diff --git a/_ansible/.ansible-lint b/_ansible/.ansible-lint deleted file mode 100644 index 2a8fdbf..0000000 --- a/_ansible/.ansible-lint +++ /dev/null @@ -1,2 +0,0 @@ -skip_list: - - var-naming[no-role-prefix] diff --git a/_ansible/local-dev.yml b/_ansible/local-dev.yml index 2562648..ec1e6a7 100644 --- a/_ansible/local-dev.yml +++ b/_ansible/local-dev.yml @@ -7,6 +7,8 @@ hosts: local-dev roles: + - common + - acme-dns - coder - faas diff --git a/_ansible/node001.yml b/_ansible/node001.yml index 26fa04e..7cced95 100644 --- a/_ansible/node001.yml +++ b/_ansible/node001.yml @@ -2,5 +2,9 @@ - name: Run roles for node001 hosts: node001 roles: - - mailcow - - minecraft-2 + - common + + - role: mailcow + tags: [mailcow, mail, communication] + - role: minecraft_2 + tags: [minecraft-2, minecraft, games] diff --git a/_ansible/node002.yml b/_ansible/node002.yml index 9659b38..8480a7a 100644 --- a/_ansible/node002.yml +++ b/_ansible/node002.yml @@ -2,24 +2,47 @@ - name: Run roles for node002 hosts: node002 roles: - - acme-dns - - authentik - - coder - - faas - - forgejo - - forgejo-runner - - harbor - - healthcheck - - homebox - - influxdb - - jellyfin - - synapse - - tandoor - - telegraf - - tinytinyrss - - umami - - uptime-kuma - - watchtower - - webdis - - wiki-js - - woodpecker + - common + + - role: acme_dns + tags: [acme-dns, certificates] + - role: authentik + tags: [authentik, authentication] + - role: coder + tags: [coder, development] + - role: faas + tags: [faas] + - role: forgejo + tags: [forgejo, git, development] + - role: forgejo_runner + tags: [forgejo-runner, ci, development] + - role: harbor + tags: [harbor, registry, development] + - role: healthcheck + tags: [healthcheck, monitoring] + - role: homebox + tags: [homebox, inventory] + - role: influxdb + tags: [influxdb, sensors, monitoring] + - role: jellyfin + tags: [jellyfin, media] + - role: synapse + tags: [synapse, matrix, communication] + - role: tandoor + tags: [tandoor, recipes] + - role: telegraf + tags: [telegraf, monitoring] + - role: tinytinyrss + tags: [tinytinyrss, news] + - role: umami + tags: [umami, analytics] + - role: uptime_kuma + tags: [uptime-kuma, monitoring] + - role: watchtower + tags: [watchtower] + - role: webdis + tags: [webdis] + - role: wiki_js + tags: [wiki-js] + - role: woodpecker + tags: [woodpecker, ci, development] diff --git a/_ansible/node003.yml b/_ansible/node003.yml index 4930ff7..812469b 100644 --- a/_ansible/node003.yml +++ b/_ansible/node003.yml @@ -2,4 +2,7 @@ - name: Run roles for node003 hosts: node003 roles: - - minio + - common + + - role: minio + tags: [minio, storage] diff --git a/_ansible/roles/acme-dns/tasks/main.yml b/_ansible/roles/acme_dns/tasks/main.yml similarity index 79% rename from _ansible/roles/acme-dns/tasks/main.yml rename to _ansible/roles/acme_dns/tasks/main.yml index be57c2d..63c2550 100644 --- a/_ansible/roles/acme-dns/tasks/main.yml +++ b/_ansible/roles/acme_dns/tasks/main.yml @@ -1,8 +1,12 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + - name: Deploy {{ svc.name }} - tags: - - acme-dns - - certificates + vars: + svc: "{{ acme_dns_svc }}" + env: "{{ acme_dns_env }}" + compose: "{{ acme_dns_compose }}" block: - name: Import prepare tasks for common service ansible.builtin.import_tasks: tasks/prepare-common-service.yml diff --git a/_ansible/roles/acme-dns/templates/config.cfg.j2 b/_ansible/roles/acme_dns/templates/config.cfg.j2 similarity index 100% rename from _ansible/roles/acme-dns/templates/config.cfg.j2 rename to _ansible/roles/acme_dns/templates/config.cfg.j2 diff --git a/_ansible/roles/acme-dns/vars/main.yml b/_ansible/roles/acme_dns/vars/main.yml similarity index 94% rename from _ansible/roles/acme-dns/vars/main.yml rename to _ansible/roles/acme_dns/vars/main.yml index de76049..2a44b8b 100644 --- a/_ansible/roles/acme-dns/vars/main.yml +++ b/_ansible/roles/acme_dns/vars/main.yml @@ -1,5 +1,5 @@ --- -svc: +acme_dns_svc: domain: acme.serguzim.me name: acme-dns port: 80 @@ -13,7 +13,7 @@ svc: pass: "{{ vault_acmedns.db.pass }}" db: acme_dns -compose: +acme_dns_compose: watchtower: true monitoring: true image: joohoi/acme-dns diff --git a/_ansible/roles/authentik/tasks/main.yml b/_ansible/roles/authentik/tasks/main.yml index 5fc1ca3..05c7ec4 100644 --- a/_ansible/roles/authentik/tasks/main.yml +++ b/_ansible/roles/authentik/tasks/main.yml @@ -1,8 +1,12 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + - name: Deploy {{ svc.name }} - tags: - - authentik - - authentication + vars: + svc: "{{ authentik_svc }}" + env: "{{ authentik_env }}" + compose: "{{ authentik_compose }}" block: - name: Import tasks to deploy common service ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/authentik/vars/main.yml b/_ansible/roles/authentik/vars/main.yml index 30a1dcd..bf3a8ea 100644 --- a/_ansible/roles/authentik/vars/main.yml +++ b/_ansible/roles/authentik/vars/main.yml @@ -1,5 +1,5 @@ --- -svc: +authentik_svc: domain: auth.serguzim.me name: authentik port: 9000 @@ -10,7 +10,7 @@ svc: user: "{{ vault_authentik.db.user }}" pass: "{{ vault_authentik.db.pass }}" -svc_env: +authentik_env: AUTHENTIK_SECRET_KEY: "{{ vault_authentik.secret_key }}" AUTHENTIK_EMAIL__HOST: "{{ mailer.host }}" @@ -31,10 +31,9 @@ svc_env: AUTHENTIK_POSTGRESQL__USER: "{{ svc.db.user }}" AUTHENTIK_POSTGRESQL__PASSWORD: "{{ svc.db.pass }}" -compose: +authentik_compose: watchtower: false image: ghcr.io/goauthentik/server:{{ svc.image_tag }} - env: true file: services: app: diff --git a/_ansible/roles/caddy/tasks/main.yml b/_ansible/roles/caddy/tasks/main.yml index d688d02..e3ef9fb 100644 --- a/_ansible/roles/caddy/tasks/main.yml +++ b/_ansible/roles/caddy/tasks/main.yml @@ -1,9 +1,13 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + +- name: Deploy {{ svc.name }} + vars: + svc: "{{ caddy_svc }}" + env: "{{ caddy_env }}" + compose: "{{ caddy_compose }}" - name: Deploy {{ svc.name }} - tags: - - caddy - - reverse_proxy - - webserver block: - name: Import tasks to deploy common service ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/coder/tasks/main.yml b/_ansible/roles/coder/tasks/main.yml index 1f65776..6c05ea0 100644 --- a/_ansible/roles/coder/tasks/main.yml +++ b/_ansible/roles/coder/tasks/main.yml @@ -1,7 +1,12 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + - name: Deploy {{ svc.name }} - tags: - - coder + vars: + svc: "{{ coder_svc }}" + env: "{{ coder_env }}" + compose: "{{ coder_compose }}" block: - name: Import tasks to deploy common service ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/coder/vars/main.yml b/_ansible/roles/coder/vars/main.yml index 0ef976e..bf8fabd 100644 --- a/_ansible/roles/coder/vars/main.yml +++ b/_ansible/roles/coder/vars/main.yml @@ -1,5 +1,5 @@ --- -svc: +coder_svc: domain: coder.serguzim.me additional_domains: - "*.coder.serguzim.me" @@ -12,7 +12,7 @@ svc: ssh_port: 22 ssh_port_alt: 3022 -svc_env: +coder_env: CODER_ADDRESS: "0.0.0.0:7080" CODER_ACCESS_URL: https://{{ svc.domain }} CODER_WILDCARD_ACCESS_URL: "*.{{ svc.domain }}" @@ -23,10 +23,9 @@ svc_env: CODER_OIDC_CLIENT_ID: "{{ vault_coder.oidc_client.id }}" CODER_OIDC_CLIENT_SECRET: "{{ vault_coder.oidc_client.secret }}" -compose: +coder_compose: watchtower: true image: ghcr.io/coder/coder:latest - env: true volumes: - /var/run/docker.sock:/var/run/docker.sock file: diff --git a/_ansible/roles/common/handlers/main.yml b/_ansible/roles/common/handlers/main.yml new file mode 100644 index 0000000..517225f --- /dev/null +++ b/_ansible/roles/common/handlers/main.yml @@ -0,0 +1,7 @@ +--- +- name: Reload caddy + ansible.builtin.command: + cmd: docker compose exec app sh -c "caddy validate --config /etc/caddy/Caddyfile && caddy reload --config /etc/caddy/Caddyfile" + chdir: "{{ caddy_path }}" + when: "'local-dev' != inventory_hostname" + changed_when: true diff --git a/_ansible/roles/faas/tasks/main.yml b/_ansible/roles/faas/tasks/main.yml index b3edf88..f2d6b02 100644 --- a/_ansible/roles/faas/tasks/main.yml +++ b/_ansible/roles/faas/tasks/main.yml @@ -1,7 +1,10 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + - name: Deploy {{ svc.name }} - tags: - - faas + vars: + svc: "{{ faas_svc }}" block: - name: Import tasks to template the site and functions for the reverse proxy ansible.builtin.import_tasks: tasks/steps/template-site-config.yml diff --git a/_ansible/roles/faas/vars/main.yml b/_ansible/roles/faas/vars/main.yml index 0c2a0c2..140ca9d 100644 --- a/_ansible/roles/faas/vars/main.yml +++ b/_ansible/roles/faas/vars/main.yml @@ -1,5 +1,5 @@ --- -svc: +faas_svc: name: faas domain: faas.serguzim.me docker_host: host.docker.internal diff --git a/_ansible/roles/forgejo/tasks/main.yml b/_ansible/roles/forgejo/tasks/main.yml index 1a9bccd..c02d6fd 100644 --- a/_ansible/roles/forgejo/tasks/main.yml +++ b/_ansible/roles/forgejo/tasks/main.yml @@ -1,8 +1,12 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + - name: Deploy {{ svc.name }} - tags: - - forgejo - - git + vars: + svc: "{{ forgejo_svc }}" + env: "{{ forgejo_env }}" + compose: "{{ forgejo_compose }}" block: - name: Import tasks to deploy common service ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/forgejo/vars/main.yml b/_ansible/roles/forgejo/vars/main.yml index 5937350..49726e9 100644 --- a/_ansible/roles/forgejo/vars/main.yml +++ b/_ansible/roles/forgejo/vars/main.yml @@ -1,5 +1,5 @@ --- -svc: +forgejo_svc: domain: git.serguzim.me name: forgejo port: 3000 @@ -10,7 +10,7 @@ svc: ssh_port: 22 ssh_port_alt: 3022 -svc_env: +forgejo_env: FORGEJO__database__DB_TYPE: postgres FORGEJO__database__HOST: "{{ svc.db.host }}:{{ svc.db.port }}" FORGEJO__database__NAME: forgejo @@ -78,10 +78,9 @@ svc_env: FORGEJO__other__SHOW_FOOTER_VERSION: true FORGEJO__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME: false -compose: +forgejo_compose: watchtower: true image: codeberg.org/forgejo/forgejo:1.21 - env: true volumes: - data:/data - /etc/timezone:/etc/timezone:ro diff --git a/_ansible/roles/forgejo-runner/files/config.yml b/_ansible/roles/forgejo_runner/files/config.yml similarity index 100% rename from _ansible/roles/forgejo-runner/files/config.yml rename to _ansible/roles/forgejo_runner/files/config.yml diff --git a/_ansible/roles/forgejo-runner/tasks/main.yml b/_ansible/roles/forgejo_runner/tasks/main.yml similarity index 76% rename from _ansible/roles/forgejo-runner/tasks/main.yml rename to _ansible/roles/forgejo_runner/tasks/main.yml index 19bca38..911dfd1 100644 --- a/_ansible/roles/forgejo-runner/tasks/main.yml +++ b/_ansible/roles/forgejo_runner/tasks/main.yml @@ -1,10 +1,12 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + - name: Deploy {{ svc.name }} - tags: - - git - - forgejo - - ci - - forgejo-runner + vars: + svc: "{{ forgejo_runner_svc }}" + env: "{{ forgejo_runner_env }}" + compose: "{{ forgejo_runner_compose }}" block: - name: Import tasks to create service directory ansible.builtin.import_tasks: tasks/steps/create-service-directory.yml @@ -20,11 +22,11 @@ - name: Check if service.env already exists ansible.builtin.stat: path: "{{ (service_path, 'service.env') | path_join }}" - register: svc_env_file + register: env_file - name: Import tasks to prompt for the registration token ansible.builtin.import_tasks: tasks/prompt-registration-token.yml - when: not svc_env_file.stat.exists or force_forgejo_runner_registration | default(False) + when: not env_file.stat.exists or force_forgejo_runner_registration | default(False) - name: Import tasks create a service.env file ansible.builtin.import_tasks: tasks/steps/template-service-env.yml @@ -36,5 +38,5 @@ cmd: docker compose run --rm -it app sh -c 'forgejo-runner register --no-interactive --token ${FORGEJO_RUNNER_REGISTRATION_TOKEN} --instance ${FORGEJO_INSTANCE_URL}' chdir: "{{ service_path }}" - when: not svc_env_file.stat.exists or force_forgejo_runner_registration | default(False) + when: not env_file.stat.exists or force_forgejo_runner_registration | default(False) changed_when: true # "when" checks enough. We are sure to change something here. diff --git a/_ansible/roles/forgejo-runner/tasks/prompt-registration-token.yml b/_ansible/roles/forgejo_runner/tasks/prompt-registration-token.yml similarity index 60% rename from _ansible/roles/forgejo-runner/tasks/prompt-registration-token.yml rename to _ansible/roles/forgejo_runner/tasks/prompt-registration-token.yml index d108989..95e14de 100644 --- a/_ansible/roles/forgejo-runner/tasks/prompt-registration-token.yml +++ b/_ansible/roles/forgejo_runner/tasks/prompt-registration-token.yml @@ -7,4 +7,4 @@ - name: Put registration token into env vars ansible.builtin.set_fact: - svc_env: "{{ svc_env | combine({'FORGEJO_RUNNER_REGISTRATION_TOKEN': promt_registration_token.user_input}, recursive=True) }}" + forgejo_runner_env: "{{ forgejo_runner_env | combine({'FORGEJO_RUNNER_REGISTRATION_TOKEN': promt_registration_token.user_input}, recursive=True) }}" diff --git a/_ansible/roles/forgejo-runner/vars/main.yml b/_ansible/roles/forgejo_runner/vars/main.yml similarity index 91% rename from _ansible/roles/forgejo-runner/vars/main.yml rename to _ansible/roles/forgejo_runner/vars/main.yml index d4ddf8a..2b13fbf 100644 --- a/_ansible/roles/forgejo-runner/vars/main.yml +++ b/_ansible/roles/forgejo_runner/vars/main.yml @@ -1,16 +1,15 @@ --- -svc: +forgejo_runner_svc: name: forgejo-runner -svc_env: +forgejo_runner_env: FORGEJO_INSTANCE_URL: https://git.serguzim.me/ FORGEJO_RUNNER_REGISTRATION_TOKEN: DOCKER_HOST: tcp://docker-in-docker:2375 -compose: +forgejo_runner_compose: watchtower: true image: code.forgejo.org/forgejo/runner:3.3.0 - env: true volumes: - ./config.yml:/config/config.yml - data:/data diff --git a/_ansible/roles/harbor/files/msrg.cc.log.config b/_ansible/roles/harbor/files/msrg.cc.log.config deleted file mode 100644 index 03a08cb..0000000 --- a/_ansible/roles/harbor/files/msrg.cc.log.config +++ /dev/null @@ -1,22 +0,0 @@ -version: 1 - -formatters: - precise: - format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' - -handlers: - console: - class: logging.StreamHandler - formatter: precise - -loggers: - synapse.storage.SQL: - # beware: increasing this to DEBUG will make synapse log sensitive - # information such as access tokens. - level: INFO - -root: - level: INFO - handlers: [console] - -disable_existing_loggers: false \ No newline at end of file diff --git a/_ansible/roles/harbor/tasks/main.yml b/_ansible/roles/harbor/tasks/main.yml index 9e0575a..f3fc8e3 100644 --- a/_ansible/roles/harbor/tasks/main.yml +++ b/_ansible/roles/harbor/tasks/main.yml @@ -1,8 +1,12 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + - name: Deploy {{ svc.name }} - tags: - - harbor - - registry + vars: + svc: "{{ harbor_svc }}" + env: "{{ harbor_env }}" + yml: "{{ harbor_yml }}" block: - name: Import prepare tasks for common service ansible.builtin.import_tasks: tasks/prepare-common-service.yml diff --git a/_ansible/roles/harbor/vars/main.yml b/_ansible/roles/harbor/vars/main.yml index f0a594d..ea9fbb2 100644 --- a/_ansible/roles/harbor/vars/main.yml +++ b/_ansible/roles/harbor/vars/main.yml @@ -1,16 +1,21 @@ --- -svc_ports: - http: 20080 - https: 20443 - metrics: 29000 +harbor_port_http: 20080 +harbor_port_https: 20443 +harbor_port_metrics: 29000 -svc: +harbor_db_host: "{{ postgres.host }}" +harbor_db_port: "{{ postgres.port }}" +harbor_db_database: harbor +harbor_db_user: "{{ vault_harbor.db.user }}" +harbor_db_pass: "{{ vault_harbor.db.pass }}" +harbor_version: 2.9.0 + +harbor_svc: name: harbor - no_compose: true # TODO remove when fixing "var-naming[no-role-prefix]" domain: registry.serguzim.me caddy_extra: | - reverse_proxy /metrics host.docker.internal:{{ svc_ports.metrics }} - reverse_proxy host.docker.internal:{{ svc_ports.https }} { + reverse_proxy /metrics host.docker.internal:{{ harbor_port_metrics }} + reverse_proxy host.docker.internal:{{ harbor_port_https }} { transport http { tls tls_server_name registry.serguzim.me @@ -25,12 +30,12 @@ svc: pass: "{{ vault_harbor.db.pass }}" harbor_version: 2.9.0 -svc_yml: - hostname: "{{ svc.domain }}" +harbor_yml: + hostname: "{{ harbor_svc.domain }}" http: - port: "{{ svc_ports.http }}" + port: "{{ harbor_port_http }}" https: - port: "{{ svc_ports.https }}" + port: "{{ harbor_port_https }}" certificate: /opt/services/.lego/certificates/registry.serguzim.me.crt private_key: /opt/services/.lego/certificates/registry.serguzim.me.key external_url: https://registry.serguzim.me @@ -65,14 +70,14 @@ svc_yml: rotate_count: 50 rotate_size: 200M location: /var/log/harbor - _version: "{{ svc.harbor_version }}" + _version: "{{ harbor_version }}" external_database: harbor: - host: "{{ svc.db.host }}" - port: "{{ svc.db.port }}" - db_name: "{{ svc.db.database }}" - username: "{{ svc.db.user }}" - password: "{{ svc.db.pass }}" + host: "{{ harbor_db_host }}" + port: "{{ harbor_db_port }}" + db_name: "{{ harbor_db_database }}" + username: "{{ harbor_db_user }}" + password: "{{ harbor_db_pass }}" ssl_mode: verify-full max_idle_conns: 2 max_open_conns: 0 @@ -86,7 +91,7 @@ svc_yml: - trivy metric: enabled: enabled - port: "{{ svc_ports.metrics }}" + port: "{{ harbor_port_metrics }}" path: /metrics upload_purging: enabled: true diff --git a/_ansible/roles/healthcheck/tasks/main.yml b/_ansible/roles/healthcheck/tasks/main.yml index 58ec49b..485bfeb 100644 --- a/_ansible/roles/healthcheck/tasks/main.yml +++ b/_ansible/roles/healthcheck/tasks/main.yml @@ -1,7 +1,12 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + - name: Deploy {{ svc.name }} - tags: - - healthcheck + vars: + svc: "{{ healthcheck_svc }}" + env: "{{ healthcheck_env }}" + compose: "{{ healthcheck_compose }}" block: - name: Import tasks to create service directory ansible.builtin.import_tasks: tasks/steps/create-service-directory.yml diff --git a/_ansible/roles/healthcheck/vars/main.yml b/_ansible/roles/healthcheck/vars/main.yml index 6aadc0b..a957675 100644 --- a/_ansible/roles/healthcheck/vars/main.yml +++ b/_ansible/roles/healthcheck/vars/main.yml @@ -1,8 +1,8 @@ --- -svc: +healthcheck_svc: name: healthcheck -svc_env: +healthcheck_env: USER_AGENT: healthcheck-bot for serguzim.net HTTP_HC_UID: "{{ vault_healthcheck.hc_uid.http }}" diff --git a/_ansible/roles/homebox/tasks/main.yml b/_ansible/roles/homebox/tasks/main.yml index 290296d..d4aed71 100644 --- a/_ansible/roles/homebox/tasks/main.yml +++ b/_ansible/roles/homebox/tasks/main.yml @@ -1,8 +1,12 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + - name: Deploy {{ svc.name }} - tags: - - homebox - - inventory + vars: + svc: "{{ homebox_svc }}" + env: "{{ homebox_env }}" + compose: "{{ homebox_compose }}" block: - name: Import tasks to deploy common service ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/homebox/vars/main.yml b/_ansible/roles/homebox/vars/main.yml index 58592ff..0376954 100644 --- a/_ansible/roles/homebox/vars/main.yml +++ b/_ansible/roles/homebox/vars/main.yml @@ -1,10 +1,10 @@ --- -svc: +homebox_svc: domain: inventory.serguzim.me name: homebox port: 7745 -svc_env: +homebox_env: HBOX_OPTIONS_ALLOW_REGISTRATION: false HBOX_MAILER_HOST: mail.serguzim.me HBOX_MAILER_PORT: 587 @@ -13,10 +13,9 @@ svc_env: HBOX_MAILER_FROM: Homebox HBOX_SWAGGER_SCHEMA: https -compose: +homebox_compose: watchtower: true image: ghcr.io/hay-kot/homebox:latest-rootless - env: true volumes: - data:/data file: diff --git a/_ansible/roles/influxdb/tasks/main.yml b/_ansible/roles/influxdb/tasks/main.yml index 75a6e46..7db0c9b 100644 --- a/_ansible/roles/influxdb/tasks/main.yml +++ b/_ansible/roles/influxdb/tasks/main.yml @@ -1,8 +1,13 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + - name: Deploy {{ svc.name }} - tags: - - influxdb - - sensors + vars: + svc: "{{ influxdb_svc }}" + env: "{{ influxdb_env }}" + compose: "{{ influxdb_compose }}" + yml: "{{ influxdb_yml }}" block: - name: Import prepare tasks for common service ansible.builtin.import_tasks: tasks/prepare-common-service.yml diff --git a/_ansible/roles/influxdb/vars/main.yml b/_ansible/roles/influxdb/vars/main.yml index f2cbf8c..1517777 100644 --- a/_ansible/roles/influxdb/vars/main.yml +++ b/_ansible/roles/influxdb/vars/main.yml @@ -1,11 +1,11 @@ --- -svc: +influxdb_svc: domain: tick.serguzim.me name: influxdb port: 8086 data_dir: /var/lib/influxdb2 -svc_yml: +influxdb_yml: assets-path: "" bolt-path: "{{ (svc.data_dir, 'influxd.bolt') | path_join }}" e2e-testing: false @@ -62,7 +62,7 @@ svc_yml: vault-tls-server-name: "" vault-token: "" -compose: +influxdb_compose: watchtower: false image: influxdb:2.7 volumes: diff --git a/_ansible/roles/jellyfin/tasks/main.yml b/_ansible/roles/jellyfin/tasks/main.yml index 9be53ba..112567d 100644 --- a/_ansible/roles/jellyfin/tasks/main.yml +++ b/_ansible/roles/jellyfin/tasks/main.yml @@ -1,8 +1,12 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + - name: Deploy {{ svc.name }} - tags: - - jellyfin - - media + vars: + svc: "{{ jellyfin_svc }}" + env: "{{ jellyfin_env }}" + compose: "{{ jellyfin_compose }}" block: - name: Import tasks to deploy common service ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/jellyfin/vars/main.yml b/_ansible/roles/jellyfin/vars/main.yml index efe63d8..17db44a 100644 --- a/_ansible/roles/jellyfin/vars/main.yml +++ b/_ansible/roles/jellyfin/vars/main.yml @@ -1,5 +1,5 @@ --- -svc: +jellyfin_svc: domain: media.serguzim.me name: jellyfin port: 8096 @@ -7,13 +7,12 @@ svc: host: "{{ postgres.host }}" port: "{{ postgres.port }}" -svc_env: +jellyfin_env: JELLYFIN_PublishedServerUrl: https://{{ svc.domain }} -compose: +jellyfin_compose: watchtower: true image: jellyfin/jellyfin - env: true volumes: - config:/config - cache:/cache diff --git a/_ansible/roles/mailcow/tasks/main.yml b/_ansible/roles/mailcow/tasks/main.yml index 09514cd..7f8ffde 100644 --- a/_ansible/roles/mailcow/tasks/main.yml +++ b/_ansible/roles/mailcow/tasks/main.yml @@ -1,8 +1,10 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + - name: Deploy {{ svc.name }} - tags: - - mailcow - - email + vars: + svc: "{{ mailcow_svc }}" block: - name: Import tasks to template the site for the reverse proxy ansible.builtin.import_tasks: tasks/steps/template-site-config.yml diff --git a/_ansible/roles/mailcow/vars/main.yml b/_ansible/roles/mailcow/vars/main.yml index e481d11..5cccc3c 100644 --- a/_ansible/roles/mailcow/vars/main.yml +++ b/_ansible/roles/mailcow/vars/main.yml @@ -1,5 +1,5 @@ --- -svc: +mailcow_svc: name: mailcow domain: mail.serguzim.me docker_host: host.docker.internal diff --git a/_ansible/roles/minecraft-2/tasks/main.yml b/_ansible/roles/minecraft-2/tasks/main.yml deleted file mode 100644 index a33d81f..0000000 --- a/_ansible/roles/minecraft-2/tasks/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Deploy {{ svc.name }} - tags: - - minecraft-2 - - minecraft - - games - block: - - name: Import tasks to deploy common service - ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/minecraft_2/tasks/main.yml b/_ansible/roles/minecraft_2/tasks/main.yml new file mode 100644 index 0000000..fd5279c --- /dev/null +++ b/_ansible/roles/minecraft_2/tasks/main.yml @@ -0,0 +1,12 @@ +--- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + +- name: Deploy {{ svc.name }} + vars: + svc: "{{ minecraft_2_svc }}" + env: "{{ minecraft_2_env }}" + compose: "{{ minecraft_2_compose }}" + block: + - name: Import tasks to deploy common service + ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/minecraft-2/vars/main.yml b/_ansible/roles/minecraft_2/vars/main.yml similarity index 96% rename from _ansible/roles/minecraft-2/vars/main.yml rename to _ansible/roles/minecraft_2/vars/main.yml index c735bb5..e14e7a1 100644 --- a/_ansible/roles/minecraft-2/vars/main.yml +++ b/_ansible/roles/minecraft_2/vars/main.yml @@ -1,8 +1,8 @@ --- -svc: +minecraft_2_svc: name: minecraft-2 -svc_env: +minecraft_2_env: ALLOW_FLIGHT: true ALLOW_NETHER: true ANNOUNCE_PLAYER_ACHIEVEMENTS: true @@ -54,10 +54,9 @@ svc_env: VIEW_DISTANCE: 10 WHITELIST: "{{ vault_minecraft_2.whitelist }}" -compose: +minecraft_2_compose: watchtower: false image: itzg/minecraft-server - env: true volumes: - data:/data file: diff --git a/_ansible/roles/minio/tasks/main.yml b/_ansible/roles/minio/tasks/main.yml index ae464b2..17d9abb 100644 --- a/_ansible/roles/minio/tasks/main.yml +++ b/_ansible/roles/minio/tasks/main.yml @@ -1,8 +1,12 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + - name: Deploy {{ svc.name }} - tags: - - minio - - storage + vars: + svc: "{{ minio_svc }}" + env: "{{ minio_env }}" + compose: "{{ minio_compose }}" block: - name: Import tasks to deploy common service ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/minio/vars/main.yml b/_ansible/roles/minio/vars/main.yml index efe1799..ca82ffe 100644 --- a/_ansible/roles/minio/vars/main.yml +++ b/_ansible/roles/minio/vars/main.yml @@ -1,5 +1,5 @@ --- -svc: +minio_svc: domain: s3.serguzim.me name: minio port: 9000 @@ -13,7 +13,7 @@ svc: docker_host: minio port: 9001 -svc_env: +minio_env: MINIO_SERVER_URL: https://{{ svc.domain }}/ MINIO_BROWSER_REDIRECT_URL: https://console.{{ svc.domain }} MINIO_VOLUMES: /data @@ -21,10 +21,9 @@ svc_env: MINIO_ROOT_USER: "{{ vault_minio.user }}" MINIO_ROOT_PASSWORD: "{{ vault_minio.pass }}" -compose: +minio_compose: watchtower: true image: minio/minio - env: true volumes: - data:/data file: diff --git a/_ansible/roles/synapse/tasks/main.yml b/_ansible/roles/synapse/tasks/main.yml index b9bbe96..c87b23a 100644 --- a/_ansible/roles/synapse/tasks/main.yml +++ b/_ansible/roles/synapse/tasks/main.yml @@ -1,8 +1,13 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + - name: Deploy {{ svc.name }} - tags: - - synapse - - matrix + vars: + svc: "{{ synapse_svc }}" + env: "{{ synapse_env }}" + compose: "{{ synapse_compose }}" + yml: "{{ synapse_yml }}" block: - name: Import prepare tasks for common service ansible.builtin.import_tasks: tasks/prepare-common-service.yml diff --git a/_ansible/roles/synapse/vars/main.yml b/_ansible/roles/synapse/vars/main.yml index 930e19b..9b7f384 100644 --- a/_ansible/roles/synapse/vars/main.yml +++ b/_ansible/roles/synapse/vars/main.yml @@ -1,5 +1,5 @@ --- -svc: +synapse_svc: name: synapse domain: matrix.msrg.cc docker_host: synapse-admin @@ -26,11 +26,11 @@ svc: pass: "{{ vault_synapse.db.pass }}" config_path: config -svc_env: +synapse_env: SYNAPSE_CONFIG_PATH: "{{ ('/', svc.config_path) | path_join }}" REACT_APP_SERVER: https://matrix.msrg.cc -svc_yml: +synapse_yml: server_name: msrg.cc pid_file: "{{ (svc.config_path, 'homeserver.pid') | path_join }}" public_baseurl: https://matrix.msrg.cc/ @@ -102,10 +102,9 @@ svc_yml: require_transport_security: true notif_from: Matrix -compose: +synapse_compose: watchtower: true - env: true - image: ghcr.io/matrix-org/synapse + image: ghcr.io/matrix-org/synapse:v1.98.0 volumes: - ./config:/config - media_store:/media_store diff --git a/_ansible/roles/tandoor/tasks/main.yml b/_ansible/roles/tandoor/tasks/main.yml index f10ffcd..2c9b7fd 100644 --- a/_ansible/roles/tandoor/tasks/main.yml +++ b/_ansible/roles/tandoor/tasks/main.yml @@ -1,8 +1,12 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + - name: Deploy {{ svc.name }} - tags: - - tandoor - - recipies + vars: + svc: "{{ tandoor_svc }}" + env: "{{ tandoor_env }}" + compose: "{{ tandoor_compose }}" block: - name: Import tasks to deploy common service ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/tandoor/vars/main.yml b/_ansible/roles/tandoor/vars/main.yml index b109ade..0694ebd 100644 --- a/_ansible/roles/tandoor/vars/main.yml +++ b/_ansible/roles/tandoor/vars/main.yml @@ -1,5 +1,5 @@ --- -svc: +tandoor_svc: domain: recipes.serguzim.me name: tandoor port: 80 @@ -10,7 +10,7 @@ svc: user: "{{ vault_tandoor.db.user }}" pass: "{{ vault_tandoor.db.pass }}" -svc_env: +tandoor_env: DEBUG: 0 SQL_DEBUG: 0 @@ -35,10 +35,9 @@ svc_env: SOCIAL_DEFAULT_ACCESS: 1 SOCIAL_DEFAULT_GROUP: guest -compose: +tandoor_compose: watchtower: true image: nginx:mainline-alpine - env: true volumes: - nginx_config:/etc/nginx/conf.d:ro - staticfiles:/static diff --git a/_ansible/roles/telegraf/tasks/main.yml b/_ansible/roles/telegraf/tasks/main.yml index e4bac9a..7db7dc4 100644 --- a/_ansible/roles/telegraf/tasks/main.yml +++ b/_ansible/roles/telegraf/tasks/main.yml @@ -1,8 +1,12 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + - name: Deploy {{ svc.name }} - tags: - - telegraf - - monitoring + vars: + svc: "{{ telegraf_svc }}" + env: "{{ telegraf_env }}" + compose: "{{ telegraf_compose }}" block: - name: Import prepare tasks for common service ansible.builtin.import_tasks: tasks/prepare-common-service.yml diff --git a/_ansible/roles/telegraf/vars/main.yml b/_ansible/roles/telegraf/vars/main.yml index fafc718..887c8b7 100644 --- a/_ansible/roles/telegraf/vars/main.yml +++ b/_ansible/roles/telegraf/vars/main.yml @@ -1,5 +1,5 @@ --- -svc: +telegraf_svc: name: telegraf influxdb: url: https://tick.serguzim.me @@ -21,26 +21,9 @@ svc: database: telegraf docker_log: endpoint: unix:///var/run/docker.sock - # from_beginning: false - # timeout: "5s" - - # container_name_include: [] - # container_name_exclude: [] - - # docker_label_include: [] - # docker_label_exclude: [] - - ## Set the source tag for the metrics to the container ID hostname, eg first 12 chars source_tag: false -## Optional TLS Config -# tls_ca: "/etc/telegraf/ca.pem" -# tls_cert: "/etc/telegraf/cert.pem" -# tls_key: "/etc/telegraf/key.pem" -## Use TLS but skip chain & host verification -# insecure_skip_verify: false - -compose: +telegraf_compose: watchtower: false image: telegraf:1.28 volumes: diff --git a/_ansible/roles/tinytinyrss/tasks/main.yml b/_ansible/roles/tinytinyrss/tasks/main.yml index ea72425..b7e6961 100644 --- a/_ansible/roles/tinytinyrss/tasks/main.yml +++ b/_ansible/roles/tinytinyrss/tasks/main.yml @@ -1,9 +1,12 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + - name: Deploy {{ svc.name }} - tags: - - tinytinyrss - - tt-rss - - news + vars: + svc: "{{ tinytinyrss_svc }}" + env: "{{ tinytinyrss_env }}" + compose: "{{ tinytinyrss_compose }}" block: - name: Import prepare tasks for common service ansible.builtin.import_tasks: tasks/prepare-common-service.yml diff --git a/_ansible/roles/tinytinyrss/vars/main.yml b/_ansible/roles/tinytinyrss/vars/main.yml index ce48347..51f7a9c 100644 --- a/_ansible/roles/tinytinyrss/vars/main.yml +++ b/_ansible/roles/tinytinyrss/vars/main.yml @@ -1,5 +1,5 @@ --- -svc: +tinytinyrss_svc: domain: rss.serguzim.me name: tinytinyrss port: 80 @@ -10,7 +10,7 @@ svc: user: "{{ vault_tinytinyrss.db.user }}" pass: "{{ vault_tinytinyrss.db.pass }}" -svc_env: +tinytinyrss_env: TTRSS_DB_TYPE: pgsql TTRSS_DB_HOST: "{{ svc.db.host }}" TTRSS_DB_NAME: "{{ svc.db.database }}" @@ -19,10 +19,9 @@ svc_env: TTRSS_SELF_URL_PATH: https://{{ svc.domain }}/tt-rss/ -compose: +tinytinyrss_compose: watchtower: false image: cthulhoo/ttrss-web-nginx - env: true volumes: - app:/var/www/html:ro - ./nginx.conf:/etc/nginx/nginx.conf diff --git a/_ansible/roles/umami/tasks/main.yml b/_ansible/roles/umami/tasks/main.yml index 20d794b..ede7369 100644 --- a/_ansible/roles/umami/tasks/main.yml +++ b/_ansible/roles/umami/tasks/main.yml @@ -1,8 +1,12 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + - name: Deploy {{ svc.name }} - tags: - - umami - - analytics + vars: + svc: "{{ umami_svc }}" + env: "{{ umami_env }}" + compose: "{{ umami_compose }}" block: - name: Import tasks to deploy common service ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/umami/vars/main.yml b/_ansible/roles/umami/vars/main.yml index 23b5d27..d84fe8a 100644 --- a/_ansible/roles/umami/vars/main.yml +++ b/_ansible/roles/umami/vars/main.yml @@ -1,21 +1,24 @@ --- -svc: +umami_db_host: "{{ postgres.host }}" +umami_db_user: "{{ vault_umami.db.user }}" +umami_db_pass: "{{ vault_umami.db.pass }}" +umami_db_database: umami + +umami_hash_salt: "{{ vault_umami.hash_salt }}" + +umami_docker_image: docker.umami.dev/umami-software/umami:postgresql-latest + +umami_svc: domain: analytics.serguzim.me name: umami port: 3000 - db: - host: "{{ postgres.host }}" - user: "{{ vault_umami.db.user }}" - pass: "{{ vault_umami.db.pass }}" - db: umami -svc_env: - DATABASE_URL: postgres://{{ svc.db.user }}:{{ svc.db.pass }}@{{ svc.db.host }}/{{ svc.db.db }} +umami_env: + DATABASE_URL: postgres://{{ umami_db_user }}:{{ umami_db_pass }}@{{ umami_db_host }}/{{ umami_db_database }} DATABASE_TYPE: postgresql FORCE_SSL: 1 - HASH_SALT: "{{ vault_umami.hash_salt }}" + HASH_SALT: "{{ umami_hash_salt }}" -compose: +umami_compose: watchtower: true - image: docker.umami.dev/umami-software/umami:postgresql-latest - env: true + image: "{{ umami_docker_image }}" diff --git a/_ansible/roles/uptime-kuma/tasks/main.yml b/_ansible/roles/uptime-kuma/tasks/main.yml deleted file mode 100644 index 70e3f74..0000000 --- a/_ansible/roles/uptime-kuma/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Deploy {{ svc.name }} - tags: - - uptime-kuma - - status - block: - - name: Import tasks to deploy common service - ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/uptime_kuma/tasks/main.yml b/_ansible/roles/uptime_kuma/tasks/main.yml new file mode 100644 index 0000000..d0e8e13 --- /dev/null +++ b/_ansible/roles/uptime_kuma/tasks/main.yml @@ -0,0 +1,12 @@ +--- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + +- name: Deploy {{ svc.name }} + vars: + svc: "{{ uptime_kuma_svc }}" + env: "{{ uptime_kuma_env }}" + compose: "{{ uptime_kuma_compose }}" + block: + - name: Import tasks to deploy common service + ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/uptime-kuma/vars/main.yml b/_ansible/roles/uptime_kuma/vars/main.yml similarity index 85% rename from _ansible/roles/uptime-kuma/vars/main.yml rename to _ansible/roles/uptime_kuma/vars/main.yml index 6411fa6..093005b 100644 --- a/_ansible/roles/uptime-kuma/vars/main.yml +++ b/_ansible/roles/uptime_kuma/vars/main.yml @@ -1,12 +1,12 @@ --- -svc: +uptime_kuma_svc: domain: status.serguzim.me additional_domains: - status.serguzim.net name: uptime-kuma port: 3001 -compose: +uptime_kuma_compose: watchtower: true image: louislam/uptime-kuma:1 volumes: diff --git a/_ansible/roles/watchtower/tasks/main.yml b/_ansible/roles/watchtower/tasks/main.yml index e3abe13..90df08b 100644 --- a/_ansible/roles/watchtower/tasks/main.yml +++ b/_ansible/roles/watchtower/tasks/main.yml @@ -1,8 +1,12 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + - name: Deploy {{ svc.name }} - tags: - - watchtower - - container + vars: + svc: "{{ watchtower_svc }}" + env: "{{ watchtower_env }}" + compose: "{{ watchtower_compose }}" block: - name: Import tasks to deploy common service ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/watchtower/vars/main.yml b/_ansible/roles/watchtower/vars/main.yml index 425636f..b5ec68c 100644 --- a/_ansible/roles/watchtower/vars/main.yml +++ b/_ansible/roles/watchtower/vars/main.yml @@ -1,8 +1,8 @@ --- -svc: +watchtower_svc: name: watchtower -svc_env: +watchtower_env: WATCHTOWER_LABEL_ENABLE: true WATCHTOWER_CLEANUP: true WATCHTOWER_SCHEDULE: "0 27 20 * * *" @@ -16,10 +16,9 @@ svc_env: WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD: "{{ vault_watchtower.mailer.pass }}" WATCHTOWER_NOTIFICATION_EMAIL_DELAY: 5 -compose: +watchtower_compose: watchtower: false image: containrrr/watchtower - env: true volumes: - /var/run/docker.sock:/var/run/docker.sock file: diff --git a/_ansible/roles/webdis/tasks/main.yml b/_ansible/roles/webdis/tasks/main.yml index 0628dfa..b151122 100644 --- a/_ansible/roles/webdis/tasks/main.yml +++ b/_ansible/roles/webdis/tasks/main.yml @@ -1,7 +1,12 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + - name: Deploy {{ svc.name }} - tags: - - webdis + vars: + svc: "{{ webdis_svc }}" + env: "{{ webdis_env }}" + compose: "{{ webdis_compose }}" block: - name: Import prepare tasks for common service ansible.builtin.import_tasks: tasks/prepare-common-service.yml diff --git a/_ansible/roles/webdis/vars/main.yml b/_ansible/roles/webdis/vars/main.yml index 67c721e..d32512f 100644 --- a/_ansible/roles/webdis/vars/main.yml +++ b/_ansible/roles/webdis/vars/main.yml @@ -1,10 +1,10 @@ --- -svc: +webdis_svc: name: webdis domain: webdis.huck.serguzim.me port: 7379 -compose: +webdis_compose: watchtower: true image: nicolas/webdis volumes: diff --git a/_ansible/roles/wiki-js/tasks/main.yml b/_ansible/roles/wiki-js/tasks/main.yml deleted file mode 100644 index 6d3db10..0000000 --- a/_ansible/roles/wiki-js/tasks/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Deploy {{ svc.name }} - tags: - - wiki-js - block: - - name: Import tasks to deploy common service - ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/wiki_js/tasks/main.yml b/_ansible/roles/wiki_js/tasks/main.yml new file mode 100644 index 0000000..a2b70d8 --- /dev/null +++ b/_ansible/roles/wiki_js/tasks/main.yml @@ -0,0 +1,12 @@ +--- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + +- name: Deploy {{ svc.name }} + vars: + svc: "{{ wiki_js_svc }}" + env: "{{ wiki_js_env }}" + compose: "{{ wiki_js_compose }}" + block: + - name: Import tasks to deploy common service + ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/wiki-js/vars/main.yml b/_ansible/roles/wiki_js/vars/main.yml similarity index 91% rename from _ansible/roles/wiki-js/vars/main.yml rename to _ansible/roles/wiki_js/vars/main.yml index 98659fb..eda7eaf 100644 --- a/_ansible/roles/wiki-js/vars/main.yml +++ b/_ansible/roles/wiki_js/vars/main.yml @@ -1,5 +1,5 @@ --- -svc: +wiki_js_svc: domain: wiki.serguzim.me name: wiki-js port: 3000 @@ -10,7 +10,7 @@ svc: pass: "{{ vault_wiki_js.db.pass }}" name: wikijs -svc_env: +wiki_js_env: DB_TYPE: postgres DB_HOST: "{{ svc.db.host }}" DB_PORT: "{{ svc.db.port }}" @@ -19,7 +19,6 @@ svc_env: DB_NAME: "{{ svc.db.name }}" DB_SSL: 1 -compose: +wiki_js_compose: watchtower: true image: requarks/wiki - env: true diff --git a/_ansible/roles/woodpecker/tasks/main.yml b/_ansible/roles/woodpecker/tasks/main.yml index b229204..dc6a26d 100644 --- a/_ansible/roles/woodpecker/tasks/main.yml +++ b/_ansible/roles/woodpecker/tasks/main.yml @@ -1,8 +1,12 @@ --- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + - name: Deploy {{ svc.name }} - tags: - - woodpecker - - ci + vars: + svc: "{{ woodpecker_svc }}" + env: "{{ woodpecker_env }}" + compose: "{{ woodpecker_compose }}" block: - name: Import tasks to deploy common service ansible.builtin.import_tasks: tasks/deploy-common-service.yml diff --git a/_ansible/roles/woodpecker/vars/main.yml b/_ansible/roles/woodpecker/vars/main.yml index d091d61..ddb85e1 100644 --- a/_ansible/roles/woodpecker/vars/main.yml +++ b/_ansible/roles/woodpecker/vars/main.yml @@ -1,5 +1,5 @@ --- -svc: +woodpecker_svc: domain: ci.serguzim.me name: woodpecker port: 8000 @@ -14,7 +14,7 @@ svc: user: "{{ vault_woodpecker.db.user }}" pass: "{{ vault_woodpecker.db.pass }}" -svc_env: +woodpecker_env: WOODPECKER_OPEN: true WOODPECKER_HOST: https://{{ svc.domain }} WOODPECKER_ADMIN: serguzim @@ -32,10 +32,9 @@ svc_env: WOODPECKER_DATABASE_DRIVER: postgres WOODPECKER_DATABASE_DATASOURCE: postgres://{{ svc.db.user }}:{{ svc.db.pass }}@{{ svc.db.host }}:{{ svc.db.port }}/{{ svc.db.database }}?sslmode=verify-full -compose: +woodpecker_compose: watchtower: true image: woodpeckerci/woodpecker-server - env: true file: services: agent: diff --git a/_ansible/tasks/prepare-common-service.yml b/_ansible/tasks/prepare-common-service.yml index e62f32d..ee588a9 100644 --- a/_ansible/tasks/prepare-common-service.yml +++ b/_ansible/tasks/prepare-common-service.yml @@ -4,8 +4,8 @@ - name: Import tasks to template docker compose file ansible.builtin.import_tasks: tasks/steps/template-docker-compose.yml - when: not no_compose|default(False) # TODO remove when fixing "var-naming[no-role-prefix]" + when: compose is defined - name: Import tasks create a service.env file ansible.builtin.import_tasks: tasks/steps/template-service-env.yml - when: compose.env|default(False) + when: env is defined diff --git a/_ansible/tasks/set-default-facts.yml b/_ansible/tasks/set-default-facts.yml new file mode 100644 index 0000000..cd5f2b9 --- /dev/null +++ b/_ansible/tasks/set-default-facts.yml @@ -0,0 +1,5 @@ +--- +- name: Set common facts + ansible.builtin.set_fact: + service_path: "{{ (services_path, role_name | replace('_', '-')) | path_join }}" + docker_force_recreate: "" diff --git a/_ansible/tasks/steps/create-service-directory.yml b/_ansible/tasks/steps/create-service-directory.yml index 54dbdd2..36b57ed 100644 --- a/_ansible/tasks/steps/create-service-directory.yml +++ b/_ansible/tasks/steps/create-service-directory.yml @@ -1,9 +1,4 @@ --- -- name: Set common facts - ansible.builtin.set_fact: - service_path: "{{ (services_path, svc.name) | path_join }}" - docker_force_recreate: "" - - name: Create a service directory ansible.builtin.file: path: "{{ service_path }}" diff --git a/_ansible/tasks/steps/template-site-config.yml b/_ansible/tasks/steps/template-site-config.yml index 2b2d6ee..2788a00 100644 --- a/_ansible/tasks/steps/template-site-config.yml +++ b/_ansible/tasks/steps/template-site-config.yml @@ -4,15 +4,9 @@ src: caddy_site.conf.j2 dest: "{{ (caddy_config_path, svc.domain + '.conf') | path_join }}" mode: "0644" - register: template_result + notify: + - Reload caddy - name: Register caddy site ansible.builtin.set_fact: managed_sites: "{{ managed_sites + [svc.domain + '.conf'] }}" - -- name: Reload caddy - ansible.builtin.command: - cmd: docker compose exec app sh -c "caddy validate --config /etc/caddy/Caddyfile && caddy reload --config /etc/caddy/Caddyfile" - chdir: "{{ caddy_path }}" - when: "'local-dev' != inventory_hostname" - changed_when: template_result.changed diff --git a/_ansible/templates/docker-compose.yml.j2 b/_ansible/templates/docker-compose.yml.j2 index 0a2d43a..b1e4db1 100644 --- a/_ansible/templates/docker-compose.yml.j2 +++ b/_ansible/templates/docker-compose.yml.j2 @@ -1,7 +1,7 @@ {%- set compose_file = compose.file | default({}) -%} {%- set compose_file = compose_file_main | combine(compose_file, recursive=True) -%} -{%- if compose.env | default(False) -%} +{%- if env is defined -%} {%- set compose_file = compose_file | combine(compose_file_env, recursive=True) -%} {%- endif -%} diff --git a/_ansible/templates/service.env.j2 b/_ansible/templates/service.env.j2 index 2a594f4..14aa0e4 100644 --- a/_ansible/templates/service.env.j2 +++ b/_ansible/templates/service.env.j2 @@ -1,3 +1,3 @@ -{% for key, value in svc_env.items() %} +{% for key, value in env.items() %} {{ key }}={{ value }} {% endfor %} diff --git a/_ansible/templates/service.yml.j2 b/_ansible/templates/service.yml.j2 index c927342..7654b9a 100644 --- a/_ansible/templates/service.yml.j2 +++ b/_ansible/templates/service.yml.j2 @@ -1 +1 @@ -{{ svc_yml | to_nice_yaml }} +{{ yml | to_nice_yaml }}