From d7190fcf6ed99825b9ac4565a7a1d139e1254bc8 Mon Sep 17 00:00:00 2001 From: Viyurz Date: Fri, 23 Feb 2024 16:50:51 +0100 Subject: [PATCH] Roles: Move update tasks to update.yml for consistency. Roles which require backup (etebase, synapse & vaultwarden) have their tasks splitted into two files (backup.yml & update.yml), which are executed based on the value of run_backup & run_update variables. For consistency, move the update tasks to update.yml for every role, even if they do not have any backup task. --- roles/coturn/tasks/main.yml | 85 ++------------------------------ roles/coturn/tasks/update.yml | 81 ++++++++++++++++++++++++++++++ roles/element/tasks/main.yml | 45 ++--------------- roles/element/tasks/update.yml | 41 +++++++++++++++ roles/hedgedoc/tasks/main.yml | 52 ++----------------- roles/hedgedoc/tasks/update.yml | 48 ++++++++++++++++++ roles/homepage/tasks/main.yml | 46 ++--------------- roles/homepage/tasks/update.yml | 42 ++++++++++++++++ roles/searxng/tasks/main.yml | 46 ++--------------- roles/searxng/tasks/update.yml | 42 ++++++++++++++++ roles/syncthing/tasks/main.yml | 34 ++----------- roles/syncthing/tasks/update.yml | 30 +++++++++++ 12 files changed, 308 insertions(+), 284 deletions(-) create mode 100644 roles/coturn/tasks/update.yml create mode 100644 roles/element/tasks/update.yml create mode 100644 roles/hedgedoc/tasks/update.yml create mode 100644 roles/homepage/tasks/update.yml create mode 100644 roles/searxng/tasks/update.yml create mode 100644 roles/syncthing/tasks/update.yml diff --git a/roles/coturn/tasks/main.yml b/roles/coturn/tasks/main.yml index 0d951bf..15b33e7 100644 --- a/roles/coturn/tasks/main.yml +++ b/roles/coturn/tasks/main.yml @@ -1,81 +1,4 @@ -- name: "Create {{ coturn_project_dir }} project directory" - file: - path: "{{ coturn_project_dir }}" - state: directory - -- name: Template docker-compose.yaml to project directory - template: - src: docker-compose.yaml - dest: "{{ coturn_project_dir }}/docker-compose.yaml" - owner: "{{ ansible_env['USER'] }}" - group: "{{ ansible_env['USER'] }}" - mode: '640' - -- name: Template turnserver.conf to project directory - template: - src: turnserver.conf - dest: "{{ coturn_project_dir }}/turnserver.conf" - owner: "{{ ansible_env['USER'] }}" - mode: '640' - # Store result to restart services if the file changed - register: coturn_template_turnserver_result - -# Separate task because template module cannot chown/chgrp to a non-existing user/group -- name: "Change group of turnserver.conf to coturn GID ({{ users['coturn'] + uid_shift }})" - file: - path: "{{ coturn_project_dir }}/turnserver.conf" - group: "{{ users['coturn'] + uid_shift }}" - become: true - -- name: Set limited permissions on certificate directories - file: - path: "/etc/{{ item }}" - state: directory - owner: root - group: root - mode: '751' - become: true - loop: - - letsencrypt - - letsencrypt/live - - letsencrypt/archive - -- name: Set limited permissions on certificate directories - file: - path: "/etc/letsencrypt/{{ item }}/turn.{{ domain }}" - state: directory - owner: "{{ host_uid }}" - group: "{{ users['coturn'] + uid_shift }}" - mode: '550' - become: true - loop: - - live - - archive - -- name: Set limited permissions on certificate key file - file: - path: "/etc/letsencrypt/live/turn.{{ domain }}/privkey.pem" - owner: root - group: "{{ users['coturn'] + uid_shift }}" - mode: '640' - become: true - -- name: Pull project services - community.docker.docker_compose: - project_src: "{{ coturn_project_dir }}" - recreate: never - pull: true - debug: true - when: docker_pull_images | bool - register: coturn_docker_compose_pull_result - -- name: Display pulled image(s) name - set_fact: - coturn_pulled_images: "{{ coturn_pulled_images | default([]) + [item.pulled_image.name] }}" - loop: "{{ coturn_docker_compose_pull_result['actions'] | default([]) | selectattr('pulled_image', 'defined') }}" - -- name: Create/Restart project services - community.docker.docker_compose: - project_src: "{{ coturn_project_dir }}" - # Restart if config file(s) changed - restarted: "{{ coturn_template_turnserver_result['changed'] | bool }}" +- name: Include update tasks + include_tasks: + file: update.yml + when: run_update | default(false) | bool diff --git a/roles/coturn/tasks/update.yml b/roles/coturn/tasks/update.yml new file mode 100644 index 0000000..0d951bf --- /dev/null +++ b/roles/coturn/tasks/update.yml @@ -0,0 +1,81 @@ +- name: "Create {{ coturn_project_dir }} project directory" + file: + path: "{{ coturn_project_dir }}" + state: directory + +- name: Template docker-compose.yaml to project directory + template: + src: docker-compose.yaml + dest: "{{ coturn_project_dir }}/docker-compose.yaml" + owner: "{{ ansible_env['USER'] }}" + group: "{{ ansible_env['USER'] }}" + mode: '640' + +- name: Template turnserver.conf to project directory + template: + src: turnserver.conf + dest: "{{ coturn_project_dir }}/turnserver.conf" + owner: "{{ ansible_env['USER'] }}" + mode: '640' + # Store result to restart services if the file changed + register: coturn_template_turnserver_result + +# Separate task because template module cannot chown/chgrp to a non-existing user/group +- name: "Change group of turnserver.conf to coturn GID ({{ users['coturn'] + uid_shift }})" + file: + path: "{{ coturn_project_dir }}/turnserver.conf" + group: "{{ users['coturn'] + uid_shift }}" + become: true + +- name: Set limited permissions on certificate directories + file: + path: "/etc/{{ item }}" + state: directory + owner: root + group: root + mode: '751' + become: true + loop: + - letsencrypt + - letsencrypt/live + - letsencrypt/archive + +- name: Set limited permissions on certificate directories + file: + path: "/etc/letsencrypt/{{ item }}/turn.{{ domain }}" + state: directory + owner: "{{ host_uid }}" + group: "{{ users['coturn'] + uid_shift }}" + mode: '550' + become: true + loop: + - live + - archive + +- name: Set limited permissions on certificate key file + file: + path: "/etc/letsencrypt/live/turn.{{ domain }}/privkey.pem" + owner: root + group: "{{ users['coturn'] + uid_shift }}" + mode: '640' + become: true + +- name: Pull project services + community.docker.docker_compose: + project_src: "{{ coturn_project_dir }}" + recreate: never + pull: true + debug: true + when: docker_pull_images | bool + register: coturn_docker_compose_pull_result + +- name: Display pulled image(s) name + set_fact: + coturn_pulled_images: "{{ coturn_pulled_images | default([]) + [item.pulled_image.name] }}" + loop: "{{ coturn_docker_compose_pull_result['actions'] | default([]) | selectattr('pulled_image', 'defined') }}" + +- name: Create/Restart project services + community.docker.docker_compose: + project_src: "{{ coturn_project_dir }}" + # Restart if config file(s) changed + restarted: "{{ coturn_template_turnserver_result['changed'] | bool }}" diff --git a/roles/element/tasks/main.yml b/roles/element/tasks/main.yml index 43eaee5..15b33e7 100644 --- a/roles/element/tasks/main.yml +++ b/roles/element/tasks/main.yml @@ -1,41 +1,4 @@ -- name: "Create {{ element_project_dir }} project directory" - file: - path: "{{ element_project_dir }}" - state: directory - -- name: Template docker-compose.yaml to project directory - template: - src: docker-compose.yaml - dest: "{{ element_project_dir }}/docker-compose.yaml" - owner: "{{ ansible_env['USER'] }}" - group: "{{ ansible_env['USER'] }}" - mode: '640' - -- name: Template config.json to project directory - template: - src: config.json - dest: "{{ element_project_dir }}/config.json" - owner: "{{ ansible_env['USER'] }}" - group: "{{ ansible_env['USER'] }}" - mode: '644' - register: element_template_config_result - -- name: Pull project services - community.docker.docker_compose: - project_src: "{{ element_project_dir }}" - recreate: never - pull: true - debug: true - when: docker_pull_images | bool - register: element_docker_compose_pull_result - -- name: Display pulled image(s) name - set_fact: - element_pulled_images: "{{ element_pulled_images | default([]) + [item.pulled_image.name] }}" - loop: "{{ element_docker_compose_pull_result['actions'] | default([]) | selectattr('pulled_image', 'defined') }}" - -- name: Create/Restart project services - community.docker.docker_compose: - project_src: "{{ element_project_dir }}" - # Restart if config file(s) changed - restarted: "{{ element_template_config_result['changed'] | bool }}" +- name: Include update tasks + include_tasks: + file: update.yml + when: run_update | default(false) | bool diff --git a/roles/element/tasks/update.yml b/roles/element/tasks/update.yml new file mode 100644 index 0000000..43eaee5 --- /dev/null +++ b/roles/element/tasks/update.yml @@ -0,0 +1,41 @@ +- name: "Create {{ element_project_dir }} project directory" + file: + path: "{{ element_project_dir }}" + state: directory + +- name: Template docker-compose.yaml to project directory + template: + src: docker-compose.yaml + dest: "{{ element_project_dir }}/docker-compose.yaml" + owner: "{{ ansible_env['USER'] }}" + group: "{{ ansible_env['USER'] }}" + mode: '640' + +- name: Template config.json to project directory + template: + src: config.json + dest: "{{ element_project_dir }}/config.json" + owner: "{{ ansible_env['USER'] }}" + group: "{{ ansible_env['USER'] }}" + mode: '644' + register: element_template_config_result + +- name: Pull project services + community.docker.docker_compose: + project_src: "{{ element_project_dir }}" + recreate: never + pull: true + debug: true + when: docker_pull_images | bool + register: element_docker_compose_pull_result + +- name: Display pulled image(s) name + set_fact: + element_pulled_images: "{{ element_pulled_images | default([]) + [item.pulled_image.name] }}" + loop: "{{ element_docker_compose_pull_result['actions'] | default([]) | selectattr('pulled_image', 'defined') }}" + +- name: Create/Restart project services + community.docker.docker_compose: + project_src: "{{ element_project_dir }}" + # Restart if config file(s) changed + restarted: "{{ element_template_config_result['changed'] | bool }}" diff --git a/roles/hedgedoc/tasks/main.yml b/roles/hedgedoc/tasks/main.yml index ca70510..15b33e7 100644 --- a/roles/hedgedoc/tasks/main.yml +++ b/roles/hedgedoc/tasks/main.yml @@ -1,48 +1,4 @@ -- name: "Create {{ hedgedoc_project_dir }} project directory" - file: - path: "{{ hedgedoc_project_dir }}" - state: directory - -- name: Template docker-compose.yaml to project directory - template: - src: docker-compose.yaml - dest: "{{ hedgedoc_project_dir }}/docker-compose.yaml" - owner: "{{ ansible_env['USER'] }}" - group: "{{ ansible_env['USER'] }}" - mode: '640' - -- name: "Create directory {{ volumes['hedgedoc_configdir'] }} with correct permissions" - file: - path: "{{ volumes['hedgedoc_configdir'] }}" - state: directory - owner: "{{ users['hedgedoc'] + uid_shift }}" - group: "{{ users['hedgedoc'] + uid_shift }}" - mode: '770' - become: true - -- name: "Create directory {{ volumes['hedgedoc_mysql_datadir'] }} with correct permissions" - file: - path: "{{ volumes['hedgedoc_mysql_datadir'] }}" - state: directory - owner: "{{ users['hedgedoc_mysql'] + uid_shift }}" - group: "{{ users['hedgedoc_mysql'] + uid_shift }}" - mode: '770' - become: true - -- name: Pull project services - community.docker.docker_compose: - project_src: "{{ hedgedoc_project_dir }}" - recreate: never - pull: true - debug: true - when: docker_pull_images | bool - register: hedgedoc_docker_compose_pull_result - -- name: Display pulled image(s) name - set_fact: - hedgedoc_pulled_images: "{{ hedgedoc_pulled_images | default([]) + [item.pulled_image.name] }}" - loop: "{{ hedgedoc_docker_compose_pull_result['actions'] | default([]) | selectattr('pulled_image', 'defined') }}" - -- name: Create/Restart project services - community.docker.docker_compose: - project_src: "{{ hedgedoc_project_dir }}" +- name: Include update tasks + include_tasks: + file: update.yml + when: run_update | default(false) | bool diff --git a/roles/hedgedoc/tasks/update.yml b/roles/hedgedoc/tasks/update.yml new file mode 100644 index 0000000..ca70510 --- /dev/null +++ b/roles/hedgedoc/tasks/update.yml @@ -0,0 +1,48 @@ +- name: "Create {{ hedgedoc_project_dir }} project directory" + file: + path: "{{ hedgedoc_project_dir }}" + state: directory + +- name: Template docker-compose.yaml to project directory + template: + src: docker-compose.yaml + dest: "{{ hedgedoc_project_dir }}/docker-compose.yaml" + owner: "{{ ansible_env['USER'] }}" + group: "{{ ansible_env['USER'] }}" + mode: '640' + +- name: "Create directory {{ volumes['hedgedoc_configdir'] }} with correct permissions" + file: + path: "{{ volumes['hedgedoc_configdir'] }}" + state: directory + owner: "{{ users['hedgedoc'] + uid_shift }}" + group: "{{ users['hedgedoc'] + uid_shift }}" + mode: '770' + become: true + +- name: "Create directory {{ volumes['hedgedoc_mysql_datadir'] }} with correct permissions" + file: + path: "{{ volumes['hedgedoc_mysql_datadir'] }}" + state: directory + owner: "{{ users['hedgedoc_mysql'] + uid_shift }}" + group: "{{ users['hedgedoc_mysql'] + uid_shift }}" + mode: '770' + become: true + +- name: Pull project services + community.docker.docker_compose: + project_src: "{{ hedgedoc_project_dir }}" + recreate: never + pull: true + debug: true + when: docker_pull_images | bool + register: hedgedoc_docker_compose_pull_result + +- name: Display pulled image(s) name + set_fact: + hedgedoc_pulled_images: "{{ hedgedoc_pulled_images | default([]) + [item.pulled_image.name] }}" + loop: "{{ hedgedoc_docker_compose_pull_result['actions'] | default([]) | selectattr('pulled_image', 'defined') }}" + +- name: Create/Restart project services + community.docker.docker_compose: + project_src: "{{ hedgedoc_project_dir }}" diff --git a/roles/homepage/tasks/main.yml b/roles/homepage/tasks/main.yml index f0c8b1d..15b33e7 100644 --- a/roles/homepage/tasks/main.yml +++ b/roles/homepage/tasks/main.yml @@ -1,42 +1,4 @@ -- name: "Create {{ homepage_project_dir }} project directory" - file: - path: "{{ homepage_project_dir }}" - state: directory - -- name: Template docker-compose.yaml to project directory - template: - src: docker-compose.yaml - dest: "{{ homepage_project_dir }}/docker-compose.yaml" - owner: "{{ ansible_env['USER'] }}" - group: "{{ ansible_env['USER'] }}" - mode: '640' - -- name: Copy nginx.conf and index/ to project directory - copy: - src: "{{ role_path }}/files/" - dest: "{{ homepage_project_dir }}" - owner: "{{ ansible_env['USER'] }}" - group: "{{ ansible_env['USER'] }}" - mode: '644' - # Store result to restart services if the file(s) changed - register: homepage_copy_files_result - -- name: Pull project services - community.docker.docker_compose: - project_src: "{{ homepage_project_dir }}" - recreate: never - pull: true - debug: true - when: docker_pull_images | bool - register: homepage_docker_compose_pull_result - -- name: Display pulled image(s) name - set_fact: - homepage_pulled_images: "{{ homepage_pulled_images | default([]) + [item.pulled_image.name] }}" - loop: "{{ homepage_docker_compose_pull_result['actions'] | default([]) | selectattr('pulled_image', 'defined') }}" - -- name: Create/Restart project services - community.docker.docker_compose: - project_src: "{{ homepage_project_dir }}" - # Restart if config file(s) changed - restarted: "{{ homepage_copy_files_result['changed'] | bool }}" +- name: Include update tasks + include_tasks: + file: update.yml + when: run_update | default(false) | bool diff --git a/roles/homepage/tasks/update.yml b/roles/homepage/tasks/update.yml new file mode 100644 index 0000000..f0c8b1d --- /dev/null +++ b/roles/homepage/tasks/update.yml @@ -0,0 +1,42 @@ +- name: "Create {{ homepage_project_dir }} project directory" + file: + path: "{{ homepage_project_dir }}" + state: directory + +- name: Template docker-compose.yaml to project directory + template: + src: docker-compose.yaml + dest: "{{ homepage_project_dir }}/docker-compose.yaml" + owner: "{{ ansible_env['USER'] }}" + group: "{{ ansible_env['USER'] }}" + mode: '640' + +- name: Copy nginx.conf and index/ to project directory + copy: + src: "{{ role_path }}/files/" + dest: "{{ homepage_project_dir }}" + owner: "{{ ansible_env['USER'] }}" + group: "{{ ansible_env['USER'] }}" + mode: '644' + # Store result to restart services if the file(s) changed + register: homepage_copy_files_result + +- name: Pull project services + community.docker.docker_compose: + project_src: "{{ homepage_project_dir }}" + recreate: never + pull: true + debug: true + when: docker_pull_images | bool + register: homepage_docker_compose_pull_result + +- name: Display pulled image(s) name + set_fact: + homepage_pulled_images: "{{ homepage_pulled_images | default([]) + [item.pulled_image.name] }}" + loop: "{{ homepage_docker_compose_pull_result['actions'] | default([]) | selectattr('pulled_image', 'defined') }}" + +- name: Create/Restart project services + community.docker.docker_compose: + project_src: "{{ homepage_project_dir }}" + # Restart if config file(s) changed + restarted: "{{ homepage_copy_files_result['changed'] | bool }}" diff --git a/roles/searxng/tasks/main.yml b/roles/searxng/tasks/main.yml index ac1d947..15b33e7 100644 --- a/roles/searxng/tasks/main.yml +++ b/roles/searxng/tasks/main.yml @@ -1,42 +1,4 @@ -- name: "Create {{ searxng_project_dir }} project directory" - file: - path: "{{ searxng_project_dir }}" - state: directory - -- name: Template docker-compose.yaml to project directory - template: - src: docker-compose.yaml - dest: "{{ searxng_project_dir }}/docker-compose.yaml" - owner: "{{ ansible_env['USER'] }}" - group: "{{ ansible_env['USER'] }}" - mode: '640' - -- name: Copy settings.yml and limiter.toml to project directory - copy: - src: "{{ role_path }}/files/" - dest: "{{ searxng_project_dir }}" - owner: "{{ ansible_env['USER'] }}" - group: "{{ ansible_env['USER'] }}" - mode: '644' - # Store result to restart services if the file(s) changed - register: searxng_copy_files_result - -- name: Pull project services - community.docker.docker_compose: - project_src: "{{ searxng_project_dir }}" - recreate: never - pull: true - debug: true - when: docker_pull_images | bool - register: searxng_docker_compose_pull_result - -- name: Display pulled image(s) name - set_fact: - searxng_pulled_images: "{{ searxng_pulled_images | default([]) + [item.pulled_image.name] }}" - loop: "{{ searxng_docker_compose_pull_result['actions'] | default([]) | selectattr('pulled_image', 'defined') }}" - -- name: Create/Restart project services - community.docker.docker_compose: - project_src: "{{ searxng_project_dir }}" - # Restart if config file(s) changed - restarted: "{{ searxng_copy_files_result['changed'] | bool }}" +- name: Include update tasks + include_tasks: + file: update.yml + when: run_update | default(false) | bool diff --git a/roles/searxng/tasks/update.yml b/roles/searxng/tasks/update.yml new file mode 100644 index 0000000..ac1d947 --- /dev/null +++ b/roles/searxng/tasks/update.yml @@ -0,0 +1,42 @@ +- name: "Create {{ searxng_project_dir }} project directory" + file: + path: "{{ searxng_project_dir }}" + state: directory + +- name: Template docker-compose.yaml to project directory + template: + src: docker-compose.yaml + dest: "{{ searxng_project_dir }}/docker-compose.yaml" + owner: "{{ ansible_env['USER'] }}" + group: "{{ ansible_env['USER'] }}" + mode: '640' + +- name: Copy settings.yml and limiter.toml to project directory + copy: + src: "{{ role_path }}/files/" + dest: "{{ searxng_project_dir }}" + owner: "{{ ansible_env['USER'] }}" + group: "{{ ansible_env['USER'] }}" + mode: '644' + # Store result to restart services if the file(s) changed + register: searxng_copy_files_result + +- name: Pull project services + community.docker.docker_compose: + project_src: "{{ searxng_project_dir }}" + recreate: never + pull: true + debug: true + when: docker_pull_images | bool + register: searxng_docker_compose_pull_result + +- name: Display pulled image(s) name + set_fact: + searxng_pulled_images: "{{ searxng_pulled_images | default([]) + [item.pulled_image.name] }}" + loop: "{{ searxng_docker_compose_pull_result['actions'] | default([]) | selectattr('pulled_image', 'defined') }}" + +- name: Create/Restart project services + community.docker.docker_compose: + project_src: "{{ searxng_project_dir }}" + # Restart if config file(s) changed + restarted: "{{ searxng_copy_files_result['changed'] | bool }}" diff --git a/roles/syncthing/tasks/main.yml b/roles/syncthing/tasks/main.yml index bc9bdfe..15b33e7 100644 --- a/roles/syncthing/tasks/main.yml +++ b/roles/syncthing/tasks/main.yml @@ -1,30 +1,4 @@ -- name: "Create {{ syncthing_project_dir }} project directory" - file: - path: "{{ syncthing_project_dir }}" - state: directory - -- name: Template docker-compose.yaml to project directory - template: - src: docker-compose.yaml - dest: "{{ syncthing_project_dir }}/docker-compose.yaml" - owner: "{{ ansible_env['USER'] }}" - group: "{{ ansible_env['USER'] }}" - mode: '640' - -- name: Pull project services - community.docker.docker_compose: - project_src: "{{ syncthing_project_dir }}" - recreate: never - pull: true - debug: true - when: docker_pull_images | bool - register: syncthing_docker_compose_pull_result - -- name: Display pulled image(s) name - set_fact: - syncthing_pulled_images: "{{ syncthing_pulled_images | default([]) + [item.pulled_image.name] }}" - loop: "{{ syncthing_docker_compose_pull_result['actions'] | default([]) | selectattr('pulled_image', 'defined') }}" - -- name: Create/Restart project services - community.docker.docker_compose: - project_src: "{{ syncthing_project_dir }}" +- name: Include update tasks + include_tasks: + file: update.yml + when: run_update | default(false) | bool diff --git a/roles/syncthing/tasks/update.yml b/roles/syncthing/tasks/update.yml new file mode 100644 index 0000000..bc9bdfe --- /dev/null +++ b/roles/syncthing/tasks/update.yml @@ -0,0 +1,30 @@ +- name: "Create {{ syncthing_project_dir }} project directory" + file: + path: "{{ syncthing_project_dir }}" + state: directory + +- name: Template docker-compose.yaml to project directory + template: + src: docker-compose.yaml + dest: "{{ syncthing_project_dir }}/docker-compose.yaml" + owner: "{{ ansible_env['USER'] }}" + group: "{{ ansible_env['USER'] }}" + mode: '640' + +- name: Pull project services + community.docker.docker_compose: + project_src: "{{ syncthing_project_dir }}" + recreate: never + pull: true + debug: true + when: docker_pull_images | bool + register: syncthing_docker_compose_pull_result + +- name: Display pulled image(s) name + set_fact: + syncthing_pulled_images: "{{ syncthing_pulled_images | default([]) + [item.pulled_image.name] }}" + loop: "{{ syncthing_docker_compose_pull_result['actions'] | default([]) | selectattr('pulled_image', 'defined') }}" + +- name: Create/Restart project services + community.docker.docker_compose: + project_src: "{{ syncthing_project_dir }}"