serguzim/services
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: serguzim:6c6ade1b9ab5f07553da87f7ee8c47eb6c825903
Branches Tags
serguzim:main
...
compare: serguzim:5246a6b101bf7b55facc0a8e487dd949d809d258
Branches Tags
serguzim:main

3 commits
6c6ade1b9a ... 5246a6b101

Author SHA1 Message Date
Tobias Reisinger
5246a6b101
Refactor the healthcheck tasks into smaller files 2023-12-20 02:33:23 +01:00
Tobias Reisinger
e64a267ff3
Refactor the backup tasks into smaller files 2023-12-20 02:31:31 +01:00
Tobias Reisinger
da5d6eef8c
Prepare services for lego certificate service 2023-12-20 01:29:53 +01:00
15 changed files with 124 additions and 99 deletions
Show stats Expand all files Collapse all files

16
inventory/group_vars/all/compose_defaults.yml
View file

@ -5,6 +5,16 @@ compose_file_main:
restart: always
labels:
com.centurylinklabs.watchtower.enable: "{{ compose.watchtower | default(false) }}"
compose_file_env:
services:
app:
env_file:
- service.env
compose_file_networks:
services:
app:
networks:
default:
apps:
@ -15,12 +25,6 @@ compose_file_main:
apps:
external: true
compose_file_env:
services:
app:
env_file:
- service.env
compose_file_volumes:
services:
app:

3
inventory/group_vars/all/main.yml
View file

@ -14,6 +14,9 @@ acme_dns:
services_path: /opt/services/
caddy_path: "{{ (services_path, 'caddy') | path_join }}"
caddy_config_path: "{{ (caddy_path, 'config', 'conf.d') | path_join }}"
managed_sites: []
certificates_path: "{{ (services_path, '_certificates') | path_join }}"

6
roles/acme_dns/tasks/main.yml
View file

@ -26,6 +26,12 @@
src: config.cfg.j2
dest: "{{ (config_path, 'config.cfg') | path_join }}"
mode: "0600"
register: cmd_result
- name: Set the docker force-recreate flag
ansible.builtin.set_fact:
docker_force_recreate: --force-recreate
when: cmd_result.changed # noqa: no-handler We need to handle the restart per service. Handlers don't support variables.
- name: Import start tasks for common service
ansible.builtin.import_tasks: tasks/start-common-service.yml

1
roles/acme_dns/templates/config.cfg.j2
View file

@ -6,6 +6,7 @@ nsname = "{{ svc.domain }}"
nsadmin = "{{ svc.nsadmin }}"
records = [
"{{ svc.domain }}. A {{ svc.records.a }}",
"{{ svc.domain }}. AAAA {{ svc.records.aaaa }}",
"{{ svc.domain }}. NS {{ svc.domain }}.",
]
debug = false

1
roles/acme_dns/vars/main.yml
View file

@ -6,6 +6,7 @@ acme_dns_svc:
nsadmin: "{{ admin_email | regex_replace('@', '.') }}"
records:
a: "{{ ansible_facts.default_ipv4.address }}"
aaaa: "{{ ansible_facts.default_ipv6.address }}"
db:
host: "{{ postgres.host }}"
port: "{{ postgres.port }}"

16
roles/backup/tasks/backup.d.yml Normal file
View file

@ -0,0 +1,16 @@
---
- name: Set backup.d path
ansible.builtin.set_fact:
backup_d_path: "{{ (service_path, 'backup.d') | path_join }}"
- name: Create backup.d directory
ansible.builtin.file:
path: "{{ backup_d_path }}"
state: directory
mode: "0755"
- name: Copy the additional backup scripts
ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ backup_d_path }}"
mode: "0755"
with_fileglob:
- "{{ ansible_facts.hostname }}/*"

12
roles/backup/tasks/docker.yml Normal file
View file

@ -0,0 +1,12 @@
---
- name: Copy the Dockerfile
ansible.builtin.copy:
src: Dockerfile
dest: "{{ (service_path, 'Dockerfile') | path_join }}"
mode: "0644"
register: cmd_result
- name: Set the docker rebuild flag
ansible.builtin.set_fact:
docker_rebuild: true
when: cmd_result.changed # noqa: no-handler We need to handle the restart per service. Handlers don't support variables.

60
roles/backup/tasks/main.yml
View file

@ -11,64 +11,18 @@
- name: Import prepare tasks for common service
ansible.builtin.import_tasks: tasks/prepare-common-service.yml
- name: Copy the Dockerfile
ansible.builtin.copy:
src: Dockerfile
dest: "{{ (service_path, 'Dockerfile') | path_join }}"
mode: "0644"
register: cmd_result
- name: Set the docker rebuild flag
ansible.builtin.set_fact:
docker_rebuild: true
when: cmd_result.changed # noqa: no-handler We need to handle the restart per service. Handlers don't support variables.
- name: Set backup.d path
ansible.builtin.set_fact:
backup_d_path: "{{ (service_path, 'backup.d') | path_join }}"
- name: Create backup.d directory
ansible.builtin.file:
path: "{{ backup_d_path }}"
state: directory
mode: "0755"
- name: Copy the additional backup scripts
ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ backup_d_path }}"
mode: "0755"
with_fileglob:
- "{{ ansible_facts.hostname }}/*"
- name: Copy the main backup scripts
- name: Copy the main backup script
ansible.builtin.template:
src: "backup.sh.j2"
dest: "{{ (service_path, 'backup.sh') | path_join }}"
mode: "0755"
- name: Copy the system service
ansible.builtin.template:
src: backup.service.j2
dest: /etc/systemd/system/backup.service
mode: "0644"
become: true
- name: Copy the system timer
ansible.builtin.copy:
src: backup.timer
dest: /etc/systemd/system/backup.timer
mode: "0644"
become: true
- name: Enable the system timer
ansible.builtin.systemd_service:
name: backup.timer
state: started
enabled: true
daemon_reload: true
become: true
- name: Import tasks create a service.env file
ansible.builtin.import_tasks: tasks/steps/template-service-env.yml
- name: Import tasks specific to docker
ansible.builtin.import_tasks: docker.yml
- name: Import tasks specific to the backup.d scripts
ansible.builtin.import_tasks: backup.d.yml
- name: Import tasks specific to systemd
ansible.builtin.import_tasks: systemd.yml
- name: Build service
ansible.builtin.command:

20
roles/backup/tasks/systemd.yml Normal file
View file

@ -0,0 +1,20 @@
---
- name: Copy the system service
ansible.builtin.template:
src: backup.service.j2
dest: /etc/systemd/system/backup.service
mode: "0644"
become: true
- name: Copy the system timer
ansible.builtin.copy:
src: backup.timer
dest: /etc/systemd/system/backup.timer
mode: "0644"
become: true
- name: Enable the system timer
ansible.builtin.systemd_service:
name: backup.timer
state: started
enabled: true
daemon_reload: true
become: true

4
roles/harbor/vars/main.yml
View file

@ -36,8 +36,8 @@ harbor_yml:
port: "{{ harbor_port_http }}"
https:
port: "{{ harbor_port_https }}"
certificate: /opt/services/.lego/certificates/registry.serguzim.me.crt # TODO
private_key: /opt/services/.lego/certificates/registry.serguzim.me.key # TODO
certificate: "{{ (service_path, 'server.crt') | path_join }}"
private_key: "{{ (service_path, 'server.key') | path_join }}"
external_url: https://registry.serguzim.me
harbor_admin_password: "{{ vault_harbor.admin_password }}"
data_volume: "{{ (service_path, 'data') | path_join }}"

2
roles/healthcheck/files/data/http
View file

@ -28,7 +28,7 @@ check_url ()
fi
}
check_url "acme.serguzim.me" "/health"
#check_url "acme.serguzim.me" "/health"
check_url "analytics.serguzim.me"
check_url "auth.serguzim.me"
check_url "ci.serguzim.me"

16
roles/healthcheck/tasks/docker.yml Normal file
View file

@ -0,0 +1,16 @@
---
- name: Copy the docker-compose file
ansible.builtin.copy:
src: docker-compose.yml
dest: "{{ (service_path, 'docker-compose.yml') | path_join }}"
mode: "0644"
- name: Copy the Dockerfile
ansible.builtin.copy:
src: Dockerfile
dest: "{{ (service_path, 'Dockerfile') | path_join }}"
mode: "0644"
- name: Copy the data files
ansible.builtin.copy:
src: data
dest: "{{ service_path }}"
mode: "0755"

41
roles/healthcheck/tasks/main.yml
View file

@ -6,47 +6,14 @@
vars:
svc: "{{ healthcheck_svc }}"
env: "{{ healthcheck_env }}"
compose: "{{ healthcheck_compose }}"
block:
- name: Import tasks to create service directory
ansible.builtin.import_tasks: tasks/steps/create-service-directory.yml
- name: Copy the docker-compose file
ansible.builtin.copy:
src: docker-compose.yml
dest: "{{ (service_path, 'docker-compose.yml') | path_join }}"
mode: "0644"
- name: Copy the Dockerfile
ansible.builtin.copy:
src: Dockerfile
dest: "{{ (service_path, 'Dockerfile') | path_join }}"
mode: "0644"
- name: Copy the data files
ansible.builtin.copy:
src: data
dest: "{{ service_path }}"
mode: "0755"
- name: Template the system service
ansible.builtin.template:
src: healthcheck@.service.j2
dest: /etc/systemd/system/healthcheck@.service
mode: "0644"
become: true
- name: Copy the system timer
ansible.builtin.copy:
src: healthcheck@.timer
dest: /etc/systemd/system/healthcheck@.timer
mode: "0644"
become: true
- name: Enable the system timer
ansible.builtin.systemd_service:
name: healthcheck@{{ item }}.timer
state: started
enabled: true
daemon_reload: true
loop: "{{ healthcheck_svc.checks }}"
become: true
- name: Import tasks specific to docker
ansible.builtin.import_tasks: docker.yml
- name: Import tasks specific to systemd
ansible.builtin.import_tasks: systemd.yml
- name: Import tasks create a service.env file
ansible.builtin.import_tasks: tasks/steps/template-service-env.yml

21
roles/healthcheck/tasks/systemd.yml Normal file
View file

@ -0,0 +1,21 @@
---
- name: Template the system service
ansible.builtin.template:
src: healthcheck@.service.j2
dest: /etc/systemd/system/healthcheck@.service
mode: "0644"
become: true
- name: Copy the system timer
ansible.builtin.copy:
src: healthcheck@.timer
dest: /etc/systemd/system/healthcheck@.timer
mode: "0644"
become: true
- name: Enable the system timer
ansible.builtin.systemd_service:
name: healthcheck@{{ item }}.timer
state: started
enabled: true
daemon_reload: true
loop: "{{ healthcheck_svc.checks }}"
become: true

4
templates/docker-compose.yml.j2
View file

@ -5,6 +5,10 @@
{%- set compose_file = compose_file | combine(compose_file_env, recursive=True) -%}
{%- endif -%}
{%- if compose.network | default(True) -%}
{%- set compose_file = compose_file | combine(compose_file_networks, recursive=True) -%}
{%- endif -%}
{%- if compose.volumes | default(False) -%}
{%- set compose_file = compose_file | combine(compose_file_volumes, recursive=True) -%}
{%- endif -%}