From 94253764129d980e0711b67ccdbfcc89cbfbcf38 Mon Sep 17 00:00:00 2001 From: Tobias Reisinger Date: Fri, 16 Jun 2023 13:18:31 +0200 Subject: [PATCH] Add watchtower to ansible for real and fix .gitignore --- .gitignore | 14 +++++------ _ansible/roles/watchtower/files/run-once.sh | 3 +++ _ansible/roles/watchtower/tasks/main.yml | 15 ++++++++++++ _ansible/roles/watchtower/vars/main.yml | 27 +++++++++++++++++++++ 4 files changed, 52 insertions(+), 7 deletions(-) create mode 100644 _ansible/roles/watchtower/files/run-once.sh create mode 100644 _ansible/roles/watchtower/tasks/main.yml create mode 100644 _ansible/roles/watchtower/vars/main.yml diff --git a/.gitignore b/.gitignore index 586f264..89fd396 100644 --- a/.gitignore +++ b/.gitignore @@ -6,10 +6,10 @@ serguzim.net.png diagram_assets/ # services already handled by ansible -acme-dns/ -caddy/config/conf.002.d/acme.serguzim.me.conf -gitea/ -caddy/config/conf.002.d/git.serguzim.me.conf -umami/ -caddy/config/conf.002.d/analytics.serguzim.me.conf -watchtower/ +/acme-dns/ +/caddy/config/conf.002.d/acme.serguzim.me.conf +/gitea/ +/caddy/config/conf.002.d/git.serguzim.me.conf +/umami/ +/caddy/config/conf.002.d/analytics.serguzim.me.conf +/watchtower/ diff --git a/_ansible/roles/watchtower/files/run-once.sh b/_ansible/roles/watchtower/files/run-once.sh new file mode 100644 index 0000000..535100a --- /dev/null +++ b/_ansible/roles/watchtower/files/run-once.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env sh + +docker compose run -e WATCHTOWER_RUN_ONCE=true -e WATCHTOWER_NOTIFICATIONS= watchtower diff --git a/_ansible/roles/watchtower/tasks/main.yml b/_ansible/roles/watchtower/tasks/main.yml new file mode 100644 index 0000000..341ee8a --- /dev/null +++ b/_ansible/roles/watchtower/tasks/main.yml @@ -0,0 +1,15 @@ +--- +- name: Deploy {{ svc.name }} + tags: + - watchtower + - container + block: + - import_tasks: steps/create-service-directory.yml + - import_tasks: steps/template-docker-compose.yml + - import_tasks: steps/template-service-env.yml + + - name: Copy the run-once script + ansible.builtin.copy: + src: run-once.sh + dest: "{{ (service_path, 'run-once.sh') | path_join }}" + mode: '0755' diff --git a/_ansible/roles/watchtower/vars/main.yml b/_ansible/roles/watchtower/vars/main.yml new file mode 100644 index 0000000..a9769b3 --- /dev/null +++ b/_ansible/roles/watchtower/vars/main.yml @@ -0,0 +1,27 @@ +svc: + name: watchtower + +svc_env: + WATCHTOWER_LABEL_ENABLE: true + WATCHTOWER_CLEANUP: true + WATCHTOWER_SCHEDULE: "0 27 20 * * *" + + WATCHTOWER_NOTIFICATIONS: email + WATCHTOWER_NOTIFICATION_EMAIL_FROM: "{{ svc.name }}@serguzim.me" + WATCHTOWER_NOTIFICATION_EMAIL_TO: "{{ admin_email }}" + WATCHTOWER_NOTIFICATION_EMAIL_SERVER: "{{ mailer.host }}" + WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT: "{{ mailer.port }}" + WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER: "{{ svc.name }}@serguzim.me" + WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD: "{{ vault_watchtower.mailer.pass }}" + WATCHTOWER_NOTIFICATION_EMAIL_DELAY: 5 + +compose: + watchtower: false + image: containerrr/watchtower + env: true + volumes: + - /var/run/docker.sock:/var/run/docker.sock + file: + services: + app: + hostname: "{{ ansible_facts.hostname }}"