serguzim/services
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add umami to ansible

Browse source
This commit is contained in:
Tobias Reisinger 2023-06-13 20:48:16 +02:00
parent 7ff7dfe807
commit ecd00fc75d
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
15 changed files with 91 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.gitignore vendored
View file

@ -4,3 +4,7 @@
serguzim.net.png serguzim.net.png
diagram_assets/ diagram_assets/
# services already handled by ansible
acme-dns/
umami/

8
_ansible/inventory/group_vars/all/compose_defaults.yml
View file

@ -8,7 +8,13 @@ compose_default_file:
networks: networks:
apps: apps:
aliases: aliases:
- "{{ service.name }}" - "{{ svc.name }}"
networks: networks:
apps: apps:
external: true external: true
compose_env_file:
services:
app:
env_file:
- service.env

1
_ansible/local-dev.yml
View file

@ -8,3 +8,4 @@
hosts: local-dev hosts: local-dev
roles: roles:
- acme-dns - acme-dns
- umami

0
_ansible/main.yml
View file

1
_ansible/node002.yml
View file

@ -3,3 +3,4 @@
hosts: node002 hosts: node002
roles: roles:
- acme-dns - acme-dns
- umami

14
_ansible/roles/acme-dns/tasks/main.yml
View file

@ -2,31 +2,31 @@
- name: Deploy acme-dns - name: Deploy acme-dns
tags: acme-dns tags: acme-dns
vars: vars:
service_path: "{{ (services_path, 'acme-dns') | path_join }}" service_path: "{{ (services_path, svc.name) | path_join }}"
config_path: "{{ (service_path, 'config') | path_join }}" config_path: "{{ (service_path, 'config') | path_join }}"
block: block:
- name: Create a service directory - name: Create a service directory for {{ svc.name }}
ansible.builtin.file: ansible.builtin.file:
path: "{{ service_path }}" path: "{{ service_path }}"
state: directory state: directory
mode: "0755" mode: "0755"
- name: Create a service-config directory - name: Create a service-config directory for {{ svc.name }}
ansible.builtin.file: ansible.builtin.file:
path: "{{ config_path }}" path: "{{ config_path }}"
state: directory state: directory
mode: "0755" mode: "0755"
- name: Template acme-dns docker-compose - name: Template {{ svc.name }} docker-compose
ansible.builtin.template: ansible.builtin.template:
src: docker-compose.yml.j2 src: docker-compose.yml.j2
dest: "{{ (service_path, 'docker-compose.yml') | path_join }}" dest: "{{ (service_path, 'docker-compose.yml') | path_join }}"
- name: Template acme-dns config - name: Template {{ svc.name }} config
ansible.builtin.template: ansible.builtin.template:
src: config.cfg.j2 src: config.cfg.j2
dest: "{{ (config_path, 'config.cfg') | path_join }}" dest: "{{ (config_path, 'config.cfg') | path_join }}"
- name: Template acme-dns caddy config - name: Template {{ svc.name }} caddy config
ansible.builtin.template: ansible.builtin.template:
src: caddy_site.conf.j2 src: caddy_site.conf.j2
dest: "{{ (caddy_config_path, service.domain + '.conf') | path_join }}" dest: "{{ (caddy_config_path, svc.domain + '.conf') | path_join }}"

14
_ansible/roles/acme-dns/templates/config.cfg.j2
View file

@ -1,23 +1,23 @@
[general] [general]
listen = "0.0.0.0:53" listen = "0.0.0.0:53"
protocol = "both" protocol = "both"
domain = "{{ acme_dns.domain }}" domain = "{{ svc.domain }}"
nsname = "{{ acme_dns.domain }}" nsname = "{{ svc.domain }}"
nsadmin = "{{ acme_dns.nsadmin }}" nsadmin = "{{ svc.nsadmin }}"
records = [ records = [
"{{ acme_dns.domain }}. A {{ acme_dns.records.a }}", "{{ svc.domain }}. A {{ svc.records.a }}",
"{{ acme_dns.domain }}. NS {{ acme_dns.domain }}.", "{{ svc.domain }}. NS {{ svc.domain }}.",
] ]
debug = false debug = false
[database] [database]
engine = "postgres" engine = "postgres"
connection = "postgres://{{ acme_dns.db.user }}:{{ acme_dns.db.pass }}@{{ acme_dns.db.host }}/{{ acme_dns.db.db }}" connection = "postgres://{{ svc.db.user }}:{{ svc.db.pass }}@{{ svc.db.host }}/{{ svc.db.db }}"
[api] [api]
ip = "0.0.0.0" ip = "0.0.0.0"
disable_registration = false disable_registration = false
port = "80" port = "{{ svc.port }}"
tls = "none" tls = "none"
corsorigins = [ corsorigins = [
"*" "*"

12
_ansible/roles/acme-dns/vars/main.yml
View file

@ -1,6 +1,8 @@
acme_dns: svc:
nsadmin: "{{ admin_email | regex_replace('@', '.') }}"
domain: "acme.serguzim.me" domain: "acme.serguzim.me"
name: acme-dns
port: 80
nsadmin: "{{ admin_email | regex_replace('@', '.') }}"
records: records:
a: "{{ ansible_facts.default_ipv4.address }}" a: "{{ ansible_facts.default_ipv4.address }}"
db: db:
@ -9,13 +11,7 @@ acme_dns:
user: "{{ vault_acmedns.db.user }}" user: "{{ vault_acmedns.db.user }}"
pass: "{{ vault_acmedns.db.pass }}" pass: "{{ vault_acmedns.db.pass }}"
db: acme_dns db: acme_dns
api:
port: 80
service:
domain: "{{ acme_dns.domain }}"
name: acme-dns
port: "{{ acme_dns.api.port }}"
compose: compose:
watchtower: true watchtower: true

28
_ansible/roles/umami/tasks/main.yml Normal file
View file

@ -0,0 +1,28 @@
---
- name: Deploy umami
tags:
- analytics
- umami
vars:
service_path: "{{ (services_path, svc.name) | path_join }}"
block:
- name: Create a service directory for {{ svc.name }}
ansible.builtin.file:
path: "{{ service_path }}"
state: directory
mode: "0755"
- name: Template {{ svc.name }} docker-compose
ansible.builtin.template:
src: docker-compose.yml.j2
dest: "{{ (service_path, 'docker-compose.yml') | path_join }}"
- name: Template {{ svc.name }} service.env file
ansible.builtin.template:
src: service.env.j2
dest: "{{ (service_path, 'service.env') | path_join }}"
- name: Template {{ svc.name }} caddy config
ansible.builtin.template:
src: caddy_site.conf.j2
dest: "{{ (caddy_config_path, svc.domain + '.conf') | path_join }}"

21
_ansible/roles/umami/vars/main.yml Normal file
View file

@ -0,0 +1,21 @@
svc:
domain: "analytics.serguzim.me"
name: umami
port: 3000
db:
host: "{{ postgres.host }}"
user: "{{ vault_umami.db.user }}"
pass: "{{ vault_umami.db.pass }}"
db: umami
svc_env:
DATABASE_URL: postgres://{{ svc.db.user }}:{{ svc.db.pass }}@{{ svc.db.host }}/{{ svc.db.db }}
DATABASE_TYPE: postgresql
FORCE_SSL: 1
HOSTNAME: "{{ svc.domain }}"
HASH_SALT: "{{ vault_umami.hash_salt }}"
compose:
watchtower: true
image: docker.umami.dev/umami-software/umami:postgresql-latest
env: true

4
_ansible/templates/caddy_site.conf.j2
View file

@ -1,4 +1,4 @@
{{ service.domain }} { {{ svc.domain }} {
import default import default
reverse_proxy {{ service.name }}:{{ service.port }} reverse_proxy {{ svc.name }}:{{ svc.port }}
} }

7
_ansible/templates/docker-compose.yml.j2
View file

@ -1 +1,6 @@
{{ compose_default_file | combine(compose_file, recursive=True) | to_nice_yaml }} {% set compose_file = compose_file | default({}) %}
{% set compose_file = compose_default_file | combine(compose_file, recursive=True) %}
{% if compose.env | default(False) %}
{% set compose_file = compose_file | combine(compose_env_file, recursive=True) %}
{% endif %}
{{ compose_file | to_nice_yaml }}

3
_ansible/templates/service.env.j2 Normal file
View file

@ -0,0 +1,3 @@
{% for key, value in svc_env.items() %}
{{ key }}={{ value }}
{% endfor %}

5
umami/.env
View file

@ -1,5 +0,0 @@
DATABASE_URL=""
DATABASE_TYPE="postgresql"
HASH_SALT=""
FORCE_SSL="1"
HOSTNAME="analytics.serguzim.me"

18
umami/docker-compose.yml
View file

@ -1,18 +0,0 @@
version: '3'
services:
app:
image: docker.umami.dev/umami-software/umami:postgresql-latest
restart: always
labels:
com.centurylinklabs.watchtower.enable: true
env_file:
- .env
- .secret.env
networks:
apps:
aliases:
- umami
networks:
apps:
external: true