manage lewis with nix

move docker swarm ansible to this repo
move thecloud ansible to this repo
support data disks in terraform

legacy/projects/docker_swarm/ansible/playbooks/remove_stack.yml

@@ -0,0 +1,9 @@
+---
+- name: Remove a Docker swarm stack
+  hosts: manager
+
+  tasks:
+    - name: Remove the stack
+      docker_stack:
+        name: "{{ stack }}"
+        state: absent

legacy/projects/docker_swarm/ansible/playbooks/setup.yml

@@ -0,0 +1,72 @@
+---
+- name: Wait for Cloud-init to finish
+  hosts: manager, workers
+  gather_facts: no
+  roles:
+    - cloudinit_wait
+
+- name: Initialize Docker Swarm nodes
+  hosts: manager, workers
+  pre_tasks:
+    - name: Delete externally managed environment file
+      shell:
+        cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED"
+      register: rm
+      changed_when: "rm.rc == 0"
+      failed_when: "false"
+
+  roles:
+    - setup_apt
+
+  post_tasks:
+    - name: Install Docker
+      include_role:
+        name: docker
+      vars:
+        docker_daemon_config: {}
+          # log-driver: fluentd
+          # log-opts:
+          #   fluentd-address: "localhost:22222"
+          #   tag: "docker.{{ '{{' }}.Name{{ '}}' }}"
+
+- name: Setup Docker Swarm manager
+  hosts: manager
+  tasks:
+    - name: Install pip packages
+      pip:
+        name:
+          - jsondiff
+          - pyyaml
+
+    - name: Create Docker Swarm
+      docker_swarm:
+    
+    - name: Get Docker Swarm manager info
+      docker_swarm_info:
+        nodes: yes
+        nodes_filters:
+          name: manager
+      register: swarm_info
+
+- hosts: workers
+  tasks:
+    - name: Join Docker Swarm
+      docker_swarm:
+        state: join
+        join_token: "{{ hostvars.manager.swarm_info.swarm_facts.JoinTokens.Worker }}"
+        remote_addrs:
+          - "{{ hostvars.manager.ansible_default_ipv4.address }}"
+
+- hosts: manager
+  tasks:
+    - name: Add concourse to authorized keys
+      authorized_key:
+        user: root
+        key: "{{ concourse_public_key }}"
+
+- hosts: manager, workers
+  tasks:
+    - name: Increase vm.max_map_count
+      sysctl:
+        name: vm.max_map_count
+        value: 262144

legacy/projects/docker_swarm/ansible/playbooks/stacks.yml

@@ -0,0 +1,23 @@
+---
+- name: Start Docker stacks
+  hosts: manager
+  roles:
+    - {role: traefik, tags: traefik}
+    - {role: forgejo, tags: forgejo}
+    # - {role: seafile, tags: seafile}
+    - {role: radicale, tags: radicale}
+    # - {role: mastodon, tags: mastodon}
+    - {role: freshrss, tags: freshrss}
+    - {role: hedgedoc, tags: hedgedoc}
+    # - {role: overleaf, tags: overleaf}
+    - {role: cyberchef, tags: cyberchef}
+    - {role: inbucket, tags: inbucket}
+    - {role: kms, tags: kms}
+    - {role: swarm_dashboard, tags: swarm_dashboard}
+    # - {role: shephard, tags: shephard}
+    - {role: pihole, tags: pihole}
+    - {role: nextcloud, tags: nextcloud}
+    - {role: syncthing, tags: syncthing}
+    # - {role: monitoring, tags: monitoring}
+    - {role: kitchenowl, tags: kitchenowl}
+    # - {role: ampache, tags: ampache}

legacy/projects/docker_swarm/ansible/playbooks/thecloud.yml

@@ -0,0 +1,25 @@
+---
+- name: Create databases and NFS shares
+  hosts: thecloud
+  handlers:
+    - name: reload nfs
+      systemd:
+        name: nfs-kernel-server
+        state: restarted
+
+  tasks:
+    - name: Create nfs shares
+      with_items: "{{ nfs_shares }}"
+      copy:
+        dest: "/etc/exports.d/{{ item.name }}.exports"
+        content: "{{ item.path }} *(rw,sync,no_subtree_check,no_root_squash)"
+      notify: reload nfs
+
+    - name: Create databases
+      with_items: "{{ database_passwords | dict2items }}"
+      include_role:
+        name: postgresql_database
+      vars:
+        database_name: "{{ item.key }}"
+        database_user: "{{ item.key }}"
+        database_password: "{{ item.value }}"