From f1c64f4f3e906ce7819d65e883eebc51e0e18c26 Mon Sep 17 00:00:00 2001
From: pizzaniels <niels@kunis.nl>
Date: Fri, 6 Jan 2023 18:07:07 +0100
Subject: [PATCH 1/9] changed nsd config
---
roles/nsd/files/zones/geokunis2.nl | 7 +++----
roles/nsd/files/zones/pizzapim.nl | 26 ++++++++++++--------------
2 files changed, 15 insertions(+), 18 deletions(-)
diff --git a/roles/nsd/files/zones/geokunis2.nl b/roles/nsd/files/zones/geokunis2.nl
index 4447d27..64aff98 100644
--- a/roles/nsd/files/zones/geokunis2.nl
+++ b/roles/nsd/files/zones/geokunis2.nl
@@ -1,19 +1,18 @@
$ORIGIN geokunis2.nl.
$TTL 60
-geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2022103001 1800 3600 1209600 3600
+geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2023010600 1800 3600 1209600 3600
NS ns.geokunis2.nl.
NS ns0.transip.net.
NS ns1.transip.nl.
NS ns2.transip.eu.
A 82.197.212.198
- AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e
+ AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
MX 0 .
TXT "v=spf1 -all"
CAA 0 issue "letsencrypt.org"
jenl IN A 217.123.41.225
kms IN A 82.197.212.198
-ovh IN A 57.128.45.138
_dmarc IN TXT "v=DMARC1; p=reject; fo=0; adkim=s; aspf=s; pct=100; rf=afrf; sp=reject"
ns A 82.197.212.198
- AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e
+ AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
diff --git a/roles/nsd/files/zones/pizzapim.nl b/roles/nsd/files/zones/pizzapim.nl
index 67fa9ce..dfb220e 100644
--- a/roles/nsd/files/zones/pizzapim.nl
+++ b/roles/nsd/files/zones/pizzapim.nl
@@ -1,26 +1,24 @@
$ORIGIN pizzapim.nl.
$TTL 60
-pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2022122900 1800 3600 1209600 3600
+pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023010600 1800 3600 1209600 3600
NS ns.pizzapim.nl.
NS ns0.transip.net.
NS ns1.transip.nl.
NS ns2.transip.eu.
A 82.197.212.198
- AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e
+ AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
TXT "v=spf1 ~all"
CAA 0 issue "letsencrypt.org"
-www IN CNAME @
-ns IN A 82.197.212.198
- AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e
-_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;"
-cloud IN A 82.197.212.198
- AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e
-social IN A 82.197.212.198
- AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e
-dav IN A 82.197.212.198
- AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e
-git IN A 82.197.212.198
- AAAA 2a02:58:19a:f730:da5e:d3ff:fe47:336e
+_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;"
+
+www IN A 82.197.212.198
+ AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
+ns IN A 82.197.212.198
+ AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
+cloud IN CNAME www.pizzapim.nl
+social IN CNAME www.pizzapim.nl
+dav IN CNAME www.pizzapim.nl
+git IN CNAME www.pizzapim.nl
From 7e10a78623158f9a6304f0105dcc326ead6ef2a7 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Fri, 6 Jan 2023 19:51:28 +0100
Subject: [PATCH 2/9] fix nsd ipv6
---
README.md | 1 -
roles/docker/files/daemon.json | 3 +++
roles/docker/tasks/main.yml | 10 ++++++++++
roles/nsd/files/nsd.conf | 3 +++
4 files changed, 16 insertions(+), 1 deletion(-)
create mode 100644 roles/docker/files/daemon.json
diff --git a/README.md b/README.md
index d0373eb..d78af6b 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,6 @@
## TODO
### nsd
-- Change IPv6 addresses
- ZSK rollover.
- I always resign the zone, even if nothing has changed.
I could check whether the zone has changed or new keys were generated but that is kind of difficult.
diff --git a/roles/docker/files/daemon.json b/roles/docker/files/daemon.json
new file mode 100644
index 0000000..8cef55b
--- /dev/null
+++ b/roles/docker/files/daemon.json
@@ -0,0 +1,3 @@
+{
+ "ipv6": true
+}
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index dfef31a..6d8d1ce 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -29,3 +29,13 @@
name:
- docker
- docker-compose
+- name: Enable IPv6
+ copy:
+ src: "{{ role_path }}/files/daemon.json"
+ dest: /etc/docker/daemon.json
+ register: daemon_file
+- name: Start Docker
+ systemd:
+ name: docker
+ enabled: true
+ state: "{{ 'reloaded' if daemon_file.changed else 'started' }}"
diff --git a/roles/nsd/files/nsd.conf b/roles/nsd/files/nsd.conf
index 151373c..20245a0 100644
--- a/roles/nsd/files/nsd.conf
+++ b/roles/nsd/files/nsd.conf
@@ -1,8 +1,11 @@
server:
+ ip-address: eth0 # TEMP until response from mailing list
server-count: 1
verbosity: 1
hide-version: yes
zonesdir: "/zones"
+ ip-transparent: yes
+ ip-freebind: yes
zone:
name: pizzapim.nl
From 6cab50d7542b2df8a53adbfaffaa455bca4ffa1a Mon Sep 17 00:00:00 2001
From: pizzaniels <niels@kunis.nl>
Date: Fri, 6 Jan 2023 20:07:47 +0100
Subject: [PATCH 3/9] add aaaa record for kms.geokunis2.nl
---
roles/nsd/files/zones/geokunis2.nl | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/roles/nsd/files/zones/geokunis2.nl b/roles/nsd/files/zones/geokunis2.nl
index 64aff98..096d80a 100644
--- a/roles/nsd/files/zones/geokunis2.nl
+++ b/roles/nsd/files/zones/geokunis2.nl
@@ -12,7 +12,8 @@ geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2023010600 1800 3600 12096
TXT "v=spf1 -all"
CAA 0 issue "letsencrypt.org"
jenl IN A 217.123.41.225
-kms IN A 82.197.212.198
+kms IN A 82.197.212.198
+kms IN AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
_dmarc IN TXT "v=DMARC1; p=reject; fo=0; adkim=s; aspf=s; pct=100; rf=afrf; sp=reject"
ns A 82.197.212.198
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
From 8463e5c4bf3951e6cc1c4dc35d2e33a8546def99 Mon Sep 17 00:00:00 2001
From: pizzaniels <niels@kunis.nl>
Date: Fri, 6 Jan 2023 20:11:13 +0100
Subject: [PATCH 4/9] aaaa record weer weggehaald voor kms.geokunis2.nl
---
roles/nsd/files/zones/geokunis2.nl | 1 -
1 file changed, 1 deletion(-)
diff --git a/roles/nsd/files/zones/geokunis2.nl b/roles/nsd/files/zones/geokunis2.nl
index 096d80a..3503a8d 100644
--- a/roles/nsd/files/zones/geokunis2.nl
+++ b/roles/nsd/files/zones/geokunis2.nl
@@ -13,7 +13,6 @@ geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2023010600 1800 3600 12096
CAA 0 issue "letsencrypt.org"
jenl IN A 217.123.41.225
kms IN A 82.197.212.198
-kms IN AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
_dmarc IN TXT "v=DMARC1; p=reject; fo=0; adkim=s; aspf=s; pct=100; rf=afrf; sp=reject"
ns A 82.197.212.198
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
From 1382696ba18a6a257f53c2f4f149535dca01fa48 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Fri, 6 Jan 2023 22:49:07 +0100
Subject: [PATCH 5/9] change pizzeria remote to forgejo add dirty hack to
resolve local domains
---
README.md | 3 +++
roles/common/files/hosts | 14 ++++++++++++++
roles/common/tasks/main.yml | 4 ++++
roles/pizzeria/tasks/main.yml | 2 +-
roles/pizzeria/vars/main.yml | 2 ++
5 files changed, 24 insertions(+), 1 deletion(-)
create mode 100644 roles/common/files/hosts
create mode 100644 roles/pizzeria/vars/main.yml
diff --git a/README.md b/README.md
index d78af6b..e881697 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,8 @@
# Ansible scripts for our private Intel NUC servers
## TODO
+
+- Move to /srv directory?
+
### nsd
- ZSK rollover.
diff --git a/roles/common/files/hosts b/roles/common/files/hosts
new file mode 100644
index 0000000..00dc10d
--- /dev/null
+++ b/roles/common/files/hosts
@@ -0,0 +1,14 @@
+127.0.0.1 localhost
+127.0.1.1 ubuntu
+127.0.0.1 pizzapim.nl
+127.0.0.1 git.pizzapim.nl
+127.0.0.1 dav.pizzapim.nl
+127.0.0.1 social.pizzapim.nl
+127.0.0.1 www.pizzapim.nl
+
+# The following lines are desirable for IPv6 capable hosts
+::1 ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 7e13c12..44966f8 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -23,3 +23,7 @@
src: "{{ role_path }}/files/resolv.conf"
dest: /etc/resolv.conf
follow: true
+- name: Copy hosts file
+ copy:
+ src: "{{ role_path }}/files/hosts"
+ dest: /etc/hosts
diff --git a/roles/pizzeria/tasks/main.yml b/roles/pizzeria/tasks/main.yml
index da03235..9fc3011 100644
--- a/roles/pizzeria/tasks/main.yml
+++ b/roles/pizzeria/tasks/main.yml
@@ -1,6 +1,6 @@
- name: Clone pizzeria repository
git:
- repo: https://github.com/pizzapim/pizzeria
+ repo: "{{ pizzeria.git_origin }}"
dest: /apps/pizzeria
- name: Start the Docker Compose
community.docker.docker_compose:
diff --git a/roles/pizzeria/vars/main.yml b/roles/pizzeria/vars/main.yml
new file mode 100644
index 0000000..21308b6
--- /dev/null
+++ b/roles/pizzeria/vars/main.yml
@@ -0,0 +1,2 @@
+pizzeria:
+ git_origin: https://git.pizzapim.nl/pim/pizzeria.git
From 117d7d2cf4419904141cfa1cfd030da781e01980 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Sat, 7 Jan 2023 12:02:04 +0100
Subject: [PATCH 6/9] run nsd on bare metal
---
roles/common/files/hosts | 14 ------
roles/common/files/resolv.conf | 1 +
roles/common/tasks/main.yml | 4 --
roles/docker/files/daemon.json | 3 --
roles/docker/tasks/main.yml | 5 ---
roles/nsd/files/docker-compose.yml | 18 --------
roles/nsd/files/nsd.conf | 4 +-
roles/nsd/files/zones/geokunis2.nl | 8 ++--
roles/nsd/files/zones/pizzapim.nl | 10 ++---
roles/nsd/meta/main.yml | 3 --
roles/nsd/tasks/main.yml | 71 ++++++++++++------------------
11 files changed, 39 insertions(+), 102 deletions(-)
delete mode 100644 roles/common/files/hosts
delete mode 100644 roles/docker/files/daemon.json
delete mode 100644 roles/nsd/files/docker-compose.yml
delete mode 100644 roles/nsd/meta/main.yml
diff --git a/roles/common/files/hosts b/roles/common/files/hosts
deleted file mode 100644
index 00dc10d..0000000
--- a/roles/common/files/hosts
+++ /dev/null
@@ -1,14 +0,0 @@
-127.0.0.1 localhost
-127.0.1.1 ubuntu
-127.0.0.1 pizzapim.nl
-127.0.0.1 git.pizzapim.nl
-127.0.0.1 dav.pizzapim.nl
-127.0.0.1 social.pizzapim.nl
-127.0.0.1 www.pizzapim.nl
-
-# The following lines are desirable for IPv6 capable hosts
-::1 ip6-localhost ip6-loopback
-fe00::0 ip6-localnet
-ff00::0 ip6-mcastprefix
-ff02::1 ip6-allnodes
-ff02::2 ip6-allrouters
diff --git a/roles/common/files/resolv.conf b/roles/common/files/resolv.conf
index 8a9bf12..863bc57 100644
--- a/roles/common/files/resolv.conf
+++ b/roles/common/files/resolv.conf
@@ -1,3 +1,4 @@
+nameserver 192.168.30.1
nameserver 1.1.1.1
nameserver 1.0.0.1
search lan
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 44966f8..7e13c12 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -23,7 +23,3 @@
src: "{{ role_path }}/files/resolv.conf"
dest: /etc/resolv.conf
follow: true
-- name: Copy hosts file
- copy:
- src: "{{ role_path }}/files/hosts"
- dest: /etc/hosts
diff --git a/roles/docker/files/daemon.json b/roles/docker/files/daemon.json
deleted file mode 100644
index 8cef55b..0000000
--- a/roles/docker/files/daemon.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- "ipv6": true
-}
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 6d8d1ce..1077edb 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -29,11 +29,6 @@
name:
- docker
- docker-compose
-- name: Enable IPv6
- copy:
- src: "{{ role_path }}/files/daemon.json"
- dest: /etc/docker/daemon.json
- register: daemon_file
- name: Start Docker
systemd:
name: docker
diff --git a/roles/nsd/files/docker-compose.yml b/roles/nsd/files/docker-compose.yml
deleted file mode 100644
index 42d56dd..0000000
--- a/roles/nsd/files/docker-compose.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-version: '3.7'
-
-services:
- nsd:
- container_name: nsd
- restart: always
- image: ghcr.io/the-kube-way/nsd:v4.6.0
- read_only: true
- tmpfs:
- - /tmp
- - /var/db/nsd
- volumes:
- - /apps/nsd/conf:/etc/nsd:ro
- - /apps/nsd/zones:/zones
- - /apps/nsd/keys:/keys
- ports:
- - 53:53
- - 53:53/udp
diff --git a/roles/nsd/files/nsd.conf b/roles/nsd/files/nsd.conf
index 20245a0..f3460bf 100644
--- a/roles/nsd/files/nsd.conf
+++ b/roles/nsd/files/nsd.conf
@@ -1,9 +1,9 @@
server:
- ip-address: eth0 # TEMP until response from mailing list
+ ip-address: enp3s0
server-count: 1
verbosity: 1
hide-version: yes
- zonesdir: "/zones"
+ zonesdir: "/etc/nsd/zones"
ip-transparent: yes
ip-freebind: yes
diff --git a/roles/nsd/files/zones/geokunis2.nl b/roles/nsd/files/zones/geokunis2.nl
index 3503a8d..1a5d776 100644
--- a/roles/nsd/files/zones/geokunis2.nl
+++ b/roles/nsd/files/zones/geokunis2.nl
@@ -1,18 +1,18 @@
$ORIGIN geokunis2.nl.
$TTL 60
-geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2023010600 1800 3600 1209600 3600
+geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2023010601 1800 3600 1209600 3600
NS ns.geokunis2.nl.
NS ns0.transip.net.
NS ns1.transip.nl.
NS ns2.transip.eu.
- A 82.197.212.198
+ A 84.245.14.149
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
MX 0 .
TXT "v=spf1 -all"
CAA 0 issue "letsencrypt.org"
jenl IN A 217.123.41.225
-kms IN A 82.197.212.198
+kms IN A 84.245.14.149
_dmarc IN TXT "v=DMARC1; p=reject; fo=0; adkim=s; aspf=s; pct=100; rf=afrf; sp=reject"
-ns A 82.197.212.198
+ns A 84.245.14.149
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
diff --git a/roles/nsd/files/zones/pizzapim.nl b/roles/nsd/files/zones/pizzapim.nl
index dfb220e..19b8c82 100644
--- a/roles/nsd/files/zones/pizzapim.nl
+++ b/roles/nsd/files/zones/pizzapim.nl
@@ -1,22 +1,22 @@
$ORIGIN pizzapim.nl.
$TTL 60
-pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023010600 1800 3600 1209600 3600
+pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023010700 1800 3600 1209600 3600
NS ns.pizzapim.nl.
NS ns0.transip.net.
NS ns1.transip.nl.
NS ns2.transip.eu.
- A 82.197.212.198
+ A 84.245.14.149
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
TXT "v=spf1 ~all"
CAA 0 issue "letsencrypt.org"
-_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;"
+_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;"
-www IN A 82.197.212.198
+www IN A 84.245.14.149
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
-ns IN A 82.197.212.198
+ns IN A 84.245.14.149
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
cloud IN CNAME www.pizzapim.nl
social IN CNAME www.pizzapim.nl
diff --git a/roles/nsd/meta/main.yml b/roles/nsd/meta/main.yml
deleted file mode 100644
index 090690b..0000000
--- a/roles/nsd/meta/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-dependencies:
- - role: common
- - role: docker
diff --git a/roles/nsd/tasks/main.yml b/roles/nsd/tasks/main.yml
index 32d67c2..2636079 100644
--- a/roles/nsd/tasks/main.yml
+++ b/roles/nsd/tasks/main.yml
@@ -1,86 +1,69 @@
-- name: Create nsd app directory
- file:
- path: /apps/nsd
- state: directory
-- name: Create nsd configuration directory
- file:
- path: /apps/nsd/conf
- state: directory
- owner: 991
- group: 991
+- name: Install nsd
+ apt:
+ pkg:
+ - nsd
+ - ldnsutils
- name: Copy nsd.conf
copy:
src: "{{ role_path }}/files/nsd.conf"
- dest: /apps/nsd/conf/nsd.conf
-- name: Create nsd zones directory
+ dest: /etc/nsd/nsd.conf
+- name: Create zones directory
file:
- path: /apps/nsd/zones
+ path: /etc/nsd/zones
state: directory
- owner: 991
- group: 991
- name: Copy zone files
copy:
src: "{{ role_path }}/files/zones/"
- dest: /apps/nsd/zones
-- name: Create nsd keys directory
+ dest: /etc/nsd/zones
+- name: Create keys directory
file:
- path: /apps/nsd/keys
+ path: /etc/nsd/keys
state: directory
- owner: 991
- group: 991
- name: Copy KSK private keys
template:
src: "{{ item }}"
- dest: "/apps/nsd/keys/{{ item | basename }}"
+ dest: "/etc/nsd/keys/{{ item | basename }}"
with_fileglob:
- "{{ role_path }}/files/keys/*.ksk.private"
- name: Copy KSK keys
copy:
src: "{{ item }}"
- dest: "/apps/nsd/keys/{{ item | basename }}"
+ dest: "/etc/nsd/keys/{{ item | basename }}"
with_fileglob:
- "{{ role_path }}/files/keys/*.ksk.key"
-- name: Copy Docker Compose script
- copy:
- src: "{{ role_path }}/files/docker-compose.yml"
- dest: /apps/nsd/docker-compose.yml
-- name: Start Docker Compose
- docker_compose:
- project_src: /apps/nsd
- pull: true
- remove_orphans: true
- name: Check if ZSKs exist
stat:
- path: "/apps/nsd/keys/K{{ item | basename }}.zsk.key"
+ path: "/etc/nsd/keys/K{{ item | basename }}.zsk.key"
register: zsks_exists
with_fileglob:
- "{{ role_path }}/files/zones/*"
- name: Create ZSK
command:
- cmd: "docker-compose exec -w /keys nsd ldns-keygen -a ED25519 {{ item.item | basename }}"
- chdir: /apps/nsd
+ cmd: "ldns-keygen -a ED25519 {{ item.item | basename }}"
+ chdir: /etc/nsd/keys
register: create_zsk
when: not item.stat.exists
with_items: "{{ zsks_exists.results }}"
- name: Rename ZSK key
command:
- cmd: "docker-compose exec -w /keys nsd mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key"
- chdir: /apps/nsd
+ cmd: "mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key"
+ chdir: /etc/nsd/keys
when: item.changed
with_items: "{{ create_zsk.results }}"
- name: Rename ZSK private key
command:
- cmd: "docker-compose exec -w /keys nsd mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private"
- chdir: /apps/nsd
+ cmd: "mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private"
+ chdir: /etc/nsd/keys
when: item.changed
with_items: "{{ create_zsk.results }}"
- name: Sign zones
command:
- cmd: 'docker-compose exec -w /zones nsd ldns-signzone {{ item | basename }} /keys/K{{ item | basename }}.zsk /keys/K{{ item | basename }}.ksk'
- chdir: /apps/nsd
+ cmd: "ldns-signzone {{ item | basename }} /etc/nsd/keys/K{{ item | basename }}.zsk /etc/nsd/keys/K{{ item | basename }}.ksk"
+ chdir: /etc/nsd/zones
with_fileglob:
- "{{ role_path }}/files/zones/*"
-- name: Restart Docker Compose
- docker_compose:
- project_src: /apps/nsd
- restarted: true
+- name: Restart NSD
+ systemd:
+ name: nsd
+ enabled: true
+ state: reloaded
From 5331d25c4a90e362e9730ec8f2e411722d5dbf78 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Sat, 7 Jan 2023 13:15:47 +0100
Subject: [PATCH 7/9] fix some DNS bugs
---
roles/docker/tasks/main.yml | 2 +-
roles/nsd/files/zones/pizzapim.nl | 10 +++++-----
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 1077edb..2506fde 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -33,4 +33,4 @@
systemd:
name: docker
enabled: true
- state: "{{ 'reloaded' if daemon_file.changed else 'started' }}"
+ state: started
diff --git a/roles/nsd/files/zones/pizzapim.nl b/roles/nsd/files/zones/pizzapim.nl
index 19b8c82..9c8e1e5 100644
--- a/roles/nsd/files/zones/pizzapim.nl
+++ b/roles/nsd/files/zones/pizzapim.nl
@@ -1,7 +1,7 @@
$ORIGIN pizzapim.nl.
$TTL 60
-pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023010700 1800 3600 1209600 3600
+pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023010701 1800 3600 1209600 3600
NS ns.pizzapim.nl.
NS ns0.transip.net.
@@ -18,7 +18,7 @@ www IN A 84.245.14.149
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
ns IN A 84.245.14.149
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
-cloud IN CNAME www.pizzapim.nl
-social IN CNAME www.pizzapim.nl
-dav IN CNAME www.pizzapim.nl
-git IN CNAME www.pizzapim.nl
+cloud IN CNAME www.pizzapim.nl.
+social IN CNAME www.pizzapim.nl.
+dav IN CNAME www.pizzapim.nl.
+git IN CNAME www.pizzapim.nl.
From 5bf6d7acbcc009c5e1e3de38bf9eb0095caa65a1 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Sat, 7 Jan 2023 19:08:49 +0100
Subject: [PATCH 8/9] move to /srv
---
README.md | 2 --
roles/common/tasks/main.yml | 4 ++--
roles/forgejo/files/docker-compose.yml | 2 +-
roles/forgejo/tasks/main.yml | 12 ++++++------
roles/kms/tasks/main.yml | 8 ++++----
roles/mastodon/tasks/main.yml | 8 ++++----
roles/pizzeria/tasks/main.yml | 6 +++---
roles/radicale/files/docker-compose.yml | 2 +-
roles/radicale/tasks/main.yml | 12 ++++++------
roles/syncthing/files/docker-compose.yml | 2 +-
roles/syncthing/tasks/main.yml | 14 +++++++-------
roles/traefik/files/docker-compose.yml | 6 +++---
roles/traefik/tasks/main.yml | 12 ++++++------
13 files changed, 44 insertions(+), 46 deletions(-)
diff --git a/README.md b/README.md
index e881697..7b44435 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,6 @@
# Ansible scripts for our private Intel NUC servers
## TODO
-- Move to /srv directory?
-
### nsd
- ZSK rollover.
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 7e13c12..fa79f23 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -9,9 +9,9 @@
file:
path: /data
state: directory
-- name: Create /apps directory
+- name: Create /srv directory
file:
- path: /apps
+ path: /srv
state: directory
- name: Disable systemd-resolved
systemd:
diff --git a/roles/forgejo/files/docker-compose.yml b/roles/forgejo/files/docker-compose.yml
index b9a7542..98be775 100644
--- a/roles/forgejo/files/docker-compose.yml
+++ b/roles/forgejo/files/docker-compose.yml
@@ -16,7 +16,7 @@ services:
- traefik
volumes:
- /data/forgejo:/data
- - /apps/forgejo/conf:/data/gitea/conf
+ - /srv/forgejo/conf:/data/gitea/conf
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
labels:
diff --git a/roles/forgejo/tasks/main.yml b/roles/forgejo/tasks/main.yml
index d46f75d..2422a53 100644
--- a/roles/forgejo/tasks/main.yml
+++ b/roles/forgejo/tasks/main.yml
@@ -1,11 +1,11 @@
- name: Create app directory
file:
- path: /apps/forgejo
+ path: /srv/forgejo
state: directory
- name: Copy Docker Compose script
copy:
src: "{{ role_path }}/files/docker-compose.yml"
- dest: /apps/forgejo/docker-compose.yml
+ dest: /srv/forgejo/docker-compose.yml
- name: Create data directory
file:
path: /data/forgejo
@@ -14,18 +14,18 @@
group: 1000
- name: Copy conf directory
file:
- path: /apps/forgejo/conf
+ path: /srv/forgejo/conf
state: directory
owner: 1000
group: 1000
- name: Copy app.ini
template:
src: "{{ role_path }}/templates/app.ini"
- dest: /apps/forgejo/conf/app.ini
+ dest: /srv/forgejo/conf/app.ini
register: config
- name: Start the Docker Compose
- community.docker.docker_compose:
- project_src: /apps/forgejo
+ docker_compose:
+ project_src: /srv/forgejo
pull: true
remove_orphans: true
restarted: "{{ config.changed }}"
diff --git a/roles/kms/tasks/main.yml b/roles/kms/tasks/main.yml
index 57a0ce4..536bad6 100644
--- a/roles/kms/tasks/main.yml
+++ b/roles/kms/tasks/main.yml
@@ -1,14 +1,14 @@
- name: Create app directory
file:
- path: /apps/kms
+ path: /srv/kms
state: directory
- name: Copy Docker Compose script
copy:
src: "{{ role_path }}/files/docker-compose.yml"
- dest: /apps/kms/docker-compose.yml
+ dest: /srv/kms/docker-compose.yml
- name: Start the Docker Compose
- community.docker.docker_compose:
- project_src: /apps/kms
+ docker_compose:
+ project_src: /srv/kms
pull: true
remove_orphans: true
diff --git a/roles/mastodon/tasks/main.yml b/roles/mastodon/tasks/main.yml
index 6c90df0..4a4cccb 100644
--- a/roles/mastodon/tasks/main.yml
+++ b/roles/mastodon/tasks/main.yml
@@ -1,15 +1,15 @@
- name: Create Mastodon app directory
file:
- path: /apps/mastodon
+ path: /srv/mastodon
state: directory
- name: Copy .env.production
copy:
src: "{{ role_path }}/files/.env.production"
- dest: /apps/mastodon/.env.production
+ dest: /srv/mastodon/.env.production
- name: Copy Docker Compose script
template:
src: "{{ role_path }}/templates/docker-compose.yml.j2"
- dest: /apps/mastodon/docker-compose.yml
+ dest: /srv/mastodon/docker-compose.yml
- name: Create Mastodon data directory
file:
path: /data/mastodon
@@ -17,6 +17,6 @@
mode: 0777
- name: Start Docker Compose
docker_compose:
- project_src: /apps/mastodon
+ project_src: /srv/mastodon
pull: true
remove_orphans: true
diff --git a/roles/pizzeria/tasks/main.yml b/roles/pizzeria/tasks/main.yml
index 9fc3011..5f27e49 100644
--- a/roles/pizzeria/tasks/main.yml
+++ b/roles/pizzeria/tasks/main.yml
@@ -1,9 +1,9 @@
- name: Clone pizzeria repository
git:
repo: "{{ pizzeria.git_origin }}"
- dest: /apps/pizzeria
+ dest: /srv/pizzeria
- name: Start the Docker Compose
- community.docker.docker_compose:
- project_src: /apps/pizzeria
+ docker_compose:
+ project_src: /srv/pizzeria
pull: true
remove_orphans: true
diff --git a/roles/radicale/files/docker-compose.yml b/roles/radicale/files/docker-compose.yml
index fe20407..556e883 100644
--- a/roles/radicale/files/docker-compose.yml
+++ b/roles/radicale/files/docker-compose.yml
@@ -10,7 +10,7 @@ services:
image: mailu/radicale:1.9
volumes:
- /data/radicale:/data
- - /apps/radicale/config:/radicale
+ - /srv/radicale/config:/radicale
command: radicale -S -C /radicale/radicale.conf
networks:
- traefik
diff --git a/roles/radicale/tasks/main.yml b/roles/radicale/tasks/main.yml
index a66223b..a2974ba 100644
--- a/roles/radicale/tasks/main.yml
+++ b/roles/radicale/tasks/main.yml
@@ -1,29 +1,29 @@
- name: Create Radicale app directory
file:
- path: /apps/radicale
+ path: /srv/radicale
state: directory
- name: Copy docker-compose.yml file
copy:
src: "{{ role_path }}/files/docker-compose.yml"
- dest: /apps/radicale/docker-compose.yml
+ dest: /srv/radicale/docker-compose.yml
- name: Create Radicale config directory
file:
- path: /apps/radicale/config
+ path: /srv/radicale/config
state: directory
- name: Copy radicale.conf
copy:
src: "{{ role_path }}/files/radicale.conf"
- dest: /apps/radicale/config/radicale.conf
+ dest: /srv/radicale/config/radicale.conf
- name: Copy users file
copy:
src: "{{ role_path }}/files/users"
- dest: /apps/radicale/config/users
+ dest: /srv/radicale/config/users
- name: Create Radicale data directory
file:
path: /data/radicale
state: directory
- name: Start Docker Compose
docker_compose:
- project_src: /apps/radicale
+ project_src: /srv/radicale
pull: true
remove_orphans: true
diff --git a/roles/syncthing/files/docker-compose.yml b/roles/syncthing/files/docker-compose.yml
index 7f4e6d8..4505a69 100644
--- a/roles/syncthing/files/docker-compose.yml
+++ b/roles/syncthing/files/docker-compose.yml
@@ -10,7 +10,7 @@ services:
- PGID=1000
- TZ=Europe/Amsterdam
volumes:
- - /apps/syncthing/config:/config
+ - /srv/syncthing/config:/config
- /data/syncthing:/data
ports:
- 8384:8384
diff --git a/roles/syncthing/tasks/main.yml b/roles/syncthing/tasks/main.yml
index 8b197fe..4b73ced 100644
--- a/roles/syncthing/tasks/main.yml
+++ b/roles/syncthing/tasks/main.yml
@@ -1,23 +1,23 @@
- name: Create Syncthing app directory
file:
- path: /apps/syncthing
+ path: /srv/syncthing
state: directory
- name: Create Syncthing configuration directory
file:
- path: /apps/syncthing/config
+ path: /srv/syncthing/config
state: directory
- name: Copy Syncthing private key
copy:
src: "{{ role_path }}/files/key.pem"
- dest: /apps/syncthing/config/key.pem
+ dest: /srv/syncthing/config/key.pem
- name: Copy Syncthing certificate
copy:
src: "{{ role_path }}/files/cert.pem"
- dest: /apps/syncthing/config/cert.pem
+ dest: /srv/syncthing/config/cert.pem
- name: Copy Syncthing configuration
template:
src: "{{ role_path }}/templates/config.xml.j2"
- dest: /apps/syncthing/config/config.xml
+ dest: /srv/syncthing/config/config.xml
- name: Create Syncthing data directory
file:
path: /data/syncthing
@@ -26,9 +26,9 @@
- name: Copy Docker Compose script
copy:
src: "{{ role_path }}/files/docker-compose.yml"
- dest: /apps/syncthing/docker-compose.yml
+ dest: /srv/syncthing/docker-compose.yml
- name: Start Docker Compose
docker_compose:
- project_src: /apps/syncthing
+ project_src: /srv/syncthing
pull: true
remove_orphans: true
diff --git a/roles/traefik/files/docker-compose.yml b/roles/traefik/files/docker-compose.yml
index 70570d1..ac79916 100644
--- a/roles/traefik/files/docker-compose.yml
+++ b/roles/traefik/files/docker-compose.yml
@@ -20,9 +20,9 @@ services:
- "56287:56287"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- - /apps/traefik/traefik.toml:/etc/traefik/traefik.toml
- - /apps/traefik/services.toml:/etc/traefik/services.toml
- - /apps/traefik/acme.json:/acme.json
+ - /srv/traefik/traefik.toml:/etc/traefik/traefik.toml
+ - /srv/traefik/services.toml:/etc/traefik/services.toml
+ - /srv/traefik/acme.json:/acme.json
networks:
- traefik
labels:
diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml
index cedf64c..e87ed92 100644
--- a/roles/traefik/tasks/main.yml
+++ b/roles/traefik/tasks/main.yml
@@ -1,30 +1,30 @@
- name: Create traefik app directory
file:
- path: /apps/traefik
+ path: /srv/traefik
state: directory
- name: Create acme file
copy:
content: ""
- dest: /apps/traefik/acme.json
+ dest: /srv/traefik/acme.json
force: no
mode: 0600
- name: Copy Docker Compose script
copy:
src: "{{ role_path }}/files/docker-compose.yml"
- dest: /apps/traefik/docker-compose.yml
+ dest: /srv/traefik/docker-compose.yml
- name: Copy traefik.toml
copy:
src: "{{ role_path }}/files/traefik.toml"
- dest: /apps/traefik/traefik.toml
+ dest: /srv/traefik/traefik.toml
- name: Copy services.toml
copy:
src: "{{ role_path }}/files/services.toml"
- dest: /apps/traefik/services.toml
+ dest: /srv/traefik/services.toml
- name: Create traefik network
docker_network:
name: "traefik"
- name: Start Docker Compose
docker_compose:
- project_src: /apps/traefik
+ project_src: /srv/traefik
pull: true
remove_orphans: true
From cd17ed372cb1860a00c97decb2d0039d93a22446 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Sat, 7 Jan 2023 20:32:42 +0100
Subject: [PATCH 9/9] parameterize directories
---
inventory/group_vars/nucs.yml | 3 ++-
roles/common/tasks/main.yml | 8 ++++----
roles/forgejo/tasks/main.yml | 16 +++++++--------
.../docker-compose.yml.j2} | 4 ++--
roles/forgejo/vars/main.yml | 4 ++++
roles/kms/tasks/main.yml | 6 +++---
roles/kms/vars/main.yml | 2 ++
roles/mastodon/tasks/main.yml | 10 +++++-----
.../mastodon/templates/docker-compose.yml.j2 | 8 ++++----
roles/mastodon/vars/main.yml | 4 ++++
roles/pizzeria/tasks/main.yml | 6 +++---
roles/pizzeria/vars/main.yml | 6 ++++--
roles/radicale/tasks/main.yml | 18 ++++++++---------
.../docker-compose.yml.j2} | 4 ++--
roles/radicale/vars/main.yml | 3 +++
roles/syncthing/tasks/main.yml | 20 +++++++++----------
.../docker-compose.yml.j2} | 4 ++--
roles/syncthing/vars/main.yml | 4 ++++
roles/traefik/tasks/main.yml | 16 +++++++--------
.../docker-compose.yml.j2} | 6 +++---
roles/traefik/vars/main.yml | 2 ++
21 files changed, 88 insertions(+), 66 deletions(-)
rename roles/forgejo/{files/docker-compose.yml => templates/docker-compose.yml.j2} (92%)
create mode 100644 roles/kms/vars/main.yml
rename roles/radicale/{files/docker-compose.yml => templates/docker-compose.yml.j2} (86%)
create mode 100644 roles/radicale/vars/main.yml
rename roles/syncthing/{files/docker-compose.yml => templates/docker-compose.yml.j2} (83%)
rename roles/traefik/{files/docker-compose.yml => templates/docker-compose.yml.j2} (82%)
create mode 100644 roles/traefik/vars/main.yml
diff --git a/inventory/group_vars/nucs.yml b/inventory/group_vars/nucs.yml
index da24364..69f1dc9 100644
--- a/inventory/group_vars/nucs.yml
+++ b/inventory/group_vars/nucs.yml
@@ -1 +1,2 @@
-# Group variables for nucs group
+base_data_dir: /data
+base_service_dir: /srv
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index fa79f23..ab05296 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -5,13 +5,13 @@
state: latest
update_cache: yes
cache_valid_time: 86400 # One day
-- name: Create /data directory
+- name: Create base data directory
file:
- path: /data
+ path: "{{ base_data_dir }}"
state: directory
-- name: Create /srv directory
+- name: Create base service directory
file:
- path: /srv
+ path: "{{ base_service_dir }}"
state: directory
- name: Disable systemd-resolved
systemd:
diff --git a/roles/forgejo/tasks/main.yml b/roles/forgejo/tasks/main.yml
index 2422a53..a2ce768 100644
--- a/roles/forgejo/tasks/main.yml
+++ b/roles/forgejo/tasks/main.yml
@@ -1,31 +1,31 @@
- name: Create app directory
file:
- path: /srv/forgejo
+ path: "{{ service_dir }}"
state: directory
- name: Copy Docker Compose script
- copy:
- src: "{{ role_path }}/files/docker-compose.yml"
- dest: /srv/forgejo/docker-compose.yml
+ template:
+ src: "{{ role_path }}/templates/docker-compose.yml.j2"
+ dest: "{{ service_dir }}/docker-compose.yml"
- name: Create data directory
file:
- path: /data/forgejo
+ path: "{{ data_dir }}"
state: directory
owner: 1000
group: 1000
- name: Copy conf directory
file:
- path: /srv/forgejo/conf
+ path: "{{ service_dir }}/conf"
state: directory
owner: 1000
group: 1000
- name: Copy app.ini
template:
src: "{{ role_path }}/templates/app.ini"
- dest: /srv/forgejo/conf/app.ini
+ dest: "{{ service_dir }}/conf/app.ini"
register: config
- name: Start the Docker Compose
docker_compose:
- project_src: /srv/forgejo
+ project_src: "{{ service_dir }}"
pull: true
remove_orphans: true
restarted: "{{ config.changed }}"
diff --git a/roles/forgejo/files/docker-compose.yml b/roles/forgejo/templates/docker-compose.yml.j2
similarity index 92%
rename from roles/forgejo/files/docker-compose.yml
rename to roles/forgejo/templates/docker-compose.yml.j2
index 98be775..a72e115 100644
--- a/roles/forgejo/files/docker-compose.yml
+++ b/roles/forgejo/templates/docker-compose.yml.j2
@@ -15,8 +15,8 @@ services:
networks:
- traefik
volumes:
- - /data/forgejo:/data
- - /srv/forgejo/conf:/data/gitea/conf
+ - {{ data_dir }}:/data
+ - {{ service_dir }}/conf:/data/gitea/conf
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
labels:
diff --git a/roles/forgejo/vars/main.yml b/roles/forgejo/vars/main.yml
index 1f23d70..f0ac50e 100644
--- a/roles/forgejo/vars/main.yml
+++ b/roles/forgejo/vars/main.yml
@@ -1,3 +1,7 @@
+service_name: forgejo
+data_dir: "{{ base_data_dir }}/{{ service_name }}"
+service_dir: "{{ base_service_dir }}/{{ service_name }}"
+
forgejo:
root_url: "https://git.pizzapim.nl"
mailer_host: "smtp.tweak.nl"
diff --git a/roles/kms/tasks/main.yml b/roles/kms/tasks/main.yml
index 536bad6..2518ba7 100644
--- a/roles/kms/tasks/main.yml
+++ b/roles/kms/tasks/main.yml
@@ -1,14 +1,14 @@
- name: Create app directory
file:
- path: /srv/kms
+ path: "{{ service_dir }}"
state: directory
- name: Copy Docker Compose script
copy:
src: "{{ role_path }}/files/docker-compose.yml"
- dest: /srv/kms/docker-compose.yml
+ dest: "{{ service_dir }}/docker-compose.yml"
- name: Start the Docker Compose
docker_compose:
- project_src: /srv/kms
+ project_src: "{{ service_dir }}"
pull: true
remove_orphans: true
diff --git a/roles/kms/vars/main.yml b/roles/kms/vars/main.yml
new file mode 100644
index 0000000..8f2f2a2
--- /dev/null
+++ b/roles/kms/vars/main.yml
@@ -0,0 +1,2 @@
+service_name: kms
+service_dir: "{{ base_service_dir }}/{{ service_name }}"
diff --git a/roles/mastodon/tasks/main.yml b/roles/mastodon/tasks/main.yml
index 4a4cccb..6f4ea70 100644
--- a/roles/mastodon/tasks/main.yml
+++ b/roles/mastodon/tasks/main.yml
@@ -1,22 +1,22 @@
- name: Create Mastodon app directory
file:
- path: /srv/mastodon
+ path: "{{ service_dir }}"
state: directory
- name: Copy .env.production
copy:
src: "{{ role_path }}/files/.env.production"
- dest: /srv/mastodon/.env.production
+ dest: "{{ service_dir }}.env.production"
- name: Copy Docker Compose script
template:
src: "{{ role_path }}/templates/docker-compose.yml.j2"
- dest: /srv/mastodon/docker-compose.yml
+ dest: "{{ service_dir }}/docker-compose.yml"
- name: Create Mastodon data directory
file:
- path: /data/mastodon
+ path: "{{ data_dir }}"
state: directory
mode: 0777
- name: Start Docker Compose
docker_compose:
- project_src: /srv/mastodon
+ project_src: "{{ service_dir }}"
pull: true
remove_orphans: true
diff --git a/roles/mastodon/templates/docker-compose.yml.j2 b/roles/mastodon/templates/docker-compose.yml.j2
index 01b2ea0..e809bb7 100644
--- a/roles/mastodon/templates/docker-compose.yml.j2
+++ b/roles/mastodon/templates/docker-compose.yml.j2
@@ -9,7 +9,7 @@ services:
healthcheck:
test: ['CMD', 'pg_isready', '-U', 'postgres']
volumes:
- - /data/mastodon/postgres14:/var/lib/postgresql/data
+ - {{ data_dir }}/postgres14:/var/lib/postgresql/data
environment:
- 'POSTGRES_HOST_AUTH_METHOD=trust'
- 'POSTGRES_PASSWORD={{ mastodon_postgres_password }}'
@@ -24,7 +24,7 @@ services:
healthcheck:
test: ['CMD', 'redis-cli', 'ping']
volumes:
- - /data/mastodon/redis:/data
+ - {{ data_dir }}/redis:/data
environment:
- 'REDIS_PASSWORD={{ mastodon_redis_password }}'
@@ -46,7 +46,7 @@ services:
- db
- redis
volumes:
- - /data/mastodon/public/system:/mastodon/public/system
+ - {{ data_dir }}/public/system:/mastodon/public/system
labels:
- traefik.http.routers.mastodon.entrypoints=websecure
- traefik.http.routers.mastodon.rule=Host(`social.pizzapim.nl`)
@@ -91,7 +91,7 @@ services:
networks:
- default
volumes:
- - /data/mastodon/public/system:/mastodon/public/system
+ - {{ data_dir }}/public/system:/mastodon/public/system
healthcheck:
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
diff --git a/roles/mastodon/vars/main.yml b/roles/mastodon/vars/main.yml
index 505d001..0f488b3 100644
--- a/roles/mastodon/vars/main.yml
+++ b/roles/mastodon/vars/main.yml
@@ -1,3 +1,7 @@
+service_name: mastodon
+data_dir: "{{ base_data_dir }}/{{ service_name }}"
+service_dir: "{{ base_service_dir }}/{{ service_name }}"
+
mastodon_postgres_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
34643131323762373635383736636432643161646130373565333432323337646435656233383131
diff --git a/roles/pizzeria/tasks/main.yml b/roles/pizzeria/tasks/main.yml
index 5f27e49..3d18940 100644
--- a/roles/pizzeria/tasks/main.yml
+++ b/roles/pizzeria/tasks/main.yml
@@ -1,9 +1,9 @@
- name: Clone pizzeria repository
git:
- repo: "{{ pizzeria.git_origin }}"
- dest: /srv/pizzeria
+ repo: "{{ git_origin }}"
+ dest: "{{ service_dir }}"
- name: Start the Docker Compose
docker_compose:
- project_src: /srv/pizzeria
+ project_src: "{{ service_dir }}"
pull: true
remove_orphans: true
diff --git a/roles/pizzeria/vars/main.yml b/roles/pizzeria/vars/main.yml
index 21308b6..33149bb 100644
--- a/roles/pizzeria/vars/main.yml
+++ b/roles/pizzeria/vars/main.yml
@@ -1,2 +1,4 @@
-pizzeria:
- git_origin: https://git.pizzapim.nl/pim/pizzeria.git
+service_name: pizzeria
+data_dir: "{{ base_data_dir }}/{{ service_name }}"
+service_dir: "{{ base_service_dir }}/{{ service_name }}"
+git_origin: https://git.pizzapim.nl/pim/pizzeria.git
diff --git a/roles/radicale/tasks/main.yml b/roles/radicale/tasks/main.yml
index a2974ba..48afa89 100644
--- a/roles/radicale/tasks/main.yml
+++ b/roles/radicale/tasks/main.yml
@@ -1,29 +1,29 @@
- name: Create Radicale app directory
file:
- path: /srv/radicale
+ path: "{{ service_dir }}"
state: directory
- name: Copy docker-compose.yml file
- copy:
- src: "{{ role_path }}/files/docker-compose.yml"
- dest: /srv/radicale/docker-compose.yml
+ template:
+ src: "{{ role_path }}/templates/docker-compose.yml.j2"
+ dest: "{{ service_dir }}/docker-compose.yml"
- name: Create Radicale config directory
file:
- path: /srv/radicale/config
+ path: "{{ service_dir }}/config"
state: directory
- name: Copy radicale.conf
copy:
src: "{{ role_path }}/files/radicale.conf"
- dest: /srv/radicale/config/radicale.conf
+ dest: "{{ service_dir }}/config/radicale.conf"
- name: Copy users file
copy:
src: "{{ role_path }}/files/users"
- dest: /srv/radicale/config/users
+ dest: "{{ service_dir }}/config/users"
- name: Create Radicale data directory
file:
- path: /data/radicale
+ path: "{{ data_dir }}"
state: directory
- name: Start Docker Compose
docker_compose:
- project_src: /srv/radicale
+ project_src: "{{ service_dir }}"
pull: true
remove_orphans: true
diff --git a/roles/radicale/files/docker-compose.yml b/roles/radicale/templates/docker-compose.yml.j2
similarity index 86%
rename from roles/radicale/files/docker-compose.yml
rename to roles/radicale/templates/docker-compose.yml.j2
index 556e883..1e9362f 100644
--- a/roles/radicale/files/docker-compose.yml
+++ b/roles/radicale/templates/docker-compose.yml.j2
@@ -9,8 +9,8 @@ services:
restart: always
image: mailu/radicale:1.9
volumes:
- - /data/radicale:/data
- - /srv/radicale/config:/radicale
+ - {{ data_dir }}:/data
+ - {{ service_dir }}/config:/radicale
command: radicale -S -C /radicale/radicale.conf
networks:
- traefik
diff --git a/roles/radicale/vars/main.yml b/roles/radicale/vars/main.yml
new file mode 100644
index 0000000..5c891bc
--- /dev/null
+++ b/roles/radicale/vars/main.yml
@@ -0,0 +1,3 @@
+service_name: radicale
+data_dir: "{{ base_data_dir }}/{{ service_name }}"
+service_dir: "{{ base_service_dir }}/{{ service_name }}"
diff --git a/roles/syncthing/tasks/main.yml b/roles/syncthing/tasks/main.yml
index 4b73ced..614d481 100644
--- a/roles/syncthing/tasks/main.yml
+++ b/roles/syncthing/tasks/main.yml
@@ -1,34 +1,34 @@
- name: Create Syncthing app directory
file:
- path: /srv/syncthing
+ path: "{{ service_dir }}"
state: directory
- name: Create Syncthing configuration directory
file:
- path: /srv/syncthing/config
+ path: "{{ service_dir }}/config"
state: directory
- name: Copy Syncthing private key
copy:
src: "{{ role_path }}/files/key.pem"
- dest: /srv/syncthing/config/key.pem
+ dest: "{{ service_dir }}/config/key.pem"
- name: Copy Syncthing certificate
copy:
src: "{{ role_path }}/files/cert.pem"
- dest: /srv/syncthing/config/cert.pem
+ dest: "{{ service_dir }}/config/cert.pem"
- name: Copy Syncthing configuration
template:
src: "{{ role_path }}/templates/config.xml.j2"
- dest: /srv/syncthing/config/config.xml
+ dest: "{{ service_dir }}/config/config.xml"
- name: Create Syncthing data directory
file:
- path: /data/syncthing
+ path: "{{ data_dir }}"
state: directory
mode: 0777
- name: Copy Docker Compose script
- copy:
- src: "{{ role_path }}/files/docker-compose.yml"
- dest: /srv/syncthing/docker-compose.yml
+ template:
+ src: "{{ role_path }}/templates/docker-compose.yml.j2"
+ dest: "{{ service_dir }}/docker-compose.yml"
- name: Start Docker Compose
docker_compose:
- project_src: /srv/syncthing
+ project_src: "{{ service_dir }}"
pull: true
remove_orphans: true
diff --git a/roles/syncthing/files/docker-compose.yml b/roles/syncthing/templates/docker-compose.yml.j2
similarity index 83%
rename from roles/syncthing/files/docker-compose.yml
rename to roles/syncthing/templates/docker-compose.yml.j2
index 4505a69..512eef6 100644
--- a/roles/syncthing/files/docker-compose.yml
+++ b/roles/syncthing/templates/docker-compose.yml.j2
@@ -10,8 +10,8 @@ services:
- PGID=1000
- TZ=Europe/Amsterdam
volumes:
- - /srv/syncthing/config:/config
- - /data/syncthing:/data
+ - {{ service_dir }}/config:/config
+ - {{ data_dir }}:/data
ports:
- 8384:8384
- 22000:22000/tcp
diff --git a/roles/syncthing/vars/main.yml b/roles/syncthing/vars/main.yml
index 7e33fce..4e73ff7 100644
--- a/roles/syncthing/vars/main.yml
+++ b/roles/syncthing/vars/main.yml
@@ -1,3 +1,7 @@
+service_name: syncthing
+data_dir: "{{ base_data_dir }}/{{ service_name }}"
+service_dir: "{{ base_service_dir }}/{{ service_name }}"
+
syncthing:
apikey: !vault |
$ANSIBLE_VAULT;1.1;AES256
diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml
index e87ed92..635c1dd 100644
--- a/roles/traefik/tasks/main.yml
+++ b/roles/traefik/tasks/main.yml
@@ -1,30 +1,30 @@
- name: Create traefik app directory
file:
- path: /srv/traefik
+ path: "{{ service_dir }}"
state: directory
- name: Create acme file
copy:
content: ""
- dest: /srv/traefik/acme.json
+ dest: "{{ service_dir }}/acme.json"
force: no
mode: 0600
- name: Copy Docker Compose script
- copy:
- src: "{{ role_path }}/files/docker-compose.yml"
- dest: /srv/traefik/docker-compose.yml
+ template:
+ src: "{{ role_path }}/templates/docker-compose.yml.j2"
+ dest: "{{ service_dir }}/docker-compose.yml"
- name: Copy traefik.toml
copy:
src: "{{ role_path }}/files/traefik.toml"
- dest: /srv/traefik/traefik.toml
+ dest: "{{ service_dir }}/traefik.toml"
- name: Copy services.toml
copy:
src: "{{ role_path }}/files/services.toml"
- dest: /srv/traefik/services.toml
+ dest: "{{ service_dir }}/services.toml"
- name: Create traefik network
docker_network:
name: "traefik"
- name: Start Docker Compose
docker_compose:
- project_src: /srv/traefik
+ project_src: "{{ service_dir }}"
pull: true
remove_orphans: true
diff --git a/roles/traefik/files/docker-compose.yml b/roles/traefik/templates/docker-compose.yml.j2
similarity index 82%
rename from roles/traefik/files/docker-compose.yml
rename to roles/traefik/templates/docker-compose.yml.j2
index ac79916..f913135 100644
--- a/roles/traefik/files/docker-compose.yml
+++ b/roles/traefik/templates/docker-compose.yml.j2
@@ -20,9 +20,9 @@ services:
- "56287:56287"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- - /srv/traefik/traefik.toml:/etc/traefik/traefik.toml
- - /srv/traefik/services.toml:/etc/traefik/services.toml
- - /srv/traefik/acme.json:/acme.json
+ - {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml
+ - {{ service_dir }}/services.toml:/etc/traefik/services.toml
+ - {{ service_dir }}/acme.json:/acme.json
networks:
- traefik
labels:
diff --git a/roles/traefik/vars/main.yml b/roles/traefik/vars/main.yml
new file mode 100644
index 0000000..2e1116f
--- /dev/null
+++ b/roles/traefik/vars/main.yml
@@ -0,0 +1,2 @@
+service_name: traefik
+service_dir: "{{ base_service_dir }}/{{ service_name }}"