Compare commits
5 commits
517e75a3a3
...
d6c2dd419a
Author | SHA1 | Date | |
---|---|---|---|
d6c2dd419a | |||
4608081fba | |||
f48e702339 | |||
09bc8b3d12 | |||
0c90ef2dc4 |
13 changed files with 75 additions and 56 deletions
.env.exampleunlock-backup.ymlverify-backup-yml
modules/infrastructure
playbooks
filter_plugins
roles
backup/tasks
forgejo/templates
forgejo_runner/vars
homebox/vars
umami/vars
templates
variables.tfvisualize.py
|
@ -19,11 +19,6 @@ TF_VAR_aws_region=
|
||||||
TF_VAR_aws_access_key=
|
TF_VAR_aws_access_key=
|
||||||
TF_VAR_aws_secret_key=
|
TF_VAR_aws_secret_key=
|
||||||
|
|
||||||
TF_VAR_contabo_client_id=
|
|
||||||
TF_VAR_contabo_client_secret=
|
|
||||||
TF_VAR_contabo_user=
|
|
||||||
TF_VAR_contabo_pass=
|
|
||||||
|
|
||||||
TF_VAR_hcloud_token=
|
TF_VAR_hcloud_token=
|
||||||
|
|
||||||
TF_VAR_healthchecksio_api_key=
|
TF_VAR_healthchecksio_api_key=
|
||||||
|
|
|
@ -52,10 +52,10 @@ resource "ovh_domain_zone_record" "tailscale_vpn" {
|
||||||
target = each.value.address
|
target = each.value.address
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "ovh_domain_zone_record" "status_page_cname" {
|
resource "ovh_domain_zone_record" "gpg_verify" {
|
||||||
zone = "serguzim.net"
|
zone = "serguzim.net"
|
||||||
subdomain = "status"
|
subdomain = ""
|
||||||
fieldtype = "CNAME"
|
fieldtype = "TXT"
|
||||||
ttl = 3600
|
ttl = 3600
|
||||||
target = "status.serguzim.me."
|
target = "openpgp4fpr:723B78C0BF8D8C721D2C4EEF41E544A54E2533B2"
|
||||||
}
|
}
|
||||||
|
|
|
@ -75,6 +75,7 @@ class FilterModule(object):
|
||||||
"group": mon.get("group"),
|
"group": mon.get("group"),
|
||||||
"url": url,
|
"url": url,
|
||||||
"conditions": conditions,
|
"conditions": conditions,
|
||||||
|
"interval": mon.get("interval"),
|
||||||
"alerts": self.default_alerts,
|
"alerts": self.default_alerts,
|
||||||
"ui": {
|
"ui": {
|
||||||
"hide-url": True
|
"hide-url": True
|
||||||
|
|
|
@ -35,14 +35,3 @@
|
||||||
ansible.builtin.import_tasks: recovery.yml
|
ansible.builtin.import_tasks: recovery.yml
|
||||||
- name: Import tasks specific to systemd
|
- name: Import tasks specific to systemd
|
||||||
ansible.builtin.import_tasks: systemd.yml
|
ansible.builtin.import_tasks: systemd.yml
|
||||||
|
|
||||||
- name: Verify service
|
|
||||||
ansible.builtin.command:
|
|
||||||
cmd: autorestic -v check
|
|
||||||
chdir: "{{ service_path }}"
|
|
||||||
changed_when: false
|
|
||||||
become: true
|
|
||||||
register: cmd_result_verify
|
|
||||||
until: "cmd_result_verify is not failed"
|
|
||||||
retries: 10
|
|
||||||
delay: 10
|
|
||||||
|
|
|
@ -1 +1,2 @@
|
||||||
<script async src="/_a/script.js" data-website-id="{{ vault_forgejo.umami }}"></script>
|
<script async src="/_a/script.js" data-website-id="{{ vault_forgejo.umami }}"></script>
|
||||||
|
<script async src="/_a/track-external.js"></script>
|
||||||
|
|
|
@ -22,6 +22,7 @@ forgejo_runner_compose:
|
||||||
docker-in-docker:
|
docker-in-docker:
|
||||||
image: docker:dind
|
image: docker:dind
|
||||||
privileged: true
|
privileged: true
|
||||||
|
dns: 1.1.1.1
|
||||||
restart: always
|
restart: always
|
||||||
command: dockerd -H tcp://0.0.0.0:2375 --tls=false
|
command: dockerd -H tcp://0.0.0.0:2375 --tls=false
|
||||||
networks:
|
networks:
|
||||||
|
|
|
@ -14,7 +14,7 @@ homebox_env:
|
||||||
|
|
||||||
homebox_compose:
|
homebox_compose:
|
||||||
watchtower: update
|
watchtower: update
|
||||||
image: ghcr.io/sysadminsmedia/homebox:latest-rootless
|
image: ghcr.io/sysadminsmedia/homebox:0-rootless
|
||||||
volumes:
|
volumes:
|
||||||
- data:/data
|
- data:/data
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -10,6 +10,21 @@ umami_docker_image: docker.umami.dev/umami-software/umami:postgresql-latest
|
||||||
|
|
||||||
umami_svc:
|
umami_svc:
|
||||||
domain: "{{ all_services | service_get_domain(role_name) }}"
|
domain: "{{ all_services | service_get_domain(role_name) }}"
|
||||||
|
caddy_extra: |
|
||||||
|
handle /track-external.js {
|
||||||
|
header Content-Type text/javascript
|
||||||
|
respond <<JS
|
||||||
|
(() => {
|
||||||
|
const name = 'outbound-link-click';
|
||||||
|
document.querySelectorAll('a').forEach(a => {
|
||||||
|
if (a.host !== window.location.host && !a.getAttribute('data-umami-event')) {
|
||||||
|
a.setAttribute('data-umami-event', name);
|
||||||
|
a.setAttribute('data-umami-event-url', a.href);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
})();
|
||||||
|
JS 200
|
||||||
|
}
|
||||||
port: 3000
|
port: 3000
|
||||||
|
|
||||||
umami_env:
|
umami_env:
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
hosts: serguzim_net
|
hosts: serguzim_net
|
||||||
become: true
|
become: true
|
||||||
tasks:
|
tasks:
|
||||||
- name: Change password
|
- name: Unlock backups
|
||||||
ansible.builtin.shell:
|
ansible.builtin.shell:
|
||||||
cmd: autorestic unlock --force && autorestic exec -va unlock
|
cmd: autorestic unlock --force && autorestic exec -va unlock
|
||||||
chdir: "{{ (services_path, 'backup') | path_join }}"
|
chdir: "{{ (services_path, 'backup') | path_join }}"
|
||||||
|
|
15
playbooks/verify-backup-yml
Normal file
15
playbooks/verify-backup-yml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
---
|
||||||
|
- name: Unlock backups
|
||||||
|
hosts: serguzim_net
|
||||||
|
become: true
|
||||||
|
tasks:
|
||||||
|
- name: Verify backup
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: autorestic -v check
|
||||||
|
chdir: "{{ (services_path, 'backup') | path_join }}"
|
||||||
|
changed_when: false
|
||||||
|
become: true
|
||||||
|
register: cmd_result_verify
|
||||||
|
until: "cmd_result_verify is not failed"
|
||||||
|
retries: 10
|
||||||
|
delay: 10
|
|
@ -15,16 +15,25 @@ external: {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
{% for host in hosts %}
|
classes: {
|
||||||
{{ host.key }}: {
|
zero_grid: {
|
||||||
}
|
grid-columns: 3
|
||||||
|
grid-gap: 0
|
||||||
{{ host.key }}.backup -> external.restic {
|
}
|
||||||
style: {
|
monitored: {
|
||||||
stroke: "#0f0"
|
style: {
|
||||||
stroke-dash: 3
|
fill: "#1E9025"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
backup: {
|
||||||
|
style: {
|
||||||
|
fill: "#0f0"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{% for host in hosts %}
|
||||||
|
{{ host.key }}
|
||||||
{% endfor %}{# host #}
|
{% endfor %}{# host #}
|
||||||
|
|
||||||
{% for svc in svcs %}
|
{% for svc in svcs %}
|
||||||
|
@ -36,32 +45,25 @@ external: {
|
||||||
}
|
}
|
||||||
|
|
||||||
{% for backup in svc.backup or [] %}
|
{% for backup in svc.backup or [] %}
|
||||||
{{ svc.key }} -> {{ svc.host_key }}.backup: {{ backup.name }} {
|
{{ svc.key }}.'{{ backup.name }}'.class: backup
|
||||||
style: {
|
{% endfor %}
|
||||||
stroke: "#0f0"
|
|
||||||
stroke-dash: 3
|
|
||||||
}
|
|
||||||
}
|
|
||||||
{% endfor %}{# backup #}
|
|
||||||
|
|
||||||
{% if svc.monitoring %}
|
{% if svc.monitoring %}
|
||||||
{{ monitoring_key }} -> {{ svc.key }}: {
|
{{ svc.key }}.monitored.class: monitored
|
||||||
style.stroke: "#1E9025"
|
|
||||||
}
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if svc.database %}
|
{% if svc.database %}
|
||||||
{{ svc.key }} -> {{ db_key }}: {
|
{{ svc.key }} -> {{ db_key }}: {
|
||||||
style.stroke: "#336791"
|
style.stroke: "#336791"
|
||||||
}
|
}
|
||||||
{{ db_key }}.{{ svc.name }}
|
{{ db_subkey }}.{{ svc.name }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if svc.auth %}
|
{% if svc.auth %}
|
||||||
{{ svc.key }} -> {{ auth_key }}: {
|
{{ svc.key }} -> {{ auth_key }}: {
|
||||||
style.stroke: "#FD4B2D"
|
style.stroke: "#FD4B2D"
|
||||||
}
|
}
|
||||||
{{ auth_key }}.{{ svc.name }}
|
{{ auth_subkey }}.{{ svc.name }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if svc.s3 %}
|
{% if svc.s3 %}
|
||||||
|
@ -78,14 +80,11 @@ external.scaleway.s3.{{ svc.name }}
|
||||||
{{ svc.key }} -> {{ mail_key }}: {
|
{{ svc.key }} -> {{ mail_key }}: {
|
||||||
style.stroke: "#C9B81F"
|
style.stroke: "#C9B81F"
|
||||||
}
|
}
|
||||||
{{ mail_key }}.{{ svc.name }}
|
{{ mail_subkey }}.{{ svc.name }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% endfor %}{# svc #}
|
{% endfor %}{# svc #}
|
||||||
|
|
||||||
{% for svc in grid_svcs %}
|
{% for svc in grid_svcs %}
|
||||||
{{ svc }}: {
|
{{ svc }}.class: zero_grid
|
||||||
grid-columns: 3
|
|
||||||
grid-gap: 0
|
|
||||||
}
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
|
@ -148,6 +148,7 @@ variable "services" {
|
||||||
monitoring = optional(object({
|
monitoring = optional(object({
|
||||||
url = optional(string)
|
url = optional(string)
|
||||||
group = optional(string)
|
group = optional(string)
|
||||||
|
interval = optional(string)
|
||||||
conditions = optional(list(string))
|
conditions = optional(list(string))
|
||||||
}))
|
}))
|
||||||
ports = optional(list(object({
|
ports = optional(list(object({
|
||||||
|
|
20
visualize.py
20
visualize.py
|
@ -11,6 +11,7 @@ icon_overrides = {
|
||||||
"backup": "restic",
|
"backup": "restic",
|
||||||
"dokku": None,
|
"dokku": None,
|
||||||
"extra_services": None,
|
"extra_services": None,
|
||||||
|
"factorio": None,
|
||||||
"forgejo_runner": "forgejo",
|
"forgejo_runner": "forgejo",
|
||||||
"healthcheck": "healthchecks",
|
"healthcheck": "healthchecks",
|
||||||
"lego": "lets-encrypt",
|
"lego": "lets-encrypt",
|
||||||
|
@ -96,20 +97,21 @@ if __name__ == '__main__':
|
||||||
with open('./services.auto.tfvars', 'r') as file:
|
with open('./services.auto.tfvars', 'r') as file:
|
||||||
services = hcl2.load(file)["services"][0]
|
services = hcl2.load(file)["services"][0]
|
||||||
|
|
||||||
db_key = service_key_find("postgresql", services, hosts)
|
keys = {}
|
||||||
auth_key = service_key_find("authentik", services, hosts)
|
keys["db_key"] = service_key_find("postgresql", services, hosts)
|
||||||
monitoring_key = service_key_find("gatus", services, hosts)
|
keys["db_subkey"] = f"{keys["db_key"]}.dbs"
|
||||||
mail_key = service_key_find("mailcowdockerized", services, hosts)
|
keys["auth_key"] = service_key_find("authentik", services, hosts)
|
||||||
|
keys["auth_subkey"] = f"{keys["auth_key"]}.apps"
|
||||||
|
keys["mail_key"] = service_key_find("mailcowdockerized", services, hosts)
|
||||||
|
keys["mail_subkey"] = f"{keys["mail_key"]}.mailboxes"
|
||||||
|
keys["monitoring_key"] = service_key_find("gatus", services, hosts)
|
||||||
|
|
||||||
jinja_loader = jinja2.FileSystemLoader(searchpath="./templates")
|
jinja_loader = jinja2.FileSystemLoader(searchpath="./templates")
|
||||||
jinja_env = jinja2.Environment(loader=jinja_loader)
|
jinja_env = jinja2.Environment(loader=jinja_loader)
|
||||||
template = jinja_env.get_template("infrastructure.d2.j2")
|
template = jinja_env.get_template("infrastructure.d2.j2")
|
||||||
print(template.render(
|
print(template.render(
|
||||||
grid_svcs=[db_key, auth_key, mail_key],
|
grid_svcs=[keys["db_subkey"], keys["auth_subkey"], keys["mail_subkey"]],
|
||||||
svcs=parse_services(services, hosts),
|
svcs=parse_services(services, hosts),
|
||||||
hosts=parse_hosts(hosts),
|
hosts=parse_hosts(hosts),
|
||||||
db_key=db_key,
|
**keys
|
||||||
auth_key=auth_key,
|
|
||||||
monitoring_key=monitoring_key,
|
|
||||||
mail_key=mail_key,
|
|
||||||
))
|
))
|
||||||
|
|
Loading…
Reference in a new issue