diff --git a/env.yml b/env.yml index 4a428d8..e6799ff 100644 --- a/env.yml +++ b/env.yml @@ -50,6 +50,7 @@ projects: - nginx - postgres - searxng + - stump - synapse - syncthing - uptime-kuma @@ -63,6 +64,7 @@ projects_to_backup: - lldap - mailserver - postgres + - stump - synapse - uptime-kuma - vaultwarden @@ -96,6 +98,7 @@ ports: mailserver_jmap: 1443 postgres: 5432 searxng: 8083 + stump: 10801 synapse: 8008 syncthing_discosrv: 8443 # Public port, forwarded to 22067 by nftables @@ -105,6 +108,7 @@ ports: syncthing_udp: 22000 uptime_kuma: 3001 vaultwarden: 8081 + wireguard: 51820 # UID in containers @@ -119,12 +123,14 @@ users: postgres: 70 searxng: 977 searxng_redis: 999 + stump: 1005 synapse: 991 syncthing: 1001 syncthing_discosrv: 1002 syncthing_relaysrv: 1003 uptime_kuma: 1006 vaultwarden: 1000 + wireguard: 1009 volumes: @@ -137,6 +143,8 @@ volumes: mailserver_tls_certificate_file: "/etc/letsencrypt/live/mail.{{ domain }}/fullchain.pem" mailserver_tls_certificate_key_file: "/etc/letsencrypt/live/mail.{{ domain }}/privkey.pem" postgres_datadir: /mnt/postgresdata + stump_configdir: /mnt/stump/config + stump_datadir: /mnt/stump/data synapse_datadir: /mnt/synapsedata syncthing_datadir: "{{ cifs_mounts['syncthing']['path'] }}" uptime_kuma_datadir: /mnt/uptimekumadata diff --git a/roles/nginx/templates/sites-enabled/stump.conf b/roles/nginx/templates/sites-enabled/stump.conf new file mode 100644 index 0000000..2fac2b6 --- /dev/null +++ b/roles/nginx/templates/sites-enabled/stump.conf @@ -0,0 +1,13 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name stump.{{ domain }}; + + location / { + proxy_pass http://127.0.0.1:{{ ports['stump'] }}; + + include /etc/nginx/snippets/websocket.conf; + include /etc/nginx/snippets/proxy.conf; + } +} diff --git a/roles/stump/tasks/backup.yml b/roles/stump/tasks/backup.yml new file mode 100644 index 0000000..a3166cb --- /dev/null +++ b/roles/stump/tasks/backup.yml @@ -0,0 +1,30 @@ +- name: + become: true + block: + - name: Backup SQLite database + command: + cmd: | + sqlite3 + "{{ volumes['stump_configdir'] }}/stump.db" + ".backup {{ volumes['stump_configdir'] }}/stump-backup.db" + + - name: Create borg backup + command: + cmd: | + borg create + --compression=lzma + "{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}" + {{ volumes['stump_configdir'] }}/stump-backup.db + {{ volumes['stump_datadir'] }} + environment: + BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}" + + - name: Prune borg repository + command: + cmd: | + borg prune + --glob-archives='{{ role_name }}-*' + {{ borg_prune_options }} + {{ borg_repodir }} + environment: + BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}" diff --git a/roles/stump/tasks/main.yml b/roles/stump/tasks/main.yml new file mode 100644 index 0000000..89bf793 --- /dev/null +++ b/roles/stump/tasks/main.yml @@ -0,0 +1,14 @@ +- name: Include backup tasks + include_tasks: + file: backup.yml + when: run_backup | default(false) | bool + +- name: Include setup tasks + include_tasks: + file: setup.yml + when: run_setup | default(false) | bool + +- name: Include update tasks + include_tasks: + file: update.yml + when: run_update | default(false) | bool diff --git a/roles/stump/tasks/setup.yml b/roles/stump/tasks/setup.yml new file mode 100644 index 0000000..b6ee5b5 --- /dev/null +++ b/roles/stump/tasks/setup.yml @@ -0,0 +1,29 @@ +- name: "(Re)Create {{ project_dir }} project directory" + file: + path: "{{ project_dir }}" + state: "{{ item }}" + loop: + - absent + - directory + +- name: Template docker-compose.yaml to project directory + template: + src: "{{ item }}" + dest: "{{ project_dir }}/{{ item }}" + owner: "{{ host_uid }}" + group: "{{ host_uid }}" + mode: '640' + loop: + - docker-compose.yaml + +- name: "Create (if not exists) directories {{ volumes['stump_configdir'] }} and {{ volumes['stump_datadir'] }} & set permissions" + file: + path: "{{ item }}" + state: directory + owner: "{{ users['stump'] + uid_shift }}" + group: "{{ users['stump'] + uid_shift }}" + mode: '700' + become: true + loop: + - "{{ volumes['stump_datadir'] }}" + - "{{ volumes['stump_configdir'] }}" diff --git a/roles/stump/tasks/update.yml b/roles/stump/tasks/update.yml new file mode 100644 index 0000000..1bb4902 --- /dev/null +++ b/roles/stump/tasks/update.yml @@ -0,0 +1,24 @@ +- name: Pull project services + community.docker.docker_compose: + project_src: "{{ project_dir }}" + recreate: never + pull: true + debug: true + when: docker_pull_images | bool + register: stump_docker_compose_pull_result + +- name: Display pulled image(s) name + set_fact: + stump_pulled_images: "{{ stump_pulled_images | default([]) + [item.pulled_image.name] }}" + loop: "{{ stump_docker_compose_pull_result['actions'] | default([]) | selectattr('pulled_image', 'defined') }}" + +- name: Include backup tasks + include_tasks: + file: backup.yml + # Make a backup if we didn't already make one and we pulled a new image + when: not run_backup | default(false) and stump_pulled_images is defined + +- name: Create/Restart project services + community.docker.docker_compose: + project_src: "{{ project_dir }}" + restarted: "{{ run_setup | default(false) | bool }}" diff --git a/roles/stump/templates/docker-compose.yaml b/roles/stump/templates/docker-compose.yaml new file mode 100644 index 0000000..49453b6 --- /dev/null +++ b/roles/stump/templates/docker-compose.yaml @@ -0,0 +1,13 @@ +services: + stump: + container_name: stump + image: aaronleopold/stump:0.0.1 + restart: always + environment: + - PUID={{ users['stump'] }} + - PGID={{ users['stump'] }} + ports: + - 127.0.0.1:{{ ports['stump'] }}:10801 + volumes: + - {{ volumes['stump_configdir'] }}:/config + - {{ volumes['stump_datadir'] }}:/data