Compare commits

..

5 commits

13 changed files with 75 additions and 56 deletions
.env.example
modules/infrastructure
playbooks
filter_plugins
roles
backup/tasks
forgejo/templates
forgejo_runner/vars
homebox/vars
umami/vars
unlock-backup.ymlverify-backup-yml
templates
variables.tfvisualize.py

View file

@ -19,11 +19,6 @@ TF_VAR_aws_region=
TF_VAR_aws_access_key= TF_VAR_aws_access_key=
TF_VAR_aws_secret_key= TF_VAR_aws_secret_key=
TF_VAR_contabo_client_id=
TF_VAR_contabo_client_secret=
TF_VAR_contabo_user=
TF_VAR_contabo_pass=
TF_VAR_hcloud_token= TF_VAR_hcloud_token=
TF_VAR_healthchecksio_api_key= TF_VAR_healthchecksio_api_key=

View file

@ -52,10 +52,10 @@ resource "ovh_domain_zone_record" "tailscale_vpn" {
target = each.value.address target = each.value.address
} }
resource "ovh_domain_zone_record" "status_page_cname" { resource "ovh_domain_zone_record" "gpg_verify" {
zone = "serguzim.net" zone = "serguzim.net"
subdomain = "status" subdomain = ""
fieldtype = "CNAME" fieldtype = "TXT"
ttl = 3600 ttl = 3600
target = "status.serguzim.me." target = "openpgp4fpr:723B78C0BF8D8C721D2C4EEF41E544A54E2533B2"
} }

View file

@ -75,6 +75,7 @@ class FilterModule(object):
"group": mon.get("group"), "group": mon.get("group"),
"url": url, "url": url,
"conditions": conditions, "conditions": conditions,
"interval": mon.get("interval"),
"alerts": self.default_alerts, "alerts": self.default_alerts,
"ui": { "ui": {
"hide-url": True "hide-url": True

View file

@ -35,14 +35,3 @@
ansible.builtin.import_tasks: recovery.yml ansible.builtin.import_tasks: recovery.yml
- name: Import tasks specific to systemd - name: Import tasks specific to systemd
ansible.builtin.import_tasks: systemd.yml ansible.builtin.import_tasks: systemd.yml
- name: Verify service
ansible.builtin.command:
cmd: autorestic -v check
chdir: "{{ service_path }}"
changed_when: false
become: true
register: cmd_result_verify
until: "cmd_result_verify is not failed"
retries: 10
delay: 10

View file

@ -1 +1,2 @@
<script async src="/_a/script.js" data-website-id="{{ vault_forgejo.umami }}"></script> <script async src="/_a/script.js" data-website-id="{{ vault_forgejo.umami }}"></script>
<script async src="/_a/track-external.js"></script>

View file

@ -22,6 +22,7 @@ forgejo_runner_compose:
docker-in-docker: docker-in-docker:
image: docker:dind image: docker:dind
privileged: true privileged: true
dns: 1.1.1.1
restart: always restart: always
command: dockerd -H tcp://0.0.0.0:2375 --tls=false command: dockerd -H tcp://0.0.0.0:2375 --tls=false
networks: networks:

View file

@ -14,7 +14,7 @@ homebox_env:
homebox_compose: homebox_compose:
watchtower: update watchtower: update
image: ghcr.io/sysadminsmedia/homebox:latest-rootless image: ghcr.io/sysadminsmedia/homebox:0-rootless
volumes: volumes:
- data:/data - data:/data
file: file:

View file

@ -10,6 +10,21 @@ umami_docker_image: docker.umami.dev/umami-software/umami:postgresql-latest
umami_svc: umami_svc:
domain: "{{ all_services | service_get_domain(role_name) }}" domain: "{{ all_services | service_get_domain(role_name) }}"
caddy_extra: |
handle /track-external.js {
header Content-Type text/javascript
respond <<JS
(() => {
const name = 'outbound-link-click';
document.querySelectorAll('a').forEach(a => {
if (a.host !== window.location.host && !a.getAttribute('data-umami-event')) {
a.setAttribute('data-umami-event', name);
a.setAttribute('data-umami-event-url', a.href);
}
});
})();
JS 200
}
port: 3000 port: 3000
umami_env: umami_env:

View file

@ -3,7 +3,7 @@
hosts: serguzim_net hosts: serguzim_net
become: true become: true
tasks: tasks:
- name: Change password - name: Unlock backups
ansible.builtin.shell: ansible.builtin.shell:
cmd: autorestic unlock --force && autorestic exec -va unlock cmd: autorestic unlock --force && autorestic exec -va unlock
chdir: "{{ (services_path, 'backup') | path_join }}" chdir: "{{ (services_path, 'backup') | path_join }}"

View file

@ -0,0 +1,15 @@
---
- name: Unlock backups
hosts: serguzim_net
become: true
tasks:
- name: Verify backup
ansible.builtin.command:
cmd: autorestic -v check
chdir: "{{ (services_path, 'backup') | path_join }}"
changed_when: false
become: true
register: cmd_result_verify
until: "cmd_result_verify is not failed"
retries: 10
delay: 10

View file

@ -15,16 +15,25 @@ external: {
} }
} }
{% for host in hosts %} classes: {
{{ host.key }}: { zero_grid: {
} grid-columns: 3
grid-gap: 0
{{ host.key }}.backup -> external.restic { }
style: { monitored: {
stroke: "#0f0" style: {
stroke-dash: 3 fill: "#1E9025"
}
}
backup: {
style: {
fill: "#0f0"
}
} }
} }
{% for host in hosts %}
{{ host.key }}
{% endfor %}{# host #} {% endfor %}{# host #}
{% for svc in svcs %} {% for svc in svcs %}
@ -36,32 +45,25 @@ external: {
} }
{% for backup in svc.backup or [] %} {% for backup in svc.backup or [] %}
{{ svc.key }} -> {{ svc.host_key }}.backup: {{ backup.name }} { {{ svc.key }}.'{{ backup.name }}'.class: backup
style: { {% endfor %}
stroke: "#0f0"
stroke-dash: 3
}
}
{% endfor %}{# backup #}
{% if svc.monitoring %} {% if svc.monitoring %}
{{ monitoring_key }} -> {{ svc.key }}: { {{ svc.key }}.monitored.class: monitored
style.stroke: "#1E9025"
}
{% endif %} {% endif %}
{% if svc.database %} {% if svc.database %}
{{ svc.key }} -> {{ db_key }}: { {{ svc.key }} -> {{ db_key }}: {
style.stroke: "#336791" style.stroke: "#336791"
} }
{{ db_key }}.{{ svc.name }} {{ db_subkey }}.{{ svc.name }}
{% endif %} {% endif %}
{% if svc.auth %} {% if svc.auth %}
{{ svc.key }} -> {{ auth_key }}: { {{ svc.key }} -> {{ auth_key }}: {
style.stroke: "#FD4B2D" style.stroke: "#FD4B2D"
} }
{{ auth_key }}.{{ svc.name }} {{ auth_subkey }}.{{ svc.name }}
{% endif %} {% endif %}
{% if svc.s3 %} {% if svc.s3 %}
@ -78,14 +80,11 @@ external.scaleway.s3.{{ svc.name }}
{{ svc.key }} -> {{ mail_key }}: { {{ svc.key }} -> {{ mail_key }}: {
style.stroke: "#C9B81F" style.stroke: "#C9B81F"
} }
{{ mail_key }}.{{ svc.name }} {{ mail_subkey }}.{{ svc.name }}
{% endif %} {% endif %}
{% endfor %}{# svc #} {% endfor %}{# svc #}
{% for svc in grid_svcs %} {% for svc in grid_svcs %}
{{ svc }}: { {{ svc }}.class: zero_grid
grid-columns: 3
grid-gap: 0
}
{% endfor %} {% endfor %}

View file

@ -148,6 +148,7 @@ variable "services" {
monitoring = optional(object({ monitoring = optional(object({
url = optional(string) url = optional(string)
group = optional(string) group = optional(string)
interval = optional(string)
conditions = optional(list(string)) conditions = optional(list(string))
})) }))
ports = optional(list(object({ ports = optional(list(object({

View file

@ -11,6 +11,7 @@ icon_overrides = {
"backup": "restic", "backup": "restic",
"dokku": None, "dokku": None,
"extra_services": None, "extra_services": None,
"factorio": None,
"forgejo_runner": "forgejo", "forgejo_runner": "forgejo",
"healthcheck": "healthchecks", "healthcheck": "healthchecks",
"lego": "lets-encrypt", "lego": "lets-encrypt",
@ -96,20 +97,21 @@ if __name__ == '__main__':
with open('./services.auto.tfvars', 'r') as file: with open('./services.auto.tfvars', 'r') as file:
services = hcl2.load(file)["services"][0] services = hcl2.load(file)["services"][0]
db_key = service_key_find("postgresql", services, hosts) keys = {}
auth_key = service_key_find("authentik", services, hosts) keys["db_key"] = service_key_find("postgresql", services, hosts)
monitoring_key = service_key_find("gatus", services, hosts) keys["db_subkey"] = f"{keys["db_key"]}.dbs"
mail_key = service_key_find("mailcowdockerized", services, hosts) keys["auth_key"] = service_key_find("authentik", services, hosts)
keys["auth_subkey"] = f"{keys["auth_key"]}.apps"
keys["mail_key"] = service_key_find("mailcowdockerized", services, hosts)
keys["mail_subkey"] = f"{keys["mail_key"]}.mailboxes"
keys["monitoring_key"] = service_key_find("gatus", services, hosts)
jinja_loader = jinja2.FileSystemLoader(searchpath="./templates") jinja_loader = jinja2.FileSystemLoader(searchpath="./templates")
jinja_env = jinja2.Environment(loader=jinja_loader) jinja_env = jinja2.Environment(loader=jinja_loader)
template = jinja_env.get_template("infrastructure.d2.j2") template = jinja_env.get_template("infrastructure.d2.j2")
print(template.render( print(template.render(
grid_svcs=[db_key, auth_key, mail_key], grid_svcs=[keys["db_subkey"], keys["auth_subkey"], keys["mail_subkey"]],
svcs=parse_services(services, hosts), svcs=parse_services(services, hosts),
hosts=parse_hosts(hosts), hosts=parse_hosts(hosts),
db_key=db_key, **keys
auth_key=auth_key,
monitoring_key=monitoring_key,
mail_key=mail_key,
)) ))