Fix pre-commit hooks and move directories

roles/ and inventory/ are now in playbooks/ also fixed issues reported by ansible-lint
2024-10-14 18:30:24 +02:00 · 2024-10-14 18:30:24 +02:00 · 4104057771
commit 4104057771
parent dc398ddb6e
123 changed files with 91 additions and 39 deletions
--- a/playbooks/roles/healthcheck/files/Dockerfile
+++ b/playbooks/roles/healthcheck/files/Dockerfile
@ -0,0 +1,6 @@
+FROM ubuntu
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt update -y \
+	&& apt install -y curl dnsutils msmtp gettext-base python3-matrix-nio python3-requests
--- a/playbooks/roles/healthcheck/files/data/mail
+++ b/playbooks/roles/healthcheck/files/data/mail
@ -0,0 +1,17 @@
+#!/usr/bin/sh
+
+cd /opt/ || exit
+
+hc_url="https://hc-ping.com/$MAIL_HC_UID"
+
+alias curl_hc='curl -LA "$USER_AGENT" --retry 3'
+
+envsubst < template.msmtprc > /tmp/msmtprc
+envsubst < mailcheck.template.mail > /tmp/mailcheck.mail
+
+result=$(msmtp -C /tmp/msmtprc -a default "$MAIL_HC_UID@hc-ping.com" < /tmp/mailcheck.mail 2>&1)
+if [ "$?" != "0" ]
+then
+	echo "$result"
+	curl_hc --data-raw "$result" "$hc_url/fail" >/dev/null
+fi
--- a/playbooks/roles/healthcheck/files/data/mailcheck.template.mail
+++ b/playbooks/roles/healthcheck/files/data/mailcheck.template.mail
@ -0,0 +1,5 @@
+To: ${MAIL_HC_UID}@hc-ping.com
+From: ${MAIL_USER}
+Subject: Healthcheck
+
+Mailserver alive
--- a/playbooks/roles/healthcheck/files/data/matrix
+++ b/playbooks/roles/healthcheck/files/data/matrix
@ -0,0 +1,43 @@
+#!/usr/bin/python3
+
+import datetime
+import os
+import requests
+import sys
+
+import asyncio
+from nio import AsyncClient, RoomMessageNotice
+
+def send_ping(success, msg=""):
+    url = os.environ['MATRIX_HC_URL']
+    if not success:
+        url += "/fail"
+
+    requests.get(url, data=msg, headers={'user-agent': os.environ['USER_AGENT']})
+
+async def main():
+    try:
+        client = AsyncClient(os.environ['MATRIX_SERVER'])
+        client.access_token = os.environ['MATRIX_TOKEN']
+        client.device_id = os.environ['USER_AGENT']
+        await client.room_send(
+            room_id = os.environ['MATRIX_ROOM'],
+            message_type = "m.room.message",
+            content = {
+                "msgtype": "m.text",
+                "body": "!ping"
+            }
+        )
+    except Exception as e:
+        print(e)
+
+        print("exception during login or sending")
+        send_ping(False, str(e))
+        sys.exit(1)
+    await client.close()
+
+    send_ping(True)
+    sys.exit(0)
+
+
+asyncio.new_event_loop().run_until_complete(main())
--- a/playbooks/roles/healthcheck/files/data/template.msmtprc
+++ b/playbooks/roles/healthcheck/files/data/template.msmtprc
@ -0,0 +1,13 @@
+defaults
+auth on
+tls on
+tls_trust_file /etc/ssl/certs/ca-certificates.crt
+logfile /tmp/msmtp.log
+
+account default
+host ${MAIL_HOST}
+port ${MAIL_PORT}
+tls_starttls on
+from ${MAIL_USER}
+user ${MAIL_USER}
+password ${MAIL_PASS}
--- a/playbooks/roles/healthcheck/files/healthcheck@.timer
+++ b/playbooks/roles/healthcheck/files/healthcheck@.timer
@ -0,0 +1,4 @@
+[Timer]
+OnCalendar=*:0/5
+[Install]
+WantedBy=timers.target
--- a/playbooks/roles/healthcheck/tasks/docker.yml
+++ b/playbooks/roles/healthcheck/tasks/docker.yml
@ -0,0 +1,16 @@
+---
+- name: Template the docker-compose file
+  ansible.builtin.template:
+    src: docker-compose.yml.j2
+    dest: "{{ (service_path, 'docker-compose.yml') | path_join }}"
+    mode: "0644"
+- name: Copy the Dockerfile
+  ansible.builtin.copy:
+    src: Dockerfile
+    dest: "{{ (service_path, 'Dockerfile') | path_join }}"
+    mode: "0644"
+- name: Copy the data files
+  ansible.builtin.copy:
+    src: data
+    dest: "{{ service_path }}"
+    mode: "0755"
--- a/playbooks/roles/healthcheck/tasks/main.yml
+++ b/playbooks/roles/healthcheck/tasks/main.yml
@ -0,0 +1,28 @@
+---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
+- name: Deploy {{ role_name }}
+  vars:
+    svc: "{{ healthcheck_svc }}"
+    env: "{{ healthcheck_env }}"
+  block:
+    - name: Import tasks to create service directory
+      ansible.builtin.import_tasks: tasks/steps/create-service-directory.yml
+
+    - name: Import tasks specific to docker
+      ansible.builtin.import_tasks: docker.yml
+    - name: Import tasks specific to systemd
+      ansible.builtin.import_tasks: systemd.yml
+
+    - name: Import tasks create a service.env file
+      ansible.builtin.import_tasks: tasks/steps/template-service-env.yml
+
+    - name: Build service
+      ansible.builtin.command:
+        cmd: docker compose build --pull
+        chdir: "{{ service_path }}"
+      when:
+        - "'local-dev' != inventory_hostname"
+      register: cmd_result
+      changed_when: true
--- a/playbooks/roles/healthcheck/tasks/systemd.yml
+++ b/playbooks/roles/healthcheck/tasks/systemd.yml
@ -0,0 +1,40 @@
+---
+- name: Template the system service
+  ansible.builtin.template:
+    src: healthcheck@.service.j2
+    dest: /etc/systemd/system/healthcheck@.service
+    mode: "0644"
+  become: true
+- name: Copy the system timer
+  ansible.builtin.copy:
+    src: healthcheck@.timer
+    dest: /etc/systemd/system/healthcheck@.timer
+    mode: "0644"
+  become: true
+
+- name: Get all healthcheck timers
+  ansible.builtin.shell:  # noqa: command-instead-of-module
+    cmd: "set -o pipefail && systemctl list-timers 'healthcheck@*' --all --output=json | jq -r '.[].unit'"
+  register: systemd_timers_result
+  changed_when: false
+
+- name: Generate systemd timer names
+  ansible.builtin.set_fact:
+    healthcheck_systemd_timers: "{{ healthcheck_svc.checks | list_prefix_suffix('healthcheck@', '.timer') }}"
+
+- name: Disable unused system timers
+  ansible.builtin.systemd_service:
+    name: "{{ item }}"
+    state: stopped
+    enabled: false
+  loop: "{{ systemd_timers_result.stdout_lines | difference(healthcheck_systemd_timers) }}"
+  become: true
+
+- name: Enable the system timer
+  ansible.builtin.systemd_service:
+    name: "{{ item }}"
+    state: started
+    enabled: true
+    daemon_reload: true
+  loop: "{{ healthcheck_systemd_timers }}"
+  become: true
--- a/playbooks/roles/healthcheck/templates/docker-compose.yml.j2
+++ b/playbooks/roles/healthcheck/templates/docker-compose.yml.j2
@ -0,0 +1,19 @@
+x-common-elements:
+  &common-elements
+  build:
+    context: .
+  image: "{{ (container_registry.public, 'services/healthcheck') | path_join }}"
+  restart: never
+  env_file:
+    - service.env
+  volumes:
+    - ./data/:/opt
+  network_mode: host
+
+services:
+  matrix:
+    <<: *common-elements
+    command: "/opt/matrix"
+  mail:
+    <<: *common-elements
+    command: "/opt/mail"
--- a/playbooks/roles/healthcheck/templates/healthcheck@.service.j2
+++ b/playbooks/roles/healthcheck/templates/healthcheck@.service.j2
@ -0,0 +1,5 @@
+[Service]
+Type=simple
+ExecStart=/usr/bin/docker compose run --rm %i
+WorkingDirectory={{ service_path }}
+RuntimeMaxSec=300
--- a/playbooks/roles/healthcheck/vars/main.yml
+++ b/playbooks/roles/healthcheck/vars/main.yml
@ -0,0 +1,20 @@
+---
+healthcheck_svc:
+  checks:
+    - mail
+    - matrix
+
+healthcheck_env:
+  USER_AGENT: healthcheck-bot for serguzim.net
+
+  MATRIX_SERVER: https://matrix.serguzim.me
+  MATRIX_SERVER_FEDTESTER: msrg.cc
+  MATRIX_HC_URL: "{{ opentofu.healthchecksio.healthcheck.matrix.ping_url }}"
+  MATRIX_TOKEN: "{{ vault_healthcheck.matrix.token }}"
+  MATRIX_ROOM: "{{ vault_healthcheck.matrix.room }}"
+
+  MAIL_HC_UID: "{{ opentofu.healthchecksio.healthcheck.mail.id }}"
+  MAIL_HOST: "{{ mailer.host }}"
+  MAIL_PORT: "{{ mailer.port }}"
+  MAIL_USER: "{{ vault_healthcheck.mailer.user }}"
+  MAIL_PASS: "{{ vault_healthcheck.mailer.pass }}"