Remove whoami from default site playbook

whoami should be used as a test and debugging container and should not
be necessary or used for production deployment.

.gitignore

@@ -60,3 +60,4 @@ tags
 # End of https://www.toptal.com/developers/gitignore/api/vim,linux,vagrant,ansible
 
 development.yml
+single-test.yml

roles/gitea/handlers/main.yml

@@ -1,9 +1,10 @@
 - name: Add admin user
-  community.docker.docker_container_exec: 
+  community.docker.docker_container_exec:
     container: "{{ gitea_app_container_name['stdout'] }}"
     command: >
       gitea admin user create --admin --username {{ gitea_app_admin_username }} --password {{ gitea_app_admin_password }} --email {{ gitea_app_admin_email }}
-  become: yes
+    user: git
+  become: true
   listen: "no admin user"
   
 ## Register reverse proxy

roles/gitea/tasks/main.yml

@@ -17,7 +17,7 @@
   when: gitea_use_ci == True
 
 - name: Set agent key
-  ansible.builtin.set_fact: 
+  ansible.builtin.set_fact:
     gitea_woodpecker_agent_secret: "{{ gitea_woodpecker_agent_secret.stdout }}"
   when: gitea_woodpecker_agent_secret.stdout is not undefined and not None
 
@@ -91,29 +91,35 @@
   become: yes
   tags:
     - docker-swarm
+  register: gitea_deployment
   notify: "update gitea upstream"
 
+- name: Wait 30 seconds for gitea to become healthy
+  wait_for:
+    timeout: 60
+  delegate_to: localhost
+  when: gitea_deployment is changed
+
 - name: Get app container info
   ansible.builtin.command:
     cmd: docker ps -q -f name={{ stack_name }}_app
   become: yes
   until: gitea_app_container_name['rc'] == 0 and gitea_app_container_name['stdout'] | length >= 1
-  retries: 5
+  retries: 10
   delay: 10
   changed_when: False
   register: gitea_app_container_name
 
 - name: Look for existing admin user
-  community.docker.docker_container_exec: 
+  community.docker.docker_container_exec:
     container: "{{ gitea_app_container_name['stdout'] }}"
     user: git
     command: >
       gitea admin user list --admin
-  become: yes
+  until: gitea_admin_list is defined and gitea_admin_list['rc'] == 0
-  until: "'connection refused' not in gitea_admin_list['stdout'] and 'Failed to run app' not in gitea_admin_list['stdout']"
+  retries: 15
-  retries: 10
   delay: 10
-  changed_when: gitea_admin_list['stdout_lines'] | length <= 1 and 'Username' in gitea_admin_list['stdout'] 
+  become: true
-  failed_when: (gitea_admin_list['rc'] == 1 and gitea_admin_list['attempts'] >= 5) or 'Gitea is not supposed to be run as root' in gitea_admin_list['stdout']
   register: gitea_admin_list
+  changed_when: gitea_admin_list['stdout_lines'] | length <= 1 and 'Username' in gitea_admin_list['stdout']
   notify: "no admin user"

roles/ntfy/defaults/main.yml

@@ -1,5 +1,4 @@
 ---
-
 ntfy_version: latest
 
 ntfy_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
@@ -8,9 +7,9 @@ ntfy_use_https: true
 
 subdomain_alias: push
 
-ntfy_global_topic_limit: "15000" 
+ntfy_global_topic_limit: 15000
-ntfy_visitor_subscription_limit: "30"
+ntfy_visitor_subscription_limit: 30
-ntfy_visitor_request_limit_burst: "60"
+ntfy_visitor_request_limit_burst: 60
 ntfy_visitor_request_limit_replenish: "10s"
 ntfy_cache_duration: "12h"
 ntfy_attachment_total_size_limit: "5G"

roles/ntfy/templates/docker-stack.yml.j2

@@ -14,6 +14,8 @@ services:
       - cache:/var/cache/ntfy
     networks:
       - "{{ docker_swarm_public_network_name }}"
+    command:
+      - serve
 
 volumes:
   cache:

roles/ntfy/templates/server.yml.j2

@@ -1,7 +1,7 @@
 base-url: "https://{{ server_domain }}"
-global_topic_limit: "{{ ntfy_global_topic_limit }}"
+global_topic_limit: {{ ntfy_global_topic_limit }}
-visitor_subscription_limit: "{{ ntfy_visitor_subscription_limit }}"
+visitor_subscription_limit: {{ ntfy_visitor_subscription_limit }}
-visitor_request_limit_burst: "{{ ntfy_visitor_request_limit_burst }}"
+visitor_request_limit_burst: {{ ntfy_visitor_request_limit_burst }}
 visitor_request_limit_replenish: "{{ ntfy_visitor_request_limit_replenish }}"
 cache-file: "/var/cache/ntfy/cache.db"
 cache_duration: "{{ ntfy_cache_duration }}"

site.yml

@@ -1,85 +1,79 @@
 ---
-
 - hosts: all
   tasks:
     - name: Make sure system is fully upgraded
-      import_role: 
+      import_role:
         role: system-upgrade
       tags: system-upgrade
 
     - name: Make sure docker is installed
-      import_role: 
+      import_role:
         role: docker
       tags: docker
 
     - name: Make sure docker-swarm is set up
-      import_role: 
+      import_role:
         role: docker-swarm
       tags: docker-swarm
 
 - hosts: docker_swarm_manager_node
   tasks:
     - name: Install caddy reverse proxy
-      import_role: 
+      import_role:
         role: caddy
       tags: caddy
 
-    - name: Install whoami
-      import_role: 
-        role: whoami
-      tags: whoami
-
     - name: Install wallabag
-      import_role: 
+      import_role:
         role: wallabag
       tags: wallabag
 
     - name: Install miniflux
-      import_role: 
+      import_role:
         role: miniflux
       tags: miniflux
 
     - name: Install searx
-      import_role: 
+      import_role:
         role: searx
       tags: searx
 
     - name: Install traggo
-      import_role: 
+      import_role:
         role: traggo
       tags: traggo
 
     - name: Install monica
-      import_role: 
+      import_role:
         role: monica
       tags: monica
 
     - name: Install nextcloud
-      import_role: 
+      import_role:
         role: nextcloud
       tags: nextcloud
 
     - name: Install shaarli
-      import_role: 
+      import_role:
         role: shaarli
       tags: shaarli
 
     - name: Install landingpage
-      import_role: 
+      import_role:
         role: landingpage
       tags: landingpage
 
     - name: Install my personal blog
-      import_role: 
+      import_role:
         role: blog
       tags: blog
 
     - name: Install gitea
-      import_role: 
+      import_role:
         role: gitea
       tags: gitea
 
     - name: Install ntfy
-      import_role: 
+      import_role:
         role: ntfy
       tags: ntfy