serguzim/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Migrate services part

Browse source
This commit is contained in:
Tobias Reisinger 2024-09-27 00:02:36 +02:00
parent 7c59e4ae57
commit 73bce8f6e5
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
157 changed files with 3883 additions and 9 deletions

14
playbooks/change-password.yml Normal file
View file

@ -0,0 +1,14 @@
---
- name: Change password
hosts: all
become: true
tasks:
- name: Get new password
ansible.builtin.pause:
prompt: Enter the new password
echo: false
register: new_user_password
- name: Change password
ansible.builtin.user:
name: "{{ interactive_user }}"
password: "{{ new_user_password.user_input | password_hash('sha512') }}"

18
playbooks/filter_plugins/acmedns_to_lego.py Normal file
View file

@ -0,0 +1,18 @@
class FilterModule(object):
def filters(self):
return {
'acmedns_to_lego': self.acmedns_to_lego,
}
def acmedns_to_lego(self, acmedns_registered):
result = {}
for (key, value) in acmedns_registered.items():
result[key] = {
"fulldomain": value["subd"] + "." + value["host"],
"subdomain": value["subd"],
"username": value["user"],
"password": value["pass"],
"server_url": "https://" + value["host"]
}
return result

24
playbooks/filter_plugins/map_backup_volumes.py Normal file
View file

@ -0,0 +1,24 @@
class FilterModule(object):
def filters(self):
return {
'map_backup_volumes': self.map_backup_volumes,
'map_backup_volumes_service': self.map_backup_volumes_service
}
def map_backup_volumes(self, volumes):
result = {}
for volume in volumes:
result[volume] = {
"external": True,
}
return result
def map_backup_volumes_service(self, volumes):
result = []
for volume in volumes:
result.append("{volume_name}:/backup/volumes/{volume_name}".format(volume_name=volume))
return result

29
playbooks/local-dev.yml Normal file
View file

@ -0,0 +1,29 @@
---
- name: Run roles for local-dev
vars:
# Remove inventory
base_path: "{{ inventory_dir.split('/')[0:-1] | join('/') }}"
services_path: "{{ (base_path, '_services') | path_join }}"
caddy_config_path: "{{ (services_path, 'caddy', 'config', 'conf.d') | path_join }}"
hosts: local-dev
roles:
- common
- acme-dns
- coder
- faas
- forgejo
- forgejo-runner
- healthcheck
- homebox
- influxdb
- jellyfin
- tandoor
- telegraf
- tinytinyrss
- umami
- uptime-kuma
- watchtower
- webdis
- wiki-js

15
playbooks/node001.yml Normal file
View file

@ -0,0 +1,15 @@
---
- name: Run roles for node001
hosts: node001
roles:
- role: common
tags: [always]
- role: backup
tags: [backup]
- role: caddy
tags: [caddy, reverse-proxy, webserver]
- role: mailcow
tags: [mailcow, mail, communication]
- role: minecraft_2
tags: [minecraft-2, minecraft, games]

79
playbooks/node002.yml Normal file
View file

@ -0,0 +1,79 @@
---
- name: Run roles for node002
hosts: node002
roles:
- role: common
tags: [always]
- role: backup
tags: [backup]
- role: lego
tags: [lego, certificates]
- role: caddy
tags: [caddy, reverse-proxy, webserver]
vars:
caddy_ports_extra:
- 8448:8448
- role: acme_dns
tags: [acme-dns, certificates]
- role: authentik
tags: [authentik, authentication]
- role: coder
tags: [coder, development]
- role: extra_services
tags: [extra-services]
- role: faas
tags: [faas]
- role: forgejo
tags: [forgejo, git, development]
- role: forgejo_runner
tags: [forgejo-runner, ci, development]
- role: harbor
tags: [harbor, registry, development]
- role: healthcheck
tags: [healthcheck, monitoring]
- role: homebox
tags: [homebox, inventory]
- role: immich
tags: [immich, gallery]
- role: influxdb
tags: [influxdb, sensors, monitoring]
- role: jellyfin
tags: [jellyfin, media]
- role: linkwarden
tags: [linkwarden, booksmarks]
- role: minio
tags: [minio, storage]
- role: ntfy
tags: [ntfy, notifications, push]
- role: reitanlage_oranienburg
tags: [reitanlage-oranienburg, website]
- role: shlink
tags: [shlink, url-shortener]
- role: synapse
tags: [synapse, matrix, communication]
- role: tandoor
tags: [tandoor, recipes]
- role: teamspeak_fallback
tags: [teamspeak-fallback, communication]
- role: telegraf
tags: [telegraf, monitoring]
- role: tinytinyrss
tags: [tinytinyrss, news]
- role: umami
tags: [umami, analytics]
- role: uptime_kuma
tags: [uptime-kuma, monitoring]
- role: vikunja
tags: [vikunja, todo]
- role: watchtower
tags: [watchtower]
- role: webdis
tags: [webdis]
- role: webhook
tags: [webhook]
- role: wiki_js
tags: [wiki-js]
- role: woodpecker
tags: [woodpecker, ci, development]

15
playbooks/node003.yml Normal file
View file

@ -0,0 +1,15 @@
---
- name: Run roles for node003
hosts: node003
roles:
- role: common
tags: [common]
- role: docker
tags: [common]
- role: backup
tags: [backup]
- role: caddy
tags: [caddy, reverse-proxy, webserver]
- role: mailcow
tags: [mailcow, mail, communication]

6
playbooks/serguzim.net.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: Run playbook for node001
import_playbook: node001.yml
- name: Run playbook for node002
import_playbook: node002.yml

5
playbooks/tasks/deploy-common-service.yml Normal file
View file

@ -0,0 +1,5 @@
---
- name: Import prepare tasks for common service
ansible.builtin.import_tasks: tasks/prepare-common-service.yml
- name: Import start tasks for common service
ansible.builtin.import_tasks: tasks/start-common-service.yml

11
playbooks/tasks/prepare-common-service.yml Normal file
View file

@ -0,0 +1,11 @@
---
- name: Import tasks to create service directory
ansible.builtin.import_tasks: tasks/steps/create-service-directory.yml
- name: Import tasks to template docker compose file
ansible.builtin.import_tasks: tasks/steps/template-docker-compose.yml
when: compose is defined
- name: Import tasks create a service.env file
ansible.builtin.import_tasks: tasks/steps/template-service-env.yml
when: env is defined

6
playbooks/tasks/set-default-facts.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: Set common facts
ansible.builtin.set_fact:
service_path: "{{ (services_path, role_name | replace('_', '-')) | path_join }}"
docker_force_recreate: ""
docker_rebuild: false

6
playbooks/tasks/start-common-service.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: Import tasks to template the site for the reverse proxy
ansible.builtin.include_tasks: tasks/steps/template-site-config.yml
when: svc.domain is defined
- name: Import tasks to start the service
ansible.builtin.import_tasks: tasks/steps/start-service.yml

6
playbooks/tasks/steps/create-service-directory.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: Create a service directory
ansible.builtin.file:
path: "{{ service_path }}"
state: directory
mode: "0755"

39
playbooks/tasks/steps/start-service.yml Normal file
View file

@ -0,0 +1,39 @@
---
- name: Rebuild service
ansible.builtin.command:
cmd: docker compose build --pull
chdir: "{{ service_path }}"
when:
- docker_rebuild
register: cmd_result
changed_when: true
- name: Build service
ansible.builtin.command:
cmd: docker compose build --pull
chdir: "{{ service_path }}"
when:
- "'local-dev' != inventory_hostname"
- docker_update is defined
- docker_update
register: cmd_result
changed_when: true
- name: Pull service
ansible.builtin.command:
cmd: docker compose pull --ignore-buildable
chdir: "{{ service_path }}"
when:
- "'local-dev' != inventory_hostname"
- docker_update is defined
- docker_update
register: cmd_result
changed_when: true
- name: Start service
ansible.builtin.command:
cmd: docker compose up -d {{ docker_force_recreate }}
chdir: "{{ service_path }}"
when: "'local-dev' != inventory_hostname"
register: cmd_result
changed_when: cmd_result.stderr | regex_search('Started$')

6
playbooks/tasks/steps/template-docker-compose.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: Template docker-compose
ansible.builtin.template:
src: docker-compose.yml.j2
dest: "{{ (service_path, 'docker-compose.yml') | path_join }}"
mode: "0644"

6
playbooks/tasks/steps/template-service-env.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: Template service.env file
ansible.builtin.template:
src: env.j2
dest: "{{ (service_path, 'service.env') | path_join }}"
mode: "0700"

12
playbooks/tasks/steps/template-site-config.yml Normal file
View file

@ -0,0 +1,12 @@
---
- name: Template caddy site
ansible.builtin.template:
src: caddy_site.conf.j2
dest: "{{ (caddy_config_path, svc.domain + '.conf') | path_join }}"
mode: "0644"
notify:
- Reload caddy
- name: Register caddy site
ansible.builtin.set_fact:
managed_sites: "{{ managed_sites + [svc.domain + '.conf'] }}"

43
playbooks/templates/caddy_site.conf.j2 Normal file
View file

@ -0,0 +1,43 @@
{%- macro caddy_site_hsts(svc, for_www) -%}
{%- if svc.hsts|default(false) and (svc.www_domain|default(false) == for_www) -%}
{{ 'header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"' if svc.hsts|default(false) }}
{%- endif -%}
{%- endmacro -%}
{% macro caddy_site(svc) %}
{%- for domain in svc.additional_domains|default([]) %}
{{ domain }},
{% endfor -%}
{{ "www." + svc.domain if svc.www_domain|default(false) else svc.domain }} {
import default
{{ caddy_site_hsts(svc, false) }}
{{ svc.caddy_extra | indent(width='\t', first=True) if svc.caddy_extra|default(false) }}
{% if svc.caddy_default|default(true) %}
handle {
{% if svc.faas_function|default(false) %}
import faas {{ svc.faas_function }}
{% elif svc.redirect|default(false) %}
redir "{{ svc.redirect }}"
{% else %}
reverse_proxy {{ svc.docker_host|default(svc.name) }}:{{ svc.port }}
{% endif %}
}
{% endif %}
}
{% if svc.www_domain|default(false) %}
{{ svc.domain }} {
import default
{{ caddy_site_hsts(svc, true) }}
redir https://www.{{ svc.domain }}{uri}
}
{% endif %}
{% endmacro -%}
{{ caddy_site(svc) }}
{%- for extra_svc in svc.extra_svcs|default([]) %}
{{ caddy_site(extra_svc) }}
{% endfor %}

20
playbooks/templates/docker-compose.yml.j2 Normal file
View file

@ -0,0 +1,20 @@
{%- set compose_file = compose.file | default({}) -%}
{%- set compose_file = compose_file_main | combine(compose_file, recursive=True) -%}
{%- if env is defined -%}
{%- set compose_file = compose_file | combine(compose_file_env, recursive=True) -%}
{%- endif -%}
{%- if compose.network | default(True) -%}
{%- set compose_file = compose_file | combine(compose_file_networks, recursive=True) -%}
{%- endif -%}
{%- if compose.volumes | default(False) -%}
{%- set compose_file = compose_file | combine(compose_file_volumes, recursive=True) -%}
{%- endif -%}
{%- if compose.monitoring | default(False) -%}
{%- set compose_file = compose_file | combine(compose_file_monitoring_label, recursive=True) -%}
{%- endif -%}
{{ compose_file | to_nice_yaml }}

7
playbooks/templates/env.j2 Normal file
View file

@ -0,0 +1,7 @@
{% for key, value in env.items() %}
{% if value is boolean %}
{{ key }}={{ value|lower }}
{% else %}
{{ key }}={{ value }}
{% endif %}
{% endfor %}

1
playbooks/templates/json.j2 Normal file
View file

@ -0,0 +1 @@
{{ json | to_json }}

1
playbooks/templates/yml.j2 Normal file
View file

@ -0,0 +1 @@
{{ yml | to_nice_yaml }}