Add watchtower to ansible for real and fix .gitignore

2023-06-16 13:18:31 +02:00 · 2023-06-16 13:18:31 +02:00 · 9425376412
commit 9425376412
parent 5908976abc
4 changed files with 52 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -6,10 +6,10 @@ serguzim.net.png
 diagram_assets/

 # services already handled by ansible
-acme-dns/
-caddy/config/conf.002.d/acme.serguzim.me.conf
-gitea/
-caddy/config/conf.002.d/git.serguzim.me.conf
-umami/
-caddy/config/conf.002.d/analytics.serguzim.me.conf
-watchtower/
+/acme-dns/
+/caddy/config/conf.002.d/acme.serguzim.me.conf
+/gitea/
+/caddy/config/conf.002.d/git.serguzim.me.conf
+/umami/
+/caddy/config/conf.002.d/analytics.serguzim.me.conf
+/watchtower/
--- a/_ansible/roles/watchtower/files/run-once.sh
+++ b/_ansible/roles/watchtower/files/run-once.sh
@ -0,0 +1,3 @@
+#!/usr/bin/env sh
+
+docker compose run -e WATCHTOWER_RUN_ONCE=true -e WATCHTOWER_NOTIFICATIONS= watchtower
--- a/_ansible/roles/watchtower/tasks/main.yml
+++ b/_ansible/roles/watchtower/tasks/main.yml
@ -0,0 +1,15 @@
+---
+- name: Deploy {{ svc.name }}
+  tags:
+    - watchtower
+    - container
+  block:
+    - import_tasks: steps/create-service-directory.yml
+    - import_tasks: steps/template-docker-compose.yml
+    - import_tasks: steps/template-service-env.yml
+    
+    - name: Copy the run-once script
+      ansible.builtin.copy:
+        src: run-once.sh
+        dest: "{{ (service_path, 'run-once.sh') | path_join }}"
+        mode: '0755'
--- a/_ansible/roles/watchtower/vars/main.yml
+++ b/_ansible/roles/watchtower/vars/main.yml
@ -0,0 +1,27 @@
+svc:
+  name: watchtower
+
+svc_env:
+  WATCHTOWER_LABEL_ENABLE: true
+  WATCHTOWER_CLEANUP: true
+  WATCHTOWER_SCHEDULE: "0 27 20 * * *"
+
+  WATCHTOWER_NOTIFICATIONS: email
+  WATCHTOWER_NOTIFICATION_EMAIL_FROM: "{{ svc.name }}@serguzim.me"
+  WATCHTOWER_NOTIFICATION_EMAIL_TO: "{{ admin_email }}"
+  WATCHTOWER_NOTIFICATION_EMAIL_SERVER: "{{ mailer.host }}"
+  WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT: "{{ mailer.port }}"
+  WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER: "{{ svc.name }}@serguzim.me"
+  WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD: "{{ vault_watchtower.mailer.pass }}"
+  WATCHTOWER_NOTIFICATION_EMAIL_DELAY: 5
+
+compose:
+  watchtower: false
+  image: containerrr/watchtower
+  env: true
+  volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+  file:
+    services:
+      app:
+        hostname: "{{ ansible_facts.hostname }}"