Remove Vagrant support and deploy services selectively

.gitignore

@@ -1,6 +1,5 @@
 *.retry
 *.sw*
-.vagrant/
 *.log
 .idea/
 .vscode/

Vagrantfile

@@ -1,39 +0,0 @@
-Vagrant.require_version ">= 2.0.0"
-PORT = 19022
-
-def provisioned?(vm="default", provider="virtualbox")
-  File.exist?(".vagrant/machines/#{vm}/#{provider}/action_provision")
-end
-
-Vagrant.configure(2) do |config|
-  config.vm.network :private_network, ip: "192.168.56.10"
-  config.vm.network :forwarded_port, guest: PORT, host: PORT
-
-  config.vm.box = "ubuntu/focal64"
-  config.vm.hostname = "datacoop"
-
-  config.vm.provider :virtualbox do |v|
-    v.cpus = 8
-    v.memory = 16384
-  end
-
-  config.vm.provision :ansible do |ansible|
-    ansible.compatibility_mode = "2.0"
-    ansible.playbook = "playbook.yml"
-    ansible.ask_vault_pass = true
-    ansible.verbose = "v"
-
-    # If the VM is already provisioned, we need to use the new port
-    if provisioned?
-      config.ssh.guest_port = PORT
-      ansible.extra_vars = {
-        ansible_port: PORT,
-        from_vagrant: true
-      }
-    else
-      ansible.extra_vars = {
-        from_vagrant: true
-      }
-    end
-  end
-end

ansible.cfg

@@ -2,7 +2,7 @@
 ask_vault_pass = True
 inventory = datacoop_hosts
 interpreter_python = /usr/bin/python3
-remote_user = root
+remote_user = ansible
 retry_files_enabled = True
 use_persistent_connections = True
 forks = 10

deploy.sh

@@ -2,20 +2,15 @@
 
 usage () {
     {
-        echo "Usage: $0 [--vagrant]"
+        echo "Usage: $0"
-        echo "Usage: $0 [--vagrant] base"
+        echo "Usage: $0 base"
-        echo "Usage: $0 [--vagrant] users"
+        echo "Usage: $0 users"
-        echo "Usage: $0 [--vagrant] services [SERVICE]"
+        echo "Usage: $0 services [--deploy] [SERVICE]"
     } >&2
 }
 
 BASE_CMD="ansible-playbook playbook.yml"
-
+DEPLOY="false"
-if [ "$1" = "--vagrant" ]; then
-    BASE_CMD="$BASE_CMD --verbose --inventory=vagrant_host"
-    VAGRANT_VAR="from_vagrant"
-    shift
-fi
 
 if [ -z "$(ansible-galaxy collection list community.general 2>/dev/null)" ]; then
     echo "Installing community.general modules"
@@ -28,19 +23,24 @@ if [ -z "$1" ]; then
 else
     case $1 in
         "services")
+            if [ -n "$2" && "$2" = "--deploy" ]; then
+                DEPLOY="true"
+                shift
+            fi
+
             if [ -z "$2" ]; then
                 echo "Deploying all services!"
-                eval "$BASE_CMD --tags setup_services $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
+                $BASE_CMD --tags setup_services --extra-vars "deploy_services=$DEPLOY"
             else
                 echo "Deploying service: $2"
-                $BASE_CMD --tags setup_services --extra-vars '{"single_service": "'"$2"'"'"$(test -z "$VAGRANT_VAR" || printf '%s' ', "'"$VAGRANT_VAR"'": true')"'}'
+                $BASE_CMD --tags setup_services --extra-vars "deploy_services=$DEPLOY" --extra-vars "single_service=$2"
             fi
         ;;
         "base")
-            eval "$BASE_CMD --tags base_only $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
+            $BASE_CMD --tags base_only
         ;;
         "users")
-            eval "$BASE_CMD --tags setup-users $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
+            $BASE_CMD --tags setup-users
         ;;
         *)
             usage

group_vars/monitoring/vars.yml

@@ -1,10 +1,7 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
-vagrant: "{{ from_vagrant is defined and from_vagrant }}"
+base_domain: data.coop
-letsencrypt_enabled: "{{ not vagrant }}"
-
-base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
 letsencrypt_email: admin@data.coop
 
 services_include:

group_vars/production/vars.yml

@@ -1,10 +1,7 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
-vagrant: "{{ from_vagrant is defined and from_vagrant }}"
+base_domain: data.coop
-letsencrypt_enabled: "{{ not vagrant }}"
-
-base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
 letsencrypt_email: admin@data.coop
 
 services_exclude:

group_vars/staging/vars.yml

@@ -1,10 +1,7 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
-vagrant: "{{ from_vagrant is defined and from_vagrant }}"
+base_domain: staging.data.coop
-letsencrypt_enabled: "{{ not vagrant }}"
-
-base_domain: "{{ 'staging.datacoop.devel' if vagrant else 'staging.data.coop' }}"
 letsencrypt_email: admin@data.coop
 
 services_exclude:

host_vars/cavall.yml

@@ -2,4 +2,7 @@
 # code: language=ansible
 ---
 ansible_host: 85.209.118.134
-fqdn: cavall.servers.data.coop
+ansible_port: 22
+
+hostname: "{{ inventory_hostname }}"
+fqdn: "{{ hostname }}.servers.data.coop"

host_vars/folald.yml

@@ -3,4 +3,9 @@
 ---
 ansible_host: 85.209.118.134
 ansible_port: 19022
-fqdn: folald.vm.cavall.servers.data.coop
+
+vm_host: cavall
+vm_type: qemu
+
+hostname: "{{ inventory_hostname }}"
+fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"

host_vars/hestur.yml

@@ -2,4 +2,10 @@
 # code: language=ansible
 ---
 ansible_host: 159.223.17.241
-fqdn: hestur.servers.data.coop
+ansible_port: 22
+
+vm_host: cloud
+vm_type: vps
+
+hostname: "{{ inventory_hostname }}"
+fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"

host_vars/poltre.yml

@@ -3,4 +3,9 @@
 ---
 ansible_host: 85.209.118.142
 ansible_port: 19022
-fqdn: poltre.vm.cavall.servers.data.coop
+
+vm_host: cavall
+vm_type: qemu
+
+hostname: "{{ inventory_hostname }}"
+fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"

host_vars/varsa.yml

@@ -3,4 +3,9 @@
 ---
 ansible_host: 85.209.118.143
 ansible_port: 19022
-fqdn: varsa.vm.cavall.servers.data.coop
+
+vm_host: cavall
+vm_type: qemu
+
+hostname: "{{ inventory_hostname }}"
+fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"

inventory.ini

@@ -17,3 +17,6 @@ folald
 production
 staging
 control
+
+[physical:children]
+proxmox

roles/docker/defaults/main.yml

@@ -50,7 +50,6 @@ services:
     host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
     repository: restic
     version: "1.7.0"
-    disabled_in_vagrant: true
     # mail dance
     domain: "noreply.{{ base_domain }}"
     allowed_sender_domain: true

roles/docker/tasks/block.yml

@@ -1,27 +1,30 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
-- name: Create volume folder for service {{ service.name }}
+- name: Create volume folder for service '{{ service.name }}'
   file:
     name: "{{ service.vars.volume_folder }}"
     state: directory
 
-- name: Upload Compose file for service {{ service.name }}
+- name: Upload Compose file for service '{{ service.name }}'
   template:
     src: compose-files/{{ service.name }}.yml.j2
     dest: "{{ service.vars.volume_folder }}/docker-compose.yml"
     owner: root
     mode: u=rw,go=
 
-- name: Run pre-deployment tasks for service {{ service.name }}
+- name: Run pre-deployment tasks for service '{{ service.name }}'
-  include_tasks: pre_deploy/{{ service.name }}.yml
+  ansible.builtin.include_tasks: pre_deploy/{{ service.name }}.yml
   when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks
 
-- name: Deploy Compose stack for service {{ service.name }}
+- name: Deploy service '{{ service.name }}'
-  command: docker compose up -d --remove-orphans --pull always
+  when: deploy_services is defined and deploy_services
+  block:
+    - name: Deploy Compose stack for service '{{ service.name }}'
+      ansible.builtin.command: docker compose up -d --remove-orphans --pull always
       args:
         chdir: "{{ service.vars.volume_folder }}"
 
-- name: Run post-deployment tasks for service {{ service.name }}
+    - name: Run post-deployment tasks for service '{{ service.name }}'
-  include_tasks: post_deploy/{{ service.name }}.yml
+      ansible.builtin.include_tasks: post_deploy/{{ service.name }}.yml
       when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks

roles/docker/tasks/post_deploy/docker_registry.yml

@@ -9,6 +9,6 @@
 
 - name: log in to registry
   docker_login:
-    registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}"
+    registry: docker.data.coop
     username: docker
     password: "{{ docker_password }}"

roles/docker/tasks/pre_deploy/mailu.yml

@@ -35,7 +35,6 @@
     dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
     state: hard
     force: true
-  when: letsencrypt_enabled
 
 - name: Hard link to Let's Encrypt TLS key
   file:
@@ -43,4 +42,3 @@
     dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
     state: hard
     force: true
-  when: letsencrypt_enabled

roles/docker/tasks/services.yml

@@ -13,9 +13,7 @@
       name: "{{ item }}"
       vars: "{{ services[item] }}"
   loop: "{{ services_include }}"
-  when: single_service is not defined and
+  when: single_service is not defined
-        (item.vars.disabled_in_vagrant is not defined or
-        not (item.vars.disabled_in_vagrant and vagrant))
 
 - name: Deploy single service
   include_tasks:
@@ -24,6 +22,4 @@
     service:
       name: "{{ single_service }}"
       vars: "{{ services[single_service] }}"
-  when: single_service is defined and single_service in services and
+  when: single_service is defined and single_service in services
-        (services[single_service].disabled_in_vagrant is not defined or
-        not (services[single_service].disabled_in_vagrant and vagrant))

roles/docker/templates/compose-files/nginx_proxy.yml.j2

@@ -22,7 +22,6 @@ services:
     labels:
       - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
 
-{% if letsencrypt_enabled %}
   acme:
     image: nginxproxy/acme-companion:{{ services.nginx_proxy.acme_companion_version }}
     restart: always
@@ -34,7 +33,6 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock:ro
     depends_on:
       - proxy
-{% endif %}
 
 networks:
   external_services:

roles/docker/templates/compose-files/restic.yml.j2

@@ -7,8 +7,8 @@ services:
   backup:
     image: mazzolino/restic:{{ services.restic.version }}
     restart: always
-    hostname: {{ inventory_hostname_short }}
+    hostname: {{ hostname }}
-    domainname: {{ inventory_hostname }}
+    domainname: {{ fqdn }}
     environment:
       RUN_ON_STARTUP: false
       BACKUP_CRON: "0 30 3 * * *"

roles/os_base/tasks/main.yml

@@ -1,10 +1,6 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
-- ansible.builtin.import_tasks: ssh-port.yml
-  tags: [change-ssh-port]
-  when: ansible_port != 22
-
 - ansible.builtin.import_tasks: base.yml
   tags: [install-base-packages]
 

roles/os_base/tasks/ssh-port.yml

@@ -1,22 +0,0 @@
-# vim: ft=yaml.ansible
-# code: language=ansible
----
-- name: Change SSH port on host
-  lineinfile:
-    dest: "/etc/ssh/sshd_config"
-    regexp: "^#?Port "
-    line: "Port 19022"
-  register: ssh_changed
-
-- name: Restart sshd
-  service:
-    name: sshd
-    state: restarted
-  when: ssh_changed is defined and
-        ssh_changed.changed
-
-- name: Change Ansible port to 19022
-  set_fact:
-    ansible_port: 19022
-  when: ssh_changed is defined and
-        ssh_changed.changed

vagrant.ini

@@ -1,2 +0,0 @@
-[production]
-localhost ansible_port=19022