From 52b1d1ccd2f44d7b79c6649dadc47a7235c46d71 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Tue, 3 Oct 2023 21:19:51 +0200 Subject: [PATCH] Use a block to deploy all services + add pre_deploy and post_deploy --- roles/docker/defaults/main.yml | 49 +++++------- .../tasks/post_deploy/docker_registry.yml | 13 ++++ roles/docker/tasks/post_deploy/mastodon.yml | 19 +++++ .../tasks/pre_deploy/docker_registry.yml | 17 +++++ .../{services => pre_deploy}/element.yml | 17 +---- roles/docker/tasks/pre_deploy/hedgedoc.yml | 17 +++++ .../tasks/{services => pre_deploy}/mailu.yml | 19 +---- roles/docker/tasks/pre_deploy/mastodon.yml | 45 +++++++++++ .../tasks/{services => pre_deploy}/matrix.yml | 25 ++----- roles/docker/tasks/pre_deploy/nextcloud.yml | 17 +++++ roles/docker/tasks/pre_deploy/nginx_proxy.yml | 14 ++++ roles/docker/tasks/pre_deploy/openldap.yml | 12 +++ roles/docker/tasks/pre_deploy/postfix.yml | 13 ++++ roles/docker/tasks/pre_deploy/privatebin.yml | 16 ++++ roles/docker/tasks/pre_deploy/rallly.yml | 11 +++ .../tasks/{services => pre_deploy}/restic.yml | 17 +---- roles/docker/tasks/services.yml | 31 ++++++++ .../docker/tasks/services/docker_registry.yml | 40 ---------- roles/docker/tasks/services/drone.yml | 17 ----- roles/docker/tasks/services/forgejo.yml | 17 ----- roles/docker/tasks/services/hedgedoc.yml | 28 ------- roles/docker/tasks/services/keycloak.yml | 17 ----- roles/docker/tasks/services/mastodon.yml | 75 ------------------- roles/docker/tasks/services/membersystem.yml | 17 ----- roles/docker/tasks/services/netdata.yml | 17 ----- roles/docker/tasks/services/nextcloud.yml | 28 ------- roles/docker/tasks/services/nginx_proxy.yml | 25 ------- roles/docker/tasks/services/openldap.yml | 23 ------ roles/docker/tasks/services/passit.yml | 19 ----- roles/docker/tasks/services/portainer.yml | 17 ----- roles/docker/tasks/services/postfix.yml | 24 ------ roles/docker/tasks/services/privatebin.yml | 27 ------- roles/docker/tasks/services/rallly.yml | 22 ------ roles/docker/tasks/services/watchtower.yml | 17 ----- 34 files changed, 260 insertions(+), 522 deletions(-) create mode 100644 roles/docker/tasks/post_deploy/docker_registry.yml create mode 100644 roles/docker/tasks/post_deploy/mastodon.yml create mode 100644 roles/docker/tasks/pre_deploy/docker_registry.yml rename roles/docker/tasks/{services => pre_deploy}/element.yml (55%) create mode 100644 roles/docker/tasks/pre_deploy/hedgedoc.yml rename roles/docker/tasks/{services => pre_deploy}/mailu.yml (68%) create mode 100644 roles/docker/tasks/pre_deploy/mastodon.yml rename roles/docker/tasks/{services => pre_deploy}/matrix.yml (57%) create mode 100644 roles/docker/tasks/pre_deploy/nextcloud.yml create mode 100644 roles/docker/tasks/pre_deploy/nginx_proxy.yml create mode 100644 roles/docker/tasks/pre_deploy/openldap.yml create mode 100644 roles/docker/tasks/pre_deploy/postfix.yml create mode 100644 roles/docker/tasks/pre_deploy/privatebin.yml create mode 100644 roles/docker/tasks/pre_deploy/rallly.yml rename roles/docker/tasks/{services => pre_deploy}/restic.yml (74%) delete mode 100644 roles/docker/tasks/services/docker_registry.yml delete mode 100644 roles/docker/tasks/services/drone.yml delete mode 100644 roles/docker/tasks/services/forgejo.yml delete mode 100644 roles/docker/tasks/services/hedgedoc.yml delete mode 100644 roles/docker/tasks/services/keycloak.yml delete mode 100644 roles/docker/tasks/services/mastodon.yml delete mode 100644 roles/docker/tasks/services/membersystem.yml delete mode 100644 roles/docker/tasks/services/netdata.yml delete mode 100644 roles/docker/tasks/services/nextcloud.yml delete mode 100644 roles/docker/tasks/services/nginx_proxy.yml delete mode 100644 roles/docker/tasks/services/openldap.yml delete mode 100644 roles/docker/tasks/services/passit.yml delete mode 100644 roles/docker/tasks/services/portainer.yml delete mode 100644 roles/docker/tasks/services/postfix.yml delete mode 100644 roles/docker/tasks/services/privatebin.yml delete mode 100644 roles/docker/tasks/services/rallly.yml delete mode 100644 roles/docker/tasks/services/watchtower.yml diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index e0365ce6..68587796 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -6,38 +6,35 @@ services: ### Internal services ### postfix: - file: postfix.yml domain: "smtp.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/postfix" + pre_deploy_tasks: true version: "v3.6.1-alpine" nginx_proxy: - file: nginx_proxy.yml volume_folder: "{{ volume_root_folder }}/nginx" + pre_deploy_tasks: true version: "1.3-alpine" acme_companion_version: "2.2" openldap: - file: openldap.yml domain: "ldap.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/openldap" + pre_deploy_tasks: true version: "1.5.0" phpldapadmin_version: "0.9.0" netdata: - file: netdata.yml domain: "netdata.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/netdata" version: "v1" portainer: - file: portainer.yml domain: "portainer.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/portainer" version: "2.19.0" keycloak: - file: keycloak.yml domain: sso.{{ base_domain }} volume_folder: "{{ volume_root_folder }}/keycloak" version: "22.0" @@ -45,19 +42,20 @@ services: allowed_sender_domain: true restic: - file: restic.yml + volume_folder: "{{ volume_root_folder }}/restic" + pre_deploy_tasks: true user: dc-user domain: rynkeby.skovgaard.tel host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo - volume_folder: "{{ volume_root_folder }}/restic" repository: restic version: "1.7.0" disabled_in_vagrant: true docker_registry: - file: docker_registry.yml domain: "docker.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/docker-registry" + pre_deploy_tasks: true + post_deploy_tasks: true username: "docker" password: "{{ docker_password }}" version: "2" @@ -65,23 +63,21 @@ services: ### External services ### nextcloud: - file: nextcloud.yml domain: "cloud.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/nextcloud" + pre_deploy_tasks: true version: 27-apache postgres_version: "10" redis_version: 7-alpine allowed_sender_domain: true forgejo: - file: forgejo.yml domain: "git.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/forgejo" version: "1.20" allowed_sender_domain: true passit: - file: passit.yml domain: "passit.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/passit" version: stable @@ -89,34 +85,33 @@ services: allowed_sender_domain: true matrix: - file: matrix.yml domain: "matrix.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/matrix" + pre_deploy_tasks: true version: v1.90.0 postgres_version: 15-alpine allowed_sender_domain: true element: - file: element.yml domain: "element.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/element" + pre_deploy_tasks: true version: v1.11.43 privatebin: - file: privatebin.yml domain: "paste.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/privatebin" + pre_deploy_tasks: true version: "20221009" hedgedoc: - file: hedgedoc.yml domain: "pad.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/hedgedoc" + pre_deploy_tasks: true version: 1.9.9-alpine postgres_version: 10-alpine data_coop_website: - file: websites/data.coop.yml domain: "{{ base_domain }}" www_domain: "www.{{ base_domain }}" version: stable @@ -124,28 +119,23 @@ services: staging_version: staging slides_2022_website: - file: websites/2022.slides.data.coop.yml domain: "2022.slides.{{ base_domain }}" version: latest fedi_dk_website: - file: websites/fedi.dk.yaml domain: fedi.dk version: latest vhs_website: - file: websites/vhs.data.coop.yaml domain: vhs.data.coop version: latest cryptohagen_website: - file: websites/cryptohagen.dk.yml domains: - "cryptohagen.dk" - "www.cryptohagen.dk" ulovliglogning_website: - file: websites/ulovliglogning.dk.yml domains: - "ulovliglogning.dk" - "www.ulovliglogning.dk" @@ -153,44 +143,42 @@ services: - "www.ulovlig-logning.dk" cryptoaarhus_website: - file: websites/cryptoaarhus.dk.yml domains: - "cryptoaarhus.dk" - "www.cryptoaarhus.dk" drone: - file: drone.yml domain: "drone.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/drone" version: "1" mailu: - file: mailu.yml - version: "1.9" domain: "mail.{{ base_domain }}" + volume_folder: "{{ volume_root_folder }}/mailu" + pre_deploy_tasks: true dns: 192.168.203.254 subnet: 192.168.203.0/24 - volume_folder: "{{ volume_root_folder }}/mailu" + version: "1.9" mastodon: - file: mastodon.yml domain: "social.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/mastodon" + pre_deploy_tasks: true + post_deploy_tasks: true version: v4.2.0 postgres_version: 14-alpine redis_version: 6-alpine allowed_sender_domain: true rallly: - file: rallly.yml domain: "when.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/rallly" + pre_deploy_tasks: true version: "2" postgres_version: 14-alpine allowed_sender_domain: true membersystem: - file: membersystem.yml domain: "member.{{ base_domain }}" django_admins: "Vidir:valberg@orn.li" volume_folder: "{{ volume_root_folder }}/membersystem" @@ -199,6 +187,5 @@ services: allowed_sender_domain: true watchtower: - file: watchtower.yml volume_folder: "{{ volume_root_folder }}/watchtower" version: "1.5.3" diff --git a/roles/docker/tasks/post_deploy/docker_registry.yml b/roles/docker/tasks/post_deploy/docker_registry.yml new file mode 100644 index 00000000..10bc5612 --- /dev/null +++ b/roles/docker/tasks/post_deploy/docker_registry.yml @@ -0,0 +1,13 @@ +# vim: ft=yaml.ansible +--- +- name: Generate htpasswd file + shell: docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd + args: + chdir: "{{ services.docker_registry.volume_folder }}" + creates: "{{ services.docker_registry.volume_folder }}/auth/htpasswd" + +- name: log in to registry + docker_login: + registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}" + username: docker + password: "{{ docker_password }}" diff --git a/roles/docker/tasks/post_deploy/mastodon.yml b/roles/docker/tasks/post_deploy/mastodon.yml new file mode 100644 index 00000000..790e2d84 --- /dev/null +++ b/roles/docker/tasks/post_deploy/mastodon.yml @@ -0,0 +1,19 @@ +# vim: ft=yaml.ansible +--- +- name: Configure cron job to remove old Mastodon media daily + cron: + name: Clean Mastodon media data older than a week + cron_file: ansible_mastodon_clean_media + job: docker exec mastodon_web_1 tootctl media remove --days 7 + special_time: daily + user: root + state: present + +- name: Configure cron job to remove old Mastodon preview cards daily + cron: + name: Clean Mastodon preview card data older than two weeks + cron_file: ansible_mastodon_clean_preview_cards + job: docker exec mastodon_web_1 tootctl preview_cards remove --days 14 + special_time: daily + user: root + state: present diff --git a/roles/docker/tasks/pre_deploy/docker_registry.yml b/roles/docker/tasks/pre_deploy/docker_registry.yml new file mode 100644 index 00000000..33fd2ff5 --- /dev/null +++ b/roles/docker/tasks/pre_deploy/docker_registry.yml @@ -0,0 +1,17 @@ +# vim: ft=yaml.ansible +--- +- name: Create subfolders + file: + path: "{{ services.docker_registry.volume_folder }}/{{ volume }}" + state: directory + loop: + - auth + - registry + loop_control: + loop_var: volume + +- name: Copy docker registry vhost configuration + copy: + src: vhost/docker_registry + dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.docker_registry.domain }}" + mode: "0644" diff --git a/roles/docker/tasks/services/element.yml b/roles/docker/tasks/pre_deploy/element.yml similarity index 55% rename from roles/docker/tasks/services/element.yml rename to roles/docker/tasks/pre_deploy/element.yml index b325bdf2..26e3b918 100644 --- a/roles/docker/tasks/services/element.yml +++ b/roles/docker/tasks/pre_deploy/element.yml @@ -1,16 +1,16 @@ # vim: ft=yaml.ansible --- -- name: Create Element volume folder +- name: Create subfolder file: name: "{{ services.element.volume_folder }}/data" state: directory -- name: Upload Element config.json +- name: Upload config.json template: src: element/config.json.j2 dest: "{{ services.element.volume_folder }}/data/config.json" -- name: Upload Element riot.im.conf +- name: Upload riot.im.conf copy: src: element/riot.im.conf dest: "{{ services.element.volume_folder }}/data/riot.im.conf" @@ -19,14 +19,3 @@ copy: src: vhost/element dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.element.domain }}" - -- name: Upload Compose file for Element - template: - src: compose-files/element.yml.j2 - dest: "{{ services.element.volume_folder }}/docker-compose.yml" - -- name: Deploy Element - docker_compose: - project_src: "{{ services.element.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/pre_deploy/hedgedoc.yml b/roles/docker/tasks/pre_deploy/hedgedoc.yml new file mode 100644 index 00000000..d849ed3c --- /dev/null +++ b/roles/docker/tasks/pre_deploy/hedgedoc.yml @@ -0,0 +1,17 @@ +# vim: ft=yaml.ansible +--- +- name: Create subfolders + file: + name: "{{ services.hedgedoc.volume_folder }}/{{ volume }}" + state: directory + loop: + - db + - hedgedoc/uploads + loop_control: + loop_var: volume + +- name: Copy SSO certificate + copy: + src: sso/sso.data.coop.pem + dest: "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem" + mode: "0644" diff --git a/roles/docker/tasks/services/mailu.yml b/roles/docker/tasks/pre_deploy/mailu.yml similarity index 68% rename from roles/docker/tasks/services/mailu.yml rename to roles/docker/tasks/pre_deploy/mailu.yml index de4916d9..4dc1d5a3 100644 --- a/roles/docker/tasks/services/mailu.yml +++ b/roles/docker/tasks/pre_deploy/mailu.yml @@ -1,6 +1,6 @@ # vim: ft=yaml.ansible --- -- name: create mailu volume folders +- name: Create subfolders file: name: "{{ services.mailu.volume_folder }}/{{ volume }}" state: directory @@ -23,12 +23,12 @@ loop_control: loop_var: volume -- name: upload mailu.env file +- name: Upload mailu.env file template: src: mailu/env.j2 dest: "{{ services.mailu.volume_folder }}/mailu.env" -- name: hard link to Let's Encrypt TLS certificate +- name: Hard link to Let's Encrypt TLS certificate file: src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/fullchain.pem" dest: "{{ services.mailu.volume_folder }}/certs/cert.pem" @@ -36,21 +36,10 @@ force: true when: letsencrypt_enabled -- name: hard link to Let's Encrypt TLS key +- name: Hard link to Let's Encrypt TLS key file: src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/key.pem" dest: "{{ services.mailu.volume_folder }}/certs/key.pem" state: hard force: true when: letsencrypt_enabled - -- name: Upload Compose file for for Mailu - template: - src: compose-files/mailu.yml.j2 - dest: "{{ services.mailu.volume_folder }}/docker-compose.yml" - -- name: Deploy Mailu - docker_compose: - project_src: "{{ services.mailu.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/pre_deploy/mastodon.yml b/roles/docker/tasks/pre_deploy/mastodon.yml new file mode 100644 index 00000000..c32d9e17 --- /dev/null +++ b/roles/docker/tasks/pre_deploy/mastodon.yml @@ -0,0 +1,45 @@ +# vim: ft=yaml.ansible +--- +- name: Create subfolder for Mastodon data + file: + name: "{{ services.mastodon.volume_folder }}/mastodon_data" + state: directory + owner: "991" + mode: u=rwx,g=rx,o=rx + +- name: Create subfolder for PostgreSQL data + file: + name: "{{ services.mastodon.volume_folder }}/postgres_data" + state: directory + owner: "70" + mode: u=rwx,go= + +- name: Create subfolder for PostgreSQL config + file: + name: "{{ services.mastodon.volume_folder }}/postgres_config" + state: directory + owner: root + mode: u=rwx,g=rx,o=rx + +- name: Create subfolder for Redis data + file: + name: "{{ services.mastodon.volume_folder }}/redis_data" + state: directory + owner: "999" + group: "1000" + mode: u=rwx,g=rx,o=rx + +- name: Upload mastodon.env file + template: + src: mastodon/env.j2 + dest: "{{ services.mastodon.volume_folder }}/mastodon.env" + +- name: Upload vhost config for Mastodon domain + copy: + src: vhost/mastodon + dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.mastodon.domain }}" + +- name: Upload PostgreSQL config + copy: + src: mastodon/postgresql.conf + dest: "{{ services.mastodon.volume_folder }}/postgres_config/postgresql.conf" diff --git a/roles/docker/tasks/services/matrix.yml b/roles/docker/tasks/pre_deploy/matrix.yml similarity index 57% rename from roles/docker/tasks/services/matrix.yml rename to roles/docker/tasks/pre_deploy/matrix.yml index 2a4a6f8d..32ce95ed 100644 --- a/roles/docker/tasks/services/matrix.yml +++ b/roles/docker/tasks/pre_deploy/matrix.yml @@ -1,24 +1,24 @@ # vim: ft=yaml.ansible --- -- name: Create Matrix volume folders +- name: Create subfolders file: name: "{{ services.matrix.volume_folder }}/{{ volume }}" state: directory owner: "991" group: "991" loop: - - "data" - - "data/uploads" - - "data/media" + - data + - data/uploads + - data/media loop_control: loop_var: volume -- name: Create Matrix DB folder +- name: Create Matrix DB subfolder file: name: "{{ services.matrix.volume_folder }}/db" state: directory -- name: upload vhost config for matrix domain +- name: Upload vhost config for Matrix domain copy: src: vhost/matrix dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.matrix.domain }}" @@ -28,18 +28,7 @@ src: matrix/homeserver.yaml.j2 dest: "{{ services.matrix.volume_folder }}/data/homeserver.yaml" -- name: upload matrix logging config +- name: Upload Matrix logging config copy: src: matrix/log.config dest: "{{ services.matrix.volume_folder }}/data/matrix.data.coop.log.config" - -- name: Upload Compose file for Matrix - template: - src: compose-files/matrix.yml.j2 - dest: "{{ services.matrix.volume_folder }}/docker-compose.yml" - -- name: Deploy Matrix - docker_compose: - project_src: "{{ services.matrix.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/pre_deploy/nextcloud.yml b/roles/docker/tasks/pre_deploy/nextcloud.yml new file mode 100644 index 00000000..5a8e90e7 --- /dev/null +++ b/roles/docker/tasks/pre_deploy/nextcloud.yml @@ -0,0 +1,17 @@ +# vim: ft=yaml.ansible +--- +- name: Create subfolders + file: + path: "{{ services.nextcloud.volume_folder }}/{{ volume }}" + state: directory + loop: + - app + - postgres + loop_control: + loop_var: volume + +- name: Upload vhost config for Nextcloud domain + copy: + src: vhost/nextcloud + dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.nextcloud.domain }}" + notify: "restart nginx" diff --git a/roles/docker/tasks/pre_deploy/nginx_proxy.yml b/roles/docker/tasks/pre_deploy/nginx_proxy.yml new file mode 100644 index 00000000..be9e9d28 --- /dev/null +++ b/roles/docker/tasks/pre_deploy/nginx_proxy.yml @@ -0,0 +1,14 @@ +# vim: ft=yaml.ansible +--- +- name: Create subfolders + file: + name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}" + state: directory + loop: + - conf + - vhost + - html + - dhparam + - certs + loop_control: + loop_var: volume diff --git a/roles/docker/tasks/pre_deploy/openldap.yml b/roles/docker/tasks/pre_deploy/openldap.yml new file mode 100644 index 00000000..188c0628 --- /dev/null +++ b/roles/docker/tasks/pre_deploy/openldap.yml @@ -0,0 +1,12 @@ +# vim: ft=yaml.ansible +--- +- name: Create subfolders + file: + name: "{{ services.openldap.volume_folder }}/{{ volume }}" + state: directory + loop: + - var/lib/ldap + - etc/slapd + - certs + loop_control: + loop_var: volume diff --git a/roles/docker/tasks/pre_deploy/postfix.yml b/roles/docker/tasks/pre_deploy/postfix.yml new file mode 100644 index 00000000..e8b41fd3 --- /dev/null +++ b/roles/docker/tasks/pre_deploy/postfix.yml @@ -0,0 +1,13 @@ +# vim: ft=yaml.ansible +--- +- name: Set up network for Postfix + docker_network: + name: postfix + ipam_config: + - subnet: '172.16.0.0/16' + gateway: 172.16.0.1 + +- name: Create subfolder + file: + name: "{{ services.postfix.volume_folder }}/dkim" + state: directory diff --git a/roles/docker/tasks/pre_deploy/privatebin.yml b/roles/docker/tasks/pre_deploy/privatebin.yml new file mode 100644 index 00000000..012bd0b0 --- /dev/null +++ b/roles/docker/tasks/pre_deploy/privatebin.yml @@ -0,0 +1,16 @@ +# vim: ft=yaml.ansible +--- +- name: Create subfolders + file: + name: "{{ services.privatebin.volume_folder }}/{{ volume }}" + state: directory + loop: + - cfg + - data + loop_control: + loop_var: volume + +- name: Upload PrivateBin config + copy: + src: privatebin/conf.php + dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php" diff --git a/roles/docker/tasks/pre_deploy/rallly.yml b/roles/docker/tasks/pre_deploy/rallly.yml new file mode 100644 index 00000000..3e91f9d5 --- /dev/null +++ b/roles/docker/tasks/pre_deploy/rallly.yml @@ -0,0 +1,11 @@ +# vim: ft=yaml.ansible +--- +- name: Create subfolder + file: + name: "{{ services.rallly.volume_folder }}/postgres" + state: directory + +- name: Copy rallly.env file + template: + src: rallly/env.j2 + dest: "{{ services.rallly.volume_folder }}/rallly.env" diff --git a/roles/docker/tasks/services/restic.yml b/roles/docker/tasks/pre_deploy/restic.yml similarity index 74% rename from roles/docker/tasks/services/restic.yml rename to roles/docker/tasks/pre_deploy/restic.yml index c838e265..8a147d77 100644 --- a/roles/docker/tasks/services/restic.yml +++ b/roles/docker/tasks/pre_deploy/restic.yml @@ -8,7 +8,7 @@ mode: '0755' state: directory -- name: Copy private SSH key +- name: Upload private SSH key copy: dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519" owner: root @@ -31,7 +31,7 @@ mode: '0644' state: touch -- name: Create SSH config +- name: Upload SSH config template: src: restic/ssh.config.j2 dest: "{{ services.restic.volume_folder }}/ssh/config" @@ -39,21 +39,10 @@ group: root mode: '0600' -- name: Create SSH known_hosts file +- name: Upload SSH known_hosts file template: src: restic/ssh.known_hosts.j2 dest: "{{ services.restic.volume_folder }}/ssh/known_hosts" owner: root group: root mode: '0600' - -- name: Upload Compose file for Restic - template: - src: compose-files/restic.yml.j2 - dest: "{{ services.restic.volume_folder }}/docker-compose.yml" - -- name: Deploy Restic - docker_compose: - project_src: "{{ services.restic.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services.yml b/roles/docker/tasks/services.yml index 3b441e98..833554a0 100644 --- a/roles/docker/tasks/services.yml +++ b/roles/docker/tasks/services.yml @@ -4,6 +4,37 @@ docker_network: name: external_services +- name: Service block + loop: "{{ services | dict2items(key_name='name', value_name='vars') }}" + loop_control: + loop_var: service + when: single_service is not defined and + (service.vars.disabled_in_vagrant is not defined or + not (service.vars.disabled_in_vagrant and vagrant)) + block: + - name: Create volume folder + file: + name: "{{ service.vars.volume_folder }}" + state: directory + + - name: Upload Compose file + template: + src: compose-files/{{ service.name }}.yml.j2 + dest: "{{ service.vars.volume_folder }}/docker-compose.yml" + + - name: Run pre-deployment tasks + include_tasks: pre_deploy/{{ service.name }}.yml + when: service.vars.pre_deploy_tasks is defined and service.pre_deploy_tasks + + - name: Deploy Compose stack + command: docker compose up -d --remove-orphans --pull always + args: + chdir: "{{ service.vars.volume_folder }}" + + - name: Run post-deployment tasks + include_tasks: post_deploy/{{ service.name }}.yml + when: service.vars.post_deploy_tasks is defined and service.post_deploy_tasks + - name: setup services include_tasks: "services/{{ item.service.file }}" loop: "{{ services | dict2items(value_name='service') }}" diff --git a/roles/docker/tasks/services/docker_registry.yml b/roles/docker/tasks/services/docker_registry.yml deleted file mode 100644 index 3ef95429..00000000 --- a/roles/docker/tasks/services/docker_registry.yml +++ /dev/null @@ -1,40 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create Docker registry volume folders - file: - path: "{{ services.docker_registry.volume_folder }}/{{ volume }}" - state: directory - loop: - - auth - - registry - loop_control: - loop_var: volume - -- name: Copy docker registry vhost configuration - copy: - src: vhost/docker_registry - dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.docker_registry.domain }}" - mode: "0644" - -- name: Upload Compose file for Docker registry - template: - src: compose-files/docker_registry.yml.j2 - dest: "{{ services.docker_registry.volume_folder }}/docker-compose.yml" - -- name: Deploy Docker registry - docker_compose: - project_src: "{{ services.docker_registry.volume_folder }}" - pull: true - state: present - -- name: Generate htpasswd file - shell: "docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd" - args: - chdir: "{{ services.docker_registry.volume_folder }}" - creates: "{{ services.docker_registry.volume_folder }}/auth/htpasswd" - -- name: log in to registry - docker_login: - registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}" - username: "docker" - password: "{{ docker_password }}" diff --git a/roles/docker/tasks/services/drone.yml b/roles/docker/tasks/services/drone.yml deleted file mode 100644 index 8e4fa257..00000000 --- a/roles/docker/tasks/services/drone.yml +++ /dev/null @@ -1,17 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create Drone volume folder - file: - path: "{{ services.drone.volume_folder }}" - state: directory - -- name: Upload Compose file for Drone - template: - src: compose-files/drone.yml.j2 - dest: "{{ services.drone.volume_folder }}/docker-compose.yml" - -- name: Deploy Drone - docker_compose: - project_src: "{{ services.drone.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/forgejo.yml b/roles/docker/tasks/services/forgejo.yml deleted file mode 100644 index 826a190c..00000000 --- a/roles/docker/tasks/services/forgejo.yml +++ /dev/null @@ -1,17 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create Forgejo volume folder - file: - name: "{{ services.portainer.volume_folder }}" - state: directory - -- name: Upload Compose file for Forgejo - template: - src: compose-files/forgejo.yml.j2 - dest: "{{ services.forgejo.volume_folder }}/docker-compose.yml" - -- name: Deploy Forgejo - docker_compose: - project_src: "{{ services.forgejo.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/hedgedoc.yml b/roles/docker/tasks/services/hedgedoc.yml deleted file mode 100644 index 6e5c874a..00000000 --- a/roles/docker/tasks/services/hedgedoc.yml +++ /dev/null @@ -1,28 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: create hedgedoc volume folders - file: - name: "{{ services.hedgedoc.volume_folder }}/{{ volume }}" - state: directory - loop: - - "db" - - "hedgedoc/uploads" - loop_control: - loop_var: volume - -- name: copy sso public certificate - copy: - src: sso/sso.data.coop.pem - dest: "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem" - mode: "0644" - -- name: Upload Compose file for for HedgeDoc - template: - src: compose-files/hedgedoc.yml.j2 - dest: "{{ services.hedgedoc.volume_folder }}/docker-compose.yml" - -- name: setup hedgedoc - docker_compose: - project_src: "{{ services.hedgedoc.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/keycloak.yml b/roles/docker/tasks/services/keycloak.yml deleted file mode 100644 index ff341b9a..00000000 --- a/roles/docker/tasks/services/keycloak.yml +++ /dev/null @@ -1,17 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create Keycloak volume folder - file: - path: "{{ services.keycloak.volume_folder }}/data" - state: directory - -- name: Upload Compose file for for Keycloak - template: - src: compose-files/keycloak.yml.j2 - dest: "{{ services.keycloak.volume_folder }}/docker-compose.yml" - -- name: Deploy Keycloak - docker_compose: - project_src: "{{ services.keycloak.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/mastodon.yml b/roles/docker/tasks/services/mastodon.yml deleted file mode 100644 index 95a14c08..00000000 --- a/roles/docker/tasks/services/mastodon.yml +++ /dev/null @@ -1,75 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create volume folder for Mastodon data - file: - name: "{{ services.mastodon.volume_folder }}/mastodon_data" - state: directory - owner: "991" - mode: u=rwx,g=rx,o=rx - -- name: Create volume folder for PostgreSQL data - file: - name: "{{ services.mastodon.volume_folder }}/postgres_data" - state: directory - owner: "70" - mode: u=rwx,go= - -- name: Create volume folder for PostgreSQL config - file: - name: "{{ services.mastodon.volume_folder }}/postgres_config" - state: directory - owner: root - mode: u=rwx,g=rx,o=rx - -- name: Create volume folder for Redis data - file: - name: "{{ services.mastodon.volume_folder }}/redis_data" - state: directory - owner: "999" - group: "1000" - mode: u=rwx,g=rx,o=rx - -- name: Copy mastodon environment file - template: - src: mastodon/env.j2 - dest: "{{ services.mastodon.volume_folder }}/mastodon.env" - -- name: Upload vhost config for Mastodon domain - copy: - src: vhost/mastodon - dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.mastodon.domain }}" - -- name: Copy PostgreSQL config - copy: - src: mastodon/postgresql.conf - dest: "{{ services.mastodon.volume_folder }}/postgres_config/postgresql.conf" - -- name: Upload Compose file for Mastodon - template: - src: compose-files/mastodon.yml.j2 - dest: "{{ services.mastodon.volume_folder }}/docker-compose.yml" - -- name: Deploy Mastodon - docker_compose: - project_src: "{{ services.mastodon.volume_folder }}" - pull: true - restarted: true - state: present - -- name: Configure cron job to remove old Mastodon media daily - cron: - name: Clean Mastodon media data older than a week - cron_file: ansible_mastodon_clean_media - job: docker exec mastodon_web_1 tootctl media remove --days 7 - special_time: daily - user: root - state: present - -- name: Configure cron job to remove old Mastodon preview cards daily - cron: - name: Clean Mastodon preview card data older than two weeks - cron_file: ansible_mastodon_clean_preview_cards - job: docker exec mastodon_web_1 tootctl preview_cards remove --days 14 - special_time: daily - user: root - state: present diff --git a/roles/docker/tasks/services/membersystem.yml b/roles/docker/tasks/services/membersystem.yml deleted file mode 100644 index 357c1695..00000000 --- a/roles/docker/tasks/services/membersystem.yml +++ /dev/null @@ -1,17 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create Membersystem volume folder - file: - name: "{{ services.membersystem.volume_folder }}" - state: directory - -- name: Upload Compose file for Membersystem - template: - src: compose-files/membersystem.yml.j2 - dest: "{{ services.membersystem.volume_folder }}/docker-compose.yml" - -- name: Deploy Membersystem - docker_compose: - project_src: "{{ services.membersystem.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/netdata.yml b/roles/docker/tasks/services/netdata.yml deleted file mode 100644 index e5234b62..00000000 --- a/roles/docker/tasks/services/netdata.yml +++ /dev/null @@ -1,17 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create Netdata volume folder - file: - path: "{{ services.netdata.volume_folder }}" - state: directory - -- name: Upload Compose file for Netdata - template: - src: compose-files/netdata.yml.j2 - dest: "{{ services.netdata.volume_folder }}/docker-compose.yml" - -- name: Deploy Netdata - docker_compose: - project_src: "{{ services.netdata.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/nextcloud.yml b/roles/docker/tasks/services/nextcloud.yml deleted file mode 100644 index 7273bcf0..00000000 --- a/roles/docker/tasks/services/nextcloud.yml +++ /dev/null @@ -1,28 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create Nextcloud volume folders - file: - path: "{{ services.nextcloud.volume_folder }}/{{ volume }}" - state: directory - loop: - - app - - postgres - loop_control: - loop_var: volume - -- name: upload vhost config for cloud.data.coop - copy: - src: vhost/nextcloud - dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.nextcloud.domain }}" - notify: "restart nginx" - -- name: Upload Compose file for Nextcloud - template: - src: compose-files/nextcloud.yml.j2 - dest: "{{ services.nextcloud.volume_folder }}/docker-compose.yml" - -- name: Deploy Nextcloud - docker_compose: - project_src: "{{ services.nextcloud.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/nginx_proxy.yml b/roles/docker/tasks/services/nginx_proxy.yml deleted file mode 100644 index 68659529..00000000 --- a/roles/docker/tasks/services/nginx_proxy.yml +++ /dev/null @@ -1,25 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: create nginx-proxy volume folders - file: - name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}" - state: directory - loop: - - conf - - vhost - - html - - dhparam - - certs - loop_control: - loop_var: volume - -- name: Upload Compose file for nginx-proxy - template: - src: compose-files/nginx_proxy.yml.j2 - dest: "{{ services.nginx_proxy.volume_folder }}/docker-compose.yml" - -- name: Deploy nginx-proxy - docker_compose: - project_src: "{{ services.nginx_proxy.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/openldap.yml b/roles/docker/tasks/services/openldap.yml deleted file mode 100644 index b477a5bf..00000000 --- a/roles/docker/tasks/services/openldap.yml +++ /dev/null @@ -1,23 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create OpenLDAP volume folders - file: - name: "{{ services.openldap.volume_folder }}/{{ volume }}" - state: directory - loop: - - var/lib/ldap - - etc/slapd - - certs - loop_control: - loop_var: volume - -- name: Upload Compose file for OpenLDAP - template: - src: compose-files/openldap.yml.j2 - dest: "{{ services.openldap.volume_folder }}/docker-compose.yml" - -- name: Deploy OpenLDAP - docker_compose: - project_src: "{{ services.openldap.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/passit.yml b/roles/docker/tasks/services/passit.yml deleted file mode 100644 index eaf5baad..00000000 --- a/roles/docker/tasks/services/passit.yml +++ /dev/null @@ -1,19 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create directory for Passit data - file: - name: "{{ services.passit.volume_folder }}/data" - owner: '70' - group: root - state: directory - -- name: Upload Compose file for Passit - template: - src: compose-files/passit.yml.j2 - dest: "{{ services.passit.volume_folder }}/docker-compose.yml" - -- name: Deploy Passit - docker_compose: - project_src: "{{ services.passit.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/portainer.yml b/roles/docker/tasks/services/portainer.yml deleted file mode 100644 index 5f158c91..00000000 --- a/roles/docker/tasks/services/portainer.yml +++ /dev/null @@ -1,17 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: create portainer volume folder - file: - name: "{{ services.portainer.volume_folder }}" - state: directory - -- name: Upload Compose file for Portainer - template: - src: compose-files/portainer.yml.j2 - dest: "{{ services.portainer.volume_folder }}/docker-compose.yml" - -- name: Deploy Portainer - docker_compose: - project_src: "{{ services.portainer.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/postfix.yml b/roles/docker/tasks/services/postfix.yml deleted file mode 100644 index 5298b15d..00000000 --- a/roles/docker/tasks/services/postfix.yml +++ /dev/null @@ -1,24 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Set up network for Postfix - docker_network: - name: postfix - ipam_config: - - subnet: '172.16.0.0/16' - gateway: 172.16.0.1 - -- name: Create volume folders for Postfix - file: - name: "{{ services.postfix.volume_folder }}/dkim" - state: directory - -- name: Upload Compose file for Postfix - template: - src: compose-files/postfix.yml.j2 - dest: "{{ services.forgejo.volume_folder }}/docker-compose.yml" - -- name: Deploy Postfix - docker_compose: - project_src: "{{ services.postfix.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/privatebin.yml b/roles/docker/tasks/services/privatebin.yml deleted file mode 100644 index 09d648ca..00000000 --- a/roles/docker/tasks/services/privatebin.yml +++ /dev/null @@ -1,27 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: create privatebin volume folders - file: - name: "{{ services.privatebin.volume_folder }}/{{ volume }}" - state: directory - loop: - - cfg - - data - loop_control: - loop_var: volume - -- name: upload privatebin config - copy: - src: privatebin/conf.php - dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php" - -- name: Upload Compose file for PrivateBin - template: - src: compose-files/privatebin.yml.j2 - dest: "{{ services.privatebin.volume_folder }}/docker-compose.yml" - -- name: Deploy PrivateBin - docker_compose: - project_src: "{{ services.private.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/rallly.yml b/roles/docker/tasks/services/rallly.yml deleted file mode 100644 index e5f2b27b..00000000 --- a/roles/docker/tasks/services/rallly.yml +++ /dev/null @@ -1,22 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create Rallly volume folders - file: - name: "{{ services.rallly.volume_folder }}/postgres" - state: directory - -- name: Copy Rallly environment file - template: - src: rallly/env.j2 - dest: "{{ services.rallly.volume_folder }}/rallly.env" - -- name: Upload Compose file for Rallly - template: - src: compose-files/rallly.yml.j2 - dest: "{{ services.rallly.volume_folder }}/docker-compose.yml" - -- name: Deploy Rallly - docker_compose: - project_src: "{{ services.rallly.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/watchtower.yml b/roles/docker/tasks/services/watchtower.yml deleted file mode 100644 index e528024d..00000000 --- a/roles/docker/tasks/services/watchtower.yml +++ /dev/null @@ -1,17 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create Watchtower volume folder - file: - name: "{{ services.watchtower.volume_folder }}" - state: directory - -- name: Upload Compose file for Watchtower - template: - src: compose-files/watchtower.yml.j2 - dest: "{{ services.watchtower.volume_folder }}/docker-compose.yml" - -- name: Deploy Watchtower - docker_compose: - project_src: "{{ services.watchtower.volume_folder }}" - pull: true - state: present