init
This commit is contained in:
commit
59a5b86104
11 changed files with 456 additions and 0 deletions
8
ansible.cfg
Normal file
8
ansible.cfg
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
[defaults]
|
||||||
|
roles_path=~/.ansible/roles:roles:/usr/share/ansible/roles:/etc/ansible/roles
|
||||||
|
inventory=inventory
|
||||||
|
vault_password_file=util/secret-service-client.sh
|
||||||
|
interpreter_python=/usr/bin/python3
|
||||||
|
|
||||||
|
[diff]
|
||||||
|
always = True
|
10
inventory/host_vars/iris.yml
Normal file
10
inventory/host_vars/iris.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
deploy_ssh_certificates:
|
||||||
|
- name: ssh_host_ed25519_key
|
||||||
|
type: host
|
||||||
|
key_type: ed25519
|
||||||
|
signing_key: dmz_host
|
||||||
|
host: iris.dmz
|
||||||
|
|
||||||
|
docker_repository: debian
|
||||||
|
|
||||||
|
data_directory: /data
|
4
inventory/hosts.yml
Normal file
4
inventory/hosts.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
all:
|
||||||
|
hosts:
|
||||||
|
iris:
|
||||||
|
ansible_host: iris.dmz
|
14
iris.yml
Normal file
14
iris.yml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
- hosts: iris
|
||||||
|
|
||||||
|
pre_tasks:
|
||||||
|
- name: Create data directory
|
||||||
|
file:
|
||||||
|
path: "{{ data_directory }}"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- {role: apt, tags: apt}
|
||||||
|
- {role: deploy_ssh_certificates, tags: deploy_ssh_certificates}
|
||||||
|
- {role: docker, tags: docker}
|
||||||
|
- {role: uptime_kuma, tags: uptime_kuma}
|
||||||
|
- {role: alerts, tags: alerts}
|
9
requirements.yml
Normal file
9
requirements.yml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
- name: apt
|
||||||
|
src: https://github.com/sunscrapers/ansible-role-apt.git
|
||||||
|
scm: git
|
||||||
|
- name: deploy_ssh_certificates
|
||||||
|
src: https://git.pim.kunis.nl/home/ansible-role-deploy-ssh-certificates
|
||||||
|
scm: git
|
||||||
|
- name: docker
|
||||||
|
src: https://git.pim.kunis.nl/pim/ansible-role-docker
|
||||||
|
scm: git
|
34
roles/alerts/docker-compose.yml.j2
Normal file
34
roles/alerts/docker-compose.yml.j2
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
# vi: ft=yaml
|
||||||
|
|
||||||
|
version: "3"
|
||||||
|
|
||||||
|
services:
|
||||||
|
ntfy:
|
||||||
|
image: binwiederhier/ntfy
|
||||||
|
container_name: ntfy
|
||||||
|
ports:
|
||||||
|
- 3002:80
|
||||||
|
restart: always
|
||||||
|
command:
|
||||||
|
- serve
|
||||||
|
environment:
|
||||||
|
- TZ=Europe/Amsterdam
|
||||||
|
volumes:
|
||||||
|
- {{ data_directory }}/ntfy_cache:/var/cache/ntfy
|
||||||
|
- {{ data_directory }}/ntfy_data:/var/lib/ntfy
|
||||||
|
- /srv/alerts/ntfy_server.yml:/etc/ntfy/server.yml
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD-SHELL", "wget -q --tries=1 http://localhost:80/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1"]
|
||||||
|
interval: 60s
|
||||||
|
timeout: 10s
|
||||||
|
retries: 3
|
||||||
|
start_period: 40s
|
||||||
|
|
||||||
|
apprise:
|
||||||
|
image: caronc/apprise:v0.9.0
|
||||||
|
container_name: apprise
|
||||||
|
ports:
|
||||||
|
- 3003:8000
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- {{ data_directory }}/apprise:/config
|
321
roles/alerts/ntfy_server.yml
Normal file
321
roles/alerts/ntfy_server.yml
Normal file
|
@ -0,0 +1,321 @@
|
||||||
|
# ntfy server config file
|
||||||
|
#
|
||||||
|
# Please refer to the documentation at https://ntfy.sh/docs/config/ for details.
|
||||||
|
# All options also support underscores (_) instead of dashes (-) to comply with the YAML spec.
|
||||||
|
|
||||||
|
# Public facing base URL of the service (e.g. https://ntfy.sh or https://ntfy.example.com)
|
||||||
|
#
|
||||||
|
# This setting is required for any of the following features:
|
||||||
|
# - attachments (to return a download URL)
|
||||||
|
# - e-mail sending (for the topic URL in the email footer)
|
||||||
|
# - iOS push notifications for self-hosted servers (to calculate the Firebase poll_request topic)
|
||||||
|
# - Matrix Push Gateway (to validate that the pushkey is correct)
|
||||||
|
#
|
||||||
|
base-url: https://ntfy.pim.kunis.nl
|
||||||
|
|
||||||
|
# Listen address for the HTTP & HTTPS web server. If "listen-https" is set, you must also
|
||||||
|
# set "key-file" and "cert-file". Format: [<ip>]:<port>, e.g. "1.2.3.4:8080".
|
||||||
|
#
|
||||||
|
# To listen on all interfaces, you may omit the IP address, e.g. ":443".
|
||||||
|
# To disable HTTP, set "listen-http" to "-".
|
||||||
|
#
|
||||||
|
# listen-http: ":80"
|
||||||
|
# listen-https:
|
||||||
|
|
||||||
|
# Listen on a Unix socket, e.g. /var/lib/ntfy/ntfy.sock
|
||||||
|
# This can be useful to avoid port issues on local systems, and to simplify permissions.
|
||||||
|
#
|
||||||
|
# listen-unix: <socket-path>
|
||||||
|
# listen-unix-mode: <linux permissions, e.g. 0700>
|
||||||
|
|
||||||
|
# Path to the private key & cert file for the HTTPS web server. Not used if "listen-https" is not set.
|
||||||
|
#
|
||||||
|
# key-file: <filename>
|
||||||
|
# cert-file: <filename>
|
||||||
|
|
||||||
|
# If set, also publish messages to a Firebase Cloud Messaging (FCM) topic for your app.
|
||||||
|
# This is optional and only required to save battery when using the Android app.
|
||||||
|
#
|
||||||
|
# firebase-key-file: <filename>
|
||||||
|
|
||||||
|
# If "cache-file" is set, messages are cached in a local SQLite database instead of only in-memory.
|
||||||
|
# This allows for service restarts without losing messages in support of the since= parameter.
|
||||||
|
#
|
||||||
|
# The "cache-duration" parameter defines the duration for which messages will be buffered
|
||||||
|
# before they are deleted. This is required to support the "since=..." and "poll=1" parameter.
|
||||||
|
# To disable the cache entirely (on-disk/in-memory), set "cache-duration" to 0.
|
||||||
|
# The cache file is created automatically, provided that the correct permissions are set.
|
||||||
|
#
|
||||||
|
# The "cache-startup-queries" parameter allows you to run commands when the database is initialized,
|
||||||
|
# e.g. to enable WAL mode (see https://phiresky.github.io/blog/2020/sqlite-performance-tuning/)).
|
||||||
|
# Example:
|
||||||
|
# cache-startup-queries: |
|
||||||
|
# pragma journal_mode = WAL;
|
||||||
|
# pragma synchronous = normal;
|
||||||
|
# pragma temp_store = memory;
|
||||||
|
# pragma busy_timeout = 15000;
|
||||||
|
# vacuum;
|
||||||
|
#
|
||||||
|
# The "cache-batch-size" and "cache-batch-timeout" parameter allow enabling async batch writing
|
||||||
|
# of messages. If set, messages will be queued and written to the database in batches of the given
|
||||||
|
# size, or after the given timeout. This is only required for high volume servers.
|
||||||
|
#
|
||||||
|
# Debian/RPM package users:
|
||||||
|
# Use /var/cache/ntfy/cache.db as cache file to avoid permission issues. The package
|
||||||
|
# creates this folder for you.
|
||||||
|
#
|
||||||
|
# Check your permissions:
|
||||||
|
# If you are running ntfy with systemd, make sure this cache file is owned by the
|
||||||
|
# ntfy user and group by running: chown ntfy.ntfy <filename>.
|
||||||
|
#
|
||||||
|
cache-file: /var/cache/ntfy/cache.db
|
||||||
|
# cache-duration: "12h"
|
||||||
|
# cache-startup-queries:
|
||||||
|
# cache-batch-size: 0
|
||||||
|
# cache-batch-timeout: "0ms"
|
||||||
|
|
||||||
|
# If set, access to the ntfy server and API can be controlled on a granular level using
|
||||||
|
# the 'ntfy user' and 'ntfy access' commands. See the --help pages for details, or check the docs.
|
||||||
|
#
|
||||||
|
# - auth-file is the SQLite user/access database; it is created automatically if it doesn't already exist
|
||||||
|
# - auth-default-access defines the default/fallback access if no access control entry is found; it can be
|
||||||
|
# set to "read-write" (default), "read-only", "write-only" or "deny-all".
|
||||||
|
# - auth-startup-queries allows you to run commands when the database is initialized, e.g. to enable
|
||||||
|
# WAL mode. This is similar to cache-startup-queries. See above for details.
|
||||||
|
#
|
||||||
|
# Debian/RPM package users:
|
||||||
|
# Use /var/lib/ntfy/user.db as user database to avoid permission issues. The package
|
||||||
|
# creates this folder for you.
|
||||||
|
#
|
||||||
|
# Check your permissions:
|
||||||
|
# If you are running ntfy with systemd, make sure this user database file is owned by the
|
||||||
|
# ntfy user and group by running: chown ntfy.ntfy <filename>.
|
||||||
|
#
|
||||||
|
auth-file: /var/lib/ntfy/user.db
|
||||||
|
auth-default-access: "deny-all"
|
||||||
|
# auth-startup-queries:
|
||||||
|
|
||||||
|
# If set, the X-Forwarded-For header is used to determine the visitor IP address
|
||||||
|
# instead of the remote address of the connection.
|
||||||
|
#
|
||||||
|
# WARNING: If you are behind a proxy, you must set this, otherwise all visitors are rate limited
|
||||||
|
# as if they are one.
|
||||||
|
#
|
||||||
|
behind-proxy: true
|
||||||
|
|
||||||
|
# If enabled, clients can attach files to notifications as attachments. Minimum settings to enable attachments
|
||||||
|
# are "attachment-cache-dir" and "base-url".
|
||||||
|
#
|
||||||
|
# - attachment-cache-dir is the cache directory for attached files
|
||||||
|
# - attachment-total-size-limit is the limit of the on-disk attachment cache directory (total size)
|
||||||
|
# - attachment-file-size-limit is the per-file attachment size limit (e.g. 300k, 2M, 100M)
|
||||||
|
# - attachment-expiry-duration is the duration after which uploaded attachments will be deleted (e.g. 3h, 20h)
|
||||||
|
#
|
||||||
|
attachment-cache-dir: /var/cache/ntfy/attachments
|
||||||
|
# attachment-total-size-limit: "5G"
|
||||||
|
# attachment-file-size-limit: "15M"
|
||||||
|
# attachment-expiry-duration: "3h"
|
||||||
|
|
||||||
|
# If enabled, allow outgoing e-mail notifications via the 'X-Email' header. If this header is set,
|
||||||
|
# messages will additionally be sent out as e-mail using an external SMTP server.
|
||||||
|
#
|
||||||
|
# As of today, only SMTP servers with plain text auth (or no auth at all), and STARTLS are supported.
|
||||||
|
# Please also refer to the rate limiting settings below (visitor-email-limit-burst & visitor-email-limit-burst).
|
||||||
|
#
|
||||||
|
# - smtp-sender-addr is the hostname:port of the SMTP server
|
||||||
|
# - smtp-sender-from is the e-mail address of the sender
|
||||||
|
# - smtp-sender-user/smtp-sender-pass are the username and password of the SMTP user (leave blank for no auth)
|
||||||
|
#
|
||||||
|
# smtp-sender-addr:
|
||||||
|
# smtp-sender-from:
|
||||||
|
# smtp-sender-user:
|
||||||
|
# smtp-sender-pass:
|
||||||
|
|
||||||
|
# If enabled, ntfy will launch a lightweight SMTP server for incoming messages. Once configured, users can send
|
||||||
|
# emails to a topic e-mail address to publish messages to a topic.
|
||||||
|
#
|
||||||
|
# - smtp-server-listen defines the IP address and port the SMTP server will listen on, e.g. :25 or 1.2.3.4:25
|
||||||
|
# - smtp-server-domain is the e-mail domain, e.g. ntfy.sh
|
||||||
|
# - smtp-server-addr-prefix is an optional prefix for the e-mail addresses to prevent spam. If set to "ntfy-",
|
||||||
|
# for instance, only e-mails to ntfy-$topic@ntfy.sh will be accepted. If this is not set, all emails to
|
||||||
|
# $topic@ntfy.sh will be accepted (which may obviously be a spam problem).
|
||||||
|
#
|
||||||
|
# smtp-server-listen:
|
||||||
|
# smtp-server-domain:
|
||||||
|
# smtp-server-addr-prefix:
|
||||||
|
|
||||||
|
# Interval in which keepalive messages are sent to the client. This is to prevent
|
||||||
|
# intermediaries closing the connection for inactivity.
|
||||||
|
#
|
||||||
|
# Note that the Android app has a hardcoded timeout at 77s, so it should be less than that.
|
||||||
|
#
|
||||||
|
# keepalive-interval: "45s"
|
||||||
|
|
||||||
|
# Interval in which the manager prunes old messages, deletes topics
|
||||||
|
# and prints the stats.
|
||||||
|
#
|
||||||
|
# manager-interval: "1m"
|
||||||
|
|
||||||
|
# Defines topic names that are not allowed, because they are otherwise used. There are a few default topics
|
||||||
|
# that cannot be used (e.g. app, account, settings, ...). To extend the default list, define them here.
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
# disallowed-topics:
|
||||||
|
# - about
|
||||||
|
# - pricing
|
||||||
|
# - contact
|
||||||
|
#
|
||||||
|
# disallowed-topics:
|
||||||
|
|
||||||
|
# Defines the root path of the web app, or disables the web app entirely.
|
||||||
|
#
|
||||||
|
# Can be any simple path, e.g. "/", "/app", or "/ntfy". For backwards-compatibility reasons,
|
||||||
|
# the values "app" (maps to "/"), "home" (maps to "/app"), or "disable" (maps to "") to disable
|
||||||
|
# the web app entirely.
|
||||||
|
#
|
||||||
|
# web-root: /
|
||||||
|
|
||||||
|
# Various feature flags used to control the web app, and API access, mainly around user and
|
||||||
|
# account management.
|
||||||
|
#
|
||||||
|
# - enable-signup allows users to sign up via the web app, or API
|
||||||
|
# - enable-login allows users to log in via the web app, or API
|
||||||
|
# - enable-reservations allows users to reserve topics (if their tier allows it)
|
||||||
|
#
|
||||||
|
# enable-signup: false
|
||||||
|
enable-login: true
|
||||||
|
# enable-reservations: false
|
||||||
|
|
||||||
|
# Server URL of a Firebase/APNS-connected ntfy server (likely "https://ntfy.sh").
|
||||||
|
#
|
||||||
|
# iOS users:
|
||||||
|
# If you use the iOS ntfy app, you MUST configure this to receive timely notifications. You'll like want this:
|
||||||
|
# upstream-base-url: "https://ntfy.sh"
|
||||||
|
#
|
||||||
|
# If set, all incoming messages will publish a "poll_request" message to the configured upstream server, containing
|
||||||
|
# the message ID of the original message, instructing the iOS app to poll this server for the actual message contents.
|
||||||
|
# This is to prevent the upstream server and Firebase/APNS from being able to read the message.
|
||||||
|
#
|
||||||
|
# upstream-base-url:
|
||||||
|
|
||||||
|
# Rate limiting: Total number of topics before the server rejects new topics.
|
||||||
|
#
|
||||||
|
# global-topic-limit: 15000
|
||||||
|
|
||||||
|
# Rate limiting: Number of subscriptions per visitor (IP address)
|
||||||
|
#
|
||||||
|
# visitor-subscription-limit: 30
|
||||||
|
|
||||||
|
# Rate limiting: Allowed GET/PUT/POST requests per second, per visitor:
|
||||||
|
# - visitor-request-limit-burst is the initial bucket of requests each visitor has
|
||||||
|
# - visitor-request-limit-replenish is the rate at which the bucket is refilled
|
||||||
|
# - visitor-request-limit-exempt-hosts is a comma-separated list of hostnames, IPs or CIDRs to be
|
||||||
|
# exempt from request rate limiting. Hostnames are resolved at the time the server is started.
|
||||||
|
# Example: "1.2.3.4,ntfy.example.com,8.7.6.0/24"
|
||||||
|
#
|
||||||
|
# visitor-request-limit-burst: 60
|
||||||
|
# visitor-request-limit-replenish: "5s"
|
||||||
|
# visitor-request-limit-exempt-hosts: ""
|
||||||
|
|
||||||
|
# Rate limiting: Hard daily limit of messages per visitor and day. The limit is reset
|
||||||
|
# every day at midnight UTC. If the limit is not set (or set to zero), the request
|
||||||
|
# limit (see above) governs the upper limit.
|
||||||
|
#
|
||||||
|
# visitor-message-daily-limit: 0
|
||||||
|
|
||||||
|
# Rate limiting: Allowed emails per visitor:
|
||||||
|
# - visitor-email-limit-burst is the initial bucket of emails each visitor has
|
||||||
|
# - visitor-email-limit-replenish is the rate at which the bucket is refilled
|
||||||
|
#
|
||||||
|
# visitor-email-limit-burst: 16
|
||||||
|
# visitor-email-limit-replenish: "1h"
|
||||||
|
|
||||||
|
# Rate limiting: Attachment size and bandwidth limits per visitor:
|
||||||
|
# - visitor-attachment-total-size-limit is the total storage limit used for attachments per visitor
|
||||||
|
# - visitor-attachment-daily-bandwidth-limit is the total daily attachment download/upload traffic limit per visitor
|
||||||
|
#
|
||||||
|
# visitor-attachment-total-size-limit: "100M"
|
||||||
|
# visitor-attachment-daily-bandwidth-limit: "500M"
|
||||||
|
|
||||||
|
# Rate limiting: Enable subscriber-based rate limiting (mostly used for UnifiedPush)
|
||||||
|
#
|
||||||
|
# If enabled, subscribers may opt to have published messages counted against their own rate limits, as opposed
|
||||||
|
# to the publisher's rate limits. This is especially useful to increase the amount of messages that high-volume
|
||||||
|
# publishers (e.g. Matrix/Mastodon servers) are allowed to send.
|
||||||
|
#
|
||||||
|
# Once enabled, a client may send a "Rate-Topics: <topic1>,<topic2>,..." header when subscribing to topics via
|
||||||
|
# HTTP stream, or websockets, thereby registering itself as the "rate visitor", i.e. the visitor whose rate limits
|
||||||
|
# to use when publishing on this topic. Note: Setting the rate visitor requires READ-WRITE permission on the topic.
|
||||||
|
#
|
||||||
|
# UnifiedPush only: If this setting is enabled, publishing to UnifiedPush topics will lead to a HTTP 507 response if
|
||||||
|
# no "rate visitor" has been previously registered. This is to avoid burning the publisher's "visitor-message-daily-limit".
|
||||||
|
#
|
||||||
|
# visitor-subscriber-rate-limiting: false
|
||||||
|
|
||||||
|
# Payments integration via Stripe
|
||||||
|
#
|
||||||
|
# - stripe-secret-key is the key used for the Stripe API communication. Setting this values
|
||||||
|
# enables payments in the ntfy web app (e.g. Upgrade dialog). See https://dashboard.stripe.com/apikeys.
|
||||||
|
# - stripe-webhook-key is the key required to validate the authenticity of incoming webhooks from Stripe.
|
||||||
|
# Webhooks are essential up keep the local database in sync with the payment provider. See https://dashboard.stripe.com/webhooks.
|
||||||
|
# - billing-contact is an email address or website displayed in the "Upgrade tier" dialog to let people reach
|
||||||
|
# out with billing questions. If unset, nothing will be displayed.
|
||||||
|
#
|
||||||
|
# stripe-secret-key:
|
||||||
|
# stripe-webhook-key:
|
||||||
|
# billing-contact:
|
||||||
|
|
||||||
|
# Metrics
|
||||||
|
#
|
||||||
|
# ntfy can expose Prometheus-style metrics via a /metrics endpoint, or on a dedicated listen IP/port.
|
||||||
|
# Metrics may be considered sensitive information, so before you enable them, be sure you know what you are
|
||||||
|
# doing, and/or secure access to the endpoint in your reverse proxy.
|
||||||
|
#
|
||||||
|
# - enable-metrics enables the /metrics endpoint for the default ntfy server (i.e. HTTP, HTTPS and/or Unix socket)
|
||||||
|
# - metrics-listen-http exposes the metrics endpoint via a dedicated [IP]:port. If set, this option implicitly
|
||||||
|
# enables metrics as well, e.g. "10.0.1.1:9090" or ":9090"
|
||||||
|
#
|
||||||
|
# enable-metrics: false
|
||||||
|
# metrics-listen-http:
|
||||||
|
|
||||||
|
# Profiling
|
||||||
|
#
|
||||||
|
# ntfy can expose Go's net/http/pprof endpoints to support profiling of the ntfy server. If enabled, ntfy will listen
|
||||||
|
# on a dedicated listen IP/port, which can be accessed via the web browser on http://<ip>:<port>/debug/pprof/.
|
||||||
|
# This can be helpful to expose bottlenecks, and visualize call flows. See https://pkg.go.dev/net/http/pprof for details.
|
||||||
|
#
|
||||||
|
# profile-listen-http:
|
||||||
|
|
||||||
|
# Logging options
|
||||||
|
#
|
||||||
|
# By default, ntfy logs to the console (stderr), with an "info" log level, and in a human-readable text format.
|
||||||
|
# ntfy supports five different log levels, can also write to a file, log as JSON, and even supports granular
|
||||||
|
# log level overrides for easier debugging. Some options (log-level and log-level-overrides) can be hot reloaded
|
||||||
|
# by calling "kill -HUP $pid" or "systemctl reload ntfy".
|
||||||
|
#
|
||||||
|
# - log-format defines the output format, can be "text" (default) or "json"
|
||||||
|
# - log-file is a filename to write logs to. If this is not set, ntfy logs to stderr.
|
||||||
|
# - log-level defines the default log level, can be one of "trace", "debug", "info" (default), "warn" or "error".
|
||||||
|
# Be aware that "debug" (and particularly "trace") can be VERY CHATTY. Only turn them on briefly for debugging purposes.
|
||||||
|
# - log-level-overrides lets you override the log level if certain fields match. This is incredibly powerful
|
||||||
|
# for debugging certain parts of the system (e.g. only the account management, or only a certain visitor).
|
||||||
|
# This is an array of strings in the format:
|
||||||
|
# - "field=value -> level" to match a value exactly, e.g. "tag=manager -> trace"
|
||||||
|
# - "field -> level" to match any value, e.g. "time_taken_ms -> debug"
|
||||||
|
# Warning: Using log-level-overrides has a performance penalty. Only use it for temporary debugging.
|
||||||
|
#
|
||||||
|
# Example (good for production):
|
||||||
|
# log-level: info
|
||||||
|
# log-format: json
|
||||||
|
# log-file: /var/log/ntfy.log
|
||||||
|
#
|
||||||
|
# Example level overrides (for debugging, only use temporarily):
|
||||||
|
# log-level-overrides:
|
||||||
|
# - "tag=manager -> trace"
|
||||||
|
# - "visitor_ip=1.2.3.4 -> debug"
|
||||||
|
# - "time_taken_ms -> debug"
|
||||||
|
#
|
||||||
|
# log-level: info
|
||||||
|
# log-level-overrides:
|
||||||
|
# log-format: text
|
||||||
|
# log-file:
|
20
roles/alerts/tasks/main.yml
Normal file
20
roles/alerts/tasks/main.yml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
- name: Create working directory
|
||||||
|
file:
|
||||||
|
path: /srv/alerts
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Copy ntfy server config
|
||||||
|
copy:
|
||||||
|
src: ntfy_server.yml
|
||||||
|
dest: /srv/alerts/ntfy_server.yml
|
||||||
|
|
||||||
|
- name: Copy Docker compose file
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/docker-compose.yml.j2"
|
||||||
|
dest: /srv/alerts/docker-compose.yml
|
||||||
|
|
||||||
|
- name: Deploy Docker compose
|
||||||
|
docker_compose:
|
||||||
|
project_src: /srv/alerts
|
||||||
|
pull: true
|
||||||
|
remove_orphans: true
|
11
roles/uptime_kuma/docker-compose.yml.j2
Normal file
11
roles/uptime_kuma/docker-compose.yml.j2
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
# vi: ft=yaml
|
||||||
|
|
||||||
|
services:
|
||||||
|
uptime-kuma:
|
||||||
|
image: louislam/uptime-kuma:1
|
||||||
|
container_name: uptime-kuma
|
||||||
|
ports:
|
||||||
|
- 3001:3001
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- {{ data_directory }}/uptime-kuma:/app/data
|
15
roles/uptime_kuma/tasks/main.yml
Normal file
15
roles/uptime_kuma/tasks/main.yml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
- name: Create working directory
|
||||||
|
file:
|
||||||
|
path: /srv/uptime-kuma
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Copy Docker compose file
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/docker-compose.yml.j2"
|
||||||
|
dest: /srv/uptime-kuma/docker-compose.yml
|
||||||
|
|
||||||
|
- name: Deploy Docker compose
|
||||||
|
docker_compose:
|
||||||
|
project_src: /srv/uptime-kuma
|
||||||
|
pull: true
|
||||||
|
remove_orphans: true
|
10
util/secret-service-client.sh
Executable file
10
util/secret-service-client.sh
Executable file
|
@ -0,0 +1,10 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
pass=`secret-tool lookup ansible_vault dataserver`
|
||||||
|
retval=$?
|
||||||
|
|
||||||
|
if [ $retval -ne 0 ]; then
|
||||||
|
echo Provide password:
|
||||||
|
read -s pass
|
||||||
|
fi
|
||||||
|
echo $pass
|
Reference in a new issue