Prepare services for lego certificate service

2023-12-20 01:29:53 +01:00 · 2023-12-20 01:29:53 +01:00 · da5d6eef8c
parent 6c6ade1b9a
commit da5d6eef8c
8 changed files with 28 additions and 9 deletions
--- a/inventory/group_vars/all/compose_defaults.yml
+++ b/inventory/group_vars/all/compose_defaults.yml
@ -5,6 +5,16 @@ compose_file_main:
      restart: always
      labels:
        com.centurylinklabs.watchtower.enable: "{{ compose.watchtower | default(false) }}"
+
+compose_file_env:
+  services:
+    app:
+      env_file:
+        - service.env
+
+compose_file_networks:
+  services:
+    app:
      networks:
        default:
        apps:
@ -15,12 +25,6 @@ compose_file_main:
    apps:
      external: true

-compose_file_env:
-  services:
-    app:
-      env_file:
-        - service.env
-
 compose_file_volumes:
  services:
    app:
--- a/inventory/group_vars/all/main.yml
+++ b/inventory/group_vars/all/main.yml
@ -14,6 +14,9 @@ acme_dns:


 services_path: /opt/services/
+
 caddy_path: "{{ (services_path, 'caddy') | path_join }}"
 caddy_config_path: "{{ (caddy_path, 'config', 'conf.d') | path_join }}"
 managed_sites: []
+
+certificates_path: "{{ (services_path, '_certificates') | path_join }}"
--- a/roles/acme_dns/tasks/main.yml
+++ b/roles/acme_dns/tasks/main.yml
@ -26,6 +26,12 @@
        src: config.cfg.j2
        dest: "{{ (config_path, 'config.cfg') | path_join }}"
        mode: "0600"
+      register: cmd_result
+
+    - name: Set the docker force-recreate flag
+      ansible.builtin.set_fact:
+        docker_force_recreate: --force-recreate
+      when: cmd_result.changed # noqa: no-handler We need to handle the restart per service. Handlers don't support variables.

    - name: Import start tasks for common service
      ansible.builtin.import_tasks: tasks/start-common-service.yml
--- a/roles/acme_dns/templates/config.cfg.j2
+++ b/roles/acme_dns/templates/config.cfg.j2
@ -6,6 +6,7 @@ nsname = "{{ svc.domain }}"
 nsadmin = "{{ svc.nsadmin }}"
 records = [
    "{{ svc.domain }}. A {{ svc.records.a }}",
+    "{{ svc.domain }}. AAAA {{ svc.records.aaaa }}",
    "{{ svc.domain }}. NS {{ svc.domain }}.",
 ]
 debug = false
--- a/roles/acme_dns/vars/main.yml
+++ b/roles/acme_dns/vars/main.yml
@ -6,6 +6,7 @@ acme_dns_svc:
  nsadmin: "{{ admin_email | regex_replace('@', '.') }}"
  records:
    a: "{{ ansible_facts.default_ipv4.address }}"
+    aaaa: "{{ ansible_facts.default_ipv6.address }}"
  db:
    host: "{{ postgres.host }}"
    port: "{{ postgres.port }}"
--- a/roles/harbor/vars/main.yml
+++ b/roles/harbor/vars/main.yml
@ -36,8 +36,8 @@ harbor_yml:
    port: "{{ harbor_port_http }}"
  https:
    port: "{{ harbor_port_https }}"
-    certificate: /opt/services/.lego/certificates/registry.serguzim.me.crt # TODO
-    private_key: /opt/services/.lego/certificates/registry.serguzim.me.key # TODO
+    certificate: "{{ (service_path, 'server.crt') | path_join }}"
+    private_key: "{{ (service_path, 'server.key') | path_join }}"
  external_url: https://registry.serguzim.me
  harbor_admin_password: "{{ vault_harbor.admin_password }}"
  data_volume: "{{ (service_path, 'data') | path_join }}"
--- a/roles/healthcheck/files/data/http
+++ b/roles/healthcheck/files/data/http
@ -28,7 +28,7 @@ check_url ()
    fi
 }

-check_url "acme.serguzim.me" "/health"
+#check_url "acme.serguzim.me" "/health"
 check_url "analytics.serguzim.me"
 check_url "auth.serguzim.me"
 check_url "ci.serguzim.me"
--- a/templates/docker-compose.yml.j2
+++ b/templates/docker-compose.yml.j2
@ -5,6 +5,10 @@
    {%- set compose_file = compose_file | combine(compose_file_env, recursive=True) -%}
 {%- endif -%}

+{%- if compose.network | default(True) -%}
+    {%- set compose_file = compose_file | combine(compose_file_networks, recursive=True) -%}
+{%- endif -%}
+
 {%- if compose.volumes | default(False) -%}
    {%- set compose_file = compose_file | combine(compose_file_volumes, recursive=True) -%}
 {%- endif -%}