From 4da17ee4f5b4a7ce1f5e59ae149c74560b733808 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Fri, 3 Nov 2023 23:38:15 +0100 Subject: [PATCH] Unify app config in one file + upload Compose files --- group_vars/production/vars.yml | 3 + group_vars/staging/vars.yml | 3 + host_vars/sapt-labp-app01.yml | 1 - host_vars/sapt-labs-app01.yml | 1 - roles/apps/defaults/main.yml | 13 ++-- .../tasks/{apps.yml => configure_app.yml} | 4 +- roles/apps/tasks/extra_tasks/emby.yml | 37 ---------- roles/apps/tasks/extra_tasks/ipfs.yml | 25 ------- roles/apps/tasks/extra_tasks/monerod.yml | 22 +----- roles/apps/tasks/extra_tasks/nextcloud.yml | 2 +- roles/apps/tasks/extra_tasks/postfix.yml | 22 ------ roles/apps/tasks/extra_tasks/restic.yml | 68 ------------------- roles/apps/tasks/extra_tasks/snowflake.yml | 12 ---- roles/apps/tasks/extra_tasks/watchtower.yml | 22 ------ roles/apps/tasks/main.yml | 14 ++-- .../apps/templates/compose-files/ipfs.yml.j2 | 26 +++++++ .../templates/compose-files/monerod.yml.j2 | 19 ++++++ .../nextcloud.yml.j2 | 20 +++--- .../templates/compose-files/postfix.yml.j2 | 19 ++++++ .../templates/compose-files/restic.yml.j2 | 59 ++++++++++++++++ .../templates/compose-files/snowflake.yml.j2 | 8 +++ .../templates/compose-files/watchtower.yml.j2 | 11 +++ 22 files changed, 180 insertions(+), 231 deletions(-) rename roles/apps/tasks/{apps.yml => configure_app.yml} (92%) delete mode 100644 roles/apps/tasks/extra_tasks/emby.yml delete mode 100644 roles/apps/tasks/extra_tasks/restic.yml delete mode 100644 roles/apps/tasks/extra_tasks/snowflake.yml delete mode 100644 roles/apps/tasks/extra_tasks/watchtower.yml create mode 100644 roles/apps/templates/compose-files/ipfs.yml.j2 create mode 100644 roles/apps/templates/compose-files/monerod.yml.j2 rename roles/apps/templates/{compose_files => compose-files}/nextcloud.yml.j2 (69%) create mode 100644 roles/apps/templates/compose-files/postfix.yml.j2 create mode 100644 roles/apps/templates/compose-files/restic.yml.j2 create mode 100644 roles/apps/templates/compose-files/snowflake.yml.j2 create mode 100644 roles/apps/templates/compose-files/watchtower.yml.j2 diff --git a/group_vars/production/vars.yml b/group_vars/production/vars.yml index defb3c5..a1beef9 100644 --- a/group_vars/production/vars.yml +++ b/group_vars/production/vars.yml @@ -3,3 +3,6 @@ --- base_domain: sapti.me local_domain: local.{{ base_domain }} + +db_passwords: "{{ vault_db_passwords }}" +redis_passwords: "{{ vault_redis_passwords }}" diff --git a/group_vars/staging/vars.yml b/group_vars/staging/vars.yml index 66e9979..7ee2cb4 100644 --- a/group_vars/staging/vars.yml +++ b/group_vars/staging/vars.yml @@ -3,3 +3,6 @@ --- base_domain: staging.sapti.me local_domain: local.{{ base_domain }} + +db_passwords: "{{ vault_db_passwords }}" +redis_passwords: "{{ vault_redis_passwords }}" diff --git a/host_vars/sapt-labp-app01.yml b/host_vars/sapt-labp-app01.yml index 6407a39..9a7c792 100644 --- a/host_vars/sapt-labp-app01.yml +++ b/host_vars/sapt-labp-app01.yml @@ -3,7 +3,6 @@ --- apps_include: - postfix - - emby - nextcloud - restic - watchtower diff --git a/host_vars/sapt-labs-app01.yml b/host_vars/sapt-labs-app01.yml index 6407a39..9a7c792 100644 --- a/host_vars/sapt-labs-app01.yml +++ b/host_vars/sapt-labs-app01.yml @@ -3,7 +3,6 @@ --- apps_include: - postfix - - emby - nextcloud - restic - watchtower diff --git a/roles/apps/defaults/main.yml b/roles/apps/defaults/main.yml index befb41e..ea73171 100644 --- a/roles/apps/defaults/main.yml +++ b/roles/apps/defaults/main.yml @@ -4,7 +4,8 @@ apps_base_domain: "example.com" apps_local_domain: "local.{{ apps_base_domain }}" apps_data_root: /apps -apps_docker_network: apps_network +apps_shared_docker_network: apps_network +apps_postfix_docker_network: postfix_network apps_vars: postfix: @@ -24,12 +25,12 @@ apps_vars: gateway_domain: ipfs-gateway.{{ apps_base_domain }} volume: "{{ apps_data_root }}/ipfs" extra_tasks: true - version: v0.19.2 # https://github.com/ipfs/kubo/issues/9901 + version: v0.23.0 monerod: domain: xmr.{{ apps_base_domain }} volume: "{{ apps_data_root }}/monerod" - extra_tasks: false + extra_tasks: true version: latest nextcloud: @@ -47,15 +48,15 @@ apps_vars: restic: repo: /restic extra_tasks: false - version: '1.7' + version: '1.7.0' watchtower: extra_tasks: false - version: '1.5.3' + version: '1.6.0' apps_include: "{{ apps_vars | dict2items | map(attribute='key') | list }}" -apps_restic_volumes: +apps_restic_volumes: | - "/var/run/docker.sock:/var/run/docker.sock:rw" - "{{ apps_vars.postfix.volume }}:/mnt/volumes/postfix:ro" - "{{ apps_vars.emby.volume }}:/mnt/volumes/emby:ro" diff --git a/roles/apps/tasks/apps.yml b/roles/apps/tasks/configure_app.yml similarity index 92% rename from roles/apps/tasks/apps.yml rename to roles/apps/tasks/configure_app.yml index 68663f6..51e9594 100644 --- a/roles/apps/tasks/apps.yml +++ b/roles/apps/tasks/configure_app.yml @@ -5,7 +5,7 @@ ansible.builtin.file: name: "{{ app_vars.volume }}" owner: root - mode: u=rwx,g=rx,o=rx + mode: u=rwx,go= state: directory - name: Upload Compose file for app {{ app_name }} @@ -13,7 +13,7 @@ src: compose-files/{{ app_name }}.yml.j2 dest: "{{ app_vars.volume }}/docker-compose.yml" owner: root - mode: u=rw,g=r,o=r + mode: u=rw,go= - name: Run extra configuration tasks for app {{ app_name }} ansible.builtin.include_tasks: extra_tasks/{{ app_name }}.yml diff --git a/roles/apps/tasks/extra_tasks/emby.yml b/roles/apps/tasks/extra_tasks/emby.yml deleted file mode 100644 index 5e72a8f..0000000 --- a/roles/apps/tasks/extra_tasks/emby.yml +++ /dev/null @@ -1,37 +0,0 @@ -# vim: ft=yaml.ansible -# code: language=ansible ---- -- name: Create subfolders for Emby data - ansible.builtin.file: - name: "{{ dir }}" - owner: '1000' - mode: u=rwx,g=rx,o=rx - state: directory - loop: - - "{{ apps_vars.emby.volume }}/programdata" - - "{{ apps_vars.emby.data_volume }}/tvshows" - - "{{ apps_vars.emby.data_volume }}/movies" - loop_control: - loop_var: dir - -- name: Deploy Emby Docker container - community.docker.docker_container: - name: emby - state: "{{ 'absent' if down is defined and down else 'started' }}" - restart: "{{ restart is defined and restart }}" - recreate: "{{ recreate is defined and recreate }}" - image: emby/embyserver_arm64v8:{{ apps_vars.emby.version }} - restart_policy: always - env: - UID: '1000' - GID: '1000' - networks: - - name: services - aliases: - - emby - volumes: - - "{{ apps_vars.emby.volume }}/programdata:/config:rw" - - "{{ apps_vars.emby.data_volume }}/tvshows:/mnt/share1:rw" - - "{{ apps_vars.emby.data_volume }}/movies:/mnt/share2:rw" - devices: - - /dev/vchiq:/dev/vchiq # MMAL/OMX on Raspberry Pi diff --git a/roles/apps/tasks/extra_tasks/ipfs.yml b/roles/apps/tasks/extra_tasks/ipfs.yml index 3314be4..448ba49 100644 --- a/roles/apps/tasks/extra_tasks/ipfs.yml +++ b/roles/apps/tasks/extra_tasks/ipfs.yml @@ -19,28 +19,3 @@ dest: "{{ apps_vars.ipfs.volume }}/ipfs-config.sh" owner: root mode: u=rwx,g=rx,o=rx - -- name: Deploy IPFS Kubo Docker container - community.docker.docker_container: - name: ipfs_kubo - state: "{{ 'absent' if down is defined and down else 'started' }}" - restart: "{{ restart is defined and restart }}" - recreate: "{{ recreate is defined and recreate }}" - image: ipfs/kubo:{{ apps_vars.ipfs.version }} - restart_policy: always - default_host_ip: '' - env: - IPFS_DOMAIN: "{{ apps_vars.ipfs.gateway_domain }}" - IPFS_PROFILE: server - LOCAL_DOMAIN: "{{ apps_vars.ipfs.domain }}" - networks: - - name: services - aliases: - - ipfs_kubo - volumes: - - "{{ apps_vars.ipfs.volume }}/ipfs-config.sh:/container-init.d/ipfs-config.sh:ro" - - "{{ apps_vars.ipfs.volume }}/data:/data/ipfs:rw" - - "{{ apps_vars.ipfs.volume }}/staging:/export:rw" - published_ports: - - 4001:4001/tcp - - 4001:4001/udp diff --git a/roles/apps/tasks/extra_tasks/monerod.yml b/roles/apps/tasks/extra_tasks/monerod.yml index d08bdab..5f51f50 100644 --- a/roles/apps/tasks/extra_tasks/monerod.yml +++ b/roles/apps/tasks/extra_tasks/monerod.yml @@ -1,27 +1,9 @@ # vim: ft=yaml.ansible # code: language=ansible --- -- name: Create Monero node volume directory +- name: Create subfolder for Monero blockchain ansible.builtin.file: - name: "{{ apps_vars.monerod.volume }}" + name: "{{ apps_vars.monerod.volume }}/blockchain" owner: '1000' mode: u=rwx,g=rx,o=rx state: directory - -- name: Deploy Monero node Docker container - community.docker.docker_container: - name: monerod - state: "{{ 'absent' if down is defined and down else 'started' }}" - restart: "{{ restart is defined and restart }}" - recreate: "{{ recreate is defined and recreate }}" - image: sethsimmons/simple-monerod:{{ apps_vars.monerod.version }} - restart_policy: always - default_host_ip: '' - networks: - - name: services - aliases: - - monerod - volumes: - - "{{ apps_vars.monerod.volume }}:/home/monero/.bitmonero:rw" - published_ports: - - 18080:18080/tcp diff --git a/roles/apps/tasks/extra_tasks/nextcloud.yml b/roles/apps/tasks/extra_tasks/nextcloud.yml index a595caa..3f50cd8 100644 --- a/roles/apps/tasks/extra_tasks/nextcloud.yml +++ b/roles/apps/tasks/extra_tasks/nextcloud.yml @@ -8,7 +8,7 @@ mode: u=rwx,g=rx,o=rx state: directory -- name: Create Nextcloud app subfolder +- name: Create subfolder for Nextcloud data ansible.builtin.file: name: "{{ apps_vars.nextcloud.volume }}/app" owner: root diff --git a/roles/apps/tasks/extra_tasks/postfix.yml b/roles/apps/tasks/extra_tasks/postfix.yml index 26102f0..badbfe3 100644 --- a/roles/apps/tasks/extra_tasks/postfix.yml +++ b/roles/apps/tasks/extra_tasks/postfix.yml @@ -1,31 +1,9 @@ # vim: ft=yaml.ansible # code: language=ansible --- -- name: Create Docker network for Postfix - community.docker.docker_network: - name: postfix - state: present - - name: Create subfolder for Postfix DKIM keys ansible.builtin.file: name: "{{ apps_vars.postfix.volume }}/dkim" owner: root mode: u=rwx,g=rx,o=rx state: directory - -- name: Deploy Postfix Docker container - community.docker.docker_container: - name: postfix - state: "{{ 'absent' if down is defined and down else 'started' }}" - restart: "{{ restart is defined and restart }}" - recreate: "{{ recreate is defined and recreate }}" - image: boky/postfix:{{ apps_vars.postfix.version }} - restart_policy: always - env: - ALLOWED_SENDER_DOMAINS: "{{ sender_domains | join(' ') }}" - HOSTNAME: "{{ apps_vars.postfix.domain }}" - DKIM_AUTOGENERATE: "true" - networks: - - name: postfix - volumes: - - "{{ apps_vars.postfix.volume }}/dkim:/etc/opendkim/keys:rw" diff --git a/roles/apps/tasks/extra_tasks/restic.yml b/roles/apps/tasks/extra_tasks/restic.yml deleted file mode 100644 index c4ff99e..0000000 --- a/roles/apps/tasks/extra_tasks/restic.yml +++ /dev/null @@ -1,68 +0,0 @@ -# vim: ft=yaml.ansible -# code: language=ansible ---- -- name: Deploy Restic with Docker Compose - community.docker.docker_compose: - project_name: restic - state: "{{ 'absent' if down is defined and down else 'present' }}" - restarted: "{{ restart is defined and restart }}" - recreate: "{{ 'always' if recreate is defined and recreate else 'smart' }}" - pull: true - definition: - version: '3.8' - - services: - backup: - image: mazzolino/restic:{{ apps_vars.restic.version }} - restart: always - environment: - RUN_ON_STARTUP: 'false' - BACKUP_CRON: 0 0 3 * * * - RESTIC_REPOSITORY: b2:{{ secrets.restic.b2.bucket }}:{{ apps_vars.restic.repo }} - RESTIC_PASSWORD: "{{ secrets.restic.repo_pw }}" - RESTIC_BACKUP_SOURCES: /mnt/volumes - RESTIC_BACKUP_ARGS: >- - --tag docker-volumes - --exclude '*.tmp' - --verbose - RESTIC_FORGET_ARGS: >- - --keep-last 10 - --keep-daily 7 - --keep-weekly 5 - --keep-monthly 12 - PRE_COMMANDS: |- - docker exec -u www-data nextcloud_app_1 php occ maintenance:mode --on - POST_COMMANDS_EXIT: |- - docker exec -u www-data nextcloud_app_1 php occ maintenance:mode --off - B2_ACCOUNT_ID: "{{ secrets.restic.b2.id }}" - B2_ACCOUNT_KEY: "{{ secrets.restic.b2.key }}" - TZ: "{{ timezone }}" - volumes: "{{ restic_volumes }}" - - prune: - image: mazzolino/restic:{{ apps_vars.restic.version }} - restart: always - environment: - RUN_ON_STARTUP: 'false' - PRUNE_CRON: 0 0 4 * * * - RESTIC_REPOSITORY: b2:{{ secrets.restic.b2.bucket }}:{{ apps_vars.restic.repo }} - RESTIC_PASSWORD: "{{ secrets.restic.repo_pw }}" - RESTIC_PRUNE_ARGS: >- - --verbose - B2_ACCOUNT_ID: "{{ secrets.restic.b2.id }}" - B2_ACCOUNT_KEY: "{{ secrets.restic.b2.key }}" - TZ: "{{ timezone }}" - - check: - image: mazzolino/restic:{{ apps_vars.restic.version }} - restart: always - environment: - RUN_ON_STARTUP: 'false' - CHECK_CRON: 0 0 5 * * * - RESTIC_REPOSITORY: b2:{{ secrets.restic.b2.bucket }}:{{ apps_vars.restic.repo }} - RESTIC_PASSWORD: "{{ secrets.restic.repo_pw }}" - RESTIC_CHECK_ARGS: >- - --verbose - B2_ACCOUNT_ID: "{{ secrets.restic.b2.id }}" - B2_ACCOUNT_KEY: "{{ secrets.restic.b2.key }}" - TZ: "{{ timezone }}" diff --git a/roles/apps/tasks/extra_tasks/snowflake.yml b/roles/apps/tasks/extra_tasks/snowflake.yml deleted file mode 100644 index 41b594d..0000000 --- a/roles/apps/tasks/extra_tasks/snowflake.yml +++ /dev/null @@ -1,12 +0,0 @@ -# vim: ft=yaml.ansible -# code: language=ansible ---- -- name: Deploy snowflake-proxy Docker container - community.docker.docker_container: - name: snowflake-proxy - state: "{{ 'absent' if down is defined and down else 'started' }}" - restart: "{{ restart is defined and restart }}" - recreate: "{{ recreate is defined and recreate }}" - image: thetorproject/snowflake-proxy:{{ apps_vars.snowflake.version }} - restart_policy: always - network_mode: host diff --git a/roles/apps/tasks/extra_tasks/watchtower.yml b/roles/apps/tasks/extra_tasks/watchtower.yml deleted file mode 100644 index 1d61aac..0000000 --- a/roles/apps/tasks/extra_tasks/watchtower.yml +++ /dev/null @@ -1,22 +0,0 @@ -# vim: ft=yaml.ansible -# code: language=ansible ---- -- name: Create Docker network for Watchtower - community.docker.docker_network: - name: watchtower - state: present - -- name: Deploy Watchtower Docker container - community.docker.docker_container: - name: watchtower - state: "{{ 'absent' if down is defined and down else 'started' }}" - restart: "{{ restart is defined and restart }}" - recreate: "{{ recreate is defined and recreate }}" - image: containrrr/watchtower:{{ apps_vars.watchtower.version }} - restart_policy: always - networks: - - name: watchtower - env: - WATCHTOWER_POLL_INTERVAL: '3600' - volumes: - - /var/run/docker.sock:/var/run/docker.sock:rw diff --git a/roles/apps/tasks/main.yml b/roles/apps/tasks/main.yml index 11a6f9a..ff667bf 100644 --- a/roles/apps/tasks/main.yml +++ b/roles/apps/tasks/main.yml @@ -3,23 +3,29 @@ --- - name: Create Docker network for apps community.docker.docker_network: - name: "{{ apps_docker_network }}" + name: "{{ apps_shared_docker_network }}" enable_ipv6: true ipam_config: - subnet: 172.17.2.0/24 - subnet: fd02::/64 state: present -- name: Create base directories for Docker volumes +- name: Create Docker network for Postfix + community.docker.docker_network: + name: "{{ apps_postfix_docker_network }}" + state: present + when: "'postfix' in apps_include" + +- name: Create base folder for apps ansible.builtin.file: name: "{{ apps_data_root }}" owner: root - mode: u=rwx,g=rx,o=rx + mode: u=rwx,go= state: directory - name: Configure apps ansible.builtin.include_tasks: - file: apps.yml + file: configure_app.yml vars: app_name: "{{ item }}" app_vars: "{{ apps_vars[item] }}" diff --git a/roles/apps/templates/compose-files/ipfs.yml.j2 b/roles/apps/templates/compose-files/ipfs.yml.j2 new file mode 100644 index 0000000..2ea2330 --- /dev/null +++ b/roles/apps/templates/compose-files/ipfs.yml.j2 @@ -0,0 +1,26 @@ +# code: language=ansible-jinja +version: "3.8" + +services: + kubo: + image: ipfs/kubo:{{ apps_vars.ipfs.version }} + restart: always + environment: + IPFS_DOMAIN: {{ apps_vars.ipfs.gateway_domain }} + IPFS_PROFILE: server + LOCAL_DOMAIN: {{ apps_vars.ipfs.domain }} + networks: + {{ apps_shared_docker_network }}: + aliases: + - ipfs + ports: + - 4001:4001/tcp + - 4001:4001/udp + volumes: + - "./ipfs-config.sh:/container-init.d/ipfs-config.sh:ro" + - "./data:/data/ipfs:rw" + - "./staging:/export:rw" + +networks: + {{ apps_shared_docker_network }}: + external: true \ No newline at end of file diff --git a/roles/apps/templates/compose-files/monerod.yml.j2 b/roles/apps/templates/compose-files/monerod.yml.j2 new file mode 100644 index 0000000..429d5c0 --- /dev/null +++ b/roles/apps/templates/compose-files/monerod.yml.j2 @@ -0,0 +1,19 @@ +# code: language=ansible-jinja +version: "3.8" + +services: + node: + image: sethsimmons/simple-monerod:{{ apps_vars.monerod.version }} + restart: always + networks: + {{ apps_shared_docker_network }}: + aliases: + - monerod + ports: + - 18080:18080/tcp + volumes: + - "./blockchain:/home/monero/.bitmonero:rw" + +networks: + {{ apps_shared_docker_network }}: + external: true \ No newline at end of file diff --git a/roles/apps/templates/compose_files/nextcloud.yml.j2 b/roles/apps/templates/compose-files/nextcloud.yml.j2 similarity index 69% rename from roles/apps/templates/compose_files/nextcloud.yml.j2 rename to roles/apps/templates/compose-files/nextcloud.yml.j2 index 6d9b6e6..24f177c 100644 --- a/roles/apps/templates/compose_files/nextcloud.yml.j2 +++ b/roles/apps/templates/compose-files/nextcloud.yml.j2 @@ -5,7 +5,7 @@ services: redis: image: redis:{{ apps_vars.nextcloud.redis_version }} restart: always - command: redis-server --requirepass {{ secrets.nextcloud.redis_pw }} + command: redis-server --requirepass {{ redis_passwords.nextcloud }} tmpfs: - /var/lib/redis @@ -16,9 +16,9 @@ services: POSTGRES_HOST: "{{ db_host_ip }}" POSTGRES_DB: nextcloud POSTGRES_USER: nextcloud - POSTGRES_PASSWORD: {{ secrets.nextcloud.postgres_pw }} + POSTGRES_PASSWORD: {{ db_passwords.nextcloud }} REDIS_HOST: redis - REDIS_HOST_PASSWORD: {{ secrets.nextcloud.redis_pw }} + REDIS_HOST_PASSWORD: {{ redis_passwords.nextcloud }} MAIL_FROM_ADDRESS: noreply MAIL_DOMAIN: {{ apps_vars.nextcloud.domain }} SMTP_AUTHTYPE: PLAIN @@ -33,13 +33,13 @@ services: PHP_UPLOAD_LIMIT: 16G networks: default: - postfix: - {{ apps_docker_network }}: + {{ apps_postfix_docker_network }}: + {{ apps_shared_docker_network }}: aliases: - nextcloud volumes: - - "{{ apps_vars.nextcloud.volume }}/app:/var/www/html:rw" - - "{{ apps_vars.nextcloud.volume }}/apache2/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro" + - "./app:/var/www/html:rw" + - "./apache2/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro" depends_on: - redis @@ -48,12 +48,12 @@ services: restart: always entrypoint: /cron.sh volumes: - - "{{ apps_vars.nextcloud.volume }}/app:/var/www/html:rw" + - "./app:/var/www/html:rw" depends_on: - app networks: - postfix: + {{ apps_postfix_docker_network }}: external: true - {{ apps_docker_network }}: + {{ apps_shared_docker_network }}: external: true \ No newline at end of file diff --git a/roles/apps/templates/compose-files/postfix.yml.j2 b/roles/apps/templates/compose-files/postfix.yml.j2 new file mode 100644 index 0000000..1e8bba6 --- /dev/null +++ b/roles/apps/templates/compose-files/postfix.yml.j2 @@ -0,0 +1,19 @@ +# code: language=ansible-jinja +version: "3.8" + +services: + app: + image: boky/postfix:{{ apps_vars.postfix.version }} + restart: always + environment: + ALLOWED_SENDER_DOMAINS: "{{ apps_sender_domains | join(' ') }}" + HOSTNAME: "{{ apps_vars.postfix.domain }}" + DKIM_AUTOGENERATE: "true" + networks: + - {{ apps_postfix_docker_network }} + volumes: + - "./dkim:/etc/opendkim/keys:rw" + +networks: + {{ apps_postfix_docker_network }}: + external: true \ No newline at end of file diff --git a/roles/apps/templates/compose-files/restic.yml.j2 b/roles/apps/templates/compose-files/restic.yml.j2 new file mode 100644 index 0000000..ae31ea6 --- /dev/null +++ b/roles/apps/templates/compose-files/restic.yml.j2 @@ -0,0 +1,59 @@ +# code: language=ansible-jinja +version: "3.8" + +services: + backup: + image: mazzolino/restic:{{ apps_vars.restic.version }} + restart: always + environment: + RUN_ON_STARTUP: false + BACKUP_CRON: 0 0 3 * * * + RESTIC_REPOSITORY: b2:{{ restic.b2.bucket }}:{{ restic.repo }} + RESTIC_PASSWORD: {{ restic.repo_password }} + RESTIC_BACKUP_SOURCES: /mnt/volumes + RESTIC_BACKUP_ARGS: >- + --tag docker-volumes + --exclude '*.tmp' + --verbose + RESTIC_FORGET_ARGS: >- + --keep-last 10 + --keep-daily 7 + --keep-weekly 5 + --keep-monthly 12 + PRE_COMMANDS: |- + docker exec -u www-data nextcloud_app_1 php occ maintenance:mode --on + POST_COMMANDS_EXIT: |- + docker exec -u www-data nextcloud_app_1 php occ maintenance:mode --off + B2_ACCOUNT_ID: {{ restic.b2.id }} + B2_ACCOUNT_KEY: {{ restic.b2.key }} + TZ: {{ timezone }} + volumes: + {{ apps_restic_volumes }} + + prune: + image: mazzolino/restic:{{ apps_vars.restic.version }} + restart: always + environment: + RUN_ON_STARTUP: false + PRUNE_CRON: 0 0 4 * * * + RESTIC_REPOSITORY: b2:{{ restic.b2.bucket }}:{{ restic.repo }} + RESTIC_PASSWORD: {{ restic.repo_password }} + RESTIC_PRUNE_ARGS: >- + --verbose + B2_ACCOUNT_ID: {{ restic.b2.id }} + B2_ACCOUNT_KEY: {{ restic.b2.key }} + TZ: {{ timezone }} + + check: + image: mazzolino/restic:{{ apps_vars.restic.version }} + restart: always + environment: + RUN_ON_STARTUP: false + CHECK_CRON: 0 0 5 * * * + RESTIC_REPOSITORY: b2:{{ restic.b2.bucket }}:{{ restic.repo }} + RESTIC_PASSWORD: {{ restic.repo_password }} + RESTIC_CHECK_ARGS: >- + --verbose + B2_ACCOUNT_ID: {{ restic.b2.id }} + B2_ACCOUNT_KEY: {{ restic.b2.key }} + TZ: {{ timezone }} diff --git a/roles/apps/templates/compose-files/snowflake.yml.j2 b/roles/apps/templates/compose-files/snowflake.yml.j2 new file mode 100644 index 0000000..92876e1 --- /dev/null +++ b/roles/apps/templates/compose-files/snowflake.yml.j2 @@ -0,0 +1,8 @@ +# code: language=ansible-jinja +version: "3.8" + +services: + proxy: + image: thetorproject/snowflake-proxy:{{ apps_vars.snowflake.version }} + restart: always + network_mode: host diff --git a/roles/apps/templates/compose-files/watchtower.yml.j2 b/roles/apps/templates/compose-files/watchtower.yml.j2 new file mode 100644 index 0000000..a549122 --- /dev/null +++ b/roles/apps/templates/compose-files/watchtower.yml.j2 @@ -0,0 +1,11 @@ +# code: language=ansible-jinja +version: "3.8" + +services: + app: + image: containrrr/watchtower:{{ apps_vars.watchtower.version }} + restart: always + environment: + WATCHTOWER_POLL_INTERVAL: 3600 + volumes: + - "/var/run/docker.sock:/var/run/docker.sock:rw"