home/max
Archived
2
1
Fork 0
Code Issues 9 Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: home:4c4f558579374d067757477b2feb19488af8d1c9
Branches Tags
home:master
home:vm
home:matrix
home:debiantest
...
compare: home:cd17ed372cb1860a00c97decb2d0039d93a22446
Branches Tags
home:master
home:vm
home:matrix
home:debiantest

10 commits
4c4f558579 ... cd17ed372c

Author SHA1 Message Date
Pim Kunis
cd17ed372c parameterize directories 2023-01-07 20:32:42 +01:00
Pim Kunis
5bf6d7acbc move to /srv 2023-01-07 19:08:49 +01:00
Pim Kunis
5331d25c4a fix some DNS bugs 2023-01-07 13:15:47 +01:00
Pim Kunis
117d7d2cf4 run nsd on bare metal 2023-01-07 12:02:04 +01:00
Pim Kunis
9bb44e4978 Merge branch 'master' of github.com:pizzapim/ansible_nucs 2023-01-06 22:50:28 +01:00
Pim Kunis
1382696ba1 change pizzeria remote to forgejo 
add dirty hack to resolve local domains
 2023-01-06 22:49:07 +01:00
pizzaniels
8463e5c4bf aaaa record weer weggehaald voor kms.geokunis2.nl 2023-01-06 20:11:13 +01:00
pizzaniels
6cab50d754 add aaaa record for kms.geokunis2.nl 2023-01-06 20:07:47 +01:00
Pim Kunis
7e10a78623 fix nsd ipv6 2023-01-06 19:51:28 +01:00
pizzaniels
f1c64f4f3e changed nsd config 2023-01-06 18:07:07 +01:00
30 changed files with 147 additions and 155 deletions
Show stats Expand all files Collapse all files

2
README.md
View file

@ -1,8 +1,8 @@
# Ansible scripts for our private Intel NUC servers # Ansible scripts for our private Intel NUC servers
## TODO ## TODO
### nsd ### nsd
- Change IPv6 addresses
- ZSK rollover. - ZSK rollover.
- I always resign the zone, even if nothing has changed. - I always resign the zone, even if nothing has changed.
I could check whether the zone has changed or new keys were generated but that is kind of difficult. I could check whether the zone has changed or new keys were generated but that is kind of difficult.

3
inventory/group_vars/nucs.yml
View file

@ -1 +1,2 @@
# Group variables for nucs group base_data_dir: /data
base_service_dir: /srv

1
roles/common/files/resolv.conf
View file

@ -1,3 +1,4 @@
nameserver 192.168.30.1
nameserver 1.1.1.1 nameserver 1.1.1.1
nameserver 1.0.0.1 nameserver 1.0.0.1
search lan search lan

8
roles/common/tasks/main.yml
View file

@ -5,13 +5,13 @@
state: latest state: latest
update_cache: yes update_cache: yes
cache_valid_time: 86400 # One day cache_valid_time: 86400 # One day
- name: Create /data directory - name: Create base data directory
file: file:
path: /data path: "{{ base_data_dir }}"
state: directory state: directory
- name: Create /apps directory - name: Create base service directory
file: file:
path: /apps path: "{{ base_service_dir }}"
state: directory state: directory
- name: Disable systemd-resolved - name: Disable systemd-resolved
systemd: systemd:

5
roles/docker/tasks/main.yml
View file

@ -29,3 +29,8 @@
name: name:
- docker - docker
- docker-compose - docker-compose
- name: Start Docker
systemd:
name: docker
enabled: true
state: started

18
roles/forgejo/tasks/main.yml
View file

@ -1,31 +1,31 @@
- name: Create app directory - name: Create app directory
file: file:
path: /apps/forgejo path: "{{ service_dir }}"
state: directory state: directory
- name: Copy Docker Compose script - name: Copy Docker Compose script
copy: template:
src: "{{ role_path }}/files/docker-compose.yml" src: "{{ role_path }}/templates/docker-compose.yml.j2"
dest: /apps/forgejo/docker-compose.yml dest: "{{ service_dir }}/docker-compose.yml"
- name: Create data directory - name: Create data directory
file: file:
path: /data/forgejo path: "{{ data_dir }}"
state: directory state: directory
owner: 1000 owner: 1000
group: 1000 group: 1000
- name: Copy conf directory - name: Copy conf directory
file: file:
path: /apps/forgejo/conf path: "{{ service_dir }}/conf"
state: directory state: directory
owner: 1000 owner: 1000
group: 1000 group: 1000
- name: Copy app.ini - name: Copy app.ini
template: template:
src: "{{ role_path }}/templates/app.ini" src: "{{ role_path }}/templates/app.ini"
dest: /apps/forgejo/conf/app.ini dest: "{{ service_dir }}/conf/app.ini"
register: config register: config
- name: Start the Docker Compose - name: Start the Docker Compose
community.docker.docker_compose: docker_compose:
project_src: /apps/forgejo project_src: "{{ service_dir }}"
pull: true pull: true
remove_orphans: true remove_orphans: true
restarted: "{{ config.changed }}" restarted: "{{ config.changed }}"

4
roles/forgejo/files/docker-compose.yml → roles/forgejo/templates/docker-compose.yml.j2
View file

@ -15,8 +15,8 @@ services:
networks: networks:
- traefik - traefik
volumes: volumes:
- /data/forgejo:/data - {{ data_dir }}:/data
- /apps/forgejo/conf:/data/gitea/conf - {{ service_dir }}/conf:/data/gitea/conf
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
labels: labels:

4
roles/forgejo/vars/main.yml
View file

@ -1,3 +1,7 @@
service_name: forgejo
data_dir: "{{ base_data_dir }}/{{ service_name }}"
service_dir: "{{ base_service_dir }}/{{ service_name }}"
forgejo: forgejo:
root_url: "https://git.pizzapim.nl" root_url: "https://git.pizzapim.nl"
mailer_host: "smtp.tweak.nl" mailer_host: "smtp.tweak.nl"

8
roles/kms/tasks/main.yml
View file

@ -1,14 +1,14 @@
- name: Create app directory - name: Create app directory
file: file:
path: /apps/kms path: "{{ service_dir }}"
state: directory state: directory
- name: Copy Docker Compose script - name: Copy Docker Compose script
copy: copy:
src: "{{ role_path }}/files/docker-compose.yml" src: "{{ role_path }}/files/docker-compose.yml"
dest: /apps/kms/docker-compose.yml dest: "{{ service_dir }}/docker-compose.yml"
- name: Start the Docker Compose - name: Start the Docker Compose
community.docker.docker_compose: docker_compose:
project_src: /apps/kms project_src: "{{ service_dir }}"
pull: true pull: true
remove_orphans: true remove_orphans: true

2
roles/kms/vars/main.yml Normal file
View file

@ -0,0 +1,2 @@
service_name: kms
service_dir: "{{ base_service_dir }}/{{ service_name }}"

10
roles/mastodon/tasks/main.yml
View file

@ -1,22 +1,22 @@
- name: Create Mastodon app directory - name: Create Mastodon app directory
file: file:
path: /apps/mastodon path: "{{ service_dir }}"
state: directory state: directory
- name: Copy .env.production - name: Copy .env.production
copy: copy:
src: "{{ role_path }}/files/.env.production" src: "{{ role_path }}/files/.env.production"
dest: /apps/mastodon/.env.production dest: "{{ service_dir }}.env.production"
- name: Copy Docker Compose script - name: Copy Docker Compose script
template: template:
src: "{{ role_path }}/templates/docker-compose.yml.j2" src: "{{ role_path }}/templates/docker-compose.yml.j2"
dest: /apps/mastodon/docker-compose.yml dest: "{{ service_dir }}/docker-compose.yml"
- name: Create Mastodon data directory - name: Create Mastodon data directory
file: file:
path: /data/mastodon path: "{{ data_dir }}"
state: directory state: directory
mode: 0777 mode: 0777
- name: Start Docker Compose - name: Start Docker Compose
docker_compose: docker_compose:
project_src: /apps/mastodon project_src: "{{ service_dir }}"
pull: true pull: true
remove_orphans: true remove_orphans: true

8
roles/mastodon/templates/docker-compose.yml.j2
View file

@ -9,7 +9,7 @@ services:
healthcheck: healthcheck:
test: ['CMD', 'pg_isready', '-U', 'postgres'] test: ['CMD', 'pg_isready', '-U', 'postgres']
volumes: volumes:
- /data/mastodon/postgres14:/var/lib/postgresql/data - {{ data_dir }}/postgres14:/var/lib/postgresql/data
environment: environment:
- 'POSTGRES_HOST_AUTH_METHOD=trust' - 'POSTGRES_HOST_AUTH_METHOD=trust'
- 'POSTGRES_PASSWORD={{ mastodon_postgres_password }}' - 'POSTGRES_PASSWORD={{ mastodon_postgres_password }}'
@ -24,7 +24,7 @@ services:
healthcheck: healthcheck:
test: ['CMD', 'redis-cli', 'ping'] test: ['CMD', 'redis-cli', 'ping']
volumes: volumes:
- /data/mastodon/redis:/data - {{ data_dir }}/redis:/data
environment: environment:
- 'REDIS_PASSWORD={{ mastodon_redis_password }}' - 'REDIS_PASSWORD={{ mastodon_redis_password }}'
@ -46,7 +46,7 @@ services:
- db - db
- redis - redis
volumes: volumes:
- /data/mastodon/public/system:/mastodon/public/system - {{ data_dir }}/public/system:/mastodon/public/system
labels: labels:
- traefik.http.routers.mastodon.entrypoints=websecure - traefik.http.routers.mastodon.entrypoints=websecure
- traefik.http.routers.mastodon.rule=Host(`social.pizzapim.nl`) - traefik.http.routers.mastodon.rule=Host(`social.pizzapim.nl`)
@ -91,7 +91,7 @@ services:
networks: networks:
- default - default
volumes: volumes:
- /data/mastodon/public/system:/mastodon/public/system - {{ data_dir }}/public/system:/mastodon/public/system
healthcheck: healthcheck:
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"] test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]

4
roles/mastodon/vars/main.yml
View file

@ -1,3 +1,7 @@
service_name: mastodon
data_dir: "{{ base_data_dir }}/{{ service_name }}"
service_dir: "{{ base_service_dir }}/{{ service_name }}"
mastodon_postgres_password: !vault | mastodon_postgres_password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
34643131323762373635383736636432643161646130373565333432323337646435656233383131 34643131323762373635383736636432643161646130373565333432323337646435656233383131

18
roles/nsd/files/docker-compose.yml
View file

@ -1,18 +0,0 @@
version: '3.7'
services:
nsd:
container_name: nsd
restart: always
image: ghcr.io/the-kube-way/nsd:v4.6.0
read_only: true
tmpfs:
- /tmp
- /var/db/nsd
volumes:
- /apps/nsd/conf:/etc/nsd:ro
- /apps/nsd/zones:/zones
- /apps/nsd/keys:/keys
ports:
- 53:53
- 53:53/udp

5
roles/nsd/files/nsd.conf
View file

@ -1,8 +1,11 @@
server: server:
ip-address: enp3s0
server-count: 1 server-count: 1
verbosity: 1 verbosity: 1
hide-version: yes hide-version: yes
zonesdir: "/zones" zonesdir: "/etc/nsd/zones"
ip-transparent: yes
ip-freebind: yes
zone: zone:
name: pizzapim.nl name: pizzapim.nl

13
roles/nsd/files/zones/geokunis2.nl
View file

@ -1,19 +1,18 @@
$ORIGIN geokunis2.nl. $ORIGIN geokunis2.nl.
$TTL 60 $TTL 60
geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2022103001 1800 3600 1209600 3600 geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2023010601 1800 3600 1209600 3600
NS ns.geokunis2.nl. NS ns.geokunis2.nl.
NS ns0.transip.net. NS ns0.transip.net.
NS ns1.transip.nl. NS ns1.transip.nl.
NS ns2.transip.eu. NS ns2.transip.eu.
A 82.197.212.198 A 84.245.14.149
AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
MX 0 . MX 0 .
TXT "v=spf1 -all" TXT "v=spf1 -all"
CAA 0 issue "letsencrypt.org" CAA 0 issue "letsencrypt.org"
jenl IN A 217.123.41.225 jenl IN A 217.123.41.225
kms IN A 82.197.212.198 kms IN A 84.245.14.149
ovh IN A 57.128.45.138
_dmarc IN TXT "v=DMARC1; p=reject; fo=0; adkim=s; aspf=s; pct=100; rf=afrf; sp=reject" _dmarc IN TXT "v=DMARC1; p=reject; fo=0; adkim=s; aspf=s; pct=100; rf=afrf; sp=reject"
ns A 82.197.212.198 ns A 84.245.14.149
AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda

26
roles/nsd/files/zones/pizzapim.nl
View file

@ -1,26 +1,24 @@
$ORIGIN pizzapim.nl. $ORIGIN pizzapim.nl.
$TTL 60 $TTL 60
pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2022122900 1800 3600 1209600 3600 pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023010701 1800 3600 1209600 3600
NS ns.pizzapim.nl. NS ns.pizzapim.nl.
NS ns0.transip.net. NS ns0.transip.net.
NS ns1.transip.nl. NS ns1.transip.nl.
NS ns2.transip.eu. NS ns2.transip.eu.
A 82.197.212.198 A 84.245.14.149
AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
TXT "v=spf1 ~all" TXT "v=spf1 ~all"
CAA 0 issue "letsencrypt.org" CAA 0 issue "letsencrypt.org"
www IN CNAME @
ns IN A 82.197.212.198
AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e
_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;" _dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;"
cloud IN A 82.197.212.198
AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e www IN A 84.245.14.149
social IN A 82.197.212.198 AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e ns IN A 84.245.14.149
dav IN A 82.197.212.198 AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e cloud IN CNAME www.pizzapim.nl.
git IN A 82.197.212.198 social IN CNAME www.pizzapim.nl.
AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e dav IN CNAME www.pizzapim.nl.
git IN CNAME www.pizzapim.nl.

3
roles/nsd/meta/main.yml
View file

@ -1,3 +0,0 @@
dependencies:
- role: common
- role: docker

71
roles/nsd/tasks/main.yml
View file

@ -1,86 +1,69 @@
- name: Create nsd app directory - name: Install nsd
file: apt:
path: /apps/nsd pkg:
state: directory - nsd
- name: Create nsd configuration directory - ldnsutils
file:
path: /apps/nsd/conf
state: directory
owner: 991
group: 991
- name: Copy nsd.conf - name: Copy nsd.conf
copy: copy:
src: "{{ role_path }}/files/nsd.conf" src: "{{ role_path }}/files/nsd.conf"
dest: /apps/nsd/conf/nsd.conf dest: /etc/nsd/nsd.conf
- name: Create nsd zones directory - name: Create zones directory
file: file:
path: /apps/nsd/zones path: /etc/nsd/zones
state: directory state: directory
owner: 991
group: 991
- name: Copy zone files - name: Copy zone files
copy: copy:
src: "{{ role_path }}/files/zones/" src: "{{ role_path }}/files/zones/"
dest: /apps/nsd/zones dest: /etc/nsd/zones
- name: Create nsd keys directory - name: Create keys directory
file: file:
path: /apps/nsd/keys path: /etc/nsd/keys
state: directory state: directory
owner: 991
group: 991
- name: Copy KSK private keys - name: Copy KSK private keys
template: template:
src: "{{ item }}" src: "{{ item }}"
dest: "/apps/nsd/keys/{{ item | basename }}" dest: "/etc/nsd/keys/{{ item | basename }}"
with_fileglob: with_fileglob:
- "{{ role_path }}/files/keys/*.ksk.private" - "{{ role_path }}/files/keys/*.ksk.private"
- name: Copy KSK keys - name: Copy KSK keys
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "/apps/nsd/keys/{{ item | basename }}" dest: "/etc/nsd/keys/{{ item | basename }}"
with_fileglob: with_fileglob:
- "{{ role_path }}/files/keys/*.ksk.key" - "{{ role_path }}/files/keys/*.ksk.key"
- name: Copy Docker Compose script
copy:
src: "{{ role_path }}/files/docker-compose.yml"
dest: /apps/nsd/docker-compose.yml
- name: Start Docker Compose
docker_compose:
project_src: /apps/nsd
pull: true
remove_orphans: true
- name: Check if ZSKs exist - name: Check if ZSKs exist
stat: stat:
path: "/apps/nsd/keys/K{{ item | basename }}.zsk.key" path: "/etc/nsd/keys/K{{ item | basename }}.zsk.key"
register: zsks_exists register: zsks_exists
with_fileglob: with_fileglob:
- "{{ role_path }}/files/zones/*" - "{{ role_path }}/files/zones/*"
- name: Create ZSK - name: Create ZSK
command: command:
cmd: "docker-compose exec -w /keys nsd ldns-keygen -a ED25519 {{ item.item | basename }}" cmd: "ldns-keygen -a ED25519 {{ item.item | basename }}"
chdir: /apps/nsd chdir: /etc/nsd/keys
register: create_zsk register: create_zsk
when: not item.stat.exists when: not item.stat.exists
with_items: "{{ zsks_exists.results }}" with_items: "{{ zsks_exists.results }}"
- name: Rename ZSK key - name: Rename ZSK key
command: command:
cmd: "docker-compose exec -w /keys nsd mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key" cmd: "mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key"
chdir: /apps/nsd chdir: /etc/nsd/keys
when: item.changed when: item.changed
with_items: "{{ create_zsk.results }}" with_items: "{{ create_zsk.results }}"
- name: Rename ZSK private key - name: Rename ZSK private key
command: command:
cmd: "docker-compose exec -w /keys nsd mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private" cmd: "mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private"
chdir: /apps/nsd chdir: /etc/nsd/keys
when: item.changed when: item.changed
with_items: "{{ create_zsk.results }}" with_items: "{{ create_zsk.results }}"
- name: Sign zones - name: Sign zones
command: command:
cmd: 'docker-compose exec -w /zones nsd ldns-signzone {{ item | basename }} /keys/K{{ item | basename }}.zsk /keys/K{{ item | basename }}.ksk' cmd: "ldns-signzone {{ item | basename }} /etc/nsd/keys/K{{ item | basename }}.zsk /etc/nsd/keys/K{{ item | basename }}.ksk"
chdir: /apps/nsd chdir: /etc/nsd/zones
with_fileglob: with_fileglob:
- "{{ role_path }}/files/zones/*" - "{{ role_path }}/files/zones/*"
- name: Restart Docker Compose - name: Restart NSD
docker_compose: systemd:
project_src: /apps/nsd name: nsd
restarted: true enabled: true
state: reloaded

8
roles/pizzeria/tasks/main.yml
View file

@ -1,9 +1,9 @@
- name: Clone pizzeria repository - name: Clone pizzeria repository
git: git:
repo: https://github.com/pizzapim/pizzeria repo: "{{ git_origin }}"
dest: /apps/pizzeria dest: "{{ service_dir }}"
- name: Start the Docker Compose - name: Start the Docker Compose
community.docker.docker_compose: docker_compose:
project_src: /apps/pizzeria project_src: "{{ service_dir }}"
pull: true pull: true
remove_orphans: true remove_orphans: true

4
roles/pizzeria/vars/main.yml Normal file
View file

@ -0,0 +1,4 @@
service_name: pizzeria
data_dir: "{{ base_data_dir }}/{{ service_name }}"
service_dir: "{{ base_service_dir }}/{{ service_name }}"
git_origin: https://git.pizzapim.nl/pim/pizzeria.git

18
roles/radicale/tasks/main.yml
View file

@ -1,29 +1,29 @@
- name: Create Radicale app directory - name: Create Radicale app directory
file: file:
path: /apps/radicale path: "{{ service_dir }}"
state: directory state: directory
- name: Copy docker-compose.yml file - name: Copy docker-compose.yml file
copy: template:
src: "{{ role_path }}/files/docker-compose.yml" src: "{{ role_path }}/templates/docker-compose.yml.j2"
dest: /apps/radicale/docker-compose.yml dest: "{{ service_dir }}/docker-compose.yml"
- name: Create Radicale config directory - name: Create Radicale config directory
file: file:
path: /apps/radicale/config path: "{{ service_dir }}/config"
state: directory state: directory
- name: Copy radicale.conf - name: Copy radicale.conf
copy: copy:
src: "{{ role_path }}/files/radicale.conf" src: "{{ role_path }}/files/radicale.conf"
dest: /apps/radicale/config/radicale.conf dest: "{{ service_dir }}/config/radicale.conf"
- name: Copy users file - name: Copy users file
copy: copy:
src: "{{ role_path }}/files/users" src: "{{ role_path }}/files/users"
dest: /apps/radicale/config/users dest: "{{ service_dir }}/config/users"
- name: Create Radicale data directory - name: Create Radicale data directory
file: file:
path: /data/radicale path: "{{ data_dir }}"
state: directory state: directory
- name: Start Docker Compose - name: Start Docker Compose
docker_compose: docker_compose:
project_src: /apps/radicale project_src: "{{ service_dir }}"
pull: true pull: true
remove_orphans: true remove_orphans: true

4
roles/radicale/files/docker-compose.yml → roles/radicale/templates/docker-compose.yml.j2
View file

@ -9,8 +9,8 @@ services:
restart: always restart: always
image: mailu/radicale:1.9 image: mailu/radicale:1.9
volumes: volumes:
- /data/radicale:/data - {{ data_dir }}:/data
- /apps/radicale/config:/radicale - {{ service_dir }}/config:/radicale
command: radicale -S -C /radicale/radicale.conf command: radicale -S -C /radicale/radicale.conf
networks: networks:
- traefik - traefik

3
roles/radicale/vars/main.yml Normal file
View file

@ -0,0 +1,3 @@
service_name: radicale
data_dir: "{{ base_data_dir }}/{{ service_name }}"
service_dir: "{{ base_service_dir }}/{{ service_name }}"

20
roles/syncthing/tasks/main.yml
View file

@ -1,34 +1,34 @@
- name: Create Syncthing app directory - name: Create Syncthing app directory
file: file:
path: /apps/syncthing path: "{{ service_dir }}"
state: directory state: directory
- name: Create Syncthing configuration directory - name: Create Syncthing configuration directory
file: file:
path: /apps/syncthing/config path: "{{ service_dir }}/config"
state: directory state: directory
- name: Copy Syncthing private key - name: Copy Syncthing private key
copy: copy:
src: "{{ role_path }}/files/key.pem" src: "{{ role_path }}/files/key.pem"
dest: /apps/syncthing/config/key.pem dest: "{{ service_dir }}/config/key.pem"
- name: Copy Syncthing certificate - name: Copy Syncthing certificate
copy: copy:
src: "{{ role_path }}/files/cert.pem" src: "{{ role_path }}/files/cert.pem"
dest: /apps/syncthing/config/cert.pem dest: "{{ service_dir }}/config/cert.pem"
- name: Copy Syncthing configuration - name: Copy Syncthing configuration
template: template:
src: "{{ role_path }}/templates/config.xml.j2" src: "{{ role_path }}/templates/config.xml.j2"
dest: /apps/syncthing/config/config.xml dest: "{{ service_dir }}/config/config.xml"
- name: Create Syncthing data directory - name: Create Syncthing data directory
file: file:
path: /data/syncthing path: "{{ data_dir }}"
state: directory state: directory
mode: 0777 mode: 0777
- name: Copy Docker Compose script - name: Copy Docker Compose script
copy: template:
src: "{{ role_path }}/files/docker-compose.yml" src: "{{ role_path }}/templates/docker-compose.yml.j2"
dest: /apps/syncthing/docker-compose.yml dest: "{{ service_dir }}/docker-compose.yml"
- name: Start Docker Compose - name: Start Docker Compose
docker_compose: docker_compose:
project_src: /apps/syncthing project_src: "{{ service_dir }}"
pull: true pull: true
remove_orphans: true remove_orphans: true

4
roles/syncthing/files/docker-compose.yml → roles/syncthing/templates/docker-compose.yml.j2
View file

@ -10,8 +10,8 @@ services:
- PGID=1000 - PGID=1000
- TZ=Europe/Amsterdam - TZ=Europe/Amsterdam
volumes: volumes:
- /apps/syncthing/config:/config - {{ service_dir }}/config:/config
- /data/syncthing:/data - {{ data_dir }}:/data
ports: ports:
- 8384:8384 - 8384:8384
- 22000:22000/tcp - 22000:22000/tcp

4
roles/syncthing/vars/main.yml
View file

@ -1,3 +1,7 @@
service_name: syncthing
data_dir: "{{ base_data_dir }}/{{ service_name }}"
service_dir: "{{ base_service_dir }}/{{ service_name }}"
syncthing: syncthing:
apikey: !vault | apikey: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256

16
roles/traefik/tasks/main.yml
View file

@ -1,30 +1,30 @@
- name: Create traefik app directory - name: Create traefik app directory
file: file:
path: /apps/traefik path: "{{ service_dir }}"
state: directory state: directory
- name: Create acme file - name: Create acme file
copy: copy:
content: "" content: ""
dest: /apps/traefik/acme.json dest: "{{ service_dir }}/acme.json"
force: no force: no
mode: 0600 mode: 0600
- name: Copy Docker Compose script - name: Copy Docker Compose script
copy: template:
src: "{{ role_path }}/files/docker-compose.yml" src: "{{ role_path }}/templates/docker-compose.yml.j2"
dest: /apps/traefik/docker-compose.yml dest: "{{ service_dir }}/docker-compose.yml"
- name: Copy traefik.toml - name: Copy traefik.toml
copy: copy:
src: "{{ role_path }}/files/traefik.toml" src: "{{ role_path }}/files/traefik.toml"
dest: /apps/traefik/traefik.toml dest: "{{ service_dir }}/traefik.toml"
- name: Copy services.toml - name: Copy services.toml
copy: copy:
src: "{{ role_path }}/files/services.toml" src: "{{ role_path }}/files/services.toml"
dest: /apps/traefik/services.toml dest: "{{ service_dir }}/services.toml"
- name: Create traefik network - name: Create traefik network
docker_network: docker_network:
name: "traefik" name: "traefik"
- name: Start Docker Compose - name: Start Docker Compose
docker_compose: docker_compose:
project_src: /apps/traefik project_src: "{{ service_dir }}"
pull: true pull: true
remove_orphans: true remove_orphans: true

6
roles/traefik/files/docker-compose.yml → roles/traefik/templates/docker-compose.yml.j2
View file

@ -20,9 +20,9 @@ services:
- "56287:56287" - "56287:56287"
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- /apps/traefik/traefik.toml:/etc/traefik/traefik.toml - {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml
- /apps/traefik/services.toml:/etc/traefik/services.toml - {{ service_dir }}/services.toml:/etc/traefik/services.toml
- /apps/traefik/acme.json:/acme.json - {{ service_dir }}/acme.json:/acme.json
networks: networks:
- traefik - traefik
labels: labels:

2
roles/traefik/vars/main.yml Normal file
View file

@ -0,0 +1,2 @@
service_name: traefik
service_dir: "{{ base_service_dir }}/{{ service_name }}"