzim" {
resource "scaleway_iam_application" "service_applications" {
for_each = local.services_s3
name = each.value.name
name = each.key
}
resource "scaleway_iam_policy" "service_storage_policies" {
@ -28,7 +28,7 @@ resource "scaleway_iam_policy" "service_storage_policies" {
resource "scaleway_object_bucket" "service_buckets" {
for_each = local.services_s3
name = "${each.value.name}.serguzim.me"
name = "${each.key}.serguzim.me"
lifecycle {
prevent_destroy = true
}

1
modules/infrastructure/variables.tf
View file

@ -12,7 +12,6 @@ variable "default_ssh_key" {
variable "services" {
type = map(object({
name = string
host = string
dns = optional(list(object({
domain = string

6
modules/services/authentik.tf
View file

@ -53,9 +53,9 @@ resource "authentik_group" "minio_users" {
resource "authentik_provider_oauth2" "service_providers" {
for_each = local.services_auth
name = each.value.name
name = each.key
client_type = "confidential"
client_id = each.value.name
client_id = each.key
authorization_flow = data.authentik_flow.default_authorization_flow.id
redirect_uris = each.value.auth_redirects
property_mappings = flatten([
@ -69,7 +69,7 @@ resource "authentik_provider_oauth2" "service_providers" {
resource "authentik_application" "service_applications" {
for_each = local.services_auth
name = each.value.name
name = each.key
slug = replace(each.value.dns[0].domain, ".", "-")
protocol_provider = authentik_provider_oauth2.service_providers[each.key].id
}

4
modules/services/postgresql.tf
View file

@ -6,13 +6,13 @@ resource "random_password" "postgresql_service_passwords" {
resource "postgresql_role" "service_roles" {
for_each = local.services_database
name = each.value.name
name = each.key
login = true
password = random_password.postgresql_service_passwords[each.key].result
}
resource "postgresql_database" "service_databases" {
for_each = local.services_database
name = each.value.name
name = each.key
owner = postgresql_role.service_roles[each.key].name
}

1
modules/services/variables.tf
View file

@ -3,7 +3,6 @@ variable "authentik_url" {
variable "services" {
type = map(object({
name = string
host = string
dns = optional(list(object({
domain = string

4
playbooks/filter_plugins/gatus.py
View file

@ -50,7 +50,7 @@ class FilterModule(object):
"[CERTIFICATE_EXPIRATION] > 48h"
]
for service in services:
for name, service in services.items():
if mon := service.get("monitoring"):
if service.get("dns"):
url = f"https://{service["dns"][0]['domain']}"
@ -71,7 +71,7 @@ class FilterModule(object):
conditions = default_conditions
new_endpoint = {
"name": service["name"],
"name": name,
"group": mon.get("group"),
"url": url,
"conditions": conditions,

38
playbooks/filter_plugins/service_filters.py
View file

@ -2,32 +2,38 @@ class FilterModule(object):
def filters(self):
return {
'services_for_host': self.services_for_host,
'services_to_dnscontrol': self.services_to_dnscontrol,
'services_names': self.services_names,
'services_get_attr': self.services_get_attr,
'services_get_backups': self.services_get_backups,
'service_get_backups': self.service_get_backups,
'services_ports_to_docker': self.services_ports_to_docker,
'service_get_domain': self.service_get_domain,
'services_to_dnscontrol': self.services_to_dnscontrol,
}
def services_for_host(self, services, host):
result = []
for service in services:
result = {}
for name, service in services.items():
if not host:
result.append(service)
result[name] = service
continue
if service["host"] == host:
result.append(service)
result[name] = service
continue
if service["host"] == "*":
result.append(service)
result[name] = service
continue
return result
def find_service(self, services, name):
for service in services:
if service.get("name") == name:
return service
return None
def services_names(self, services):
return list(services.keys())
def services_get_attr(self, services, attr):
result = []
for service in services.values():
if value := service.get(attr):
result.append(value)
return result
def services_get_backups(self, all_services, wanted_services):
result = []
@ -36,12 +42,12 @@ class FilterModule(object):
return result
def service_get_backups(self, all_services, wanted_service):
if service := self.find_service(all_services, wanted_service):
if service := all_services.get(wanted_service):
return service.get("backup") or []
return []
def service_get_domain(self, all_services, wanted_service):
if service := self.find_service(all_services, wanted_service):
if service := all_services.get(wanted_service):
if dns := service.get("dns"):
if dns_0 := dns[0]:
return dns_0.get("domain")
@ -55,11 +61,11 @@ class FilterModule(object):
result.append(f"{port['port']}:{port['port']}/{port['protocol']}")
return result
def services_to_dnscontrol(self, services):
def services_to_dnscontrol(self, all_services):
result = {}
for service in services:
for svc_name, service in all_services.items():
for dns in service.get("dns") or []:
name = dns.get("name") or service["name"]
name = dns.get("name") or svc_name
domain_parts = dns["domain"].split(".")
target_parts = domain_parts[:-2] or ["@"]
result[name] = {

4
playbooks/roles/backup/vars/main.yml
View file

@ -1,6 +1,6 @@
---
backup_list: "{{ host_services | map(attribute='backup') | flatten }}"
backup_list_all: "{{ all_services | map(attribute='backup') | flatten }}"
backup_list: "{{ host_services | services_get_attr('backup') | flatten }}"
backup_list_all: "{{ all_services | services_get_attr('backup') | flatten }}"
backup_msg_start: "Backup started"
backup_msg_fail: "Backup failed"

2
playbooks/roles/caddy/vars/main.yml
View file

@ -6,7 +6,7 @@ caddy_acmedns_url: "https://{{ acme_dns.host }}"
caddy_ports_default:
- "{{ host_vpn.ip }}:2019:2019"
caddy_ports_extra: "{{ host_services | map(attribute='ports') | flatten | services_ports_to_docker('reverse_proxy') }}"
caddy_ports_extra: "{{ host_services | services_get_attr('ports') | flatten | services_ports_to_docker('reverse_proxy') }}"
caddy_ports: "{{ caddy_ports_default | union(caddy_ports_extra) }}"
caddy_env:

2
playbooks/roles/lego/vars/main.yml
View file

@ -1,5 +1,5 @@
---
lego_host_certificates: "{{ host_services | map(attribute='certificates') | flatten }}"
lego_host_certificates: "{{ host_services | services_get_attr('certificates') | flatten }}"
lego_env:
ACME_DNS_API_BASE: https://{{ acme_dns.host }}

6
playbooks/serguzim.net.yml
View file

@ -21,11 +21,11 @@
- name: Include service roles
ansible.builtin.include_role:
name: "{{ services_item.name }}"
name: "{{ services_item }}"
apply:
tags: "{{ services_item.name }}"
tags: "{{ services_item }}"
tags: always
loop: "{{ host_services }}"
loop: "{{ host_services | services_names() }}"
loop_control:
loop_var: services_item

2
playbooks/tasks/get-unused.yml
View file

@ -14,4 +14,4 @@
- name: Set unused services
ansible.builtin.set_fact:
unused_services: "{{ docker_compose_projects_result.stdout_lines | difference(host_services | map(attribute='name')) }}"
unused_services: "{{ docker_compose_projects_result.stdout_lines | difference(host_services | services_names()) }}"

2
playbooks/tasks/reload-caddy.yml
View file

@ -6,7 +6,7 @@
- name: Map exisiting/wanted caddy site configs
ansible.builtin.set_fact:
caddy_site_configs_have: "{{ find_result.files | map(attribute='path') }}"
caddy_site_configs_want: "{{ host_services | map(attribute='name') | list_prefix_path_suffix(caddy_config_path, '.conf') }}"
caddy_site_configs_want: "{{ host_services | services_names() | list_prefix_path_suffix(caddy_config_path, '.conf') }}"
- name: Remove unwanted caddy site configs
ansible.builtin.file:

32
services.auto.tfvars
View file

@ -1,6 +1,5 @@
services = {
"acme_dns" = {
name = "acme_dns"
host = "node001"
dns = [{
domain = "acme.serguzim.me"
@ -15,7 +14,6 @@ services = {
},
"authentik" = {
name = "authentik"
host = "node003"
dns = [{
domain = "auth.serguzim.me"
@ -31,7 +29,6 @@ services = {
},
"backup" = {
name = "backup"
host = "*"
auth = false
database = false
@ -39,7 +36,6 @@ services = {
},
"caddy" = {
name = "caddy"
host = "*"
ports = [
{
@ -65,7 +61,6 @@ services = {
},
"extra_services" = {
name = "extra_services"
host = "node001"
auth = false
database = false
@ -73,7 +68,6 @@ services = {
},
"faas" = {
name = "faas"
host = "node002"
dns = [
{
@ -100,7 +94,6 @@ services = {
},
"forgejo" = {
name = "forgejo"
host = "node003"
dns = [{
domain = "git.serguzim.me"
@ -120,7 +113,6 @@ services = {
},
"forgejo_runner" = {
name = "forgejo_runner"
host = "node003"
auth = false
database = false
@ -128,7 +120,6 @@ services = {
},
"healthcheck" = {
name = "healthcheck"
host = "node003"
auth = false
database = false
@ -136,7 +127,6 @@ services = {
},
"gatus" = {
name = "gatus"
host = "node003"
dns = [{
domain = "status.serguzim.me"
@ -152,7 +142,6 @@ services = {
},
"homebox" = {
name = "homebox"
host = "node003"
dns = [{
domain = "inventory.serguzim.me"
@ -175,7 +164,6 @@ services = {
},
"immich" = {
name = "immich"
host = "node002"
dns = [{
domain = "gallery.serguzim.me"
@ -200,7 +188,6 @@ services = {
},
"influxdb" = {
name = "influxdb"
host = "node002"
dns = [{
domain = "tick.serguzim.me"
@ -223,7 +210,6 @@ services = {
},
"jellyfin" = {
name = "jellyfin"
host = "node002"
dns = [{
domain = "media.serguzim.me"
@ -246,7 +232,6 @@ services = {
},
"lego" = {
name = "lego"
host = "*"
auth = false
database = false
@ -254,7 +239,6 @@ services = {
},
"linkwarden" = {
name = "linkwarden"
host = "node003"
dns = [{
domain = "bookmarks.serguzim.me"
@ -271,7 +255,6 @@ services = {
},
mailcowdockerized = {
name = "mailcowdockerized"
host = "node003"
dns = [{
domain = "mail.serguzim.me"
@ -289,7 +272,6 @@ services = {
},
"minio" = {
name = "minio"
host = "node002"
dns = [
{
@ -316,7 +298,6 @@ services = {
},
"ntfy" = {
name = "ntfy"
host = "node003"
dns = [{
domain = "push.serguzim.me"
@ -339,7 +320,6 @@ services = {
},
"postgresql" = {
name = "postgresql"
host = "node002"
backup = [{
name = "postgresql"
@ -359,7 +339,6 @@ services = {
},
"reitanlage_oranienburg" = {
name = "reitanlage_oranienburg"
host = "node003"
dns = [
{
@ -384,7 +363,6 @@ services = {
},
"shlink" = {
name = "shlink"
host = "node001"
dns = [
{
@ -410,7 +388,6 @@ services = {
},
"synapse" = {
name = "synapse"
host = "node003"
dns = [
{
@ -444,7 +421,6 @@ services = {
},
"tandoor" = {
name = "tandoor"
host = "node003"
dns = [{
domain = "recipes.serguzim.me"
@ -463,7 +439,6 @@ services = {
},
"teamspeak_fallback" = {
name = "teamspeak_fallback"
host = "node003"
dns = [
{
@ -488,7 +463,6 @@ services = {
}
"telegraf" = {
name = "telegraf"
host = "node003"
auth = false
database = true
@ -496,7 +470,6 @@ services = {
},
"tinytinyrss" = {
name = "tinytinyrss"
host = "node001"
dns = [{
domain = "rss.serguzim.me"
@ -511,7 +484,6 @@ services = {
},
"umami" = {
name = "umami"
host = "node001"
dns = [{
domain = "analytics.serguzim.me"
@ -526,7 +498,6 @@ services = {
},
"vikunja" = {
name = "vikunja"
host = "node001"
dns = [{
domain = "todo.serguzim.me"
@ -546,7 +517,6 @@ services = {
},
"watchtower" = {
name = "watchtower"
host = "*"
auth = false
database = false
@ -554,7 +524,6 @@ services = {
},
"wiki_js" = {
name = "wiki_js"
host = "node001"
dns = [{
domain = "wiki.serguzim.me"
@ -569,7 +538,6 @@ services = {
},
"woodpecker" = {
name = "woodpecker"
host = "node003"
dns = [{
domain = "ci.serguzim.me"

1
variables.tf
View file

@ -142,7 +142,6 @@ variable "default_ssh_key" {
variable "services" {
type = map(object({
name = string
host = string
dns = optional(list(object({
domain = string