serguzim/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor all_services to remove name attribute

Browse source
This commit is contained in:
Tobias Reisinger 2024-10-22 18:29:03 +02:00
parent 6f9f888478
commit 1d14ac888e
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
16 changed files with 42 additions and 71 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Makefile
View file

@ -10,8 +10,8 @@ PWD := $(shell pwd)
.FORCE: .FORCE:
./inventory/group_vars/all/all_services.yml: .FORCE ./inventory/group_vars/all/all_services.yml: .FORCE
tofu output --json \ tofu output --json services \
| yq -y '{all_services: with_entries(.value |= .value).services | to_entries | map(.value)}' \ | yq -y '{all_services: .}' \
> ./inventory/group_vars/all/all_services.yml > ./inventory/group_vars/all/all_services.yml
./inventory/group_vars/all/opentofu.yml: .FORCE ./inventory/group_vars/all/opentofu.yml: .FORCE

4
modules/infrastructure/scaleway.tf
View file

@ -13,7 +13,7 @@ data "scaleway_iam_user" "serguzim" {
resource "scaleway_iam_application" "service_applications" { resource "scaleway_iam_application" "service_applications" {
for_each = local.services_s3 for_each = local.services_s3
name = each.value.name name = each.key
} }
resource "scaleway_iam_policy" "service_storage_policies" { resource "scaleway_iam_policy" "service_storage_policies" {
@ -28,7 +28,7 @@ resource "scaleway_iam_policy" "service_storage_policies" {
resource "scaleway_object_bucket" "service_buckets" { resource "scaleway_object_bucket" "service_buckets" {
for_each = local.services_s3 for_each = local.services_s3
name = "${each.value.name}.serguzim.me" name = "${each.key}.serguzim.me"
lifecycle { lifecycle {
prevent_destroy = true prevent_destroy = true
} }

1
modules/infrastructure/variables.tf
View file

@ -12,7 +12,6 @@ variable "default_ssh_key" {
variable "services" { variable "services" {
type = map(object({ type = map(object({
name = string
host = string host = string
dns = optional(list(object({ dns = optional(list(object({
domain = string domain = string

6
modules/services/authentik.tf
View file

@ -53,9 +53,9 @@ resource "authentik_group" "minio_users" {
resource "authentik_provider_oauth2" "service_providers" { resource "authentik_provider_oauth2" "service_providers" {
for_each = local.services_auth for_each = local.services_auth
name = each.value.name name = each.key
client_type = "confidential" client_type = "confidential"
client_id = each.value.name client_id = each.key
authorization_flow = data.authentik_flow.default_authorization_flow.id authorization_flow = data.authentik_flow.default_authorization_flow.id
redirect_uris = each.value.auth_redirects redirect_uris = each.value.auth_redirects
property_mappings = flatten([ property_mappings = flatten([
@ -69,7 +69,7 @@ resource "authentik_provider_oauth2" "service_providers" {
resource "authentik_application" "service_applications" { resource "authentik_application" "service_applications" {
for_each = local.services_auth for_each = local.services_auth
name = each.value.name name = each.key
slug = replace(each.value.dns[0].domain, ".", "-") slug = replace(each.value.dns[0].domain, ".", "-")
protocol_provider = authentik_provider_oauth2.service_providers[each.key].id protocol_provider = authentik_provider_oauth2.service_providers[each.key].id
} }

4
modules/services/postgresql.tf
View file

@ -6,13 +6,13 @@ resource "random_password" "postgresql_service_passwords" {
resource "postgresql_role" "service_roles" { resource "postgresql_role" "service_roles" {
for_each = local.services_database for_each = local.services_database
name = each.value.name name = each.key
login = true login = true
password = random_password.postgresql_service_passwords[each.key].result password = random_password.postgresql_service_passwords[each.key].result
} }
resource "postgresql_database" "service_databases" { resource "postgresql_database" "service_databases" {
for_each = local.services_database for_each = local.services_database
name = each.value.name name = each.key
owner = postgresql_role.service_roles[each.key].name owner = postgresql_role.service_roles[each.key].name
} }

1
modules/services/variables.tf
View file

@ -3,7 +3,6 @@ variable "authentik_url" {
variable "services" { variable "services" {
type = map(object({ type = map(object({
name = string
host = string host = string
dns = optional(list(object({ dns = optional(list(object({
domain = string domain = string

4
playbooks/filter_plugins/gatus.py
View file

@ -50,7 +50,7 @@ class FilterModule(object):
"[CERTIFICATE_EXPIRATION] > 48h" "[CERTIFICATE_EXPIRATION] > 48h"
] ]
for service in services: for name, service in services.items():
if mon := service.get("monitoring"): if mon := service.get("monitoring"):
if service.get("dns"): if service.get("dns"):
url = f"https://{service["dns"][0]['domain']}" url = f"https://{service["dns"][0]['domain']}"
@ -71,7 +71,7 @@ class FilterModule(object):
conditions = default_conditions conditions = default_conditions
new_endpoint = { new_endpoint = {
"name": service["name"], "name": name,
"group": mon.get("group"), "group": mon.get("group"),
"url": url, "url": url,
"conditions": conditions, "conditions": conditions,

38
playbooks/filter_plugins/service_filters.py
View file

@ -2,32 +2,38 @@ class FilterModule(object):
def filters(self): def filters(self):
return { return {
'services_for_host': self.services_for_host, 'services_for_host': self.services_for_host,
'services_to_dnscontrol': self.services_to_dnscontrol, 'services_names': self.services_names,
'services_get_attr': self.services_get_attr,
'services_get_backups': self.services_get_backups, 'services_get_backups': self.services_get_backups,
'service_get_backups': self.service_get_backups, 'service_get_backups': self.service_get_backups,
'services_ports_to_docker': self.services_ports_to_docker, 'services_ports_to_docker': self.services_ports_to_docker,
'service_get_domain': self.service_get_domain, 'service_get_domain': self.service_get_domain,
'services_to_dnscontrol': self.services_to_dnscontrol,
} }
def services_for_host(self, services, host): def services_for_host(self, services, host):
result = [] result = {}
for service in services: for name, service in services.items():
if not host: if not host:
result.append(service) result[name] = service
continue continue
if service["host"] == host: if service["host"] == host:
result.append(service) result[name] = service
continue continue
if service["host"] == "*": if service["host"] == "*":
result.append(service) result[name] = service
continue continue
return result return result
def find_service(self, services, name): def services_names(self, services):
for service in services: return list(services.keys())
if service.get("name") == name:
return service def services_get_attr(self, services, attr):
return None result = []
for service in services.values():
if value := service.get(attr):
result.append(value)
return result
def services_get_backups(self, all_services, wanted_services): def services_get_backups(self, all_services, wanted_services):
result = [] result = []
@ -36,12 +42,12 @@ class FilterModule(object):
return result return result
def service_get_backups(self, all_services, wanted_service): def service_get_backups(self, all_services, wanted_service):
if service := self.find_service(all_services, wanted_service): if service := all_services.get(wanted_service):
return service.get("backup") or [] return service.get("backup") or []
return [] return []
def service_get_domain(self, all_services, wanted_service): def service_get_domain(self, all_services, wanted_service):
if service := self.find_service(all_services, wanted_service): if service := all_services.get(wanted_service):
if dns := service.get("dns"): if dns := service.get("dns"):
if dns_0 := dns[0]: if dns_0 := dns[0]:
return dns_0.get("domain") return dns_0.get("domain")
@ -55,11 +61,11 @@ class FilterModule(object):
result.append(f"{port['port']}:{port['port']}/{port['protocol']}") result.append(f"{port['port']}:{port['port']}/{port['protocol']}")
return result return result
def services_to_dnscontrol(self, services): def services_to_dnscontrol(self, all_services):
result = {} result = {}
for service in services: for svc_name, service in all_services.items():
for dns in service.get("dns") or []: for dns in service.get("dns") or []:
name = dns.get("name") or service["name"] name = dns.get("name") or svc_name
domain_parts = dns["domain"].split(".") domain_parts = dns["domain"].split(".")
target_parts = domain_parts[:-2] or ["@"] target_parts = domain_parts[:-2] or ["@"]
result[name] = { result[name] = {

4
playbooks/roles/backup/vars/main.yml
View file

@ -1,6 +1,6 @@
--- ---
backup_list: "{{ host_services | map(attribute='backup') | flatten }}" backup_list: "{{ host_services | services_get_attr('backup') | flatten }}"
backup_list_all: "{{ all_services | map(attribute='backup') | flatten }}" backup_list_all: "{{ all_services | services_get_attr('backup') | flatten }}"
backup_msg_start: "Backup started" backup_msg_start: "Backup started"
backup_msg_fail: "Backup failed" backup_msg_fail: "Backup failed"

2
playbooks/roles/caddy/vars/main.yml
View file

@ -6,7 +6,7 @@ caddy_acmedns_url: "https://{{ acme_dns.host }}"
caddy_ports_default: caddy_ports_default:
- "{{ host_vpn.ip }}:2019:2019" - "{{ host_vpn.ip }}:2019:2019"
caddy_ports_extra: "{{ host_services | map(attribute='ports') | flatten | services_ports_to_docker('reverse_proxy') }}" caddy_ports_extra: "{{ host_services | services_get_attr('ports') | flatten | services_ports_to_docker('reverse_proxy') }}"
caddy_ports: "{{ caddy_ports_default | union(caddy_ports_extra) }}" caddy_ports: "{{ caddy_ports_default | union(caddy_ports_extra) }}"
caddy_env: caddy_env:

2
playbooks/roles/lego/vars/main.yml
View file

@ -1,5 +1,5 @@
--- ---
lego_host_certificates: "{{ host_services | map(attribute='certificates') | flatten }}" lego_host_certificates: "{{ host_services | services_get_attr('certificates') | flatten }}"
lego_env: lego_env:
ACME_DNS_API_BASE: https://{{ acme_dns.host }} ACME_DNS_API_BASE: https://{{ acme_dns.host }}

6
playbooks/serguzim.net.yml
View file

@ -21,11 +21,11 @@
- name: Include service roles - name: Include service roles
ansible.builtin.include_role: ansible.builtin.include_role:
name: "{{ services_item.name }}" name: "{{ services_item }}"
apply: apply:
tags: "{{ services_item.name }}" tags: "{{ services_item }}"
tags: always tags: always
loop: "{{ host_services }}" loop: "{{ host_services | services_names() }}"
loop_control: loop_control:
loop_var: services_item loop_var: services_item

2
playbooks/tasks/get-unused.yml
View file

@ -14,4 +14,4 @@
- name: Set unused services - name: Set unused services
ansible.builtin.set_fact: ansible.builtin.set_fact:
unused_services: "{{ docker_compose_projects_result.stdout_lines | difference(host_services | map(attribute='name')) }}" unused_services: "{{ docker_compose_projects_result.stdout_lines | difference(host_services | services_names()) }}"

2
playbooks/tasks/reload-caddy.yml
View file

@ -6,7 +6,7 @@
- name: Map exisiting/wanted caddy site configs - name: Map exisiting/wanted caddy site configs
ansible.builtin.set_fact: ansible.builtin.set_fact:
caddy_site_configs_have: "{{ find_result.files | map(attribute='path') }}" caddy_site_configs_have: "{{ find_result.files | map(attribute='path') }}"
caddy_site_configs_want: "{{ host_services | map(attribute='name') | list_prefix_path_suffix(caddy_config_path, '.conf') }}" caddy_site_configs_want: "{{ host_services | services_names() | list_prefix_path_suffix(caddy_config_path, '.conf') }}"
- name: Remove unwanted caddy site configs - name: Remove unwanted caddy site configs
ansible.builtin.file: ansible.builtin.file:

32
services.auto.tfvars
View file

@ -1,6 +1,5 @@
services = { services = {
"acme_dns" = { "acme_dns" = {
name = "acme_dns"
host = "node001" host = "node001"
dns = [{ dns = [{
domain = "acme.serguzim.me" domain = "acme.serguzim.me"
@ -15,7 +14,6 @@ services = {
}, },
"authentik" = { "authentik" = {
name = "authentik"
host = "node003" host = "node003"
dns = [{ dns = [{
domain = "auth.serguzim.me" domain = "auth.serguzim.me"
@ -31,7 +29,6 @@ services = {
}, },
"backup" = { "backup" = {
name = "backup"
host = "*" host = "*"
auth = false auth = false
database = false database = false
@ -39,7 +36,6 @@ services = {
}, },
"caddy" = { "caddy" = {
name = "caddy"
host = "*" host = "*"
ports = [ ports = [
{ {
@ -65,7 +61,6 @@ services = {
}, },
"extra_services" = { "extra_services" = {
name = "extra_services"
host = "node001" host = "node001"
auth = false auth = false
database = false database = false
@ -73,7 +68,6 @@ services = {
}, },
"faas" = { "faas" = {
name = "faas"
host = "node002" host = "node002"
dns = [ dns = [
{ {
@ -100,7 +94,6 @@ services = {
}, },
"forgejo" = { "forgejo" = {
name = "forgejo"
host = "node003" host = "node003"
dns = [{ dns = [{
domain = "git.serguzim.me" domain = "git.serguzim.me"
@ -120,7 +113,6 @@ services = {
}, },
"forgejo_runner" = { "forgejo_runner" = {
name = "forgejo_runner"
host = "node003" host = "node003"
auth = false auth = false
database = false database = false
@ -128,7 +120,6 @@ services = {
}, },
"healthcheck" = { "healthcheck" = {
name = "healthcheck"
host = "node003" host = "node003"
auth = false auth = false
database = false database = false
@ -136,7 +127,6 @@ services = {
}, },
"gatus" = { "gatus" = {
name = "gatus"
host = "node003" host = "node003"
dns = [{ dns = [{
domain = "status.serguzim.me" domain = "status.serguzim.me"
@ -152,7 +142,6 @@ services = {
}, },
"homebox" = { "homebox" = {
name = "homebox"
host = "node003" host = "node003"
dns = [{ dns = [{
domain = "inventory.serguzim.me" domain = "inventory.serguzim.me"
@ -175,7 +164,6 @@ services = {
}, },
"immich" = { "immich" = {
name = "immich"
host = "node002" host = "node002"
dns = [{ dns = [{
domain = "gallery.serguzim.me" domain = "gallery.serguzim.me"
@ -200,7 +188,6 @@ services = {
}, },
"influxdb" = { "influxdb" = {
name = "influxdb"
host = "node002" host = "node002"
dns = [{ dns = [{
domain = "tick.serguzim.me" domain = "tick.serguzim.me"
@ -223,7 +210,6 @@ services = {
}, },
"jellyfin" = { "jellyfin" = {
name = "jellyfin"
host = "node002" host = "node002"
dns = [{ dns = [{
domain = "media.serguzim.me" domain = "media.serguzim.me"
@ -246,7 +232,6 @@ services = {
}, },
"lego" = { "lego" = {
name = "lego"
host = "*" host = "*"
auth = false auth = false
database = false database = false
@ -254,7 +239,6 @@ services = {
}, },
"linkwarden" = { "linkwarden" = {
name = "linkwarden"
host = "node003" host = "node003"
dns = [{ dns = [{
domain = "bookmarks.serguzim.me" domain = "bookmarks.serguzim.me"
@ -271,7 +255,6 @@ services = {
}, },
mailcowdockerized = { mailcowdockerized = {
name = "mailcowdockerized"
host = "node003" host = "node003"
dns = [{ dns = [{
domain = "mail.serguzim.me" domain = "mail.serguzim.me"
@ -289,7 +272,6 @@ services = {
}, },
"minio" = { "minio" = {
name = "minio"
host = "node002" host = "node002"
dns = [ dns = [
{ {
@ -316,7 +298,6 @@ services = {
}, },
"ntfy" = { "ntfy" = {
name = "ntfy"
host = "node003" host = "node003"
dns = [{ dns = [{
domain = "push.serguzim.me" domain = "push.serguzim.me"
@ -339,7 +320,6 @@ services = {
}, },
"postgresql" = { "postgresql" = {
name = "postgresql"
host = "node002" host = "node002"
backup = [{ backup = [{
name = "postgresql" name = "postgresql"
@ -359,7 +339,6 @@ services = {
}, },
"reitanlage_oranienburg" = { "reitanlage_oranienburg" = {
name = "reitanlage_oranienburg"
host = "node003" host = "node003"
dns = [ dns = [
{ {
@ -384,7 +363,6 @@ services = {
}, },
"shlink" = { "shlink" = {
name = "shlink"
host = "node001" host = "node001"
dns = [ dns = [
{ {
@ -410,7 +388,6 @@ services = {
}, },
"synapse" = { "synapse" = {
name = "synapse"
host = "node003" host = "node003"
dns = [ dns = [
{ {
@ -444,7 +421,6 @@ services = {
}, },
"tandoor" = { "tandoor" = {
name = "tandoor"
host = "node003" host = "node003"
dns = [{ dns = [{
domain = "recipes.serguzim.me" domain = "recipes.serguzim.me"
@ -463,7 +439,6 @@ services = {
}, },
"teamspeak_fallback" = { "teamspeak_fallback" = {
name = "teamspeak_fallback"
host = "node003" host = "node003"
dns = [ dns = [
{ {
@ -488,7 +463,6 @@ services = {
} }
"telegraf" = { "telegraf" = {
name = "telegraf"
host = "node003" host = "node003"
auth = false auth = false
database = true database = true
@ -496,7 +470,6 @@ services = {
}, },
"tinytinyrss" = { "tinytinyrss" = {
name = "tinytinyrss"
host = "node001" host = "node001"
dns = [{ dns = [{
domain = "rss.serguzim.me" domain = "rss.serguzim.me"
@ -511,7 +484,6 @@ services = {
}, },
"umami" = { "umami" = {
name = "umami"
host = "node001" host = "node001"
dns = [{ dns = [{
domain = "analytics.serguzim.me" domain = "analytics.serguzim.me"
@ -526,7 +498,6 @@ services = {
}, },
"vikunja" = { "vikunja" = {
name = "vikunja"
host = "node001" host = "node001"
dns = [{ dns = [{
domain = "todo.serguzim.me" domain = "todo.serguzim.me"
@ -546,7 +517,6 @@ services = {
}, },
"watchtower" = { "watchtower" = {
name = "watchtower"
host = "*" host = "*"
auth = false auth = false
database = false database = false
@ -554,7 +524,6 @@ services = {
}, },
"wiki_js" = { "wiki_js" = {
name = "wiki_js"
host = "node001" host = "node001"
dns = [{ dns = [{
domain = "wiki.serguzim.me" domain = "wiki.serguzim.me"
@ -569,7 +538,6 @@ services = {
}, },
"woodpecker" = { "woodpecker" = {
name = "woodpecker"
host = "node003" host = "node003"
dns = [{ dns = [{
domain = "ci.serguzim.me" domain = "ci.serguzim.me"

1
variables.tf
View file

@ -142,7 +142,6 @@ variable "default_ssh_key" {
variable "services" { variable "services" {
type = map(object({ type = map(object({
name = string
host = string host = string
dns = optional(list(object({ dns = optional(list(object({
domain = string domain = string