Add minio to ansible

Remove hardly used compose shortscuts
2023-12-11 15:27:03 +01:00 · 2023-12-11 14:49:43 +01:00
17 changed files with 74 additions and 93 deletions
--- a/.gitignore
+++ b/.gitignore
@ -13,6 +13,7 @@
 /homebox/
 /influxdb/
 /jellyfin/
+/minio/
 /tandoor/
 /telegraf/
 /tinytinyrss/
--- a/_ansible/inventory/group_vars/all/compose_defaults.yml
+++ b/_ansible/inventory/group_vars/all/compose_defaults.yml
@ -15,27 +15,12 @@ compose_file_main:
    apps:
      external: true

-compose_file_depends_on:
-  services:
-    app:
-      depends_on: "{{ compose.depends_on }}"
-
 compose_file_env:
  services:
    app:
      env_file:
        - service.env

-compose_file_user:
-  services:
-    app:
-      user: "{{ compose.user }}"
-
-compose_file_ports:
-  services:
-    app:
-      ports: "{{ compose.ports }}"
-
 compose_file_volumes:
  services:
    app:
--- a/_ansible/inventory/host_vars/node002/main.yml
+++ b/_ansible/inventory/host_vars/node002/main.yml
@ -1 +1,2 @@
-services_path: /opt/services/
+ansible_port: "{{ vault_node002.ansible_port }}"
+ansible_user: "{{ vault_node002.ansible_user }}"
--- a/_ansible/inventory/host_vars/node003/main.yml
+++ b/_ansible/inventory/host_vars/node003/main.yml
@ -0,0 +1,2 @@
+ansible_port: "{{ vault_node003.ansible_port }}"
+ansible_user: "{{ vault_node003.ansible_user }}"
--- a/_ansible/inventory/serguzim.net.yml
+++ b/_ansible/inventory/serguzim.net.yml
@ -4,3 +4,5 @@ all:
      ansible_connection: local
    node002:
      ansible_host: node002.serguzim.net
+    node003:
+      ansible_host: node003.serguzim.net
--- a/_ansible/node003.yml
+++ b/_ansible/node003.yml
@ -0,0 +1,5 @@
+---
+- name: Run roles for node003
+  hosts: node003
+  roles:
+    - minio
--- a/_ansible/roles/acme-dns/vars/main.yml
+++ b/_ansible/roles/acme-dns/vars/main.yml
@ -16,8 +16,11 @@ svc:
 compose:
  watchtower: true
  image: joohoi/acme-dns
-  ports:
-    - "53:53"
-    - "53:53/udp"
  volumes:
    - ./config:/etc/acme-dns:ro
+  file:
+    services:
+      app:
+        ports:
+          - "53:53"
+          - "53:53/udp"
--- a/_ansible/roles/forgejo/vars/main.yml
+++ b/_ansible/roles/forgejo/vars/main.yml
@ -85,10 +85,12 @@ compose:
    - data:/data
    - /etc/timezone:/etc/timezone:ro
    - /etc/localtime:/etc/localtime:ro
-  ports:
-    - "{{ svc.ssh_port }}:{{ svc.ssh_port }}"
-    - "{{ svc.ssh_port_alt }}:{{ svc.ssh_port }}"
  file:
+    services:
+      app:
+        ports:
+          - "{{ svc.ssh_port }}:{{ svc.ssh_port }}"
+          - "{{ svc.ssh_port_alt }}:{{ svc.ssh_port }}"
    volumes:
      data:

--- a/_ansible/roles/jellyfin/vars/main.yml
+++ b/_ansible/roles/jellyfin/vars/main.yml
@ -12,13 +12,15 @@ svc_env:
 compose:
  watchtower: true
  image: jellyfin/jellyfin
-  user: 8096:8096
  env: true
  volumes:
    - config:/config
    - cache:/cache
    - media:/media
  file:
+    services:
+      app:
+        user: 8096:8096
    volumes:
      config:
      cache:
--- a/_ansible/roles/minio/tasks/main.yml
+++ b/_ansible/roles/minio/tasks/main.yml
@ -0,0 +1,7 @@
+---
+- name: Deploy {{ svc.name }}
+  tags:
+    - minio
+    - storage
+  block:
+    - import_tasks: deploy-common-service.yml
--- a/_ansible/roles/minio/vars/main.yml
+++ b/_ansible/roles/minio/vars/main.yml
@ -0,0 +1,34 @@
+svc:
+  domain: "s3.serguzim.me"
+  name: minio
+  port: 9000
+  caddy_extra: |
+     @nocache {
+        query nocache=*
+     }
+     header @nocache "Cache-Control" "no-store, no-cache"
+  extra_svcs:
+  - domain: console.s3.serguzim.me
+    docker_host: minio
+    port: 9001
+
+svc_env:
+  MINIO_SERVER_URL: "https://{{ svc.domain }}/"
+  MINIO_BROWSER_REDIRECT_URL: "https://console.{{ svc.domain }}"
+  MINIO_VOLUMES: "/data"
+
+  MINIO_ROOT_USER: "{{ vault_minio.user }}"
+  MINIO_ROOT_PASSWORD: "{{ vault_minio.pass }}"
+
+compose:
+  watchtower: true
+  image: minio/minio
+  env: true
+  volumes:
+    - data:/data
+  file:
+    services:
+      app:
+        command: server --console-address ":9001"
+    volumes:
+      data:
--- a/_ansible/roles/tinytinyrss/vars/main.yml
+++ b/_ansible/roles/tinytinyrss/vars/main.yml
@ -21,13 +21,14 @@ svc_env:
 compose:
  watchtower: false
  image: cthulhoo/ttrss-web-nginx
-  depends_on:
-    - tt-rss
  env: true
  volumes:
    - app:/var/www/html:ro
    - ./nginx.conf:/etc/nginx/nginx.conf
  file:
+    app:
+      depends_on:
+        - tt-rss
    services:
      tt-rss:
        image: cthulhoo/ttrss-fpm-pgsql-static
--- a/_ansible/templates/docker-compose.yml.j2
+++ b/_ansible/templates/docker-compose.yml.j2
@ -1,22 +1,10 @@
 {%- set compose_file = compose.file | default({}) -%}
 {%- set compose_file = compose_file_main | combine(compose_file, recursive=True) -%}

-{%- if compose.depends_on | default(False) -%}
-    {%- set compose_file = compose_file | combine(compose_file_depends_on, recursive=True) -%}
-{%- endif -%}
-
 {%- if compose.env | default(False) -%}
    {%- set compose_file = compose_file | combine(compose_file_env, recursive=True) -%}
 {%- endif -%}

-{%- if compose.ports | default(False) -%}
-    {%- set compose_file = compose_file | combine(compose_file_ports, recursive=True) -%}
-{%- endif -%}
-
-{%- if compose.user | default(False) -%}
-    {%- set compose_file = compose_file | combine(compose_file_user, recursive=True) -%}
-{%- endif -%}
-
 {%- if compose.volumes | default(False) -%}
    {%- set compose_file = compose_file | combine(compose_file_volumes, recursive=True) -%}
 {%- endif -%}
--- a/authentik/docker-compose.yml
+++ b/authentik/docker-compose.yml
@ -11,7 +11,7 @@ services:
    depends_on:
      - redis
    networks:
-      local-net:
+      default:
      apps:
        aliases:
          - authentik
@ -29,15 +29,15 @@ services:
    depends_on:
      - redis
    networks:
-      local-net:
+      default:

  redis:
    image: redis:alpine
    restart: unless-stopped
    networks:
-      local-net:
+      default:

 networks:
-  local-net:
+  default:
  apps:
    external: true
--- a/caddy/config/conf.003.d/s3.serguzim.me.conf
+++ b/caddy/config/conf.003.d/s3.serguzim.me.conf
@ -1,16 +0,0 @@
-s3.serguzim.me {
-	import default
-
-	@nocache {
-		query nocache=*
-	}
-	header @nocache "Cache-Control" "no-store, no-cache"
-	#header "Cache-Control" "no-store, no-cache"
-
-	reverse_proxy minio:9000
-}
-
-console.s3.serguzim.me {
-	import default
-	reverse_proxy minio:9001
-}
--- a/minio/.env
+++ b/minio/.env
@ -1,12 +0,0 @@
-MINIO_SERVER_URL="https://s3.serguzim.me/"
-MINIO_BROWSER_REDIRECT_URL="https://console.s3.serguzim.me"
-MINIO_VOLUMES="/data"
-
-MINIO_ROOT_USER=
-MINIO_ROOT_PASSWORD=
-
-#MINIO_IDENTITY_OPENID_CONFIG_URL="https://auth.serguzim.me/application/o/s3-serguzim-me/.well-known/openid-configuration"
-#MINIO_IDENTITY_OPENID_CLIENT_ID=
-#MINIO_IDENTITY_OPENID_CLIENT_SECRET=
-#MINIO_IDENTITY_OPENID_CLAIM_NAME="policy"
-#MINIO_IDENTITY_OPENID_REDIRECT_URI="https://console.s3.serguzim.me/oauth_callback"
--- a/minio/docker-compose.yml
+++ b/minio/docker-compose.yml
@ -1,24 +0,0 @@
-version: '3'
-services:
-  app:
-    image: minio/minio
-    restart: always
-    labels:
-      com.centurylinklabs.watchtower.enable: true
-    env_file:
-      - .env
-      - .secret.env
-    volumes:
-      - "data:/data"
-    command: server --console-address ":9001"
-    networks:
-      apps:
-        aliases:
-          - minio
-
-volumes:
-  data:
-
-networks:
-  apps:
-    external: true
Author	SHA1	Message	Date
Tobias Reisinger	e006f44dd6	Add minio to ansible	2023-12-11 15:27:03 +01:00
Tobias Reisinger	5f9747c378	Remove hardly used compose shortscuts	2023-12-11 14:49:43 +01:00