From 8aaefd3f6059d36d4564f64de967f75674144144 Mon Sep 17 00:00:00 2001 From: Marty Oehme Date: Sun, 18 Dec 2022 12:00:33 +0100 Subject: [PATCH 1/4] Fix gitea admin deployment to be less brittle Admin deployment was very timing-dependent: If the server took a while to set it up, it would always error out while deploying. This commit adds sufficient grace-time into the admin request call before the error occurs which should avoid it in most deployments (unless the server is severely underpowered or over-taxed). Also fixes admin creation to avoid root usage in the container when it is not called for. --- roles/gitea/handlers/main.yml | 5 +++-- roles/gitea/tasks/main.yml | 22 ++++++++++++++-------- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/roles/gitea/handlers/main.yml b/roles/gitea/handlers/main.yml index c45c3a5..b5fe994 100644 --- a/roles/gitea/handlers/main.yml +++ b/roles/gitea/handlers/main.yml @@ -1,9 +1,10 @@ - name: Add admin user - community.docker.docker_container_exec: + community.docker.docker_container_exec: container: "{{ gitea_app_container_name['stdout'] }}" command: > gitea admin user create --admin --username {{ gitea_app_admin_username }} --password {{ gitea_app_admin_password }} --email {{ gitea_app_admin_email }} - become: yes + user: git + become: true listen: "no admin user" ## Register reverse proxy diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index 9278a4f..11b2204 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -17,7 +17,7 @@ when: gitea_use_ci == True - name: Set agent key - ansible.builtin.set_fact: + ansible.builtin.set_fact: gitea_woodpecker_agent_secret: "{{ gitea_woodpecker_agent_secret.stdout }}" when: gitea_woodpecker_agent_secret.stdout is not undefined and not None @@ -91,29 +91,35 @@ become: yes tags: - docker-swarm + register: gitea_deployment notify: "update gitea upstream" +- name: Wait 30 seconds for gitea to become healthy + wait_for: + timeout: 60 + delegate_to: localhost + when: gitea_deployment is changed + - name: Get app container info ansible.builtin.command: cmd: docker ps -q -f name={{ stack_name }}_app become: yes until: gitea_app_container_name['rc'] == 0 and gitea_app_container_name['stdout'] | length >= 1 - retries: 5 + retries: 10 delay: 10 changed_when: False register: gitea_app_container_name - name: Look for existing admin user - community.docker.docker_container_exec: + community.docker.docker_container_exec: container: "{{ gitea_app_container_name['stdout'] }}" user: git command: > gitea admin user list --admin - become: yes - until: "'connection refused' not in gitea_admin_list['stdout'] and 'Failed to run app' not in gitea_admin_list['stdout']" - retries: 10 + until: gitea_admin_list is defined and gitea_admin_list['rc'] == 0 + retries: 15 delay: 10 - changed_when: gitea_admin_list['stdout_lines'] | length <= 1 and 'Username' in gitea_admin_list['stdout'] - failed_when: (gitea_admin_list['rc'] == 1 and gitea_admin_list['attempts'] >= 5) or 'Gitea is not supposed to be run as root' in gitea_admin_list['stdout'] + become: true register: gitea_admin_list + changed_when: gitea_admin_list['stdout_lines'] | length <= 1 and 'Username' in gitea_admin_list['stdout'] notify: "no admin user" From 926f1f475fdd996f9ee6827a81729ae85e53ff69 Mon Sep 17 00:00:00 2001 From: Marty Oehme Date: Sun, 18 Dec 2022 15:47:14 +0100 Subject: [PATCH 2/4] Fix ntfy settings Fixed numeric settings for ntfy and a corrected command executed. --- roles/ntfy/defaults/main.yml | 7 +++---- roles/ntfy/templates/docker-stack.yml.j2 | 2 ++ roles/ntfy/templates/server.yml.j2 | 6 +++--- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/roles/ntfy/defaults/main.yml b/roles/ntfy/defaults/main.yml index 14089c2..70e3275 100644 --- a/roles/ntfy/defaults/main.yml +++ b/roles/ntfy/defaults/main.yml @@ -1,5 +1,4 @@ --- - ntfy_version: latest ntfy_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}" @@ -8,9 +7,9 @@ ntfy_use_https: true subdomain_alias: push -ntfy_global_topic_limit: "15000" -ntfy_visitor_subscription_limit: "30" -ntfy_visitor_request_limit_burst: "60" +ntfy_global_topic_limit: 15000 +ntfy_visitor_subscription_limit: 30 +ntfy_visitor_request_limit_burst: 60 ntfy_visitor_request_limit_replenish: "10s" ntfy_cache_duration: "12h" ntfy_attachment_total_size_limit: "5G" diff --git a/roles/ntfy/templates/docker-stack.yml.j2 b/roles/ntfy/templates/docker-stack.yml.j2 index bf0e5a5..ffa1dc9 100644 --- a/roles/ntfy/templates/docker-stack.yml.j2 +++ b/roles/ntfy/templates/docker-stack.yml.j2 @@ -14,6 +14,8 @@ services: - cache:/var/cache/ntfy networks: - "{{ docker_swarm_public_network_name }}" + command: + - serve volumes: cache: diff --git a/roles/ntfy/templates/server.yml.j2 b/roles/ntfy/templates/server.yml.j2 index cbbe8a5..93c8bb8 100644 --- a/roles/ntfy/templates/server.yml.j2 +++ b/roles/ntfy/templates/server.yml.j2 @@ -1,7 +1,7 @@ base-url: "https://{{ server_domain }}" -global_topic_limit: "{{ ntfy_global_topic_limit }}" -visitor_subscription_limit: "{{ ntfy_visitor_subscription_limit }}" -visitor_request_limit_burst: "{{ ntfy_visitor_request_limit_burst }}" +global_topic_limit: {{ ntfy_global_topic_limit }} +visitor_subscription_limit: {{ ntfy_visitor_subscription_limit }} +visitor_request_limit_burst: {{ ntfy_visitor_request_limit_burst }} visitor_request_limit_replenish: "{{ ntfy_visitor_request_limit_replenish }}" cache-file: "/var/cache/ntfy/cache.db" cache_duration: "{{ ntfy_cache_duration }}" From 1ceee17edaf78fb156afae051f7fd8a364736a69 Mon Sep 17 00:00:00 2001 From: Marty Oehme Date: Sun, 18 Dec 2022 15:50:23 +0100 Subject: [PATCH 3/4] Add local test setup to ignored files --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 3a8c627..c96b8df 100644 --- a/.gitignore +++ b/.gitignore @@ -60,3 +60,4 @@ tags # End of https://www.toptal.com/developers/gitignore/api/vim,linux,vagrant,ansible development.yml +single-test.yml From 385cb3859c30ed8c63e2792bac1a13298f28201d Mon Sep 17 00:00:00 2001 From: Marty Oehme Date: Sun, 18 Dec 2022 15:53:26 +0100 Subject: [PATCH 4/4] Remove whoami from default site playbook whoami should be used as a test and debugging container and should not be necessary or used for production deployment. --- site.yml | 36 +++++++++++++++--------------------- 1 file changed, 15 insertions(+), 21 deletions(-) diff --git a/site.yml b/site.yml index ecb9933..62f01e9 100644 --- a/site.yml +++ b/site.yml @@ -1,85 +1,79 @@ --- - - hosts: all tasks: - name: Make sure system is fully upgraded - import_role: + import_role: role: system-upgrade tags: system-upgrade - name: Make sure docker is installed - import_role: + import_role: role: docker tags: docker - name: Make sure docker-swarm is set up - import_role: + import_role: role: docker-swarm tags: docker-swarm - hosts: docker_swarm_manager_node tasks: - name: Install caddy reverse proxy - import_role: + import_role: role: caddy tags: caddy - - name: Install whoami - import_role: - role: whoami - tags: whoami - - name: Install wallabag - import_role: + import_role: role: wallabag tags: wallabag - name: Install miniflux - import_role: + import_role: role: miniflux tags: miniflux - name: Install searx - import_role: + import_role: role: searx tags: searx - name: Install traggo - import_role: + import_role: role: traggo tags: traggo - name: Install monica - import_role: + import_role: role: monica tags: monica - name: Install nextcloud - import_role: + import_role: role: nextcloud tags: nextcloud - name: Install shaarli - import_role: + import_role: role: shaarli tags: shaarli - name: Install landingpage - import_role: + import_role: role: landingpage tags: landingpage - name: Install my personal blog - import_role: + import_role: role: blog tags: blog - name: Install gitea - import_role: + import_role: role: gitea tags: gitea - name: Install ntfy - import_role: + import_role: role: ntfy tags: ntfy