Add basic ansible stuff for management

acme-dns is fully handled by ansible already. All services should be
created by ansible in the end.
This commit is contained in:
Tobias Reisinger 2023-06-13 17:59:15 +02:00
parent 607ad23697
commit 7ff7dfe807
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
16 changed files with 162 additions and 3 deletions

2
_ansible/.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
.vault_pass
inventory/group_vars/all/vault.yml

4
_ansible/ansible.cfg Normal file
View file

@ -0,0 +1,4 @@
[defaults]
inventory = ./inventory
interpreter_python = auto_silent
vault_password_file = ./.vault_pass

View file

@ -0,0 +1,14 @@
compose_default_file:
services:
app:
image: "{{ compose.image }}"
restart: always
labels:
com.centurylinklabs.watchtower.enable: "{{ compose.watchtower | default(false) }}"
networks:
apps:
aliases:
- "{{ service.name }}"
networks:
apps:
external: true

View file

@ -0,0 +1,8 @@
admin_email: tobias@msrg.cc
postgres:
host: db.serguzim.me
port: 5432
services_path: /opt/services/
caddy_config_path: "{{ (services_path, 'caddy', 'config', 'conf.d') | path_join }}"

View file

@ -0,0 +1 @@
services_path: /opt/services/

View file

@ -0,0 +1,6 @@
all:
hosts:
local-dev:
ansible_connection: local
node002:
ansible_connection: local

10
_ansible/local-dev.yml Normal file
View file

@ -0,0 +1,10 @@
---
- name: Run roles for local-dev
vars:
# Remove _ansible and inventory
services_path: "{{ inventory_dir.split('/')[0:-2] | join('/') }}"
caddy_config_path: "{{ (services_path, 'caddy', 'config', 'conf.d') | path_join }}"
hosts: local-dev
roles:
- acme-dns

0
_ansible/main.yml Normal file
View file

5
_ansible/node002.yml Normal file
View file

@ -0,0 +1,5 @@
---
- name: Run roles for node002
hosts: node002
roles:
- acme-dns

View file

@ -0,0 +1,32 @@
---
- name: Deploy acme-dns
tags: acme-dns
vars:
service_path: "{{ (services_path, 'acme-dns') | path_join }}"
config_path: "{{ (service_path, 'config') | path_join }}"
block:
- name: Create a service directory
ansible.builtin.file:
path: "{{ service_path }}"
state: directory
mode: "0755"
- name: Create a service-config directory
ansible.builtin.file:
path: "{{ config_path }}"
state: directory
mode: "0755"
- name: Template acme-dns docker-compose
ansible.builtin.template:
src: docker-compose.yml.j2
dest: "{{ (service_path, 'docker-compose.yml') | path_join }}"
- name: Template acme-dns config
ansible.builtin.template:
src: config.cfg.j2
dest: "{{ (config_path, 'config.cfg') | path_join }}"
- name: Template acme-dns caddy config
ansible.builtin.template:
src: caddy_site.conf.j2
dest: "{{ (caddy_config_path, service.domain + '.conf') | path_join }}"

View file

@ -0,0 +1,31 @@
[general]
listen = "0.0.0.0:53"
protocol = "both"
domain = "{{ acme_dns.domain }}"
nsname = "{{ acme_dns.domain }}"
nsadmin = "{{ acme_dns.nsadmin }}"
records = [
"{{ acme_dns.domain }}. A {{ acme_dns.records.a }}",
"{{ acme_dns.domain }}. NS {{ acme_dns.domain }}.",
]
debug = false
[database]
engine = "postgres"
connection = "postgres://{{ acme_dns.db.user }}:{{ acme_dns.db.pass }}@{{ acme_dns.db.host }}/{{ acme_dns.db.db }}"
[api]
ip = "0.0.0.0"
disable_registration = false
port = "80"
tls = "none"
corsorigins = [
"*"
]
use_header = true
header_name = "X-Forwarded-For"
[logconfig]
loglevel = "info"
logtype = "stdout"
logformat = "text"

View file

@ -0,0 +1,31 @@
acme_dns:
nsadmin: "{{ admin_email | regex_replace('@', '.') }}"
domain: "acme.serguzim.me"
records:
a: "{{ ansible_facts.default_ipv4.address }}"
db:
host: "{{ postgres.host }}"
port: "{{ postgres.port }}"
user: "{{ vault_acmedns.db.user }}"
pass: "{{ vault_acmedns.db.pass }}"
db: acme_dns
api:
port: 80
service:
domain: "{{ acme_dns.domain }}"
name: acme-dns
port: "{{ acme_dns.api.port }}"
compose:
watchtower: true
image: joohoi/acme-dns
compose_file:
services:
app:
ports:
- "53:53"
- "53:53/udp"
volumes:
- ./config:/etc/acme-dns:ro

View file

@ -0,0 +1,4 @@
{{ service.domain }} {
import default
reverse_proxy {{ service.name }}:{{ service.port }}
}

View file

@ -0,0 +1 @@
{{ compose_default_file | combine(compose_file, recursive=True) | to_nice_yaml }}

10
_ansible/test.yml Normal file
View file

@ -0,0 +1,10 @@
---
- name: Test
hosts: all
tasks:
#- name: Include acme-dns role vars
# ansible.builtin.include_vars:
# dir: roles/acme-dns/vars
- name: Debug all variables
ansible.builtin.debug:
var: hostvars[inventory_hostname]

View file

@ -66,7 +66,7 @@ services:
networks: networks:
apps: apps:
aliases: aliases:
- ${SERVICE_NAME} - ${NAME}
networks: networks:
apps: apps:
external: true external: true
@ -78,10 +78,10 @@ if [ ! -d "${caddy_path}" ]; then
caddy_path="caddy/config/conf.d" caddy_path="caddy/config/conf.d"
fi fi
if [ -d "${caddy_path}" ]; then if [ -d "${caddy_path}" ]; then
cat <<EOF > "$caddy_path/${DOMAIN}.config" cat <<EOF > "$caddy_path/${DOMAIN}.conf"
${DOMAIN} { ${DOMAIN} {
import default import default
reverse_proxy ${SERVICE_NAME}:${PORT} reverse_proxy ${NAME}:${PORT}
} }
EOF EOF
else else