Fix issues reported by ansible-lint
This commit is contained in:
parent
a90840b1dc
commit
2e100d290f
GPG key ID:
13AD60C237A28DFE
2
_ansible/.ansible-lint
Normal file
2
_ansible/.ansible-lint
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
skip_list:
|
||||
- var-naming[no-role-prefix]
|
||||
|
|
@ -4,8 +4,8 @@
|
|||
- acme-dns
|
||||
- certificates
|
||||
block:
|
||||
- import_tasks: steps/create-service-directory.yml
|
||||
- import_tasks: steps/template-docker-compose.yml
|
||||
- name: Import prepare tasks for common service
|
||||
ansible.builtin.import_tasks: tasks/prepare-common-service.yml
|
||||
|
||||
- name: Setting the service config path
|
||||
ansible.builtin.set_fact:
|
||||
|
|
@ -23,5 +23,5 @@
|
|||
dest: "{{ (config_path, 'config.cfg') | path_join }}"
|
||||
mode: "0600"
|
||||
|
||||
- import_tasks: steps/template-site-config.yml
|
||||
- import_tasks: steps/start-service.yml
|
||||
- name: Import start tasks for common service
|
||||
ansible.builtin.import_tasks: tasks/start-common-service.yml
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
svc:
|
||||
domain: "acme.serguzim.me"
|
||||
domain: acme.serguzim.me
|
||||
name: acme-dns
|
||||
port: 80
|
||||
nsadmin: "{{ admin_email | regex_replace('@', '.') }}"
|
||||
|
|
@ -12,7 +13,6 @@ svc:
|
|||
pass: "{{ vault_acmedns.db.pass }}"
|
||||
db: acme_dns
|
||||
|
||||
|
||||
compose:
|
||||
watchtower: true
|
||||
monitoring: true
|
||||
|
|
@ -24,4 +24,4 @@ compose:
|
|||
app:
|
||||
ports:
|
||||
- "53:53"
|
||||
- "53:53/udp"
|
||||
- 53:53/udp
|
||||
|
|
|
|||
|
|
@ -4,4 +4,5 @@
|
|||
- authentik
|
||||
- authentication
|
||||
block:
|
||||
- import_tasks: deploy-common-service.yml
|
||||
- name: Import tasks to deploy common service
|
||||
ansible.builtin.import_tasks: tasks/deploy-common-service.yml
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
svc:
|
||||
domain: "auth.serguzim.me"
|
||||
domain: auth.serguzim.me
|
||||
name: authentik
|
||||
port: 9000
|
||||
image_tag: 2023.8
|
||||
|
|
@ -32,7 +33,7 @@ svc_env:
|
|||
|
||||
compose:
|
||||
watchtower: false
|
||||
image: "ghcr.io/goauthentik/server:{{ svc.image_tag }}"
|
||||
image: ghcr.io/goauthentik/server:{{ svc.image_tag }}
|
||||
env: true
|
||||
file:
|
||||
services:
|
||||
|
|
@ -41,7 +42,7 @@ compose:
|
|||
depends_on:
|
||||
- redis
|
||||
worker:
|
||||
image: "ghcr.io/goauthentik/server:{{ svc.image_tag }}"
|
||||
image: ghcr.io/goauthentik/server:{{ svc.image_tag }}
|
||||
restart: always
|
||||
command: worker
|
||||
user: root
|
||||
|
|
@ -53,7 +54,6 @@ compose:
|
|||
- redis
|
||||
networks:
|
||||
default:
|
||||
|
||||
redis:
|
||||
image: redis:alpine
|
||||
restart: always
|
||||
|
|
|
|||
|
|
@ -5,7 +5,10 @@
|
|||
- reverse_proxy
|
||||
- webserver
|
||||
block:
|
||||
- import_tasks: deploy-common-service.yml
|
||||
- name: Import tasks to deploy common service
|
||||
ansible.builtin.import_tasks: tasks/deploy-common-service.yml
|
||||
|
||||
- import_tasks: clean-sites.yml
|
||||
- import_tasks: reload-caddy.yml
|
||||
- name: Import tasks for cleaning sites
|
||||
ansible.builtin.import_tasks: tasks/clean-sites.yml
|
||||
- name: Import tasks to reload caddy
|
||||
ansible.builtin.import_tasks: tasks/reload-caddy.yml
|
||||
|
|
|
|||
|
|
@ -3,4 +3,5 @@
|
|||
tags:
|
||||
- coder
|
||||
block:
|
||||
- import_tasks: deploy-common-service.yml
|
||||
- name: Import tasks to deploy common service
|
||||
ansible.builtin.import_tasks: tasks/deploy-common-service.yml
|
||||
|
|
|
|||
|
|
@ -1,8 +1,9 @@
|
|||
---
|
||||
svc:
|
||||
domain: "coder.serguzim.me"
|
||||
domain: coder.serguzim.me
|
||||
additional_domains:
|
||||
- "*.coder.serguzim.me"
|
||||
caddy_extra: "import acmedns"
|
||||
caddy_extra: import acmedns
|
||||
name: coder
|
||||
port: 7080
|
||||
db:
|
||||
|
|
@ -13,12 +14,12 @@ svc:
|
|||
|
||||
svc_env:
|
||||
CODER_ADDRESS: "0.0.0.0:7080"
|
||||
CODER_ACCESS_URL: "https://{{ svc.domain }}"
|
||||
CODER_ACCESS_URL: https://{{ svc.domain }}
|
||||
CODER_WILDCARD_ACCESS_URL: "*.{{ svc.domain }}"
|
||||
|
||||
CODER_PG_CONNECTION_URL: "postgres://{{ vault_coder.db.user }}:{{ vault_coder.db.pass }}@{{ svc.db.host }}:{{ svc.db.port }}/coder?sslmode=verify-full"
|
||||
CODER_PG_CONNECTION_URL: postgres://{{ vault_coder.db.user }}:{{ vault_coder.db.pass }}@{{ svc.db.host }}:{{ svc.db.port }}/coder?sslmode=verify-full
|
||||
|
||||
CODER_OIDC_ISSUER_URL: "https://auth.serguzim.me/application/o/coder-serguzim-me/"
|
||||
CODER_OIDC_ISSUER_URL: https://auth.serguzim.me/application/o/coder-serguzim-me/
|
||||
CODER_OIDC_CLIENT_ID: "{{ vault_coder.oidc_client.id }}"
|
||||
CODER_OIDC_CLIENT_SECRET: "{{ vault_coder.oidc_client.secret }}"
|
||||
|
||||
|
|
@ -27,9 +28,9 @@ compose:
|
|||
image: ghcr.io/coder/coder:latest
|
||||
env: true
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
file:
|
||||
services:
|
||||
app:
|
||||
group_add:
|
||||
- "972" # docker group on host
|
||||
- "972" # docker group on host
|
||||
|
|
|
|||
|
|
@ -3,4 +3,5 @@
|
|||
tags:
|
||||
- faas
|
||||
block:
|
||||
- import_tasks: steps/template-site-config.yml
|
||||
- name: Import tasks to template the site and functions for the reverse proxy
|
||||
ansible.builtin.import_tasks: tasks/steps/template-site-config.yml
|
||||
|
|
|
|||
|
|
@ -1,30 +1,31 @@
|
|||
---
|
||||
svc:
|
||||
name: faas
|
||||
domain: faas.serguzim.me
|
||||
docker_host: host.docker.internal
|
||||
port: 8080
|
||||
extra_svcs:
|
||||
- domain: link.serguzim.me
|
||||
faas_function: url-mapper
|
||||
- domain: msrg.cc
|
||||
faas_function: webpage-msrg-cc
|
||||
caddy_extra: |
|
||||
header /.well-known/* Access-Control-Allow-Origin *
|
||||
- domain: link.serguzim.me
|
||||
faas_function: url-mapper
|
||||
- domain: msrg.cc
|
||||
faas_function: webpage-msrg-cc
|
||||
caddy_extra: |
|
||||
header /.well-known/* Access-Control-Allow-Origin *
|
||||
|
||||
handle /.well-known/webfinger {
|
||||
map {query.resource} {user} {
|
||||
acct:tobias@msrg.cc serguzim
|
||||
acct:serguzim@msrg.cc serguzim
|
||||
}
|
||||
rewrite * /.well-known/webfinger/{user}.json
|
||||
import faas webpage-msrg-cc
|
||||
}
|
||||
- domain: serguzim.me
|
||||
faas_function: webpage-serguzim-me
|
||||
www_domain: true
|
||||
hsts: true
|
||||
- domain: team-leon.eu
|
||||
faas_function: webpage-team-leon-eu
|
||||
www_domain: true
|
||||
- domain: xn--sder-5qa.stream
|
||||
faas_function: webpage-soeder-stream
|
||||
handle /.well-known/webfinger {
|
||||
map {query.resource} {user} {
|
||||
acct:tobias@msrg.cc serguzim
|
||||
acct:serguzim@msrg.cc serguzim
|
||||
}
|
||||
rewrite * /.well-known/webfinger/{user}.json
|
||||
import faas webpage-msrg-cc
|
||||
}
|
||||
- domain: serguzim.me
|
||||
faas_function: webpage-serguzim-me
|
||||
www_domain: true
|
||||
hsts: true
|
||||
- domain: team-leon.eu
|
||||
faas_function: webpage-team-leon-eu
|
||||
www_domain: true
|
||||
- domain: xn--sder-5qa.stream
|
||||
faas_function: webpage-soeder-stream
|
||||
|
|
|
|||
|
|
@ -6,31 +6,35 @@
|
|||
- ci
|
||||
- forgejo-runner
|
||||
block:
|
||||
- import_tasks: steps/create-service-directory.yml
|
||||
- import_tasks: steps/template-docker-compose.yml
|
||||
- name: Import tasks to create service directory
|
||||
ansible.builtin.import_tasks: tasks/steps/create-service-directory.yml
|
||||
- name: Import tasks to template docker compose file
|
||||
ansible.builtin.import_tasks: tasks/steps/template-docker-compose.yml
|
||||
|
||||
- name: Copy the config
|
||||
ansible.builtin.copy:
|
||||
src: config.yml
|
||||
dest: "{{ (service_path, 'config.yml') | path_join }}"
|
||||
mode: '0755'
|
||||
mode: "0755"
|
||||
|
||||
- name: Check if service.env already exists
|
||||
ansible.builtin.stat:
|
||||
path: "{{ (service_path, 'service.env') | path_join }}"
|
||||
register: svc_env_file
|
||||
|
||||
- import_tasks: prompt-registration-token.yml
|
||||
when: not svc_env_file.stat.exists or
|
||||
force_forgejo_runner_registration | default(False)
|
||||
- name: Import tasks to prompt for the registration token
|
||||
ansible.builtin.import_tasks: tasks/prompt-registration-token.yml
|
||||
when: not svc_env_file.stat.exists or force_forgejo_runner_registration | default(False)
|
||||
|
||||
- import_tasks: steps/template-service-env.yml
|
||||
|
||||
- import_tasks: steps/start-service.yml
|
||||
- name: Import tasks create a service.env file
|
||||
ansible.builtin.import_tasks: tasks/steps/template-service-env.yml
|
||||
- name: Import start tasks for common service
|
||||
ansible.builtin.import_tasks: tasks/start-common-service.yml
|
||||
|
||||
- name: Register runner
|
||||
ansible.builtin.command:
|
||||
cmd: docker compose run --rm -it app sh -c 'forgejo-runner register --no-interactive --token ${FORGEJO_RUNNER_REGISTRATION_TOKEN} --instance ${FORGEJO_INSTANCE_URL}'
|
||||
cmd: docker compose run --rm -it app sh -c
|
||||
'forgejo-runner register --no-interactive --token ${FORGEJO_RUNNER_REGISTRATION_TOKEN} --instance ${FORGEJO_INSTANCE_URL}'
|
||||
chdir: "{{ service_path }}"
|
||||
when: not svc_env_file.stat.exists or
|
||||
force_forgejo_runner_registration | default(False)
|
||||
when: not svc_env_file.stat.exists or force_forgejo_runner_registration | default(False)
|
||||
changed_when: true # "when" checks enough. We are sure to change something here.
|
||||
|
|
|
|||
|
|
@ -1,11 +1,10 @@
|
|||
---
|
||||
- name: Input forgejo-runner registration token
|
||||
ansible.builtin.pause:
|
||||
prompt: "Enter a secret"
|
||||
echo: no
|
||||
prompt: Enter a secret
|
||||
echo: false
|
||||
register: promt_registration_token
|
||||
|
||||
- name: Put registration token into env vars
|
||||
ansible.builtin.set_fact:
|
||||
svc_env: "{{ svc_env | combine({
|
||||
'FORGEJO_RUNNER_REGISTRATION_TOKEN': promt_registration_token.user_input
|
||||
}, recursive=True) }}"
|
||||
svc_env: "{{ svc_env | combine({'FORGEJO_RUNNER_REGISTRATION_TOKEN': promt_registration_token.user_input}, recursive=True) }}"
|
||||
|
|
|
|||
|
|
@ -1,8 +1,9 @@
|
|||
---
|
||||
svc:
|
||||
name: forgejo-runner
|
||||
|
||||
svc_env:
|
||||
FORGEJO_INSTANCE_URL: "https://git.serguzim.me/"
|
||||
FORGEJO_INSTANCE_URL: https://git.serguzim.me/
|
||||
FORGEJO_RUNNER_REGISTRATION_TOKEN:
|
||||
DOCKER_HOST: tcp://docker-in-docker:2375
|
||||
|
||||
|
|
@ -17,7 +18,7 @@ compose:
|
|||
services:
|
||||
app:
|
||||
hostname: "{{ ansible_facts.hostname }}"
|
||||
command: "forgejo-runner --config /config/config.yml daemon"
|
||||
command: forgejo-runner --config /config/config.yml daemon
|
||||
depends_on:
|
||||
- docker-in-docker
|
||||
links:
|
||||
|
|
@ -25,7 +26,7 @@ compose:
|
|||
docker-in-docker:
|
||||
image: docker:dind
|
||||
privileged: true
|
||||
command: "dockerd -H tcp://0.0.0.0:2375 --tls=false"
|
||||
command: dockerd -H tcp://0.0.0.0:2375 --tls=false
|
||||
networks:
|
||||
default:
|
||||
volumes:
|
||||
|
|
|
|||
|
|
@ -4,4 +4,5 @@
|
|||
- forgejo
|
||||
- git
|
||||
block:
|
||||
- import_tasks: deploy-common-service.yml
|
||||
- name: Import tasks to deploy common service
|
||||
ansible.builtin.import_tasks: tasks/deploy-common-service.yml
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
svc:
|
||||
domain: "git.serguzim.me"
|
||||
domain: git.serguzim.me
|
||||
name: forgejo
|
||||
port: 3000
|
||||
caddy_extra: header /attachments/* Access-Control-Allow-Origin *
|
||||
|
|
@ -10,26 +11,26 @@ svc:
|
|||
ssh_port_alt: 3022
|
||||
|
||||
svc_env:
|
||||
FORGEJO__database__DB_TYPE: "postgres"
|
||||
FORGEJO__database__DB_TYPE: postgres
|
||||
FORGEJO__database__HOST: "{{ svc.db.host }}:{{ svc.db.port }}"
|
||||
FORGEJO__database__NAME: "forgejo"
|
||||
FORGEJO__database__NAME: forgejo
|
||||
FORGEJO__database__USER: "{{ vault_forgejo.db.user }}"
|
||||
FORGEJO__database__PASSWD: "{{ vault_forgejo.db.pass }}"
|
||||
FORGEJO__database__SSL_MODE: "verify-full"
|
||||
FORGEJO__database__SSL_MODE: verify-full
|
||||
|
||||
FORGEJO__repository__ENABLE_PUSH_CREATE_USER: true
|
||||
FORGEJO__repository__ENABLE_PUSH_CREATE_ORG: true
|
||||
FORGEJO__repository__DEFAULT_BRANCH: "main"
|
||||
FORGEJO__repository__DEFAULT_BRANCH: main
|
||||
|
||||
FORGEJO__cors__ENABLED: true
|
||||
FORGEJO__cors__SCHEME: "https"
|
||||
FORGEJO__cors__SCHEME: https
|
||||
|
||||
FORGEJO__ui__DEFAULT_THEME: "arc-green"
|
||||
FORGEJO__ui__DEFAULT_THEME: arc-green
|
||||
|
||||
FORGEJO__server__DOMAIN: "{{ svc.domain }}"
|
||||
FORGEJO__server__SSH_DOMAIN: "{{ svc.domain }}"
|
||||
FORGEJO__server__SSH_PORT: "{{ svc.ssh_port }}"
|
||||
FORGEJO__server__ROOT_URL: "https://{{ svc.domain }}"
|
||||
FORGEJO__server__ROOT_URL: https://{{ svc.domain }}
|
||||
FORGEJO__server__OFFLINE_MODE: true
|
||||
FORGEJO__server__LFS_JWT_SECRET: "{{ vault_forgejo.server_lfs_jwt_secret }}"
|
||||
FORGEJO__server__LFS_START_SERVER: true
|
||||
|
|
@ -44,34 +45,34 @@ svc_env:
|
|||
FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: true
|
||||
FORGEJO__service__ENABLE_BASIC_AUTHENTICATION: false
|
||||
FORGEJO__service__DEFAULT_KEEP_EMAIL_PRIVATE: true
|
||||
FORGEJO__service__NO_REPLY_ADDRESS: "discard.msrg.cc"
|
||||
FORGEJO__service__NO_REPLY_ADDRESS: discard.msrg.cc
|
||||
|
||||
FORGEJO__webhook__DELIVER_TIMEOUT: 60
|
||||
|
||||
FORGEJO__mailer__ENABLED: true
|
||||
FORGEJO__mailer__PROTOCOL: "smtp+starttls"
|
||||
FORGEJO__mailer__SMTP_ADDR: "mail.serguzim.me"
|
||||
FORGEJO__mailer__PROTOCOL: smtp+starttls
|
||||
FORGEJO__mailer__SMTP_ADDR: mail.serguzim.me
|
||||
FORGEJO__mailer__SMTP_PORT: 587
|
||||
FORGEJO__mailer__FROM: "Forgejo <git@serguzim.me>"
|
||||
FORGEJO__mailer__USER: "git@serguzim.me"
|
||||
FORGEJO__mailer__FROM: Forgejo <git@serguzim.me>
|
||||
FORGEJO__mailer__USER: git@serguzim.me
|
||||
FORGEJO__mailer__PASSWD: "{{ vault_forgejo.mailer_passwd }}"
|
||||
FORGEJO__mailer__SEND_AS_PLAIN_TEXT: true
|
||||
|
||||
FORGEJO__picture__DISABLE_GRAVATAR: true
|
||||
|
||||
FORGEJO__oauth2__JWT_SECRET: "{{ vault_forgejo. oauth2_jwt_secret}}"
|
||||
FORGEJO__oauth2__JWT_SECRET: "{{ vault_forgejo.oauth2_jwt_secret }}"
|
||||
|
||||
FORGEJO__metrics__ENABLED: true
|
||||
FORGEJO__metrics__TOKEN: "{{ vault_metrics_token }}"
|
||||
|
||||
FORGEJO__actions__ENABLED: true
|
||||
|
||||
FORGEJO__storage__STORAGE_TYPE: "minio"
|
||||
FORGEJO__storage__MINIO_ENDPOINT: "s3.serguzim.me"
|
||||
FORGEJO__storage__STORAGE_TYPE: minio
|
||||
FORGEJO__storage__MINIO_ENDPOINT: s3.serguzim.me
|
||||
FORGEJO__storage__MINIO_ACCESS_KEY_ID: "{{ vault_forgejo.minio.access_key_id }}"
|
||||
FORGEJO__storage__MINIO_SECRET_ACCESS_KEY: "{{ vault_forgejo.minio.secret_access_key }}"
|
||||
FORGEJO__storage__MINIO_BUCKET: "forgejo"
|
||||
FORGEJO__storage__MINIO_LOCATION: "de-contabo-1"
|
||||
FORGEJO__storage__MINIO_BUCKET: forgejo
|
||||
FORGEJO__storage__MINIO_LOCATION: de-contabo-1
|
||||
FORGEJO__storage__MINIO_USE_SSL: true
|
||||
|
||||
FORGEJO__other__SHOW_FOOTER_VERSION: true
|
||||
|
|
@ -93,4 +94,3 @@ compose:
|
|||
- "{{ svc.ssh_port_alt }}:{{ svc.ssh_port }}"
|
||||
volumes:
|
||||
data:
|
||||
|
||||
|
|
|
|||
|
|
@ -4,8 +4,11 @@
|
|||
- harbor
|
||||
- registry
|
||||
block:
|
||||
- import_tasks: steps/create-service-directory.yml
|
||||
- import_tasks: steps/template-site-config.yml
|
||||
- name: Import prepare tasks for common service
|
||||
ansible.builtin.import_tasks: tasks/prepare-common-service.yml
|
||||
|
||||
- name: Import tasks to template the site for the reverse proxy
|
||||
ansible.builtin.import_tasks: tasks/steps/template-site-config.yml
|
||||
|
||||
- name: Template config
|
||||
ansible.builtin.template:
|
||||
|
|
@ -17,12 +20,13 @@
|
|||
ansible.builtin.unarchive:
|
||||
src: https://github.com/goharbor/harbor/releases/download/v{{ svc.harbor_version }}/harbor-online-installer-v{{ svc.harbor_version }}.tgz
|
||||
dest: "{{ service_path }}"
|
||||
remote_src: yes
|
||||
remote_src: true
|
||||
|
||||
- name: Run the harbor prepare command
|
||||
ansible.builtin.command:
|
||||
cmd: "{{ service_path }}/harbor/prepare"
|
||||
chdir: "{{ service_path }}"
|
||||
creates: "{{ (service_path, 'docker-compose.yml') | path_join }}"
|
||||
environment:
|
||||
HARBOR_BUNDLE_DIR: "{{ service_path }}"
|
||||
|
||||
|
|
@ -33,3 +37,4 @@
|
|||
environment:
|
||||
HARBOR_BUNDLE_DIR: "{{ service_path }}"
|
||||
become: true
|
||||
changed_when: true # TODO find way to recognize need to run install command
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
svc_ports:
|
||||
http: 20080
|
||||
https: 20443
|
||||
|
|
@ -5,7 +6,8 @@ svc_ports:
|
|||
|
||||
svc:
|
||||
name: harbor
|
||||
domain: "registry.serguzim.me"
|
||||
no_compose: true # TODO remove when fixing "var-naming[no-role-prefix]"
|
||||
domain: registry.serguzim.me
|
||||
caddy_extra: |
|
||||
reverse_proxy /metrics host.docker.internal:{{ svc_ports.metrics }}
|
||||
reverse_proxy host.docker.internal:{{ svc_ports.https }} {
|
||||
|
|
@ -75,9 +77,9 @@ svc_yml:
|
|||
max_idle_conns: 2
|
||||
max_open_conns: 0
|
||||
proxy:
|
||||
http_proxy: null
|
||||
https_proxy: null
|
||||
no_proxy: null
|
||||
http_proxy:
|
||||
https_proxy:
|
||||
no_proxy:
|
||||
components:
|
||||
- core
|
||||
- jobservice
|
||||
|
|
|
|||
|
|
@ -3,38 +3,40 @@
|
|||
tags:
|
||||
- healthcheck
|
||||
block:
|
||||
- import_tasks: steps/create-service-directory.yml
|
||||
- name: Import tasks to create service directory
|
||||
ansible.builtin.import_tasks: tasks/steps/create-service-directory.yml
|
||||
|
||||
- name: Copy the docker-compose file
|
||||
ansible.builtin.copy:
|
||||
src: docker-compose.yml
|
||||
dest: "{{ (service_path, 'docker-compose.yml') | path_join }}"
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
- name: Copy the Dockerfile
|
||||
ansible.builtin.copy:
|
||||
src: Dockerfile
|
||||
dest: "{{ (service_path, 'Dockerfile') | path_join }}"
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
- name: Copy the data files
|
||||
ansible.builtin.copy:
|
||||
src: data
|
||||
dest: "{{ service_path }}"
|
||||
mode: '0755'
|
||||
mode: "0755"
|
||||
|
||||
- name: Copy the system service
|
||||
ansible.builtin.copy:
|
||||
src: healthcheck@.service
|
||||
dest: "/etc/systemd/system/healthcheck@.service"
|
||||
mode: '0644'
|
||||
dest: /etc/systemd/system/healthcheck@.service
|
||||
mode: "0644"
|
||||
become: true
|
||||
- name: Copy the system timer
|
||||
ansible.builtin.copy:
|
||||
src: healthcheck@.timer
|
||||
dest: "/etc/systemd/system/healthcheck@.timer"
|
||||
mode: '0644'
|
||||
dest: /etc/systemd/system/healthcheck@.timer
|
||||
mode: "0644"
|
||||
become: true
|
||||
|
||||
- import_tasks: steps/template-service-env.yml
|
||||
- name: Import tasks create a service.env file
|
||||
ansible.builtin.import_tasks: tasks/steps/template-service-env.yml
|
||||
|
||||
- name: Build service
|
||||
ansible.builtin.command:
|
||||
|
|
@ -43,4 +45,4 @@
|
|||
when:
|
||||
- "'local-dev' != inventory_hostname"
|
||||
register: cmd_result
|
||||
changed_when: True
|
||||
changed_when: true
|
||||
|
|
|
|||
|
|
@ -1,13 +1,14 @@
|
|||
---
|
||||
svc:
|
||||
name: healthcheck
|
||||
|
||||
svc_env:
|
||||
USER_AGENT: "healthcheck-bot for serguzim.net"
|
||||
USER_AGENT: healthcheck-bot for serguzim.net
|
||||
|
||||
HTTP_HC_UID: "{{ vault_healthcheck.hc_uid.http }}"
|
||||
|
||||
MATRIX_SERVER: "https://matrix.msrg.cc"
|
||||
MATRIX_SERVER_FEDTESTER: "msrg.cc"
|
||||
MATRIX_SERVER: https://matrix.msrg.cc
|
||||
MATRIX_SERVER_FEDTESTER: msrg.cc
|
||||
MATRIX_HC_UID: "{{ vault_healthcheck.hc_uid.matrix }}"
|
||||
MATRIX_TOKEN: "{{ vault_healthcheck.matrix.token }}"
|
||||
MATRIX_ROOM: "{{ vault_healthcheck.matrix.room }}"
|
||||
|
|
|
|||
|
|
@ -4,4 +4,5 @@
|
|||
- homebox
|
||||
- inventory
|
||||
block:
|
||||
- import_tasks: deploy-common-service.yml
|
||||
- name: Import tasks to deploy common service
|
||||
ansible.builtin.import_tasks: tasks/deploy-common-service.yml
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
svc:
|
||||
domain: "inventory.serguzim.me"
|
||||
domain: inventory.serguzim.me
|
||||
name: homebox
|
||||
port: 7745
|
||||
|
||||
|
|
@ -21,4 +22,3 @@ compose:
|
|||
file:
|
||||
volumes:
|
||||
data:
|
||||
|
||||
|
|
|
|||
|
|
@ -4,8 +4,8 @@
|
|||
- influxdb
|
||||
- sensors
|
||||
block:
|
||||
- import_tasks: steps/create-service-directory.yml
|
||||
- import_tasks: steps/template-docker-compose.yml
|
||||
- name: Import prepare tasks for common service
|
||||
ansible.builtin.import_tasks: tasks/prepare-common-service.yml
|
||||
|
||||
- name: Template config
|
||||
ansible.builtin.template:
|
||||
|
|
@ -13,5 +13,5 @@
|
|||
dest: "{{ (service_path, 'influxdb.yml') | path_join }}"
|
||||
mode: "0600"
|
||||
|
||||
- import_tasks: steps/template-site-config.yml
|
||||
- import_tasks: steps/start-service.yml
|
||||
- name: Import start tasks for common service
|
||||
ansible.builtin.import_tasks: tasks/start-common-service.yml
|
||||
|
|
|
|||
|
|
@ -1,8 +1,9 @@
|
|||
---
|
||||
svc:
|
||||
domain: "tick.serguzim.me"
|
||||
domain: tick.serguzim.me
|
||||
name: influxdb
|
||||
port: 8086
|
||||
data_dir: "/var/lib/influxdb2"
|
||||
data_dir: /var/lib/influxdb2
|
||||
|
||||
svc_yml:
|
||||
assets-path: ""
|
||||
|
|
@ -10,7 +11,7 @@ svc_yml:
|
|||
e2e-testing: false
|
||||
engine-path: "{{ (svc.data_dir, 'engine') | path_join }}"
|
||||
feature-flags: {}
|
||||
http-bind-address: 0.0.0.0:{{ svc.port }}
|
||||
http-bind-address: "0.0.0.0:{{ svc.port }}"
|
||||
influxql-max-select-buckets: 0
|
||||
influxql-max-select-point: 0
|
||||
influxql-max-select-series: 0
|
||||
|
|
@ -42,7 +43,7 @@ svc_yml:
|
|||
storage-shard-precreator-check-interval: 10m0s
|
||||
storage-tsm-use-madv-willneed: false
|
||||
storage-validate-keys: false
|
||||
storage-wal-fsync-delay: 0s
|
||||
storage-wal-fsync-delay: "0s"
|
||||
store: bolt
|
||||
testing-always-allow-setup: false
|
||||
tls-cert: ""
|
||||
|
|
@ -55,7 +56,7 @@ svc_yml:
|
|||
vault-capath: ""
|
||||
vault-client-cert: ""
|
||||
vault-client-key: ""
|
||||
vault-client-timeout: 0s
|
||||
vault-client-timeout: "0s"
|
||||
vault-max-retries: 0
|
||||
vault-skip-verify: false
|
||||
vault-tls-server-name: ""
|
||||
|
|
|
|||
|
|
@ -4,4 +4,5 @@
|
|||
- jellyfin
|
||||
- media
|
||||
block:
|
||||
- import_tasks: deploy-common-service.yml
|
||||
- name: Import tasks to deploy common service
|
||||
ansible.builtin.import_tasks: tasks/deploy-common-service.yml
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
svc:
|
||||
domain: "media.serguzim.me"
|
||||
domain: media.serguzim.me
|
||||
name: jellyfin
|
||||
port: 8096
|
||||
db:
|
||||
|
|
@ -7,7 +8,7 @@ svc:
|
|||
port: "{{ postgres.port }}"
|
||||
|
||||
svc_env:
|
||||
JELLYFIN_PublishedServerUrl: "https://{{ svc. domain }}"
|
||||
JELLYFIN_PublishedServerUrl: https://{{ svc.domain }}
|
||||
|
||||
compose:
|
||||
watchtower: true
|
||||
|
|
@ -25,4 +26,3 @@ compose:
|
|||
config:
|
||||
cache:
|
||||
media:
|
||||
|
||||
|
|
|
|||
|
|
@ -4,4 +4,5 @@
|
|||
- mailcow
|
||||
- email
|
||||
block:
|
||||
- import_tasks: steps/template-site-config.yml
|
||||
- name: Import tasks to template the site for the reverse proxy
|
||||
ansible.builtin.import_tasks: tasks/steps/template-site-config.yml
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
svc:
|
||||
name: mailcow
|
||||
domain: mail.serguzim.me
|
||||
|
|
|
|||
|
|
@ -5,4 +5,5 @@
|
|||
- minecraft
|
||||
- games
|
||||
block:
|
||||
- import_tasks: deploy-common-service.yml
|
||||
- name: Import tasks to deploy common service
|
||||
ansible.builtin.import_tasks: tasks/deploy-common-service.yml
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
svc:
|
||||
name: minecraft-2
|
||||
|
||||
|
|
@ -63,6 +64,6 @@ compose:
|
|||
services:
|
||||
app:
|
||||
ports:
|
||||
- "25565:25565"
|
||||
- 25565:25565
|
||||
volumes:
|
||||
data:
|
||||
|
|
|
|||
|
|
@ -4,4 +4,5 @@
|
|||
- minio
|
||||
- storage
|
||||
block:
|
||||
- import_tasks: deploy-common-service.yml
|
||||
- name: Import tasks to deploy common service
|
||||
ansible.builtin.import_tasks: tasks/deploy-common-service.yml
|
||||
|
|
|
|||
|
|
@ -1,21 +1,22 @@
|
|||
---
|
||||
svc:
|
||||
domain: "s3.serguzim.me"
|
||||
domain: s3.serguzim.me
|
||||
name: minio
|
||||
port: 9000
|
||||
caddy_extra: |
|
||||
@nocache {
|
||||
query nocache=*
|
||||
}
|
||||
header @nocache "Cache-Control" "no-store, no-cache"
|
||||
@nocache {
|
||||
query nocache=*
|
||||
}
|
||||
header @nocache "Cache-Control" "no-store, no-cache"
|
||||
extra_svcs:
|
||||
- domain: console.s3.serguzim.me
|
||||
docker_host: minio
|
||||
port: 9001
|
||||
- domain: console.s3.serguzim.me
|
||||
docker_host: minio
|
||||
port: 9001
|
||||
|
||||
svc_env:
|
||||
MINIO_SERVER_URL: "https://{{ svc.domain }}/"
|
||||
MINIO_BROWSER_REDIRECT_URL: "https://console.{{ svc.domain }}"
|
||||
MINIO_VOLUMES: "/data"
|
||||
MINIO_SERVER_URL: https://{{ svc.domain }}/
|
||||
MINIO_BROWSER_REDIRECT_URL: https://console.{{ svc.domain }}
|
||||
MINIO_VOLUMES: /data
|
||||
|
||||
MINIO_ROOT_USER: "{{ vault_minio.user }}"
|
||||
MINIO_ROOT_PASSWORD: "{{ vault_minio.pass }}"
|
||||
|
|
|
|||
|
|
@ -4,11 +4,13 @@
|
|||
- synapse
|
||||
- matrix
|
||||
block:
|
||||
- import_tasks: prepare-common-service.yml
|
||||
- name: Import prepare tasks for common service
|
||||
ansible.builtin.import_tasks: tasks/prepare-common-service.yml
|
||||
|
||||
- name: Set synapse config path
|
||||
ansible.builtin.set_fact:
|
||||
config_path: "{{ (service_path, svc.config_path) | path_join }}"
|
||||
|
||||
- name: Create config directory
|
||||
ansible.builtin.file:
|
||||
path: "{{ config_path }}"
|
||||
|
|
@ -25,12 +27,13 @@
|
|||
ansible.builtin.copy:
|
||||
src: msrg.cc.log.config
|
||||
dest: "{{ (config_path, 'msrg.cc.log.config') | path_join }}"
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
|
||||
- name: Copy the signing key
|
||||
ansible.builtin.copy:
|
||||
content: "{{ vault_synapse.signing_key }}"
|
||||
dest: "{{ (config_path, 'msrg.cc.signing.key') | path_join }}"
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
|
||||
- import_tasks: start-common-service.yml
|
||||
- name: Import start tasks for common service
|
||||
ansible.builtin.import_tasks: tasks/start-common-service.yml
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
---
|
||||
svc:
|
||||
name: synapse
|
||||
domain: "matrix.msrg.cc"
|
||||
domain: matrix.msrg.cc
|
||||
docker_host: synapse-admin
|
||||
port: 80
|
||||
caddy_extra: |
|
||||
|
|
@ -11,7 +12,7 @@ svc:
|
|||
reverse_proxy synapse:8008
|
||||
}
|
||||
extra_svcs:
|
||||
- domain: "msrg.cc:8008"
|
||||
- domain: msrg.cc:8008
|
||||
additional_domains:
|
||||
- matrix.msrg.cc:8448
|
||||
- matrix.msrg.cc:8008
|
||||
|
|
@ -30,7 +31,7 @@ svc_env:
|
|||
REACT_APP_SERVER: https://matrix.msrg.cc
|
||||
|
||||
svc_yml:
|
||||
server_name: "msrg.cc"
|
||||
server_name: msrg.cc
|
||||
pid_file: "{{ (svc.config_path, 'homeserver.pid') | path_join }}"
|
||||
public_baseurl: https://matrix.msrg.cc/
|
||||
allow_public_rooms_without_auth: true
|
||||
|
|
@ -43,28 +44,28 @@ svc_yml:
|
|||
x_forwarded: true
|
||||
resources:
|
||||
- names:
|
||||
- client
|
||||
- federation
|
||||
- metrics
|
||||
- client
|
||||
- federation
|
||||
- metrics
|
||||
compress: false
|
||||
|
||||
admin_contact: "mailto:{{ admin_email }}"
|
||||
admin_contact: mailto:{{ admin_email }}
|
||||
|
||||
acme:
|
||||
enabled: false
|
||||
enabled: false
|
||||
|
||||
database:
|
||||
name: "psycopg2"
|
||||
args:
|
||||
user: "{{ svc.db.user }}"
|
||||
password: "{{ svc.db.pass }}"
|
||||
database: "{{ svc.db.database }}"
|
||||
host: "{{ svc.db.host }}"
|
||||
cp_min: 5
|
||||
cp_max: 10
|
||||
name: psycopg2
|
||||
args:
|
||||
user: "{{ svc.db.user }}"
|
||||
password: "{{ svc.db.pass }}"
|
||||
database: "{{ svc.db.database }}"
|
||||
host: "{{ svc.db.host }}"
|
||||
cp_min: 5
|
||||
cp_max: 10
|
||||
|
||||
log_config: "{{ (svc.config_path, 'msrg.cc.log.config') | path_join }}"
|
||||
media_store_path: "/media_store"
|
||||
media_store_path: /media_store
|
||||
max_upload_size: 500M
|
||||
enable_registration: false
|
||||
enable_metrics: true
|
||||
|
|
@ -75,19 +76,19 @@ svc_yml:
|
|||
signing_key_path: "{{ (svc.config_path, 'msrg.cc.signing.key') | path_join }}"
|
||||
|
||||
trusted_key_servers:
|
||||
- server_name: "matrix.org"
|
||||
- server_name: matrix.org
|
||||
suppress_key_server_warning: true
|
||||
|
||||
oidc_providers:
|
||||
- idp_id: "auth_serguzim_me"
|
||||
idp_name: "auth.serguzim.me"
|
||||
issuer: "https://auth.serguzim.me/application/o/matrix_serguzim_me/"
|
||||
- idp_id: auth_serguzim_me
|
||||
idp_name: auth.serguzim.me
|
||||
issuer: https://auth.serguzim.me/application/o/matrix_serguzim_me/
|
||||
client_id: "{{ vault_synapse.oidc_client.id }}"
|
||||
client_secret: "{{ vault_synapse.oidc_client.secret }}"
|
||||
scopes:
|
||||
- "openid"
|
||||
- "profile"
|
||||
- "email"
|
||||
- openid
|
||||
- profile
|
||||
- email
|
||||
user_mapping_provider:
|
||||
config:
|
||||
localpart_template: "{{ '{{ user.preferred_username }}' }}"
|
||||
|
|
@ -96,10 +97,10 @@ svc_yml:
|
|||
email:
|
||||
smtp_host: mail.serguzim.me
|
||||
smtp_port: 587
|
||||
smtp_user: "matrix@serguzim.me"
|
||||
smtp_user: matrix@serguzim.me
|
||||
smtp_pass: "{{ vault_synapse.mail.pass }}"
|
||||
require_transport_security: true
|
||||
notif_from: "Matrix <matrix@serguzim.me>"
|
||||
notif_from: Matrix <matrix@serguzim.me>
|
||||
|
||||
compose:
|
||||
watchtower: true
|
||||
|
|
@ -111,15 +112,15 @@ compose:
|
|||
file:
|
||||
services:
|
||||
synapse-admin:
|
||||
image: awesometechnologies/synapse-admin
|
||||
restart: always
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: true
|
||||
env_file:
|
||||
- service.env
|
||||
networks:
|
||||
apps:
|
||||
aliases:
|
||||
- synapse-admin
|
||||
image: awesometechnologies/synapse-admin
|
||||
restart: always
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: true
|
||||
env_file:
|
||||
- service.env
|
||||
networks:
|
||||
apps:
|
||||
aliases:
|
||||
- synapse-admin
|
||||
volumes:
|
||||
media_store:
|
||||
|
|
|
|||
|
|
@ -4,4 +4,5 @@
|
|||
- tandoor
|
||||
- recipies
|
||||
block:
|
||||
- import_tasks: deploy-common-service.yml
|
||||
- name: Import tasks to deploy common service
|
||||
ansible.builtin.import_tasks: tasks/deploy-common-service.yml
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
svc:
|
||||
domain: "recipes.serguzim.me"
|
||||
domain: recipes.serguzim.me
|
||||
name: tandoor
|
||||
port: 80
|
||||
db:
|
||||
|
|
@ -18,7 +19,7 @@ svc_env:
|
|||
TZ: "{{ timezone }}"
|
||||
|
||||
DB_ENGINE: django.db.backends.postgresql
|
||||
DB_OPTIONS: "{\"sslmode\": \"require\"}"
|
||||
DB_OPTIONS: '{"sslmode": "require"}'
|
||||
POSTGRES_HOST: "{{ svc.db.host }}"
|
||||
POSTGRES_PORT: "{{ svc.db.port }}"
|
||||
POSTGRES_DB: "{{ svc.db.database }}"
|
||||
|
|
@ -61,4 +62,3 @@ compose:
|
|||
nginx_config:
|
||||
staticfiles:
|
||||
mediafiles:
|
||||
|
||||
|
|
|
|||
|
|
@ -4,8 +4,8 @@
|
|||
- telegraf
|
||||
- monitoring
|
||||
block:
|
||||
- import_tasks: steps/create-service-directory.yml
|
||||
- import_tasks: steps/template-docker-compose.yml
|
||||
- name: Import prepare tasks for common service
|
||||
ansible.builtin.import_tasks: tasks/prepare-common-service.yml
|
||||
|
||||
- name: Template config
|
||||
ansible.builtin.template:
|
||||
|
|
@ -14,10 +14,10 @@
|
|||
mode: "0664"
|
||||
register: cmd_result
|
||||
|
||||
|
||||
- name: Set the docker force-recreate flag
|
||||
ansible.builtin.set_fact:
|
||||
docker_force_recreate: "--force-recreate"
|
||||
when: cmd_result.changed
|
||||
docker_force_recreate: --force-recreate
|
||||
when: cmd_result.changed # noqa: no-handler We need to handle the restart per service. Handlers don't support variables.
|
||||
|
||||
- import_tasks: steps/start-service.yml
|
||||
- name: Import start tasks for common service
|
||||
ansible.builtin.import_tasks: tasks/start-common-service.yml
|
||||
|
|
|
|||
|
|
@ -1,7 +1,8 @@
|
|||
---
|
||||
svc:
|
||||
name: telegraf
|
||||
influxdb:
|
||||
url: "https://tick.serguzim.me"
|
||||
url: https://tick.serguzim.me
|
||||
token: "{{ vault_telegraf.influxdb_token }}"
|
||||
organization: serguzim.net
|
||||
bucket: metrics
|
||||
|
|
@ -17,9 +18,9 @@ svc:
|
|||
pass: "{{ vault_telegraf.db.pass }}"
|
||||
host: "{{ postgres.host }}"
|
||||
port: "{{ postgres.port }}"
|
||||
database: "telegraf"
|
||||
database: telegraf
|
||||
docker_log:
|
||||
endpoint: "unix:///var/run/docker.sock"
|
||||
endpoint: unix:///var/run/docker.sock
|
||||
# from_beginning: false
|
||||
# timeout: "5s"
|
||||
|
||||
|
|
@ -32,12 +33,12 @@ svc:
|
|||
## Set the source tag for the metrics to the container ID hostname, eg first 12 chars
|
||||
source_tag: false
|
||||
|
||||
## Optional TLS Config
|
||||
# tls_ca: "/etc/telegraf/ca.pem"
|
||||
# tls_cert: "/etc/telegraf/cert.pem"
|
||||
# tls_key: "/etc/telegraf/key.pem"
|
||||
## Use TLS but skip chain & host verification
|
||||
# insecure_skip_verify: false
|
||||
## Optional TLS Config
|
||||
# tls_ca: "/etc/telegraf/ca.pem"
|
||||
# tls_cert: "/etc/telegraf/cert.pem"
|
||||
# tls_key: "/etc/telegraf/key.pem"
|
||||
## Use TLS but skip chain & host verification
|
||||
# insecure_skip_verify: false
|
||||
|
||||
compose:
|
||||
watchtower: false
|
||||
|
|
@ -50,6 +51,6 @@ compose:
|
|||
app:
|
||||
user: telegraf
|
||||
group_add:
|
||||
- "972" # docker group on host
|
||||
- "972" # docker group on host
|
||||
volumes:
|
||||
data:
|
||||
|
|
|
|||
|
|
@ -5,12 +5,14 @@
|
|||
- tt-rss
|
||||
- news
|
||||
block:
|
||||
- import_tasks: prepare-common-service.yml
|
||||
- name: Import prepare tasks for common service
|
||||
ansible.builtin.import_tasks: tasks/prepare-common-service.yml
|
||||
|
||||
- name: Copy the nginx-config
|
||||
ansible.builtin.copy:
|
||||
src: nginx.conf
|
||||
dest: "{{ (service_path, 'nginx.conf') | path_join }}"
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
|
||||
- import_tasks: start-common-service.yml
|
||||
- name: Import start tasks for common service
|
||||
ansible.builtin.import_tasks: tasks/start-common-service.yml
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
svc:
|
||||
domain: "rss.serguzim.me"
|
||||
domain: rss.serguzim.me
|
||||
name: tinytinyrss
|
||||
port: 80
|
||||
db:
|
||||
|
|
@ -39,7 +40,6 @@ compose:
|
|||
- app:/var/www/html
|
||||
networks:
|
||||
default:
|
||||
|
||||
updater:
|
||||
image: cthulhoo/ttrss-fpm-pgsql-static
|
||||
restart: always
|
||||
|
|
@ -54,4 +54,3 @@ compose:
|
|||
default:
|
||||
volumes:
|
||||
app:
|
||||
|
||||
|
|
|
|||
|
|
@ -4,4 +4,5 @@
|
|||
- umami
|
||||
- analytics
|
||||
block:
|
||||
- import_tasks: deploy-common-service.yml
|
||||
- name: Import tasks to deploy common service
|
||||
ansible.builtin.import_tasks: tasks/deploy-common-service.yml
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
svc:
|
||||
domain: "analytics.serguzim.me"
|
||||
domain: analytics.serguzim.me
|
||||
name: umami
|
||||
port: 3000
|
||||
db:
|
||||
|
|
|
|||
|
|
@ -4,4 +4,5 @@
|
|||
- uptime-kuma
|
||||
- status
|
||||
block:
|
||||
- import_tasks: deploy-common-service.yml
|
||||
- name: Import tasks to deploy common service
|
||||
ansible.builtin.import_tasks: tasks/deploy-common-service.yml
|
||||
|
|
|
|||
|
|
@ -1,7 +1,8 @@
|
|||
---
|
||||
svc:
|
||||
domain: "status.serguzim.me"
|
||||
domain: status.serguzim.me
|
||||
additional_domains:
|
||||
- "status.serguzim.net"
|
||||
- status.serguzim.net
|
||||
name: uptime-kuma
|
||||
port: 3001
|
||||
|
||||
|
|
@ -13,4 +14,3 @@ compose:
|
|||
file:
|
||||
volumes:
|
||||
data:
|
||||
|
||||
|
|
|
|||
|
|
@ -4,10 +4,11 @@
|
|||
- watchtower
|
||||
- container
|
||||
block:
|
||||
- import_tasks: deploy-common-service.yml
|
||||
- name: Import tasks to deploy common service
|
||||
ansible.builtin.import_tasks: tasks/deploy-common-service.yml
|
||||
|
||||
- name: Copy the run-once script
|
||||
ansible.builtin.copy:
|
||||
src: run-once.sh
|
||||
dest: "{{ (service_path, 'run-once.sh') | path_join }}"
|
||||
mode: '0755'
|
||||
mode: "0755"
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
svc:
|
||||
name: watchtower
|
||||
|
||||
|
|
|
|||
|
|
@ -3,12 +3,14 @@
|
|||
tags:
|
||||
- webdis
|
||||
block:
|
||||
- import_tasks: steps/create-service-directory.yml
|
||||
- name: Import prepare tasks for common service
|
||||
ansible.builtin.import_tasks: tasks/prepare-common-service.yml
|
||||
|
||||
- name: Copy the config
|
||||
ansible.builtin.copy:
|
||||
src: webdis.json
|
||||
dest: "{{ (service_path, 'webdis.json') | path_join }}"
|
||||
mode: '0755'
|
||||
mode: "0755"
|
||||
|
||||
- import_tasks: deploy-common-service.yml
|
||||
- name: Import start tasks for common service
|
||||
ansible.builtin.import_tasks: tasks/start-common-service.yml
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
---
|
||||
svc:
|
||||
name: webdis
|
||||
domain: "webdis.huck.serguzim.me"
|
||||
domain: webdis.huck.serguzim.me
|
||||
port: 7379
|
||||
|
||||
compose:
|
||||
|
|
|
|||
|
|
@ -3,4 +3,5 @@
|
|||
tags:
|
||||
- wiki-js
|
||||
block:
|
||||
- import_tasks: deploy-common-service.yml
|
||||
- name: Import tasks to deploy common service
|
||||
ansible.builtin.import_tasks: tasks/deploy-common-service.yml
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
svc:
|
||||
domain: "wiki.serguzim.me"
|
||||
domain: wiki.serguzim.me
|
||||
name: wiki-js
|
||||
port: 3000
|
||||
db:
|
||||
|
|
@ -7,7 +8,7 @@ svc:
|
|||
port: "{{ postgres.port }}"
|
||||
user: "{{ vault_wiki_js.db.user }}"
|
||||
pass: "{{ vault_wiki_js.db.pass }}"
|
||||
name: "wikijs"
|
||||
name: wikijs
|
||||
|
||||
svc_env:
|
||||
DB_TYPE: postgres
|
||||
|
|
|
|||
|
|
@ -4,4 +4,5 @@
|
|||
- woodpecker
|
||||
- ci
|
||||
block:
|
||||
- import_tasks: deploy-common-service.yml
|
||||
- name: Import tasks to deploy common service
|
||||
ansible.builtin.import_tasks: tasks/deploy-common-service.yml
|
||||
|
|
|
|||
|
|
@ -1,11 +1,12 @@
|
|||
---
|
||||
svc:
|
||||
domain: "ci.serguzim.me"
|
||||
domain: ci.serguzim.me
|
||||
name: woodpecker
|
||||
port: 8000
|
||||
extra_svcs:
|
||||
- domain: agents.ci.serguzim.me
|
||||
docker_host: h2c://woodpecker
|
||||
port: 9000
|
||||
- domain: agents.ci.serguzim.me
|
||||
docker_host: h2c://woodpecker
|
||||
port: 9000
|
||||
db:
|
||||
host: "{{ postgres.host }}"
|
||||
port: "{{ postgres.port }}"
|
||||
|
|
@ -15,8 +16,8 @@ svc:
|
|||
|
||||
svc_env:
|
||||
WOODPECKER_OPEN: true
|
||||
WOODPECKER_HOST: "https://{{ svc.domain }}"
|
||||
WOODPECKER_ADMIN: "serguzim"
|
||||
WOODPECKER_HOST: https://{{ svc.domain }}
|
||||
WOODPECKER_ADMIN: serguzim
|
||||
WOODPECKER_AGENT_SECRET: "{{ vault_woodpecker.agent_secret }}"
|
||||
WOODPECKER_PROMETHEUS_AUTH_TOKEN: "{{ vault_metrics_token }}"
|
||||
|
||||
|
|
@ -24,12 +25,12 @@ svc_env:
|
|||
WOODPECKER_GRPC_SECURE: true
|
||||
|
||||
WOODPECKER_GITEA: true
|
||||
WOODPECKER_GITEA_URL: "https://git.serguzim.me"
|
||||
WOODPECKER_GITEA_URL: https://git.serguzim.me
|
||||
WOODPECKER_GITEA_CLIENT: "{{ vault_woodpecker.gitea.client }}"
|
||||
WOODPECKER_GITEA_SECRET: "{{ vault_woodpecker.gitea.secret }}"
|
||||
|
||||
WOODPECKER_DATABASE_DRIVER: "postgres"
|
||||
WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ svc.db.user }}:{{ svc.db.pass }}@{{ svc.db.host }}:{{ svc.db.port }}/{{ svc.db.database }}?sslmode=verify-full"
|
||||
WOODPECKER_DATABASE_DRIVER: postgres
|
||||
WOODPECKER_DATABASE_DATASOURCE: postgres://{{ svc.db.user }}:{{ svc.db.pass }}@{{ svc.db.host }}:{{ svc.db.port }}/{{ svc.db.database }}?sslmode=verify-full
|
||||
|
||||
compose:
|
||||
watchtower: true
|
||||
|
|
|
|||
|
|
@ -1,2 +1,5 @@
|
|||
- import_tasks: prepare-common-service.yml
|
||||
- import_tasks: start-common-service.yml
|
||||
---
|
||||
- name: Import prepare tasks for common service
|
||||
ansible.builtin.import_tasks: tasks/prepare-common-service.yml
|
||||
- name: Import start tasks for common service
|
||||
ansible.builtin.import_tasks: tasks/start-common-service.yml
|
||||
|
|
|
|||
|
|
@ -1,4 +1,11 @@
|
|||
- import_tasks: steps/create-service-directory.yml
|
||||
- import_tasks: steps/template-docker-compose.yml
|
||||
- import_tasks: steps/template-service-env.yml
|
||||
when: compose.env|default(False) == True
|
||||
---
|
||||
- name: Import tasks to create service directory
|
||||
ansible.builtin.import_tasks: tasks/steps/create-service-directory.yml
|
||||
|
||||
- name: Import tasks to template docker compose file
|
||||
ansible.builtin.import_tasks: tasks/steps/template-docker-compose.yml
|
||||
when: not no_compose|default(False) # TODO remove when fixing "var-naming[no-role-prefix]"
|
||||
|
||||
- name: Import tasks create a service.env file
|
||||
ansible.builtin.import_tasks: tasks/steps/template-service-env.yml
|
||||
when: compose.env|default(False)
|
||||
|
|
|
|||
|
|
@ -1,3 +1,6 @@
|
|||
- include_tasks: steps/template-site-config.yml
|
||||
---
|
||||
- name: Import tasks to template the site for the reverse proxy
|
||||
ansible.builtin.include_tasks: tasks/steps/template-site-config.yml
|
||||
when: svc.domain is defined
|
||||
- import_tasks: steps/start-service.yml
|
||||
- name: Import tasks to start the service
|
||||
ansible.builtin.import_tasks: tasks/steps/start-service.yml
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
- name: Set common facts
|
||||
ansible.builtin.set_fact:
|
||||
service_path: "{{ (services_path, svc.name) | path_join }}"
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
- name: Build service
|
||||
ansible.builtin.command:
|
||||
cmd: docker compose build --pull
|
||||
|
|
@ -7,7 +8,7 @@
|
|||
- docker_update is defined
|
||||
- docker_update
|
||||
register: cmd_result
|
||||
changed_when: True
|
||||
changed_when: true
|
||||
|
||||
- name: Pull service
|
||||
ansible.builtin.command:
|
||||
|
|
@ -18,7 +19,7 @@
|
|||
- docker_update is defined
|
||||
- docker_update
|
||||
register: cmd_result
|
||||
changed_when: True
|
||||
changed_when: true
|
||||
|
||||
- name: Start service
|
||||
ansible.builtin.command:
|
||||
|
|
@ -26,4 +27,4 @@
|
|||
chdir: "{{ service_path }}"
|
||||
when: "'local-dev' != inventory_hostname"
|
||||
register: cmd_result
|
||||
changed_when: "cmd_result.stderr | regex_search('Started$')"
|
||||
changed_when: cmd_result.stderr | regex_search('Started$')
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
- name: Template docker-compose
|
||||
ansible.builtin.template:
|
||||
src: docker-compose.yml.j2
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
- name: Template service.env file
|
||||
ansible.builtin.template:
|
||||
src: service.env.j2
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
- name: Template caddy site
|
||||
ansible.builtin.template:
|
||||
src: caddy_site.conf.j2
|
||||
|
|
|
|||
Loading…
Reference in a new issue