From 0972c1ce963b25edde8a712ba52557398ee47197 Mon Sep 17 00:00:00 2001 From: David Kilias Date: Tue, 25 Jul 2023 19:59:34 +0200 Subject: [PATCH 1/2] chore: rework/refactor pottwal vars --- host-pottwal.yml | 55 +++++++++++++++---------------- host_vars/pottwal.n39.eu/vars.yml | 33 +++++++++++++++---- 2 files changed, 54 insertions(+), 34 deletions(-) diff --git a/host-pottwal.yml b/host-pottwal.yml index e1f265f..0692a58 100644 --- a/host-pottwal.yml +++ b/host-pottwal.yml @@ -10,18 +10,18 @@ vars: dehydrated_contact_email: "{{ server_admin }}" dehydrated_domains: - - name: gitea.n39.eu + - name: "{{ forgejo_domain_name }}" - name: uritools.n39.eu - name: uritools-api.n39.eu - name: "{{ shlink_domain_name }}" - - name: pad.n39.eu + - name: "{{ hedgedoc_domain_name }}" - name: "{{ prosody_domain_name }}" alternate_names: - conference.jabber.n39.eu deploy_cert_hook: "docker exec prosody prosodyctl --root cert import ${DOMAIN} /var/lib/dehydrated/certs" - - name: redmine.n39.eu + - name: "{{ redmine_domain_name }}" - name: "{{ influxdb_domain_name }}" - - name: uptime.n39.eu + - name: "{{ uptimekuma_domain_name }}" - name: "{{ grafana_domain_name }}" - name: "{{ homebox_domain_name }}" - name: spaceapi.n39.eu @@ -52,33 +52,33 @@ - name: Setup the docker container for gitea docker_container: name: forgejo - image: "codeberg.org/forgejo/forgejo:1.19" + image: "{{ forgejo_image }}:{{ forgejo_image_tag }}" pull: true state: started restart_policy: unless-stopped detach: yes ports: - 127.0.0.1:{{ forgejo_host_port }}:3000 - - 2222:2222 + - "{{ forgejo_ssh_port }}:2222" env: TZ: "{{ timezone }}" APP_NAME: "Netz39 Git" RUN_MODE: "prod" - SSH_DOMAIN: "gitea.n39.eu" + SSH_DOMAIN: "{{ forgejo_domain_name }} SSH_PORT: "2222" SSH_START_SERVER: "false" - ROOT_URL: "https://gitea.n39.eu" + ROOT_URL: "https://{{ forgejo_domain_name }} DISABLE_REGISTRATION: "true" USER_UID: "1000" USER_GID: "1000" volumes: - "{{ data_dir }}/forgejo:/data:rw" - - name: Setup proxy site gitea.n39.eu + - name: Setup proxy site "{{ forgejo_domain_name }}" include_role: name: setup_http_site_proxy vars: - site_name: "gitea.n39.eu" + site_name: "{{ forgejo_domain_name }}" proxy_port: "{{ forgejo_host_port }}" - name: Ensure apt-cacher container is running @@ -94,11 +94,10 @@ env: TZ: "{{ timezone }}" - - name: Ensure container for shlink is running docker_container: name: shlink - image: shlinkio/shlink:2.6.2 + image: "{{ shlink_image }}:{{ shlink_image_tag }}" pull: true state: started detach: yes @@ -253,7 +252,7 @@ - name: Install HedgeDoc database container docker_container: name: hedgedocdb - image: "postgres:11.6-alpine" + image: "{{ hedgedoc_db_image }}:{{ hedgedoc_db_image_tag }}" pull: true state: started restart_policy: unless-stopped @@ -271,7 +270,7 @@ - name: Ensure container for hedgedoc is running docker_container: name: hedgedoc - image: "{{ hedgedoc_image }}" + image: "{{ hedgedoc_image }}:{{ hedgedoc_image_tag }}" pull: true state: started detach: yes @@ -282,7 +281,7 @@ TZ: "{{ timezone }}" NODE_ENV: "production" CMD_PROTOCOL_USESSL: "true" - CMD_DOMAIN: "pad.n39.eu" + CMD_DOMAIN: "{{ hedgedoc_domain_name }}" CMD_URL_ADDPORT: "false" CMD_DB_HOST: "hedgedocdb" CMD_DB_PORT: "5432" @@ -295,11 +294,11 @@ networks: - name: hedgedocnet - - name: Setup proxy site pad.n39.eu + - name: Setup proxy site "{{ hedgedoc_domain_name }}" include_role: name: setup_http_site_proxy vars: - site_name: pad.n39.eu + site_name: "{{ hedgedoc_domain_name }}" proxy_port: "{{ hedgedoc_host_port }}" - name: Ensure the influxdb directories exist @@ -315,7 +314,7 @@ - name: Ensure container for influxdb is running docker_container: name: influxdb - image: "{{ influxdb_image }}" + image: "{{ influxdb_image }}:{{ influxdb_image_tag }}" pull: true state: started detach: yes @@ -362,7 +361,7 @@ - name: Setup Redmine MySQL container docker_container: name: redminedb - image: "{{ redmine_mysql_image }}" + image: "{{ redmine_mysql_image }}:{{ redmine_mysql_image_tag }}" pull: true state: started restart_policy: unless-stopped @@ -379,7 +378,7 @@ - name: Setup Redmine container docker_container: name: redmine - image: "{{ redmine_image }}" + image: "{{ redmine_image }}:{{ redmine_image_tag }}" pull: true state: started restart_policy: unless-stopped @@ -397,11 +396,11 @@ networks: - name: redminenet - - name: Setup proxy site redmine.n39.eu + - name: Setup proxy site "{{ redmine_domain_name }}" include_role: name: setup_http_site_proxy vars: - site_name: redmine.n39.eu + site_name: "{{ redmine_domain_name }}" proxy_port: "{{ redmine_host_port }}" - name: Ensure the uptime-kuma directories exist @@ -415,7 +414,7 @@ - name: Ensure container for uptime-kuma is running docker_container: name: uptime-kuma - image: "louislam/uptime-kuma:1" + image: "{{ uptimekuma_image }}:{{ uptimekuma_image_tag }}" pull: true state: started detach: yes @@ -427,11 +426,11 @@ volumes: - "{{ data_dir }}/uptime-kuma:/app/data" - - name: Setup proxy site uptime.n39.eu + - name: Setup proxy site "{{ uptimekuma_domain_name }}" include_role: name: setup_http_site_proxy vars: - site_name: uptime.n39.eu + site_name: "{{ uptimekuma_domain_name }}" proxy_port: "{{ uptimekuma_host_port }}" - name: Ensure the grafana directories exist @@ -452,7 +451,7 @@ - name: Ensure container for grafana is running docker_container: name: grafana - image: "grafana/grafana:9.4.7" + image: "{{ grafana_image }}:{{ grafana_image_tag }}" pull: true state: started detach: yes @@ -468,7 +467,7 @@ GF_USERS_ALLOW_SIGN_UP: "false" GF_INSTALL_PLUGINS: "flant-statusmap-panel,ae3e-plotly-panel" - - name: Setup proxy site grafana.n39.eu + - name: Setup proxy site "{{ grafana_domain_name }}" include_role: name: setup_http_site_proxy vars: @@ -491,7 +490,7 @@ - name: Ensure container for homebox is running docker_container: name: homebox - image: "ghcr.io/hay-kot/homebox" + image: "{{ homebox_image }}" pull: true state: started detach: yes diff --git a/host_vars/pottwal.n39.eu/vars.yml b/host_vars/pottwal.n39.eu/vars.yml index 20cc119..8a72f6e 100644 --- a/host_vars/pottwal.n39.eu/vars.yml +++ b/host_vars/pottwal.n39.eu/vars.yml @@ -9,38 +9,59 @@ cleanuri_amqp_user: "cleanuri" cleanuri_amqp_pass: "{{ vault_cleanuri_amqp_pass }}" cleanuri_amqp_vhost: "/cleanuri" +forgejo_host_port: 9091 +forgejo_ssh_port: 2222 +forgejo_domain_name: gitea.n39.eu +forgejo_image: codeberg.org/forgejo/forgejo +forgejo_image_tag: 1.19 + + shlink_host_port: 8083 shlink_domain_name: sl.n39.eu +shlink_image: shlinkio/shlink +shlink_image_tag: 2.6.2 shlink_geolite_license_key: "{{ vault_shlink_geolite_license_key }}" hedgedoc_host_port: 8084 -hedgedoc_image: quay.io/hedgedoc/hedgedoc:1.9.3 +hedgedoc_domain_name: pad.n39.eu +hedgedoc_image: quay.io/hedgedoc/hedgedoc +hedgedoc_image_tag: 1.9.3 +hedgedoc_db_image: postgres +hedgedoc_db_image_tag: 11.6-alpine hedgedoc_postgres_password: "{{ vault_hedgedoc_postgres_password }}" redmine_host_port: 8087 -redmine_image: redmine:4.2.7 -redmine_mysql_image: mysql:5.7 +redmine_domain_name: redmine.n39.eu +redmine_image: redmine +redmine_image_tag: 4.2.7 +redmine_mysql_image: mysql +redmine_mysql_image_tag: 5.7 redmine_database: redmine redmine_database_password: "{{ vault_redmine_database_password }}" influxdb_host_port: 8088 influxdb_domain_name: influx.n39.eu -influxdb_image: influxdb:2.4-alpine +influxdb_image: influxdb +influxdb_image_tag: 2.4-alpine influxdb_init_username: admin influxdb_init_password: "{{ vault_influxdb_init_password }}" -forgejo_host_port: 9091 - prosody_config_dir: "/etc/prosody" prosody_data_dir: "{{ data_dir }}/prosody" prosody_domain_name: jabber.n39.eu jabber_host_port: 8086 uptimekuma_host_port: 8085 +uptimekuma_domain_name: uptime.n39.eu +uptimekuma_image: louislam/uptime-kuma +uptimekuma_image_tag: 1 grafana_host_port: 8089 grafana_domain_name: grafana.n39.eu +grafana_image: grafana/grafana +grafana_image_tag: 9.4.7 grafana_admin_password: "{{ vault_grafana_admin_password }}" homebox_host_port: 8092 homebox_domain_name: inventory.n39.eu +homebox_image: ghcr.io/hay-kot/homebox From aaa09a24cddad7d19c9ce45e177a9fc69625789b Mon Sep 17 00:00:00 2001 From: David Kilias Date: Tue, 25 Jul 2023 20:07:35 +0200 Subject: [PATCH 2/2] git: add ansible vault pass to gitignore --- .gitignore | 1 + host-pottwal.yml | 26 +++++++++++------------ host_vars/pottwal.n39.eu/vars.yml | 35 +++++++++++++------------------ 3 files changed, 28 insertions(+), 34 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..0d64df6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +vault-pass diff --git a/host-pottwal.yml b/host-pottwal.yml index 0692a58..061b929 100644 --- a/host-pottwal.yml +++ b/host-pottwal.yml @@ -52,7 +52,7 @@ - name: Setup the docker container for gitea docker_container: name: forgejo - image: "{{ forgejo_image }}:{{ forgejo_image_tag }}" + image: "{{ forgejo_image }}" pull: true state: started restart_policy: unless-stopped @@ -64,10 +64,10 @@ TZ: "{{ timezone }}" APP_NAME: "Netz39 Git" RUN_MODE: "prod" - SSH_DOMAIN: "{{ forgejo_domain_name }} + SSH_DOMAIN: "{{ forgejo_domain_name }}" SSH_PORT: "2222" SSH_START_SERVER: "false" - ROOT_URL: "https://{{ forgejo_domain_name }} + ROOT_URL: "https://{{ forgejo_domain_name }}" DISABLE_REGISTRATION: "true" USER_UID: "1000" USER_GID: "1000" @@ -97,7 +97,7 @@ - name: Ensure container for shlink is running docker_container: name: shlink - image: "{{ shlink_image }}:{{ shlink_image_tag }}" + image: "{{ shlink_image }}" pull: true state: started detach: yes @@ -179,7 +179,7 @@ - name: Ensure container for prosody XMPP server is running docker_container: name: prosody - image: netz39/prosody:0.11 + image: "{{ prosody_image }}" pull: true state: started detach: true @@ -201,7 +201,7 @@ - name: Ensure container for static XMPP website is running docker_container: name: jabber-static-website - image: joseluisq/static-web-server:2.14 + image: "{{ prosody_web_image }}" pull: true state: started detach: true @@ -252,7 +252,7 @@ - name: Install HedgeDoc database container docker_container: name: hedgedocdb - image: "{{ hedgedoc_db_image }}:{{ hedgedoc_db_image_tag }}" + image: "{{ hedgedoc_db_image }}" pull: true state: started restart_policy: unless-stopped @@ -270,7 +270,7 @@ - name: Ensure container for hedgedoc is running docker_container: name: hedgedoc - image: "{{ hedgedoc_image }}:{{ hedgedoc_image_tag }}" + image: "{{ hedgedoc_image }}" pull: true state: started detach: yes @@ -314,7 +314,7 @@ - name: Ensure container for influxdb is running docker_container: name: influxdb - image: "{{ influxdb_image }}:{{ influxdb_image_tag }}" + image: "{{ influxdb_image }}" pull: true state: started detach: yes @@ -361,7 +361,7 @@ - name: Setup Redmine MySQL container docker_container: name: redminedb - image: "{{ redmine_mysql_image }}:{{ redmine_mysql_image_tag }}" + image: "{{ redmine_mysql_image }}" pull: true state: started restart_policy: unless-stopped @@ -378,7 +378,7 @@ - name: Setup Redmine container docker_container: name: redmine - image: "{{ redmine_image }}:{{ redmine_image_tag }}" + image: "{{ redmine_image }}" pull: true state: started restart_policy: unless-stopped @@ -414,7 +414,7 @@ - name: Ensure container for uptime-kuma is running docker_container: name: uptime-kuma - image: "{{ uptimekuma_image }}:{{ uptimekuma_image_tag }}" + image: "{{ uptimekuma_image }}" pull: true state: started detach: yes @@ -451,7 +451,7 @@ - name: Ensure container for grafana is running docker_container: name: grafana - image: "{{ grafana_image }}:{{ grafana_image_tag }}" + image: "{{ grafana_image }}" pull: true state: started detach: yes diff --git a/host_vars/pottwal.n39.eu/vars.yml b/host_vars/pottwal.n39.eu/vars.yml index 8a72f6e..0129f2c 100644 --- a/host_vars/pottwal.n39.eu/vars.yml +++ b/host_vars/pottwal.n39.eu/vars.yml @@ -12,56 +12,49 @@ cleanuri_amqp_vhost: "/cleanuri" forgejo_host_port: 9091 forgejo_ssh_port: 2222 forgejo_domain_name: gitea.n39.eu -forgejo_image: codeberg.org/forgejo/forgejo -forgejo_image_tag: 1.19 +forgejo_image: codeberg.org/forgejo/forgejo:1.19 shlink_host_port: 8083 shlink_domain_name: sl.n39.eu -shlink_image: shlinkio/shlink -shlink_image_tag: 2.6.2 +shlink_image: shlinkio/shlink:2.6.2 shlink_geolite_license_key: "{{ vault_shlink_geolite_license_key }}" hedgedoc_host_port: 8084 hedgedoc_domain_name: pad.n39.eu -hedgedoc_image: quay.io/hedgedoc/hedgedoc -hedgedoc_image_tag: 1.9.3 -hedgedoc_db_image: postgres -hedgedoc_db_image_tag: 11.6-alpine +hedgedoc_image: quay.io/hedgedoc/hedgedoc:1.9.3 +hedgedoc_db_image: postgres:11.6-alpine hedgedoc_postgres_password: "{{ vault_hedgedoc_postgres_password }}" redmine_host_port: 8087 redmine_domain_name: redmine.n39.eu -redmine_image: redmine -redmine_image_tag: 4.2.7 -redmine_mysql_image: mysql -redmine_mysql_image_tag: 5.7 +redmine_image: redmine:4.2.7 +redmine_mysql_image: mysql:5.7 redmine_database: redmine redmine_database_password: "{{ vault_redmine_database_password }}" influxdb_host_port: 8088 influxdb_domain_name: influx.n39.eu -influxdb_image: influxdb -influxdb_image_tag: 2.4-alpine +influxdb_image: influxdb:2.4-alpine influxdb_init_username: admin influxdb_init_password: "{{ vault_influxdb_init_password }}" +jabber_host_port: 8086 +prosody_domain_name: jabber.n39.eu +prosody_image: netz39/prosody:0.11 +prosody_web_image: joseluisq/static-web-server:2.14 prosody_config_dir: "/etc/prosody" prosody_data_dir: "{{ data_dir }}/prosody" -prosody_domain_name: jabber.n39.eu -jabber_host_port: 8086 uptimekuma_host_port: 8085 uptimekuma_domain_name: uptime.n39.eu -uptimekuma_image: louislam/uptime-kuma -uptimekuma_image_tag: 1 +uptimekuma_image: louislam/uptime-kuma:1 grafana_host_port: 8089 grafana_domain_name: grafana.n39.eu -grafana_image: grafana/grafana -grafana_image_tag: 9.4.7 +grafana_image: grafana/grafana:9.4.7 grafana_admin_password: "{{ vault_grafana_admin_password }}" homebox_host_port: 8092 homebox_domain_name: inventory.n39.eu -homebox_image: ghcr.io/hay-kot/homebox +homebox_image: ghcr.io/hay-kot/homebox:v0.9.2