From 1d3f4110f4f7ddda6dbf631ac396a6128dce5cb2 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sat, 20 May 2023 13:45:25 +0200 Subject: [PATCH] don't use /srv on docker manager --- ansible/README.md | 1 + ansible/roles/cyberchef/tasks/main.yml | 15 +-- ansible/roles/forgejo/docker-stack.yml.j2 | 3 +- ansible/roles/forgejo/tasks/main.yml | 29 ++-- ansible/roles/freshrss/tasks/main.yml | 15 +-- ansible/roles/hedgedoc/tasks/main.yml | 15 +-- ansible/roles/inbucket/tasks/main.yml | 15 +-- ansible/roles/jitsi/tasks/main.yml | 15 +-- ansible/roles/kms/tasks/main.yml | 15 +-- ansible/roles/mastodon/docker-stack.yml.j2 | 30 ++++- ansible/roles/mastodon/mastodon.env | 126 ------------------ ansible/roles/mastodon/tasks/main.yml | 20 +-- ansible/roles/mastodon/vars/main.yml | 34 +++++ ansible/roles/overleaf/tasks/main.yml | 15 +-- ansible/roles/pihole/tasks/main.yml | 15 +-- ansible/roles/radicale/docker-stack.yml.j2 | 6 +- ansible/roles/radicale/tasks/main.yml | 43 +++--- ansible/roles/seafile/tasks/main.yml | 15 +-- ansible/roles/shephard/tasks/main.yml | 15 +-- ansible/roles/swarm_dashboard/tasks/main.yml | 15 +-- .../{docker-stack.yml => docker-stack.yml.j2} | 3 +- ansible/roles/traefik/tasks/main.yml | 36 +++-- 22 files changed, 171 insertions(+), 325 deletions(-) delete mode 100644 ansible/roles/mastodon/mastodon.env rename ansible/roles/traefik/{docker-stack.yml => docker-stack.yml.j2} (98%) diff --git a/ansible/README.md b/ansible/README.md index 9e0c061..3be06a4 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -2,3 +2,4 @@ This requires a rootless docker daemon on the Ansible host. See: https://docs.docker.com/engine/security/rootless/ +Also you need jsondiff for docker stack. diff --git a/ansible/roles/cyberchef/tasks/main.yml b/ansible/roles/cyberchef/tasks/main.yml index 386a96f..e1afc90 100644 --- a/ansible/roles/cyberchef/tasks/main.yml +++ b/ansible/roles/cyberchef/tasks/main.yml @@ -1,15 +1,8 @@ -- name: Create working directory - file: - path: /srv/cyberchef - state: directory - -- name: Copy Docker stack file - template: - src: "{{ role_path }}/docker-stack.yml.j2" - dest: /srv/cyberchef/docker-stack.yml - - name: Deploy Docker stack docker_stack: name: cyberchef compose: - - /srv/cyberchef/docker-stack.yml + - "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}" + environment: + DOCKER_HOST: ssh://root@maestro.dmz + delegate_to: localhost diff --git a/ansible/roles/forgejo/docker-stack.yml.j2 b/ansible/roles/forgejo/docker-stack.yml.j2 index d72e831..46602bd 100644 --- a/ansible/roles/forgejo/docker-stack.yml.j2 +++ b/ansible/roles/forgejo/docker-stack.yml.j2 @@ -7,7 +7,8 @@ networks: configs: config: - file: /srv/forgejo/app.ini + external: true + name: "{{ config.config_name }}" services: server: diff --git a/ansible/roles/forgejo/tasks/main.yml b/ansible/roles/forgejo/tasks/main.yml index 0c8db5c..40c2ddc 100644 --- a/ansible/roles/forgejo/tasks/main.yml +++ b/ansible/roles/forgejo/tasks/main.yml @@ -1,20 +1,19 @@ -- name: Create working directory - file: - path: /srv/forgejo - state: directory - -- name: Copy config file - template: - src: "{{ role_path }}/app.ini.j2" - dest: /srv/forgejo/app.ini - -- name: Copy Docker stack file - template: - src: "{{ role_path }}/docker-stack.yml.j2" - dest: /srv/forgejo/docker-stack.yml +- name: Create Docker config + docker_config: + name: forgejo_config + data: "{{ lookup('template', '{{ role_path }}/app.ini.j2') }}" + use_ssh_client: true + rolling_versions: true + environment: + DOCKER_HOST: ssh://root@maestro.dmz + delegate_to: localhost + register: config - name: Deploy Docker stack docker_stack: name: forgejo compose: - - /srv/forgejo/docker-stack.yml + - "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}" + environment: + DOCKER_HOST: ssh://root@maestro.dmz + delegate_to: localhost diff --git a/ansible/roles/freshrss/tasks/main.yml b/ansible/roles/freshrss/tasks/main.yml index 3cde06f..c9c0e82 100644 --- a/ansible/roles/freshrss/tasks/main.yml +++ b/ansible/roles/freshrss/tasks/main.yml @@ -1,15 +1,8 @@ -- name: Create working directory - file: - path: /srv/freshrss - state: directory - -- name: Copy Docker stack file - template: - src: "{{ role_path }}/docker-stack.yml.j2" - dest: /srv/freshrss/docker-stack.yml - - name: Deploy Docker stack docker_stack: name: freshrss compose: - - /srv/freshrss/docker-stack.yml + - "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}" + environment: + DOCKER_HOST: ssh://root@maestro.dmz + delegate_to: localhost diff --git a/ansible/roles/hedgedoc/tasks/main.yml b/ansible/roles/hedgedoc/tasks/main.yml index f6fd535..3c46a3e 100644 --- a/ansible/roles/hedgedoc/tasks/main.yml +++ b/ansible/roles/hedgedoc/tasks/main.yml @@ -1,15 +1,8 @@ -- name: Create working directory - file: - path: /srv/hedgedoc - state: directory - -- name: Copy Docker stack file - template: - src: "{{ role_path }}/docker-stack.yml.j2" - dest: /srv/hedgedoc/docker-stack.yml - - name: Deploy Docker stack docker_stack: name: hedgedoc compose: - - /srv/hedgedoc/docker-stack.yml + - "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}" + environment: + DOCKER_HOST: ssh://root@maestro.dmz + delegate_to: localhost diff --git a/ansible/roles/inbucket/tasks/main.yml b/ansible/roles/inbucket/tasks/main.yml index e3fb794..04b894b 100644 --- a/ansible/roles/inbucket/tasks/main.yml +++ b/ansible/roles/inbucket/tasks/main.yml @@ -1,15 +1,8 @@ -- name: Create working directory - file: - path: /srv/inbucket - state: directory - -- name: Copy Docker stack file - template: - src: "{{ role_path }}/docker-stack.yml.j2" - dest: /srv/inbucket/docker-stack.yml - - name: Deploy Docker stack docker_stack: name: inbucket compose: - - /srv/inbucket/docker-stack.yml + - "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}" + environment: + DOCKER_HOST: ssh://root@maestro.dmz + delegate_to: localhost diff --git a/ansible/roles/jitsi/tasks/main.yml b/ansible/roles/jitsi/tasks/main.yml index 6ec134f..f2dfb4a 100644 --- a/ansible/roles/jitsi/tasks/main.yml +++ b/ansible/roles/jitsi/tasks/main.yml @@ -1,15 +1,8 @@ -- name: Create working directory - file: - path: /srv/jitsi - state: directory - -- name: Copy Docker stack file - template: - src: "{{ role_path }}/docker-stack.yml.j2" - dest: /srv/jitsi/docker-stack.yml - - name: Deploy Docker stack docker_stack: name: jitsi compose: - - /srv/jitsi/docker-stack.yml + - "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}" + environment: + DOCKER_HOST: ssh://root@maestro.dmz + delegate_to: localhost diff --git a/ansible/roles/kms/tasks/main.yml b/ansible/roles/kms/tasks/main.yml index 09b38f5..7443e6b 100644 --- a/ansible/roles/kms/tasks/main.yml +++ b/ansible/roles/kms/tasks/main.yml @@ -1,15 +1,8 @@ -- name: Create working directory - file: - path: /srv/kms - state: directory - -- name: Copy Docker stack file - template: - src: "{{ role_path }}/docker-stack.yml.j2" - dest: /srv/kms/docker-stack.yml - - name: Deploy Docker stack docker_stack: name: kms compose: - - /srv/kms/docker-stack.yml + - "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}" + environment: + DOCKER_HOST: ssh://root@maestro.dmz + delegate_to: localhost diff --git a/ansible/roles/mastodon/docker-stack.yml.j2 b/ansible/roles/mastodon/docker-stack.yml.j2 index 20c6486..734fff0 100644 --- a/ansible/roles/mastodon/docker-stack.yml.j2 +++ b/ansible/roles/mastodon/docker-stack.yml.j2 @@ -47,7 +47,22 @@ services: - "node.labels.mastodon == true" web: image: tootsuite/mastodon:v3.5.3 - env_file: /srv/mastodon/mastodon.env + environment: + - 'OTP_SECRET={{ otp_secret }}' + - 'SECRET_KEY_BASE={{ secret_key_base }}' + - 'REDIS_HOST=redis' + - 'DB_HOST=db' + - 'DB_USER=mastodon' + - 'DB_NAME=mastodon_production' + - 'DB_PASS=password' + - 'VAPID_PRIVATE_KEY={{ vapid_private_key }}' + - 'VAPID_PUBLIC_KEY=BDcpOP2ThgD13i2ENjnlVXG7QH-m3xuNE4rySx6_NBYQz34UxSM3N4nT7GUxN5zBF-Kehlv0CpqBDDa78QFiS0g=' + - 'SMTP_SERVER=smtp.tweak.nl' + - 'SMTP_PORT=587' + - 'SMTP_LOGIN=' + - 'SMTP_PASSWORD=' + - 'SMTP_FROM_ADDRESS=mastodon@kunis.nl' + - 'LOCAL_DOMAIN=social.pizzapim.nl' command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000" networks: - mastodon @@ -78,8 +93,10 @@ services: streaming: image: tootsuite/mastodon:v3.5.3 - env_file: /srv/mastodon/mastodon.env command: node ./streaming + environment: + - 'REDIS_HOST=redis' + - 'LOCAL_DOMAIN=social.pizzapim.nl' networks: - mastodon - traefik @@ -102,8 +119,15 @@ services: - traefik.docker.network=traefik sidekiq: image: tootsuite/mastodon:v3.5.3 - env_file: /srv/mastodon/mastodon.env command: bundle exec sidekiq + environment: + - 'OTP_SECRET={{ otp_secret }}' + - 'SECRET_KEY_BASE={{ secret_key_base }}' + - 'REDIS_HOST=redis' + - 'DB_HOST=db' + - 'DB_USER=mastodon' + - 'DB_NAME=mastodon_production' + - 'DB_PASS=password' depends_on: - db - redis diff --git a/ansible/roles/mastodon/mastodon.env b/ansible/roles/mastodon/mastodon.env deleted file mode 100644 index 87e296e..0000000 --- a/ansible/roles/mastodon/mastodon.env +++ /dev/null @@ -1,126 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -66373333363835643061643565323065346266346663376133633966383863656531336664656237 -3231356236346361393262616662303931633463363932640a356363363834396338653331353230 -34353937313866363332376263346638663430353232343563616530323762386639343632633563 -6665613863343864340a633434636136303163393833376663343464656231623237623864336538 -62356537306330626338316536653464616662333963313736663036313735306666366237396430 -37663739313432613564313434383961313231393134626665383238633861666632343738383032 -35613363353264653731333637633464366263373162373531313438363762383062633363313636 -31623032356566386631336362656634353432373132313461353664316365613232373763623836 -66306430373033656563316661336539613162353662343266613537316432623465666138333334 -37373239656433393564333236393339656165623137316561623935396139373935333963326431 -37333261336132633964656239623738613833383462356135363761366564393164616530363436 -66323162643466363839626237313638336639343636616536303339643839366261303934373766 -39653264333036323334663634366165343438303132393737393461663038383037616536326161 -64666534623462363534636633353630666665376138386664653037323164643364373431313136 -35643337353961396333653264646139383264393736366332643331656635663362323537323462 -32383030643433306136386463663862313362383264633335613563663531323065646563363161 -62313539303266386238363561373634363336643635366164626564623033613366353937383230 -36373165643834353733656563663333653839663631373330373733633938333263366333313336 -65373733376434373630323339316131363765663166313039336262666265333266366236363932 -30383163643830623334386532636236393664613064376633633061363539623661333361353565 -30363064666635306130366165313535613236616366383630323930336230646461643362346532 -36663464383333323866373439363436346534306365653462663437646561363335303635623838 -66653338366433326330386462326539316235666233383333366330626630663934313836386333 -34626134376463336164666335333565353132333530646632323531643731316436316333333261 -38343033333862343965336434333131636333386336393266306437623032323266333564386431 -62323733346239343136663933393134366161363532646331373066643834346238633433663535 -37353666333530613138373932343661653165373161393533326137643936623133373765346434 -39633532663236636434336461653433626637323931303833313437373264363439343264623438 -35396636656266623831316633643837363931366231396537333633313831623865626331616633 -66386265633037373131313039306431373134303131666239373335356133656430353862656432 -61323439303336356632383962343236303135363931636534393238636136663834363439386461 -39386462303135313637666535336565643439373961373336396237636431623537653932353330 -32653038396665326539366135343439316335656331653165376339613630333331313430386664 -32616431653461636164373437383864653265396461656330613335636532386133386336616631 -30643466633635613131653361393735303735633138623663626234633434343831653138656335 -61346139303438333562633964396334303063336530336434643031633265666137666230313732 -63366133383463336565393464306330343733636439326362366364303539636139633437373861 -63643431313830643164613661353231313665333765363032333739353731353334636336363065 -30316536303561326330626637393538373838313833393038643132643535333132373032383937 -35363833393063663865323630346665393236366464613861326666313337613334626139663037 -65343563343464336130643764333031643432343736643065653335303536373637346134373834 -31636366376232376262633235643762333665613163623066396138623133656334356538636266 -36353466303234303331326632646634343262336135643533353234326532643464356538663934 -63366237383136343035386331323232633066343263353534386635343238613637656232623266 -39666638353938393936636133386234633064303439333633303136326333396233366231653166 -37646131313064343338316264396563376334343535326161656664633934316137616533363134 -30393133666461656266393530636538313038346530386238666132346133363930333130356439 -34306339616263663930363939623531613233373135656465373030663938313333616231613862 -36366632333238376439666339363932646335656139346635393233343766343432363962323430 -35613462663631643533363135376665363061633866306665653537303736353338306164303433 -34373438616138303234336638653963386566663464346262643838373030323235326162656536 -33326130633863626463393335643630363166373564326433663633393837333832663236353233 -30313364393935393961623663383337383964666263363433663434646161316264386635616565 -36613961343733376636373336383634346134366330616464636430333236396533623663326261 -63666539303735363135636336643139366139306163336330383334396165346363646565323634 -65396535356439366162663135646238643930643935316531323561633266323965336236376162 -36356533356465303635646632303663373432333037343035313834623364356438336661653065 -33383037663766323830623365336435356563333131376264393432626337636435626332633766 -31646133646161623138613839316131383338383161643331353934336366343562656435336335 -30653938306431396665356237623165303564613231386236363465623030316265633932636138 -31313434346133613561636163656166666532393838303432656266343239373336643236323864 -64633566343032663866343930346330396436376432343232393338656334633764656365343733 -65623632343930303035643035646337313139383830333664636537306331323330663536636364 -65393332326130643234653939653037623531636439383464343133323234373961323934326462 -38636133356339613339383237383833366364663635313835613763623738663164663866393034 -31326638623938626432353631303763633066326538666365376461653365323937303265353362 -38303232626531633064383139646261373530363631316436636665623633353538653132656239 -39346464633530613332383138386363613131303530643835613736363966613063383939663434 -65326338363662643034373662633735656138313838623937663135643534353135653539333765 -61396362643565323261313666376362656631666566306130363365616536376631636139356662 -39313766663265343764393031303934303633363437396530396539636436323864393434343736 -62343066623736626461353634653938353666376433636161303235356430633938636366333862 -61333364353431663665643232373136373733633334303831643566356565396535396437383036 -33316639386566643636373034626237393533666137376135396163633961386438633339333466 -35323265326635653866353365646434626234616335653262663766633038636537356331326563 -34316438663962313232653366613036333936663531323362383637653530376639643936303263 -31373637633166333230313732613738623362663838663139336531363362626463643135313064 -34653130613566613536356533633564663031613562363430646331653239363666303463303933 -37366237613538636233323630393139636462653239643736623133623336613938623865613135 -66326431373831636166303438623239646364343639303237623864663064383933353963643966 -63666562323563386465326337656434316538656437646165623466393735656162383339636565 -38656564383437363935623564633137363662383536626263336437353166613637633837356237 -61353734313836623931623333643138336538613136323831343935333532303463363834373461 -35376133616165663438646266653532393065396230613635656264376663336133316463663164 -63376666323532613032363565626439656464366662613737303565366332356334343134363163 -64373039316664333436373265656337326638353661383663303962353865616439626239653634 -63343362363733346230643736323130623764643364366637316433353431366530633163356665 -33306166303632333231376535323734313262636432393839656630303138326264303065626139 -61623731663630373264646165373462616635326338333465646339633630653066656363653036 -62346264303163663634653965386262353233336630633233623733643164646436323861383833 -33386266656466623563643134333662383130343862396433346366373837643066616464316230 -39326265383261333835613635383730663837656136643666323833313534663365643662643863 -63386438316561306661636134633636313866663436393639333831323761303034323831616639 -31383463346536393133636336376236633963313962643432623065653765326631343964386138 -32383531363062616661653264653462613836636531366233326464646534316664366537356439 -37633466313465383362366261373936363765353735646231323561363635663933356562386361 -37613230306638636435643630623136376264353038613265353234313938386162323938613165 -35613262613362303637666466316461373435633037633963623834663232623736636634356334 -39323466313936313963616135393263623162333032666430343235643763343862336434663238 -32393439313665363535343530383133636634623035656265646164366234336432383865653566 -36383763616161383265323361643761343361653134353232643334633739643335376331353765 -37343664636137656434313137663464303864356261313532333663623431303734316132346563 -32303838376633666330656564336532346532306633396138393061656436323564353762326164 -32356137643036646662333065396463633230363437663362363661346662326231653364376232 -37386661653736633434356161373532343030363062316161643634626530306335326661303532 -34363462363932353130633964623462396163313965343837666333613932636531383762323234 -34653337613138373361336165613164333765373539393035373736653233383363613730383339 -38613161323035343664393637383163356633346132613035336639643036383231343939616533 -34353633323764366664646338303766643863366662616663346237356230383433386130313665 -33663339383830663366346261393461353465303762393534646562316331386239646365303961 -31393237663533363933656238623138316432396132356663643132313431663962393434633136 -61376634343939383566633834386531613365313531343738623965663637653266343431303736 -33343837303334663130306365386337323430336230303839663062333164383064656637303562 -64376430343765366332646562626233333631363161366561666531663961633966656536656262 -38396538353561626639353261646434376133643561613566343534363766626639616432386233 -36306136383031323538386336613039393130333132343433316633363031313264313233326638 -37633032306238376162633236353536656663383761653938333239376662326336343132333136 -62353439366135653934646561643434366466383632343836383262666430613265633936353638 -30306232386534323366633164386630343562336438343937363062393365626333356632663535 -64373234356163616165393736323236623530306462353737376134643161336331343733323463 -32303337346330653833343838366263323862613534376133646437643162333433636262663233 -32306639313065396538393939633565386131303761373735303665656434663261336539303939 -31323065353437393333323937363665396332363763313066303961303633623137643565643432 -39386165323137636231663634643935643838616531633738623537363063633631336130323130 -3863 diff --git a/ansible/roles/mastodon/tasks/main.yml b/ansible/roles/mastodon/tasks/main.yml index 1b3871f..b0d92fd 100644 --- a/ansible/roles/mastodon/tasks/main.yml +++ b/ansible/roles/mastodon/tasks/main.yml @@ -1,20 +1,8 @@ -- name: Create working directory - file: - path: /srv/mastodon - state: directory - -- name: Copy env file - copy: - src: "{{ role_path }}/mastodon.env" - dest: /srv/mastodon/mastodon.env - -- name: Copy Docker stack file - template: - src: "{{ role_path }}/docker-stack.yml.j2" - dest: /srv/mastodon/docker-stack.yml - - name: Deploy Docker stack docker_stack: name: mastodon compose: - - /srv/mastodon/docker-stack.yml + - "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}" + environment: + DOCKER_HOST: ssh://root@maestro.dmz + delegate_to: localhost diff --git a/ansible/roles/mastodon/vars/main.yml b/ansible/roles/mastodon/vars/main.yml index 698d7eb..90011c0 100644 --- a/ansible/roles/mastodon/vars/main.yml +++ b/ansible/roles/mastodon/vars/main.yml @@ -14,3 +14,37 @@ mastodon_redis_password: !vault | 3430346364303334380a613932336534346437346539623864306233626265336663343565303866 33393665633236653536383636616537396432366532366438316135303437313736336536336264 3366643332306236376466386630666230366235333662663161 +otp_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 33303436663063313039636335623937343530323636346363306234333135306138653337313034 + 3337363432363734353363623738653630373536653433350a356336383235383430613934623937 + 36316638343439376134383635336630313065623138326630303131333136626636386361313661 + 6134613862366463300a313765366136343431343838363230363134613164373931623564626466 + 32623137666364326234383264396336636561313132313930383964656434656535663861343337 + 65316331323335626464626231653236313932663334316134633837646330303563633162373036 + 66326135656531393839343138376666623337616162653137393764306265323065356431343162 + 36373135303339356366356263623334373361326561396562353332323363623738626132303738 + 38383638616363386536386461353465353765366234353862653765376330663661326138626266 + 30633134643632393630323834323538326339373361363235666133303761323261336637663862 + 326633383933663530653230336364653461 +secret_key_base: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 32373731376166613238303535646633326162613137366165643037643966643637316265653832 + 3035393061616431666162373133393666653634386338350a376136653961646239656534336230 + 33366235343365653234333866393965643131306636373566623665646562353234323065393262 + 6264313430333262390a626338333932363137356338636132636133613239633537623064666438 + 32343063653664393530353536643963353364373830303563346163613862653161343165363062 + 61396630353036333634313033663962613930336637323461313731633136366365623732306337 + 37646265613639306133373736353365366461373264356665623236313836633565343764626238 + 38353637613064306162393430323662616231623965643933383339616561353963663366396363 + 33346332343336386266636165616135343732353365336630653334383533633831636138623733 + 34396266643166386130383334666565303865396135613863336261656135343564376537383634 + 353635336365613765363931373636363465 +vapid_private_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 33376430313539346137343237313061653164343861623563656638306539373837393364326235 + 3435396264613533633138346231303137663763323361360a356137306330343939353732356535 + 33396336633966623266396265356435343633373766363637616635326563623130653039343665 + 3465306562306261660a303131666436333137306139366636646232333061383935353263396534 + 63376635393966653636316236316538656361393631626465383233386136313366363531363663 + 3436326431353435653666356266333835303061616436323061 diff --git a/ansible/roles/overleaf/tasks/main.yml b/ansible/roles/overleaf/tasks/main.yml index a3a744e..1026d56 100644 --- a/ansible/roles/overleaf/tasks/main.yml +++ b/ansible/roles/overleaf/tasks/main.yml @@ -1,15 +1,8 @@ -- name: Create working directory - file: - path: /srv/overleaf - state: directory - -- name: Copy Docker stack file - template: - src: "{{ role_path }}/docker-stack.yml.j2" - dest: /srv/overleaf/docker-stack.yml - - name: Deploy Docker stack docker_stack: name: overleaf compose: - - /srv/overleaf/docker-stack.yml + - "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}" + environment: + DOCKER_HOST: ssh://root@maestro.dmz + delegate_to: localhost diff --git a/ansible/roles/pihole/tasks/main.yml b/ansible/roles/pihole/tasks/main.yml index 368d822..7a2eb2c 100644 --- a/ansible/roles/pihole/tasks/main.yml +++ b/ansible/roles/pihole/tasks/main.yml @@ -1,15 +1,8 @@ -- name: Create working directory - file: - path: /srv/pihole - state: directory - -- name: Copy Docker stack file - template: - src: "{{ role_path }}/docker-stack.yml.j2" - dest: /srv/pihole/docker-stack.yml - - name: Deploy Docker stack docker_stack: name: pihole compose: - - /srv/pihole/docker-stack.yml + - "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}" + environment: + DOCKER_HOST: ssh://root@maestro.dmz + delegate_to: localhost diff --git a/ansible/roles/radicale/docker-stack.yml.j2 b/ansible/roles/radicale/docker-stack.yml.j2 index 04ffb6d..794e52d 100644 --- a/ansible/roles/radicale/docker-stack.yml.j2 +++ b/ansible/roles/radicale/docker-stack.yml.j2 @@ -7,9 +7,11 @@ networks: configs: config: - file: /srv/radicale/radicale.conf + external: true + name: "{{ config.config_name }}" users: - file: /srv/radicale/users + external: true + name: "{{ users.config_name }}" services: radicale: diff --git a/ansible/roles/radicale/tasks/main.yml b/ansible/roles/radicale/tasks/main.yml index f964963..f3461d8 100644 --- a/ansible/roles/radicale/tasks/main.yml +++ b/ansible/roles/radicale/tasks/main.yml @@ -1,25 +1,30 @@ -- name: Create working directory - file: - path: /srv/radicale - state: directory +- name: Create radicale config + docker_config: + name: radicale_config + data_src: "{{ role_path }}/radicale.conf" + use_ssh_client: true + rolling_versions: true + environment: + DOCKER_HOST: ssh://root@maestro.dmz + delegate_to: localhost + register: config -- name: Copy config file - copy: - src: "{{ role_path }}/radicale.conf" - dest: /srv/radicale/radicale.conf - -- name: Copy users file - copy: - src: "{{ role_path }}/users" - dest: /srv/radicale/users - -- name: Copy Docker stack file - template: - src: "{{ role_path }}/docker-stack.yml.j2" - dest: /srv/radicale/docker-stack.yml +- name: Create radicale users + docker_config: + name: radicale_users + data_src: "{{ role_path }}/users" + use_ssh_client: true + rolling_versions: true + environment: + DOCKER_HOST: ssh://root@maestro.dmz + delegate_to: localhost + register: users - name: Deploy Docker stack docker_stack: name: radicale compose: - - /srv/radicale/docker-stack.yml + - "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}" + environment: + DOCKER_HOST: ssh://root@maestro.dmz + delegate_to: localhost diff --git a/ansible/roles/seafile/tasks/main.yml b/ansible/roles/seafile/tasks/main.yml index 7780d93..4b67a9a 100644 --- a/ansible/roles/seafile/tasks/main.yml +++ b/ansible/roles/seafile/tasks/main.yml @@ -1,15 +1,8 @@ -- name: Create working directory - file: - path: /srv/seafile - state: directory - -- name: Copy Docker stack file - template: - src: "{{ role_path }}/docker-stack.yml.j2" - dest: /srv/seafile/docker-stack.yml - - name: Deploy Docker stack docker_stack: name: seafile compose: - - /srv/seafile/docker-stack.yml + - "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}" + environment: + DOCKER_HOST: ssh://root@maestro.dmz + delegate_to: localhost diff --git a/ansible/roles/shephard/tasks/main.yml b/ansible/roles/shephard/tasks/main.yml index 817ebf0..feea0f7 100644 --- a/ansible/roles/shephard/tasks/main.yml +++ b/ansible/roles/shephard/tasks/main.yml @@ -1,15 +1,8 @@ -- name: Create working directory - file: - path: /srv/shephard - state: directory - -- name: Copy Docker stack file - template: - src: "{{ role_path }}/docker-stack.yml.j2" - dest: /srv/shephard/docker-stack.yml - - name: Deploy Docker stack docker_stack: name: shephard compose: - - /srv/shephard/docker-stack.yml + - "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}" + environment: + DOCKER_HOST: ssh://root@maestro.dmz + delegate_to: localhost diff --git a/ansible/roles/swarm_dashboard/tasks/main.yml b/ansible/roles/swarm_dashboard/tasks/main.yml index 6f8e171..223c4e8 100644 --- a/ansible/roles/swarm_dashboard/tasks/main.yml +++ b/ansible/roles/swarm_dashboard/tasks/main.yml @@ -1,15 +1,8 @@ -- name: Create working directory - file: - path: /srv/swarm_dashboard - state: directory - -- name: Copy Docker stack file - template: - src: "{{ role_path }}/docker-stack.yml.j2" - dest: /srv/swarm_dashboard/docker-stack.yml - - name: Deploy Docker stack docker_stack: name: swarm_dashboard compose: - - /srv/swarm_dashboard/docker-stack.yml + - "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}" + environment: + DOCKER_HOST: ssh://root@maestro.dmz + delegate_to: localhost diff --git a/ansible/roles/traefik/docker-stack.yml b/ansible/roles/traefik/docker-stack.yml.j2 similarity index 98% rename from ansible/roles/traefik/docker-stack.yml rename to ansible/roles/traefik/docker-stack.yml.j2 index 813892f..f20b453 100644 --- a/ansible/roles/traefik/docker-stack.yml +++ b/ansible/roles/traefik/docker-stack.yml.j2 @@ -7,7 +7,8 @@ networks: configs: services: - file: /srv/traefik/services.yml + external: true + name: "{{ services.config_name }}" services: traefik: diff --git a/ansible/roles/traefik/tasks/main.yml b/ansible/roles/traefik/tasks/main.yml index 146e0a4..41d57cb 100644 --- a/ansible/roles/traefik/tasks/main.yml +++ b/ansible/roles/traefik/tasks/main.yml @@ -1,30 +1,24 @@ -- name: Create working directory - file: - path: /srv/traefik - state: directory - - name: Create Traefik network docker_network: name: traefik driver: overlay -- name: Copy services definition - copy: - src: "{{ role_path }}/services.yml" - dest: /srv/traefik/services.yml - -- name: Create working directory - file: - path: /srv/traefik - state: directory - -- name: Copy Docker stack file - copy: - src: "{{ role_path }}/docker-stack.yml" - dest: /srv/traefik/docker-stack.yml +- name: Create Docker config + docker_config: + name: traefik_services + data_src: "{{ role_path }}/services.yml" + use_ssh_client: true + rolling_versions: true + environment: + DOCKER_HOST: ssh://root@maestro.dmz + delegate_to: localhost + register: services - name: Deploy Docker stack docker_stack: - name: traefik + name: forgejo compose: - - /srv/traefik/docker-stack.yml + - "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}" + environment: + DOCKER_HOST: ssh://root@maestro.dmz + delegate_to: localhost