manage lewis with nix

move docker swarm ansible to this repo move thecloud ansible to this repo support data disks in terraform
2023-12-25 19:22:22 +01:00 · 2023-12-25 19:22:22 +01:00 · 111bf68a0a
commit 111bf68a0a
parent d7ef46b642
92 changed files with 2730 additions and 26 deletions
--- a/legacy/projects/docker_swarm/ansible/roles/radicale/docker-stack.yml.j2
+++ b/legacy/projects/docker_swarm/ansible/roles/radicale/docker-stack.yml.j2
@ -0,0 +1,61 @@
+# vi: ft=yaml
+version: '3.7'
+
+networks:
+  traefik:
+    external: true
+
+configs:
+  config:
+    external: true
+    name: "{{ config.config_name }}"
+  users:
+    external: true
+    name: "{{ users.config_name }}"
+
+volumes:
+  data:
+    driver_opts:
+      type: "nfs"
+      o: "addr=192.168.30.10,nolock,soft,rw"
+      device: ":/mnt/data/radicale"
+
+services:
+  radicale:
+    image: tomsquest/docker-radicale
+    init: true
+    read_only: true
+    cap_drop:
+      - ALL
+    cap_add:
+      - SETUID
+      - SETGID
+      - CHOWN
+      - KILL
+    healthcheck:
+      test: curl -f http://127.0.0.1:5232 || exit 1
+      interval: 30s
+      retries: 3
+    volumes:
+      - type: volume
+        source: data
+        target: /data
+        volume:
+          nocopy: true
+    networks:
+      - traefik
+    deploy:
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.radicale.entrypoints=websecure
+        - traefik.http.routers.radicale.rule=Host(`dav.kun.is`)
+        - traefik.http.routers.radicale.tls=true
+        - traefik.http.routers.radicale.tls.certresolver=letsencrypt
+        - traefik.http.routers.radicale.service=radicale
+        - traefik.http.services.radicale.loadbalancer.server.port=5232
+        - traefik.docker.network=traefik
+    configs:
+      - source: config
+        target: /config/config
+      - source: users
+        target: /config/users
--- a/legacy/projects/docker_swarm/ansible/roles/radicale/radicale.conf
+++ b/legacy/projects/docker_swarm/ansible/roles/radicale/radicale.conf
@ -0,0 +1,24 @@
+[server]
+hosts = 0.0.0.0:5232, [::]:5232
+ssl = False
+
+[encoding]
+request = utf-8
+stock = utf-8
+
+[auth]
+realm = Radicale - Password Required
+type = htpasswd
+htpasswd_filename = /config/users
+htpasswd_encryption = md5
+
+[rights]
+type = owner_only
+
+[storage]
+type = multifilesystem
+filesystem_folder = /data
+
+[logging]
+
+[headers]
--- a/legacy/projects/docker_swarm/ansible/roles/radicale/tasks/main.yml
+++ b/legacy/projects/docker_swarm/ansible/roles/radicale/tasks/main.yml
@ -0,0 +1,21 @@
+- name: Create radicale config
+  docker_config:
+    name: radicale_config
+    data: "{{ lookup('file', '{{ role_path }}/radicale.conf') }}"
+    use_ssh_client: true
+    rolling_versions: true
+  register: config
+
+- name: Create radicale users
+  docker_config:
+    name: radicale_users
+    data: "{{ lookup('file', '{{ role_path }}/users') }}"
+    use_ssh_client: true
+    rolling_versions: true
+  register: users
+
+- name: Deploy Docker stack
+  docker_stack:
+    name: radicale
+    compose:
+      - "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"
--- a/legacy/projects/docker_swarm/ansible/roles/radicale/users
+++ b/legacy/projects/docker_swarm/ansible/roles/radicale/users
@ -0,0 +1 @@
+pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.