Add basic ansible stuff for management

acme-dns is fully handled by ansible already. All services should be
created by ansible in the end.

_ansible/roles/acme-dns/tasks/main.yml

@@ -0,0 +1,32 @@
+---
+- name: Deploy acme-dns
+  tags: acme-dns
+  vars:
+    service_path: "{{ (services_path, 'acme-dns') | path_join }}"
+    config_path: "{{ (service_path, 'config') | path_join }}"
+  block:
+    - name: Create a service directory
+      ansible.builtin.file:
+        path: "{{ service_path }}"
+        state: directory
+        mode: "0755"
+    - name: Create a service-config directory
+      ansible.builtin.file:
+        path: "{{ config_path }}"
+        state: directory
+        mode: "0755"
+
+    - name: Template acme-dns docker-compose
+      ansible.builtin.template:
+        src: docker-compose.yml.j2
+        dest: "{{ (service_path, 'docker-compose.yml') | path_join }}"
+
+    - name: Template acme-dns config
+      ansible.builtin.template:
+        src: config.cfg.j2
+        dest: "{{ (config_path, 'config.cfg') | path_join }}"
+
+    - name: Template acme-dns caddy config
+      ansible.builtin.template:
+        src: caddy_site.conf.j2
+        dest: "{{ (caddy_config_path, service.domain + '.conf') | path_join }}"

_ansible/roles/acme-dns/templates/config.cfg.j2

@@ -0,0 +1,31 @@
+[general]
+listen = "0.0.0.0:53"
+protocol = "both"
+domain = "{{ acme_dns.domain }}"
+nsname = "{{ acme_dns.domain }}"
+nsadmin = "{{ acme_dns.nsadmin }}"
+records = [
+    "{{ acme_dns.domain }}. A {{ acme_dns.records.a }}",
+    "{{ acme_dns.domain }}. NS {{ acme_dns.domain }}.",
+]
+debug = false
+
+[database]
+engine = "postgres"
+connection = "postgres://{{ acme_dns.db.user }}:{{ acme_dns.db.pass }}@{{ acme_dns.db.host }}/{{ acme_dns.db.db }}"
+
+[api]
+ip = "0.0.0.0"
+disable_registration = false
+port = "80"
+tls = "none"
+corsorigins = [
+    "*"
+]
+use_header = true
+header_name = "X-Forwarded-For"
+
+[logconfig]
+loglevel = "info"
+logtype = "stdout"
+logformat = "text"

_ansible/roles/acme-dns/vars/main.yml

@@ -0,0 +1,31 @@
+acme_dns:
+  nsadmin: "{{ admin_email | regex_replace('@', '.') }}"
+  domain: "acme.serguzim.me"
+  records:
+    a: "{{ ansible_facts.default_ipv4.address }}"
+  db:
+    host: "{{ postgres.host }}"
+    port: "{{ postgres.port }}"
+    user: "{{ vault_acmedns.db.user }}"
+    pass: "{{ vault_acmedns.db.pass }}"
+    db: acme_dns
+  api:
+    port: 80
+
+service:
+  domain: "{{ acme_dns.domain }}"
+  name: acme-dns
+  port: "{{ acme_dns.api.port }}"
+
+compose:
+  watchtower: true
+  image: joohoi/acme-dns
+
+compose_file:
+  services:
+    app:
+      ports:
+        - "53:53"
+        - "53:53/udp"
+      volumes:
+        - ./config:/etc/acme-dns:ro