Add basic ansible stuff for management

acme-dns is fully handled by ansible already. All services should be
created by ansible in the end.

_ansible/.gitignore

@@ -0,0 +1,2 @@
+.vault_pass
+inventory/group_vars/all/vault.yml

_ansible/ansible.cfg

@@ -0,0 +1,4 @@
+[defaults]
+inventory = ./inventory
+interpreter_python = auto_silent
+vault_password_file = ./.vault_pass

_ansible/inventory/group_vars/all/compose_defaults.yml

@@ -0,0 +1,14 @@
+compose_default_file:
+  services:
+    app:
+      image: "{{ compose.image }}"
+      restart: always
+      labels:
+        com.centurylinklabs.watchtower.enable: "{{ compose.watchtower | default(false) }}"
+      networks:
+        apps:
+          aliases:
+            - "{{ service.name }}"
+  networks:
+    apps:
+      external: true

_ansible/inventory/group_vars/all/main.yml

@@ -0,0 +1,8 @@
+admin_email: tobias@msrg.cc
+
+postgres:
+  host: db.serguzim.me
+  port: 5432
+
+services_path: /opt/services/
+caddy_config_path: "{{ (services_path, 'caddy', 'config', 'conf.d') | path_join }}"

_ansible/inventory/host_vars/node002/main.yml

@@ -0,0 +1 @@
+services_path: /opt/services/

_ansible/inventory/serguzim.net.yml

@@ -0,0 +1,6 @@
+all:
+  hosts:
+    local-dev:
+      ansible_connection: local
+    node002:
+      ansible_connection: local

_ansible/local-dev.yml

@@ -0,0 +1,10 @@
+---
+- name: Run roles for local-dev
+  vars:
+    # Remove _ansible and inventory
+    services_path: "{{ inventory_dir.split('/')[0:-2] | join('/') }}"
+    caddy_config_path: "{{ (services_path, 'caddy', 'config', 'conf.d') | path_join }}"
+
+  hosts: local-dev
+  roles:
+    - acme-dns

_ansible/node002.yml

@@ -0,0 +1,5 @@
+---
+- name: Run roles for node002
+  hosts: node002
+  roles:
+    - acme-dns

_ansible/roles/acme-dns/tasks/main.yml

@@ -0,0 +1,32 @@
+---
+- name: Deploy acme-dns
+  tags: acme-dns
+  vars:
+    service_path: "{{ (services_path, 'acme-dns') | path_join }}"
+    config_path: "{{ (service_path, 'config') | path_join }}"
+  block:
+    - name: Create a service directory
+      ansible.builtin.file:
+        path: "{{ service_path }}"
+        state: directory
+        mode: "0755"
+    - name: Create a service-config directory
+      ansible.builtin.file:
+        path: "{{ config_path }}"
+        state: directory
+        mode: "0755"
+
+    - name: Template acme-dns docker-compose
+      ansible.builtin.template:
+        src: docker-compose.yml.j2
+        dest: "{{ (service_path, 'docker-compose.yml') | path_join }}"
+
+    - name: Template acme-dns config
+      ansible.builtin.template:
+        src: config.cfg.j2
+        dest: "{{ (config_path, 'config.cfg') | path_join }}"
+
+    - name: Template acme-dns caddy config
+      ansible.builtin.template:
+        src: caddy_site.conf.j2
+        dest: "{{ (caddy_config_path, service.domain + '.conf') | path_join }}"

_ansible/roles/acme-dns/templates/config.cfg.j2

@@ -0,0 +1,31 @@
+[general]
+listen = "0.0.0.0:53"
+protocol = "both"
+domain = "{{ acme_dns.domain }}"
+nsname = "{{ acme_dns.domain }}"
+nsadmin = "{{ acme_dns.nsadmin }}"
+records = [
+    "{{ acme_dns.domain }}. A {{ acme_dns.records.a }}",
+    "{{ acme_dns.domain }}. NS {{ acme_dns.domain }}.",
+]
+debug = false
+
+[database]
+engine = "postgres"
+connection = "postgres://{{ acme_dns.db.user }}:{{ acme_dns.db.pass }}@{{ acme_dns.db.host }}/{{ acme_dns.db.db }}"
+
+[api]
+ip = "0.0.0.0"
+disable_registration = false
+port = "80"
+tls = "none"
+corsorigins = [
+    "*"
+]
+use_header = true
+header_name = "X-Forwarded-For"
+
+[logconfig]
+loglevel = "info"
+logtype = "stdout"
+logformat = "text"

_ansible/roles/acme-dns/vars/main.yml

@@ -0,0 +1,31 @@
+acme_dns:
+  nsadmin: "{{ admin_email | regex_replace('@', '.') }}"
+  domain: "acme.serguzim.me"
+  records:
+    a: "{{ ansible_facts.default_ipv4.address }}"
+  db:
+    host: "{{ postgres.host }}"
+    port: "{{ postgres.port }}"
+    user: "{{ vault_acmedns.db.user }}"
+    pass: "{{ vault_acmedns.db.pass }}"
+    db: acme_dns
+  api:
+    port: 80
+
+service:
+  domain: "{{ acme_dns.domain }}"
+  name: acme-dns
+  port: "{{ acme_dns.api.port }}"
+
+compose:
+  watchtower: true
+  image: joohoi/acme-dns
+
+compose_file:
+  services:
+    app:
+      ports:
+        - "53:53"
+        - "53:53/udp"
+      volumes:
+        - ./config:/etc/acme-dns:ro

_ansible/templates/caddy_site.conf.j2

@@ -0,0 +1,4 @@
+{{ service.domain }} {
+	import default
+	reverse_proxy {{ service.name }}:{{ service.port }}
+}

_ansible/templates/docker-compose.yml.j2

@@ -0,0 +1 @@
+{{ compose_default_file | combine(compose_file, recursive=True) | to_nice_yaml }}

_ansible/test.yml

@@ -0,0 +1,10 @@
+---
+- name: Test
+  hosts: all
+  tasks:
+    #- name: Include acme-dns role vars
+    #  ansible.builtin.include_vars:
+    #    dir: roles/acme-dns/vars
+    - name: Debug all variables
+      ansible.builtin.debug:
+        var: hostvars[inventory_hostname]

_utils/create-service.sh

@@ -66,7 +66,7 @@ services:
 	networks:
 	  apps:
 		aliases:
-		  - ${SERVICE_NAME}
+		  - ${NAME}
 networks:
   apps:
 	external: true
@@ -78,10 +78,10 @@ if [ ! -d "${caddy_path}" ]; then
 	caddy_path="caddy/config/conf.d"
 fi
 if [ -d "${caddy_path}" ]; then
-cat <<EOF > "$caddy_path/${DOMAIN}.config"
+cat <<EOF > "$caddy_path/${DOMAIN}.conf"
 ${DOMAIN} {
   import default
-  reverse_proxy ${SERVICE_NAME}:${PORT}
+  reverse_proxy ${NAME}:${PORT}
 }
 EOF
 else