diff --git a/.envrc b/.envrc
new file mode 100644
index 0000000..1d953f4
--- /dev/null
+++ b/.envrc
@@ -0,0 +1 @@
+use nix
diff --git a/_ansible/roles/acme-dns/tasks/main.yml b/_ansible/roles/acme-dns/tasks/main.yml
index a14feef..89ae6a2 100644
--- a/_ansible/roles/acme-dns/tasks/main.yml
+++ b/_ansible/roles/acme-dns/tasks/main.yml
@@ -10,23 +10,27 @@
path: "{{ service_path }}"
state: directory
mode: "0755"
+
- name: Create a service-config directory for {{ svc.name }}
ansible.builtin.file:
path: "{{ config_path }}"
state: directory
- mode: "0755"
+ mode: "0700"
- - name: Template {{ svc.name }} docker-compose
+ - name: Template docker-compose for {{ svc.name }}
ansible.builtin.template:
src: docker-compose.yml.j2
dest: "{{ (service_path, 'docker-compose.yml') | path_join }}"
+ mode: "0644"
- - name: Template {{ svc.name }} config
+ - name: Template config for {{ svc.name }}
ansible.builtin.template:
src: config.cfg.j2
dest: "{{ (config_path, 'config.cfg') | path_join }}"
+ mode: "0600"
- - name: Template {{ svc.name }} caddy config
+ - name: Template caddy config for {{ svc.name }}
ansible.builtin.template:
src: caddy_site.conf.j2
dest: "{{ (caddy_config_path, svc.domain + '.conf') | path_join }}"
+ mode: "0644"
diff --git a/_ansible/roles/acme-dns/vars/main.yml b/_ansible/roles/acme-dns/vars/main.yml
index dee3738..7acbe52 100644
--- a/_ansible/roles/acme-dns/vars/main.yml
+++ b/_ansible/roles/acme-dns/vars/main.yml
@@ -16,12 +16,11 @@ svc:
compose:
watchtower: true
image: joohoi/acme-dns
-
-compose_file:
- services:
- app:
- ports:
- - "53:53"
- - "53:53/udp"
- volumes:
- - ./config:/etc/acme-dns:ro
+ file:
+ services:
+ app:
+ ports:
+ - "53:53"
+ - "53:53/udp"
+ volumes:
+ - ./config:/etc/acme-dns:ro
diff --git a/_ansible/roles/umami/tasks/main.yml b/_ansible/roles/umami/tasks/main.yml
index d35baa3..cf9ef6a 100644
--- a/_ansible/roles/umami/tasks/main.yml
+++ b/_ansible/roles/umami/tasks/main.yml
@@ -12,17 +12,20 @@
state: directory
mode: "0755"
- - name: Template {{ svc.name }} docker-compose
+ - name: Template docker-compose for {{ svc.name }}
ansible.builtin.template:
src: docker-compose.yml.j2
dest: "{{ (service_path, 'docker-compose.yml') | path_join }}"
+ mode: "0644"
- - name: Template {{ svc.name }} service.env file
+ - name: Template service.env file for {{ svc.name }}
ansible.builtin.template:
src: service.env.j2
dest: "{{ (service_path, 'service.env') | path_join }}"
+ mode: "0600"
- - name: Template {{ svc.name }} caddy config
+ - name: Template caddy config for {{ svc.name }}
ansible.builtin.template:
src: caddy_site.conf.j2
dest: "{{ (caddy_config_path, svc.domain + '.conf') | path_join }}"
+ mode: "0644"
diff --git a/_ansible/templates/docker-compose.yml.j2 b/_ansible/templates/docker-compose.yml.j2
index f81226b..987670f 100644
--- a/_ansible/templates/docker-compose.yml.j2
+++ b/_ansible/templates/docker-compose.yml.j2
@@ -1,6 +1,6 @@
-{% set compose_file = compose_file | default({}) %}
+{% set compose_file = compose.file | default({}) %}
{% set compose_file = compose_default_file | combine(compose_file, recursive=True) %}
{% if compose.env | default(False) %}
- {% set compose_file = compose_file | combine(compose_env_file, recursive=True) %}
+{% set compose_file = compose_file | combine(compose_env_file, recursive=True) %}
{% endif %}
{{ compose_file | to_nice_yaml }}
diff --git a/shell.nix b/shell.nix
new file mode 100644
index 0000000..74e4f94
--- /dev/null
+++ b/shell.nix
@@ -0,0 +1,7 @@
+with import <nixpkgs> {};
+mkShell {
+ nativeBuildInputs = [
+ ansible
+ ansible-lint
+ ];
+}