Add Stump.

2024-04-20 12:48:37 +02:00 · 2024-04-20 12:48:37 +02:00 · 325c0fbeee
commit 325c0fbeee
parent e3abbbb8fe
7 changed files with 131 additions and 0 deletions
--- a/env.yml
+++ b/env.yml
@ -50,6 +50,7 @@ projects:
  - nginx
  - postgres
  - searxng
+  - stump
  - synapse
  - syncthing
  - uptime-kuma
@ -63,6 +64,7 @@ projects_to_backup:
  - lldap
  - mailserver
  - postgres
+  - stump
  - synapse
  - uptime-kuma
  - vaultwarden
@ -96,6 +98,7 @@ ports:
  mailserver_jmap: 1443
  postgres: 5432
  searxng: 8083
+  stump: 10801
  synapse: 8008
  syncthing_discosrv: 8443
  # Public port, forwarded to 22067 by nftables
@ -105,6 +108,7 @@ ports:
  syncthing_udp: 22000
  uptime_kuma: 3001
  vaultwarden: 8081
+  wireguard: 51820


 # UID in containers
@ -119,12 +123,14 @@ users:
  postgres: 70
  searxng: 977
  searxng_redis: 999
+  stump: 1005
  synapse: 991
  syncthing: 1001
  syncthing_discosrv: 1002
  syncthing_relaysrv: 1003
  uptime_kuma: 1006
  vaultwarden: 1000
+  wireguard: 1009


 volumes:
@ -137,6 +143,8 @@ volumes:
  mailserver_tls_certificate_file: "/etc/letsencrypt/live/mail.{{ domain }}/fullchain.pem"
  mailserver_tls_certificate_key_file: "/etc/letsencrypt/live/mail.{{ domain }}/privkey.pem"
  postgres_datadir: /mnt/postgresdata
+  stump_configdir: /mnt/stump/config
+  stump_datadir: /mnt/stump/data
  synapse_datadir: /mnt/synapsedata
  syncthing_datadir: "{{ cifs_mounts['syncthing']['path'] }}"
  uptime_kuma_datadir: /mnt/uptimekumadata
--- a/roles/nginx/templates/sites-enabled/stump.conf
+++ b/roles/nginx/templates/sites-enabled/stump.conf
@ -0,0 +1,13 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name stump.{{ domain }};
+
+    location / {
+        proxy_pass http://127.0.0.1:{{ ports['stump'] }};
+
+        include /etc/nginx/snippets/websocket.conf;
+        include /etc/nginx/snippets/proxy.conf;
+    }
+}
--- a/roles/stump/tasks/backup.yml
+++ b/roles/stump/tasks/backup.yml
@ -0,0 +1,30 @@
+- name:
+  become: true
+  block:
+    - name: Backup SQLite database
+      command:
+        cmd: |
+          sqlite3
+          "{{ volumes['stump_configdir'] }}/stump.db"
+          ".backup {{ volumes['stump_configdir'] }}/stump-backup.db"
+
+    - name: Create borg backup
+      command:
+        cmd: |
+          borg create
+          --compression=lzma
+          "{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}"
+          {{ volumes['stump_configdir'] }}/stump-backup.db
+          {{ volumes['stump_datadir'] }}
+      environment:
+        BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
+
+    - name: Prune borg repository
+      command:
+        cmd: |
+          borg prune
+          --glob-archives='{{ role_name }}-*'
+          {{ borg_prune_options }}
+          {{ borg_repodir }}
+      environment:
+        BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
--- a/roles/stump/tasks/main.yml
+++ b/roles/stump/tasks/main.yml
@ -0,0 +1,14 @@
+- name: Include backup tasks
+  include_tasks:
+    file: backup.yml
+  when: run_backup | default(false) | bool
+
+- name: Include setup tasks
+  include_tasks:
+    file: setup.yml
+  when: run_setup | default(false) | bool
+
+- name: Include update tasks
+  include_tasks:
+    file: update.yml
+  when: run_update | default(false) | bool
--- a/roles/stump/tasks/setup.yml
+++ b/roles/stump/tasks/setup.yml
@ -0,0 +1,29 @@
+- name: "(Re)Create {{ project_dir }} project directory"
+  file:
+    path: "{{ project_dir }}"
+    state: "{{ item }}"
+  loop:
+    - absent
+    - directory
+
+- name: Template docker-compose.yaml to project directory
+  template:
+    src: "{{ item }}"
+    dest: "{{ project_dir }}/{{ item }}"
+    owner: "{{ host_uid }}"
+    group: "{{ host_uid }}"
+    mode: '640'
+  loop:
+    - docker-compose.yaml
+
+- name: "Create (if not exists) directories {{ volumes['stump_configdir'] }} and {{ volumes['stump_datadir'] }} & set permissions"
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ users['stump'] + uid_shift }}"
+    group: "{{ users['stump'] + uid_shift }}"
+    mode: '700'
+  become: true
+  loop:
+    - "{{ volumes['stump_datadir'] }}"
+    - "{{ volumes['stump_configdir'] }}"
--- a/roles/stump/tasks/update.yml
+++ b/roles/stump/tasks/update.yml
@ -0,0 +1,24 @@
+- name: Pull project services
+  community.docker.docker_compose:
+    project_src: "{{ project_dir }}"
+    recreate: never
+    pull: true
+    debug: true
+  when: docker_pull_images | bool
+  register: stump_docker_compose_pull_result
+
+- name: Display pulled image(s) name
+  set_fact:
+    stump_pulled_images: "{{ stump_pulled_images | default([]) + [item.pulled_image.name] }}"
+  loop: "{{ stump_docker_compose_pull_result['actions'] | default([]) | selectattr('pulled_image', 'defined') }}"
+
+- name: Include backup tasks
+  include_tasks:
+    file: backup.yml
+  # Make a backup if we didn't already make one and we pulled a new image
+  when: not run_backup | default(false) and stump_pulled_images is defined
+
+- name: Create/Restart project services
+  community.docker.docker_compose:
+    project_src: "{{ project_dir }}"
+    restarted: "{{ run_setup | default(false) | bool }}"
--- a/roles/stump/templates/docker-compose.yaml
+++ b/roles/stump/templates/docker-compose.yaml
@ -0,0 +1,13 @@
+services:
+  stump:
+    container_name: stump
+    image: aaronleopold/stump:0.0.1
+    restart: always
+    environment:
+      - PUID={{ users['stump'] }}
+      - PGID={{ users['stump'] }}
+    ports:
+      - 127.0.0.1:{{ ports['stump'] }}:10801
+    volumes:
+      - {{ volumes['stump_configdir'] }}:/config
+      - {{ volumes['stump_datadir'] }}:/data