From f1c64f4f3e906ce7819d65e883eebc51e0e18c26 Mon Sep 17 00:00:00 2001 From: pizzaniels Date: Fri, 6 Jan 2023 18:07:07 +0100 Subject: [PATCH 1/9] changed nsd config --- roles/nsd/files/zones/geokunis2.nl | 7 +++---- roles/nsd/files/zones/pizzapim.nl | 26 ++++++++++++-------------- 2 files changed, 15 insertions(+), 18 deletions(-) diff --git a/roles/nsd/files/zones/geokunis2.nl b/roles/nsd/files/zones/geokunis2.nl index 4447d27..64aff98 100644 --- a/roles/nsd/files/zones/geokunis2.nl +++ b/roles/nsd/files/zones/geokunis2.nl @@ -1,19 +1,18 @@ $ORIGIN geokunis2.nl. $TTL 60 -geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2022103001 1800 3600 1209600 3600 +geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2023010600 1800 3600 1209600 3600 NS ns.geokunis2.nl. NS ns0.transip.net. NS ns1.transip.nl. NS ns2.transip.eu. A 82.197.212.198 - AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e + AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda MX 0 . TXT "v=spf1 -all" CAA 0 issue "letsencrypt.org" jenl IN A 217.123.41.225 kms IN A 82.197.212.198 -ovh IN A 57.128.45.138 _dmarc IN TXT "v=DMARC1; p=reject; fo=0; adkim=s; aspf=s; pct=100; rf=afrf; sp=reject" ns A 82.197.212.198 - AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e + AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda diff --git a/roles/nsd/files/zones/pizzapim.nl b/roles/nsd/files/zones/pizzapim.nl index 67fa9ce..dfb220e 100644 --- a/roles/nsd/files/zones/pizzapim.nl +++ b/roles/nsd/files/zones/pizzapim.nl @@ -1,26 +1,24 @@ $ORIGIN pizzapim.nl. $TTL 60 -pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2022122900 1800 3600 1209600 3600 +pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023010600 1800 3600 1209600 3600 NS ns.pizzapim.nl. NS ns0.transip.net. NS ns1.transip.nl. NS ns2.transip.eu. A 82.197.212.198 - AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e + AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda TXT "v=spf1 ~all" CAA 0 issue "letsencrypt.org" -www IN CNAME @ -ns IN A 82.197.212.198 - AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e -_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;" -cloud IN A 82.197.212.198 - AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e -social IN A 82.197.212.198 - AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e -dav IN A 82.197.212.198 - AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e -git IN A 82.197.212.198 - AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e +_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;" + +www IN A 82.197.212.198 + AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda +ns IN A 82.197.212.198 + AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda +cloud IN CNAME www.pizzapim.nl +social IN CNAME www.pizzapim.nl +dav IN CNAME www.pizzapim.nl +git IN CNAME www.pizzapim.nl From 7e10a78623158f9a6304f0105dcc326ead6ef2a7 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Fri, 6 Jan 2023 19:51:28 +0100 Subject: [PATCH 2/9] fix nsd ipv6 --- README.md | 1 - roles/docker/files/daemon.json | 3 +++ roles/docker/tasks/main.yml | 10 ++++++++++ roles/nsd/files/nsd.conf | 3 +++ 4 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 roles/docker/files/daemon.json diff --git a/README.md b/README.md index d0373eb..d78af6b 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,6 @@ ## TODO ### nsd -- Change IPv6 addresses - ZSK rollover. - I always resign the zone, even if nothing has changed. I could check whether the zone has changed or new keys were generated but that is kind of difficult. diff --git a/roles/docker/files/daemon.json b/roles/docker/files/daemon.json new file mode 100644 index 0000000..8cef55b --- /dev/null +++ b/roles/docker/files/daemon.json @@ -0,0 +1,3 @@ +{ + "ipv6": true +} diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index dfef31a..6d8d1ce 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -29,3 +29,13 @@ name: - docker - docker-compose +- name: Enable IPv6 + copy: + src: "{{ role_path }}/files/daemon.json" + dest: /etc/docker/daemon.json + register: daemon_file +- name: Start Docker + systemd: + name: docker + enabled: true + state: "{{ 'reloaded' if daemon_file.changed else 'started' }}" diff --git a/roles/nsd/files/nsd.conf b/roles/nsd/files/nsd.conf index 151373c..20245a0 100644 --- a/roles/nsd/files/nsd.conf +++ b/roles/nsd/files/nsd.conf @@ -1,8 +1,11 @@ server: + ip-address: eth0 # TEMP until response from mailing list server-count: 1 verbosity: 1 hide-version: yes zonesdir: "/zones" + ip-transparent: yes + ip-freebind: yes zone: name: pizzapim.nl From 6cab50d7542b2df8a53adbfaffaa455bca4ffa1a Mon Sep 17 00:00:00 2001 From: pizzaniels Date: Fri, 6 Jan 2023 20:07:47 +0100 Subject: [PATCH 3/9] add aaaa record for kms.geokunis2.nl --- roles/nsd/files/zones/geokunis2.nl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/nsd/files/zones/geokunis2.nl b/roles/nsd/files/zones/geokunis2.nl index 64aff98..096d80a 100644 --- a/roles/nsd/files/zones/geokunis2.nl +++ b/roles/nsd/files/zones/geokunis2.nl @@ -12,7 +12,8 @@ geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2023010600 1800 3600 12096 TXT "v=spf1 -all" CAA 0 issue "letsencrypt.org" jenl IN A 217.123.41.225 -kms IN A 82.197.212.198 +kms IN A 82.197.212.198 +kms IN AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda _dmarc IN TXT "v=DMARC1; p=reject; fo=0; adkim=s; aspf=s; pct=100; rf=afrf; sp=reject" ns A 82.197.212.198 AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda From 8463e5c4bf3951e6cc1c4dc35d2e33a8546def99 Mon Sep 17 00:00:00 2001 From: pizzaniels Date: Fri, 6 Jan 2023 20:11:13 +0100 Subject: [PATCH 4/9] aaaa record weer weggehaald voor kms.geokunis2.nl --- roles/nsd/files/zones/geokunis2.nl | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/nsd/files/zones/geokunis2.nl b/roles/nsd/files/zones/geokunis2.nl index 096d80a..3503a8d 100644 --- a/roles/nsd/files/zones/geokunis2.nl +++ b/roles/nsd/files/zones/geokunis2.nl @@ -13,7 +13,6 @@ geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2023010600 1800 3600 12096 CAA 0 issue "letsencrypt.org" jenl IN A 217.123.41.225 kms IN A 82.197.212.198 -kms IN AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda _dmarc IN TXT "v=DMARC1; p=reject; fo=0; adkim=s; aspf=s; pct=100; rf=afrf; sp=reject" ns A 82.197.212.198 AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda From 1382696ba18a6a257f53c2f4f149535dca01fa48 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Fri, 6 Jan 2023 22:49:07 +0100 Subject: [PATCH 5/9] change pizzeria remote to forgejo add dirty hack to resolve local domains --- README.md | 3 +++ roles/common/files/hosts | 14 ++++++++++++++ roles/common/tasks/main.yml | 4 ++++ roles/pizzeria/tasks/main.yml | 2 +- roles/pizzeria/vars/main.yml | 2 ++ 5 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 roles/common/files/hosts create mode 100644 roles/pizzeria/vars/main.yml diff --git a/README.md b/README.md index d78af6b..e881697 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,8 @@ # Ansible scripts for our private Intel NUC servers ## TODO + +- Move to /srv directory? + ### nsd - ZSK rollover. diff --git a/roles/common/files/hosts b/roles/common/files/hosts new file mode 100644 index 0000000..00dc10d --- /dev/null +++ b/roles/common/files/hosts @@ -0,0 +1,14 @@ +127.0.0.1 localhost +127.0.1.1 ubuntu +127.0.0.1 pizzapim.nl +127.0.0.1 git.pizzapim.nl +127.0.0.1 dav.pizzapim.nl +127.0.0.1 social.pizzapim.nl +127.0.0.1 www.pizzapim.nl + +# The following lines are desirable for IPv6 capable hosts +::1 ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 7e13c12..44966f8 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -23,3 +23,7 @@ src: "{{ role_path }}/files/resolv.conf" dest: /etc/resolv.conf follow: true +- name: Copy hosts file + copy: + src: "{{ role_path }}/files/hosts" + dest: /etc/hosts diff --git a/roles/pizzeria/tasks/main.yml b/roles/pizzeria/tasks/main.yml index da03235..9fc3011 100644 --- a/roles/pizzeria/tasks/main.yml +++ b/roles/pizzeria/tasks/main.yml @@ -1,6 +1,6 @@ - name: Clone pizzeria repository git: - repo: https://github.com/pizzapim/pizzeria + repo: "{{ pizzeria.git_origin }}" dest: /apps/pizzeria - name: Start the Docker Compose community.docker.docker_compose: diff --git a/roles/pizzeria/vars/main.yml b/roles/pizzeria/vars/main.yml new file mode 100644 index 0000000..21308b6 --- /dev/null +++ b/roles/pizzeria/vars/main.yml @@ -0,0 +1,2 @@ +pizzeria: + git_origin: https://git.pizzapim.nl/pim/pizzeria.git From 117d7d2cf4419904141cfa1cfd030da781e01980 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sat, 7 Jan 2023 12:02:04 +0100 Subject: [PATCH 6/9] run nsd on bare metal --- roles/common/files/hosts | 14 ------ roles/common/files/resolv.conf | 1 + roles/common/tasks/main.yml | 4 -- roles/docker/files/daemon.json | 3 -- roles/docker/tasks/main.yml | 5 --- roles/nsd/files/docker-compose.yml | 18 -------- roles/nsd/files/nsd.conf | 4 +- roles/nsd/files/zones/geokunis2.nl | 8 ++-- roles/nsd/files/zones/pizzapim.nl | 10 ++--- roles/nsd/meta/main.yml | 3 -- roles/nsd/tasks/main.yml | 71 ++++++++++++------------------ 11 files changed, 39 insertions(+), 102 deletions(-) delete mode 100644 roles/common/files/hosts delete mode 100644 roles/docker/files/daemon.json delete mode 100644 roles/nsd/files/docker-compose.yml delete mode 100644 roles/nsd/meta/main.yml diff --git a/roles/common/files/hosts b/roles/common/files/hosts deleted file mode 100644 index 00dc10d..0000000 --- a/roles/common/files/hosts +++ /dev/null @@ -1,14 +0,0 @@ -127.0.0.1 localhost -127.0.1.1 ubuntu -127.0.0.1 pizzapim.nl -127.0.0.1 git.pizzapim.nl -127.0.0.1 dav.pizzapim.nl -127.0.0.1 social.pizzapim.nl -127.0.0.1 www.pizzapim.nl - -# The following lines are desirable for IPv6 capable hosts -::1 ip6-localhost ip6-loopback -fe00::0 ip6-localnet -ff00::0 ip6-mcastprefix -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters diff --git a/roles/common/files/resolv.conf b/roles/common/files/resolv.conf index 8a9bf12..863bc57 100644 --- a/roles/common/files/resolv.conf +++ b/roles/common/files/resolv.conf @@ -1,3 +1,4 @@ +nameserver 192.168.30.1 nameserver 1.1.1.1 nameserver 1.0.0.1 search lan diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 44966f8..7e13c12 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -23,7 +23,3 @@ src: "{{ role_path }}/files/resolv.conf" dest: /etc/resolv.conf follow: true -- name: Copy hosts file - copy: - src: "{{ role_path }}/files/hosts" - dest: /etc/hosts diff --git a/roles/docker/files/daemon.json b/roles/docker/files/daemon.json deleted file mode 100644 index 8cef55b..0000000 --- a/roles/docker/files/daemon.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "ipv6": true -} diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 6d8d1ce..1077edb 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -29,11 +29,6 @@ name: - docker - docker-compose -- name: Enable IPv6 - copy: - src: "{{ role_path }}/files/daemon.json" - dest: /etc/docker/daemon.json - register: daemon_file - name: Start Docker systemd: name: docker diff --git a/roles/nsd/files/docker-compose.yml b/roles/nsd/files/docker-compose.yml deleted file mode 100644 index 42d56dd..0000000 --- a/roles/nsd/files/docker-compose.yml +++ /dev/null @@ -1,18 +0,0 @@ -version: '3.7' - -services: - nsd: - container_name: nsd - restart: always - image: ghcr.io/the-kube-way/nsd:v4.6.0 - read_only: true - tmpfs: - - /tmp - - /var/db/nsd - volumes: - - /apps/nsd/conf:/etc/nsd:ro - - /apps/nsd/zones:/zones - - /apps/nsd/keys:/keys - ports: - - 53:53 - - 53:53/udp diff --git a/roles/nsd/files/nsd.conf b/roles/nsd/files/nsd.conf index 20245a0..f3460bf 100644 --- a/roles/nsd/files/nsd.conf +++ b/roles/nsd/files/nsd.conf @@ -1,9 +1,9 @@ server: - ip-address: eth0 # TEMP until response from mailing list + ip-address: enp3s0 server-count: 1 verbosity: 1 hide-version: yes - zonesdir: "/zones" + zonesdir: "/etc/nsd/zones" ip-transparent: yes ip-freebind: yes diff --git a/roles/nsd/files/zones/geokunis2.nl b/roles/nsd/files/zones/geokunis2.nl index 3503a8d..1a5d776 100644 --- a/roles/nsd/files/zones/geokunis2.nl +++ b/roles/nsd/files/zones/geokunis2.nl @@ -1,18 +1,18 @@ $ORIGIN geokunis2.nl. $TTL 60 -geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2023010600 1800 3600 1209600 3600 +geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2023010601 1800 3600 1209600 3600 NS ns.geokunis2.nl. NS ns0.transip.net. NS ns1.transip.nl. NS ns2.transip.eu. - A 82.197.212.198 + A 84.245.14.149 AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda MX 0 . TXT "v=spf1 -all" CAA 0 issue "letsencrypt.org" jenl IN A 217.123.41.225 -kms IN A 82.197.212.198 +kms IN A 84.245.14.149 _dmarc IN TXT "v=DMARC1; p=reject; fo=0; adkim=s; aspf=s; pct=100; rf=afrf; sp=reject" -ns A 82.197.212.198 +ns A 84.245.14.149 AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda diff --git a/roles/nsd/files/zones/pizzapim.nl b/roles/nsd/files/zones/pizzapim.nl index dfb220e..19b8c82 100644 --- a/roles/nsd/files/zones/pizzapim.nl +++ b/roles/nsd/files/zones/pizzapim.nl @@ -1,22 +1,22 @@ $ORIGIN pizzapim.nl. $TTL 60 -pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023010600 1800 3600 1209600 3600 +pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023010700 1800 3600 1209600 3600 NS ns.pizzapim.nl. NS ns0.transip.net. NS ns1.transip.nl. NS ns2.transip.eu. - A 82.197.212.198 + A 84.245.14.149 AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda TXT "v=spf1 ~all" CAA 0 issue "letsencrypt.org" -_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;" +_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;" -www IN A 82.197.212.198 +www IN A 84.245.14.149 AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda -ns IN A 82.197.212.198 +ns IN A 84.245.14.149 AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda cloud IN CNAME www.pizzapim.nl social IN CNAME www.pizzapim.nl diff --git a/roles/nsd/meta/main.yml b/roles/nsd/meta/main.yml deleted file mode 100644 index 090690b..0000000 --- a/roles/nsd/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - role: common - - role: docker diff --git a/roles/nsd/tasks/main.yml b/roles/nsd/tasks/main.yml index 32d67c2..2636079 100644 --- a/roles/nsd/tasks/main.yml +++ b/roles/nsd/tasks/main.yml @@ -1,86 +1,69 @@ -- name: Create nsd app directory - file: - path: /apps/nsd - state: directory -- name: Create nsd configuration directory - file: - path: /apps/nsd/conf - state: directory - owner: 991 - group: 991 +- name: Install nsd + apt: + pkg: + - nsd + - ldnsutils - name: Copy nsd.conf copy: src: "{{ role_path }}/files/nsd.conf" - dest: /apps/nsd/conf/nsd.conf -- name: Create nsd zones directory + dest: /etc/nsd/nsd.conf +- name: Create zones directory file: - path: /apps/nsd/zones + path: /etc/nsd/zones state: directory - owner: 991 - group: 991 - name: Copy zone files copy: src: "{{ role_path }}/files/zones/" - dest: /apps/nsd/zones -- name: Create nsd keys directory + dest: /etc/nsd/zones +- name: Create keys directory file: - path: /apps/nsd/keys + path: /etc/nsd/keys state: directory - owner: 991 - group: 991 - name: Copy KSK private keys template: src: "{{ item }}" - dest: "/apps/nsd/keys/{{ item | basename }}" + dest: "/etc/nsd/keys/{{ item | basename }}" with_fileglob: - "{{ role_path }}/files/keys/*.ksk.private" - name: Copy KSK keys copy: src: "{{ item }}" - dest: "/apps/nsd/keys/{{ item | basename }}" + dest: "/etc/nsd/keys/{{ item | basename }}" with_fileglob: - "{{ role_path }}/files/keys/*.ksk.key" -- name: Copy Docker Compose script - copy: - src: "{{ role_path }}/files/docker-compose.yml" - dest: /apps/nsd/docker-compose.yml -- name: Start Docker Compose - docker_compose: - project_src: /apps/nsd - pull: true - remove_orphans: true - name: Check if ZSKs exist stat: - path: "/apps/nsd/keys/K{{ item | basename }}.zsk.key" + path: "/etc/nsd/keys/K{{ item | basename }}.zsk.key" register: zsks_exists with_fileglob: - "{{ role_path }}/files/zones/*" - name: Create ZSK command: - cmd: "docker-compose exec -w /keys nsd ldns-keygen -a ED25519 {{ item.item | basename }}" - chdir: /apps/nsd + cmd: "ldns-keygen -a ED25519 {{ item.item | basename }}" + chdir: /etc/nsd/keys register: create_zsk when: not item.stat.exists with_items: "{{ zsks_exists.results }}" - name: Rename ZSK key command: - cmd: "docker-compose exec -w /keys nsd mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key" - chdir: /apps/nsd + cmd: "mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key" + chdir: /etc/nsd/keys when: item.changed with_items: "{{ create_zsk.results }}" - name: Rename ZSK private key command: - cmd: "docker-compose exec -w /keys nsd mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private" - chdir: /apps/nsd + cmd: "mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private" + chdir: /etc/nsd/keys when: item.changed with_items: "{{ create_zsk.results }}" - name: Sign zones command: - cmd: 'docker-compose exec -w /zones nsd ldns-signzone {{ item | basename }} /keys/K{{ item | basename }}.zsk /keys/K{{ item | basename }}.ksk' - chdir: /apps/nsd + cmd: "ldns-signzone {{ item | basename }} /etc/nsd/keys/K{{ item | basename }}.zsk /etc/nsd/keys/K{{ item | basename }}.ksk" + chdir: /etc/nsd/zones with_fileglob: - "{{ role_path }}/files/zones/*" -- name: Restart Docker Compose - docker_compose: - project_src: /apps/nsd - restarted: true +- name: Restart NSD + systemd: + name: nsd + enabled: true + state: reloaded From 5331d25c4a90e362e9730ec8f2e411722d5dbf78 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sat, 7 Jan 2023 13:15:47 +0100 Subject: [PATCH 7/9] fix some DNS bugs --- roles/docker/tasks/main.yml | 2 +- roles/nsd/files/zones/pizzapim.nl | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 1077edb..2506fde 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -33,4 +33,4 @@ systemd: name: docker enabled: true - state: "{{ 'reloaded' if daemon_file.changed else 'started' }}" + state: started diff --git a/roles/nsd/files/zones/pizzapim.nl b/roles/nsd/files/zones/pizzapim.nl index 19b8c82..9c8e1e5 100644 --- a/roles/nsd/files/zones/pizzapim.nl +++ b/roles/nsd/files/zones/pizzapim.nl @@ -1,7 +1,7 @@ $ORIGIN pizzapim.nl. $TTL 60 -pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023010700 1800 3600 1209600 3600 +pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023010701 1800 3600 1209600 3600 NS ns.pizzapim.nl. NS ns0.transip.net. @@ -18,7 +18,7 @@ www IN A 84.245.14.149 AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda ns IN A 84.245.14.149 AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda -cloud IN CNAME www.pizzapim.nl -social IN CNAME www.pizzapim.nl -dav IN CNAME www.pizzapim.nl -git IN CNAME www.pizzapim.nl +cloud IN CNAME www.pizzapim.nl. +social IN CNAME www.pizzapim.nl. +dav IN CNAME www.pizzapim.nl. +git IN CNAME www.pizzapim.nl. From 5bf6d7acbcc009c5e1e3de38bf9eb0095caa65a1 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sat, 7 Jan 2023 19:08:49 +0100 Subject: [PATCH 8/9] move to /srv --- README.md | 2 -- roles/common/tasks/main.yml | 4 ++-- roles/forgejo/files/docker-compose.yml | 2 +- roles/forgejo/tasks/main.yml | 12 ++++++------ roles/kms/tasks/main.yml | 8 ++++---- roles/mastodon/tasks/main.yml | 8 ++++---- roles/pizzeria/tasks/main.yml | 6 +++--- roles/radicale/files/docker-compose.yml | 2 +- roles/radicale/tasks/main.yml | 12 ++++++------ roles/syncthing/files/docker-compose.yml | 2 +- roles/syncthing/tasks/main.yml | 14 +++++++------- roles/traefik/files/docker-compose.yml | 6 +++--- roles/traefik/tasks/main.yml | 12 ++++++------ 13 files changed, 44 insertions(+), 46 deletions(-) diff --git a/README.md b/README.md index e881697..7b44435 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,6 @@ # Ansible scripts for our private Intel NUC servers ## TODO -- Move to /srv directory? - ### nsd - ZSK rollover. diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 7e13c12..fa79f23 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -9,9 +9,9 @@ file: path: /data state: directory -- name: Create /apps directory +- name: Create /srv directory file: - path: /apps + path: /srv state: directory - name: Disable systemd-resolved systemd: diff --git a/roles/forgejo/files/docker-compose.yml b/roles/forgejo/files/docker-compose.yml index b9a7542..98be775 100644 --- a/roles/forgejo/files/docker-compose.yml +++ b/roles/forgejo/files/docker-compose.yml @@ -16,7 +16,7 @@ services: - traefik volumes: - /data/forgejo:/data - - /apps/forgejo/conf:/data/gitea/conf + - /srv/forgejo/conf:/data/gitea/conf - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro labels: diff --git a/roles/forgejo/tasks/main.yml b/roles/forgejo/tasks/main.yml index d46f75d..2422a53 100644 --- a/roles/forgejo/tasks/main.yml +++ b/roles/forgejo/tasks/main.yml @@ -1,11 +1,11 @@ - name: Create app directory file: - path: /apps/forgejo + path: /srv/forgejo state: directory - name: Copy Docker Compose script copy: src: "{{ role_path }}/files/docker-compose.yml" - dest: /apps/forgejo/docker-compose.yml + dest: /srv/forgejo/docker-compose.yml - name: Create data directory file: path: /data/forgejo @@ -14,18 +14,18 @@ group: 1000 - name: Copy conf directory file: - path: /apps/forgejo/conf + path: /srv/forgejo/conf state: directory owner: 1000 group: 1000 - name: Copy app.ini template: src: "{{ role_path }}/templates/app.ini" - dest: /apps/forgejo/conf/app.ini + dest: /srv/forgejo/conf/app.ini register: config - name: Start the Docker Compose - community.docker.docker_compose: - project_src: /apps/forgejo + docker_compose: + project_src: /srv/forgejo pull: true remove_orphans: true restarted: "{{ config.changed }}" diff --git a/roles/kms/tasks/main.yml b/roles/kms/tasks/main.yml index 57a0ce4..536bad6 100644 --- a/roles/kms/tasks/main.yml +++ b/roles/kms/tasks/main.yml @@ -1,14 +1,14 @@ - name: Create app directory file: - path: /apps/kms + path: /srv/kms state: directory - name: Copy Docker Compose script copy: src: "{{ role_path }}/files/docker-compose.yml" - dest: /apps/kms/docker-compose.yml + dest: /srv/kms/docker-compose.yml - name: Start the Docker Compose - community.docker.docker_compose: - project_src: /apps/kms + docker_compose: + project_src: /srv/kms pull: true remove_orphans: true diff --git a/roles/mastodon/tasks/main.yml b/roles/mastodon/tasks/main.yml index 6c90df0..4a4cccb 100644 --- a/roles/mastodon/tasks/main.yml +++ b/roles/mastodon/tasks/main.yml @@ -1,15 +1,15 @@ - name: Create Mastodon app directory file: - path: /apps/mastodon + path: /srv/mastodon state: directory - name: Copy .env.production copy: src: "{{ role_path }}/files/.env.production" - dest: /apps/mastodon/.env.production + dest: /srv/mastodon/.env.production - name: Copy Docker Compose script template: src: "{{ role_path }}/templates/docker-compose.yml.j2" - dest: /apps/mastodon/docker-compose.yml + dest: /srv/mastodon/docker-compose.yml - name: Create Mastodon data directory file: path: /data/mastodon @@ -17,6 +17,6 @@ mode: 0777 - name: Start Docker Compose docker_compose: - project_src: /apps/mastodon + project_src: /srv/mastodon pull: true remove_orphans: true diff --git a/roles/pizzeria/tasks/main.yml b/roles/pizzeria/tasks/main.yml index 9fc3011..5f27e49 100644 --- a/roles/pizzeria/tasks/main.yml +++ b/roles/pizzeria/tasks/main.yml @@ -1,9 +1,9 @@ - name: Clone pizzeria repository git: repo: "{{ pizzeria.git_origin }}" - dest: /apps/pizzeria + dest: /srv/pizzeria - name: Start the Docker Compose - community.docker.docker_compose: - project_src: /apps/pizzeria + docker_compose: + project_src: /srv/pizzeria pull: true remove_orphans: true diff --git a/roles/radicale/files/docker-compose.yml b/roles/radicale/files/docker-compose.yml index fe20407..556e883 100644 --- a/roles/radicale/files/docker-compose.yml +++ b/roles/radicale/files/docker-compose.yml @@ -10,7 +10,7 @@ services: image: mailu/radicale:1.9 volumes: - /data/radicale:/data - - /apps/radicale/config:/radicale + - /srv/radicale/config:/radicale command: radicale -S -C /radicale/radicale.conf networks: - traefik diff --git a/roles/radicale/tasks/main.yml b/roles/radicale/tasks/main.yml index a66223b..a2974ba 100644 --- a/roles/radicale/tasks/main.yml +++ b/roles/radicale/tasks/main.yml @@ -1,29 +1,29 @@ - name: Create Radicale app directory file: - path: /apps/radicale + path: /srv/radicale state: directory - name: Copy docker-compose.yml file copy: src: "{{ role_path }}/files/docker-compose.yml" - dest: /apps/radicale/docker-compose.yml + dest: /srv/radicale/docker-compose.yml - name: Create Radicale config directory file: - path: /apps/radicale/config + path: /srv/radicale/config state: directory - name: Copy radicale.conf copy: src: "{{ role_path }}/files/radicale.conf" - dest: /apps/radicale/config/radicale.conf + dest: /srv/radicale/config/radicale.conf - name: Copy users file copy: src: "{{ role_path }}/files/users" - dest: /apps/radicale/config/users + dest: /srv/radicale/config/users - name: Create Radicale data directory file: path: /data/radicale state: directory - name: Start Docker Compose docker_compose: - project_src: /apps/radicale + project_src: /srv/radicale pull: true remove_orphans: true diff --git a/roles/syncthing/files/docker-compose.yml b/roles/syncthing/files/docker-compose.yml index 7f4e6d8..4505a69 100644 --- a/roles/syncthing/files/docker-compose.yml +++ b/roles/syncthing/files/docker-compose.yml @@ -10,7 +10,7 @@ services: - PGID=1000 - TZ=Europe/Amsterdam volumes: - - /apps/syncthing/config:/config + - /srv/syncthing/config:/config - /data/syncthing:/data ports: - 8384:8384 diff --git a/roles/syncthing/tasks/main.yml b/roles/syncthing/tasks/main.yml index 8b197fe..4b73ced 100644 --- a/roles/syncthing/tasks/main.yml +++ b/roles/syncthing/tasks/main.yml @@ -1,23 +1,23 @@ - name: Create Syncthing app directory file: - path: /apps/syncthing + path: /srv/syncthing state: directory - name: Create Syncthing configuration directory file: - path: /apps/syncthing/config + path: /srv/syncthing/config state: directory - name: Copy Syncthing private key copy: src: "{{ role_path }}/files/key.pem" - dest: /apps/syncthing/config/key.pem + dest: /srv/syncthing/config/key.pem - name: Copy Syncthing certificate copy: src: "{{ role_path }}/files/cert.pem" - dest: /apps/syncthing/config/cert.pem + dest: /srv/syncthing/config/cert.pem - name: Copy Syncthing configuration template: src: "{{ role_path }}/templates/config.xml.j2" - dest: /apps/syncthing/config/config.xml + dest: /srv/syncthing/config/config.xml - name: Create Syncthing data directory file: path: /data/syncthing @@ -26,9 +26,9 @@ - name: Copy Docker Compose script copy: src: "{{ role_path }}/files/docker-compose.yml" - dest: /apps/syncthing/docker-compose.yml + dest: /srv/syncthing/docker-compose.yml - name: Start Docker Compose docker_compose: - project_src: /apps/syncthing + project_src: /srv/syncthing pull: true remove_orphans: true diff --git a/roles/traefik/files/docker-compose.yml b/roles/traefik/files/docker-compose.yml index 70570d1..ac79916 100644 --- a/roles/traefik/files/docker-compose.yml +++ b/roles/traefik/files/docker-compose.yml @@ -20,9 +20,9 @@ services: - "56287:56287" volumes: - /var/run/docker.sock:/var/run/docker.sock - - /apps/traefik/traefik.toml:/etc/traefik/traefik.toml - - /apps/traefik/services.toml:/etc/traefik/services.toml - - /apps/traefik/acme.json:/acme.json + - /srv/traefik/traefik.toml:/etc/traefik/traefik.toml + - /srv/traefik/services.toml:/etc/traefik/services.toml + - /srv/traefik/acme.json:/acme.json networks: - traefik labels: diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml index cedf64c..e87ed92 100644 --- a/roles/traefik/tasks/main.yml +++ b/roles/traefik/tasks/main.yml @@ -1,30 +1,30 @@ - name: Create traefik app directory file: - path: /apps/traefik + path: /srv/traefik state: directory - name: Create acme file copy: content: "" - dest: /apps/traefik/acme.json + dest: /srv/traefik/acme.json force: no mode: 0600 - name: Copy Docker Compose script copy: src: "{{ role_path }}/files/docker-compose.yml" - dest: /apps/traefik/docker-compose.yml + dest: /srv/traefik/docker-compose.yml - name: Copy traefik.toml copy: src: "{{ role_path }}/files/traefik.toml" - dest: /apps/traefik/traefik.toml + dest: /srv/traefik/traefik.toml - name: Copy services.toml copy: src: "{{ role_path }}/files/services.toml" - dest: /apps/traefik/services.toml + dest: /srv/traefik/services.toml - name: Create traefik network docker_network: name: "traefik" - name: Start Docker Compose docker_compose: - project_src: /apps/traefik + project_src: /srv/traefik pull: true remove_orphans: true From cd17ed372cb1860a00c97decb2d0039d93a22446 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sat, 7 Jan 2023 20:32:42 +0100 Subject: [PATCH 9/9] parameterize directories --- inventory/group_vars/nucs.yml | 3 ++- roles/common/tasks/main.yml | 8 ++++---- roles/forgejo/tasks/main.yml | 16 +++++++-------- .../docker-compose.yml.j2} | 4 ++-- roles/forgejo/vars/main.yml | 4 ++++ roles/kms/tasks/main.yml | 6 +++--- roles/kms/vars/main.yml | 2 ++ roles/mastodon/tasks/main.yml | 10 +++++----- .../mastodon/templates/docker-compose.yml.j2 | 8 ++++---- roles/mastodon/vars/main.yml | 4 ++++ roles/pizzeria/tasks/main.yml | 6 +++--- roles/pizzeria/vars/main.yml | 6 ++++-- roles/radicale/tasks/main.yml | 18 ++++++++--------- .../docker-compose.yml.j2} | 4 ++-- roles/radicale/vars/main.yml | 3 +++ roles/syncthing/tasks/main.yml | 20 +++++++++---------- .../docker-compose.yml.j2} | 4 ++-- roles/syncthing/vars/main.yml | 4 ++++ roles/traefik/tasks/main.yml | 16 +++++++-------- .../docker-compose.yml.j2} | 6 +++--- roles/traefik/vars/main.yml | 2 ++ 21 files changed, 88 insertions(+), 66 deletions(-) rename roles/forgejo/{files/docker-compose.yml => templates/docker-compose.yml.j2} (92%) create mode 100644 roles/kms/vars/main.yml rename roles/radicale/{files/docker-compose.yml => templates/docker-compose.yml.j2} (86%) create mode 100644 roles/radicale/vars/main.yml rename roles/syncthing/{files/docker-compose.yml => templates/docker-compose.yml.j2} (83%) rename roles/traefik/{files/docker-compose.yml => templates/docker-compose.yml.j2} (82%) create mode 100644 roles/traefik/vars/main.yml diff --git a/inventory/group_vars/nucs.yml b/inventory/group_vars/nucs.yml index da24364..69f1dc9 100644 --- a/inventory/group_vars/nucs.yml +++ b/inventory/group_vars/nucs.yml @@ -1 +1,2 @@ -# Group variables for nucs group +base_data_dir: /data +base_service_dir: /srv diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index fa79f23..ab05296 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -5,13 +5,13 @@ state: latest update_cache: yes cache_valid_time: 86400 # One day -- name: Create /data directory +- name: Create base data directory file: - path: /data + path: "{{ base_data_dir }}" state: directory -- name: Create /srv directory +- name: Create base service directory file: - path: /srv + path: "{{ base_service_dir }}" state: directory - name: Disable systemd-resolved systemd: diff --git a/roles/forgejo/tasks/main.yml b/roles/forgejo/tasks/main.yml index 2422a53..a2ce768 100644 --- a/roles/forgejo/tasks/main.yml +++ b/roles/forgejo/tasks/main.yml @@ -1,31 +1,31 @@ - name: Create app directory file: - path: /srv/forgejo + path: "{{ service_dir }}" state: directory - name: Copy Docker Compose script - copy: - src: "{{ role_path }}/files/docker-compose.yml" - dest: /srv/forgejo/docker-compose.yml + template: + src: "{{ role_path }}/templates/docker-compose.yml.j2" + dest: "{{ service_dir }}/docker-compose.yml" - name: Create data directory file: - path: /data/forgejo + path: "{{ data_dir }}" state: directory owner: 1000 group: 1000 - name: Copy conf directory file: - path: /srv/forgejo/conf + path: "{{ service_dir }}/conf" state: directory owner: 1000 group: 1000 - name: Copy app.ini template: src: "{{ role_path }}/templates/app.ini" - dest: /srv/forgejo/conf/app.ini + dest: "{{ service_dir }}/conf/app.ini" register: config - name: Start the Docker Compose docker_compose: - project_src: /srv/forgejo + project_src: "{{ service_dir }}" pull: true remove_orphans: true restarted: "{{ config.changed }}" diff --git a/roles/forgejo/files/docker-compose.yml b/roles/forgejo/templates/docker-compose.yml.j2 similarity index 92% rename from roles/forgejo/files/docker-compose.yml rename to roles/forgejo/templates/docker-compose.yml.j2 index 98be775..a72e115 100644 --- a/roles/forgejo/files/docker-compose.yml +++ b/roles/forgejo/templates/docker-compose.yml.j2 @@ -15,8 +15,8 @@ services: networks: - traefik volumes: - - /data/forgejo:/data - - /srv/forgejo/conf:/data/gitea/conf + - {{ data_dir }}:/data + - {{ service_dir }}/conf:/data/gitea/conf - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro labels: diff --git a/roles/forgejo/vars/main.yml b/roles/forgejo/vars/main.yml index 1f23d70..f0ac50e 100644 --- a/roles/forgejo/vars/main.yml +++ b/roles/forgejo/vars/main.yml @@ -1,3 +1,7 @@ +service_name: forgejo +data_dir: "{{ base_data_dir }}/{{ service_name }}" +service_dir: "{{ base_service_dir }}/{{ service_name }}" + forgejo: root_url: "https://git.pizzapim.nl" mailer_host: "smtp.tweak.nl" diff --git a/roles/kms/tasks/main.yml b/roles/kms/tasks/main.yml index 536bad6..2518ba7 100644 --- a/roles/kms/tasks/main.yml +++ b/roles/kms/tasks/main.yml @@ -1,14 +1,14 @@ - name: Create app directory file: - path: /srv/kms + path: "{{ service_dir }}" state: directory - name: Copy Docker Compose script copy: src: "{{ role_path }}/files/docker-compose.yml" - dest: /srv/kms/docker-compose.yml + dest: "{{ service_dir }}/docker-compose.yml" - name: Start the Docker Compose docker_compose: - project_src: /srv/kms + project_src: "{{ service_dir }}" pull: true remove_orphans: true diff --git a/roles/kms/vars/main.yml b/roles/kms/vars/main.yml new file mode 100644 index 0000000..8f2f2a2 --- /dev/null +++ b/roles/kms/vars/main.yml @@ -0,0 +1,2 @@ +service_name: kms +service_dir: "{{ base_service_dir }}/{{ service_name }}" diff --git a/roles/mastodon/tasks/main.yml b/roles/mastodon/tasks/main.yml index 4a4cccb..6f4ea70 100644 --- a/roles/mastodon/tasks/main.yml +++ b/roles/mastodon/tasks/main.yml @@ -1,22 +1,22 @@ - name: Create Mastodon app directory file: - path: /srv/mastodon + path: "{{ service_dir }}" state: directory - name: Copy .env.production copy: src: "{{ role_path }}/files/.env.production" - dest: /srv/mastodon/.env.production + dest: "{{ service_dir }}.env.production" - name: Copy Docker Compose script template: src: "{{ role_path }}/templates/docker-compose.yml.j2" - dest: /srv/mastodon/docker-compose.yml + dest: "{{ service_dir }}/docker-compose.yml" - name: Create Mastodon data directory file: - path: /data/mastodon + path: "{{ data_dir }}" state: directory mode: 0777 - name: Start Docker Compose docker_compose: - project_src: /srv/mastodon + project_src: "{{ service_dir }}" pull: true remove_orphans: true diff --git a/roles/mastodon/templates/docker-compose.yml.j2 b/roles/mastodon/templates/docker-compose.yml.j2 index 01b2ea0..e809bb7 100644 --- a/roles/mastodon/templates/docker-compose.yml.j2 +++ b/roles/mastodon/templates/docker-compose.yml.j2 @@ -9,7 +9,7 @@ services: healthcheck: test: ['CMD', 'pg_isready', '-U', 'postgres'] volumes: - - /data/mastodon/postgres14:/var/lib/postgresql/data + - {{ data_dir }}/postgres14:/var/lib/postgresql/data environment: - 'POSTGRES_HOST_AUTH_METHOD=trust' - 'POSTGRES_PASSWORD={{ mastodon_postgres_password }}' @@ -24,7 +24,7 @@ services: healthcheck: test: ['CMD', 'redis-cli', 'ping'] volumes: - - /data/mastodon/redis:/data + - {{ data_dir }}/redis:/data environment: - 'REDIS_PASSWORD={{ mastodon_redis_password }}' @@ -46,7 +46,7 @@ services: - db - redis volumes: - - /data/mastodon/public/system:/mastodon/public/system + - {{ data_dir }}/public/system:/mastodon/public/system labels: - traefik.http.routers.mastodon.entrypoints=websecure - traefik.http.routers.mastodon.rule=Host(`social.pizzapim.nl`) @@ -91,7 +91,7 @@ services: networks: - default volumes: - - /data/mastodon/public/system:/mastodon/public/system + - {{ data_dir }}/public/system:/mastodon/public/system healthcheck: test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"] diff --git a/roles/mastodon/vars/main.yml b/roles/mastodon/vars/main.yml index 505d001..0f488b3 100644 --- a/roles/mastodon/vars/main.yml +++ b/roles/mastodon/vars/main.yml @@ -1,3 +1,7 @@ +service_name: mastodon +data_dir: "{{ base_data_dir }}/{{ service_name }}" +service_dir: "{{ base_service_dir }}/{{ service_name }}" + mastodon_postgres_password: !vault | $ANSIBLE_VAULT;1.1;AES256 34643131323762373635383736636432643161646130373565333432323337646435656233383131 diff --git a/roles/pizzeria/tasks/main.yml b/roles/pizzeria/tasks/main.yml index 5f27e49..3d18940 100644 --- a/roles/pizzeria/tasks/main.yml +++ b/roles/pizzeria/tasks/main.yml @@ -1,9 +1,9 @@ - name: Clone pizzeria repository git: - repo: "{{ pizzeria.git_origin }}" - dest: /srv/pizzeria + repo: "{{ git_origin }}" + dest: "{{ service_dir }}" - name: Start the Docker Compose docker_compose: - project_src: /srv/pizzeria + project_src: "{{ service_dir }}" pull: true remove_orphans: true diff --git a/roles/pizzeria/vars/main.yml b/roles/pizzeria/vars/main.yml index 21308b6..33149bb 100644 --- a/roles/pizzeria/vars/main.yml +++ b/roles/pizzeria/vars/main.yml @@ -1,2 +1,4 @@ -pizzeria: - git_origin: https://git.pizzapim.nl/pim/pizzeria.git +service_name: pizzeria +data_dir: "{{ base_data_dir }}/{{ service_name }}" +service_dir: "{{ base_service_dir }}/{{ service_name }}" +git_origin: https://git.pizzapim.nl/pim/pizzeria.git diff --git a/roles/radicale/tasks/main.yml b/roles/radicale/tasks/main.yml index a2974ba..48afa89 100644 --- a/roles/radicale/tasks/main.yml +++ b/roles/radicale/tasks/main.yml @@ -1,29 +1,29 @@ - name: Create Radicale app directory file: - path: /srv/radicale + path: "{{ service_dir }}" state: directory - name: Copy docker-compose.yml file - copy: - src: "{{ role_path }}/files/docker-compose.yml" - dest: /srv/radicale/docker-compose.yml + template: + src: "{{ role_path }}/templates/docker-compose.yml.j2" + dest: "{{ service_dir }}/docker-compose.yml" - name: Create Radicale config directory file: - path: /srv/radicale/config + path: "{{ service_dir }}/config" state: directory - name: Copy radicale.conf copy: src: "{{ role_path }}/files/radicale.conf" - dest: /srv/radicale/config/radicale.conf + dest: "{{ service_dir }}/config/radicale.conf" - name: Copy users file copy: src: "{{ role_path }}/files/users" - dest: /srv/radicale/config/users + dest: "{{ service_dir }}/config/users" - name: Create Radicale data directory file: - path: /data/radicale + path: "{{ data_dir }}" state: directory - name: Start Docker Compose docker_compose: - project_src: /srv/radicale + project_src: "{{ service_dir }}" pull: true remove_orphans: true diff --git a/roles/radicale/files/docker-compose.yml b/roles/radicale/templates/docker-compose.yml.j2 similarity index 86% rename from roles/radicale/files/docker-compose.yml rename to roles/radicale/templates/docker-compose.yml.j2 index 556e883..1e9362f 100644 --- a/roles/radicale/files/docker-compose.yml +++ b/roles/radicale/templates/docker-compose.yml.j2 @@ -9,8 +9,8 @@ services: restart: always image: mailu/radicale:1.9 volumes: - - /data/radicale:/data - - /srv/radicale/config:/radicale + - {{ data_dir }}:/data + - {{ service_dir }}/config:/radicale command: radicale -S -C /radicale/radicale.conf networks: - traefik diff --git a/roles/radicale/vars/main.yml b/roles/radicale/vars/main.yml new file mode 100644 index 0000000..5c891bc --- /dev/null +++ b/roles/radicale/vars/main.yml @@ -0,0 +1,3 @@ +service_name: radicale +data_dir: "{{ base_data_dir }}/{{ service_name }}" +service_dir: "{{ base_service_dir }}/{{ service_name }}" diff --git a/roles/syncthing/tasks/main.yml b/roles/syncthing/tasks/main.yml index 4b73ced..614d481 100644 --- a/roles/syncthing/tasks/main.yml +++ b/roles/syncthing/tasks/main.yml @@ -1,34 +1,34 @@ - name: Create Syncthing app directory file: - path: /srv/syncthing + path: "{{ service_dir }}" state: directory - name: Create Syncthing configuration directory file: - path: /srv/syncthing/config + path: "{{ service_dir }}/config" state: directory - name: Copy Syncthing private key copy: src: "{{ role_path }}/files/key.pem" - dest: /srv/syncthing/config/key.pem + dest: "{{ service_dir }}/config/key.pem" - name: Copy Syncthing certificate copy: src: "{{ role_path }}/files/cert.pem" - dest: /srv/syncthing/config/cert.pem + dest: "{{ service_dir }}/config/cert.pem" - name: Copy Syncthing configuration template: src: "{{ role_path }}/templates/config.xml.j2" - dest: /srv/syncthing/config/config.xml + dest: "{{ service_dir }}/config/config.xml" - name: Create Syncthing data directory file: - path: /data/syncthing + path: "{{ data_dir }}" state: directory mode: 0777 - name: Copy Docker Compose script - copy: - src: "{{ role_path }}/files/docker-compose.yml" - dest: /srv/syncthing/docker-compose.yml + template: + src: "{{ role_path }}/templates/docker-compose.yml.j2" + dest: "{{ service_dir }}/docker-compose.yml" - name: Start Docker Compose docker_compose: - project_src: /srv/syncthing + project_src: "{{ service_dir }}" pull: true remove_orphans: true diff --git a/roles/syncthing/files/docker-compose.yml b/roles/syncthing/templates/docker-compose.yml.j2 similarity index 83% rename from roles/syncthing/files/docker-compose.yml rename to roles/syncthing/templates/docker-compose.yml.j2 index 4505a69..512eef6 100644 --- a/roles/syncthing/files/docker-compose.yml +++ b/roles/syncthing/templates/docker-compose.yml.j2 @@ -10,8 +10,8 @@ services: - PGID=1000 - TZ=Europe/Amsterdam volumes: - - /srv/syncthing/config:/config - - /data/syncthing:/data + - {{ service_dir }}/config:/config + - {{ data_dir }}:/data ports: - 8384:8384 - 22000:22000/tcp diff --git a/roles/syncthing/vars/main.yml b/roles/syncthing/vars/main.yml index 7e33fce..4e73ff7 100644 --- a/roles/syncthing/vars/main.yml +++ b/roles/syncthing/vars/main.yml @@ -1,3 +1,7 @@ +service_name: syncthing +data_dir: "{{ base_data_dir }}/{{ service_name }}" +service_dir: "{{ base_service_dir }}/{{ service_name }}" + syncthing: apikey: !vault | $ANSIBLE_VAULT;1.1;AES256 diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml index e87ed92..635c1dd 100644 --- a/roles/traefik/tasks/main.yml +++ b/roles/traefik/tasks/main.yml @@ -1,30 +1,30 @@ - name: Create traefik app directory file: - path: /srv/traefik + path: "{{ service_dir }}" state: directory - name: Create acme file copy: content: "" - dest: /srv/traefik/acme.json + dest: "{{ service_dir }}/acme.json" force: no mode: 0600 - name: Copy Docker Compose script - copy: - src: "{{ role_path }}/files/docker-compose.yml" - dest: /srv/traefik/docker-compose.yml + template: + src: "{{ role_path }}/templates/docker-compose.yml.j2" + dest: "{{ service_dir }}/docker-compose.yml" - name: Copy traefik.toml copy: src: "{{ role_path }}/files/traefik.toml" - dest: /srv/traefik/traefik.toml + dest: "{{ service_dir }}/traefik.toml" - name: Copy services.toml copy: src: "{{ role_path }}/files/services.toml" - dest: /srv/traefik/services.toml + dest: "{{ service_dir }}/services.toml" - name: Create traefik network docker_network: name: "traefik" - name: Start Docker Compose docker_compose: - project_src: /srv/traefik + project_src: "{{ service_dir }}" pull: true remove_orphans: true diff --git a/roles/traefik/files/docker-compose.yml b/roles/traefik/templates/docker-compose.yml.j2 similarity index 82% rename from roles/traefik/files/docker-compose.yml rename to roles/traefik/templates/docker-compose.yml.j2 index ac79916..f913135 100644 --- a/roles/traefik/files/docker-compose.yml +++ b/roles/traefik/templates/docker-compose.yml.j2 @@ -20,9 +20,9 @@ services: - "56287:56287" volumes: - /var/run/docker.sock:/var/run/docker.sock - - /srv/traefik/traefik.toml:/etc/traefik/traefik.toml - - /srv/traefik/services.toml:/etc/traefik/services.toml - - /srv/traefik/acme.json:/acme.json + - {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml + - {{ service_dir }}/services.toml:/etc/traefik/services.toml + - {{ service_dir }}/acme.json:/acme.json networks: - traefik labels: diff --git a/roles/traefik/vars/main.yml b/roles/traefik/vars/main.yml new file mode 100644 index 0000000..2e1116f --- /dev/null +++ b/roles/traefik/vars/main.yml @@ -0,0 +1,2 @@ +service_name: traefik +service_dir: "{{ base_service_dir }}/{{ service_name }}"