From 6b4c4ccde4a99be9a26066a3ce4811aba086732e Mon Sep 17 00:00:00 2001 From: Marty Oehme Date: Mon, 24 Jun 2024 20:24:04 +0200 Subject: [PATCH 1/8] Update dependencies to enable easy single-tag deployments Previously every deployment (even just for a single tag, such as `ansible-playbook site.yml --tags landingpage`) would have the caddy deployment in its dependency. That meant in effect whenever there was an updated caddy image, the role would update it and we would lose all previous caddy configuration - which in turn would necessitate a complete redeploymnet of all steps. This is now not the case anymore. --- roles/caddy/meta/main.yml | 1 - roles/caddy_id/meta/main.yml | 1 - roles/docker-swarm/meta/main.yml | 4 ++++ roles/forgejo/meta/main.yml | 9 +++++---- roles/landingpage/meta/main.yml | 5 ++--- roles/miniflux/meta/main.yml | 5 ++--- roles/monica/meta/main.yml | 5 ++--- roles/nextcloud/meta/main.yml | 5 ++--- roles/ntfy/meta/main.yml | 5 ++--- roles/searx/meta/main.yml | 5 ++--- roles/shaarli/meta/main.yml | 5 ++--- roles/traggo/meta/main.yml | 5 ++--- roles/wallabag/meta/main.yml | 5 ++--- roles/whoami/meta/main.yml | 3 +-- 14 files changed, 28 insertions(+), 35 deletions(-) create mode 100644 roles/docker-swarm/meta/main.yml diff --git a/roles/caddy/meta/main.yml b/roles/caddy/meta/main.yml index 5863772..21860e2 100644 --- a/roles/caddy/meta/main.yml +++ b/roles/caddy/meta/main.yml @@ -1,5 +1,4 @@ --- dependencies: - - docker - docker-swarm diff --git a/roles/caddy_id/meta/main.yml b/roles/caddy_id/meta/main.yml index 5863772..21860e2 100644 --- a/roles/caddy_id/meta/main.yml +++ b/roles/caddy_id/meta/main.yml @@ -1,5 +1,4 @@ --- dependencies: - - docker - docker-swarm diff --git a/roles/docker-swarm/meta/main.yml b/roles/docker-swarm/meta/main.yml new file mode 100644 index 0000000..78053e7 --- /dev/null +++ b/roles/docker-swarm/meta/main.yml @@ -0,0 +1,4 @@ +--- + +dependencies: + - docker diff --git a/roles/forgejo/meta/main.yml b/roles/forgejo/meta/main.yml index 727f63b..9775d89 100644 --- a/roles/forgejo/meta/main.yml +++ b/roles/forgejo/meta/main.yml @@ -4,12 +4,13 @@ galaxy_info: author: Marty Oehme description: Light-weight git hosting license: GPL-3.0-only - min_ansible_version: 2.9 + min_ansible_version: "2.9" galaxy_tags: [] platforms: - name: GenericLinux - versions: all - + versions: + - all + dependencies: - - docker - docker-swarm + - caddy_id diff --git a/roles/landingpage/meta/main.yml b/roles/landingpage/meta/main.yml index fbb1340..a834afd 100644 --- a/roles/landingpage/meta/main.yml +++ b/roles/landingpage/meta/main.yml @@ -4,11 +4,10 @@ galaxy_info: author: Marty Oehme description: Installs my personal public facing landing page as a docker stack service license: GPL-3.0-only - min_ansible_version: 2.9 + min_ansible_version: "2.9" galaxy_tags: [] dependencies: - - docker - docker-swarm - - caddy + - caddy_id diff --git a/roles/miniflux/meta/main.yml b/roles/miniflux/meta/main.yml index 50da3df..9e40a88 100644 --- a/roles/miniflux/meta/main.yml +++ b/roles/miniflux/meta/main.yml @@ -4,11 +4,10 @@ galaxy_info: author: Marty Oehme description: Installs miniflux as a docker stack service license: GPL-3.0-only - min_ansible_version: 2.9 + min_ansible_version: "2.9" galaxy_tags: [] dependencies: - - docker - docker-swarm - - caddy + - caddy_id diff --git a/roles/monica/meta/main.yml b/roles/monica/meta/main.yml index 3858e67..4fd4bc3 100644 --- a/roles/monica/meta/main.yml +++ b/roles/monica/meta/main.yml @@ -4,11 +4,10 @@ galaxy_info: author: Marty Oehme description: Installs monica as a docker stack service license: GPL-3.0-only - min_ansible_version: 2.9 + min_ansible_version: "2.9" galaxy_tags: [] dependencies: - - docker - docker-swarm - - caddy + - caddy_id diff --git a/roles/nextcloud/meta/main.yml b/roles/nextcloud/meta/main.yml index b503ed3..7989cf3 100644 --- a/roles/nextcloud/meta/main.yml +++ b/roles/nextcloud/meta/main.yml @@ -4,11 +4,10 @@ galaxy_info: author: Marty Oehme description: Installs nextcloud as a docker stack service license: GPL-3.0-only - min_ansible_version: 2.9 + min_ansible_version: "2.9" galaxy_tags: [] dependencies: - - docker - docker-swarm - - caddy + - caddy_id diff --git a/roles/ntfy/meta/main.yml b/roles/ntfy/meta/main.yml index 16d1cd4..0930dd3 100644 --- a/roles/ntfy/meta/main.yml +++ b/roles/ntfy/meta/main.yml @@ -4,11 +4,10 @@ galaxy_info: author: Marty Oehme description: Installs a self-hosted push notification service through docker-swarm. license: GPL-3.0-only - min_ansible_version: 2.9 + min_ansible_version: "2.9" galaxy_tags: [] dependencies: - - docker - docker-swarm - - caddy + - caddy_id diff --git a/roles/searx/meta/main.yml b/roles/searx/meta/main.yml index bb6dde1..2287836 100644 --- a/roles/searx/meta/main.yml +++ b/roles/searx/meta/main.yml @@ -4,11 +4,10 @@ galaxy_info: author: Marty Oehme description: Installs searx as a docker stack service license: GPL-3.0-only - min_ansible_version: 2.9 + min_ansible_version: "2.9" galaxy_tags: [] dependencies: - - docker - docker-swarm - - caddy + - caddy_id diff --git a/roles/shaarli/meta/main.yml b/roles/shaarli/meta/main.yml index 0be34a8..4406e21 100644 --- a/roles/shaarli/meta/main.yml +++ b/roles/shaarli/meta/main.yml @@ -4,11 +4,10 @@ galaxy_info: author: Marty Oehme description: Installs shaarli as a docker stack service license: GPL-3.0-only - min_ansible_version: 2.9 + min_ansible_version: "2.9" galaxy_tags: [] dependencies: - - docker - docker-swarm - - caddy + - caddy_id diff --git a/roles/traggo/meta/main.yml b/roles/traggo/meta/main.yml index ddd5c7f..fe81846 100644 --- a/roles/traggo/meta/main.yml +++ b/roles/traggo/meta/main.yml @@ -4,11 +4,10 @@ galaxy_info: author: Marty Oehme description: Installs traggo as a docker stack service license: GPL-3.0-only - min_ansible_version: 2.9 + min_ansible_version: "2.9" galaxy_tags: [] dependencies: - - docker - docker-swarm - - caddy + - caddy_id diff --git a/roles/wallabag/meta/main.yml b/roles/wallabag/meta/main.yml index ed54c0d..7215ce9 100644 --- a/roles/wallabag/meta/main.yml +++ b/roles/wallabag/meta/main.yml @@ -4,11 +4,10 @@ galaxy_info: author: Marty Oehme description: Installs wallabag as a docker stack service license: GPL-3.0-only - min_ansible_version: 2.9 + min_ansible_version: "2.9" galaxy_tags: [] dependencies: - - docker - docker-swarm - - caddy + - caddy_id diff --git a/roles/whoami/meta/main.yml b/roles/whoami/meta/main.yml index bf789d1..386d89d 100644 --- a/roles/whoami/meta/main.yml +++ b/roles/whoami/meta/main.yml @@ -1,6 +1,5 @@ --- dependencies: - - docker - docker-swarm - - caddy + - caddy_id From c498b3ced8cef2291375cf84a504bfc41946fc0a Mon Sep 17 00:00:00 2001 From: Marty Oehme Date: Mon, 24 Jun 2024 20:36:55 +0200 Subject: [PATCH 2/8] Apply prettier formatting --- README.md | 11 +++++------ group_vars/testing.yml | 25 ++++++++++++------------- roles/caddy/README.md | 27 +++++++++++++-------------- roles/caddy/defaults/main.yml | 1 - roles/caddy/meta/main.yml | 1 - roles/caddy/vars/main.yml | 1 - roles/caddy_id/README.md | 27 +++++++++++++-------------- roles/caddy_id/meta/main.yml | 1 - roles/docker-swarm/defaults/main.yml | 2 -- roles/docker-swarm/meta/main.yml | 1 - roles/docker-swarm/tasks/main.yml | 4 ++-- roles/forgejo/README.md | 4 ++-- roles/forgejo/defaults/main.yml | 1 - roles/forgejo/meta/main.yml | 1 - roles/forgejo/tasks/Ubuntu.yml | 1 - roles/forgejo/tasks/main.yml | 4 ++-- roles/forgejo/vars/main.yml | 1 - roles/landingpage/README.md | 9 ++++----- roles/landingpage/defaults/main.yml | 1 - roles/landingpage/handlers/main.yml | 5 ++--- roles/landingpage/meta/main.yml | 2 -- roles/landingpage/tasks/main.yml | 1 - roles/landingpage/vars/main.yml | 1 - roles/miniflux/README.md | 4 ++-- roles/miniflux/defaults/main.yml | 1 - roles/miniflux/handlers/main.yml | 5 ++--- roles/miniflux/meta/main.yml | 2 -- roles/miniflux/tasks/main.yml | 1 - roles/miniflux/vars/main.yml | 1 - roles/monica/README.md | 22 +++++++++++----------- roles/monica/defaults/main.yml | 5 ++--- roles/monica/handlers/main.yml | 5 ++--- roles/monica/meta/main.yml | 2 -- roles/monica/tasks/Ubuntu.yml | 1 - roles/monica/tasks/main.yml | 4 +--- roles/monica/vars/main.yml | 1 - roles/nextcloud/README.md | 28 ++++++++++++++-------------- roles/nextcloud/defaults/main.yml | 2 -- roles/nextcloud/handlers/main.yml | 5 ++--- roles/nextcloud/meta/main.yml | 2 -- roles/nextcloud/tasks/main.yml | 3 +-- roles/nextcloud/vars/main.yml | 1 - roles/ntfy/README.md | 6 +++--- roles/ntfy/handlers/main.yml | 5 ++--- roles/ntfy/meta/main.yml | 2 -- roles/ntfy/tasks/main.yml | 3 +-- roles/ntfy/vars/main.yml | 1 - roles/searx/README.md | 12 ++++++------ roles/searx/defaults/main.yml | 2 -- roles/searx/handlers/main.yml | 5 ++--- roles/searx/meta/main.yml | 2 -- roles/searx/tasks/main.yml | 1 - roles/searx/vars/main.yml | 1 - roles/shaarli/README.md | 9 ++++----- roles/shaarli/defaults/main.yml | 1 - roles/shaarli/handlers/main.yml | 5 ++--- roles/shaarli/meta/main.yml | 2 -- roles/shaarli/tasks/main.yml | 1 - roles/shaarli/vars/main.yml | 1 - roles/traggo/README.md | 6 +++--- roles/traggo/defaults/main.yml | 1 - roles/traggo/handlers/main.yml | 5 ++--- roles/traggo/meta/main.yml | 2 -- roles/traggo/tasks/main.yml | 1 - roles/traggo/vars/main.yml | 1 - roles/wallabag/README.md | 1 - roles/wallabag/defaults/main.yml | 1 - roles/wallabag/handlers/main.yml | 4 ++-- roles/wallabag/meta/main.yml | 2 -- roles/wallabag/vars/main.yml | 1 - roles/whoami/defaults/main.yml | 1 - roles/whoami/handlers/main.yml | 5 ++--- roles/whoami/meta/main.yml | 1 - roles/whoami/tasks/main.yml | 1 - roles/whoami/vars/main.yml | 2 -- site.yml | 4 ++-- 76 files changed, 123 insertions(+), 202 deletions(-) diff --git a/README.md b/README.md index 2eddd2f..3f2016a 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ vagrant plugin install vagrant-hosts vagrant-hostsupdater ``` Additionally, since the test setup mirrors the production setup in that it makes use of subdomains for the individual hosted applications, -the server needs to be reachable under a domain name, +the server needs to be reachable under a domain name, not just an IP address. For now this is most simply accomplished through editing the hosts file, e.g.: @@ -23,21 +23,20 @@ For now this is most simply accomplished through editing the hosts file, e.g.: ``` This will allow you to reach the main domain under `http(s)://ansible.test` and sets up two subdomains that can be reached. -Be aware that the hosts file does not support subdomain wildcards. -You will have to specify each hostname individually or use a tool such as `dnsmasq`. +Be aware that the hosts file does not support subdomain wildcards. +You will have to specify each hostname individually or use a tool such as `dnsmasq`. Read more [here](https://serverfault.com/questions/118378/in-my-etc-hosts-file-on-linux-osx-how-do-i-do-a-wildcard-subdomain). -Then you are ready to run the complete infrastructure setup locally, +Then you are ready to run the complete infrastructure setup locally, simply by executing `ansible-playbook site.yml`. You can of course pick and choose what should be executed with host limits, tags, group variables, and so on, but this should provide an easy way to see if a) the playbook is working as intended and b) what it does is useful. - ## Deployment Most variables to be changed should be set either through `group_variables` or `host_variables`. For my deployment I have a `production` group under `group_variables` which houses both a `vars.yml` containing basic variables -(like `server_domain`, `caddy_email`, etc.) +(like `server_domain`, `caddy_email`, etc.) and a `vault.yml` which houses everything that should ideally not be lying around in plain-text (individual container and database passwords for the various roles etc). diff --git a/group_vars/testing.yml b/group_vars/testing.yml index a449c70..6a95df5 100644 --- a/group_vars/testing.yml +++ b/group_vars/testing.yml @@ -1,22 +1,21 @@ --- - docker_swarm_advertise_addr: eth1 caddy_use_debug: yes caddy_tls_use_staging: yes -blog_use_https: no -caddy_use_https: no -forgejo_use_https: no +blog_use_https: no +caddy_use_https: no +forgejo_use_https: no landingpage_use_https: no -miniflux_use_https: no -monica_use_https: no -nextcloud_use_https: no -ntfy_use_https: no -searx_use_https: no -shaarli_use_https: no -traggo_use_https: no -wallabag_use_https: no -whoami_use_https: no +miniflux_use_https: no +monica_use_https: no +nextcloud_use_https: no +ntfy_use_https: no +searx_use_https: no +shaarli_use_https: no +traggo_use_https: no +wallabag_use_https: no +whoami_use_https: no server_domain: ansible.test diff --git a/roles/caddy/README.md b/roles/caddy/README.md index 88871db..eda03d2 100644 --- a/roles/caddy/README.md +++ b/roles/caddy/README.md @@ -1,7 +1,7 @@ -# Caddy +# Caddy Caddy is the reverse proxy for all other services running on the infrastructure. -It was chosen for its relative ease of use, +It was chosen for its relative ease of use, interactible API and https-by-default setup. ## Variables @@ -48,28 +48,27 @@ caddy_version: alpine Sets the docker image version to be used. - ## Internal variables ```yaml caddy_stack: - name: caddy - compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}" + name: caddy + compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}" ``` -Defines the actual docker stack which will later run on the target. -The name can be changed and will be used as a proxy target (`caddy.mydomain.com` or `192.168.1.1/caddy`) --- +Defines the actual docker stack which will later run on the target. +The name can be changed and will be used as a proxy target (`caddy.mydomain.com` or `192.168.1.1/caddy`) --- though to be clear there is no intention currently to expose the caddy to the web at the moment.\ -The compose option defines which template to use for the `docker-stack.yml` file. You can either change options for the stack in the template file, +The compose option defines which template to use for the `docker-stack.yml` file. You can either change options for the stack in the template file, or directly here like the following: ```yaml - compose: - - "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}" - - version: '3' - services: - another-container: - image: nginx:latest +compose: + - "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}" + - version: "3" + services: + another-container: + image: nginx:latest # ... ``` diff --git a/roles/caddy/defaults/main.yml b/roles/caddy/defaults/main.yml index 338f58c..0592a85 100644 --- a/roles/caddy/defaults/main.yml +++ b/roles/caddy/defaults/main.yml @@ -1,5 +1,4 @@ --- - caddy_version: alpine caddy_caddyfile_dir: "{{ docker_stack_files_dir }}/caddy" diff --git a/roles/caddy/meta/main.yml b/roles/caddy/meta/main.yml index 21860e2..5a00c2a 100644 --- a/roles/caddy/meta/main.yml +++ b/roles/caddy/meta/main.yml @@ -1,4 +1,3 @@ --- - dependencies: - docker-swarm diff --git a/roles/caddy/vars/main.yml b/roles/caddy/vars/main.yml index 27530c3..7684a29 100644 --- a/roles/caddy/vars/main.yml +++ b/roles/caddy/vars/main.yml @@ -1,5 +1,4 @@ --- - caddy_stack: name: caddy compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}" diff --git a/roles/caddy_id/README.md b/roles/caddy_id/README.md index 88871db..eda03d2 100644 --- a/roles/caddy_id/README.md +++ b/roles/caddy_id/README.md @@ -1,7 +1,7 @@ -# Caddy +# Caddy Caddy is the reverse proxy for all other services running on the infrastructure. -It was chosen for its relative ease of use, +It was chosen for its relative ease of use, interactible API and https-by-default setup. ## Variables @@ -48,28 +48,27 @@ caddy_version: alpine Sets the docker image version to be used. - ## Internal variables ```yaml caddy_stack: - name: caddy - compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}" + name: caddy + compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}" ``` -Defines the actual docker stack which will later run on the target. -The name can be changed and will be used as a proxy target (`caddy.mydomain.com` or `192.168.1.1/caddy`) --- +Defines the actual docker stack which will later run on the target. +The name can be changed and will be used as a proxy target (`caddy.mydomain.com` or `192.168.1.1/caddy`) --- though to be clear there is no intention currently to expose the caddy to the web at the moment.\ -The compose option defines which template to use for the `docker-stack.yml` file. You can either change options for the stack in the template file, +The compose option defines which template to use for the `docker-stack.yml` file. You can either change options for the stack in the template file, or directly here like the following: ```yaml - compose: - - "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}" - - version: '3' - services: - another-container: - image: nginx:latest +compose: + - "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}" + - version: "3" + services: + another-container: + image: nginx:latest # ... ``` diff --git a/roles/caddy_id/meta/main.yml b/roles/caddy_id/meta/main.yml index 21860e2..5a00c2a 100644 --- a/roles/caddy_id/meta/main.yml +++ b/roles/caddy_id/meta/main.yml @@ -1,4 +1,3 @@ --- - dependencies: - docker-swarm diff --git a/roles/docker-swarm/defaults/main.yml b/roles/docker-swarm/defaults/main.yml index 9399a91..4e9d4af 100644 --- a/roles/docker-swarm/defaults/main.yml +++ b/roles/docker-swarm/defaults/main.yml @@ -1,5 +1,3 @@ --- - docker_stack_files_dir: /stacks docker_swarm_public_network_name: public - diff --git a/roles/docker-swarm/meta/main.yml b/roles/docker-swarm/meta/main.yml index 78053e7..128f19c 100644 --- a/roles/docker-swarm/meta/main.yml +++ b/roles/docker-swarm/meta/main.yml @@ -1,4 +1,3 @@ --- - dependencies: - docker diff --git a/roles/docker-swarm/tasks/main.yml b/roles/docker-swarm/tasks/main.yml index 01cf75b..e44183e 100644 --- a/roles/docker-swarm/tasks/main.yml +++ b/roles/docker-swarm/tasks/main.yml @@ -28,7 +28,7 @@ ansible.builtin.file: path: "{{ docker_stack_files_dir }}" state: directory - mode: '0755' + mode: "0755" become: true - tags: + tags: - fs diff --git a/roles/forgejo/README.md b/roles/forgejo/README.md index 63fbbb8..f99dea6 100644 --- a/roles/forgejo/README.md +++ b/roles/forgejo/README.md @@ -26,8 +26,8 @@ The docker image version to be used in stack creation. subdomain_alias: git ``` -If the deployed container should be served over a uri that is not the stack name. -By default, it will be set to `git.yourdomain.com` - +If the deployed container should be served over a uri that is not the stack name. +By default, it will be set to `git.yourdomain.com` - if this option is not set it will be served on `forgejo.yourdomain.com` instead. For now forgejo will still need to be initially set up after installation. diff --git a/roles/forgejo/defaults/main.yml b/roles/forgejo/defaults/main.yml index 4eb6702..90cd0da 100644 --- a/roles/forgejo/defaults/main.yml +++ b/roles/forgejo/defaults/main.yml @@ -1,5 +1,4 @@ --- - forgejo_version: 7 forgejo_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}" diff --git a/roles/forgejo/meta/main.yml b/roles/forgejo/meta/main.yml index 9775d89..f6b84d0 100644 --- a/roles/forgejo/meta/main.yml +++ b/roles/forgejo/meta/main.yml @@ -1,5 +1,4 @@ --- - galaxy_info: author: Marty Oehme description: Light-weight git hosting diff --git a/roles/forgejo/tasks/Ubuntu.yml b/roles/forgejo/tasks/Ubuntu.yml index 234e270..dd5b043 100644 --- a/roles/forgejo/tasks/Ubuntu.yml +++ b/roles/forgejo/tasks/Ubuntu.yml @@ -9,4 +9,3 @@ - apt - download - packages - diff --git a/roles/forgejo/tasks/main.yml b/roles/forgejo/tasks/main.yml index 3c85e01..33e8abc 100644 --- a/roles/forgejo/tasks/main.yml +++ b/roles/forgejo/tasks/main.yml @@ -36,7 +36,7 @@ ansible.builtin.file: path: "/app/forgejo/" state: directory - mode: '0770' + mode: "0770" owner: "{{ git_user['uid'] }}" group: "{{ git_user['group'] }}" become: true @@ -47,7 +47,7 @@ dest: "/app/forgejo/forgejo" owner: "{{ git_user['uid'] }}" group: "{{ git_user['group'] }}" - mode: '0750' + mode: "0750" become: true - name: Host machine forgejo command points to passthrough command diff --git a/roles/forgejo/vars/main.yml b/roles/forgejo/vars/main.yml index 66bd2c3..f28238d 100644 --- a/roles/forgejo/vars/main.yml +++ b/roles/forgejo/vars/main.yml @@ -1,5 +1,4 @@ --- - stack_name: forgejo stack_image: "codeberg.org/forgejo/forgejo" diff --git a/roles/landingpage/README.md b/roles/landingpage/README.md index d649b50..d0d3487 100644 --- a/roles/landingpage/README.md +++ b/roles/landingpage/README.md @@ -1,10 +1,10 @@ # landingpage -The public face of my server. +The public face of my server. Not much to see here honestly, just a few simple lines of html explaining what this server is about and how to contact me. -I don't see anybody else benefiting massively from this role but me, +I don't see anybody else benefiting massively from this role but me, but if you want the same web presence go for it I suppose 😉 ## Defaults @@ -31,7 +31,6 @@ The docker image version to be used in stack creation. subdomain_alias: www ``` -If the deployed container should be served over a uri that is not the stack name. -By default, it will be set to `www.yourdomain.com` - +If the deployed container should be served over a uri that is not the stack name. +By default, it will be set to `www.yourdomain.com` - if this option is not set it will be served on `landingpage.yourdomain.com` instead. - diff --git a/roles/landingpage/defaults/main.yml b/roles/landingpage/defaults/main.yml index b47f57f..fed7288 100644 --- a/roles/landingpage/defaults/main.yml +++ b/roles/landingpage/defaults/main.yml @@ -1,5 +1,4 @@ --- - landingpage_version: latest landingpage_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}" diff --git a/roles/landingpage/handlers/main.yml b/roles/landingpage/handlers/main.yml index 27471e1..e82422e 100644 --- a/roles/landingpage/handlers/main.yml +++ b/roles/landingpage/handlers/main.yml @@ -3,7 +3,7 @@ ansible.builtin.file: path: "{{ landingpage_upstream_file_dir }}" state: directory - mode: '0755' + mode: "0755" become: true listen: "update landingpage upstream" @@ -40,7 +40,7 @@ community.docker.docker_container_exec: container: "{{ caddy_container_id }}" command: > - curl -X POST -H "Content-Type: application/json" -d @{{ landingpage_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (landingpage_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ + curl -X POST -H "Content-Type: application/json" -d @{{ landingpage_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (landingpage_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ become: true listen: "update landingpage upstream" @@ -50,4 +50,3 @@ state: absent become: true listen: "update landingpage upstream" - diff --git a/roles/landingpage/meta/main.yml b/roles/landingpage/meta/main.yml index a834afd..75e0801 100644 --- a/roles/landingpage/meta/main.yml +++ b/roles/landingpage/meta/main.yml @@ -1,5 +1,4 @@ --- - galaxy_info: author: Marty Oehme description: Installs my personal public facing landing page as a docker stack service @@ -7,7 +6,6 @@ galaxy_info: min_ansible_version: "2.9" galaxy_tags: [] - dependencies: - docker-swarm - caddy_id diff --git a/roles/landingpage/tasks/main.yml b/roles/landingpage/tasks/main.yml index 3ed7acb..c0fad7c 100644 --- a/roles/landingpage/tasks/main.yml +++ b/roles/landingpage/tasks/main.yml @@ -21,4 +21,3 @@ tags: - docker-swarm notify: "update landingpage upstream" - diff --git a/roles/landingpage/vars/main.yml b/roles/landingpage/vars/main.yml index df7f3d7..436b8cc 100644 --- a/roles/landingpage/vars/main.yml +++ b/roles/landingpage/vars/main.yml @@ -1,5 +1,4 @@ --- - stack_name: landingpage stack_image: "martyo/cloudserve-landing" diff --git a/roles/miniflux/README.md b/roles/miniflux/README.md index f1ce4c1..282e3c6 100644 --- a/roles/miniflux/README.md +++ b/roles/miniflux/README.md @@ -27,6 +27,6 @@ The docker image version to be used in stack creation. subdomain_alias: rss ``` -If the deployed container should be served over a uri that is not the stack name. -By default, it will be set to `rss.yourdomain.com` - +If the deployed container should be served over a uri that is not the stack name. +By default, it will be set to `rss.yourdomain.com` - if this option is not set it will be served on `miniflux.yourdomain.com` instead. diff --git a/roles/miniflux/defaults/main.yml b/roles/miniflux/defaults/main.yml index b57d96f..a241f22 100644 --- a/roles/miniflux/defaults/main.yml +++ b/roles/miniflux/defaults/main.yml @@ -1,5 +1,4 @@ --- - miniflux_version: latest miniflux_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}" diff --git a/roles/miniflux/handlers/main.yml b/roles/miniflux/handlers/main.yml index 3f578d3..d26b2a6 100644 --- a/roles/miniflux/handlers/main.yml +++ b/roles/miniflux/handlers/main.yml @@ -3,7 +3,7 @@ ansible.builtin.file: path: "{{ miniflux_upstream_file_dir }}" state: directory - mode: '0755' + mode: "0755" become: true listen: "update miniflux upstream" @@ -40,7 +40,7 @@ community.docker.docker_container_exec: container: "{{ caddy_container_id }}" command: > - curl -X POST -H "Content-Type: application/json" -d @{{ miniflux_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (miniflux_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ + curl -X POST -H "Content-Type: application/json" -d @{{ miniflux_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (miniflux_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ become: true listen: "update miniflux upstream" @@ -50,4 +50,3 @@ state: absent become: true listen: "update miniflux upstream" - diff --git a/roles/miniflux/meta/main.yml b/roles/miniflux/meta/main.yml index 9e40a88..f9aeaf0 100644 --- a/roles/miniflux/meta/main.yml +++ b/roles/miniflux/meta/main.yml @@ -1,5 +1,4 @@ --- - galaxy_info: author: Marty Oehme description: Installs miniflux as a docker stack service @@ -7,7 +6,6 @@ galaxy_info: min_ansible_version: "2.9" galaxy_tags: [] - dependencies: - docker-swarm - caddy_id diff --git a/roles/miniflux/tasks/main.yml b/roles/miniflux/tasks/main.yml index 0384287..46cd068 100644 --- a/roles/miniflux/tasks/main.yml +++ b/roles/miniflux/tasks/main.yml @@ -21,4 +21,3 @@ tags: - docker-swarm notify: "update miniflux upstream" - diff --git a/roles/miniflux/vars/main.yml b/roles/miniflux/vars/main.yml index 05bf0b2..495ffee 100644 --- a/roles/miniflux/vars/main.yml +++ b/roles/miniflux/vars/main.yml @@ -1,5 +1,4 @@ --- - stack_name: miniflux stack_image: "miniflux/miniflux" diff --git a/roles/monica/README.md b/roles/monica/README.md index c95ec92..f953fe3 100644 --- a/roles/monica/README.md +++ b/roles/monica/README.md @@ -27,8 +27,8 @@ The docker image version to be used in stack creation. subdomain_alias: prm ``` -If the deployed container should be served over a uri that is not the stack name. -By default, it will be set to `prm.yourdomain.com` (personal relationship manager) - +If the deployed container should be served over a uri that is not the stack name. +By default, it will be set to `prm.yourdomain.com` (personal relationship manager) - if this option is not set it will be served on `monica.yourdomain.com` instead. ``` @@ -38,14 +38,14 @@ monica_db_password: mymonicadbpassword ``` Set the default username and password combination on first container start. -If loading from an existing volume this does nothing, otherwise it sets the +If loading from an existing volume this does nothing, otherwise it sets the first user so you can instantly log in. ``` monica_app_disable_signups: true ``` -Sets the behavior on the login screen --- +Sets the behavior on the login screen --- if set to true (default) will not let anyone but the first user sign up, who automatically becomes an administrative user. If set to false will allow multiple users to sign up on the instance. @@ -57,13 +57,13 @@ monica_app_weather_api_key: If `monica_app_geolocation_api_key` is set, Monica will translate addresses input into the app to geographical latitude/ longitude data. -It requires an api key from https://locationiq.com/, which are free for +It requires an api key from https://locationiq.com/, which are free for 10.000 daily requests. -Similarly, if `monica_app_weather_api_key` is set, monica will (afaik) show -weather data for the location of individual contacts. +Similarly, if `monica_app_weather_api_key` is set, monica will (afaik) show +weather data for the location of individual contacts. It requires an API key from https://darksky.net/dev/register, where -1.000 daily requests are free. +1.000 daily requests are free. Be aware, however, that since darksky's sale to Apple, no new API signups are possible. To use this feature, `monica_app_geolocation_api_key` must also be filled out. @@ -71,8 +71,8 @@ To use this feature, `monica_app_geolocation_api_key` must also be filled out. monica_mail_host: smtp.eu.mailgun.org monica_mail_port: 465 monica_mail_encryption: tls -monica_mail_username: -monica_mail_password: +monica_mail_username: +monica_mail_password: monica_mail_from: monica@yourserver.com monica_mail_from_name: Monica monica_mail_new_user_notification_address: "{{ caddy_email }}" @@ -81,5 +81,5 @@ monica_mail_new_user_notification_address: "{{ caddy_email }}" Sets up the necessary details for Monica to send out registration and reminder e-mails. Requires an smtp server set up, most easily doable through things like mailgun or sendgrid. Variables should be relatively self-explanatory, -with `monica_mail_new_user_notification_address` being the address the notifications should be sent *to*, +with `monica_mail_new_user_notification_address` being the address the notifications should be sent _to_, so in all probability some sort of administration address. diff --git a/roles/monica/defaults/main.yml b/roles/monica/defaults/main.yml index f4d1d5e..303401e 100644 --- a/roles/monica/defaults/main.yml +++ b/roles/monica/defaults/main.yml @@ -1,5 +1,4 @@ --- - monica_version: latest monica_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}" @@ -19,8 +18,8 @@ monica_db_password: mymonicadbpassword #monica_app_weather_api_key: #monica_mail_host: smtp.eu.mailgun.org -#monica_mail_username: -#monica_mail_password: +#monica_mail_username: +#monica_mail_password: monica_mail_port: 465 monica_mail_encryption: tls #monica_mail_from: monica@yourserver.com diff --git a/roles/monica/handlers/main.yml b/roles/monica/handlers/main.yml index 58d7dea..c7d2644 100644 --- a/roles/monica/handlers/main.yml +++ b/roles/monica/handlers/main.yml @@ -3,7 +3,7 @@ ansible.builtin.file: path: "{{ monica_upstream_file_dir }}" state: directory - mode: '0755' + mode: "0755" become: true listen: "update monica upstream" @@ -40,7 +40,7 @@ community.docker.docker_container_exec: container: "{{ caddy_container_id }}" command: > - curl -X POST -H "Content-Type: application/json" -d @{{ monica_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (monica_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ + curl -X POST -H "Content-Type: application/json" -d @{{ monica_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (monica_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ become: true listen: "update monica upstream" @@ -50,4 +50,3 @@ state: absent become: true listen: "update monica upstream" - diff --git a/roles/monica/meta/main.yml b/roles/monica/meta/main.yml index 4fd4bc3..b456668 100644 --- a/roles/monica/meta/main.yml +++ b/roles/monica/meta/main.yml @@ -1,5 +1,4 @@ --- - galaxy_info: author: Marty Oehme description: Installs monica as a docker stack service @@ -7,7 +6,6 @@ galaxy_info: min_ansible_version: "2.9" galaxy_tags: [] - dependencies: - docker-swarm - caddy_id diff --git a/roles/monica/tasks/Ubuntu.yml b/roles/monica/tasks/Ubuntu.yml index 234e270..dd5b043 100644 --- a/roles/monica/tasks/Ubuntu.yml +++ b/roles/monica/tasks/Ubuntu.yml @@ -9,4 +9,3 @@ - apt - download - packages - diff --git a/roles/monica/tasks/main.yml b/roles/monica/tasks/main.yml index 2777f7b..30d9aab 100644 --- a/roles/monica/tasks/main.yml +++ b/roles/monica/tasks/main.yml @@ -12,8 +12,7 @@ ansible.builtin.shell: echo -n 'base64:'; openssl rand -base64 32 register: monica_app_key -- set_fact: - monica_app_key={{ monica_app_key.stdout }} +- set_fact: monica_app_key={{ monica_app_key.stdout }} ## install container - name: Check upstream status @@ -37,4 +36,3 @@ tags: - docker-swarm notify: "update monica upstream" - diff --git a/roles/monica/vars/main.yml b/roles/monica/vars/main.yml index a4495b4..4635128 100644 --- a/roles/monica/vars/main.yml +++ b/roles/monica/vars/main.yml @@ -1,5 +1,4 @@ --- - stack_name: monica stack_image: "monica" diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 047548b..146fed9 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -4,13 +4,14 @@ A full office suite and groupware proposition, though its main draw for most is the file synchronization abilities. AKA Dropbox replacement. -This software can grow enormous and enormously complicated, +This software can grow enormous and enormously complicated, this Ansible setup role concentrates on 3 things: -* a stable and secure base setup from the official docker container -* automatic setup of an email pipeline so users can reset passwords and be updated of changes -* the ability to use S3 object storage as the primary way of storing users' files -The rest should be taken care of either automatically, +- a stable and secure base setup from the official docker container +- automatic setup of an email pipeline so users can reset passwords and be updated of changes +- the ability to use S3 object storage as the primary way of storing users' files + +The rest should be taken care of either automatically, or supplied after the fact (if using different plugins or similar). ## Defaults @@ -32,7 +33,7 @@ nextcloud_version: fpm nextcloud_db_version: 12 ``` -The docker image version to be used in stack creation. +The docker image version to be used in stack creation. The role sets up the `php-fpm` version of the official Nextcloud image. That means, Caddy is used in front as the server which presents all pages and access to files, the Nextcloud image itself only serves as the PHP data store. @@ -41,17 +42,17 @@ If changing the version to one relying on Nextcloud's in-built Apache server, take care to change where the upstream proxy is pointing to since the Caddy server in front loses its meaning. The second variable points to the docker image that should be used for the PostgreSQL database, -with 12 pre-filled as default. +with 12 pre-filled as default. You can put this to latest, but should take care to migrate the database correctly when an update rolls around, -or it *will* destroy your data at some point. +or it _will_ destroy your data at some point. Generally, it seems easier to pin this to a specific version and then only update manually. ```yml subdomain_alias: files ``` -If the deployed container should be served over a uri that is not the stack name. -By default, it will be set to `files.yourdomain.com` - +If the deployed container should be served over a uri that is not the stack name. +By default, it will be set to `files.yourdomain.com` - if this option is not set it will be served on `nextcloud.yourdomain.com` instead. If you change or delete this, you should also change what `nextcloud_trusted_domains` points to. @@ -66,7 +67,7 @@ nextcloud_db_password: secretnextcloud ``` Sets the default username and password for application and database. -All of these variables are necessary to circumvent the manual installation process +All of these variables are necessary to circumvent the manual installation process you would usually be faced with on first creating a Nextcloud instance. Ideally change all of these for your personal setup, but it is especially important to change the app admin login data since they are what is public facing. @@ -77,7 +78,7 @@ nextcloud_trusted_domains: "{{ subdomain_alias }}.{{ server_domain }}" The domains that are allowed to access your Nextcloud instance. Should point to any domains that you want it accessible on, -can be a space-separated list of them. +can be a space-separated list of them. Take care to include the sub-domain if your are accessing it through one of them. [Further explanation](https://blog.martyoeh.me/posts/2021-11-18-nextcloud-trusted-domains/). @@ -130,7 +131,6 @@ If your details are correct, Nextcloud should automatically set up S3 as its pri Be careful if you switch an existing data volume of the Nextcloud image to S3 as you will lose all access to existing files. -The files *should* not be deleted at this point, +The files _should_ not be deleted at this point, only access will be lost, but you are playing with fire at this point. - diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index 37e73ba..95e9271 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -1,5 +1,4 @@ --- - # set preferred application version nextcloud_version: 28-fpm-alpine # set preferred postgres version @@ -31,7 +30,6 @@ nextcloud_smtp_authtype: LOGIN # nextcloud_smtp_password: nextcloud_smtp_from_address: noreply nextcloud_smtp_from_domain: "{{ server_domain }}" - # the following block is required *fully* for primary object storage # nextcloud_s3_host: s3.eu-central-1.wasabisys.com # nextcloud_s3_bucket: nextcloud diff --git a/roles/nextcloud/handlers/main.yml b/roles/nextcloud/handlers/main.yml index 5c4556c..82d4a16 100644 --- a/roles/nextcloud/handlers/main.yml +++ b/roles/nextcloud/handlers/main.yml @@ -3,7 +3,7 @@ ansible.builtin.file: path: "{{ nextcloud_upstream_file_dir }}" state: directory - mode: '0755' + mode: "0755" become: true listen: "update nextcloud upstream" @@ -40,7 +40,7 @@ community.docker.docker_container_exec: container: "{{ caddy_container_id }}" command: > - curl -X POST -H "Content-Type: application/json" -d @{{ nextcloud_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (nextcloud_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ + curl -X POST -H "Content-Type: application/json" -d @{{ nextcloud_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (nextcloud_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ become: true listen: "update nextcloud upstream" @@ -50,4 +50,3 @@ state: absent become: true listen: "update nextcloud upstream" - diff --git a/roles/nextcloud/meta/main.yml b/roles/nextcloud/meta/main.yml index 7989cf3..8eb68a7 100644 --- a/roles/nextcloud/meta/main.yml +++ b/roles/nextcloud/meta/main.yml @@ -1,5 +1,4 @@ --- - galaxy_info: author: Marty Oehme description: Installs nextcloud as a docker stack service @@ -7,7 +6,6 @@ galaxy_info: min_ansible_version: "2.9" galaxy_tags: [] - dependencies: - docker-swarm - caddy_id diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index a6d6617..8275a71 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -14,7 +14,7 @@ ansible.builtin.file: path: "{{ nextcloud_upstream_file_dir }}" state: directory - mode: '0755' + mode: "0755" become: true notify: "update nextcloud upstream" @@ -36,4 +36,3 @@ tags: - docker-swarm notify: "update nextcloud upstream" - diff --git a/roles/nextcloud/vars/main.yml b/roles/nextcloud/vars/main.yml index a1a21cd..65a4821 100644 --- a/roles/nextcloud/vars/main.yml +++ b/roles/nextcloud/vars/main.yml @@ -1,5 +1,4 @@ --- - stack_name: nextcloud stack_image: "nextcloud" diff --git a/roles/ntfy/README.md b/roles/ntfy/README.md index df9bd6d..cd7dde5 100644 --- a/roles/ntfy/README.md +++ b/roles/ntfy/README.md @@ -19,7 +19,7 @@ The on-target directory where the proxy configuration file should be stashed. ntfy_use_https: true ``` -Whether the service should be reachable through http (port 80) or through https (port 443) and provision an https certificate. +Whether the service should be reachable through http (port 80) or through https (port 443) and provision an https certificate. Usually you will want this to stay `true`, especially on the public facing web. @@ -33,8 +33,8 @@ The docker image version to be used in stack creation. subdomain_alias: push ``` -If the deployed container should be served over a uri that is not the stack name. -By default, it will be set to `push.yourdomain.com` - +If the deployed container should be served over a uri that is not the stack name. +By default, it will be set to `push.yourdomain.com` - if this option is not set it will be served on `ntfy.yourdomain.com` instead. The individual `ntfy` options to be changed are very well described on diff --git a/roles/ntfy/handlers/main.yml b/roles/ntfy/handlers/main.yml index 82744c9..c26f731 100644 --- a/roles/ntfy/handlers/main.yml +++ b/roles/ntfy/handlers/main.yml @@ -3,7 +3,7 @@ ansible.builtin.file: path: "{{ ntfy_upstream_file_dir }}" state: directory - mode: '0755' + mode: "0755" become: true listen: "update ntfy upstream" @@ -40,7 +40,6 @@ community.docker.docker_container_exec: container: "{{ caddy_container_id }}" command: > - curl -X POST -H "Content-Type: application/json" -d @{{ ntfy_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (ntfy_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ + curl -X POST -H "Content-Type: application/json" -d @{{ ntfy_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (ntfy_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ become: true listen: "update ntfy upstream" - diff --git a/roles/ntfy/meta/main.yml b/roles/ntfy/meta/main.yml index 0930dd3..14b8f5d 100644 --- a/roles/ntfy/meta/main.yml +++ b/roles/ntfy/meta/main.yml @@ -1,5 +1,4 @@ --- - galaxy_info: author: Marty Oehme description: Installs a self-hosted push notification service through docker-swarm. @@ -7,7 +6,6 @@ galaxy_info: min_ansible_version: "2.9" galaxy_tags: [] - dependencies: - docker-swarm - caddy_id diff --git a/roles/ntfy/tasks/main.yml b/roles/ntfy/tasks/main.yml index fc9ff80..df8ce94 100644 --- a/roles/ntfy/tasks/main.yml +++ b/roles/ntfy/tasks/main.yml @@ -3,7 +3,7 @@ ansible.builtin.file: path: "{{ ntfy_upstream_file_dir }}" state: directory - mode: '0755' + mode: "0755" become: true - name: Move ntfy configuration file to target dir @@ -35,4 +35,3 @@ tags: - docker-swarm notify: "update ntfy upstream" - diff --git a/roles/ntfy/vars/main.yml b/roles/ntfy/vars/main.yml index a3c184b..d4bdc5c 100644 --- a/roles/ntfy/vars/main.yml +++ b/roles/ntfy/vars/main.yml @@ -1,5 +1,4 @@ --- - stack_name: ntfy stack_image: "binwiederhier/ntfy" diff --git a/roles/searx/README.md b/roles/searx/README.md index 0d42d4a..09300d4 100644 --- a/roles/searx/README.md +++ b/roles/searx/README.md @@ -26,8 +26,8 @@ The docker image version to be used in stack creation. subdomain_alias: search ``` -If the deployed container should be served over a uri that is not the stack name. -By default, it will be set to `search.yourdomain.com` - +If the deployed container should be served over a uri that is not the stack name. +By default, it will be set to `search.yourdomain.com` - if this option is not set it will be served on `searx.yourdomain.com` instead. ``` @@ -39,11 +39,11 @@ searx_authentication: By default, the searx instance is not protected with a login, however you can have caddy provide a basic auth login form by using this variable. -You can either change the login to suit you by generating a combination +You can either change the login to suit you by generating a combination (or multiple, it will also work with an arbitrary amount of logins), -or remove the necessity to login altogether by not setting the +or remove the necessity to login altogether by not setting the `searx_authentication` variable to anything. -The password needs to be in a hashed format, which is easiest to accomplish -with the help of caddy itself --- simply doing `caddy hash-password` will +The password needs to be in a hashed format, which is easiest to accomplish +with the help of caddy itself --- simply doing `caddy hash-password` will allow you to create a new hashed password. diff --git a/roles/searx/defaults/main.yml b/roles/searx/defaults/main.yml index b129040..5204c77 100644 --- a/roles/searx/defaults/main.yml +++ b/roles/searx/defaults/main.yml @@ -1,5 +1,4 @@ --- - searx_version: latest searx_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}" @@ -8,7 +7,6 @@ searx_use_https: true # the subdomain link searx will be reachable under subdomain_alias: search - # searx_authentication: # - username: mysearxusername # password: JDJhJDE0JFdjUnQ5WWllcU8wa01xS0JBS2dlMy5zMEhRTmxqTXdIZmdjcTN6ZGFwRjJlYUdoSHAwRUhL # mysearxpassword diff --git a/roles/searx/handlers/main.yml b/roles/searx/handlers/main.yml index ceeaaf3..3a6e6f6 100644 --- a/roles/searx/handlers/main.yml +++ b/roles/searx/handlers/main.yml @@ -3,7 +3,7 @@ ansible.builtin.file: path: "{{ searx_upstream_file_dir }}" state: directory - mode: '0755' + mode: "0755" become: true listen: "update searx upstream" @@ -40,7 +40,7 @@ community.docker.docker_container_exec: container: "{{ caddy_container_id }}" command: > - curl -X POST -H "Content-Type: application/json" -d @{{ searx_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (searx_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ + curl -X POST -H "Content-Type: application/json" -d @{{ searx_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (searx_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ become: true listen: "update searx upstream" @@ -50,4 +50,3 @@ state: absent become: true listen: "update searx upstream" - diff --git a/roles/searx/meta/main.yml b/roles/searx/meta/main.yml index 2287836..25dd7f7 100644 --- a/roles/searx/meta/main.yml +++ b/roles/searx/meta/main.yml @@ -1,5 +1,4 @@ --- - galaxy_info: author: Marty Oehme description: Installs searx as a docker stack service @@ -7,7 +6,6 @@ galaxy_info: min_ansible_version: "2.9" galaxy_tags: [] - dependencies: - docker-swarm - caddy_id diff --git a/roles/searx/tasks/main.yml b/roles/searx/tasks/main.yml index eef1581..75e7772 100644 --- a/roles/searx/tasks/main.yml +++ b/roles/searx/tasks/main.yml @@ -21,4 +21,3 @@ tags: - docker-swarm notify: "update searx upstream" - diff --git a/roles/searx/vars/main.yml b/roles/searx/vars/main.yml index 9cdba41..b55339a 100644 --- a/roles/searx/vars/main.yml +++ b/roles/searx/vars/main.yml @@ -1,5 +1,4 @@ --- - stack_name: searx stack_image: "searxng/searxng" diff --git a/roles/shaarli/README.md b/roles/shaarli/README.md index f9e23f7..b6c56e9 100644 --- a/roles/shaarli/README.md +++ b/roles/shaarli/README.md @@ -3,11 +3,11 @@ A simple and fast bookmark manager. Can be deployed in minutes and takes minimum amount of resources. -Be aware that shaarli installations can *not* be fully automated. +Be aware that shaarli installations can _not_ be fully automated. That means after running this ansible role you will still have to setup up the first run wizard and create a user and so forth (if not running with an existing data-store). Do this quickly after setup, -*especially* if your instance is public-facing! +_especially_ if your instance is public-facing! {: .alert .alert-warning} ## Defaults @@ -34,7 +34,6 @@ The docker image version to be used in stack creation. subdomain_alias: links ``` -If the deployed container should be served over a uri that is not the stack name. -By default, it will be set to `links.yourdomain.com` - +If the deployed container should be served over a uri that is not the stack name. +By default, it will be set to `links.yourdomain.com` - if this option is not set it will be served on `shaarli.yourdomain.com` instead. - diff --git a/roles/shaarli/defaults/main.yml b/roles/shaarli/defaults/main.yml index 9dd0b02..a654c5f 100644 --- a/roles/shaarli/defaults/main.yml +++ b/roles/shaarli/defaults/main.yml @@ -1,5 +1,4 @@ --- - shaarli_version: release # they offer: latest and release (stable) versions shaarli_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}" diff --git a/roles/shaarli/handlers/main.yml b/roles/shaarli/handlers/main.yml index 6e138d5..4f5434b 100644 --- a/roles/shaarli/handlers/main.yml +++ b/roles/shaarli/handlers/main.yml @@ -3,7 +3,7 @@ ansible.builtin.file: path: "{{ shaarli_upstream_file_dir }}" state: directory - mode: '0755' + mode: "0755" become: true listen: "update shaarli upstream" @@ -40,7 +40,7 @@ community.docker.docker_container_exec: container: "{{ caddy_container_id }}" command: > - curl -X POST -H "Content-Type: application/json" -d @{{ shaarli_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (shaarli_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ + curl -X POST -H "Content-Type: application/json" -d @{{ shaarli_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (shaarli_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ become: true listen: "update shaarli upstream" @@ -50,4 +50,3 @@ state: absent become: true listen: "update shaarli upstream" - diff --git a/roles/shaarli/meta/main.yml b/roles/shaarli/meta/main.yml index 4406e21..8ea1475 100644 --- a/roles/shaarli/meta/main.yml +++ b/roles/shaarli/meta/main.yml @@ -1,5 +1,4 @@ --- - galaxy_info: author: Marty Oehme description: Installs shaarli as a docker stack service @@ -7,7 +6,6 @@ galaxy_info: min_ansible_version: "2.9" galaxy_tags: [] - dependencies: - docker-swarm - caddy_id diff --git a/roles/shaarli/tasks/main.yml b/roles/shaarli/tasks/main.yml index a11eab5..8448ff3 100644 --- a/roles/shaarli/tasks/main.yml +++ b/roles/shaarli/tasks/main.yml @@ -21,4 +21,3 @@ tags: - docker-swarm notify: "update shaarli upstream" - diff --git a/roles/shaarli/vars/main.yml b/roles/shaarli/vars/main.yml index e557c0a..37a348c 100644 --- a/roles/shaarli/vars/main.yml +++ b/roles/shaarli/vars/main.yml @@ -1,5 +1,4 @@ --- - stack_name: shaarli stack_image: "ghcr.io/shaarli/shaarli" diff --git a/roles/traggo/README.md b/roles/traggo/README.md index 648933f..690a526 100644 --- a/roles/traggo/README.md +++ b/roles/traggo/README.md @@ -27,8 +27,8 @@ The docker image version to be used in stack creation. subdomain_alias: time ``` -If the deployed container should be served over a uri that is not the stack name. -By default, it will be set to `time.yourdomain.com` - +If the deployed container should be served over a uri that is not the stack name. +By default, it will be set to `time.yourdomain.com` - if this option is not set it will be served on `traggo.yourdomain.com` instead. ``` @@ -37,5 +37,5 @@ traggo_password: mytraggopassword ``` Set the default username and password combination on first container start. -If loading from an existing volume this does nothing, otherwise it sets the +If loading from an existing volume this does nothing, otherwise it sets the first user so you can instantly log in. diff --git a/roles/traggo/defaults/main.yml b/roles/traggo/defaults/main.yml index 60b5b75..63cfd5a 100644 --- a/roles/traggo/defaults/main.yml +++ b/roles/traggo/defaults/main.yml @@ -1,5 +1,4 @@ --- - traggo_version: latest traggo_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}" diff --git a/roles/traggo/handlers/main.yml b/roles/traggo/handlers/main.yml index e0fc223..6d7dc27 100644 --- a/roles/traggo/handlers/main.yml +++ b/roles/traggo/handlers/main.yml @@ -3,7 +3,7 @@ ansible.builtin.file: path: "{{ traggo_upstream_file_dir }}" state: directory - mode: '0755' + mode: "0755" become: true listen: "update traggo upstream" @@ -40,7 +40,7 @@ community.docker.docker_container_exec: container: "{{ caddy_container_id }}" command: > - curl -X POST -H "Content-Type: application/json" -d @{{ traggo_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (traggo_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ + curl -X POST -H "Content-Type: application/json" -d @{{ traggo_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (traggo_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ become: true listen: "update traggo upstream" @@ -50,4 +50,3 @@ state: absent become: true listen: "update traggo upstream" - diff --git a/roles/traggo/meta/main.yml b/roles/traggo/meta/main.yml index fe81846..3e401d5 100644 --- a/roles/traggo/meta/main.yml +++ b/roles/traggo/meta/main.yml @@ -1,5 +1,4 @@ --- - galaxy_info: author: Marty Oehme description: Installs traggo as a docker stack service @@ -7,7 +6,6 @@ galaxy_info: min_ansible_version: "2.9" galaxy_tags: [] - dependencies: - docker-swarm - caddy_id diff --git a/roles/traggo/tasks/main.yml b/roles/traggo/tasks/main.yml index 07eb336..d20a428 100644 --- a/roles/traggo/tasks/main.yml +++ b/roles/traggo/tasks/main.yml @@ -21,4 +21,3 @@ tags: - docker-swarm notify: "update traggo upstream" - diff --git a/roles/traggo/vars/main.yml b/roles/traggo/vars/main.yml index 114f166..4fd87bb 100644 --- a/roles/traggo/vars/main.yml +++ b/roles/traggo/vars/main.yml @@ -1,5 +1,4 @@ --- - stack_name: traggo stack_image: "traggo/server" diff --git a/roles/wallabag/README.md b/roles/wallabag/README.md index c1eceff..a2f7cc4 100644 --- a/roles/wallabag/README.md +++ b/roles/wallabag/README.md @@ -39,4 +39,3 @@ stack_image: "wallabag/wallabag" ``` The docker hub image to be use in provisioning. - diff --git a/roles/wallabag/defaults/main.yml b/roles/wallabag/defaults/main.yml index dcc02b2..c7b830c 100644 --- a/roles/wallabag/defaults/main.yml +++ b/roles/wallabag/defaults/main.yml @@ -1,5 +1,4 @@ --- - wallabag_version: latest wallabag_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}" diff --git a/roles/wallabag/handlers/main.yml b/roles/wallabag/handlers/main.yml index a104112..e693838 100644 --- a/roles/wallabag/handlers/main.yml +++ b/roles/wallabag/handlers/main.yml @@ -3,7 +3,7 @@ ansible.builtin.file: path: "{{ wallabag_upstream_file_dir }}" state: directory - mode: '0755' + mode: "0755" become: true listen: "update wallabag upstream" @@ -40,7 +40,7 @@ community.docker.docker_container_exec: container: "{{ caddy_container_id }}" command: > - curl -X POST -H "Content-Type: application/json" -d @{{ wallabag_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (wallabag_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ + curl -X POST -H "Content-Type: application/json" -d @{{ wallabag_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (wallabag_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ become: true listen: "update wallabag upstream" diff --git a/roles/wallabag/meta/main.yml b/roles/wallabag/meta/main.yml index 7215ce9..d731e1a 100644 --- a/roles/wallabag/meta/main.yml +++ b/roles/wallabag/meta/main.yml @@ -1,5 +1,4 @@ --- - galaxy_info: author: Marty Oehme description: Installs wallabag as a docker stack service @@ -7,7 +6,6 @@ galaxy_info: min_ansible_version: "2.9" galaxy_tags: [] - dependencies: - docker-swarm - caddy_id diff --git a/roles/wallabag/vars/main.yml b/roles/wallabag/vars/main.yml index d270fd5..c89919f 100644 --- a/roles/wallabag/vars/main.yml +++ b/roles/wallabag/vars/main.yml @@ -1,5 +1,4 @@ --- - stack_name: wallabag stack_image: "wallabag/wallabag" diff --git a/roles/whoami/defaults/main.yml b/roles/whoami/defaults/main.yml index f14f6aa..9b749d6 100644 --- a/roles/whoami/defaults/main.yml +++ b/roles/whoami/defaults/main.yml @@ -1,5 +1,4 @@ --- - whoami_version: latest whoami_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack.name }}" diff --git a/roles/whoami/handlers/main.yml b/roles/whoami/handlers/main.yml index 5c44127..8ef4221 100644 --- a/roles/whoami/handlers/main.yml +++ b/roles/whoami/handlers/main.yml @@ -3,7 +3,7 @@ ansible.builtin.file: path: "{{ whoami_upstream_file_dir }}" state: directory - mode: '0755' + mode: "0755" become: true listen: "update whoami upstream" @@ -40,7 +40,7 @@ community.docker.docker_container_exec: container: "{{ caddy_container_id }}" command: > - curl -X POST -H "Content-Type: application/json" -d @{{ whoami_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (whoami_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ + curl -X POST -H "Content-Type: application/json" -d @{{ whoami_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (whoami_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ become: true listen: "update whoami upstream" @@ -50,4 +50,3 @@ state: absent become: true listen: "update whoami upstream" - diff --git a/roles/whoami/meta/main.yml b/roles/whoami/meta/main.yml index 386d89d..196d3e4 100644 --- a/roles/whoami/meta/main.yml +++ b/roles/whoami/meta/main.yml @@ -1,5 +1,4 @@ --- - dependencies: - docker-swarm - caddy_id diff --git a/roles/whoami/tasks/main.yml b/roles/whoami/tasks/main.yml index d2bbb9a..8723a63 100644 --- a/roles/whoami/tasks/main.yml +++ b/roles/whoami/tasks/main.yml @@ -22,4 +22,3 @@ tags: - docker-swarm notify: "update whoami upstream" - diff --git a/roles/whoami/vars/main.yml b/roles/whoami/vars/main.yml index 80be9fa..89447b2 100644 --- a/roles/whoami/vars/main.yml +++ b/roles/whoami/vars/main.yml @@ -1,6 +1,4 @@ --- - - stack: name: whoami compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}" diff --git a/site.yml b/site.yml index 0ed3a12..bdf23c0 100644 --- a/site.yml +++ b/site.yml @@ -21,13 +21,13 @@ - name: Install caddy reverse proxy import_role: role: caddy - tags: + tags: - caddy - name: Grab caddy container id for all following services import_role: role: caddy_id - tags: + tags: - caddy_id - always From b3f201ed7dd5841afdcbda00660f70abdd19cb62 Mon Sep 17 00:00:00 2001 From: Marty Oehme Date: Mon, 24 Jun 2024 20:50:58 +0200 Subject: [PATCH 3/8] Pin exact caddy version Stay on the exact version unless it is specifically told to upgrade. This is a first-step workaround for the (non-)idempodency issue of the caddy container's json config injection. --- roles/caddy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/caddy/defaults/main.yml b/roles/caddy/defaults/main.yml index 0592a85..dbc9087 100644 --- a/roles/caddy/defaults/main.yml +++ b/roles/caddy/defaults/main.yml @@ -1,5 +1,5 @@ --- -caddy_version: alpine +caddy_version: 2.8.4-alpine # tag exact version to avoid suprising container renewals caddy_caddyfile_dir: "{{ docker_stack_files_dir }}/caddy" caddy_use_debug: no From 86dd20fbf0f7554c53c2bb80de9e95d8ca747954 Mon Sep 17 00:00:00 2001 From: Marty Oehme Date: Mon, 24 Jun 2024 20:51:40 +0200 Subject: [PATCH 4/8] Remove some services from default deployment Services I have not used or not used for a long time will now not be deployed by default (but could still be specifically targeted through tags). --- site.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/site.yml b/site.yml index bdf23c0..e5ccbf3 100644 --- a/site.yml +++ b/site.yml @@ -49,12 +49,16 @@ - name: Install traggo import_role: role: traggo - tags: traggo + tags: + - traggo + - never - name: Install monica import_role: role: monica - tags: monica + tags: + - monica + - never - name: Install nextcloud import_role: @@ -79,4 +83,6 @@ - name: Install ntfy import_role: role: ntfy - tags: ntfy + tags: + - ntfy + - never From b6f7934c5f48d2daba10abab2ddd58f3d08ee5f5 Mon Sep 17 00:00:00 2001 From: Marty Oehme Date: Mon, 24 Jun 2024 22:02:31 +0200 Subject: [PATCH 5/8] Add gitea as potential woodpecker agent target In addition to the connected forgejo instance, we can now also target a remote gitea instance for woodpecker agents, should we want to. --- roles/forgejo/defaults/main.yml | 3 +++ roles/forgejo/templates/docker-stack.yml.j2 | 10 ++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/roles/forgejo/defaults/main.yml b/roles/forgejo/defaults/main.yml index 90cd0da..7d48c99 100644 --- a/roles/forgejo/defaults/main.yml +++ b/roles/forgejo/defaults/main.yml @@ -29,3 +29,6 @@ forgejo_use_ci: false # forgejo_ci_gitlab_secret: # forgejo_ci_forgejo_client: # forgejo_ci_forgejo_secret: +# forgejo_ci_gitea_url: +# forgejo_ci_gitea_client: +# forgejo_ci_gitea_secret: diff --git a/roles/forgejo/templates/docker-stack.yml.j2 b/roles/forgejo/templates/docker-stack.yml.j2 index 5352930..4448c3b 100644 --- a/roles/forgejo/templates/docker-stack.yml.j2 +++ b/roles/forgejo/templates/docker-stack.yml.j2 @@ -81,8 +81,8 @@ services: {% endif %} {% if forgejo_ci_gitlab_client is not undefined and not None and forgejo_ci_gitlab_secret is not undefined and not None %} - WOODPECKER_GITLAB=true - - WOODPECKER_gitlab_CLIENT={{ forgejo_ci_gitlab_client }} - - WOODPECKER_gitlab_SECRET={{ forgejo_ci_gitlab_secret }} + - WOODPECKER_GITLAB_CLIENT={{ forgejo_ci_gitlab_client }} + - WOODPECKER_GITLAB_SECRET={{ forgejo_ci_gitlab_secret }} {% endif %} {% if forgejo_ci_forgejo_client is not undefined and not None and forgejo_ci_forgejo_secret is not undefined and not None %} - WOODPECKER_FORGEJO=true @@ -90,6 +90,12 @@ services: - WOODPECKER_FORGEJO_CLIENT={{ forgejo_ci_forgejo_client }} - WOODPECKER_FORGEJO_SECRET={{ forgejo_ci_forgejo_secret }} {% endif %} +{% if forgejo_ci_gitea_url is not undefined and not None and forgejo_ci_gitea_client is not undefined and not None and forgejo_ci_gitea_secret is not undefined and not None %} + - WOODPECKER_GITEA=true + - "WOODPECKER_GITEA_URL={{ (forgejo_use_https == True) | ternary('https', 'http') }}://{{ (subdomain_alias is not undefined and not none) | ternary(subdomain_alias, stack_name) }}.{{server_domain}}" + - WOODPECKER_GITEA_CLIENT={{ forgejo_ci_gitea_client }} + - WOODPECKER_GITEA_SECRET={{ forgejo_ci_gitea_secret }} +{% endif %} wp-agent: image: woodpeckerci/woodpecker-agent:latest From e8447a628995aa13f13d2079b58cd18c12fecf09 Mon Sep 17 00:00:00 2001 From: Marty Oehme Date: Tue, 25 Jun 2024 12:20:46 +0200 Subject: [PATCH 6/8] Add diun role --- roles/diun/README.md | 5 +++ roles/diun/defaults/main.yml | 26 ++++++++++++ roles/diun/meta/main.yml | 10 +++++ roles/diun/tasks/main.yml | 12 ++++++ roles/diun/templates/docker-stack.yml.j2 | 51 ++++++++++++++++++++++++ roles/diun/vars/main.yml | 6 +++ site.yml | 6 +++ 7 files changed, 116 insertions(+) create mode 100644 roles/diun/README.md create mode 100644 roles/diun/defaults/main.yml create mode 100644 roles/diun/meta/main.yml create mode 100644 roles/diun/tasks/main.yml create mode 100644 roles/diun/templates/docker-stack.yml.j2 create mode 100644 roles/diun/vars/main.yml diff --git a/roles/diun/README.md b/roles/diun/README.md new file mode 100644 index 0000000..5f821f2 --- /dev/null +++ b/roles/diun/README.md @@ -0,0 +1,5 @@ +# diun + +Monitor the deployed swarm containers for updates. +Will notify you when it found any update for any container. +Can (currently) notify you either through mail or on matrix. diff --git a/roles/diun/defaults/main.yml b/roles/diun/defaults/main.yml new file mode 100644 index 0000000..2eb93de --- /dev/null +++ b/roles/diun/defaults/main.yml @@ -0,0 +1,26 @@ +--- +diun_version: 4 + +diun_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}" + +diun_use_https: true + +# the subdomain link diun will be reachable under +subdomain_alias: diun + +diun_tz: Europe/Berlin +diun_log_level: info +diun_watch_swarm_by_default: true + +diun_notif_mail_host: localhost +diun_notif_mail_port: 25 +# diun_notif_mail_username: required for mail +# diun_notif_mail_password: required for mail +# diun_notif_mail_from: required for mail +# diun_notif_mail_to: required for mail + +diun_notif_matrix_url: "https://matrix.org" +#diun_notif_matrix_user: required for matrix +#diun_notif_matrix_password: required for matrix +#diun_notif_matrix_roomid: required for matrix + diff --git a/roles/diun/meta/main.yml b/roles/diun/meta/main.yml new file mode 100644 index 0000000..2c1b831 --- /dev/null +++ b/roles/diun/meta/main.yml @@ -0,0 +1,10 @@ +--- +galaxy_info: + author: Marty Oehme + description: Notify on any docker swarm container updates + license: GPL-3.0-only + min_ansible_version: "2.9" + galaxy_tags: [] + +dependencies: + - docker-swarm diff --git a/roles/diun/tasks/main.yml b/roles/diun/tasks/main.yml new file mode 100644 index 0000000..10456f4 --- /dev/null +++ b/roles/diun/tasks/main.yml @@ -0,0 +1,12 @@ +--- +## install diun container +- name: Deploy diun to swarm + community.general.docker_stack: + name: "{{ stack_name }}" + state: present + prune: yes + compose: + - "{{ stack_compose }}" + become: true + tags: + - docker-swarm diff --git a/roles/diun/templates/docker-stack.yml.j2 b/roles/diun/templates/docker-stack.yml.j2 new file mode 100644 index 0000000..71a07cb --- /dev/null +++ b/roles/diun/templates/docker-stack.yml.j2 @@ -0,0 +1,51 @@ +version: '3.4' + +services: + app: + image: crazymax/diun:latest + # healthcheck: + # test: ["CMD", "wget", "--spider", "-q", "127.0.0.1"] + # interval: 1m + # timeout: 10s + # retries: 3 + # start_period: 1m + command: serve + volumes: + - "data:/data" + - "/var/run/docker.sock:/var/run/docker.sock" + environment: + - "TZ={{ diun_tz }}" + - "LOG_LEVEL={{ diun_log_level }}" + - "LOG_JSON=false" + - "DIUN_WATCH_WORKERS=20" + - "DIUN_WATCH_SCHEDULE=0 */6 * * *" + - "DIUN_WATCH_JITTER=30s" + - "DIUN_PROVIDERS_SWARM=true" + - "DIUN_PROVIDERS_SWARM_WATCHBYDEFAULT={{ diun_watch_swarm_by_default }}" +{% if diun_notif_matrix_user is not undefined and not None and diun_notif_matrix_password is not undefined and not None and diun_notif_matrix_roomid is not undefined and not None %} + - "DIUN_NOTIF_MATRIX_HOMESERVERURL={{ diun_notif_matrix_url }}" + - "DIUN_NOTIF_MATRIX_USER={{ diun_notif_matrix_user }}" + - "DIUN_NOTIF_MATRIX_PASSWORD={{ diun_notif_matrix_password }}" + - "DIUN_NOTIF_MATRIX_ROOMID={{ diun_notif_matrix_roomid }}" +{% endif %} +{% if diun_notif_mail_username is not undefined and not None and diun_notif_mail_password is not undefined and not None and diun_notif_mail_from is not undefined and not None and diun_notif_mail_to is not undefined and not None %} + - "DIUN_NOTIF_MAIL_HOST={{ diun_notif_mail_host }}" + - "DIUN_NOTIF_MAIL_PORT={{ diun_notif_mail_port }}" + - "DIUN_NOTIF_MAIL_USERNAME={{ diun_notif_mail_username }}" + - "DIUN_NOTIF_MAIL_PASSWORD={{ diun_notif_mail_password }}" + - "DIUN_NOTIF_MAIL_FROM={{ diun_notif_mail_from }}" + - "DIUN_NOTIF_MAIL_TO={{ diun_notif_mail_to }}" +{% endif %} +# deploy: +# mode: replicated +# replicas: 1 +# placement: +# constraints: +# - node.role == manager + +volumes: + data: + +networks: + "{{ docker_swarm_public_network_name }}": + external: true diff --git a/roles/diun/vars/main.yml b/roles/diun/vars/main.yml new file mode 100644 index 0000000..91148a4 --- /dev/null +++ b/roles/diun/vars/main.yml @@ -0,0 +1,6 @@ +--- +stack_name: diun + +stack_image: "crazymax/diun" + +stack_compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}" diff --git a/site.yml b/site.yml index e5ccbf3..892a4e2 100644 --- a/site.yml +++ b/site.yml @@ -86,3 +86,9 @@ tags: - ntfy - never + + - name: Install diun + import_role: + role: diun + tags: + - diun From be875edea9c50d275446fd75d1eb4c9da8a46301 Mon Sep 17 00:00:00 2001 From: Marty Oehme Date: Thu, 27 Jun 2024 18:23:15 +0200 Subject: [PATCH 7/8] Only update docker when run explicitly Docker should only be updated when run explicitly as it currently requires a re-run of the complete playbook afterwards (does not work for single-tag deployments e.g.) since it will recreate caddy container and lose all reverse proxy information. --- roles/docker/tasks/Ubuntu.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/roles/docker/tasks/Ubuntu.yml b/roles/docker/tasks/Ubuntu.yml index 92751ce..0ac4236 100644 --- a/roles/docker/tasks/Ubuntu.yml +++ b/roles/docker/tasks/Ubuntu.yml @@ -30,7 +30,18 @@ - repository become: true -- name: Ensure latest docker-ce installed +- name: docker-ce is installed + ansible.builtin.package: + name: "{{ packages }}" + state: present + tags: + - apt + - download + - packages + become: true + notify: Handle docker daemon + +- name: Latest docker-ce is installed ansible.builtin.package: name: "{{ packages }}" state: latest @@ -38,6 +49,8 @@ - apt - download - packages + - docker + - never become: true notify: Handle docker daemon From 801d4b751bceb9d0c3aa3c689c6b7dafc0e5f499 Mon Sep 17 00:00:00 2001 From: Marty Oehme Date: Thu, 27 Jun 2024 18:23:35 +0200 Subject: [PATCH 8/8] Update Nextcloud major version to 29 --- roles/nextcloud/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index 95e9271..4c56dc4 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -1,6 +1,6 @@ --- # set preferred application version -nextcloud_version: 28-fpm-alpine +nextcloud_version: 29-fpm-alpine # set preferred postgres version nextcloud_db_version: 12-alpine