Refactor everything

_ansible/.ansible-lint

@@ -1,2 +0,0 @@
-skip_list:
-  - var-naming[no-role-prefix]

_ansible/local-dev.yml

@@ -7,6 +7,8 @@
 
   hosts: local-dev
   roles:
+    - common
+
     - acme-dns
     - coder
     - faas

_ansible/node001.yml

@@ -2,5 +2,9 @@
 - name: Run roles for node001
   hosts: node001
   roles:
-    - mailcow
+    - common
-    - minecraft-2
+
+    - role: mailcow
+      tags: [mailcow, mail, communication]
+    - role: minecraft_2
+      tags: [minecraft-2, minecraft, games]

_ansible/node002.yml

@@ -2,24 +2,47 @@
 - name: Run roles for node002
   hosts: node002
   roles:
-    - acme-dns
+    - common
-    - authentik
+
-    - coder
+    - role: acme_dns
-    - faas
+      tags: [acme-dns, certificates]
-    - forgejo
+    - role: authentik
-    - forgejo-runner
+      tags: [authentik, authentication]
-    - harbor
+    - role: coder
-    - healthcheck
+      tags: [coder, development]
-    - homebox
+    - role: faas
-    - influxdb
+      tags: [faas]
-    - jellyfin
+    - role: forgejo
-    - synapse
+      tags: [forgejo, git, development]
-    - tandoor
+    - role: forgejo_runner
-    - telegraf
+      tags: [forgejo-runner, ci, development]
-    - tinytinyrss
+    - role: harbor
-    - umami
+      tags: [harbor, registry, development]
-    - uptime-kuma
+    - role: healthcheck
-    - watchtower
+      tags: [healthcheck, monitoring]
-    - webdis
+    - role: homebox
-    - wiki-js
+      tags: [homebox, inventory]
-    - woodpecker
+    - role: influxdb
+      tags: [influxdb, sensors, monitoring]
+    - role: jellyfin
+      tags: [jellyfin, media]
+    - role: synapse
+      tags: [synapse, matrix, communication]
+    - role: tandoor
+      tags: [tandoor, recipes]
+    - role: telegraf
+      tags: [telegraf, monitoring]
+    - role: tinytinyrss
+      tags: [tinytinyrss, news]
+    - role: umami
+      tags: [umami, analytics]
+    - role: uptime_kuma
+      tags: [uptime-kuma, monitoring]
+    - role: watchtower
+      tags: [watchtower]
+    - role: webdis
+      tags: [webdis]
+    - role: wiki_js
+      tags: [wiki-js]
+    - role: woodpecker
+      tags: [woodpecker, ci, development]

_ansible/node003.yml

@@ -2,4 +2,7 @@
 - name: Run roles for node003
   hosts: node003
   roles:
-    - minio
+    - common
+
+    - role: minio
+      tags: [minio, storage]

_ansible/roles/acme_dns/tasks/main.yml

@@ -1,8 +1,12 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
 - name: Deploy {{ svc.name }}
-  tags:
+  vars:
-    - acme-dns
+    svc: "{{ acme_dns_svc }}"
-    - certificates
+    env: "{{ acme_dns_env }}"
+    compose: "{{ acme_dns_compose }}"
   block:
     - name: Import prepare tasks for common service
       ansible.builtin.import_tasks: tasks/prepare-common-service.yml

_ansible/roles/acme_dns/vars/main.yml

@@ -1,5 +1,5 @@
 ---
-svc:
+acme_dns_svc:
   domain: acme.serguzim.me
   name: acme-dns
   port: 80
@@ -13,7 +13,7 @@ svc:
     pass: "{{ vault_acmedns.db.pass }}"
     db: acme_dns
 
-compose:
+acme_dns_compose:
   watchtower: true
   monitoring: true
   image: joohoi/acme-dns

_ansible/roles/authentik/tasks/main.yml

@@ -1,8 +1,12 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
 - name: Deploy {{ svc.name }}
-  tags:
+  vars:
-    - authentik
+    svc: "{{ authentik_svc }}"
-    - authentication
+    env: "{{ authentik_env }}"
+    compose: "{{ authentik_compose }}"
   block:
     - name: Import tasks to deploy common service
       ansible.builtin.import_tasks: tasks/deploy-common-service.yml

_ansible/roles/authentik/vars/main.yml

@@ -1,5 +1,5 @@
 ---
-svc:
+authentik_svc:
   domain: auth.serguzim.me
   name: authentik
   port: 9000
@@ -10,7 +10,7 @@ svc:
     user: "{{ vault_authentik.db.user }}"
     pass: "{{ vault_authentik.db.pass }}"
 
-svc_env:
+authentik_env:
   AUTHENTIK_SECRET_KEY: "{{ vault_authentik.secret_key }}"
 
   AUTHENTIK_EMAIL__HOST: "{{ mailer.host }}"
@@ -31,10 +31,9 @@ svc_env:
   AUTHENTIK_POSTGRESQL__USER: "{{ svc.db.user }}"
   AUTHENTIK_POSTGRESQL__PASSWORD: "{{ svc.db.pass }}"
 
-compose:
+authentik_compose:
   watchtower: false
   image: ghcr.io/goauthentik/server:{{ svc.image_tag }}
-  env: true
   file:
     services:
       app:

_ansible/roles/caddy/tasks/main.yml

@@ -1,9 +1,13 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
+- name: Deploy {{ svc.name }}
+  vars:
+    svc: "{{ caddy_svc }}"
+    env: "{{ caddy_env }}"
+    compose: "{{ caddy_compose }}"
 - name: Deploy {{ svc.name }}
-  tags:
-    - caddy
-    - reverse_proxy
-    - webserver
   block:
     - name: Import tasks to deploy common service
       ansible.builtin.import_tasks: tasks/deploy-common-service.yml

_ansible/roles/coder/tasks/main.yml

@@ -1,7 +1,12 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
 - name: Deploy {{ svc.name }}
-  tags:
+  vars:
-    - coder
+    svc: "{{ coder_svc }}"
+    env: "{{ coder_env }}"
+    compose: "{{ coder_compose }}"
   block:
     - name: Import tasks to deploy common service
       ansible.builtin.import_tasks: tasks/deploy-common-service.yml

_ansible/roles/coder/vars/main.yml

@@ -1,5 +1,5 @@
 ---
-svc:
+coder_svc:
   domain: coder.serguzim.me
   additional_domains:
     - "*.coder.serguzim.me"
@@ -12,7 +12,7 @@ svc:
   ssh_port: 22
   ssh_port_alt: 3022
 
-svc_env:
+coder_env:
   CODER_ADDRESS: "0.0.0.0:7080"
   CODER_ACCESS_URL: https://{{ svc.domain }}
   CODER_WILDCARD_ACCESS_URL: "*.{{ svc.domain }}"
@@ -23,10 +23,9 @@ svc_env:
   CODER_OIDC_CLIENT_ID: "{{ vault_coder.oidc_client.id }}"
   CODER_OIDC_CLIENT_SECRET: "{{ vault_coder.oidc_client.secret }}"
 
-compose:
+coder_compose:
   watchtower: true
   image: ghcr.io/coder/coder:latest
-  env: true
   volumes:
     - /var/run/docker.sock:/var/run/docker.sock
   file:

_ansible/roles/common/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+- name: Reload caddy
+  ansible.builtin.command:
+    cmd: docker compose exec app sh -c "caddy validate --config /etc/caddy/Caddyfile && caddy reload --config /etc/caddy/Caddyfile"
+    chdir: "{{ caddy_path }}"
+  when: "'local-dev' != inventory_hostname"
+  changed_when: true

_ansible/roles/faas/tasks/main.yml

@@ -1,7 +1,10 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
 - name: Deploy {{ svc.name }}
-  tags:
+  vars:
-    - faas
+    svc: "{{ faas_svc }}"
   block:
     - name: Import tasks to template the site and functions for the reverse proxy
       ansible.builtin.import_tasks: tasks/steps/template-site-config.yml

_ansible/roles/faas/vars/main.yml

@@ -1,5 +1,5 @@
 ---
-svc:
+faas_svc:
   name: faas
   domain: faas.serguzim.me
   docker_host: host.docker.internal

_ansible/roles/forgejo/tasks/main.yml

@@ -1,8 +1,12 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
 - name: Deploy {{ svc.name }}
-  tags:
+  vars:
-    - forgejo
+    svc: "{{ forgejo_svc }}"
-    - git
+    env: "{{ forgejo_env }}"
+    compose: "{{ forgejo_compose }}"
   block:
     - name: Import tasks to deploy common service
       ansible.builtin.import_tasks: tasks/deploy-common-service.yml

_ansible/roles/forgejo/vars/main.yml

@@ -1,5 +1,5 @@
 ---
-svc:
+forgejo_svc:
   domain: git.serguzim.me
   name: forgejo
   port: 3000
@@ -10,7 +10,7 @@ svc:
   ssh_port: 22
   ssh_port_alt: 3022
 
-svc_env:
+forgejo_env:
   FORGEJO__database__DB_TYPE: postgres
   FORGEJO__database__HOST: "{{ svc.db.host }}:{{ svc.db.port }}"
   FORGEJO__database__NAME: forgejo
@@ -78,10 +78,9 @@ svc_env:
   FORGEJO__other__SHOW_FOOTER_VERSION: true
   FORGEJO__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
 
-compose:
+forgejo_compose:
   watchtower: true
   image: codeberg.org/forgejo/forgejo:1.21
-  env: true
   volumes:
     - data:/data
     - /etc/timezone:/etc/timezone:ro

_ansible/roles/forgejo_runner/tasks/main.yml

@@ -1,10 +1,12 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
 - name: Deploy {{ svc.name }}
-  tags:
+  vars:
-    - git
+    svc: "{{ forgejo_runner_svc }}"
-    - forgejo
+    env: "{{ forgejo_runner_env }}"
-    - ci
+    compose: "{{ forgejo_runner_compose }}"
-    - forgejo-runner
   block:
     - name: Import tasks to create service directory
       ansible.builtin.import_tasks: tasks/steps/create-service-directory.yml
@@ -20,11 +22,11 @@
     - name: Check if service.env already exists
       ansible.builtin.stat:
         path: "{{ (service_path, 'service.env') | path_join }}"
-      register: svc_env_file
+      register: env_file
 
     - name: Import tasks to prompt for the registration token
       ansible.builtin.import_tasks: tasks/prompt-registration-token.yml
-      when: not svc_env_file.stat.exists or force_forgejo_runner_registration | default(False)
+      when: not env_file.stat.exists or force_forgejo_runner_registration | default(False)
 
     - name: Import tasks create a service.env file
       ansible.builtin.import_tasks: tasks/steps/template-service-env.yml
@@ -36,5 +38,5 @@
         cmd: docker compose run --rm -it app sh -c
           'forgejo-runner register --no-interactive --token ${FORGEJO_RUNNER_REGISTRATION_TOKEN} --instance ${FORGEJO_INSTANCE_URL}'
         chdir: "{{ service_path }}"
-      when: not svc_env_file.stat.exists or force_forgejo_runner_registration | default(False)
+      when: not env_file.stat.exists or force_forgejo_runner_registration | default(False)
       changed_when: true # "when" checks enough. We are sure to change something here.

_ansible/roles/forgejo_runner/tasks/prompt-registration-token.yml

@@ -7,4 +7,4 @@
 
 - name: Put registration token into env vars
   ansible.builtin.set_fact:
-    svc_env: "{{ svc_env | combine({'FORGEJO_RUNNER_REGISTRATION_TOKEN': promt_registration_token.user_input}, recursive=True) }}"
+    forgejo_runner_env: "{{ forgejo_runner_env | combine({'FORGEJO_RUNNER_REGISTRATION_TOKEN': promt_registration_token.user_input}, recursive=True) }}"

_ansible/roles/forgejo_runner/vars/main.yml

@@ -1,16 +1,15 @@
 ---
-svc:
+forgejo_runner_svc:
   name: forgejo-runner
 
-svc_env:
+forgejo_runner_env:
   FORGEJO_INSTANCE_URL: https://git.serguzim.me/
   FORGEJO_RUNNER_REGISTRATION_TOKEN:
   DOCKER_HOST: tcp://docker-in-docker:2375
 
-compose:
+forgejo_runner_compose:
   watchtower: true
   image: code.forgejo.org/forgejo/runner:3.3.0
-  env: true
   volumes:
     - ./config.yml:/config/config.yml
     - data:/data

_ansible/roles/harbor/files/msrg.cc.log.config

@@ -1,22 +0,0 @@
-version: 1
-
-formatters:
-  precise:
-   format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
-
-handlers:
-  console:
-    class: logging.StreamHandler
-    formatter: precise
-
-loggers:
-    synapse.storage.SQL:
-        # beware: increasing this to DEBUG will make synapse log sensitive
-        # information such as access tokens.
-        level: INFO
-
-root:
-    level: INFO
-    handlers: [console]
-
-disable_existing_loggers: false

_ansible/roles/harbor/tasks/main.yml

@@ -1,8 +1,12 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
 - name: Deploy {{ svc.name }}
-  tags:
+  vars:
-    - harbor
+    svc: "{{ harbor_svc }}"
-    - registry
+    env: "{{ harbor_env }}"
+    yml: "{{ harbor_yml }}"
   block:
     - name: Import prepare tasks for common service
       ansible.builtin.import_tasks: tasks/prepare-common-service.yml

_ansible/roles/harbor/vars/main.yml

@@ -1,16 +1,21 @@
 ---
-svc_ports:
+harbor_port_http: 20080
-  http: 20080
+harbor_port_https: 20443
-  https: 20443
+harbor_port_metrics: 29000
-  metrics: 29000
 
-svc:
+harbor_db_host: "{{ postgres.host }}"
+harbor_db_port: "{{ postgres.port }}"
+harbor_db_database: harbor
+harbor_db_user: "{{ vault_harbor.db.user }}"
+harbor_db_pass: "{{ vault_harbor.db.pass }}"
+harbor_version: 2.9.0
+
+harbor_svc:
   name: harbor
-  no_compose: true # TODO remove when fixing "var-naming[no-role-prefix]"
   domain: registry.serguzim.me
   caddy_extra: |
-    reverse_proxy /metrics host.docker.internal:{{ svc_ports.metrics }}
+    reverse_proxy /metrics host.docker.internal:{{ harbor_port_metrics }}
-    reverse_proxy host.docker.internal:{{ svc_ports.https }} {
+    reverse_proxy host.docker.internal:{{ harbor_port_https }} {
         transport http {
             tls
             tls_server_name registry.serguzim.me
@@ -25,12 +30,12 @@ svc:
     pass: "{{ vault_harbor.db.pass }}"
   harbor_version: 2.9.0
 
-svc_yml:
+harbor_yml:
-  hostname: "{{ svc.domain }}"
+  hostname: "{{ harbor_svc.domain }}"
   http:
-    port: "{{ svc_ports.http }}"
+    port: "{{ harbor_port_http }}"
   https:
-    port: "{{ svc_ports.https }}"
+    port: "{{ harbor_port_https }}"
     certificate: /opt/services/.lego/certificates/registry.serguzim.me.crt
     private_key: /opt/services/.lego/certificates/registry.serguzim.me.key
   external_url: https://registry.serguzim.me
@@ -65,14 +70,14 @@ svc_yml:
       rotate_count: 50
       rotate_size: 200M
       location: /var/log/harbor
-  _version: "{{ svc.harbor_version }}"
+  _version: "{{ harbor_version }}"
   external_database:
     harbor:
-      host: "{{ svc.db.host }}"
+      host: "{{ harbor_db_host }}"
-      port: "{{ svc.db.port }}"
+      port: "{{ harbor_db_port }}"
-      db_name: "{{ svc.db.database }}"
+      db_name: "{{ harbor_db_database }}"
-      username: "{{ svc.db.user }}"
+      username: "{{ harbor_db_user }}"
-      password: "{{ svc.db.pass }}"
+      password: "{{ harbor_db_pass }}"
       ssl_mode: verify-full
       max_idle_conns: 2
       max_open_conns: 0
@@ -86,7 +91,7 @@ svc_yml:
       - trivy
   metric:
     enabled: enabled
-    port: "{{ svc_ports.metrics }}"
+    port: "{{ harbor_port_metrics }}"
     path: /metrics
   upload_purging:
     enabled: true

_ansible/roles/healthcheck/tasks/main.yml

@@ -1,7 +1,12 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
 - name: Deploy {{ svc.name }}
-  tags:
+  vars:
-    - healthcheck
+    svc: "{{ healthcheck_svc }}"
+    env: "{{ healthcheck_env }}"
+    compose: "{{ healthcheck_compose }}"
   block:
     - name: Import tasks to create service directory
       ansible.builtin.import_tasks: tasks/steps/create-service-directory.yml

_ansible/roles/healthcheck/vars/main.yml

@@ -1,8 +1,8 @@
 ---
-svc:
+healthcheck_svc:
   name: healthcheck
 
-svc_env:
+healthcheck_env:
   USER_AGENT: healthcheck-bot for serguzim.net
 
   HTTP_HC_UID: "{{ vault_healthcheck.hc_uid.http }}"

_ansible/roles/homebox/tasks/main.yml

@@ -1,8 +1,12 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
 - name: Deploy {{ svc.name }}
-  tags:
+  vars:
-    - homebox
+    svc: "{{ homebox_svc }}"
-    - inventory
+    env: "{{ homebox_env }}"
+    compose: "{{ homebox_compose }}"
   block:
     - name: Import tasks to deploy common service
       ansible.builtin.import_tasks: tasks/deploy-common-service.yml

_ansible/roles/homebox/vars/main.yml

@@ -1,10 +1,10 @@
 ---
-svc:
+homebox_svc:
   domain: inventory.serguzim.me
   name: homebox
   port: 7745
 
-svc_env:
+homebox_env:
   HBOX_OPTIONS_ALLOW_REGISTRATION: false
   HBOX_MAILER_HOST: mail.serguzim.me
   HBOX_MAILER_PORT: 587
@@ -13,10 +13,9 @@ svc_env:
   HBOX_MAILER_FROM: Homebox <inventory@serguzim.me>
   HBOX_SWAGGER_SCHEMA: https
 
-compose:
+homebox_compose:
   watchtower: true
   image: ghcr.io/hay-kot/homebox:latest-rootless
-  env: true
   volumes:
     - data:/data
   file:

_ansible/roles/influxdb/tasks/main.yml

@@ -1,8 +1,13 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
 - name: Deploy {{ svc.name }}
-  tags:
+  vars:
-    - influxdb
+    svc: "{{ influxdb_svc }}"
-    - sensors
+    env: "{{ influxdb_env }}"
+    compose: "{{ influxdb_compose }}"
+    yml: "{{ influxdb_yml }}"
   block:
     - name: Import prepare tasks for common service
       ansible.builtin.import_tasks: tasks/prepare-common-service.yml

_ansible/roles/influxdb/vars/main.yml

@@ -1,11 +1,11 @@
 ---
-svc:
+influxdb_svc:
   domain: tick.serguzim.me
   name: influxdb
   port: 8086
   data_dir: /var/lib/influxdb2
 
-svc_yml:
+influxdb_yml:
   assets-path: ""
   bolt-path: "{{ (svc.data_dir, 'influxd.bolt') | path_join }}"
   e2e-testing: false
@@ -62,7 +62,7 @@ svc_yml:
   vault-tls-server-name: ""
   vault-token: ""
 
-compose:
+influxdb_compose:
   watchtower: false
   image: influxdb:2.7
   volumes:

_ansible/roles/jellyfin/tasks/main.yml

@@ -1,8 +1,12 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
 - name: Deploy {{ svc.name }}
-  tags:
+  vars:
-    - jellyfin
+    svc: "{{ jellyfin_svc }}"
-    - media
+    env: "{{ jellyfin_env }}"
+    compose: "{{ jellyfin_compose }}"
   block:
     - name: Import tasks to deploy common service
       ansible.builtin.import_tasks: tasks/deploy-common-service.yml

_ansible/roles/jellyfin/vars/main.yml

@@ -1,5 +1,5 @@
 ---
-svc:
+jellyfin_svc:
   domain: media.serguzim.me
   name: jellyfin
   port: 8096
@@ -7,13 +7,12 @@ svc:
     host: "{{ postgres.host }}"
     port: "{{ postgres.port }}"
 
-svc_env:
+jellyfin_env:
   JELLYFIN_PublishedServerUrl: https://{{ svc.domain }}
 
-compose:
+jellyfin_compose:
   watchtower: true
   image: jellyfin/jellyfin
-  env: true
   volumes:
     - config:/config
     - cache:/cache

_ansible/roles/mailcow/tasks/main.yml

@@ -1,8 +1,10 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
 - name: Deploy {{ svc.name }}
-  tags:
+  vars:
-    - mailcow
+    svc: "{{ mailcow_svc }}"
-    - email
   block:
     - name: Import tasks to template the site for the reverse proxy
       ansible.builtin.import_tasks: tasks/steps/template-site-config.yml

_ansible/roles/mailcow/vars/main.yml

@@ -1,5 +1,5 @@
 ---
-svc:
+mailcow_svc:
   name: mailcow
   domain: mail.serguzim.me
   docker_host: host.docker.internal

_ansible/roles/minecraft-2/tasks/main.yml

@@ -1,9 +0,0 @@
----
-- name: Deploy {{ svc.name }}
-  tags:
-    - minecraft-2
-    - minecraft
-    - games
-  block:
-    - name: Import tasks to deploy common service
-      ansible.builtin.import_tasks: tasks/deploy-common-service.yml

_ansible/roles/minecraft_2/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
+- name: Deploy {{ svc.name }}
+  vars:
+    svc: "{{ minecraft_2_svc }}"
+    env: "{{ minecraft_2_env }}"
+    compose: "{{ minecraft_2_compose }}"
+  block:
+    - name: Import tasks to deploy common service
+      ansible.builtin.import_tasks: tasks/deploy-common-service.yml

_ansible/roles/minecraft_2/vars/main.yml

@@ -1,8 +1,8 @@
 ---
-svc:
+minecraft_2_svc:
   name: minecraft-2
 
-svc_env:
+minecraft_2_env:
   ALLOW_FLIGHT: true
   ALLOW_NETHER: true
   ANNOUNCE_PLAYER_ACHIEVEMENTS: true
@@ -54,10 +54,9 @@ svc_env:
   VIEW_DISTANCE: 10
   WHITELIST: "{{ vault_minecraft_2.whitelist }}"
 
-compose:
+minecraft_2_compose:
   watchtower: false
   image: itzg/minecraft-server
-  env: true
   volumes:
     - data:/data
   file:

_ansible/roles/minio/tasks/main.yml

@@ -1,8 +1,12 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
 - name: Deploy {{ svc.name }}
-  tags:
+  vars:
-    - minio
+    svc: "{{ minio_svc }}"
-    - storage
+    env: "{{ minio_env }}"
+    compose: "{{ minio_compose }}"
   block:
     - name: Import tasks to deploy common service
       ansible.builtin.import_tasks: tasks/deploy-common-service.yml

_ansible/roles/minio/vars/main.yml

@@ -1,5 +1,5 @@
 ---
-svc:
+minio_svc:
   domain: s3.serguzim.me
   name: minio
   port: 9000
@@ -13,7 +13,7 @@ svc:
       docker_host: minio
       port: 9001
 
-svc_env:
+minio_env:
   MINIO_SERVER_URL: https://{{ svc.domain }}/
   MINIO_BROWSER_REDIRECT_URL: https://console.{{ svc.domain }}
   MINIO_VOLUMES: /data
@@ -21,10 +21,9 @@ svc_env:
   MINIO_ROOT_USER: "{{ vault_minio.user }}"
   MINIO_ROOT_PASSWORD: "{{ vault_minio.pass }}"
 
-compose:
+minio_compose:
   watchtower: true
   image: minio/minio
-  env: true
   volumes:
     - data:/data
   file:

_ansible/roles/synapse/tasks/main.yml

@@ -1,8 +1,13 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
 - name: Deploy {{ svc.name }}
-  tags:
+  vars:
-    - synapse
+    svc: "{{ synapse_svc }}"
-    - matrix
+    env: "{{ synapse_env }}"
+    compose: "{{ synapse_compose }}"
+    yml: "{{ synapse_yml }}"
   block:
     - name: Import prepare tasks for common service
       ansible.builtin.import_tasks: tasks/prepare-common-service.yml

_ansible/roles/synapse/vars/main.yml

@@ -1,5 +1,5 @@
 ---
-svc:
+synapse_svc:
   name: synapse
   domain: matrix.msrg.cc
   docker_host: synapse-admin
@@ -26,11 +26,11 @@ svc:
     pass: "{{ vault_synapse.db.pass }}"
   config_path: config
 
-svc_env:
+synapse_env:
   SYNAPSE_CONFIG_PATH: "{{ ('/', svc.config_path) | path_join }}"
   REACT_APP_SERVER: https://matrix.msrg.cc
 
-svc_yml:
+synapse_yml:
   server_name: msrg.cc
   pid_file: "{{ (svc.config_path, 'homeserver.pid') | path_join }}"
   public_baseurl: https://matrix.msrg.cc/
@@ -102,10 +102,9 @@ svc_yml:
     require_transport_security: true
     notif_from: Matrix <matrix@serguzim.me>
 
-compose:
+synapse_compose:
   watchtower: true
-  env: true
+  image: ghcr.io/matrix-org/synapse:v1.98.0
-  image: ghcr.io/matrix-org/synapse
   volumes:
     - ./config:/config
     - media_store:/media_store

_ansible/roles/tandoor/tasks/main.yml

@@ -1,8 +1,12 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
 - name: Deploy {{ svc.name }}
-  tags:
+  vars:
-    - tandoor
+    svc: "{{ tandoor_svc }}"
-    - recipies
+    env: "{{ tandoor_env }}"
+    compose: "{{ tandoor_compose }}"
   block:
     - name: Import tasks to deploy common service
       ansible.builtin.import_tasks: tasks/deploy-common-service.yml

_ansible/roles/tandoor/vars/main.yml

@@ -1,5 +1,5 @@
 ---
-svc:
+tandoor_svc:
   domain: recipes.serguzim.me
   name: tandoor
   port: 80
@@ -10,7 +10,7 @@ svc:
     user: "{{ vault_tandoor.db.user }}"
     pass: "{{ vault_tandoor.db.pass }}"
 
-svc_env:
+tandoor_env:
   DEBUG: 0
   SQL_DEBUG: 0
 
@@ -35,10 +35,9 @@ svc_env:
   SOCIAL_DEFAULT_ACCESS: 1
   SOCIAL_DEFAULT_GROUP: guest
 
-compose:
+tandoor_compose:
   watchtower: true
   image: nginx:mainline-alpine
-  env: true
   volumes:
     - nginx_config:/etc/nginx/conf.d:ro
     - staticfiles:/static

_ansible/roles/telegraf/tasks/main.yml

@@ -1,8 +1,12 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
 - name: Deploy {{ svc.name }}
-  tags:
+  vars:
-    - telegraf
+    svc: "{{ telegraf_svc }}"
-    - monitoring
+    env: "{{ telegraf_env }}"
+    compose: "{{ telegraf_compose }}"
   block:
     - name: Import prepare tasks for common service
       ansible.builtin.import_tasks: tasks/prepare-common-service.yml

_ansible/roles/telegraf/vars/main.yml

@@ -1,5 +1,5 @@
 ---
-svc:
+telegraf_svc:
   name: telegraf
   influxdb:
     url: https://tick.serguzim.me
@@ -21,26 +21,9 @@ svc:
     database: telegraf
   docker_log:
     endpoint: unix:///var/run/docker.sock
-    # from_beginning: false
-    # timeout: "5s"
-
-    # container_name_include: []
-    # container_name_exclude: []
-
-    # docker_label_include: []
-    # docker_label_exclude: []
-
-    ## Set the source tag for the metrics to the container ID hostname, eg first 12 chars
     source_tag: false
 
-## Optional TLS Config
+telegraf_compose:
-# tls_ca: "/etc/telegraf/ca.pem"
-# tls_cert: "/etc/telegraf/cert.pem"
-# tls_key: "/etc/telegraf/key.pem"
-## Use TLS but skip chain & host verification
-# insecure_skip_verify: false
-
-compose:
   watchtower: false
   image: telegraf:1.28
   volumes:

_ansible/roles/tinytinyrss/tasks/main.yml

@@ -1,9 +1,12 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
 - name: Deploy {{ svc.name }}
-  tags:
+  vars:
-    - tinytinyrss
+    svc: "{{ tinytinyrss_svc }}"
-    - tt-rss
+    env: "{{ tinytinyrss_env }}"
-    - news
+    compose: "{{ tinytinyrss_compose }}"
   block:
     - name: Import prepare tasks for common service
       ansible.builtin.import_tasks: tasks/prepare-common-service.yml

_ansible/roles/tinytinyrss/vars/main.yml

@@ -1,5 +1,5 @@
 ---
-svc:
+tinytinyrss_svc:
   domain: rss.serguzim.me
   name: tinytinyrss
   port: 80
@@ -10,7 +10,7 @@ svc:
     user: "{{ vault_tinytinyrss.db.user }}"
     pass: "{{ vault_tinytinyrss.db.pass }}"
 
-svc_env:
+tinytinyrss_env:
   TTRSS_DB_TYPE: pgsql
   TTRSS_DB_HOST: "{{ svc.db.host }}"
   TTRSS_DB_NAME: "{{ svc.db.database }}"
@@ -19,10 +19,9 @@ svc_env:
 
   TTRSS_SELF_URL_PATH: https://{{ svc.domain }}/tt-rss/
 
-compose:
+tinytinyrss_compose:
   watchtower: false
   image: cthulhoo/ttrss-web-nginx
-  env: true
   volumes:
     - app:/var/www/html:ro
     - ./nginx.conf:/etc/nginx/nginx.conf

_ansible/roles/umami/tasks/main.yml

@@ -1,8 +1,12 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
 - name: Deploy {{ svc.name }}
-  tags:
+  vars:
-    - umami
+    svc: "{{ umami_svc }}"
-    - analytics
+    env: "{{ umami_env }}"
+    compose: "{{ umami_compose }}"
   block:
     - name: Import tasks to deploy common service
       ansible.builtin.import_tasks: tasks/deploy-common-service.yml

_ansible/roles/umami/vars/main.yml

@@ -1,21 +1,24 @@
 ---
-svc:
+umami_db_host: "{{ postgres.host }}"
+umami_db_user: "{{ vault_umami.db.user }}"
+umami_db_pass: "{{ vault_umami.db.pass }}"
+umami_db_database: umami
+
+umami_hash_salt: "{{ vault_umami.hash_salt }}"
+
+umami_docker_image: docker.umami.dev/umami-software/umami:postgresql-latest
+
+umami_svc:
   domain: analytics.serguzim.me
   name: umami
   port: 3000
-  db:
-    host: "{{ postgres.host }}"
-    user: "{{ vault_umami.db.user }}"
-    pass: "{{ vault_umami.db.pass }}"
-    db: umami
 
-svc_env:
+umami_env:
-  DATABASE_URL: postgres://{{ svc.db.user }}:{{ svc.db.pass }}@{{ svc.db.host }}/{{ svc.db.db }}
+  DATABASE_URL: postgres://{{ umami_db_user }}:{{ umami_db_pass }}@{{ umami_db_host }}/{{ umami_db_database }}
   DATABASE_TYPE: postgresql
   FORCE_SSL: 1
-  HASH_SALT: "{{ vault_umami.hash_salt }}"
+  HASH_SALT: "{{ umami_hash_salt }}"
 
-compose:
+umami_compose:
   watchtower: true
-  image: docker.umami.dev/umami-software/umami:postgresql-latest
+  image: "{{ umami_docker_image }}"
-  env: true

_ansible/roles/uptime-kuma/tasks/main.yml

@@ -1,8 +0,0 @@
----
-- name: Deploy {{ svc.name }}
-  tags:
-    - uptime-kuma
-    - status
-  block:
-    - name: Import tasks to deploy common service
-      ansible.builtin.import_tasks: tasks/deploy-common-service.yml

_ansible/roles/uptime_kuma/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
+- name: Deploy {{ svc.name }}
+  vars:
+    svc: "{{ uptime_kuma_svc }}"
+    env: "{{ uptime_kuma_env }}"
+    compose: "{{ uptime_kuma_compose }}"
+  block:
+    - name: Import tasks to deploy common service
+      ansible.builtin.import_tasks: tasks/deploy-common-service.yml

_ansible/roles/uptime_kuma/vars/main.yml

@@ -1,12 +1,12 @@
 ---
-svc:
+uptime_kuma_svc:
   domain: status.serguzim.me
   additional_domains:
     - status.serguzim.net
   name: uptime-kuma
   port: 3001
 
-compose:
+uptime_kuma_compose:
   watchtower: true
   image: louislam/uptime-kuma:1
   volumes:

_ansible/roles/watchtower/tasks/main.yml

@@ -1,8 +1,12 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
 - name: Deploy {{ svc.name }}
-  tags:
+  vars:
-    - watchtower
+    svc: "{{ watchtower_svc }}"
-    - container
+    env: "{{ watchtower_env }}"
+    compose: "{{ watchtower_compose }}"
   block:
     - name: Import tasks to deploy common service
       ansible.builtin.import_tasks: tasks/deploy-common-service.yml

_ansible/roles/watchtower/vars/main.yml

@@ -1,8 +1,8 @@
 ---
-svc:
+watchtower_svc:
   name: watchtower
 
-svc_env:
+watchtower_env:
   WATCHTOWER_LABEL_ENABLE: true
   WATCHTOWER_CLEANUP: true
   WATCHTOWER_SCHEDULE: "0 27 20 * * *"
@@ -16,10 +16,9 @@ svc_env:
   WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD: "{{ vault_watchtower.mailer.pass }}"
   WATCHTOWER_NOTIFICATION_EMAIL_DELAY: 5
 
-compose:
+watchtower_compose:
   watchtower: false
   image: containrrr/watchtower
-  env: true
   volumes:
     - /var/run/docker.sock:/var/run/docker.sock
   file:

_ansible/roles/webdis/tasks/main.yml

@@ -1,7 +1,12 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
 - name: Deploy {{ svc.name }}
-  tags:
+  vars:
-    - webdis
+    svc: "{{ webdis_svc }}"
+    env: "{{ webdis_env }}"
+    compose: "{{ webdis_compose }}"
   block:
     - name: Import prepare tasks for common service
       ansible.builtin.import_tasks: tasks/prepare-common-service.yml

_ansible/roles/webdis/vars/main.yml

@@ -1,10 +1,10 @@
 ---
-svc:
+webdis_svc:
   name: webdis
   domain: webdis.huck.serguzim.me
   port: 7379
 
-compose:
+webdis_compose:
   watchtower: true
   image: nicolas/webdis
   volumes:

_ansible/roles/wiki-js/tasks/main.yml

@@ -1,7 +0,0 @@
----
-- name: Deploy {{ svc.name }}
-  tags:
-    - wiki-js
-  block:
-    - name: Import tasks to deploy common service
-      ansible.builtin.import_tasks: tasks/deploy-common-service.yml

_ansible/roles/wiki_js/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
+- name: Deploy {{ svc.name }}
+  vars:
+    svc: "{{ wiki_js_svc }}"
+    env: "{{ wiki_js_env }}"
+    compose: "{{ wiki_js_compose }}"
+  block:
+    - name: Import tasks to deploy common service
+      ansible.builtin.import_tasks: tasks/deploy-common-service.yml

_ansible/roles/wiki_js/vars/main.yml

@@ -1,5 +1,5 @@
 ---
-svc:
+wiki_js_svc:
   domain: wiki.serguzim.me
   name: wiki-js
   port: 3000
@@ -10,7 +10,7 @@ svc:
     pass: "{{ vault_wiki_js.db.pass }}"
     name: wikijs
 
-svc_env:
+wiki_js_env:
   DB_TYPE: postgres
   DB_HOST: "{{ svc.db.host }}"
   DB_PORT: "{{ svc.db.port }}"
@@ -19,7 +19,6 @@ svc_env:
   DB_NAME: "{{ svc.db.name }}"
   DB_SSL: 1
 
-compose:
+wiki_js_compose:
   watchtower: true
   image: requarks/wiki
-  env: true

_ansible/roles/woodpecker/tasks/main.yml

@@ -1,8 +1,12 @@
 ---
+- name: Set common facts
+  ansible.builtin.import_tasks: tasks/set-default-facts.yml
+
 - name: Deploy {{ svc.name }}
-  tags:
+  vars:
-    - woodpecker
+    svc: "{{ woodpecker_svc }}"
-    - ci
+    env: "{{ woodpecker_env }}"
+    compose: "{{ woodpecker_compose }}"
   block:
     - name: Import tasks to deploy common service
       ansible.builtin.import_tasks: tasks/deploy-common-service.yml

_ansible/roles/woodpecker/vars/main.yml

@@ -1,5 +1,5 @@
 ---
-svc:
+woodpecker_svc:
   domain: ci.serguzim.me
   name: woodpecker
   port: 8000
@@ -14,7 +14,7 @@ svc:
     user: "{{ vault_woodpecker.db.user }}"
     pass: "{{ vault_woodpecker.db.pass }}"
 
-svc_env:
+woodpecker_env:
   WOODPECKER_OPEN: true
   WOODPECKER_HOST: https://{{ svc.domain }}
   WOODPECKER_ADMIN: serguzim
@@ -32,10 +32,9 @@ svc_env:
   WOODPECKER_DATABASE_DRIVER: postgres
   WOODPECKER_DATABASE_DATASOURCE: postgres://{{ svc.db.user }}:{{ svc.db.pass }}@{{ svc.db.host }}:{{ svc.db.port }}/{{ svc.db.database }}?sslmode=verify-full
 
-compose:
+woodpecker_compose:
   watchtower: true
   image: woodpeckerci/woodpecker-server
-  env: true
   file:
     services:
       agent:

_ansible/tasks/prepare-common-service.yml

@@ -4,8 +4,8 @@
 
 - name: Import tasks to template docker compose file
   ansible.builtin.import_tasks: tasks/steps/template-docker-compose.yml
-  when: not no_compose|default(False) # TODO remove when fixing "var-naming[no-role-prefix]"
+  when: compose is defined
 
 - name: Import tasks create a service.env file
   ansible.builtin.import_tasks: tasks/steps/template-service-env.yml
-  when: compose.env|default(False)
+  when: env is defined

_ansible/tasks/set-default-facts.yml

@@ -0,0 +1,5 @@
+---
+- name: Set common facts
+  ansible.builtin.set_fact:
+    service_path: "{{ (services_path, role_name | replace('_', '-')) | path_join }}"
+    docker_force_recreate: ""

_ansible/tasks/steps/create-service-directory.yml

@@ -1,9 +1,4 @@
 ---
-- name: Set common facts
-  ansible.builtin.set_fact:
-    service_path: "{{ (services_path, svc.name) | path_join }}"
-    docker_force_recreate: ""
-
 - name: Create a service directory
   ansible.builtin.file:
     path: "{{ service_path }}"

_ansible/tasks/steps/template-site-config.yml

@@ -4,15 +4,9 @@
     src: caddy_site.conf.j2
     dest: "{{ (caddy_config_path, svc.domain + '.conf') | path_join }}"
     mode: "0644"
-  register: template_result
+  notify:
+    - Reload caddy
 
 - name: Register caddy site
   ansible.builtin.set_fact:
     managed_sites: "{{ managed_sites + [svc.domain + '.conf'] }}"
-
-- name: Reload caddy
-  ansible.builtin.command:
-    cmd: docker compose exec app sh -c "caddy validate --config /etc/caddy/Caddyfile && caddy reload --config /etc/caddy/Caddyfile"
-    chdir: "{{ caddy_path }}"
-  when: "'local-dev' != inventory_hostname"
-  changed_when: template_result.changed

_ansible/templates/docker-compose.yml.j2

@@ -1,7 +1,7 @@
 {%- set compose_file = compose.file | default({}) -%}
 {%- set compose_file = compose_file_main | combine(compose_file, recursive=True) -%}
 
-{%- if compose.env | default(False) -%}
+{%- if env is defined -%}
     {%- set compose_file = compose_file | combine(compose_file_env, recursive=True) -%}
 {%- endif -%}
 

_ansible/templates/service.env.j2

@@ -1,3 +1,3 @@
-{% for key, value in svc_env.items() %}
+{% for key, value in env.items() %}
 {{ key }}={{ value }}
 {% endfor %}

_ansible/templates/service.yml.j2

@@ -1 +1 @@
-{{ svc_yml | to_nice_yaml }}
+{{ yml | to_nice_yaml }}