Viyurz/vps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add postgres role/container.

Browse source
This commit is contained in:
Viyurz 2024-03-29 20:56:28 +01:00
parent a24851a8b1
commit 7918d3b6f7
Signed by: Viyurz
SSH key fingerprint: SHA256:IskOHTmhHSJIvAt04N6aaxd5SZCVWW1Guf9tEcxIMj8
7 changed files with 106 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
env.yml
View file

@ -2,6 +2,7 @@ domain: viyurz.fr
timezone: "Europe/Paris" timezone: "Europe/Paris"
host_uid: 1000 host_uid: 1000
docker_projects_dir: "{{ ansible_env['HOME'] }}/docker-projects" docker_projects_dir: "{{ ansible_env['HOME'] }}/docker-projects"
project_dir: "{{ docker_projects_dir }}/{{ role_name }}"
# UID shift for mapping between host & containers # UID shift for mapping between host & containers
uid_shift: 99999 uid_shift: 99999
@ -43,6 +44,7 @@ projects:
- hedgedoc - hedgedoc
- homepage - homepage
- mailserver - mailserver
- postgres
- reverse-proxy - reverse-proxy
- searxng - searxng
- synapse - synapse
@ -55,6 +57,7 @@ projects_to_backup:
- etebase - etebase
- hedgedoc - hedgedoc
- mailserver - mailserver
- postgres
- synapse - synapse
- uptime-kuma - uptime-kuma
- vaultwarden - vaultwarden
@ -85,6 +88,7 @@ ports:
mailserver_smtps: 1465 mailserver_smtps: 1465
mailserver_imaps: 1993 mailserver_imaps: 1993
mailserver_jmap: 1443 mailserver_jmap: 1443
postgres: 5432
searxng: 8083 searxng: 8083
synapse: 8008 synapse: 8008
syncthing_discosrv: 8443 syncthing_discosrv: 8443
@ -105,6 +109,7 @@ users:
hedgedoc_mysql: 1005 hedgedoc_mysql: 1005
homepage: 8686 homepage: 8686
mailserver: 8 mailserver: 8
postgres: 70
searxng: 977 searxng: 977
searxng_redis: 999 searxng_redis: 999
synapse: 991 synapse: 991
@ -125,6 +130,7 @@ volumes:
mailserver_datadir: /mnt/mailserverdata mailserver_datadir: /mnt/mailserverdata
mailserver_tls_certificate_file: "/etc/letsencrypt/live/mail.{{ domain }}/fullchain.pem" mailserver_tls_certificate_file: "/etc/letsencrypt/live/mail.{{ domain }}/fullchain.pem"
mailserver_tls_certificate_key_file: "/etc/letsencrypt/live/mail.{{ domain }}/privkey.pem" mailserver_tls_certificate_key_file: "/etc/letsencrypt/live/mail.{{ domain }}/privkey.pem"
postgres_datadir: /mnt/postgresdata
synapse_datadir: /mnt/synapsedata synapse_datadir: /mnt/synapsedata
synapse_postgres_datadir: /mnt/synapsepgdata synapse_postgres_datadir: /mnt/synapsepgdata
syncthing_datadir: "{{ cifs_mounts['syncthing']['path'] }}" syncthing_datadir: "{{ cifs_mounts['syncthing']['path'] }}"

24
roles/postgres/tasks/backup.yml Normal file
View file

@ -0,0 +1,24 @@
- name: Create borg backup from PostgreSQL dumpall
shell: |
docker exec postgres
pg_dumpall |
borg create
--compression lzma
"{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}"
-
--stdin-name dumpall.sql
environment:
DOCKER_HOST: "unix:///run/user/{{ host_uid }}/docker.sock"
BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
become: true
- name: Prune borg repository
command:
cmd: |
borg prune
--glob-archives='{{ role_name }}-*'
{{ borg_prune_options }}
{{ borg_repodir }}
environment:
BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
become: true

9
roles/postgres/tasks/main.yml Normal file
View file

@ -0,0 +1,9 @@
- name: Include backup tasks
include_tasks:
file: backup.yml
when: run_backup | default(false) | bool
- name: Include update tasks
include_tasks:
file: update.yml
when: run_update | default(false) | bool

48
roles/postgres/tasks/update.yml Normal file
View file

@ -0,0 +1,48 @@
- name: "Create {{ project_dir }} directory"
file:
path: "{{ project_dir }}"
state: directory
- name: Template docker-compose.yaml & .env to project directory
template:
src: "{{ item }}"
dest: "{{ project_dir }}/{{ item }}"
owner: "{{ host_uid }}"
group: "{{ host_uid }}"
mode: '600'
loop:
- docker-compose.yaml
- .env
- name: "Create (if not exists) directory {{ volumes['postgres_datadir'] }} & set permissions"
file:
path: "{{ volumes['postgres_datadir'] }}"
state: directory
owner: "{{ users['postgres'] + uid_shift }}"
group: "{{ users['postgres'] + uid_shift }}"
mode: '700'
become: true
- name: Pull project services
community.docker.docker_compose:
project_src: "{{ project_dir }}"
recreate: never
pull: true
debug: true
when: docker_pull_images | bool
register: postgres_docker_compose_pull_result
- name: Display pulled image(s) name
set_fact:
postgres_pulled_images: "{{ postgres_pulled_images | default([]) + [item.pulled_image.name] }}"
loop: "{{ postgres_docker_compose_pull_result['actions'] | default([]) | selectattr('pulled_image', 'defined') }}"
- name: Include backup tasks
include_tasks:
file: backup.yml
# Make a backup if we didn't already make one and we pulled a new image
when: not run_backup and postgres_pulled_images is defined
- name: Create/Restart project services
community.docker.docker_compose:
project_src: "{{ project_dir }}"

5
roles/postgres/templates/.env Normal file
View file

@ -0,0 +1,5 @@
POSTGRES_PASSWORD='{{ postgres_password | default("") }}'
# Required for Synapse
LANG=C
POSTGRES_INITDB_ARGS="--locale=C --encoding=UTF8"

11
roles/postgres/templates/docker-compose.yaml Normal file
View file

@ -0,0 +1,11 @@
services:
postgres:
container_name: postgres
image: docker.io/library/postgres:16-alpine
restart: always
user: {{ users['postgres'] }}:{{ users['postgres'] }}
env_file: .env
ports:
- {{ ports['postgres'] }}:5432
volumes:
- {{ volumes['postgres_datadir'] }}:/var/lib/postgresql/data

3
secrets.yml.example
View file

@ -13,6 +13,9 @@ coturn_secrets:
hedgedoc_secrets: hedgedoc_secrets:
mysql_root_password: mysql_root_password:
# Password of the 'postgres' superuser
postgres_password:
searxng_secrets: searxng_secrets:
searxng_secret: searxng_secret: