From 40742e32142d5477d8f5dd3ddb9a46ac12368e5b Mon Sep 17 00:00:00 2001 From: Tobias Reisinger Date: Sat, 16 Dec 2023 02:25:14 +0100 Subject: [PATCH] Move _ansible directory into main directory --- .gitignore | 48 +---------- .pre-commit-config.yaml | 2 +- _ansible/README.md => README.md | 0 _ansible/.gitignore | 2 - _ansible/inventory/host_vars/node002/main.yml | 2 - _utils/cert-basic.sh | 2 +- _ansible/ansible.cfg => ansible.cfg | 0 backup/.env | 8 -- backup/.gitignore | 2 - backup/backup.service | 4 - backup/backup.sh | 65 -------------- filter_plugins/map_backup_volumes.py | 24 ++++++ .../group_vars/all/compose_defaults.yml | 0 .../group_vars/all/main.yml | 0 .../host_vars/node001/main.yml | 0 inventory/host_vars/node002/main.yml | 13 +++ .../host_vars/node003/main.yml | 0 .../inventory => inventory}/serguzim.net.yml | 0 _ansible/local-dev.yml => local-dev.yml | 5 +- _ansible/node001.yml => node001.yml | 0 _ansible/node002.yml => node002.yml | 2 + _ansible/node003.yml => node003.yml | 0 .../roles => roles}/acme_dns/tasks/main.yml | 0 .../acme_dns/templates/config.cfg.j2 | 0 .../roles => roles}/acme_dns/vars/main.yml | 0 .../roles => roles}/authentik/tasks/main.yml | 0 .../roles => roles}/authentik/vars/main.yml | 0 {backup => roles/backup/files}/Dockerfile | 0 {backup => roles/backup/files}/backup.timer | 0 .../backup/files}/docker-compose.yml | 3 +- roles/backup/files/node001/mailcow.sh | 3 + roles/backup/files/node002/postgres.sh | 14 ++++ roles/backup/tasks/main.yml | 84 +++++++++++++++++++ roles/backup/templates/backup.service.j2 | 4 + roles/backup/templates/backup.sh.j2 | 50 +++++++++++ roles/backup/vars/main.yml | 28 +++++++ .../roles => roles}/caddy/defaults/main.yml | 0 .../roles => roles}/caddy/files/Dockerfile | 0 .../roles => roles}/caddy/files/snippets | 0 .../roles => roles}/caddy/tasks/main.yml | 0 .../caddy/templates/Caddyfile.j2 | 0 {_ansible/roles => roles}/caddy/vars/main.yml | 0 .../roles => roles}/coder/tasks/main.yml | 0 {_ansible/roles => roles}/coder/vars/main.yml | 0 .../roles => roles}/common/handlers/main.yml | 0 .../extra_services/tasks/main.yml | 0 .../extra_services/vars/main.yml | 0 {_ansible/roles => roles}/faas/tasks/main.yml | 0 {_ansible/roles => roles}/faas/vars/main.yml | 0 .../roles => roles}/forgejo/tasks/main.yml | 0 .../roles => roles}/forgejo/vars/main.yml | 0 .../forgejo_runner/files/config.yml | 0 .../forgejo_runner/tasks/main.yml | 0 .../tasks/prompt-registration-token.yml | 0 .../forgejo_runner/vars/main.yml | 0 .../roles => roles}/harbor/tasks/main.yml | 0 .../roles => roles}/harbor/vars/main.yml | 4 +- .../healthcheck/files/Dockerfile | 0 .../healthcheck/files/data/http | 2 +- .../healthcheck/files/data/mail | 0 .../files/data/mailcheck.template.mail | 0 .../healthcheck/files/data/matrix | 0 .../healthcheck/files/data/template.msmtprc | 0 .../healthcheck/files/docker-compose.yml | 0 .../healthcheck/files/healthcheck@.service | 2 +- .../healthcheck/files/healthcheck@.timer | 0 .../healthcheck/tasks/main.yml | 8 ++ .../roles => roles}/healthcheck/vars/main.yml | 4 + .../roles => roles}/homebox/tasks/main.yml | 0 .../roles => roles}/homebox/vars/main.yml | 0 .../roles => roles}/influxdb/tasks/main.yml | 0 .../roles => roles}/influxdb/vars/main.yml | 0 .../roles => roles}/jellyfin/tasks/main.yml | 0 .../roles => roles}/jellyfin/vars/main.yml | 0 .../roles => roles}/mailcow/tasks/main.yml | 0 .../roles => roles}/mailcow/vars/main.yml | 0 .../minecraft_2/tasks/main.yml | 0 .../roles => roles}/minecraft_2/vars/main.yml | 0 .../roles => roles}/minio/tasks/main.yml | 0 {_ansible/roles => roles}/minio/vars/main.yml | 0 .../reitanlage_oranienburg/tasks/main.yml | 0 .../reitanlage_oranienburg/vars/main.yml | 0 .../synapse/files/msrg.cc.log.config | 0 .../roles => roles}/synapse/tasks/main.yml | 0 .../roles => roles}/synapse/vars/main.yml | 0 .../roles => roles}/tandoor/tasks/main.yml | 0 .../roles => roles}/tandoor/vars/main.yml | 0 .../roles => roles}/telegraf/tasks/main.yml | 0 .../telegraf/templates/telegraf.conf.j2 | 0 .../roles => roles}/telegraf/vars/main.yml | 0 .../tinytinyrss/files/nginx.conf | 0 .../tinytinyrss/tasks/main.yml | 0 .../roles => roles}/tinytinyrss/vars/main.yml | 0 .../roles => roles}/umami/tasks/main.yml | 0 {_ansible/roles => roles}/umami/vars/main.yml | 0 .../uptime_kuma/tasks/main.yml | 0 .../roles => roles}/uptime_kuma/vars/main.yml | 0 .../watchtower/files/run-once.sh | 0 .../roles => roles}/watchtower/tasks/main.yml | 0 .../roles => roles}/watchtower/vars/main.yml | 0 .../roles => roles}/webdis/files/webdis.json | 0 .../roles => roles}/webdis/tasks/main.yml | 0 .../roles => roles}/webdis/vars/main.yml | 0 .../webhook/files/teamspeak-fallback-db | 0 .../roles => roles}/webhook/tasks/main.yml | 0 .../roles => roles}/webhook/vars/main.yml | 0 .../roles => roles}/wiki_js/tasks/main.yml | 0 .../roles => roles}/wiki_js/vars/main.yml | 0 .../roles => roles}/woodpecker/tasks/main.yml | 0 .../roles => roles}/woodpecker/vars/main.yml | 0 _ansible/serguzim.net.yml => serguzim.net.yml | 0 .../tasks => tasks}/deploy-common-service.yml | 0 .../prepare-common-service.yml | 0 .../tasks => tasks}/set-default-facts.yml | 0 .../tasks => tasks}/start-common-service.yml | 0 .../steps/create-service-directory.yml | 0 .../tasks => tasks}/steps/start-service.yml | 0 .../steps/template-docker-compose.yml | 0 .../steps/template-service-env.yml | 2 +- .../steps/template-site-config.yml | 0 .../caddy_site.conf.j2 | 0 .../docker-compose.yml.j2 | 0 .../templates => templates}/service.env.j2 | 0 .../templates => templates}/service.yml.j2 | 0 124 files changed, 246 insertions(+), 141 deletions(-) rename _ansible/README.md => README.md (100%) delete mode 100644 _ansible/.gitignore delete mode 100644 _ansible/inventory/host_vars/node002/main.yml rename _ansible/ansible.cfg => ansible.cfg (100%) delete mode 100644 backup/.env delete mode 100644 backup/.gitignore delete mode 100644 backup/backup.service delete mode 100755 backup/backup.sh create mode 100644 filter_plugins/map_backup_volumes.py rename {_ansible/inventory => inventory}/group_vars/all/compose_defaults.yml (100%) rename {_ansible/inventory => inventory}/group_vars/all/main.yml (100%) rename {_ansible/inventory => inventory}/host_vars/node001/main.yml (100%) create mode 100644 inventory/host_vars/node002/main.yml rename {_ansible/inventory => inventory}/host_vars/node003/main.yml (100%) rename {_ansible/inventory => inventory}/serguzim.net.yml (100%) rename _ansible/local-dev.yml => local-dev.yml (73%) rename _ansible/node001.yml => node001.yml (100%) rename _ansible/node002.yml => node002.yml (97%) rename _ansible/node003.yml => node003.yml (100%) rename {_ansible/roles => roles}/acme_dns/tasks/main.yml (100%) rename {_ansible/roles => roles}/acme_dns/templates/config.cfg.j2 (100%) rename {_ansible/roles => roles}/acme_dns/vars/main.yml (100%) rename {_ansible/roles => roles}/authentik/tasks/main.yml (100%) rename {_ansible/roles => roles}/authentik/vars/main.yml (100%) rename {backup => roles/backup/files}/Dockerfile (100%) rename {backup => roles/backup/files}/backup.timer (100%) rename {backup => roles/backup/files}/docker-compose.yml (95%) create mode 100755 roles/backup/files/node001/mailcow.sh create mode 100755 roles/backup/files/node002/postgres.sh create mode 100644 roles/backup/tasks/main.yml create mode 100644 roles/backup/templates/backup.service.j2 create mode 100755 roles/backup/templates/backup.sh.j2 create mode 100644 roles/backup/vars/main.yml rename {_ansible/roles => roles}/caddy/defaults/main.yml (100%) rename {_ansible/roles => roles}/caddy/files/Dockerfile (100%) rename {_ansible/roles => roles}/caddy/files/snippets (100%) rename {_ansible/roles => roles}/caddy/tasks/main.yml (100%) rename {_ansible/roles => roles}/caddy/templates/Caddyfile.j2 (100%) rename {_ansible/roles => roles}/caddy/vars/main.yml (100%) rename {_ansible/roles => roles}/coder/tasks/main.yml (100%) rename {_ansible/roles => roles}/coder/vars/main.yml (100%) rename {_ansible/roles => roles}/common/handlers/main.yml (100%) rename {_ansible/roles => roles}/extra_services/tasks/main.yml (100%) rename {_ansible/roles => roles}/extra_services/vars/main.yml (100%) rename {_ansible/roles => roles}/faas/tasks/main.yml (100%) rename {_ansible/roles => roles}/faas/vars/main.yml (100%) rename {_ansible/roles => roles}/forgejo/tasks/main.yml (100%) rename {_ansible/roles => roles}/forgejo/vars/main.yml (100%) rename {_ansible/roles => roles}/forgejo_runner/files/config.yml (100%) rename {_ansible/roles => roles}/forgejo_runner/tasks/main.yml (100%) rename {_ansible/roles => roles}/forgejo_runner/tasks/prompt-registration-token.yml (100%) rename {_ansible/roles => roles}/forgejo_runner/vars/main.yml (100%) rename {_ansible/roles => roles}/harbor/tasks/main.yml (100%) rename {_ansible/roles => roles}/harbor/vars/main.yml (98%) rename {_ansible/roles => roles}/healthcheck/files/Dockerfile (100%) rename {_ansible/roles => roles}/healthcheck/files/data/http (96%) rename {_ansible/roles => roles}/healthcheck/files/data/mail (100%) rename {_ansible/roles => roles}/healthcheck/files/data/mailcheck.template.mail (100%) rename {_ansible/roles => roles}/healthcheck/files/data/matrix (100%) rename {_ansible/roles => roles}/healthcheck/files/data/template.msmtprc (100%) rename {_ansible/roles => roles}/healthcheck/files/docker-compose.yml (100%) rename {_ansible/roles => roles}/healthcheck/files/healthcheck@.service (61%) rename {_ansible/roles => roles}/healthcheck/files/healthcheck@.timer (100%) rename {_ansible/roles => roles}/healthcheck/tasks/main.yml (86%) rename {_ansible/roles => roles}/healthcheck/vars/main.yml (93%) rename {_ansible/roles => roles}/homebox/tasks/main.yml (100%) rename {_ansible/roles => roles}/homebox/vars/main.yml (100%) rename {_ansible/roles => roles}/influxdb/tasks/main.yml (100%) rename {_ansible/roles => roles}/influxdb/vars/main.yml (100%) rename {_ansible/roles => roles}/jellyfin/tasks/main.yml (100%) rename {_ansible/roles => roles}/jellyfin/vars/main.yml (100%) rename {_ansible/roles => roles}/mailcow/tasks/main.yml (100%) rename {_ansible/roles => roles}/mailcow/vars/main.yml (100%) rename {_ansible/roles => roles}/minecraft_2/tasks/main.yml (100%) rename {_ansible/roles => roles}/minecraft_2/vars/main.yml (100%) rename {_ansible/roles => roles}/minio/tasks/main.yml (100%) rename {_ansible/roles => roles}/minio/vars/main.yml (100%) rename {_ansible/roles => roles}/reitanlage_oranienburg/tasks/main.yml (100%) rename {_ansible/roles => roles}/reitanlage_oranienburg/vars/main.yml (100%) rename {_ansible/roles => roles}/synapse/files/msrg.cc.log.config (100%) rename {_ansible/roles => roles}/synapse/tasks/main.yml (100%) rename {_ansible/roles => roles}/synapse/vars/main.yml (100%) rename {_ansible/roles => roles}/tandoor/tasks/main.yml (100%) rename {_ansible/roles => roles}/tandoor/vars/main.yml (100%) rename {_ansible/roles => roles}/telegraf/tasks/main.yml (100%) rename {_ansible/roles => roles}/telegraf/templates/telegraf.conf.j2 (100%) rename {_ansible/roles => roles}/telegraf/vars/main.yml (100%) rename {_ansible/roles => roles}/tinytinyrss/files/nginx.conf (100%) rename {_ansible/roles => roles}/tinytinyrss/tasks/main.yml (100%) rename {_ansible/roles => roles}/tinytinyrss/vars/main.yml (100%) rename {_ansible/roles => roles}/umami/tasks/main.yml (100%) rename {_ansible/roles => roles}/umami/vars/main.yml (100%) rename {_ansible/roles => roles}/uptime_kuma/tasks/main.yml (100%) rename {_ansible/roles => roles}/uptime_kuma/vars/main.yml (100%) rename {_ansible/roles => roles}/watchtower/files/run-once.sh (100%) rename {_ansible/roles => roles}/watchtower/tasks/main.yml (100%) rename {_ansible/roles => roles}/watchtower/vars/main.yml (100%) rename {_ansible/roles => roles}/webdis/files/webdis.json (100%) rename {_ansible/roles => roles}/webdis/tasks/main.yml (100%) rename {_ansible/roles => roles}/webdis/vars/main.yml (100%) rename {_ansible/roles => roles}/webhook/files/teamspeak-fallback-db (100%) rename {_ansible/roles => roles}/webhook/tasks/main.yml (100%) rename {_ansible/roles => roles}/webhook/vars/main.yml (100%) rename {_ansible/roles => roles}/wiki_js/tasks/main.yml (100%) rename {_ansible/roles => roles}/wiki_js/vars/main.yml (100%) rename {_ansible/roles => roles}/woodpecker/tasks/main.yml (100%) rename {_ansible/roles => roles}/woodpecker/vars/main.yml (100%) rename _ansible/serguzim.net.yml => serguzim.net.yml (100%) rename {_ansible/tasks => tasks}/deploy-common-service.yml (100%) rename {_ansible/tasks => tasks}/prepare-common-service.yml (100%) rename {_ansible/tasks => tasks}/set-default-facts.yml (100%) rename {_ansible/tasks => tasks}/start-common-service.yml (100%) rename {_ansible/tasks => tasks}/steps/create-service-directory.yml (100%) rename {_ansible/tasks => tasks}/steps/start-service.yml (100%) rename {_ansible/tasks => tasks}/steps/template-docker-compose.yml (100%) rename {_ansible/tasks => tasks}/steps/template-service-env.yml (89%) rename {_ansible/tasks => tasks}/steps/template-site-config.yml (100%) rename {_ansible/templates => templates}/caddy_site.conf.j2 (100%) rename {_ansible/templates => templates}/docker-compose.yml.j2 (100%) rename {_ansible/templates => templates}/service.env.j2 (100%) rename {_ansible/templates => templates}/service.yml.j2 (100%) diff --git a/.gitignore b/.gitignore index 8ed339f..9848765 100644 --- a/.gitignore +++ b/.gitignore @@ -1,47 +1 @@ -*.secret.env - -.lego/ - -# services already handled by ansible -/acme-dns/ -/authentik/ -/coder/ -/forgejo/ -/forgejo-runner/ -/gitea/ -/gitea-runner/ -/harbor/ -/healthcheck/ -/homebox/ -/influxdb/ -/jellyfin/ -/minecraft-2/ -/minio/ -/synapse/ -/tandoor/ -/telegraf/ -/tinytinyrss/ -/umami/ -/uptime-kuma/ -/watchtower/ -/webdis/ -/wiki-js/ -/woodpecker/ - -/caddy/config/conf.002.d/acme.serguzim.me.conf -/caddy/config/conf.002.d/auth.serguzim.me.conf -/caddy/config/conf.002.d/analytics.serguzim.me.conf -/caddy/config/conf.002.d/ci.serguzim.me.conf -/caddy/config/conf.002.d/coder.serguzim.me.conf -/caddy/config/conf.002.d/faas.serguzim.me.conf -/caddy/config/conf.002.d/git.serguzim.me.conf -/caddy/config/conf.002.d/inventory.serguzim.me.conf -/caddy/config/conf.002.d/matrix.msrg.cc.conf -/caddy/config/conf.002.d/media.serguzim.me.conf -/caddy/config/conf.002.d/recipes.serguzim.me.conf -/caddy/config/conf.002.d/registry.serguzim.me.conf -/caddy/config/conf.002.d/rss.serguzim.me.conf -/caddy/config/conf.002.d/status.serguzim.me.conf -/caddy/config/conf.002.d/tick.serguzim.me.conf -/caddy/config/conf.002.d/webdis.huck.serguzim.me.conf -/caddy/config/conf.002.d/wiki.serguzim.me.conf +inventory/group_vars/all/serguzim.net.yml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index c67ce61..36f7309 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -4,4 +4,4 @@ repos: hooks: - id: ansible-lint args: - - _ansible/serguzim.net.yml + - serguzim.net.yml diff --git a/_ansible/README.md b/README.md similarity index 100% rename from _ansible/README.md rename to README.md diff --git a/_ansible/.gitignore b/_ansible/.gitignore deleted file mode 100644 index ba61754..0000000 --- a/_ansible/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -.vault_pass -inventory/group_vars/all/serguzim.net.yml diff --git a/_ansible/inventory/host_vars/node002/main.yml b/_ansible/inventory/host_vars/node002/main.yml deleted file mode 100644 index deb76c9..0000000 --- a/_ansible/inventory/host_vars/node002/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -ansible_port: "{{ vault_node002.ansible_port }}" -ansible_user: "{{ vault_node002.ansible_user }}" diff --git a/_utils/cert-basic.sh b/_utils/cert-basic.sh index 31a7a5c..37af774 100755 --- a/_utils/cert-basic.sh +++ b/_utils/cert-basic.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -LEGO_WORKING_PATH="/opt/services/.lego/" +export LEGO_WORKING_PATH="/opt/lego/" set -e diff --git a/_ansible/ansible.cfg b/ansible.cfg similarity index 100% rename from _ansible/ansible.cfg rename to ansible.cfg diff --git a/backup/.env b/backup/.env deleted file mode 100644 index ab7f857..0000000 --- a/backup/.env +++ /dev/null @@ -1,8 +0,0 @@ -HC_UID= -UPTIME_KUMA_TOKEN= - -RESTIC_REPOSITORY= -RESTIC_PASSWORD= - -AWS_ACCESS_KEY_ID= -AWS_SECRET_ACCESS_KEY= diff --git a/backup/.gitignore b/backup/.gitignore deleted file mode 100644 index 07ee4a4..0000000 --- a/backup/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -/mailcheck.mail -/msmtprc diff --git a/backup/backup.service b/backup/backup.service deleted file mode 100644 index 2abfcc9..0000000 --- a/backup/backup.service +++ /dev/null @@ -1,4 +0,0 @@ -[Service] -Type=oneshot -ExecStart=/opt/services/backup/backup.sh -WorkingDirectory=/opt/services/backup/ diff --git a/backup/backup.sh b/backup/backup.sh deleted file mode 100755 index 2580614..0000000 --- a/backup/backup.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/usr/bin/env sh - -set -e - -set -a -. "/opt/services/backup/.env" -. "/opt/services/backup/.secret.env" -set +a - -hc_url="https://hc-ping.com/$HC_UID" - -curl -fsSL --retry 3 "$hc_url/start" >/dev/null -duration_start=$(date +%s) - -BACKUP_LOCATION="/tmp/backup-misc" - -rm -rf "$BACKUP_LOCATION" -mkdir -p "$BACKUP_LOCATION" -cd "$BACKUP_LOCATION" || exit - -_hc_fail () { - curl -fsSL --retry 3 "$hc_url/fail" - exit 1 -} - -_backup_prepare_postgres () { - mkdir -p "$BACKUP_LOCATION/postgres" - cd "$BACKUP_LOCATION/postgres" || exit - - postgres_tables=$(sudo -u postgres psql -Atc "SELECT datname FROM pg_database WHERE datistemplate = false;") - - for i in $postgres_tables - do - echo "dumping $i" - sudo -u postgres pg_dump "$i" | gzip >"pg_dump_$i.gz" - echo "done with $i" - echo "" - done - - echo "dumping all" - sudo -u postgres pg_dumpall | gzip >"pg_dumpall.gz" -} - -_backup_prepare_mailcow () { - export MAILCOW_BACKUP_LOCATION="$BACKUP_LOCATION/mailcow" - mkdir -p "$MAILCOW_BACKUP_LOCATION" - /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh \ - backup all --delete-days 3 -} - -echo "" -echo "preparing postgres" -time _backup_prepare_postgres >/tmp/backup-postgres.log || _hc_fail -echo "" -echo "preparing mailcow" -time _backup_prepare_mailcow >/tmp/backup-mailcow.log || _hc_fail - -cd /opt/services/backup/ -docker compose run --rm backup || _hc_fail - -duration_end=$(date +%s) -curl -fsSL --retry 3 "$hc_url" - -duration=$((duration_end - duration_start)) -curl -fsSL --retry 3 "https://status.serguzim.me/api/push/$UPTIME_KUMA_TOKEN?status=up&msg=OK&ping=${duration}000" diff --git a/filter_plugins/map_backup_volumes.py b/filter_plugins/map_backup_volumes.py new file mode 100644 index 0000000..77c1fbc --- /dev/null +++ b/filter_plugins/map_backup_volumes.py @@ -0,0 +1,24 @@ +class FilterModule(object): + def filters(self): + return { + 'map_backup_volumes': self.map_backup_volumes, + 'map_backup_volumes_service': self.map_backup_volumes_service + } + + def map_backup_volumes(self, volumes): + result = {} + + for volume in volumes: + result[volume] = { + "external": True, + } + + return result + + def map_backup_volumes_service(self, volumes): + result = [] + + for volume in volumes: + result.append("{volume_name}:/backup/volumes/{volume_name}".format(volume_name=volume)) + + return result diff --git a/_ansible/inventory/group_vars/all/compose_defaults.yml b/inventory/group_vars/all/compose_defaults.yml similarity index 100% rename from _ansible/inventory/group_vars/all/compose_defaults.yml rename to inventory/group_vars/all/compose_defaults.yml diff --git a/_ansible/inventory/group_vars/all/main.yml b/inventory/group_vars/all/main.yml similarity index 100% rename from _ansible/inventory/group_vars/all/main.yml rename to inventory/group_vars/all/main.yml diff --git a/_ansible/inventory/host_vars/node001/main.yml b/inventory/host_vars/node001/main.yml similarity index 100% rename from _ansible/inventory/host_vars/node001/main.yml rename to inventory/host_vars/node001/main.yml diff --git a/inventory/host_vars/node002/main.yml b/inventory/host_vars/node002/main.yml new file mode 100644 index 0000000..a6f2ce1 --- /dev/null +++ b/inventory/host_vars/node002/main.yml @@ -0,0 +1,13 @@ +ansible_port: "{{ vault_node002.ansible_port }}" +ansible_user: "{{ vault_node002.ansible_user }}" +host_backup: + backup: + hc_uid: "{{ vault_node002.backup.hc_uid }}" + uptime_kuma_token: "{{ vault_node002.backup.uptime_kuma_token }}" + volumes: + - gitea_data + - influxdb_data + - reitanlage-oranienburg_data + - synapse_media_store + - tandoor_mediafiles + diff --git a/_ansible/inventory/host_vars/node003/main.yml b/inventory/host_vars/node003/main.yml similarity index 100% rename from _ansible/inventory/host_vars/node003/main.yml rename to inventory/host_vars/node003/main.yml diff --git a/_ansible/inventory/serguzim.net.yml b/inventory/serguzim.net.yml similarity index 100% rename from _ansible/inventory/serguzim.net.yml rename to inventory/serguzim.net.yml diff --git a/_ansible/local-dev.yml b/local-dev.yml similarity index 73% rename from _ansible/local-dev.yml rename to local-dev.yml index ec1e6a7..80afd91 100644 --- a/_ansible/local-dev.yml +++ b/local-dev.yml @@ -1,8 +1,9 @@ --- - name: Run roles for local-dev vars: - # Remove _ansible and inventory - services_path: "{{ inventory_dir.split('/')[0:-2] | join('/') }}" + # Remove inventory + base_path: "{{ inventory_dir.split('/')[0:-1] | join('/') }}" + services_path: "{{ (base_path, '_services') | path_join }}" caddy_config_path: "{{ (services_path, 'caddy', 'config', 'conf.d') | path_join }}" hosts: local-dev diff --git a/_ansible/node001.yml b/node001.yml similarity index 100% rename from _ansible/node001.yml rename to node001.yml diff --git a/_ansible/node002.yml b/node002.yml similarity index 97% rename from _ansible/node002.yml rename to node002.yml index 7857ff7..b607ac7 100644 --- a/_ansible/node002.yml +++ b/node002.yml @@ -4,6 +4,8 @@ roles: - role: common tags: [always] + - role: backup + tags: [backup] - role: caddy tags: [caddy, reverse-proxy, webserver] vars: diff --git a/_ansible/node003.yml b/node003.yml similarity index 100% rename from _ansible/node003.yml rename to node003.yml diff --git a/_ansible/roles/acme_dns/tasks/main.yml b/roles/acme_dns/tasks/main.yml similarity index 100% rename from _ansible/roles/acme_dns/tasks/main.yml rename to roles/acme_dns/tasks/main.yml diff --git a/_ansible/roles/acme_dns/templates/config.cfg.j2 b/roles/acme_dns/templates/config.cfg.j2 similarity index 100% rename from _ansible/roles/acme_dns/templates/config.cfg.j2 rename to roles/acme_dns/templates/config.cfg.j2 diff --git a/_ansible/roles/acme_dns/vars/main.yml b/roles/acme_dns/vars/main.yml similarity index 100% rename from _ansible/roles/acme_dns/vars/main.yml rename to roles/acme_dns/vars/main.yml diff --git a/_ansible/roles/authentik/tasks/main.yml b/roles/authentik/tasks/main.yml similarity index 100% rename from _ansible/roles/authentik/tasks/main.yml rename to roles/authentik/tasks/main.yml diff --git a/_ansible/roles/authentik/vars/main.yml b/roles/authentik/vars/main.yml similarity index 100% rename from _ansible/roles/authentik/vars/main.yml rename to roles/authentik/vars/main.yml diff --git a/backup/Dockerfile b/roles/backup/files/Dockerfile similarity index 100% rename from backup/Dockerfile rename to roles/backup/files/Dockerfile diff --git a/backup/backup.timer b/roles/backup/files/backup.timer similarity index 100% rename from backup/backup.timer rename to roles/backup/files/backup.timer diff --git a/backup/docker-compose.yml b/roles/backup/files/docker-compose.yml similarity index 95% rename from backup/docker-compose.yml rename to roles/backup/files/docker-compose.yml index dc33d9d..c891542 100644 --- a/backup/docker-compose.yml +++ b/roles/backup/files/docker-compose.yml @@ -7,8 +7,7 @@ services: image: backup restart: never env_file: - - .env - - .secret.env + - service.env volumes: - /tmp/backup-misc:/backup/misc - gitea_data:/backup/volumes/gitea_data diff --git a/roles/backup/files/node001/mailcow.sh b/roles/backup/files/node001/mailcow.sh new file mode 100755 index 0000000..30a110f --- /dev/null +++ b/roles/backup/files/node001/mailcow.sh @@ -0,0 +1,3 @@ +export MAILCOW_BACKUP_LOCATION="$BACKUP_LOCATION/mailcow" +mkdir -p "$MAILCOW_BACKUP_LOCATION" +/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all diff --git a/roles/backup/files/node002/postgres.sh b/roles/backup/files/node002/postgres.sh new file mode 100755 index 0000000..a114704 --- /dev/null +++ b/roles/backup/files/node002/postgres.sh @@ -0,0 +1,14 @@ +mkdir -p "$BACKUP_LOCATION/postgres" +cd "$BACKUP_LOCATION/postgres" || exit + +postgres_tables=$(sudo -u postgres psql -Atc "SELECT datname FROM pg_database WHERE datistemplate = false;") + +for i in $postgres_tables +do + printf "dumping %s ..." "$i" + sudo -u postgres pg_dump "$i" | gzip >"pg_dump_$i.gz" + echo " done" +done + +echo "dumping all" +sudo -u postgres pg_dumpall | gzip >"pg_dumpall.gz" diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml new file mode 100644 index 0000000..0223c22 --- /dev/null +++ b/roles/backup/tasks/main.yml @@ -0,0 +1,84 @@ +--- +- name: Set common facts + ansible.builtin.import_tasks: tasks/set-default-facts.yml + +- name: Deploy {{ svc.name }} + vars: + svc: "{{ backup_svc }}" + env: "{{ backup_env }}" + compose: "{{ backup_compose }}" + block: + - name: Import prepare tasks for common service + ansible.builtin.import_tasks: tasks/prepare-common-service.yml + + - name: Copy the Dockerfile + ansible.builtin.copy: + src: Dockerfile + dest: "{{ (service_path, 'Dockerfile') | path_join }}" + mode: "0644" + register: cmd_result + + - name: Set the docker rebuild flag + ansible.builtin.set_fact: + docker_rebuild: true + when: cmd_result.changed # noqa: no-handler We need to handle the restart per service. Handlers don't support variables. + + - name: Set backup.d path + ansible.builtin.set_fact: + backup_d_path: "{{ (service_path, 'backup.d') | path_join }}" + + - name: Create backup.d directory + ansible.builtin.file: + path: "{{ backup_d_path }}" + state: directory + mode: "0755" + + - name: Copy the additional backup scripts + ansible.builtin.copy: + src: "{{ item }}" + dest: "{{ backup_d_path }}" + mode: "0755" + with_fileglob: + - "{{ ansible_facts.hostname }}/*" + + - name: Copy the main backup scripts + ansible.builtin.template: + src: "backup.sh.j2" + dest: "{{ (service_path, 'backup.sh') | path_join }}" + mode: "0755" + + - name: Copy the system service + ansible.builtin.template: + src: backup.service.j2 + dest: /etc/systemd/system/backup.service + mode: "0644" + become: true + - name: Copy the system timer + ansible.builtin.copy: + src: backup.timer + dest: /etc/systemd/system/backup.timer + mode: "0644" + become: true + - name: Enable the system timer + ansible.builtin.systemd_service: + name: backup.timer + state: started + enabled: true + daemon_reload: true + become: true + + - name: Import tasks create a service.env file + ansible.builtin.import_tasks: tasks/steps/template-service-env.yml + + - name: Build service + ansible.builtin.command: + cmd: docker compose build --pull + chdir: "{{ service_path }}" + register: cmd_result + changed_when: true # TODO + + - name: Verify service + ansible.builtin.command: + cmd: docker compose run --rm app check + chdir: "{{ service_path }}" + changed_when: false diff --git a/roles/backup/templates/backup.service.j2 b/roles/backup/templates/backup.service.j2 new file mode 100644 index 0000000..a0e75d7 --- /dev/null +++ b/roles/backup/templates/backup.service.j2 @@ -0,0 +1,4 @@ +[Service] +Type=oneshot +ExecStart={{ service_path }}/backup.sh +WorkingDirectory={{ service_path }} diff --git a/roles/backup/templates/backup.sh.j2 b/roles/backup/templates/backup.sh.j2 new file mode 100755 index 0000000..e2ba0b3 --- /dev/null +++ b/roles/backup/templates/backup.sh.j2 @@ -0,0 +1,50 @@ +#!/usr/bin/env bash + +set -e + +set -a +. "{{ service_path }}/service.env" +set +a + +hc_url="https://hc-ping.com/$HC_UID" +_hc_ping () { + curl -fsSL --retry 3 "$hc_url$1" >/dev/null +} + +_hc_fail () { + _hc_ping "/fail" + exit 1 +} + +_hc_ping "/start" +duration_start=$(date +%s) + +BACKUP_LOCATION="$(mktemp -d)" +export BACKUP_LOCATION +cd "$BACKUP_LOCATION" || exit + +shopt -s nullglob +for file in "{{ service_path }}/backup.d/"* +do + echo "" + echo "running $file" + time "$file" || _hc_fail +done || true + +cd "{{ service_path }}" +docker compose run --rm -v "$BACKUP_LOCATION:/backup/misc" app backup /backup || _hc_fail + +duration_end=$(date +%s) +_hc_ping + +duration=$((duration_end - duration_start)) +curl -fsSL --retry 3 "https://status.serguzim.me/api/push/$UPTIME_KUMA_TOKEN?status=up&msg=OK&ping=${duration}000" + +rm -rf "$BACKUP_LOCATION" + +echo "forgetting old backups for $(hostname)" +docker compose run --rm app forget --host "$(hostname)" --prune \ + --keep-daily 14 \ + --keep-weekly 28 \ + --keep-monthly 12 \ + --keep-yearly 2 diff --git a/roles/backup/vars/main.yml b/roles/backup/vars/main.yml new file mode 100644 index 0000000..a9abca8 --- /dev/null +++ b/roles/backup/vars/main.yml @@ -0,0 +1,28 @@ +--- +backup_svc: + name: backup + +backup_volumes_service: "{{ host_backup.backup.volumes | map_backup_volumes_service }}" + +backup_env: + HC_UID: "{{ host_backup.backup.hc_uid }}" + UPTIME_KUMA_TOKEN: "{{ host_backup.backup.uptime_kuma_token }}" + + RESTIC_REPOSITORY: "{{ vault_backup.restic.repository }}" + RESTIC_PASSWORD: "{{ vault_backup.restic.password }}" + + AWS_ACCESS_KEY_ID: "{{ vault_backup.aws_secret.key_id }}" + AWS_SECRET_ACCESS_KEY: "{{ vault_backup.aws_secret.access_key }}" + +backup_compose: + watchtower: false + image: backup + volumes: "{{ backup_volumes_service }}" + file: + services: + app: + build: + context: . + restart: never + hostname: "{{ ansible_facts.hostname }}" + volumes: "{{ host_backup.backup.volumes | map_backup_volumes }}" diff --git a/_ansible/roles/caddy/defaults/main.yml b/roles/caddy/defaults/main.yml similarity index 100% rename from _ansible/roles/caddy/defaults/main.yml rename to roles/caddy/defaults/main.yml diff --git a/_ansible/roles/caddy/files/Dockerfile b/roles/caddy/files/Dockerfile similarity index 100% rename from _ansible/roles/caddy/files/Dockerfile rename to roles/caddy/files/Dockerfile diff --git a/_ansible/roles/caddy/files/snippets b/roles/caddy/files/snippets similarity index 100% rename from _ansible/roles/caddy/files/snippets rename to roles/caddy/files/snippets diff --git a/_ansible/roles/caddy/tasks/main.yml b/roles/caddy/tasks/main.yml similarity index 100% rename from _ansible/roles/caddy/tasks/main.yml rename to roles/caddy/tasks/main.yml diff --git a/_ansible/roles/caddy/templates/Caddyfile.j2 b/roles/caddy/templates/Caddyfile.j2 similarity index 100% rename from _ansible/roles/caddy/templates/Caddyfile.j2 rename to roles/caddy/templates/Caddyfile.j2 diff --git a/_ansible/roles/caddy/vars/main.yml b/roles/caddy/vars/main.yml similarity index 100% rename from _ansible/roles/caddy/vars/main.yml rename to roles/caddy/vars/main.yml diff --git a/_ansible/roles/coder/tasks/main.yml b/roles/coder/tasks/main.yml similarity index 100% rename from _ansible/roles/coder/tasks/main.yml rename to roles/coder/tasks/main.yml diff --git a/_ansible/roles/coder/vars/main.yml b/roles/coder/vars/main.yml similarity index 100% rename from _ansible/roles/coder/vars/main.yml rename to roles/coder/vars/main.yml diff --git a/_ansible/roles/common/handlers/main.yml b/roles/common/handlers/main.yml similarity index 100% rename from _ansible/roles/common/handlers/main.yml rename to roles/common/handlers/main.yml diff --git a/_ansible/roles/extra_services/tasks/main.yml b/roles/extra_services/tasks/main.yml similarity index 100% rename from _ansible/roles/extra_services/tasks/main.yml rename to roles/extra_services/tasks/main.yml diff --git a/_ansible/roles/extra_services/vars/main.yml b/roles/extra_services/vars/main.yml similarity index 100% rename from _ansible/roles/extra_services/vars/main.yml rename to roles/extra_services/vars/main.yml diff --git a/_ansible/roles/faas/tasks/main.yml b/roles/faas/tasks/main.yml similarity index 100% rename from _ansible/roles/faas/tasks/main.yml rename to roles/faas/tasks/main.yml diff --git a/_ansible/roles/faas/vars/main.yml b/roles/faas/vars/main.yml similarity index 100% rename from _ansible/roles/faas/vars/main.yml rename to roles/faas/vars/main.yml diff --git a/_ansible/roles/forgejo/tasks/main.yml b/roles/forgejo/tasks/main.yml similarity index 100% rename from _ansible/roles/forgejo/tasks/main.yml rename to roles/forgejo/tasks/main.yml diff --git a/_ansible/roles/forgejo/vars/main.yml b/roles/forgejo/vars/main.yml similarity index 100% rename from _ansible/roles/forgejo/vars/main.yml rename to roles/forgejo/vars/main.yml diff --git a/_ansible/roles/forgejo_runner/files/config.yml b/roles/forgejo_runner/files/config.yml similarity index 100% rename from _ansible/roles/forgejo_runner/files/config.yml rename to roles/forgejo_runner/files/config.yml diff --git a/_ansible/roles/forgejo_runner/tasks/main.yml b/roles/forgejo_runner/tasks/main.yml similarity index 100% rename from _ansible/roles/forgejo_runner/tasks/main.yml rename to roles/forgejo_runner/tasks/main.yml diff --git a/_ansible/roles/forgejo_runner/tasks/prompt-registration-token.yml b/roles/forgejo_runner/tasks/prompt-registration-token.yml similarity index 100% rename from _ansible/roles/forgejo_runner/tasks/prompt-registration-token.yml rename to roles/forgejo_runner/tasks/prompt-registration-token.yml diff --git a/_ansible/roles/forgejo_runner/vars/main.yml b/roles/forgejo_runner/vars/main.yml similarity index 100% rename from _ansible/roles/forgejo_runner/vars/main.yml rename to roles/forgejo_runner/vars/main.yml diff --git a/_ansible/roles/harbor/tasks/main.yml b/roles/harbor/tasks/main.yml similarity index 100% rename from _ansible/roles/harbor/tasks/main.yml rename to roles/harbor/tasks/main.yml diff --git a/_ansible/roles/harbor/vars/main.yml b/roles/harbor/vars/main.yml similarity index 98% rename from _ansible/roles/harbor/vars/main.yml rename to roles/harbor/vars/main.yml index ea9fbb2..608fa6d 100644 --- a/_ansible/roles/harbor/vars/main.yml +++ b/roles/harbor/vars/main.yml @@ -36,8 +36,8 @@ harbor_yml: port: "{{ harbor_port_http }}" https: port: "{{ harbor_port_https }}" - certificate: /opt/services/.lego/certificates/registry.serguzim.me.crt - private_key: /opt/services/.lego/certificates/registry.serguzim.me.key + certificate: /opt/services/.lego/certificates/registry.serguzim.me.crt # TODO + private_key: /opt/services/.lego/certificates/registry.serguzim.me.key # TODO external_url: https://registry.serguzim.me harbor_admin_password: "{{ vault_harbor.admin_password }}" data_volume: "{{ (service_path, 'data') | path_join }}" diff --git a/_ansible/roles/healthcheck/files/Dockerfile b/roles/healthcheck/files/Dockerfile similarity index 100% rename from _ansible/roles/healthcheck/files/Dockerfile rename to roles/healthcheck/files/Dockerfile diff --git a/_ansible/roles/healthcheck/files/data/http b/roles/healthcheck/files/data/http similarity index 96% rename from _ansible/roles/healthcheck/files/data/http rename to roles/healthcheck/files/data/http index 06826de..0617c05 100755 --- a/_ansible/roles/healthcheck/files/data/http +++ b/roles/healthcheck/files/data/http @@ -14,7 +14,7 @@ check_url () printf "checking url %s ." "$url" dig A "$1" >/dev/null printf "." - result=$(curl -LsSfv "$url" 2>&1) + result=$(curl -LsSfv --retry 3 "$url" 2>&1) code="$?" printf ".\n" #shellcheck disable=SC2181 diff --git a/_ansible/roles/healthcheck/files/data/mail b/roles/healthcheck/files/data/mail similarity index 100% rename from _ansible/roles/healthcheck/files/data/mail rename to roles/healthcheck/files/data/mail diff --git a/_ansible/roles/healthcheck/files/data/mailcheck.template.mail b/roles/healthcheck/files/data/mailcheck.template.mail similarity index 100% rename from _ansible/roles/healthcheck/files/data/mailcheck.template.mail rename to roles/healthcheck/files/data/mailcheck.template.mail diff --git a/_ansible/roles/healthcheck/files/data/matrix b/roles/healthcheck/files/data/matrix similarity index 100% rename from _ansible/roles/healthcheck/files/data/matrix rename to roles/healthcheck/files/data/matrix diff --git a/_ansible/roles/healthcheck/files/data/template.msmtprc b/roles/healthcheck/files/data/template.msmtprc similarity index 100% rename from _ansible/roles/healthcheck/files/data/template.msmtprc rename to roles/healthcheck/files/data/template.msmtprc diff --git a/_ansible/roles/healthcheck/files/docker-compose.yml b/roles/healthcheck/files/docker-compose.yml similarity index 100% rename from _ansible/roles/healthcheck/files/docker-compose.yml rename to roles/healthcheck/files/docker-compose.yml diff --git a/_ansible/roles/healthcheck/files/healthcheck@.service b/roles/healthcheck/files/healthcheck@.service similarity index 61% rename from _ansible/roles/healthcheck/files/healthcheck@.service rename to roles/healthcheck/files/healthcheck@.service index 2c332b9..9b40d49 100644 --- a/_ansible/roles/healthcheck/files/healthcheck@.service +++ b/roles/healthcheck/files/healthcheck@.service @@ -1,4 +1,4 @@ [Service] Type=oneshot ExecStart=/usr/bin/docker compose run --rm %i -WorkingDirectory=/opt/services/healthcheck/ +WorkingDirectory={{ service_path }} diff --git a/_ansible/roles/healthcheck/files/healthcheck@.timer b/roles/healthcheck/files/healthcheck@.timer similarity index 100% rename from _ansible/roles/healthcheck/files/healthcheck@.timer rename to roles/healthcheck/files/healthcheck@.timer diff --git a/_ansible/roles/healthcheck/tasks/main.yml b/roles/healthcheck/tasks/main.yml similarity index 86% rename from _ansible/roles/healthcheck/tasks/main.yml rename to roles/healthcheck/tasks/main.yml index 485bfeb..5c48f24 100644 --- a/_ansible/roles/healthcheck/tasks/main.yml +++ b/roles/healthcheck/tasks/main.yml @@ -39,6 +39,14 @@ dest: /etc/systemd/system/healthcheck@.timer mode: "0644" become: true + - name: Enable the system timer + ansible.builtin.systemd_service: + name: healthcheck@{{ item }}.timer + state: started + enabled: true + daemon_reload: true + loop: "{{ healthcheck_svc.checks }}" + become: true - name: Import tasks create a service.env file ansible.builtin.import_tasks: tasks/steps/template-service-env.yml diff --git a/_ansible/roles/healthcheck/vars/main.yml b/roles/healthcheck/vars/main.yml similarity index 93% rename from _ansible/roles/healthcheck/vars/main.yml rename to roles/healthcheck/vars/main.yml index a957675..cd15cab 100644 --- a/_ansible/roles/healthcheck/vars/main.yml +++ b/roles/healthcheck/vars/main.yml @@ -1,6 +1,10 @@ --- healthcheck_svc: name: healthcheck + checks: + - http + - mail + - matrix healthcheck_env: USER_AGENT: healthcheck-bot for serguzim.net diff --git a/_ansible/roles/homebox/tasks/main.yml b/roles/homebox/tasks/main.yml similarity index 100% rename from _ansible/roles/homebox/tasks/main.yml rename to roles/homebox/tasks/main.yml diff --git a/_ansible/roles/homebox/vars/main.yml b/roles/homebox/vars/main.yml similarity index 100% rename from _ansible/roles/homebox/vars/main.yml rename to roles/homebox/vars/main.yml diff --git a/_ansible/roles/influxdb/tasks/main.yml b/roles/influxdb/tasks/main.yml similarity index 100% rename from _ansible/roles/influxdb/tasks/main.yml rename to roles/influxdb/tasks/main.yml diff --git a/_ansible/roles/influxdb/vars/main.yml b/roles/influxdb/vars/main.yml similarity index 100% rename from _ansible/roles/influxdb/vars/main.yml rename to roles/influxdb/vars/main.yml diff --git a/_ansible/roles/jellyfin/tasks/main.yml b/roles/jellyfin/tasks/main.yml similarity index 100% rename from _ansible/roles/jellyfin/tasks/main.yml rename to roles/jellyfin/tasks/main.yml diff --git a/_ansible/roles/jellyfin/vars/main.yml b/roles/jellyfin/vars/main.yml similarity index 100% rename from _ansible/roles/jellyfin/vars/main.yml rename to roles/jellyfin/vars/main.yml diff --git a/_ansible/roles/mailcow/tasks/main.yml b/roles/mailcow/tasks/main.yml similarity index 100% rename from _ansible/roles/mailcow/tasks/main.yml rename to roles/mailcow/tasks/main.yml diff --git a/_ansible/roles/mailcow/vars/main.yml b/roles/mailcow/vars/main.yml similarity index 100% rename from _ansible/roles/mailcow/vars/main.yml rename to roles/mailcow/vars/main.yml diff --git a/_ansible/roles/minecraft_2/tasks/main.yml b/roles/minecraft_2/tasks/main.yml similarity index 100% rename from _ansible/roles/minecraft_2/tasks/main.yml rename to roles/minecraft_2/tasks/main.yml diff --git a/_ansible/roles/minecraft_2/vars/main.yml b/roles/minecraft_2/vars/main.yml similarity index 100% rename from _ansible/roles/minecraft_2/vars/main.yml rename to roles/minecraft_2/vars/main.yml diff --git a/_ansible/roles/minio/tasks/main.yml b/roles/minio/tasks/main.yml similarity index 100% rename from _ansible/roles/minio/tasks/main.yml rename to roles/minio/tasks/main.yml diff --git a/_ansible/roles/minio/vars/main.yml b/roles/minio/vars/main.yml similarity index 100% rename from _ansible/roles/minio/vars/main.yml rename to roles/minio/vars/main.yml diff --git a/_ansible/roles/reitanlage_oranienburg/tasks/main.yml b/roles/reitanlage_oranienburg/tasks/main.yml similarity index 100% rename from _ansible/roles/reitanlage_oranienburg/tasks/main.yml rename to roles/reitanlage_oranienburg/tasks/main.yml diff --git a/_ansible/roles/reitanlage_oranienburg/vars/main.yml b/roles/reitanlage_oranienburg/vars/main.yml similarity index 100% rename from _ansible/roles/reitanlage_oranienburg/vars/main.yml rename to roles/reitanlage_oranienburg/vars/main.yml diff --git a/_ansible/roles/synapse/files/msrg.cc.log.config b/roles/synapse/files/msrg.cc.log.config similarity index 100% rename from _ansible/roles/synapse/files/msrg.cc.log.config rename to roles/synapse/files/msrg.cc.log.config diff --git a/_ansible/roles/synapse/tasks/main.yml b/roles/synapse/tasks/main.yml similarity index 100% rename from _ansible/roles/synapse/tasks/main.yml rename to roles/synapse/tasks/main.yml diff --git a/_ansible/roles/synapse/vars/main.yml b/roles/synapse/vars/main.yml similarity index 100% rename from _ansible/roles/synapse/vars/main.yml rename to roles/synapse/vars/main.yml diff --git a/_ansible/roles/tandoor/tasks/main.yml b/roles/tandoor/tasks/main.yml similarity index 100% rename from _ansible/roles/tandoor/tasks/main.yml rename to roles/tandoor/tasks/main.yml diff --git a/_ansible/roles/tandoor/vars/main.yml b/roles/tandoor/vars/main.yml similarity index 100% rename from _ansible/roles/tandoor/vars/main.yml rename to roles/tandoor/vars/main.yml diff --git a/_ansible/roles/telegraf/tasks/main.yml b/roles/telegraf/tasks/main.yml similarity index 100% rename from _ansible/roles/telegraf/tasks/main.yml rename to roles/telegraf/tasks/main.yml diff --git a/_ansible/roles/telegraf/templates/telegraf.conf.j2 b/roles/telegraf/templates/telegraf.conf.j2 similarity index 100% rename from _ansible/roles/telegraf/templates/telegraf.conf.j2 rename to roles/telegraf/templates/telegraf.conf.j2 diff --git a/_ansible/roles/telegraf/vars/main.yml b/roles/telegraf/vars/main.yml similarity index 100% rename from _ansible/roles/telegraf/vars/main.yml rename to roles/telegraf/vars/main.yml diff --git a/_ansible/roles/tinytinyrss/files/nginx.conf b/roles/tinytinyrss/files/nginx.conf similarity index 100% rename from _ansible/roles/tinytinyrss/files/nginx.conf rename to roles/tinytinyrss/files/nginx.conf diff --git a/_ansible/roles/tinytinyrss/tasks/main.yml b/roles/tinytinyrss/tasks/main.yml similarity index 100% rename from _ansible/roles/tinytinyrss/tasks/main.yml rename to roles/tinytinyrss/tasks/main.yml diff --git a/_ansible/roles/tinytinyrss/vars/main.yml b/roles/tinytinyrss/vars/main.yml similarity index 100% rename from _ansible/roles/tinytinyrss/vars/main.yml rename to roles/tinytinyrss/vars/main.yml diff --git a/_ansible/roles/umami/tasks/main.yml b/roles/umami/tasks/main.yml similarity index 100% rename from _ansible/roles/umami/tasks/main.yml rename to roles/umami/tasks/main.yml diff --git a/_ansible/roles/umami/vars/main.yml b/roles/umami/vars/main.yml similarity index 100% rename from _ansible/roles/umami/vars/main.yml rename to roles/umami/vars/main.yml diff --git a/_ansible/roles/uptime_kuma/tasks/main.yml b/roles/uptime_kuma/tasks/main.yml similarity index 100% rename from _ansible/roles/uptime_kuma/tasks/main.yml rename to roles/uptime_kuma/tasks/main.yml diff --git a/_ansible/roles/uptime_kuma/vars/main.yml b/roles/uptime_kuma/vars/main.yml similarity index 100% rename from _ansible/roles/uptime_kuma/vars/main.yml rename to roles/uptime_kuma/vars/main.yml diff --git a/_ansible/roles/watchtower/files/run-once.sh b/roles/watchtower/files/run-once.sh similarity index 100% rename from _ansible/roles/watchtower/files/run-once.sh rename to roles/watchtower/files/run-once.sh diff --git a/_ansible/roles/watchtower/tasks/main.yml b/roles/watchtower/tasks/main.yml similarity index 100% rename from _ansible/roles/watchtower/tasks/main.yml rename to roles/watchtower/tasks/main.yml diff --git a/_ansible/roles/watchtower/vars/main.yml b/roles/watchtower/vars/main.yml similarity index 100% rename from _ansible/roles/watchtower/vars/main.yml rename to roles/watchtower/vars/main.yml diff --git a/_ansible/roles/webdis/files/webdis.json b/roles/webdis/files/webdis.json similarity index 100% rename from _ansible/roles/webdis/files/webdis.json rename to roles/webdis/files/webdis.json diff --git a/_ansible/roles/webdis/tasks/main.yml b/roles/webdis/tasks/main.yml similarity index 100% rename from _ansible/roles/webdis/tasks/main.yml rename to roles/webdis/tasks/main.yml diff --git a/_ansible/roles/webdis/vars/main.yml b/roles/webdis/vars/main.yml similarity index 100% rename from _ansible/roles/webdis/vars/main.yml rename to roles/webdis/vars/main.yml diff --git a/_ansible/roles/webhook/files/teamspeak-fallback-db b/roles/webhook/files/teamspeak-fallback-db similarity index 100% rename from _ansible/roles/webhook/files/teamspeak-fallback-db rename to roles/webhook/files/teamspeak-fallback-db diff --git a/_ansible/roles/webhook/tasks/main.yml b/roles/webhook/tasks/main.yml similarity index 100% rename from _ansible/roles/webhook/tasks/main.yml rename to roles/webhook/tasks/main.yml diff --git a/_ansible/roles/webhook/vars/main.yml b/roles/webhook/vars/main.yml similarity index 100% rename from _ansible/roles/webhook/vars/main.yml rename to roles/webhook/vars/main.yml diff --git a/_ansible/roles/wiki_js/tasks/main.yml b/roles/wiki_js/tasks/main.yml similarity index 100% rename from _ansible/roles/wiki_js/tasks/main.yml rename to roles/wiki_js/tasks/main.yml diff --git a/_ansible/roles/wiki_js/vars/main.yml b/roles/wiki_js/vars/main.yml similarity index 100% rename from _ansible/roles/wiki_js/vars/main.yml rename to roles/wiki_js/vars/main.yml diff --git a/_ansible/roles/woodpecker/tasks/main.yml b/roles/woodpecker/tasks/main.yml similarity index 100% rename from _ansible/roles/woodpecker/tasks/main.yml rename to roles/woodpecker/tasks/main.yml diff --git a/_ansible/roles/woodpecker/vars/main.yml b/roles/woodpecker/vars/main.yml similarity index 100% rename from _ansible/roles/woodpecker/vars/main.yml rename to roles/woodpecker/vars/main.yml diff --git a/_ansible/serguzim.net.yml b/serguzim.net.yml similarity index 100% rename from _ansible/serguzim.net.yml rename to serguzim.net.yml diff --git a/_ansible/tasks/deploy-common-service.yml b/tasks/deploy-common-service.yml similarity index 100% rename from _ansible/tasks/deploy-common-service.yml rename to tasks/deploy-common-service.yml diff --git a/_ansible/tasks/prepare-common-service.yml b/tasks/prepare-common-service.yml similarity index 100% rename from _ansible/tasks/prepare-common-service.yml rename to tasks/prepare-common-service.yml diff --git a/_ansible/tasks/set-default-facts.yml b/tasks/set-default-facts.yml similarity index 100% rename from _ansible/tasks/set-default-facts.yml rename to tasks/set-default-facts.yml diff --git a/_ansible/tasks/start-common-service.yml b/tasks/start-common-service.yml similarity index 100% rename from _ansible/tasks/start-common-service.yml rename to tasks/start-common-service.yml diff --git a/_ansible/tasks/steps/create-service-directory.yml b/tasks/steps/create-service-directory.yml similarity index 100% rename from _ansible/tasks/steps/create-service-directory.yml rename to tasks/steps/create-service-directory.yml diff --git a/_ansible/tasks/steps/start-service.yml b/tasks/steps/start-service.yml similarity index 100% rename from _ansible/tasks/steps/start-service.yml rename to tasks/steps/start-service.yml diff --git a/_ansible/tasks/steps/template-docker-compose.yml b/tasks/steps/template-docker-compose.yml similarity index 100% rename from _ansible/tasks/steps/template-docker-compose.yml rename to tasks/steps/template-docker-compose.yml diff --git a/_ansible/tasks/steps/template-service-env.yml b/tasks/steps/template-service-env.yml similarity index 89% rename from _ansible/tasks/steps/template-service-env.yml rename to tasks/steps/template-service-env.yml index eaac246..eb3f562 100644 --- a/_ansible/tasks/steps/template-service-env.yml +++ b/tasks/steps/template-service-env.yml @@ -3,4 +3,4 @@ ansible.builtin.template: src: service.env.j2 dest: "{{ (service_path, 'service.env') | path_join }}" - mode: "0600" + mode: "0700" diff --git a/_ansible/tasks/steps/template-site-config.yml b/tasks/steps/template-site-config.yml similarity index 100% rename from _ansible/tasks/steps/template-site-config.yml rename to tasks/steps/template-site-config.yml diff --git a/_ansible/templates/caddy_site.conf.j2 b/templates/caddy_site.conf.j2 similarity index 100% rename from _ansible/templates/caddy_site.conf.j2 rename to templates/caddy_site.conf.j2 diff --git a/_ansible/templates/docker-compose.yml.j2 b/templates/docker-compose.yml.j2 similarity index 100% rename from _ansible/templates/docker-compose.yml.j2 rename to templates/docker-compose.yml.j2 diff --git a/_ansible/templates/service.env.j2 b/templates/service.env.j2 similarity index 100% rename from _ansible/templates/service.env.j2 rename to templates/service.env.j2 diff --git a/_ansible/templates/service.yml.j2 b/templates/service.yml.j2 similarity index 100% rename from _ansible/templates/service.yml.j2 rename to templates/service.yml.j2