From 0972c1ce963b25edde8a712ba52557398ee47197 Mon Sep 17 00:00:00 2001
From: David Kilias <david.kilias@gmail.com>
Date: Tue, 25 Jul 2023 19:59:34 +0200
Subject: [PATCH 1/2] chore: rework/refactor pottwal vars
---
host-pottwal.yml | 55 +++++++++++++++----------------
host_vars/pottwal.n39.eu/vars.yml | 33 +++++++++++++++----
2 files changed, 54 insertions(+), 34 deletions(-)
diff --git a/host-pottwal.yml b/host-pottwal.yml
index e1f265f..0692a58 100644
--- a/host-pottwal.yml
+++ b/host-pottwal.yml
@@ -10,18 +10,18 @@
vars:
dehydrated_contact_email: "{{ server_admin }}"
dehydrated_domains:
- - name: gitea.n39.eu
+ - name: "{{ forgejo_domain_name }}"
- name: uritools.n39.eu
- name: uritools-api.n39.eu
- name: "{{ shlink_domain_name }}"
- - name: pad.n39.eu
+ - name: "{{ hedgedoc_domain_name }}"
- name: "{{ prosody_domain_name }}"
alternate_names:
- conference.jabber.n39.eu
deploy_cert_hook: "docker exec prosody prosodyctl --root cert import ${DOMAIN} /var/lib/dehydrated/certs"
- - name: redmine.n39.eu
+ - name: "{{ redmine_domain_name }}"
- name: "{{ influxdb_domain_name }}"
- - name: uptime.n39.eu
+ - name: "{{ uptimekuma_domain_name }}"
- name: "{{ grafana_domain_name }}"
- name: "{{ homebox_domain_name }}"
- name: spaceapi.n39.eu
@@ -52,33 +52,33 @@
- name: Setup the docker container for gitea
docker_container:
name: forgejo
- image: "codeberg.org/forgejo/forgejo:1.19"
+ image: "{{ forgejo_image }}:{{ forgejo_image_tag }}"
pull: true
state: started
restart_policy: unless-stopped
detach: yes
ports:
- 127.0.0.1:{{ forgejo_host_port }}:3000
- - 2222:2222
+ - "{{ forgejo_ssh_port }}:2222"
env:
TZ: "{{ timezone }}"
APP_NAME: "Netz39 Git"
RUN_MODE: "prod"
- SSH_DOMAIN: "gitea.n39.eu"
+ SSH_DOMAIN: "{{ forgejo_domain_name }}
SSH_PORT: "2222"
SSH_START_SERVER: "false"
- ROOT_URL: "https://gitea.n39.eu"
+ ROOT_URL: "https://{{ forgejo_domain_name }}
DISABLE_REGISTRATION: "true"
USER_UID: "1000"
USER_GID: "1000"
volumes:
- "{{ data_dir }}/forgejo:/data:rw"
- - name: Setup proxy site gitea.n39.eu
+ - name: Setup proxy site "{{ forgejo_domain_name }}"
include_role:
name: setup_http_site_proxy
vars:
- site_name: "gitea.n39.eu"
+ site_name: "{{ forgejo_domain_name }}"
proxy_port: "{{ forgejo_host_port }}"
- name: Ensure apt-cacher container is running
@@ -94,11 +94,10 @@
env:
TZ: "{{ timezone }}"
-
- name: Ensure container for shlink is running
docker_container:
name: shlink
- image: shlinkio/shlink:2.6.2
+ image: "{{ shlink_image }}:{{ shlink_image_tag }}"
pull: true
state: started
detach: yes
@@ -253,7 +252,7 @@
- name: Install HedgeDoc database container
docker_container:
name: hedgedocdb
- image: "postgres:11.6-alpine"
+ image: "{{ hedgedoc_db_image }}:{{ hedgedoc_db_image_tag }}"
pull: true
state: started
restart_policy: unless-stopped
@@ -271,7 +270,7 @@
- name: Ensure container for hedgedoc is running
docker_container:
name: hedgedoc
- image: "{{ hedgedoc_image }}"
+ image: "{{ hedgedoc_image }}:{{ hedgedoc_image_tag }}"
pull: true
state: started
detach: yes
@@ -282,7 +281,7 @@
TZ: "{{ timezone }}"
NODE_ENV: "production"
CMD_PROTOCOL_USESSL: "true"
- CMD_DOMAIN: "pad.n39.eu"
+ CMD_DOMAIN: "{{ hedgedoc_domain_name }}"
CMD_URL_ADDPORT: "false"
CMD_DB_HOST: "hedgedocdb"
CMD_DB_PORT: "5432"
@@ -295,11 +294,11 @@
networks:
- name: hedgedocnet
- - name: Setup proxy site pad.n39.eu
+ - name: Setup proxy site "{{ hedgedoc_domain_name }}"
include_role:
name: setup_http_site_proxy
vars:
- site_name: pad.n39.eu
+ site_name: "{{ hedgedoc_domain_name }}"
proxy_port: "{{ hedgedoc_host_port }}"
- name: Ensure the influxdb directories exist
@@ -315,7 +314,7 @@
- name: Ensure container for influxdb is running
docker_container:
name: influxdb
- image: "{{ influxdb_image }}"
+ image: "{{ influxdb_image }}:{{ influxdb_image_tag }}"
pull: true
state: started
detach: yes
@@ -362,7 +361,7 @@
- name: Setup Redmine MySQL container
docker_container:
name: redminedb
- image: "{{ redmine_mysql_image }}"
+ image: "{{ redmine_mysql_image }}:{{ redmine_mysql_image_tag }}"
pull: true
state: started
restart_policy: unless-stopped
@@ -379,7 +378,7 @@
- name: Setup Redmine container
docker_container:
name: redmine
- image: "{{ redmine_image }}"
+ image: "{{ redmine_image }}:{{ redmine_image_tag }}"
pull: true
state: started
restart_policy: unless-stopped
@@ -397,11 +396,11 @@
networks:
- name: redminenet
- - name: Setup proxy site redmine.n39.eu
+ - name: Setup proxy site "{{ redmine_domain_name }}"
include_role:
name: setup_http_site_proxy
vars:
- site_name: redmine.n39.eu
+ site_name: "{{ redmine_domain_name }}"
proxy_port: "{{ redmine_host_port }}"
- name: Ensure the uptime-kuma directories exist
@@ -415,7 +414,7 @@
- name: Ensure container for uptime-kuma is running
docker_container:
name: uptime-kuma
- image: "louislam/uptime-kuma:1"
+ image: "{{ uptimekuma_image }}:{{ uptimekuma_image_tag }}"
pull: true
state: started
detach: yes
@@ -427,11 +426,11 @@
volumes:
- "{{ data_dir }}/uptime-kuma:/app/data"
- - name: Setup proxy site uptime.n39.eu
+ - name: Setup proxy site "{{ uptimekuma_domain_name }}"
include_role:
name: setup_http_site_proxy
vars:
- site_name: uptime.n39.eu
+ site_name: "{{ uptimekuma_domain_name }}"
proxy_port: "{{ uptimekuma_host_port }}"
- name: Ensure the grafana directories exist
@@ -452,7 +451,7 @@
- name: Ensure container for grafana is running
docker_container:
name: grafana
- image: "grafana/grafana:9.4.7"
+ image: "{{ grafana_image }}:{{ grafana_image_tag }}"
pull: true
state: started
detach: yes
@@ -468,7 +467,7 @@
GF_USERS_ALLOW_SIGN_UP: "false"
GF_INSTALL_PLUGINS: "flant-statusmap-panel,ae3e-plotly-panel"
- - name: Setup proxy site grafana.n39.eu
+ - name: Setup proxy site "{{ grafana_domain_name }}"
include_role:
name: setup_http_site_proxy
vars:
@@ -491,7 +490,7 @@
- name: Ensure container for homebox is running
docker_container:
name: homebox
- image: "ghcr.io/hay-kot/homebox"
+ image: "{{ homebox_image }}"
pull: true
state: started
detach: yes
diff --git a/host_vars/pottwal.n39.eu/vars.yml b/host_vars/pottwal.n39.eu/vars.yml
index 20cc119..8a72f6e 100644
--- a/host_vars/pottwal.n39.eu/vars.yml
+++ b/host_vars/pottwal.n39.eu/vars.yml
@@ -9,38 +9,59 @@ cleanuri_amqp_user: "cleanuri"
cleanuri_amqp_pass: "{{ vault_cleanuri_amqp_pass }}"
cleanuri_amqp_vhost: "/cleanuri"
+forgejo_host_port: 9091
+forgejo_ssh_port: 2222
+forgejo_domain_name: gitea.n39.eu
+forgejo_image: codeberg.org/forgejo/forgejo
+forgejo_image_tag: 1.19
+
+
shlink_host_port: 8083
shlink_domain_name: sl.n39.eu
+shlink_image: shlinkio/shlink
+shlink_image_tag: 2.6.2
shlink_geolite_license_key: "{{ vault_shlink_geolite_license_key }}"
hedgedoc_host_port: 8084
-hedgedoc_image: quay.io/hedgedoc/hedgedoc:1.9.3
+hedgedoc_domain_name: pad.n39.eu
+hedgedoc_image: quay.io/hedgedoc/hedgedoc
+hedgedoc_image_tag: 1.9.3
+hedgedoc_db_image: postgres
+hedgedoc_db_image_tag: 11.6-alpine
hedgedoc_postgres_password: "{{ vault_hedgedoc_postgres_password }}"
redmine_host_port: 8087
-redmine_image: redmine:4.2.7
-redmine_mysql_image: mysql:5.7
+redmine_domain_name: redmine.n39.eu
+redmine_image: redmine
+redmine_image_tag: 4.2.7
+redmine_mysql_image: mysql
+redmine_mysql_image_tag: 5.7
redmine_database: redmine
redmine_database_password: "{{ vault_redmine_database_password }}"
influxdb_host_port: 8088
influxdb_domain_name: influx.n39.eu
-influxdb_image: influxdb:2.4-alpine
+influxdb_image: influxdb
+influxdb_image_tag: 2.4-alpine
influxdb_init_username: admin
influxdb_init_password: "{{ vault_influxdb_init_password }}"
-forgejo_host_port: 9091
-
prosody_config_dir: "/etc/prosody"
prosody_data_dir: "{{ data_dir }}/prosody"
prosody_domain_name: jabber.n39.eu
jabber_host_port: 8086
uptimekuma_host_port: 8085
+uptimekuma_domain_name: uptime.n39.eu
+uptimekuma_image: louislam/uptime-kuma
+uptimekuma_image_tag: 1
grafana_host_port: 8089
grafana_domain_name: grafana.n39.eu
+grafana_image: grafana/grafana
+grafana_image_tag: 9.4.7
grafana_admin_password: "{{ vault_grafana_admin_password }}"
homebox_host_port: 8092
homebox_domain_name: inventory.n39.eu
+homebox_image: ghcr.io/hay-kot/homebox
From aaa09a24cddad7d19c9ce45e177a9fc69625789b Mon Sep 17 00:00:00 2001
From: David Kilias <david.kilias@gmail.com>
Date: Tue, 25 Jul 2023 20:07:35 +0200
Subject: [PATCH 2/2] git: add ansible vault pass to gitignore
---
.gitignore | 1 +
host-pottwal.yml | 26 +++++++++++------------
host_vars/pottwal.n39.eu/vars.yml | 35 +++++++++++++------------------
3 files changed, 28 insertions(+), 34 deletions(-)
create mode 100644 .gitignore
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..0d64df6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+vault-pass
diff --git a/host-pottwal.yml b/host-pottwal.yml
index 0692a58..061b929 100644
--- a/host-pottwal.yml
+++ b/host-pottwal.yml
@@ -52,7 +52,7 @@
- name: Setup the docker container for gitea
docker_container:
name: forgejo
- image: "{{ forgejo_image }}:{{ forgejo_image_tag }}"
+ image: "{{ forgejo_image }}"
pull: true
state: started
restart_policy: unless-stopped
@@ -64,10 +64,10 @@
TZ: "{{ timezone }}"
APP_NAME: "Netz39 Git"
RUN_MODE: "prod"
- SSH_DOMAIN: "{{ forgejo_domain_name }}
+ SSH_DOMAIN: "{{ forgejo_domain_name }}"
SSH_PORT: "2222"
SSH_START_SERVER: "false"
- ROOT_URL: "https://{{ forgejo_domain_name }}
+ ROOT_URL: "https://{{ forgejo_domain_name }}"
DISABLE_REGISTRATION: "true"
USER_UID: "1000"
USER_GID: "1000"
@@ -97,7 +97,7 @@
- name: Ensure container for shlink is running
docker_container:
name: shlink
- image: "{{ shlink_image }}:{{ shlink_image_tag }}"
+ image: "{{ shlink_image }}"
pull: true
state: started
detach: yes
@@ -179,7 +179,7 @@
- name: Ensure container for prosody XMPP server is running
docker_container:
name: prosody
- image: netz39/prosody:0.11
+ image: "{{ prosody_image }}"
pull: true
state: started
detach: true
@@ -201,7 +201,7 @@
- name: Ensure container for static XMPP website is running
docker_container:
name: jabber-static-website
- image: joseluisq/static-web-server:2.14
+ image: "{{ prosody_web_image }}"
pull: true
state: started
detach: true
@@ -252,7 +252,7 @@
- name: Install HedgeDoc database container
docker_container:
name: hedgedocdb
- image: "{{ hedgedoc_db_image }}:{{ hedgedoc_db_image_tag }}"
+ image: "{{ hedgedoc_db_image }}"
pull: true
state: started
restart_policy: unless-stopped
@@ -270,7 +270,7 @@
- name: Ensure container for hedgedoc is running
docker_container:
name: hedgedoc
- image: "{{ hedgedoc_image }}:{{ hedgedoc_image_tag }}"
+ image: "{{ hedgedoc_image }}"
pull: true
state: started
detach: yes
@@ -314,7 +314,7 @@
- name: Ensure container for influxdb is running
docker_container:
name: influxdb
- image: "{{ influxdb_image }}:{{ influxdb_image_tag }}"
+ image: "{{ influxdb_image }}"
pull: true
state: started
detach: yes
@@ -361,7 +361,7 @@
- name: Setup Redmine MySQL container
docker_container:
name: redminedb
- image: "{{ redmine_mysql_image }}:{{ redmine_mysql_image_tag }}"
+ image: "{{ redmine_mysql_image }}"
pull: true
state: started
restart_policy: unless-stopped
@@ -378,7 +378,7 @@
- name: Setup Redmine container
docker_container:
name: redmine
- image: "{{ redmine_image }}:{{ redmine_image_tag }}"
+ image: "{{ redmine_image }}"
pull: true
state: started
restart_policy: unless-stopped
@@ -414,7 +414,7 @@
- name: Ensure container for uptime-kuma is running
docker_container:
name: uptime-kuma
- image: "{{ uptimekuma_image }}:{{ uptimekuma_image_tag }}"
+ image: "{{ uptimekuma_image }}"
pull: true
state: started
detach: yes
@@ -451,7 +451,7 @@
- name: Ensure container for grafana is running
docker_container:
name: grafana
- image: "{{ grafana_image }}:{{ grafana_image_tag }}"
+ image: "{{ grafana_image }}"
pull: true
state: started
detach: yes
diff --git a/host_vars/pottwal.n39.eu/vars.yml b/host_vars/pottwal.n39.eu/vars.yml
index 8a72f6e..0129f2c 100644
--- a/host_vars/pottwal.n39.eu/vars.yml
+++ b/host_vars/pottwal.n39.eu/vars.yml
@@ -12,56 +12,49 @@ cleanuri_amqp_vhost: "/cleanuri"
forgejo_host_port: 9091
forgejo_ssh_port: 2222
forgejo_domain_name: gitea.n39.eu
-forgejo_image: codeberg.org/forgejo/forgejo
-forgejo_image_tag: 1.19
+forgejo_image: codeberg.org/forgejo/forgejo:1.19
shlink_host_port: 8083
shlink_domain_name: sl.n39.eu
-shlink_image: shlinkio/shlink
-shlink_image_tag: 2.6.2
+shlink_image: shlinkio/shlink:2.6.2
shlink_geolite_license_key: "{{ vault_shlink_geolite_license_key }}"
hedgedoc_host_port: 8084
hedgedoc_domain_name: pad.n39.eu
-hedgedoc_image: quay.io/hedgedoc/hedgedoc
-hedgedoc_image_tag: 1.9.3
-hedgedoc_db_image: postgres
-hedgedoc_db_image_tag: 11.6-alpine
+hedgedoc_image: quay.io/hedgedoc/hedgedoc:1.9.3
+hedgedoc_db_image: postgres:11.6-alpine
hedgedoc_postgres_password: "{{ vault_hedgedoc_postgres_password }}"
redmine_host_port: 8087
redmine_domain_name: redmine.n39.eu
-redmine_image: redmine
-redmine_image_tag: 4.2.7
-redmine_mysql_image: mysql
-redmine_mysql_image_tag: 5.7
+redmine_image: redmine:4.2.7
+redmine_mysql_image: mysql:5.7
redmine_database: redmine
redmine_database_password: "{{ vault_redmine_database_password }}"
influxdb_host_port: 8088
influxdb_domain_name: influx.n39.eu
-influxdb_image: influxdb
-influxdb_image_tag: 2.4-alpine
+influxdb_image: influxdb:2.4-alpine
influxdb_init_username: admin
influxdb_init_password: "{{ vault_influxdb_init_password }}"
+jabber_host_port: 8086
+prosody_domain_name: jabber.n39.eu
+prosody_image: netz39/prosody:0.11
+prosody_web_image: joseluisq/static-web-server:2.14
prosody_config_dir: "/etc/prosody"
prosody_data_dir: "{{ data_dir }}/prosody"
-prosody_domain_name: jabber.n39.eu
-jabber_host_port: 8086
uptimekuma_host_port: 8085
uptimekuma_domain_name: uptime.n39.eu
-uptimekuma_image: louislam/uptime-kuma
-uptimekuma_image_tag: 1
+uptimekuma_image: louislam/uptime-kuma:1
grafana_host_port: 8089
grafana_domain_name: grafana.n39.eu
-grafana_image: grafana/grafana
-grafana_image_tag: 9.4.7
+grafana_image: grafana/grafana:9.4.7
grafana_admin_password: "{{ vault_grafana_admin_password }}"
homebox_host_port: 8092
homebox_domain_name: inventory.n39.eu
-homebox_image: ghcr.io/hay-kot/homebox
+homebox_image: ghcr.io/hay-kot/homebox:v0.9.2