serguzim/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move services.json into ansible

Browse source
This commit is contained in:
Tobias Reisinger 2024-10-03 03:46:55 +02:00
parent 6548019090
commit 3fed27b42f
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
11 changed files with 188 additions and 153 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -2,6 +2,7 @@
types-dnscontrol.d.ts
dns/hosts.json
dns/services.json
secrets.auto.tfvars
.terraform

24
Makefile
View file

@ -3,27 +3,33 @@ SHELL := /bin/bash
include .env
export
DNS_OUTPUT = "dns/hosts.json"
SERVICES_OUTPUT = "inventory/group_vars/all/opentofu.yaml"
PWD := $(shell pwd)
$(DNS_OUTPUT):
.FORCE:
./dns/hosts.json: .FORCE
tofu output --json \
| jq 'with_entries(.value |= .value).hosts' \
> $(DNS_OUTPUT)
> ./dns/hosts.json
$(SERVICES_OUTPUT):
./dns/services.json: ./inventory/group_vars/all/all_services.yml
ansible-playbook \
-e services_json_file=$(PWD)/dns/services.json \
playbooks/create_services_for_dnscontrol.yml
./inventory/group_vars/all/opentofu.yaml: .FORCE
tofu output --json \
| yq -y '{opentofu: with_entries(.value |= .value)}' \
> $(SERVICES_OUTPUT)
> ./inventory/group_vars/all/opentofu.yaml
outputs: $(DNS_OUTPUT) $(SERVICES_OUTPUT)
outputs: ./dns/hosts.json ./dns/services.json ./inventory/group_vars/all/opentofu.yaml
./types-dnscontrol.d.ts:
dnscontrol write-types
dns: $(DNS_OUTPUT) ./types-dnscontrol.d.ts
dns: ./types-dnscontrol.d.ts ./dns/hosts.json ./dns/services.json
dnscontrol push
dns-check: $(DNS_OUTPUT) ./types-dnscontrol.d.ts
dns-check: ./types-dnscontrol.d.ts ./dns/hosts.json ./dns/services.json
dnscontrol check-creds ovh

89
dns/services.json
View file

@ -1,89 +0,0 @@
{
"catch-all-serguzim.me": {
"target": "*",
"domain": "serguzim.me",
"host": "node002"
},
"acme_dns": {
"target": "acme",
"domain": "serguzim.me",
"host": "node003"
},
"authentik": {
"target": "auth",
"domain": "serguzim.me",
"host": "node002"
},
"openfaas": {
"target": "faas",
"domain": "serguzim.me",
"host": "node002"
},
"mailcow": {
"target": "mail",
"domain": "serguzim.me",
"host": "node003"
},
"synapse": {
"target": "matrix",
"domain": "serguzim.me",
"host": "node002"
},
"linkwarden": {
"target": "bookmarks",
"domain": "serguzim.me",
"host": "node003"
},
"minio": {
"target": "s3",
"domain": "serguzim.me",
"host": "node002"
},
"minio-console": {
"target": "console.s3",
"domain": "serguzim.me",
"alias": "minio"
},
"umami": {
"target": "analytics",
"domain": "serguzim.me",
"host": "node003"
},
"webpage-serguzim.me": {
"target": "@",
"domain": "serguzim.me",
"alias": "openfaas"
},
"wiki_js": {
"target": "wiki",
"domain": "serguzim.me",
"host": "node003"
},
"synapse_msrg.cc": {
"target": "matrix",
"domain": "msrg.cc",
"alias": "synapse"
},
"shlink": {
"target": "@",
"domain": "msrg.cc",
"host": "node002"
},
"shlink-msvg.cc": {
"target": "@",
"domain": "msvg.cc",
"alias": "shlink"
},
"reitanlage_oranienburg": {
"target": "@",
"domain": "reitanlage-oranienburg.de",
"host": "node002"
},
"reitanlage_oranienburg-www": {
"target": "www",
"domain": "reitanlage-oranienburg.de",
"alias": "reitanlage_oranienburg"
}
}

120
inventory/group_vars/all/all_services.yml
View file

@ -1,58 +1,178 @@
all_services:
- name: acme_dns
host: node003
dns:
- domain: serguzim.me
target: acme
- name: authentik
host: node002
dns:
- domain: serguzim.me
target: auth
- name: extra_services
host: node002
dns:
- domain: serguzim.me
target: "*"
- name: faas
host: node002
dns:
- domain: serguzim.me
target: faas
- domain: serguzim.me
target: "@"
name: webpage-serguzim
alias: faas
- name: forgejo
host: node002
dns:
- domain: serguzim.me
target: forgejo
volumes_backup:
- forgejo_data
- name: forgejo_runner
host: node002
- name: healthcheck
host: node002
- name: homebox
host: node002
dns:
- domain: serguzim.me
target: inventory
volumes_backup:
- homebox_data
- name: immich
host: node002
dns:
- domain: serguzim.me
target: gallery
volumes_backup:
- immich_upload
- name: influxdb
host: node002
dns:
- domain: serguzim.me
target: tick
volumes_backup:
- influxdb_data
- name: jellyfin
host: node002
dns:
- domain: serguzim.me
target: media
volumes_backup:
- jellyfin_config
#- jellyfin_media # TODO
- name: linkwarden
host: node003
dns:
- domain: serguzim.me
target: bookmarks
- name: mailcow
host: node003
dns:
- domain: serguzim.me
target: mail
- name: minio
host: node002
dns:
- domain: serguzim.me
target: s3
- domain: serguzim.me
target: console.s3
name: minio-console
alias: minio
volumes_backup:
- minio_data
- name: ntfy
host: node002
dns:
- domain: serguzim.me
target: push
volumes_backup:
- ntfy_data
- name: reitanlage_oranienburg
host: node002
dns:
- domain: reitanlage-oranienburg.de
target: "@"
- domain: reitanlage-oranienburg.de
target: www
name: reitanlage_oranienburg-www
alias: reitanlage_oranienburg
volumes_backup:
- reitanlage-oranienburg_data
- name: shlink
host: node002
dns:
- domain: msrg.cc
target: "@"
- domain: msvg.cc
target: "@"
name: shlink-msvg
alias: shlink
- name: synapse
host: node002
dns:
- domain: serguzim.me
target: matrix
- domain: msrg.cc
target: matrix
name: synapse_msrg
alias: synapse
volumes_backup:
- synapse_media_store
ports:
- 8448:8448
- name: tandoor
host: node002
dns:
- domain: serguzim.me
target: recipes
volumes_backup:
- tandoor_mediafiles
- name: teamspeak_fallback
host: node002
volumes_backup:
- teamspeak-fallback-data
- name: telegraf
host: node002
- name: tinytinyrss
host: node002
dns:
- domain: serguzim.me
target: rss
- name: umami
host: node003
dns:
- domain: serguzim.me
target: analytics
- name: uptime_kuma
host: node002
dns:
- domain: serguzim.me
target: status
volumes_backup:
- uptime-kuma_data
- name: vikunja
host: node002
dns:
- domain: serguzim.me
target: todo
volumes_backup:
- vikunja_data
- name: webhook
host: node002
dns:
- domain: serguzim.me
target: hook
- name: wiki_js
host: node003
dns:
- domain: serguzim.me
target: wiki
- name: woodpecker
host: node002
dns:
- domain: serguzim.me
target: ci

35
inventory/serguzim.net.yml
View file

@ -19,8 +19,6 @@ all:
host_backup:
hc_uid: "{{ vault_node001.backup.hc_uid }}"
uptime_kuma_token: "{{ vault_node001.backup.uptime_kuma_token }}"
volumes:
- minecraft-2_data
node002:
ansible_host: node002.vpn.serguzim.net
@ -33,32 +31,6 @@ all:
host_backup:
hc_uid: "{{ vault_node002.backup.hc_uid }}"
uptime_kuma_token: "{{ vault_node002.backup.uptime_kuma_token }}"
volumes:
host_services:
- authentik
- extra_services
- faas
- forgejo
- forgejo_runner
- healthcheck
- homebox
- immich
- influxdb
- jellyfin
- minio
- ntfy
- reitanlage_oranienburg
- shlink
- synapse
- tandoor
- teamspeak_fallback
- telegraf
- tinytinyrss
- uptime_kuma
- vikunja
- watchtower
- webhook
- woodpecker
node003:
ansible_host: node003.vpn.serguzim.net
@ -71,10 +43,3 @@ all:
host_backup:
hc_uid: "{{ vault_node003.backup.hc_uid }}"
uptime_kuma_token: "{{ vault_node003.backup.uptime_kuma_token }}"
volumes: []
host_services:
- acme_dns
- linkwarden
- mailcow
- umami
- wiki_js

11
playbooks/create_services_for_dnscontrol.yml Normal file
View file

@ -0,0 +1,11 @@
---
- name: Create services for dnscontrol
hosts: localhost
tasks:
- name: Create the services json file
ansible.builtin.template:
src: "json.j2"
dest: "{{ services_json_file }}"
mode: "0644"
vars:
json: "{{ all_services | services_to_dnscontrol() }}"

17
playbooks/filter_plugins/my_service_attributes.py
View file

@ -1,17 +0,0 @@
class FilterModule(object):
def filters(self):
return {
'my_service_attributes': self.my_service_attributes,
}
def my_service_attributes(self, services, my_services, attribute="name"):
result = []
for service in services:
if service["name"] in my_services:
if attribute in service:
if type(service[attribute]) == list:
result.extend(service[attribute])
else:
result.append(service[attribute])
return result

38
playbooks/filter_plugins/service_filters.py Normal file
View file

@ -0,0 +1,38 @@
class FilterModule(object):
def filters(self):
return {
'my_service_attributes': self.my_service_attributes,
'services_to_dnscontrol': self.services_to_dnscontrol,
}
def my_service_attributes(self, services, host, attribute="name"):
result = []
for service in services:
if service["host"] != host:
continue
if not attribute in service:
continue
if type(service[attribute]) == list:
result.extend(service[attribute])
else:
result.append(service[attribute])
return result
def services_to_dnscontrol(self, services):
result = {}
for service in services:
for dns in service.get("dns", []):
name = dns.get("name", service["name"])
result[name] = {
"target": dns["target"],
"domain": dns["domain"],
}
if "alias" in dns:
result[name]["alias"] = dns["alias"]
else:
result[name]["host"] = service["host"]
return result

2
playbooks/serguzim.net.yml
View file

@ -23,6 +23,6 @@
apply:
tags: "{{ services_item }}"
tags: always
loop: "{{ all_services | my_service_attributes(host_services) }}"
loop: "{{ all_services | my_service_attributes(inventory_hostname) }}"
loop_control:
loop_var: services_item

2
roles/backup/vars/main.yml
View file

@ -5,7 +5,7 @@ backup_image: "{{ (container_registry.public, 'services/backup') | path_join }}"
backup_svc:
name: backup
backup_volumes_list: "{{ all_services | my_service_attributes(host_services, 'volumes_backup') }}"
backup_volumes_list: "{{ all_services | my_service_attributes(inventory_hostname, 'volumes_backup') }}"
backup_volumes_service: "{{ backup_volumes_list | map_backup_volumes_service }}"
backup_env:

2
roles/caddy/vars/main.yml
View file

@ -9,7 +9,7 @@ caddy_ports_default:
- 443:443
- 443:443/udp
- "{{ host_vpn.ip }}:2019:2019"
caddy_ports_extra: "{{ all_services | my_service_attributes(host_services, 'ports') }}"
caddy_ports_extra: "{{ all_services | my_service_attributes(inventory_hostname, 'ports') }}"
caddy_ports: "{{ caddy_ports_default | union(caddy_ports_extra) }}"
caddy_svc: