diff --git a/env.yml b/env.yml index 8efb8f9..8091f23 100644 --- a/env.yml +++ b/env.yml @@ -2,6 +2,7 @@ domain: viyurz.fr timezone: "Europe/Paris" host_uid: 1000 docker_projects_dir: "{{ ansible_env['HOME'] }}/docker-projects" +project_dir: "{{ docker_projects_dir }}/{{ role_name }}" # UID shift for mapping between host & containers uid_shift: 99999 @@ -43,6 +44,7 @@ projects: - hedgedoc - homepage - mailserver + - postgres - reverse-proxy - searxng - synapse @@ -55,6 +57,7 @@ projects_to_backup: - etebase - hedgedoc - mailserver + - postgres - synapse - uptime-kuma - vaultwarden @@ -85,6 +88,7 @@ ports: mailserver_smtps: 1465 mailserver_imaps: 1993 mailserver_jmap: 1443 + postgres: 5432 searxng: 8083 synapse: 8008 syncthing_discosrv: 8443 @@ -105,6 +109,7 @@ users: hedgedoc_mysql: 1005 homepage: 8686 mailserver: 8 + postgres: 70 searxng: 977 searxng_redis: 999 synapse: 991 @@ -125,6 +130,7 @@ volumes: mailserver_datadir: /mnt/mailserverdata mailserver_tls_certificate_file: "/etc/letsencrypt/live/mail.{{ domain }}/fullchain.pem" mailserver_tls_certificate_key_file: "/etc/letsencrypt/live/mail.{{ domain }}/privkey.pem" + postgres_datadir: /mnt/postgresdata synapse_datadir: /mnt/synapsedata synapse_postgres_datadir: /mnt/synapsepgdata syncthing_datadir: "{{ cifs_mounts['syncthing']['path'] }}" diff --git a/roles/postgres/tasks/backup.yml b/roles/postgres/tasks/backup.yml new file mode 100644 index 0000000..e9bfef1 --- /dev/null +++ b/roles/postgres/tasks/backup.yml @@ -0,0 +1,24 @@ +- name: Create borg backup from PostgreSQL dumpall + shell: | + docker exec postgres + pg_dumpall | + borg create + --compression lzma + "{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}" + - + --stdin-name dumpall.sql + environment: + DOCKER_HOST: "unix:///run/user/{{ host_uid }}/docker.sock" + BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}" + become: true + +- name: Prune borg repository + command: + cmd: | + borg prune + --glob-archives='{{ role_name }}-*' + {{ borg_prune_options }} + {{ borg_repodir }} + environment: + BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}" + become: true diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml new file mode 100644 index 0000000..ed95f38 --- /dev/null +++ b/roles/postgres/tasks/main.yml @@ -0,0 +1,9 @@ +- name: Include backup tasks + include_tasks: + file: backup.yml + when: run_backup | default(false) | bool + +- name: Include update tasks + include_tasks: + file: update.yml + when: run_update | default(false) | bool diff --git a/roles/postgres/tasks/update.yml b/roles/postgres/tasks/update.yml new file mode 100644 index 0000000..6806cbd --- /dev/null +++ b/roles/postgres/tasks/update.yml @@ -0,0 +1,48 @@ +- name: "Create {{ project_dir }} directory" + file: + path: "{{ project_dir }}" + state: directory + +- name: Template docker-compose.yaml & .env to project directory + template: + src: "{{ item }}" + dest: "{{ project_dir }}/{{ item }}" + owner: "{{ host_uid }}" + group: "{{ host_uid }}" + mode: '600' + loop: + - docker-compose.yaml + - .env + +- name: "Create (if not exists) directory {{ volumes['postgres_datadir'] }} & set permissions" + file: + path: "{{ volumes['postgres_datadir'] }}" + state: directory + owner: "{{ users['postgres'] + uid_shift }}" + group: "{{ users['postgres'] + uid_shift }}" + mode: '700' + become: true + +- name: Pull project services + community.docker.docker_compose: + project_src: "{{ project_dir }}" + recreate: never + pull: true + debug: true + when: docker_pull_images | bool + register: postgres_docker_compose_pull_result + +- name: Display pulled image(s) name + set_fact: + postgres_pulled_images: "{{ postgres_pulled_images | default([]) + [item.pulled_image.name] }}" + loop: "{{ postgres_docker_compose_pull_result['actions'] | default([]) | selectattr('pulled_image', 'defined') }}" + +- name: Include backup tasks + include_tasks: + file: backup.yml + # Make a backup if we didn't already make one and we pulled a new image + when: not run_backup and postgres_pulled_images is defined + +- name: Create/Restart project services + community.docker.docker_compose: + project_src: "{{ project_dir }}" diff --git a/roles/postgres/templates/.env b/roles/postgres/templates/.env new file mode 100644 index 0000000..d6235f5 --- /dev/null +++ b/roles/postgres/templates/.env @@ -0,0 +1,5 @@ +POSTGRES_PASSWORD='{{ postgres_password | default("") }}' +# Required for Synapse +LANG=C +POSTGRES_INITDB_ARGS="--locale=C --encoding=UTF8" + diff --git a/roles/postgres/templates/docker-compose.yaml b/roles/postgres/templates/docker-compose.yaml new file mode 100644 index 0000000..a042ac8 --- /dev/null +++ b/roles/postgres/templates/docker-compose.yaml @@ -0,0 +1,11 @@ +services: + postgres: + container_name: postgres + image: docker.io/library/postgres:16-alpine + restart: always + user: {{ users['postgres'] }}:{{ users['postgres'] }} + env_file: .env + ports: + - {{ ports['postgres'] }}:5432 + volumes: + - {{ volumes['postgres_datadir'] }}:/var/lib/postgresql/data diff --git a/secrets.yml.example b/secrets.yml.example index 4d22762..602951c 100644 --- a/secrets.yml.example +++ b/secrets.yml.example @@ -13,6 +13,9 @@ coturn_secrets: hedgedoc_secrets: mysql_root_password: +# Password of the 'postgres' superuser +postgres_password: + searxng_secrets: searxng_secret: