serguzim/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove special handling of common services and refactor getting service attributes

Browse source
This commit is contained in:
Tobias Reisinger 2024-10-21 01:29:01 +02:00
parent 0347efcb38
commit ff92241ddb
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
13 changed files with 92 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
inventory/group_vars/all/main.yml
View file

@ -19,12 +19,6 @@ container_registry:
services_path: /opt/services/ services_path: /opt/services/
common_services:
- backup
- lego
- caddy
- watchtower
caddy_path: "{{ (services_path, 'caddy') | path_join }}" caddy_path: "{{ (services_path, 'caddy') | path_join }}"
caddy_config_path: "{{ (caddy_path, 'config', 'conf.d') | path_join }}" caddy_config_path: "{{ (caddy_path, 'config', 'conf.d') | path_join }}"

28
playbooks/filter_plugins/service_filters.py
View file

@ -1,29 +1,25 @@
class FilterModule(object): class FilterModule(object):
def filters(self): def filters(self):
return { return {
'my_service_attributes': self.my_service_attributes, 'services_for_host': self.services_for_host,
'services_to_dnscontrol': self.services_to_dnscontrol, 'services_to_dnscontrol': self.services_to_dnscontrol,
'services_get_backups': self.services_get_backups, 'services_get_backups': self.services_get_backups,
'service_get_backups': self.service_get_backups, 'service_get_backups': self.service_get_backups,
'service_get_domain': self.service_get_domain, 'service_get_domain': self.service_get_domain,
} }
def my_service_attributes(self, services, host, attribute="name"): def services_for_host(self, services, host):
result = [] result = []
for service in services: for service in services:
# only compare the host if it is set if not host:
if host and service["host"] != host: result.append(service)
continue continue
if service["host"] == host:
attribute_value = service.get(attribute) result.append(service)
if not attribute_value: continue
if service["host"] == "*":
result.append(service)
continue continue
if type(attribute_value) == list:
result.extend(attribute_value)
else:
result.append(attribute_value)
return result return result
def find_service(self, services, name): def find_service(self, services, name):
@ -34,10 +30,8 @@ class FilterModule(object):
def services_get_backups(self, all_services, wanted_services): def services_get_backups(self, all_services, wanted_services):
result = [] result = []
for service in all_services: for wanted_service in wanted_services:
if service.get("name") in wanted_services: result.extend(self.service_get_backups(all_services, wanted_service))
for backup in service.get("backup") or []:
result.append(backup["name"])
return result return result
def service_get_backups(self, all_services, wanted_service): def service_get_backups(self, all_services, wanted_service):

2
playbooks/for-ansible-lint.yml
View file

@ -2,7 +2,7 @@
- name: Run all roles - name: Run all roles
hosts: serguzim_net hosts: serguzim_net
vars: vars:
host_services: "{{ all_services | my_service_attributes(inventory_hostname) | union(common_services) }}" host_services: "{{ all_services | services_for_host(inventory_hostname) }}"
roles: roles:
- acme_dns - acme_dns
- always - always

4
playbooks/roles/backup/vars/main.yml
View file

@ -1,6 +1,6 @@
--- ---
backup_list: "{{ all_services | my_service_attributes(inventory_hostname, 'backup') }}" backup_list: "{{ host_services | map(attribute='backup') | flatten }}"
backup_list_all: "{{ all_services | my_service_attributes('', 'backup') }}" backup_list_all: "{{ all_services | map(attribute='backup') | flatten }}"
backup_msg_start: "Backup started" backup_msg_start: "Backup started"
backup_msg_fail: "Backup failed" backup_msg_fail: "Backup failed"

5
playbooks/roles/caddy/vars/main.yml
View file

@ -5,11 +5,8 @@ caddy_acmedns_subd: "{{ vault_caddy.acmedns.subd }}"
caddy_acmedns_url: "https://{{ acme_dns.host }}" caddy_acmedns_url: "https://{{ acme_dns.host }}"
caddy_ports_default: caddy_ports_default:
- 80:80
- 443:443
- 443:443/udp
- "{{ host_vpn.ip }}:2019:2019" - "{{ host_vpn.ip }}:2019:2019"
caddy_ports_extra: "{{ all_services | my_service_attributes(inventory_hostname, 'ports') }}" caddy_ports_extra: "{{ host_services | map(attribute='ports') | flatten }}"
caddy_ports: "{{ caddy_ports_default | union(caddy_ports_extra) }}" caddy_ports: "{{ caddy_ports_default | union(caddy_ports_extra) }}"
caddy_env: caddy_env:

2
playbooks/roles/lego/vars/main.yml
View file

@ -1,5 +1,5 @@
--- ---
lego_host_certificates: "{{ all_services | my_service_attributes(inventory_hostname, 'certificates') }}" lego_host_certificates: "{{ host_services | map(attribute='certificates') | flatten }}"
lego_env: lego_env:
ACME_DNS_API_BASE: https://{{ acme_dns.host }} ACME_DNS_API_BASE: https://{{ acme_dns.host }}

6
playbooks/serguzim.net.yml
View file

@ -2,7 +2,7 @@
- name: Run all roles - name: Run all roles
hosts: serguzim_net hosts: serguzim_net
vars: vars:
host_services: "{{ all_services | my_service_attributes(inventory_hostname) | union(common_services) }}" host_services: "{{ all_services | services_for_host(inventory_hostname) }}"
tasks: tasks:
- name: Install software - name: Install software
ansible.builtin.include_role: ansible.builtin.include_role:
@ -21,9 +21,9 @@
- name: Include service roles - name: Include service roles
ansible.builtin.include_role: ansible.builtin.include_role:
name: "{{ services_item }}" name: "{{ services_item.name }}"
apply: apply:
tags: "{{ services_item }}" tags: "{{ services_item.name }}"
tags: always tags: always
loop: "{{ host_services }}" loop: "{{ host_services }}"
loop_control: loop_control:

2
playbooks/stop-and-backup-unused.yml
View file

@ -2,7 +2,7 @@
- name: Stop and backup services - name: Stop and backup services
hosts: serguzim_net hosts: serguzim_net
vars: vars:
host_services: "{{ all_services | my_service_attributes(inventory_hostname) | union(common_services) }}" host_services: "{{ all_services | services_for_host(inventory_hostname) }}"
tasks: tasks:
- name: Get unused services - name: Get unused services
ansible.builtin.include_tasks: ansible.builtin.include_tasks:

2
playbooks/tasks/get-unused.yml
View file

@ -14,4 +14,4 @@
- name: Set unused services - name: Set unused services
ansible.builtin.set_fact: ansible.builtin.set_fact:
unused_services: "{{ docker_compose_projects_result.stdout_lines | difference(host_services) }}" unused_services: "{{ docker_compose_projects_result.stdout_lines | difference(host_services | map(attribute='name')) }}"

2
playbooks/tasks/reload-caddy.yml
View file

@ -6,7 +6,7 @@
- name: Map exisiting/wanted caddy site configs - name: Map exisiting/wanted caddy site configs
ansible.builtin.set_fact: ansible.builtin.set_fact:
caddy_site_configs_have: "{{ find_result.files | map(attribute='path') }}" caddy_site_configs_have: "{{ find_result.files | map(attribute='path') }}"
caddy_site_configs_want: "{{ all_services | my_service_attributes(inventory_hostname) | list_prefix_path_suffix(caddy_config_path, '.conf') }}" caddy_site_configs_want: "{{ host_services | map(attribute='name') | list_prefix_path_suffix(caddy_config_path, '.conf') }}"
- name: Remove unwanted caddy site configs - name: Remove unwanted caddy site configs
ansible.builtin.file: ansible.builtin.file:

38
services.auto.tfvars
View file

@ -30,6 +30,28 @@ services = {
s3 = false s3 = false
}, },
"backup" = {
name = "backup"
host = "*"
auth = false
database = false
s3 = false
},
"caddy" = {
name = "caddy"
host = "*"
ports = [
"80:80",
"443:443",
"443:443/udp",
#"2019:2019",
]
auth = false
database = false
s3 = false
},
"extra_services" = { "extra_services" = {
name = "extra_services" name = "extra_services"
host = "node001" host = "node001"
@ -211,6 +233,14 @@ services = {
s3 = false s3 = false
}, },
"lego" = {
name = "lego"
host = "*"
auth = false
database = false
s3 = false
},
"linkwarden" = { "linkwarden" = {
name = "linkwarden" name = "linkwarden"
host = "node003" host = "node003"
@ -497,6 +527,14 @@ services = {
s3 = false s3 = false
}, },
"watchtower" = {
name = "watchtower"
host = "*"
auth = false
database = false
s3 = false
},
"wiki_js" = { "wiki_js" = {
name = "wiki_js" name = "wiki_js"
host = "node001" host = "node001"

9
templates/infrastructure.d2.j2
View file

@ -18,6 +18,13 @@ external: {
{% for host in hosts %} {% for host in hosts %}
{{ host.key }}: { {{ host.key }}: {
} }
{{ host.key }}.backup -> external.restic {
style: {
stroke: "#0f0"
stroke-dash: 3
}
}
{% endfor %}{# host #} {% endfor %}{# host #}
{% for svc in svcs %} {% for svc in svcs %}
@ -29,7 +36,7 @@ external: {
} }
{% for backup in svc.backup or [] %} {% for backup in svc.backup or [] %}
{{ svc.key }} -> external.restic.{{ svc.host }}: {{ backup.name }} { {{ svc.key }} -> {{ svc.host_key }}.backup: {{ backup.name }} {
style: { style: {
stroke: "#0f0" stroke: "#0f0"
stroke-dash: 3 stroke-dash: 3

35
visualize.py
View file

@ -8,10 +8,12 @@ import hcl2
icon_overrides = { icon_overrides = {
"acme_dns": "lets-encrypt", "acme_dns": "lets-encrypt",
"backup": "restic",
"extra_services": None, "extra_services": None,
"faas": None, "faas": None,
"forgejo_runner": "forgejo", "forgejo_runner": "forgejo",
"healthcheck": "healthchecks", "healthcheck": "healthchecks",
"lego": "lets-encrypt",
"mailcowdockerized": "mailcow", "mailcowdockerized": "mailcow",
"reitanlage_oranienburg": "grav", "reitanlage_oranienburg": "grav",
"tandoor": "tandoor-recipes", "tandoor": "tandoor-recipes",
@ -22,9 +24,11 @@ icon_overrides = {
} }
icon_format = { icon_format = {
"restic": "webp",
"linkwarden": "webp", "linkwarden": "webp",
"telegraf": "webp", "telegraf": "webp",
"tiny-tiny-rss": "webp", "tiny-tiny-rss": "webp",
"watchtower": "webp", # TODO revert when icon is fixed
} }
def get_icon(svc): def get_icon(svc):
@ -52,6 +56,20 @@ def parse_hosts(hosts):
}) })
return result return result
def parse_service(svc, data, hosts):
svc_key = service_key(svc, data, hosts)
domains = []
for dns in data.get("dns") or []:
domains.append(f"- {dns['domain']}")
data['key'] = svc_key
data['host_key'] = host_key(data["host"], hosts)
data['label'] = "\\n".join([svc] + domains)
data['icon'] = get_icon(svc)
return dict(data)
def parse_services(services, hosts): def parse_services(services, hosts):
result = [] result = []
@ -59,17 +77,12 @@ def parse_services(services, hosts):
authentik_key = service_key_find("authentik", services, hosts) authentik_key = service_key_find("authentik", services, hosts)
for svc, data in services.items(): for svc, data in services.items():
svc_key = service_key(svc, data, hosts) if data["host"] == "*":
for host in hosts.keys():
domains = [] data["host"] = host
for dns in data.get("dns") or []: result.append(parse_service(svc, data, hosts))
domains.append(f"- {dns['domain']}") else:
result.append(parse_service(svc, data, hosts))
data['key'] = svc_key
data['label'] = "\\n".join([svc] + domains)
data['icon'] = get_icon(svc)
result.append(data)
return result return result