diff --git a/_ansible/.ansible-lint b/_ansible/.ansible-lint new file mode 100644 index 0000000..2a8fdbf --- /dev/null +++ b/_ansible/.ansible-lint @@ -0,0 +1,2 @@ +skip_list: + - var-naming[no-role-prefix] diff --git a/_ansible/roles/acme-dns/tasks/main.yml b/_ansible/roles/acme-dns/tasks/main.yml index ccb52fd..be57c2d 100644 --- a/_ansible/roles/acme-dns/tasks/main.yml +++ b/_ansible/roles/acme-dns/tasks/main.yml @@ -4,8 +4,8 @@ - acme-dns - certificates block: - - import_tasks: steps/create-service-directory.yml - - import_tasks: steps/template-docker-compose.yml + - name: Import prepare tasks for common service + ansible.builtin.import_tasks: tasks/prepare-common-service.yml - name: Setting the service config path ansible.builtin.set_fact: @@ -23,5 +23,5 @@ dest: "{{ (config_path, 'config.cfg') | path_join }}" mode: "0600" - - import_tasks: steps/template-site-config.yml - - import_tasks: steps/start-service.yml + - name: Import start tasks for common service + ansible.builtin.import_tasks: tasks/start-common-service.yml diff --git a/_ansible/roles/acme-dns/vars/main.yml b/_ansible/roles/acme-dns/vars/main.yml index 67baabe..de76049 100644 --- a/_ansible/roles/acme-dns/vars/main.yml +++ b/_ansible/roles/acme-dns/vars/main.yml @@ -1,5 +1,6 @@ +--- svc: - domain: "acme.serguzim.me" + domain: acme.serguzim.me name: acme-dns port: 80 nsadmin: "{{ admin_email | regex_replace('@', '.') }}" @@ -12,7 +13,6 @@ svc: pass: "{{ vault_acmedns.db.pass }}" db: acme_dns - compose: watchtower: true monitoring: true @@ -24,4 +24,4 @@ compose: app: ports: - "53:53" - - "53:53/udp" + - 53:53/udp diff --git a/_ansible/roles/authentik/tasks/main.yml b/_ansible/roles/authentik/tasks/main.yml index 4499674..5fc1ca3 100644 --- a/_ansible/roles/authentik/tasks/main.yml +++ b/_ansible/roles/authentik/tasks/main.yml @@ -4,4 +4,5 @@ - authentik - authentication block: - - import_tasks: deploy-common-service.yml + - name: Import tasks to deploy common service + ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/authentik/vars/main.yml b/_ansible/roles/authentik/vars/main.yml index 5be9368..30a1dcd 100644 --- a/_ansible/roles/authentik/vars/main.yml +++ b/_ansible/roles/authentik/vars/main.yml @@ -1,5 +1,6 @@ +--- svc: - domain: "auth.serguzim.me" + domain: auth.serguzim.me name: authentik port: 9000 image_tag: 2023.8 @@ -32,7 +33,7 @@ svc_env: compose: watchtower: false - image: "ghcr.io/goauthentik/server:{{ svc.image_tag }}" + image: ghcr.io/goauthentik/server:{{ svc.image_tag }} env: true file: services: @@ -41,7 +42,7 @@ compose: depends_on: - redis worker: - image: "ghcr.io/goauthentik/server:{{ svc.image_tag }}" + image: ghcr.io/goauthentik/server:{{ svc.image_tag }} restart: always command: worker user: root @@ -53,7 +54,6 @@ compose: - redis networks: default: - redis: image: redis:alpine restart: always diff --git a/_ansible/roles/caddy/tasks/main.yml b/_ansible/roles/caddy/tasks/main.yml index 18a4793..d688d02 100644 --- a/_ansible/roles/caddy/tasks/main.yml +++ b/_ansible/roles/caddy/tasks/main.yml @@ -5,7 +5,10 @@ - reverse_proxy - webserver block: - - import_tasks: deploy-common-service.yml + - name: Import tasks to deploy common service + ansible.builtin.import_tasks: tasks/deploy-common-service.yml - - import_tasks: clean-sites.yml - - import_tasks: reload-caddy.yml + - name: Import tasks for cleaning sites + ansible.builtin.import_tasks: tasks/clean-sites.yml + - name: Import tasks to reload caddy + ansible.builtin.import_tasks: tasks/reload-caddy.yml diff --git a/_ansible/roles/coder/tasks/main.yml b/_ansible/roles/coder/tasks/main.yml index 9f97c7f..1f65776 100644 --- a/_ansible/roles/coder/tasks/main.yml +++ b/_ansible/roles/coder/tasks/main.yml @@ -3,4 +3,5 @@ tags: - coder block: - - import_tasks: deploy-common-service.yml + - name: Import tasks to deploy common service + ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/coder/vars/main.yml b/_ansible/roles/coder/vars/main.yml index 863ef64..0ef976e 100644 --- a/_ansible/roles/coder/vars/main.yml +++ b/_ansible/roles/coder/vars/main.yml @@ -1,8 +1,9 @@ +--- svc: - domain: "coder.serguzim.me" + domain: coder.serguzim.me additional_domains: - "*.coder.serguzim.me" - caddy_extra: "import acmedns" + caddy_extra: import acmedns name: coder port: 7080 db: @@ -13,12 +14,12 @@ svc: svc_env: CODER_ADDRESS: "0.0.0.0:7080" - CODER_ACCESS_URL: "https://{{ svc.domain }}" + CODER_ACCESS_URL: https://{{ svc.domain }} CODER_WILDCARD_ACCESS_URL: "*.{{ svc.domain }}" - CODER_PG_CONNECTION_URL: "postgres://{{ vault_coder.db.user }}:{{ vault_coder.db.pass }}@{{ svc.db.host }}:{{ svc.db.port }}/coder?sslmode=verify-full" + CODER_PG_CONNECTION_URL: postgres://{{ vault_coder.db.user }}:{{ vault_coder.db.pass }}@{{ svc.db.host }}:{{ svc.db.port }}/coder?sslmode=verify-full - CODER_OIDC_ISSUER_URL: "https://auth.serguzim.me/application/o/coder-serguzim-me/" + CODER_OIDC_ISSUER_URL: https://auth.serguzim.me/application/o/coder-serguzim-me/ CODER_OIDC_CLIENT_ID: "{{ vault_coder.oidc_client.id }}" CODER_OIDC_CLIENT_SECRET: "{{ vault_coder.oidc_client.secret }}" @@ -27,9 +28,9 @@ compose: image: ghcr.io/coder/coder:latest env: true volumes: - - /var/run/docker.sock:/var/run/docker.sock + - /var/run/docker.sock:/var/run/docker.sock file: services: app: group_add: - - "972" # docker group on host + - "972" # docker group on host diff --git a/_ansible/roles/faas/tasks/main.yml b/_ansible/roles/faas/tasks/main.yml index 163fa6f..b3edf88 100644 --- a/_ansible/roles/faas/tasks/main.yml +++ b/_ansible/roles/faas/tasks/main.yml @@ -3,4 +3,5 @@ tags: - faas block: - - import_tasks: steps/template-site-config.yml + - name: Import tasks to template the site and functions for the reverse proxy + ansible.builtin.import_tasks: tasks/steps/template-site-config.yml diff --git a/_ansible/roles/faas/vars/main.yml b/_ansible/roles/faas/vars/main.yml index 8c3a83f..0c2a0c2 100644 --- a/_ansible/roles/faas/vars/main.yml +++ b/_ansible/roles/faas/vars/main.yml @@ -1,30 +1,31 @@ +--- svc: name: faas domain: faas.serguzim.me docker_host: host.docker.internal port: 8080 extra_svcs: - - domain: link.serguzim.me - faas_function: url-mapper - - domain: msrg.cc - faas_function: webpage-msrg-cc - caddy_extra: | - header /.well-known/* Access-Control-Allow-Origin * + - domain: link.serguzim.me + faas_function: url-mapper + - domain: msrg.cc + faas_function: webpage-msrg-cc + caddy_extra: | + header /.well-known/* Access-Control-Allow-Origin * - handle /.well-known/webfinger { - map {query.resource} {user} { - acct:tobias@msrg.cc serguzim - acct:serguzim@msrg.cc serguzim - } - rewrite * /.well-known/webfinger/{user}.json - import faas webpage-msrg-cc - } - - domain: serguzim.me - faas_function: webpage-serguzim-me - www_domain: true - hsts: true - - domain: team-leon.eu - faas_function: webpage-team-leon-eu - www_domain: true - - domain: xn--sder-5qa.stream - faas_function: webpage-soeder-stream + handle /.well-known/webfinger { + map {query.resource} {user} { + acct:tobias@msrg.cc serguzim + acct:serguzim@msrg.cc serguzim + } + rewrite * /.well-known/webfinger/{user}.json + import faas webpage-msrg-cc + } + - domain: serguzim.me + faas_function: webpage-serguzim-me + www_domain: true + hsts: true + - domain: team-leon.eu + faas_function: webpage-team-leon-eu + www_domain: true + - domain: xn--sder-5qa.stream + faas_function: webpage-soeder-stream diff --git a/_ansible/roles/forgejo-runner/tasks/main.yml b/_ansible/roles/forgejo-runner/tasks/main.yml index 13bb769..19bca38 100644 --- a/_ansible/roles/forgejo-runner/tasks/main.yml +++ b/_ansible/roles/forgejo-runner/tasks/main.yml @@ -6,31 +6,35 @@ - ci - forgejo-runner block: - - import_tasks: steps/create-service-directory.yml - - import_tasks: steps/template-docker-compose.yml + - name: Import tasks to create service directory + ansible.builtin.import_tasks: tasks/steps/create-service-directory.yml + - name: Import tasks to template docker compose file + ansible.builtin.import_tasks: tasks/steps/template-docker-compose.yml - name: Copy the config ansible.builtin.copy: src: config.yml dest: "{{ (service_path, 'config.yml') | path_join }}" - mode: '0755' + mode: "0755" - name: Check if service.env already exists ansible.builtin.stat: path: "{{ (service_path, 'service.env') | path_join }}" register: svc_env_file - - import_tasks: prompt-registration-token.yml - when: not svc_env_file.stat.exists or - force_forgejo_runner_registration | default(False) + - name: Import tasks to prompt for the registration token + ansible.builtin.import_tasks: tasks/prompt-registration-token.yml + when: not svc_env_file.stat.exists or force_forgejo_runner_registration | default(False) - - import_tasks: steps/template-service-env.yml - - - import_tasks: steps/start-service.yml + - name: Import tasks create a service.env file + ansible.builtin.import_tasks: tasks/steps/template-service-env.yml + - name: Import start tasks for common service + ansible.builtin.import_tasks: tasks/start-common-service.yml - name: Register runner ansible.builtin.command: - cmd: docker compose run --rm -it app sh -c 'forgejo-runner register --no-interactive --token ${FORGEJO_RUNNER_REGISTRATION_TOKEN} --instance ${FORGEJO_INSTANCE_URL}' + cmd: docker compose run --rm -it app sh -c + 'forgejo-runner register --no-interactive --token ${FORGEJO_RUNNER_REGISTRATION_TOKEN} --instance ${FORGEJO_INSTANCE_URL}' chdir: "{{ service_path }}" - when: not svc_env_file.stat.exists or - force_forgejo_runner_registration | default(False) + when: not svc_env_file.stat.exists or force_forgejo_runner_registration | default(False) + changed_when: true # "when" checks enough. We are sure to change something here. diff --git a/_ansible/roles/forgejo-runner/tasks/prompt-registration-token.yml b/_ansible/roles/forgejo-runner/tasks/prompt-registration-token.yml index 6427e20..d108989 100644 --- a/_ansible/roles/forgejo-runner/tasks/prompt-registration-token.yml +++ b/_ansible/roles/forgejo-runner/tasks/prompt-registration-token.yml @@ -1,11 +1,10 @@ +--- - name: Input forgejo-runner registration token ansible.builtin.pause: - prompt: "Enter a secret" - echo: no + prompt: Enter a secret + echo: false register: promt_registration_token - name: Put registration token into env vars ansible.builtin.set_fact: - svc_env: "{{ svc_env | combine({ - 'FORGEJO_RUNNER_REGISTRATION_TOKEN': promt_registration_token.user_input - }, recursive=True) }}" + svc_env: "{{ svc_env | combine({'FORGEJO_RUNNER_REGISTRATION_TOKEN': promt_registration_token.user_input}, recursive=True) }}" diff --git a/_ansible/roles/forgejo-runner/vars/main.yml b/_ansible/roles/forgejo-runner/vars/main.yml index 920bccc..d4ddf8a 100644 --- a/_ansible/roles/forgejo-runner/vars/main.yml +++ b/_ansible/roles/forgejo-runner/vars/main.yml @@ -1,8 +1,9 @@ +--- svc: name: forgejo-runner svc_env: - FORGEJO_INSTANCE_URL: "https://git.serguzim.me/" + FORGEJO_INSTANCE_URL: https://git.serguzim.me/ FORGEJO_RUNNER_REGISTRATION_TOKEN: DOCKER_HOST: tcp://docker-in-docker:2375 @@ -17,7 +18,7 @@ compose: services: app: hostname: "{{ ansible_facts.hostname }}" - command: "forgejo-runner --config /config/config.yml daemon" + command: forgejo-runner --config /config/config.yml daemon depends_on: - docker-in-docker links: @@ -25,7 +26,7 @@ compose: docker-in-docker: image: docker:dind privileged: true - command: "dockerd -H tcp://0.0.0.0:2375 --tls=false" + command: dockerd -H tcp://0.0.0.0:2375 --tls=false networks: default: volumes: diff --git a/_ansible/roles/forgejo/tasks/main.yml b/_ansible/roles/forgejo/tasks/main.yml index 55df035..1a9bccd 100644 --- a/_ansible/roles/forgejo/tasks/main.yml +++ b/_ansible/roles/forgejo/tasks/main.yml @@ -4,4 +4,5 @@ - forgejo - git block: - - import_tasks: deploy-common-service.yml + - name: Import tasks to deploy common service + ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/forgejo/vars/main.yml b/_ansible/roles/forgejo/vars/main.yml index fc4ed3d..5937350 100644 --- a/_ansible/roles/forgejo/vars/main.yml +++ b/_ansible/roles/forgejo/vars/main.yml @@ -1,5 +1,6 @@ +--- svc: - domain: "git.serguzim.me" + domain: git.serguzim.me name: forgejo port: 3000 caddy_extra: header /attachments/* Access-Control-Allow-Origin * @@ -10,26 +11,26 @@ svc: ssh_port_alt: 3022 svc_env: - FORGEJO__database__DB_TYPE: "postgres" + FORGEJO__database__DB_TYPE: postgres FORGEJO__database__HOST: "{{ svc.db.host }}:{{ svc.db.port }}" - FORGEJO__database__NAME: "forgejo" + FORGEJO__database__NAME: forgejo FORGEJO__database__USER: "{{ vault_forgejo.db.user }}" FORGEJO__database__PASSWD: "{{ vault_forgejo.db.pass }}" - FORGEJO__database__SSL_MODE: "verify-full" + FORGEJO__database__SSL_MODE: verify-full FORGEJO__repository__ENABLE_PUSH_CREATE_USER: true FORGEJO__repository__ENABLE_PUSH_CREATE_ORG: true - FORGEJO__repository__DEFAULT_BRANCH: "main" + FORGEJO__repository__DEFAULT_BRANCH: main FORGEJO__cors__ENABLED: true - FORGEJO__cors__SCHEME: "https" + FORGEJO__cors__SCHEME: https - FORGEJO__ui__DEFAULT_THEME: "arc-green" + FORGEJO__ui__DEFAULT_THEME: arc-green FORGEJO__server__DOMAIN: "{{ svc.domain }}" FORGEJO__server__SSH_DOMAIN: "{{ svc.domain }}" FORGEJO__server__SSH_PORT: "{{ svc.ssh_port }}" - FORGEJO__server__ROOT_URL: "https://{{ svc.domain }}" + FORGEJO__server__ROOT_URL: https://{{ svc.domain }} FORGEJO__server__OFFLINE_MODE: true FORGEJO__server__LFS_JWT_SECRET: "{{ vault_forgejo.server_lfs_jwt_secret }}" FORGEJO__server__LFS_START_SERVER: true @@ -44,34 +45,34 @@ svc_env: FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: true FORGEJO__service__ENABLE_BASIC_AUTHENTICATION: false FORGEJO__service__DEFAULT_KEEP_EMAIL_PRIVATE: true - FORGEJO__service__NO_REPLY_ADDRESS: "discard.msrg.cc" + FORGEJO__service__NO_REPLY_ADDRESS: discard.msrg.cc FORGEJO__webhook__DELIVER_TIMEOUT: 60 FORGEJO__mailer__ENABLED: true - FORGEJO__mailer__PROTOCOL: "smtp+starttls" - FORGEJO__mailer__SMTP_ADDR: "mail.serguzim.me" + FORGEJO__mailer__PROTOCOL: smtp+starttls + FORGEJO__mailer__SMTP_ADDR: mail.serguzim.me FORGEJO__mailer__SMTP_PORT: 587 - FORGEJO__mailer__FROM: "Forgejo " - FORGEJO__mailer__USER: "git@serguzim.me" + FORGEJO__mailer__FROM: Forgejo + FORGEJO__mailer__USER: git@serguzim.me FORGEJO__mailer__PASSWD: "{{ vault_forgejo.mailer_passwd }}" FORGEJO__mailer__SEND_AS_PLAIN_TEXT: true FORGEJO__picture__DISABLE_GRAVATAR: true - FORGEJO__oauth2__JWT_SECRET: "{{ vault_forgejo. oauth2_jwt_secret}}" + FORGEJO__oauth2__JWT_SECRET: "{{ vault_forgejo.oauth2_jwt_secret }}" FORGEJO__metrics__ENABLED: true FORGEJO__metrics__TOKEN: "{{ vault_metrics_token }}" FORGEJO__actions__ENABLED: true - FORGEJO__storage__STORAGE_TYPE: "minio" - FORGEJO__storage__MINIO_ENDPOINT: "s3.serguzim.me" + FORGEJO__storage__STORAGE_TYPE: minio + FORGEJO__storage__MINIO_ENDPOINT: s3.serguzim.me FORGEJO__storage__MINIO_ACCESS_KEY_ID: "{{ vault_forgejo.minio.access_key_id }}" FORGEJO__storage__MINIO_SECRET_ACCESS_KEY: "{{ vault_forgejo.minio.secret_access_key }}" - FORGEJO__storage__MINIO_BUCKET: "forgejo" - FORGEJO__storage__MINIO_LOCATION: "de-contabo-1" + FORGEJO__storage__MINIO_BUCKET: forgejo + FORGEJO__storage__MINIO_LOCATION: de-contabo-1 FORGEJO__storage__MINIO_USE_SSL: true FORGEJO__other__SHOW_FOOTER_VERSION: true @@ -93,4 +94,3 @@ compose: - "{{ svc.ssh_port_alt }}:{{ svc.ssh_port }}" volumes: data: - diff --git a/_ansible/roles/harbor/tasks/main.yml b/_ansible/roles/harbor/tasks/main.yml index d49d8f0..9e0575a 100644 --- a/_ansible/roles/harbor/tasks/main.yml +++ b/_ansible/roles/harbor/tasks/main.yml @@ -4,8 +4,11 @@ - harbor - registry block: - - import_tasks: steps/create-service-directory.yml - - import_tasks: steps/template-site-config.yml + - name: Import prepare tasks for common service + ansible.builtin.import_tasks: tasks/prepare-common-service.yml + + - name: Import tasks to template the site for the reverse proxy + ansible.builtin.import_tasks: tasks/steps/template-site-config.yml - name: Template config ansible.builtin.template: @@ -17,12 +20,13 @@ ansible.builtin.unarchive: src: https://github.com/goharbor/harbor/releases/download/v{{ svc.harbor_version }}/harbor-online-installer-v{{ svc.harbor_version }}.tgz dest: "{{ service_path }}" - remote_src: yes + remote_src: true - name: Run the harbor prepare command ansible.builtin.command: cmd: "{{ service_path }}/harbor/prepare" chdir: "{{ service_path }}" + creates: "{{ (service_path, 'docker-compose.yml') | path_join }}" environment: HARBOR_BUNDLE_DIR: "{{ service_path }}" @@ -33,3 +37,4 @@ environment: HARBOR_BUNDLE_DIR: "{{ service_path }}" become: true + changed_when: true # TODO find way to recognize need to run install command diff --git a/_ansible/roles/harbor/vars/main.yml b/_ansible/roles/harbor/vars/main.yml index a5ee137..f0a594d 100644 --- a/_ansible/roles/harbor/vars/main.yml +++ b/_ansible/roles/harbor/vars/main.yml @@ -1,3 +1,4 @@ +--- svc_ports: http: 20080 https: 20443 @@ -5,7 +6,8 @@ svc_ports: svc: name: harbor - domain: "registry.serguzim.me" + no_compose: true # TODO remove when fixing "var-naming[no-role-prefix]" + domain: registry.serguzim.me caddy_extra: | reverse_proxy /metrics host.docker.internal:{{ svc_ports.metrics }} reverse_proxy host.docker.internal:{{ svc_ports.https }} { @@ -75,9 +77,9 @@ svc_yml: max_idle_conns: 2 max_open_conns: 0 proxy: - http_proxy: null - https_proxy: null - no_proxy: null + http_proxy: + https_proxy: + no_proxy: components: - core - jobservice diff --git a/_ansible/roles/healthcheck/tasks/main.yml b/_ansible/roles/healthcheck/tasks/main.yml index 01a3cc9..58ec49b 100644 --- a/_ansible/roles/healthcheck/tasks/main.yml +++ b/_ansible/roles/healthcheck/tasks/main.yml @@ -3,38 +3,40 @@ tags: - healthcheck block: - - import_tasks: steps/create-service-directory.yml + - name: Import tasks to create service directory + ansible.builtin.import_tasks: tasks/steps/create-service-directory.yml - name: Copy the docker-compose file ansible.builtin.copy: src: docker-compose.yml dest: "{{ (service_path, 'docker-compose.yml') | path_join }}" - mode: '0644' + mode: "0644" - name: Copy the Dockerfile ansible.builtin.copy: src: Dockerfile dest: "{{ (service_path, 'Dockerfile') | path_join }}" - mode: '0644' + mode: "0644" - name: Copy the data files ansible.builtin.copy: src: data dest: "{{ service_path }}" - mode: '0755' + mode: "0755" - name: Copy the system service ansible.builtin.copy: src: healthcheck@.service - dest: "/etc/systemd/system/healthcheck@.service" - mode: '0644' + dest: /etc/systemd/system/healthcheck@.service + mode: "0644" become: true - name: Copy the system timer ansible.builtin.copy: src: healthcheck@.timer - dest: "/etc/systemd/system/healthcheck@.timer" - mode: '0644' + dest: /etc/systemd/system/healthcheck@.timer + mode: "0644" become: true - - import_tasks: steps/template-service-env.yml + - name: Import tasks create a service.env file + ansible.builtin.import_tasks: tasks/steps/template-service-env.yml - name: Build service ansible.builtin.command: @@ -43,4 +45,4 @@ when: - "'local-dev' != inventory_hostname" register: cmd_result - changed_when: True + changed_when: true diff --git a/_ansible/roles/healthcheck/vars/main.yml b/_ansible/roles/healthcheck/vars/main.yml index 7383d2d..6aadc0b 100644 --- a/_ansible/roles/healthcheck/vars/main.yml +++ b/_ansible/roles/healthcheck/vars/main.yml @@ -1,13 +1,14 @@ +--- svc: name: healthcheck svc_env: - USER_AGENT: "healthcheck-bot for serguzim.net" + USER_AGENT: healthcheck-bot for serguzim.net HTTP_HC_UID: "{{ vault_healthcheck.hc_uid.http }}" - MATRIX_SERVER: "https://matrix.msrg.cc" - MATRIX_SERVER_FEDTESTER: "msrg.cc" + MATRIX_SERVER: https://matrix.msrg.cc + MATRIX_SERVER_FEDTESTER: msrg.cc MATRIX_HC_UID: "{{ vault_healthcheck.hc_uid.matrix }}" MATRIX_TOKEN: "{{ vault_healthcheck.matrix.token }}" MATRIX_ROOM: "{{ vault_healthcheck.matrix.room }}" diff --git a/_ansible/roles/homebox/tasks/main.yml b/_ansible/roles/homebox/tasks/main.yml index bb1fad4..290296d 100644 --- a/_ansible/roles/homebox/tasks/main.yml +++ b/_ansible/roles/homebox/tasks/main.yml @@ -4,4 +4,5 @@ - homebox - inventory block: - - import_tasks: deploy-common-service.yml + - name: Import tasks to deploy common service + ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/homebox/vars/main.yml b/_ansible/roles/homebox/vars/main.yml index 4f70e83..58592ff 100644 --- a/_ansible/roles/homebox/vars/main.yml +++ b/_ansible/roles/homebox/vars/main.yml @@ -1,5 +1,6 @@ +--- svc: - domain: "inventory.serguzim.me" + domain: inventory.serguzim.me name: homebox port: 7745 @@ -21,4 +22,3 @@ compose: file: volumes: data: - diff --git a/_ansible/roles/influxdb/tasks/main.yml b/_ansible/roles/influxdb/tasks/main.yml index ab39099..75a6e46 100644 --- a/_ansible/roles/influxdb/tasks/main.yml +++ b/_ansible/roles/influxdb/tasks/main.yml @@ -4,8 +4,8 @@ - influxdb - sensors block: - - import_tasks: steps/create-service-directory.yml - - import_tasks: steps/template-docker-compose.yml + - name: Import prepare tasks for common service + ansible.builtin.import_tasks: tasks/prepare-common-service.yml - name: Template config ansible.builtin.template: @@ -13,5 +13,5 @@ dest: "{{ (service_path, 'influxdb.yml') | path_join }}" mode: "0600" - - import_tasks: steps/template-site-config.yml - - import_tasks: steps/start-service.yml + - name: Import start tasks for common service + ansible.builtin.import_tasks: tasks/start-common-service.yml diff --git a/_ansible/roles/influxdb/vars/main.yml b/_ansible/roles/influxdb/vars/main.yml index 4dc6aa8..f2cbf8c 100644 --- a/_ansible/roles/influxdb/vars/main.yml +++ b/_ansible/roles/influxdb/vars/main.yml @@ -1,8 +1,9 @@ +--- svc: - domain: "tick.serguzim.me" + domain: tick.serguzim.me name: influxdb port: 8086 - data_dir: "/var/lib/influxdb2" + data_dir: /var/lib/influxdb2 svc_yml: assets-path: "" @@ -10,7 +11,7 @@ svc_yml: e2e-testing: false engine-path: "{{ (svc.data_dir, 'engine') | path_join }}" feature-flags: {} - http-bind-address: 0.0.0.0:{{ svc.port }} + http-bind-address: "0.0.0.0:{{ svc.port }}" influxql-max-select-buckets: 0 influxql-max-select-point: 0 influxql-max-select-series: 0 @@ -42,7 +43,7 @@ svc_yml: storage-shard-precreator-check-interval: 10m0s storage-tsm-use-madv-willneed: false storage-validate-keys: false - storage-wal-fsync-delay: 0s + storage-wal-fsync-delay: "0s" store: bolt testing-always-allow-setup: false tls-cert: "" @@ -55,7 +56,7 @@ svc_yml: vault-capath: "" vault-client-cert: "" vault-client-key: "" - vault-client-timeout: 0s + vault-client-timeout: "0s" vault-max-retries: 0 vault-skip-verify: false vault-tls-server-name: "" diff --git a/_ansible/roles/jellyfin/tasks/main.yml b/_ansible/roles/jellyfin/tasks/main.yml index 0f6e4a2..9be53ba 100644 --- a/_ansible/roles/jellyfin/tasks/main.yml +++ b/_ansible/roles/jellyfin/tasks/main.yml @@ -4,4 +4,5 @@ - jellyfin - media block: - - import_tasks: deploy-common-service.yml + - name: Import tasks to deploy common service + ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/jellyfin/vars/main.yml b/_ansible/roles/jellyfin/vars/main.yml index e33974b..efe63d8 100644 --- a/_ansible/roles/jellyfin/vars/main.yml +++ b/_ansible/roles/jellyfin/vars/main.yml @@ -1,5 +1,6 @@ +--- svc: - domain: "media.serguzim.me" + domain: media.serguzim.me name: jellyfin port: 8096 db: @@ -7,7 +8,7 @@ svc: port: "{{ postgres.port }}" svc_env: - JELLYFIN_PublishedServerUrl: "https://{{ svc. domain }}" + JELLYFIN_PublishedServerUrl: https://{{ svc.domain }} compose: watchtower: true @@ -25,4 +26,3 @@ compose: config: cache: media: - diff --git a/_ansible/roles/mailcow/tasks/main.yml b/_ansible/roles/mailcow/tasks/main.yml index fd2ba44..09514cd 100644 --- a/_ansible/roles/mailcow/tasks/main.yml +++ b/_ansible/roles/mailcow/tasks/main.yml @@ -4,4 +4,5 @@ - mailcow - email block: - - import_tasks: steps/template-site-config.yml + - name: Import tasks to template the site for the reverse proxy + ansible.builtin.import_tasks: tasks/steps/template-site-config.yml diff --git a/_ansible/roles/mailcow/vars/main.yml b/_ansible/roles/mailcow/vars/main.yml index 3f2d236..e481d11 100644 --- a/_ansible/roles/mailcow/vars/main.yml +++ b/_ansible/roles/mailcow/vars/main.yml @@ -1,3 +1,4 @@ +--- svc: name: mailcow domain: mail.serguzim.me diff --git a/_ansible/roles/minecraft-2/tasks/main.yml b/_ansible/roles/minecraft-2/tasks/main.yml index 422055a..a33d81f 100644 --- a/_ansible/roles/minecraft-2/tasks/main.yml +++ b/_ansible/roles/minecraft-2/tasks/main.yml @@ -5,4 +5,5 @@ - minecraft - games block: - - import_tasks: deploy-common-service.yml + - name: Import tasks to deploy common service + ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/minecraft-2/vars/main.yml b/_ansible/roles/minecraft-2/vars/main.yml index 63d624f..c735bb5 100644 --- a/_ansible/roles/minecraft-2/vars/main.yml +++ b/_ansible/roles/minecraft-2/vars/main.yml @@ -1,3 +1,4 @@ +--- svc: name: minecraft-2 @@ -21,7 +22,7 @@ svc_env: FUNCTION_PERMISSION_LEVEL: 2 GENERATE_STRUCTURES: true HARDCORDE: false - ICON: + ICON: LEVEL_TYPE: DEFAULT MAX_BUILD_HEIGHT: 512 MAX_MEMORY: 4G @@ -29,7 +30,7 @@ svc_env: MAX_PLAYERS: 64 MAX_WORLD_SIZE: 30000000 MODE: survival - MOTD: + MOTD: NETWORK_COMPRESSION_THRESHOLD: 256 PVP: true SERVER_NAME: minecraft.serguzim.me @@ -63,6 +64,6 @@ compose: services: app: ports: - - "25565:25565" + - 25565:25565 volumes: data: diff --git a/_ansible/roles/minio/tasks/main.yml b/_ansible/roles/minio/tasks/main.yml index b723f9e..ae464b2 100644 --- a/_ansible/roles/minio/tasks/main.yml +++ b/_ansible/roles/minio/tasks/main.yml @@ -4,4 +4,5 @@ - minio - storage block: - - import_tasks: deploy-common-service.yml + - name: Import tasks to deploy common service + ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/minio/vars/main.yml b/_ansible/roles/minio/vars/main.yml index 00967de..efe1799 100644 --- a/_ansible/roles/minio/vars/main.yml +++ b/_ansible/roles/minio/vars/main.yml @@ -1,21 +1,22 @@ +--- svc: - domain: "s3.serguzim.me" + domain: s3.serguzim.me name: minio port: 9000 caddy_extra: | - @nocache { - query nocache=* - } - header @nocache "Cache-Control" "no-store, no-cache" + @nocache { + query nocache=* + } + header @nocache "Cache-Control" "no-store, no-cache" extra_svcs: - - domain: console.s3.serguzim.me - docker_host: minio - port: 9001 + - domain: console.s3.serguzim.me + docker_host: minio + port: 9001 svc_env: - MINIO_SERVER_URL: "https://{{ svc.domain }}/" - MINIO_BROWSER_REDIRECT_URL: "https://console.{{ svc.domain }}" - MINIO_VOLUMES: "/data" + MINIO_SERVER_URL: https://{{ svc.domain }}/ + MINIO_BROWSER_REDIRECT_URL: https://console.{{ svc.domain }} + MINIO_VOLUMES: /data MINIO_ROOT_USER: "{{ vault_minio.user }}" MINIO_ROOT_PASSWORD: "{{ vault_minio.pass }}" diff --git a/_ansible/roles/synapse/tasks/main.yml b/_ansible/roles/synapse/tasks/main.yml index dc769cf..b9bbe96 100644 --- a/_ansible/roles/synapse/tasks/main.yml +++ b/_ansible/roles/synapse/tasks/main.yml @@ -4,11 +4,13 @@ - synapse - matrix block: - - import_tasks: prepare-common-service.yml + - name: Import prepare tasks for common service + ansible.builtin.import_tasks: tasks/prepare-common-service.yml - name: Set synapse config path ansible.builtin.set_fact: config_path: "{{ (service_path, svc.config_path) | path_join }}" + - name: Create config directory ansible.builtin.file: path: "{{ config_path }}" @@ -20,17 +22,18 @@ src: service.yml.j2 dest: "{{ (config_path, 'homeserver.yaml') | path_join }}" mode: "0644" - + - name: Copy the log config ansible.builtin.copy: src: msrg.cc.log.config dest: "{{ (config_path, 'msrg.cc.log.config') | path_join }}" - mode: '0644' + mode: "0644" - name: Copy the signing key ansible.builtin.copy: content: "{{ vault_synapse.signing_key }}" dest: "{{ (config_path, 'msrg.cc.signing.key') | path_join }}" - mode: '0644' + mode: "0644" - - import_tasks: start-common-service.yml + - name: Import start tasks for common service + ansible.builtin.import_tasks: tasks/start-common-service.yml diff --git a/_ansible/roles/synapse/vars/main.yml b/_ansible/roles/synapse/vars/main.yml index a8ec5a5..930e19b 100644 --- a/_ansible/roles/synapse/vars/main.yml +++ b/_ansible/roles/synapse/vars/main.yml @@ -1,6 +1,7 @@ +--- svc: name: synapse - domain: "matrix.msrg.cc" + domain: matrix.msrg.cc docker_host: synapse-admin port: 80 caddy_extra: | @@ -11,7 +12,7 @@ svc: reverse_proxy synapse:8008 } extra_svcs: - - domain: "msrg.cc:8008" + - domain: msrg.cc:8008 additional_domains: - matrix.msrg.cc:8448 - matrix.msrg.cc:8008 @@ -30,7 +31,7 @@ svc_env: REACT_APP_SERVER: https://matrix.msrg.cc svc_yml: - server_name: "msrg.cc" + server_name: msrg.cc pid_file: "{{ (svc.config_path, 'homeserver.pid') | path_join }}" public_baseurl: https://matrix.msrg.cc/ allow_public_rooms_without_auth: true @@ -43,28 +44,28 @@ svc_yml: x_forwarded: true resources: - names: - - client - - federation - - metrics + - client + - federation + - metrics compress: false - admin_contact: "mailto:{{ admin_email }}" + admin_contact: mailto:{{ admin_email }} acme: - enabled: false + enabled: false database: - name: "psycopg2" - args: - user: "{{ svc.db.user }}" - password: "{{ svc.db.pass }}" - database: "{{ svc.db.database }}" - host: "{{ svc.db.host }}" - cp_min: 5 - cp_max: 10 + name: psycopg2 + args: + user: "{{ svc.db.user }}" + password: "{{ svc.db.pass }}" + database: "{{ svc.db.database }}" + host: "{{ svc.db.host }}" + cp_min: 5 + cp_max: 10 log_config: "{{ (svc.config_path, 'msrg.cc.log.config') | path_join }}" - media_store_path: "/media_store" + media_store_path: /media_store max_upload_size: 500M enable_registration: false enable_metrics: true @@ -75,19 +76,19 @@ svc_yml: signing_key_path: "{{ (svc.config_path, 'msrg.cc.signing.key') | path_join }}" trusted_key_servers: - - server_name: "matrix.org" + - server_name: matrix.org suppress_key_server_warning: true oidc_providers: - - idp_id: "auth_serguzim_me" - idp_name: "auth.serguzim.me" - issuer: "https://auth.serguzim.me/application/o/matrix_serguzim_me/" + - idp_id: auth_serguzim_me + idp_name: auth.serguzim.me + issuer: https://auth.serguzim.me/application/o/matrix_serguzim_me/ client_id: "{{ vault_synapse.oidc_client.id }}" client_secret: "{{ vault_synapse.oidc_client.secret }}" scopes: - - "openid" - - "profile" - - "email" + - openid + - profile + - email user_mapping_provider: config: localpart_template: "{{ '{{ user.preferred_username }}' }}" @@ -96,10 +97,10 @@ svc_yml: email: smtp_host: mail.serguzim.me smtp_port: 587 - smtp_user: "matrix@serguzim.me" + smtp_user: matrix@serguzim.me smtp_pass: "{{ vault_synapse.mail.pass }}" require_transport_security: true - notif_from: "Matrix " + notif_from: Matrix compose: watchtower: true @@ -111,15 +112,15 @@ compose: file: services: synapse-admin: - image: awesometechnologies/synapse-admin - restart: always - labels: - com.centurylinklabs.watchtower.enable: true - env_file: - - service.env - networks: - apps: - aliases: - - synapse-admin + image: awesometechnologies/synapse-admin + restart: always + labels: + com.centurylinklabs.watchtower.enable: true + env_file: + - service.env + networks: + apps: + aliases: + - synapse-admin volumes: media_store: diff --git a/_ansible/roles/tandoor/tasks/main.yml b/_ansible/roles/tandoor/tasks/main.yml index ebe514f..f10ffcd 100644 --- a/_ansible/roles/tandoor/tasks/main.yml +++ b/_ansible/roles/tandoor/tasks/main.yml @@ -4,4 +4,5 @@ - tandoor - recipies block: - - import_tasks: deploy-common-service.yml + - name: Import tasks to deploy common service + ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/tandoor/vars/main.yml b/_ansible/roles/tandoor/vars/main.yml index 2359e14..b109ade 100644 --- a/_ansible/roles/tandoor/vars/main.yml +++ b/_ansible/roles/tandoor/vars/main.yml @@ -1,5 +1,6 @@ +--- svc: - domain: "recipes.serguzim.me" + domain: recipes.serguzim.me name: tandoor port: 80 db: @@ -18,7 +19,7 @@ svc_env: TZ: "{{ timezone }}" DB_ENGINE: django.db.backends.postgresql - DB_OPTIONS: "{\"sslmode\": \"require\"}" + DB_OPTIONS: '{"sslmode": "require"}' POSTGRES_HOST: "{{ svc.db.host }}" POSTGRES_PORT: "{{ svc.db.port }}" POSTGRES_DB: "{{ svc.db.database }}" @@ -61,4 +62,3 @@ compose: nginx_config: staticfiles: mediafiles: - diff --git a/_ansible/roles/telegraf/tasks/main.yml b/_ansible/roles/telegraf/tasks/main.yml index 88cf4d3..e4bac9a 100644 --- a/_ansible/roles/telegraf/tasks/main.yml +++ b/_ansible/roles/telegraf/tasks/main.yml @@ -4,8 +4,8 @@ - telegraf - monitoring block: - - import_tasks: steps/create-service-directory.yml - - import_tasks: steps/template-docker-compose.yml + - name: Import prepare tasks for common service + ansible.builtin.import_tasks: tasks/prepare-common-service.yml - name: Template config ansible.builtin.template: @@ -14,10 +14,10 @@ mode: "0664" register: cmd_result - - name: Set the docker force-recreate flag ansible.builtin.set_fact: - docker_force_recreate: "--force-recreate" - when: cmd_result.changed + docker_force_recreate: --force-recreate + when: cmd_result.changed # noqa: no-handler We need to handle the restart per service. Handlers don't support variables. - - import_tasks: steps/start-service.yml + - name: Import start tasks for common service + ansible.builtin.import_tasks: tasks/start-common-service.yml diff --git a/_ansible/roles/telegraf/vars/main.yml b/_ansible/roles/telegraf/vars/main.yml index b25e529..fafc718 100644 --- a/_ansible/roles/telegraf/vars/main.yml +++ b/_ansible/roles/telegraf/vars/main.yml @@ -1,7 +1,8 @@ +--- svc: name: telegraf influxdb: - url: "https://tick.serguzim.me" + url: https://tick.serguzim.me token: "{{ vault_telegraf.influxdb_token }}" organization: serguzim.net bucket: metrics @@ -17,9 +18,9 @@ svc: pass: "{{ vault_telegraf.db.pass }}" host: "{{ postgres.host }}" port: "{{ postgres.port }}" - database: "telegraf" + database: telegraf docker_log: - endpoint: "unix:///var/run/docker.sock" + endpoint: unix:///var/run/docker.sock # from_beginning: false # timeout: "5s" @@ -32,12 +33,12 @@ svc: ## Set the source tag for the metrics to the container ID hostname, eg first 12 chars source_tag: false - ## Optional TLS Config - # tls_ca: "/etc/telegraf/ca.pem" - # tls_cert: "/etc/telegraf/cert.pem" - # tls_key: "/etc/telegraf/key.pem" - ## Use TLS but skip chain & host verification - # insecure_skip_verify: false +## Optional TLS Config +# tls_ca: "/etc/telegraf/ca.pem" +# tls_cert: "/etc/telegraf/cert.pem" +# tls_key: "/etc/telegraf/key.pem" +## Use TLS but skip chain & host verification +# insecure_skip_verify: false compose: watchtower: false @@ -50,6 +51,6 @@ compose: app: user: telegraf group_add: - - "972" # docker group on host + - "972" # docker group on host volumes: data: diff --git a/_ansible/roles/tinytinyrss/tasks/main.yml b/_ansible/roles/tinytinyrss/tasks/main.yml index f81b6cb..ea72425 100644 --- a/_ansible/roles/tinytinyrss/tasks/main.yml +++ b/_ansible/roles/tinytinyrss/tasks/main.yml @@ -5,12 +5,14 @@ - tt-rss - news block: - - import_tasks: prepare-common-service.yml + - name: Import prepare tasks for common service + ansible.builtin.import_tasks: tasks/prepare-common-service.yml - name: Copy the nginx-config ansible.builtin.copy: src: nginx.conf dest: "{{ (service_path, 'nginx.conf') | path_join }}" - mode: '0644' + mode: "0644" - - import_tasks: start-common-service.yml + - name: Import start tasks for common service + ansible.builtin.import_tasks: tasks/start-common-service.yml diff --git a/_ansible/roles/tinytinyrss/vars/main.yml b/_ansible/roles/tinytinyrss/vars/main.yml index a5c4cff..ce48347 100644 --- a/_ansible/roles/tinytinyrss/vars/main.yml +++ b/_ansible/roles/tinytinyrss/vars/main.yml @@ -1,5 +1,6 @@ +--- svc: - domain: "rss.serguzim.me" + domain: rss.serguzim.me name: tinytinyrss port: 80 db: @@ -39,7 +40,6 @@ compose: - app:/var/www/html networks: default: - updater: image: cthulhoo/ttrss-fpm-pgsql-static restart: always @@ -54,4 +54,3 @@ compose: default: volumes: app: - diff --git a/_ansible/roles/umami/tasks/main.yml b/_ansible/roles/umami/tasks/main.yml index bc2b3a7..20d794b 100644 --- a/_ansible/roles/umami/tasks/main.yml +++ b/_ansible/roles/umami/tasks/main.yml @@ -4,4 +4,5 @@ - umami - analytics block: - - import_tasks: deploy-common-service.yml + - name: Import tasks to deploy common service + ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/umami/vars/main.yml b/_ansible/roles/umami/vars/main.yml index 8e6c722..23b5d27 100644 --- a/_ansible/roles/umami/vars/main.yml +++ b/_ansible/roles/umami/vars/main.yml @@ -1,5 +1,6 @@ +--- svc: - domain: "analytics.serguzim.me" + domain: analytics.serguzim.me name: umami port: 3000 db: diff --git a/_ansible/roles/uptime-kuma/tasks/main.yml b/_ansible/roles/uptime-kuma/tasks/main.yml index 046fe57..70e3f74 100644 --- a/_ansible/roles/uptime-kuma/tasks/main.yml +++ b/_ansible/roles/uptime-kuma/tasks/main.yml @@ -4,4 +4,5 @@ - uptime-kuma - status block: - - import_tasks: deploy-common-service.yml + - name: Import tasks to deploy common service + ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/uptime-kuma/vars/main.yml b/_ansible/roles/uptime-kuma/vars/main.yml index f33fbf6..6411fa6 100644 --- a/_ansible/roles/uptime-kuma/vars/main.yml +++ b/_ansible/roles/uptime-kuma/vars/main.yml @@ -1,7 +1,8 @@ +--- svc: - domain: "status.serguzim.me" + domain: status.serguzim.me additional_domains: - - "status.serguzim.net" + - status.serguzim.net name: uptime-kuma port: 3001 @@ -13,4 +14,3 @@ compose: file: volumes: data: - diff --git a/_ansible/roles/watchtower/tasks/main.yml b/_ansible/roles/watchtower/tasks/main.yml index a186da3..e3abe13 100644 --- a/_ansible/roles/watchtower/tasks/main.yml +++ b/_ansible/roles/watchtower/tasks/main.yml @@ -4,10 +4,11 @@ - watchtower - container block: - - import_tasks: deploy-common-service.yml - + - name: Import tasks to deploy common service + ansible.builtin.import_tasks: tasks/deploy-common-service.yml + - name: Copy the run-once script ansible.builtin.copy: src: run-once.sh dest: "{{ (service_path, 'run-once.sh') | path_join }}" - mode: '0755' + mode: "0755" diff --git a/_ansible/roles/watchtower/vars/main.yml b/_ansible/roles/watchtower/vars/main.yml index a1549c0..425636f 100644 --- a/_ansible/roles/watchtower/vars/main.yml +++ b/_ansible/roles/watchtower/vars/main.yml @@ -1,3 +1,4 @@ +--- svc: name: watchtower diff --git a/_ansible/roles/webdis/tasks/main.yml b/_ansible/roles/webdis/tasks/main.yml index 7fadc6b..0628dfa 100644 --- a/_ansible/roles/webdis/tasks/main.yml +++ b/_ansible/roles/webdis/tasks/main.yml @@ -3,12 +3,14 @@ tags: - webdis block: - - import_tasks: steps/create-service-directory.yml + - name: Import prepare tasks for common service + ansible.builtin.import_tasks: tasks/prepare-common-service.yml - name: Copy the config ansible.builtin.copy: src: webdis.json dest: "{{ (service_path, 'webdis.json') | path_join }}" - mode: '0755' + mode: "0755" - - import_tasks: deploy-common-service.yml + - name: Import start tasks for common service + ansible.builtin.import_tasks: tasks/start-common-service.yml diff --git a/_ansible/roles/webdis/vars/main.yml b/_ansible/roles/webdis/vars/main.yml index 4250ba4..67c721e 100644 --- a/_ansible/roles/webdis/vars/main.yml +++ b/_ansible/roles/webdis/vars/main.yml @@ -1,6 +1,7 @@ +--- svc: name: webdis - domain: "webdis.huck.serguzim.me" + domain: webdis.huck.serguzim.me port: 7379 compose: diff --git a/_ansible/roles/wiki-js/tasks/main.yml b/_ansible/roles/wiki-js/tasks/main.yml index 33eb559..6d3db10 100644 --- a/_ansible/roles/wiki-js/tasks/main.yml +++ b/_ansible/roles/wiki-js/tasks/main.yml @@ -3,4 +3,5 @@ tags: - wiki-js block: - - import_tasks: deploy-common-service.yml + - name: Import tasks to deploy common service + ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/wiki-js/vars/main.yml b/_ansible/roles/wiki-js/vars/main.yml index d8c1ff8..98659fb 100644 --- a/_ansible/roles/wiki-js/vars/main.yml +++ b/_ansible/roles/wiki-js/vars/main.yml @@ -1,5 +1,6 @@ +--- svc: - domain: "wiki.serguzim.me" + domain: wiki.serguzim.me name: wiki-js port: 3000 db: @@ -7,7 +8,7 @@ svc: port: "{{ postgres.port }}" user: "{{ vault_wiki_js.db.user }}" pass: "{{ vault_wiki_js.db.pass }}" - name: "wikijs" + name: wikijs svc_env: DB_TYPE: postgres diff --git a/_ansible/roles/woodpecker/tasks/main.yml b/_ansible/roles/woodpecker/tasks/main.yml index 9c9604d..b229204 100644 --- a/_ansible/roles/woodpecker/tasks/main.yml +++ b/_ansible/roles/woodpecker/tasks/main.yml @@ -4,4 +4,5 @@ - woodpecker - ci block: - - import_tasks: deploy-common-service.yml + - name: Import tasks to deploy common service + ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/woodpecker/vars/main.yml b/_ansible/roles/woodpecker/vars/main.yml index dc214e1..d091d61 100644 --- a/_ansible/roles/woodpecker/vars/main.yml +++ b/_ansible/roles/woodpecker/vars/main.yml @@ -1,11 +1,12 @@ +--- svc: - domain: "ci.serguzim.me" + domain: ci.serguzim.me name: woodpecker port: 8000 extra_svcs: - - domain: agents.ci.serguzim.me - docker_host: h2c://woodpecker - port: 9000 + - domain: agents.ci.serguzim.me + docker_host: h2c://woodpecker + port: 9000 db: host: "{{ postgres.host }}" port: "{{ postgres.port }}" @@ -15,8 +16,8 @@ svc: svc_env: WOODPECKER_OPEN: true - WOODPECKER_HOST: "https://{{ svc.domain }}" - WOODPECKER_ADMIN: "serguzim" + WOODPECKER_HOST: https://{{ svc.domain }} + WOODPECKER_ADMIN: serguzim WOODPECKER_AGENT_SECRET: "{{ vault_woodpecker.agent_secret }}" WOODPECKER_PROMETHEUS_AUTH_TOKEN: "{{ vault_metrics_token }}" @@ -24,12 +25,12 @@ svc_env: WOODPECKER_GRPC_SECURE: true WOODPECKER_GITEA: true - WOODPECKER_GITEA_URL: "https://git.serguzim.me" + WOODPECKER_GITEA_URL: https://git.serguzim.me WOODPECKER_GITEA_CLIENT: "{{ vault_woodpecker.gitea.client }}" WOODPECKER_GITEA_SECRET: "{{ vault_woodpecker.gitea.secret }}" - WOODPECKER_DATABASE_DRIVER: "postgres" - WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ svc.db.user }}:{{ svc.db.pass }}@{{ svc.db.host }}:{{ svc.db.port }}/{{ svc.db.database }}?sslmode=verify-full" + WOODPECKER_DATABASE_DRIVER: postgres + WOODPECKER_DATABASE_DATASOURCE: postgres://{{ svc.db.user }}:{{ svc.db.pass }}@{{ svc.db.host }}:{{ svc.db.port }}/{{ svc.db.database }}?sslmode=verify-full compose: watchtower: true diff --git a/_ansible/tasks/deploy-common-service.yml b/_ansible/tasks/deploy-common-service.yml index be98c17..a4a372f 100644 --- a/_ansible/tasks/deploy-common-service.yml +++ b/_ansible/tasks/deploy-common-service.yml @@ -1,2 +1,5 @@ -- import_tasks: prepare-common-service.yml -- import_tasks: start-common-service.yml +--- +- name: Import prepare tasks for common service + ansible.builtin.import_tasks: tasks/prepare-common-service.yml +- name: Import start tasks for common service + ansible.builtin.import_tasks: tasks/start-common-service.yml diff --git a/_ansible/tasks/prepare-common-service.yml b/_ansible/tasks/prepare-common-service.yml index db763e6..e62f32d 100644 --- a/_ansible/tasks/prepare-common-service.yml +++ b/_ansible/tasks/prepare-common-service.yml @@ -1,4 +1,11 @@ -- import_tasks: steps/create-service-directory.yml -- import_tasks: steps/template-docker-compose.yml -- import_tasks: steps/template-service-env.yml - when: compose.env|default(False) == True +--- +- name: Import tasks to create service directory + ansible.builtin.import_tasks: tasks/steps/create-service-directory.yml + +- name: Import tasks to template docker compose file + ansible.builtin.import_tasks: tasks/steps/template-docker-compose.yml + when: not no_compose|default(False) # TODO remove when fixing "var-naming[no-role-prefix]" + +- name: Import tasks create a service.env file + ansible.builtin.import_tasks: tasks/steps/template-service-env.yml + when: compose.env|default(False) diff --git a/_ansible/tasks/start-common-service.yml b/_ansible/tasks/start-common-service.yml index f7ffd25..1b7323a 100644 --- a/_ansible/tasks/start-common-service.yml +++ b/_ansible/tasks/start-common-service.yml @@ -1,3 +1,6 @@ -- include_tasks: steps/template-site-config.yml +--- +- name: Import tasks to template the site for the reverse proxy + ansible.builtin.include_tasks: tasks/steps/template-site-config.yml when: svc.domain is defined -- import_tasks: steps/start-service.yml +- name: Import tasks to start the service + ansible.builtin.import_tasks: tasks/steps/start-service.yml diff --git a/_ansible/tasks/steps/create-service-directory.yml b/_ansible/tasks/steps/create-service-directory.yml index 7f29a70..54dbdd2 100644 --- a/_ansible/tasks/steps/create-service-directory.yml +++ b/_ansible/tasks/steps/create-service-directory.yml @@ -1,3 +1,4 @@ +--- - name: Set common facts ansible.builtin.set_fact: service_path: "{{ (services_path, svc.name) | path_join }}" diff --git a/_ansible/tasks/steps/start-service.yml b/_ansible/tasks/steps/start-service.yml index 9b334c3..48e2acc 100644 --- a/_ansible/tasks/steps/start-service.yml +++ b/_ansible/tasks/steps/start-service.yml @@ -1,3 +1,4 @@ +--- - name: Build service ansible.builtin.command: cmd: docker compose build --pull @@ -7,7 +8,7 @@ - docker_update is defined - docker_update register: cmd_result - changed_when: True + changed_when: true - name: Pull service ansible.builtin.command: @@ -18,7 +19,7 @@ - docker_update is defined - docker_update register: cmd_result - changed_when: True + changed_when: true - name: Start service ansible.builtin.command: @@ -26,4 +27,4 @@ chdir: "{{ service_path }}" when: "'local-dev' != inventory_hostname" register: cmd_result - changed_when: "cmd_result.stderr | regex_search('Started$')" + changed_when: cmd_result.stderr | regex_search('Started$') diff --git a/_ansible/tasks/steps/template-docker-compose.yml b/_ansible/tasks/steps/template-docker-compose.yml index 1be7475..33ef724 100644 --- a/_ansible/tasks/steps/template-docker-compose.yml +++ b/_ansible/tasks/steps/template-docker-compose.yml @@ -1,3 +1,4 @@ +--- - name: Template docker-compose ansible.builtin.template: src: docker-compose.yml.j2 diff --git a/_ansible/tasks/steps/template-service-env.yml b/_ansible/tasks/steps/template-service-env.yml index 1425ee2..eaac246 100644 --- a/_ansible/tasks/steps/template-service-env.yml +++ b/_ansible/tasks/steps/template-service-env.yml @@ -1,3 +1,4 @@ +--- - name: Template service.env file ansible.builtin.template: src: service.env.j2 diff --git a/_ansible/tasks/steps/template-site-config.yml b/_ansible/tasks/steps/template-site-config.yml index 7a24d75..2b2d6ee 100644 --- a/_ansible/tasks/steps/template-site-config.yml +++ b/_ansible/tasks/steps/template-site-config.yml @@ -1,3 +1,4 @@ +--- - name: Template caddy site ansible.builtin.template: src: caddy_site.conf.j2