From e3abbbb8fe0df2d52f0bceec305abda4dc4a7e3c Mon Sep 17 00:00:00 2001 From: Viyurz Date: Sat, 20 Apr 2024 12:17:10 +0200 Subject: [PATCH] Split setup & updates tasks to allow running only update ones. --- playbooks/backup-services.yml | 1 - playbooks/setup-services.yml | 30 +++++++++ playbooks/update-services.yml | 2 - roles/authelia/tasks/setup.yml | 8 ++- roles/authelia/tasks/update.yml | 4 +- roles/coturn/tasks/main.yml | 5 ++ roles/coturn/tasks/setup.yml | 58 +++++++++++++++++ roles/coturn/tasks/update.yml | 65 +------------------ roles/element/tasks/main.yml | 5 ++ roles/element/tasks/setup.yml | 18 +++++ roles/element/tasks/update.yml | 25 +------ roles/etebase/tasks/main.yml | 5 ++ roles/etebase/tasks/setup.yml | 27 ++++++++ roles/etebase/tasks/update.yml | 33 +--------- roles/hedgedoc/tasks/main.yml | 5 ++ roles/hedgedoc/tasks/setup.yml | 27 ++++++++ roles/hedgedoc/tasks/update.yml | 28 +------- roles/homepage/tasks/main.yml | 5 ++ roles/homepage/tasks/setup.yml | 15 +++++ roles/homepage/tasks/update.yml | 14 +--- roles/lldap/tasks/setup.yml | 7 +- roles/lldap/tasks/update.yml | 3 +- roles/mailserver/tasks/main.yml | 5 ++ roles/mailserver/tasks/setup.yml | 60 +++++++++++++++++ roles/mailserver/tasks/update.yml | 62 +----------------- roles/postgres/tasks/main.yml | 5 ++ roles/postgres/tasks/setup.yml | 33 ++++++++++ roles/postgres/tasks/update.yml | 34 +--------- roles/searxng/tasks/main.yml | 5 ++ roles/searxng/tasks/setup.yml | 23 +++++++ roles/searxng/tasks/update.yml | 26 +------- roles/synapse/tasks/main.yml | 5 ++ roles/synapse/tasks/setup.yml | 34 ++++++++++ roles/synapse/tasks/update.yml | 43 +----------- roles/syncthing/tasks/main.yml | 5 ++ roles/syncthing/tasks/setup.yml | 15 +++++ roles/syncthing/tasks/update.yml | 14 +--- roles/uptime-kuma/tasks/main.yml | 5 ++ roles/uptime-kuma/tasks/setup.yml | 24 +++++++ roles/uptime-kuma/tasks/update.yml | 25 +------ roles/vaultwarden/tasks/main.yml | 5 ++ roles/vaultwarden/tasks/setup.yml | 27 ++++++++ roles/vaultwarden/tasks/update.yml | 28 +------- roles/vaultwarden/templates/.env | 7 ++ .../vaultwarden/templates/docker-compose.yaml | 11 +--- 45 files changed, 492 insertions(+), 399 deletions(-) create mode 100644 playbooks/setup-services.yml create mode 100644 roles/coturn/tasks/setup.yml create mode 100644 roles/element/tasks/setup.yml create mode 100644 roles/etebase/tasks/setup.yml create mode 100644 roles/hedgedoc/tasks/setup.yml create mode 100644 roles/homepage/tasks/setup.yml create mode 100644 roles/mailserver/tasks/setup.yml create mode 100644 roles/postgres/tasks/setup.yml create mode 100644 roles/searxng/tasks/setup.yml create mode 100644 roles/synapse/tasks/setup.yml create mode 100644 roles/syncthing/tasks/setup.yml create mode 100644 roles/uptime-kuma/tasks/setup.yml create mode 100644 roles/vaultwarden/tasks/setup.yml diff --git a/playbooks/backup-services.yml b/playbooks/backup-services.yml index 591ce44..54660d6 100644 --- a/playbooks/backup-services.yml +++ b/playbooks/backup-services.yml @@ -8,7 +8,6 @@ hosts: localhost vars: run_backup: true - run_update: false vars_prompt: - name: selected_projects prompt: "Choose projects to backup (leave empty to backup all. Projects list: {{ hostvars['localhost']['projects_to_backup'] }})" diff --git a/playbooks/setup-services.yml b/playbooks/setup-services.yml new file mode 100644 index 0000000..98f5a23 --- /dev/null +++ b/playbooks/setup-services.yml @@ -0,0 +1,30 @@ +- name: Include variables files + hosts: localhost + roles: + - include-vars + +- name: Setup & update project(s) + hosts: localhost + vars: + run_setup: true + run_update: true + vars_prompt: + - name: selected_projects + prompt: "Choose projects to setup & update (Keep empty to select all. Projects list: {{ hostvars['localhost']['projects'] }})" + private: false + unsafe: true + + - name: docker_pull_images + prompt: "Pull project(s) images?" + default: false + private: false + + tasks: + - name: Setup & update project(s) + include_role: + name: "{{ project }}" + loop: "{{ (selected_projects | split) | default(projects, true) }}" + loop_control: + # Do not use default variable name 'item' to prevent collisions with loops in roles. + loop_var: project + when: project in projects diff --git a/playbooks/update-services.yml b/playbooks/update-services.yml index 0cf8b51..8c2b940 100644 --- a/playbooks/update-services.yml +++ b/playbooks/update-services.yml @@ -6,8 +6,6 @@ - name: Update project(s) hosts: localhost vars: - run_backup: false - run_setup: true run_update: true vars_prompt: - name: selected_projects diff --git a/roles/authelia/tasks/setup.yml b/roles/authelia/tasks/setup.yml index 06a31af..4f94937 100644 --- a/roles/authelia/tasks/setup.yml +++ b/roles/authelia/tasks/setup.yml @@ -1,7 +1,10 @@ -- name: "Create {{ project_dir }} project directory" +- name: "(Re)Create {{ project_dir }} project directory" file: path: "{{ project_dir }}" - state: directory + state: "{{ item }}" + loop: + - absent + - directory - name: Template docker-compose.yaml & configuration.yml to project directory template: @@ -13,7 +16,6 @@ loop: - docker-compose.yaml - configuration.yml - register: authelia_template_configuration_result # Separate task because template module cannot chown/chgrp to a non-existing user/group - name: "Change group of homeserver.yaml to Authelia GID ({{ users['authelia'] + uid_shift }})" diff --git a/roles/authelia/tasks/update.yml b/roles/authelia/tasks/update.yml index 4edca50..f721456 100644 --- a/roles/authelia/tasks/update.yml +++ b/roles/authelia/tasks/update.yml @@ -16,9 +16,9 @@ include_tasks: file: backup.yml # Make a backup if we didn't already make one and we pulled a new image - when: not run_backup and authelia_pulled_images is defined + when: not run_backup | default(false) and authelia_pulled_images is defined - name: Create/Restart project services community.docker.docker_compose: project_src: "{{ project_dir }}" - restarted: "{{ authelia_template_configuration_result['changed'] | default(false) | bool }}" + restarted: "{{ run_setup | default(false) | bool }}" diff --git a/roles/coturn/tasks/main.yml b/roles/coturn/tasks/main.yml index 15b33e7..2b65be3 100644 --- a/roles/coturn/tasks/main.yml +++ b/roles/coturn/tasks/main.yml @@ -1,3 +1,8 @@ +- name: Include setup tasks + include_tasks: + file: setup.yml + when: run_setup | default(false) | bool + - name: Include update tasks include_tasks: file: update.yml diff --git a/roles/coturn/tasks/setup.yml b/roles/coturn/tasks/setup.yml new file mode 100644 index 0000000..b7fcf1b --- /dev/null +++ b/roles/coturn/tasks/setup.yml @@ -0,0 +1,58 @@ +- name: "(Re)Create {{ project_dir }} project directory" + file: + path: "{{ project_dir }}" + state: "{{ item }}" + loop: + - absent + - directory + +- name: Template docker-compose.yaml & turnserver.conf to project directory + template: + src: "{{ item }}" + dest: "{{ project_dir }}/{{ item }}" + owner: "{{ host_uid }}" + group: "{{ host_uid }}" + mode: '640' + loop: + - docker-compose.yaml + - turnserver.conf + +# Separate task because template module cannot chown/chgrp to a non-existing user/group +- name: "Change group of turnserver.conf to coturn GID ({{ users['coturn'] + uid_shift }})" + file: + path: "{{ project_dir }}/turnserver.conf" + group: "{{ users['coturn'] + uid_shift }}" + become: true + +- name: Set limited permissions on certificate directories + file: + path: "/etc/{{ item }}" + state: directory + owner: root + group: root + mode: '751' + become: true + loop: + - letsencrypt + - letsencrypt/live + - letsencrypt/archive + +- name: Set limited permissions on certificate directories + file: + path: "/etc/letsencrypt/{{ item }}/turn.{{ domain }}" + state: directory + owner: "{{ host_uid }}" + group: "{{ users['coturn'] + uid_shift }}" + mode: '550' + become: true + loop: + - live + - archive + +- name: Set limited permissions on certificate key file + file: + path: "/etc/letsencrypt/live/turn.{{ domain }}/privkey.pem" + owner: root + group: "{{ users['coturn'] + uid_shift }}" + mode: '640' + become: true diff --git a/roles/coturn/tasks/update.yml b/roles/coturn/tasks/update.yml index 1ef0a23..7a1ee67 100644 --- a/roles/coturn/tasks/update.yml +++ b/roles/coturn/tasks/update.yml @@ -1,65 +1,3 @@ -- name: "Create {{ project_dir }} project directory" - file: - path: "{{ project_dir }}" - state: directory - -- name: Template docker-compose.yaml to project directory - template: - src: docker-compose.yaml - dest: "{{ project_dir }}/docker-compose.yaml" - owner: "{{ host_uid }}" - group: "{{ host_uid }}" - mode: '640' - -- name: Template turnserver.conf to project directory - template: - src: turnserver.conf - dest: "{{ project_dir }}/turnserver.conf" - owner: "{{ host_uid }}" - mode: '640' - # Store result to restart services if the file changed - register: coturn_template_turnserver_result - -# Separate task because template module cannot chown/chgrp to a non-existing user/group -- name: "Change group of turnserver.conf to coturn GID ({{ users['coturn'] + uid_shift }})" - file: - path: "{{ project_dir }}/turnserver.conf" - group: "{{ users['coturn'] + uid_shift }}" - become: true - -- name: Set limited permissions on certificate directories - file: - path: "/etc/{{ item }}" - state: directory - owner: root - group: root - mode: '751' - become: true - loop: - - letsencrypt - - letsencrypt/live - - letsencrypt/archive - -- name: Set limited permissions on certificate directories - file: - path: "/etc/letsencrypt/{{ item }}/turn.{{ domain }}" - state: directory - owner: "{{ host_uid }}" - group: "{{ users['coturn'] + uid_shift }}" - mode: '550' - become: true - loop: - - live - - archive - -- name: Set limited permissions on certificate key file - file: - path: "/etc/letsencrypt/live/turn.{{ domain }}/privkey.pem" - owner: root - group: "{{ users['coturn'] + uid_shift }}" - mode: '640' - become: true - - name: Pull project services community.docker.docker_compose: project_src: "{{ project_dir }}" @@ -77,5 +15,4 @@ - name: Create/Restart project services community.docker.docker_compose: project_src: "{{ project_dir }}" - # Restart if config file(s) changed - restarted: "{{ coturn_template_turnserver_result['changed'] | bool }}" + restarted: "{{ run_setup | default(false) | bool }}" diff --git a/roles/element/tasks/main.yml b/roles/element/tasks/main.yml index 15b33e7..2b65be3 100644 --- a/roles/element/tasks/main.yml +++ b/roles/element/tasks/main.yml @@ -1,3 +1,8 @@ +- name: Include setup tasks + include_tasks: + file: setup.yml + when: run_setup | default(false) | bool + - name: Include update tasks include_tasks: file: update.yml diff --git a/roles/element/tasks/setup.yml b/roles/element/tasks/setup.yml new file mode 100644 index 0000000..cdf695f --- /dev/null +++ b/roles/element/tasks/setup.yml @@ -0,0 +1,18 @@ +- name: "(Re)Create {{ project_dir }} project directory" + file: + path: "{{ project_dir }}" + state: "{{ item }}" + loop: + - absent + - directory + +- name: Template docker-compose.yaml & config.json to project directory + template: + src: "{{ item }}" + dest: "{{ project_dir }}/{{ item }}" + owner: "{{ host_uid }}" + group: "{{ host_uid }}" + mode: '644' + loop: + - docker-compose.yaml + - config.json diff --git a/roles/element/tasks/update.yml b/roles/element/tasks/update.yml index e667f3c..7b6ecc6 100644 --- a/roles/element/tasks/update.yml +++ b/roles/element/tasks/update.yml @@ -1,25 +1,3 @@ -- name: "Create {{ project_dir }} project directory" - file: - path: "{{ project_dir }}" - state: directory - -- name: Template docker-compose.yaml to project directory - template: - src: docker-compose.yaml - dest: "{{ project_dir }}/docker-compose.yaml" - owner: "{{ host_uid }}" - group: "{{ host_uid }}" - mode: '640' - -- name: Template config.json to project directory - template: - src: config.json - dest: "{{ project_dir }}/config.json" - owner: "{{ host_uid }}" - group: "{{ host_uid }}" - mode: '644' - register: element_template_config_result - - name: Pull project services community.docker.docker_compose: project_src: "{{ project_dir }}" @@ -37,5 +15,4 @@ - name: Create/Restart project services community.docker.docker_compose: project_src: "{{ project_dir }}" - # Restart if config file(s) changed - restarted: "{{ element_template_config_result['changed'] | bool }}" + restarted: "{{ run_setup | default(false) | bool }}" diff --git a/roles/etebase/tasks/main.yml b/roles/etebase/tasks/main.yml index ed95f38..89bf793 100644 --- a/roles/etebase/tasks/main.yml +++ b/roles/etebase/tasks/main.yml @@ -3,6 +3,11 @@ file: backup.yml when: run_backup | default(false) | bool +- name: Include setup tasks + include_tasks: + file: setup.yml + when: run_setup | default(false) | bool + - name: Include update tasks include_tasks: file: update.yml diff --git a/roles/etebase/tasks/setup.yml b/roles/etebase/tasks/setup.yml new file mode 100644 index 0000000..b715609 --- /dev/null +++ b/roles/etebase/tasks/setup.yml @@ -0,0 +1,27 @@ +- name: "(Re)Create {{ project_dir }} project directory" + file: + path: "{{ project_dir }}" + state: "{{ item }}" + loop: + - absent + - directory + +- name: Template docker-compose.yaml & etebase-server.ini to project directory + template: + src: "{{ item }}" + dest: "{{ project_dir }}/{{ item }}" + owner: "{{ host_uid }}" + group: "{{ host_uid }}" + mode: '644' + loop: + - docker-compose.yaml + - etebase-server.ini + +- name: "Create (if not exists) directory {{ volumes['etebase_datadir'] }} & set permissions" + file: + path: "{{ volumes['etebase_datadir'] }}" + state: directory + owner: "{{ users['etebase'] + uid_shift }}" + group: "{{ users['etebase'] + uid_shift }}" + mode: '770' + become: true diff --git a/roles/etebase/tasks/update.yml b/roles/etebase/tasks/update.yml index 176452a..c1072fd 100644 --- a/roles/etebase/tasks/update.yml +++ b/roles/etebase/tasks/update.yml @@ -1,33 +1,3 @@ -- name: "Create {{ project_dir }} project directory" - file: - path: "{{ project_dir }}" - state: directory - -- name: Template docker-compose.yaml to project directory - template: - src: docker-compose.yaml - dest: "{{ project_dir }}/docker-compose.yaml" - owner: "{{ host_uid }}" - group: "{{ host_uid }}" - mode: '640' - -- name: Template etebase-server.ini to project directory - template: - src: etebase-server.ini - dest: "{{ project_dir }}/etebase-server.ini" - owner: "{{ host_uid }}" - group: "{{ host_uid }}" - mode: '644' - -- name: "Create directory {{ volumes['etebase_datadir'] }} with correct permissions" - file: - path: "{{ volumes['etebase_datadir'] }}" - state: directory - owner: "{{ users['etebase'] + uid_shift }}" - group: "{{ users['etebase'] + uid_shift }}" - mode: '770' - become: true - - name: Pull project services community.docker.docker_compose: project_src: "{{ project_dir }}" @@ -46,8 +16,9 @@ include_tasks: file: backup.yml # Make a backup if we didn't already make one and we pulled a new image - when: not run_backup and etebase_pulled_images is defined + when: not run_backup | default(false) and etebase_pulled_images is defined - name: Create/Restart project services community.docker.docker_compose: project_src: "{{ project_dir }}" + restarted: "{{ run_setup | default(false) | bool }}" diff --git a/roles/hedgedoc/tasks/main.yml b/roles/hedgedoc/tasks/main.yml index ed95f38..89bf793 100644 --- a/roles/hedgedoc/tasks/main.yml +++ b/roles/hedgedoc/tasks/main.yml @@ -3,6 +3,11 @@ file: backup.yml when: run_backup | default(false) | bool +- name: Include setup tasks + include_tasks: + file: setup.yml + when: run_setup | default(false) | bool + - name: Include update tasks include_tasks: file: update.yml diff --git a/roles/hedgedoc/tasks/setup.yml b/roles/hedgedoc/tasks/setup.yml new file mode 100644 index 0000000..774571a --- /dev/null +++ b/roles/hedgedoc/tasks/setup.yml @@ -0,0 +1,27 @@ +- name: "(Re)Create {{ project_dir }} project directory" + file: + path: "{{ project_dir }}" + state: "{{ item }}" + loop: + - absent + - directory + +- name: Template docker-compose.yaml & .env to project directory + template: + src: "{{ item }}" + dest: "{{ project_dir }}/{{ item }}" + owner: "{{ host_uid }}" + group: "{{ host_uid }}" + mode: '600' + loop: + - docker-compose.yaml + - .env + +- name: "Create (if not exists) directory {{ volumes['hedgedoc_uploadsdir'] }} & set permissions" + file: + path: "{{ volumes['hedgedoc_uploadsdir'] }}" + state: directory + owner: "{{ users['hedgedoc'] + uid_shift }}" + group: "{{ users['hedgedoc'] + uid_shift }}" + mode: '700' + become: true diff --git a/roles/hedgedoc/tasks/update.yml b/roles/hedgedoc/tasks/update.yml index a6305b8..3bede84 100644 --- a/roles/hedgedoc/tasks/update.yml +++ b/roles/hedgedoc/tasks/update.yml @@ -1,28 +1,3 @@ -- name: "Create {{ project_dir }} directory" - file: - path: "{{ project_dir }}" - state: directory - -- name: Template docker-compose.yaml & .env to project directory - template: - src: "{{ item }}" - dest: "{{ project_dir }}/{{ item }}" - owner: "{{ host_uid }}" - group: "{{ host_uid }}" - mode: '600' - loop: - - docker-compose.yaml - - .env - -- name: "Create (if not exists) directory {{ volumes['hedgedoc_uploadsdir'] }} & set permissions" - file: - path: "{{ volumes['hedgedoc_uploadsdir'] }}" - state: directory - owner: "{{ users['hedgedoc'] + uid_shift }}" - group: "{{ users['hedgedoc'] + uid_shift }}" - mode: '700' - become: true - - name: Pull project services community.docker.docker_compose: project_src: "{{ project_dir }}" @@ -41,8 +16,9 @@ include_tasks: file: backup.yml # Make a backup if we didn't already make one and we pulled a new image - when: not run_backup and hedgedoc_pulled_images is defined + when: not run_backup | default(false) and hedgedoc_pulled_images is defined - name: Create/Restart project services community.docker.docker_compose: project_src: "{{ project_dir }}" + restarted: "{{ run_setup | default(false) | bool }}" diff --git a/roles/homepage/tasks/main.yml b/roles/homepage/tasks/main.yml index 15b33e7..2b65be3 100644 --- a/roles/homepage/tasks/main.yml +++ b/roles/homepage/tasks/main.yml @@ -1,3 +1,8 @@ +- name: Include setup tasks + include_tasks: + file: setup.yml + when: run_setup | default(false) | bool + - name: Include update tasks include_tasks: file: update.yml diff --git a/roles/homepage/tasks/setup.yml b/roles/homepage/tasks/setup.yml new file mode 100644 index 0000000..6a5daaa --- /dev/null +++ b/roles/homepage/tasks/setup.yml @@ -0,0 +1,15 @@ +- name: "(Re)Create {{ project_dir }} project directory" + file: + path: "{{ project_dir }}" + state: "{{ item }}" + loop: + - absent + - directory + +- name: Template docker-compose.yaml to project directory + template: + src: docker-compose.yaml + dest: "{{ project_dir }}/docker-compose.yaml" + owner: "{{ host_uid }}" + group: "{{ host_uid }}" + mode: '640' diff --git a/roles/homepage/tasks/update.yml b/roles/homepage/tasks/update.yml index 666efee..7e7312e 100644 --- a/roles/homepage/tasks/update.yml +++ b/roles/homepage/tasks/update.yml @@ -1,16 +1,3 @@ -- name: "Create {{ project_dir }} project directory" - file: - path: "{{ project_dir }}" - state: directory - -- name: Template docker-compose.yaml to project directory - template: - src: docker-compose.yaml - dest: "{{ project_dir }}/docker-compose.yaml" - owner: "{{ host_uid }}" - group: "{{ host_uid }}" - mode: '640' - - name: Pull project services community.docker.docker_compose: project_src: "{{ project_dir }}" @@ -28,3 +15,4 @@ - name: Create/Restart project services community.docker.docker_compose: project_src: "{{ project_dir }}" + restarted: "{{ run_setup | default(false) | bool }}" diff --git a/roles/lldap/tasks/setup.yml b/roles/lldap/tasks/setup.yml index d2f97bd..aa456e1 100644 --- a/roles/lldap/tasks/setup.yml +++ b/roles/lldap/tasks/setup.yml @@ -1,7 +1,10 @@ -- name: "Create {{ project_dir }} project directory" +- name: "(Re)Create {{ project_dir }} project directory" file: path: "{{ project_dir }}" - state: directory + state: "{{ item }}" + loop: + - absent + - directory - name: Template docker-compose.yaml & .env to project directory template: diff --git a/roles/lldap/tasks/update.yml b/roles/lldap/tasks/update.yml index a7c4e45..9768820 100644 --- a/roles/lldap/tasks/update.yml +++ b/roles/lldap/tasks/update.yml @@ -16,8 +16,9 @@ include_tasks: file: backup.yml # Make a backup if we didn't already make one and we pulled a new image - when: not run_backup and lldap_pulled_images is defined + when: not run_backup | default(false) and lldap_pulled_images is defined - name: Create/Restart project services community.docker.docker_compose: project_src: "{{ project_dir }}" + restarted: "{{ run_setup | default(false) | bool }}" diff --git a/roles/mailserver/tasks/main.yml b/roles/mailserver/tasks/main.yml index ed95f38..89bf793 100644 --- a/roles/mailserver/tasks/main.yml +++ b/roles/mailserver/tasks/main.yml @@ -3,6 +3,11 @@ file: backup.yml when: run_backup | default(false) | bool +- name: Include setup tasks + include_tasks: + file: setup.yml + when: run_setup | default(false) | bool + - name: Include update tasks include_tasks: file: update.yml diff --git a/roles/mailserver/tasks/setup.yml b/roles/mailserver/tasks/setup.yml new file mode 100644 index 0000000..bb1b504 --- /dev/null +++ b/roles/mailserver/tasks/setup.yml @@ -0,0 +1,60 @@ +- name: "(Re)Create {{ project_dir }} project directory" + file: + path: "{{ project_dir }}" + state: "{{ item }}" + loop: + - absent + - directory + +- name: Template configuration files to project directory + template: + src: "{{ item.src }}" + dest: "{{ project_dir }}/{{ item.path }}" + owner: "{{ host_uid }}" + group: "{{ users['mailserver'] + uid_shift }}" + mode: '640' + with_filetree: ../templates/ + when: item.state == 'file' + become: true + +- name: "Create (if not exists) directory {{ volumes['mailserver_datadir'] }} & set permissions" + file: + path: "{{ volumes['mailserver_datadir'] }}" + state: directory + owner: "{{ users['mailserver'] + uid_shift }}" + group: "{{ users['mailserver'] + uid_shift }}" + mode: '700' + become: true + +- name: Set limited permissions on certificate directories + file: + path: "/etc/{{ item }}" + state: directory + owner: root + group: root + mode: '751' + become: true + loop: + - letsencrypt + - letsencrypt/live + - letsencrypt/archive + +- name: Set limited permissions on certificate directories + file: + path: "/etc/letsencrypt/{{ item }}/mail.{{ domain }}" + state: directory + owner: root + group: "{{ host_uid }}" + mode: '550' + become: true + loop: + - live + - archive + +- name: Set limited permissions on certificate key file + file: + path: "/etc/letsencrypt/live/mail.{{ domain }}/privkey.pem" + owner: root + group: "{{ host_uid }}" + mode: '640' + become: true diff --git a/roles/mailserver/tasks/update.yml b/roles/mailserver/tasks/update.yml index 42bc1aa..8687f6d 100644 --- a/roles/mailserver/tasks/update.yml +++ b/roles/mailserver/tasks/update.yml @@ -1,61 +1,3 @@ -- name: "Create {{ project_dir }} project directory" - file: - path: "{{ project_dir }}" - state: directory - -- name: Template configuration files to project directory - template: - src: "{{ item.src }}" - dest: "{{ project_dir }}/{{ item.path }}" - owner: "{{ host_uid }}" - group: "{{ users['mailserver'] + uid_shift }}" - mode: '640' - with_filetree: ../templates/ - when: item.state == 'file' - become: true - -- name: "Create (if not exists) directory {{ volumes['mailserver_datadir'] }} & set permissions" - file: - path: "{{ volumes['mailserver_datadir'] }}" - state: directory - owner: "{{ users['mailserver'] + uid_shift }}" - group: "{{ users['mailserver'] + uid_shift }}" - mode: '700' - become: true - -- name: Set limited permissions on certificate directories - file: - path: "/etc/{{ item }}" - state: directory - owner: root - group: root - mode: '751' - become: true - loop: - - letsencrypt - - letsencrypt/live - - letsencrypt/archive - -- name: Set limited permissions on certificate directories - file: - path: "/etc/letsencrypt/{{ item }}/mail.{{ domain }}" - state: directory - owner: root - group: "{{ host_uid }}" - mode: '550' - become: true - loop: - - live - - archive - -- name: Set limited permissions on certificate key file - file: - path: "/etc/letsencrypt/live/mail.{{ domain }}/privkey.pem" - owner: root - group: "{{ host_uid }}" - mode: '640' - become: true - - name: Pull project services community.docker.docker_compose: project_src: "{{ project_dir }}" @@ -74,9 +16,9 @@ include_tasks: file: backup.yml # Make a backup if we didn't already make one and we pulled a new image - when: not run_backup and mailserver_pulled_images is defined + when: not run_backup | default(false) and mailserver_pulled_images is defined - name: Create/Restart project services community.docker.docker_compose: project_src: "{{ project_dir }}" - restarted: true + restarted: "{{ run_setup | default(false) | bool }}" diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml index ed95f38..89bf793 100644 --- a/roles/postgres/tasks/main.yml +++ b/roles/postgres/tasks/main.yml @@ -3,6 +3,11 @@ file: backup.yml when: run_backup | default(false) | bool +- name: Include setup tasks + include_tasks: + file: setup.yml + when: run_setup | default(false) | bool + - name: Include update tasks include_tasks: file: update.yml diff --git a/roles/postgres/tasks/setup.yml b/roles/postgres/tasks/setup.yml new file mode 100644 index 0000000..7852868 --- /dev/null +++ b/roles/postgres/tasks/setup.yml @@ -0,0 +1,33 @@ +- name: "(Re)Create {{ project_dir }} project directory" + file: + path: "{{ project_dir }}" + state: "{{ item }}" + loop: + - absent + - directory + +- name: "Create (if not exists) directory {{ volumes['postgres_datadir'] }} & set permissions" + file: + path: "{{ volumes['postgres_datadir'] }}" + state: directory + owner: "{{ users['postgres'] + uid_shift }}" + group: "{{ users['postgres'] + uid_shift }}" + mode: '700' + become: true + +- name: "Check if directory {{ volumes['postgres_datadir'] }} is empty" + find: + paths: "{{ volumes['postgres_datadir'] }}" + register: postgres_find_datadir_result + become: true + +- name: Template docker-compose.yaml & .env to project directory + template: + src: "{{ item }}" + dest: "{{ project_dir }}/{{ item }}" + owner: "{{ host_uid }}" + group: "{{ host_uid }}" + mode: '600' + loop: + - docker-compose.yaml + - .env diff --git a/roles/postgres/tasks/update.yml b/roles/postgres/tasks/update.yml index 625984f..f282723 100644 --- a/roles/postgres/tasks/update.yml +++ b/roles/postgres/tasks/update.yml @@ -1,34 +1,3 @@ -- name: "Create {{ project_dir }} directory" - file: - path: "{{ project_dir }}" - state: directory - -- name: "Create (if not exists) directory {{ volumes['postgres_datadir'] }} & set permissions" - file: - path: "{{ volumes['postgres_datadir'] }}" - state: directory - owner: "{{ users['postgres'] + uid_shift }}" - group: "{{ users['postgres'] + uid_shift }}" - mode: '700' - become: true - -- name: "Check if directory {{ volumes['postgres_datadir'] }} is empty" - find: - paths: "{{ volumes['postgres_datadir'] }}" - register: postgres_find_datadir_result - become: true - -- name: Template docker-compose.yaml & .env to project directory - template: - src: "{{ item }}" - dest: "{{ project_dir }}/{{ item }}" - owner: "{{ host_uid }}" - group: "{{ host_uid }}" - mode: '600' - loop: - - docker-compose.yaml - - .env - - name: Pull project services community.docker.docker_compose: project_src: "{{ project_dir }}" @@ -47,8 +16,9 @@ include_tasks: file: backup.yml # Make a backup if we didn't already make one and we pulled a new image - when: not run_backup and postgres_pulled_images is defined + when: not run_backup | default(false) and postgres_pulled_images is defined - name: Create/Restart project services community.docker.docker_compose: project_src: "{{ project_dir }}" + restarted: "{{ run_setup | default(false) | bool }}" diff --git a/roles/searxng/tasks/main.yml b/roles/searxng/tasks/main.yml index 15b33e7..2b65be3 100644 --- a/roles/searxng/tasks/main.yml +++ b/roles/searxng/tasks/main.yml @@ -1,3 +1,8 @@ +- name: Include setup tasks + include_tasks: + file: setup.yml + when: run_setup | default(false) | bool + - name: Include update tasks include_tasks: file: update.yml diff --git a/roles/searxng/tasks/setup.yml b/roles/searxng/tasks/setup.yml new file mode 100644 index 0000000..10a4c8c --- /dev/null +++ b/roles/searxng/tasks/setup.yml @@ -0,0 +1,23 @@ +- name: "(Re)Create {{ project_dir }} project directory" + file: + path: "{{ project_dir }}" + state: "{{ item }}" + loop: + - absent + - directory + +- name: Template docker-compose.yaml to project directory + template: + src: docker-compose.yaml + dest: "{{ project_dir }}/docker-compose.yaml" + owner: "{{ host_uid }}" + group: "{{ host_uid }}" + mode: '640' + +- name: Copy settings.yml and limiter.toml to project directory + copy: + src: "{{ role_path }}/files/" + dest: "{{ project_dir }}" + owner: "{{ host_uid }}" + group: "{{ host_uid }}" + mode: '644' diff --git a/roles/searxng/tasks/update.yml b/roles/searxng/tasks/update.yml index d127555..1a7c64a 100644 --- a/roles/searxng/tasks/update.yml +++ b/roles/searxng/tasks/update.yml @@ -1,26 +1,3 @@ -- name: "Create {{ project_dir }} project directory" - file: - path: "{{ project_dir }}" - state: directory - -- name: Template docker-compose.yaml to project directory - template: - src: docker-compose.yaml - dest: "{{ project_dir }}/docker-compose.yaml" - owner: "{{ host_uid }}" - group: "{{ host_uid }}" - mode: '640' - -- name: Copy settings.yml and limiter.toml to project directory - copy: - src: "{{ role_path }}/files/" - dest: "{{ project_dir }}" - owner: "{{ host_uid }}" - group: "{{ host_uid }}" - mode: '644' - # Store result to restart services if the file(s) changed - register: searxng_copy_files_result - - name: Pull project services community.docker.docker_compose: project_src: "{{ project_dir }}" @@ -38,5 +15,4 @@ - name: Create/Restart project services community.docker.docker_compose: project_src: "{{ project_dir }}" - # Restart if config file(s) changed - restarted: "{{ searxng_copy_files_result['changed'] | bool }}" + restarted: "{{ run_setup | default(false) | bool }}" diff --git a/roles/synapse/tasks/main.yml b/roles/synapse/tasks/main.yml index ed95f38..89bf793 100644 --- a/roles/synapse/tasks/main.yml +++ b/roles/synapse/tasks/main.yml @@ -3,6 +3,11 @@ file: backup.yml when: run_backup | default(false) | bool +- name: Include setup tasks + include_tasks: + file: setup.yml + when: run_setup | default(false) | bool + - name: Include update tasks include_tasks: file: update.yml diff --git a/roles/synapse/tasks/setup.yml b/roles/synapse/tasks/setup.yml new file mode 100644 index 0000000..b79a868 --- /dev/null +++ b/roles/synapse/tasks/setup.yml @@ -0,0 +1,34 @@ +- name: "(Re)Create {{ project_dir }} project directory" + file: + path: "{{ project_dir }}" + state: "{{ item }}" + loop: + - absent + - directory + +- name: Template docker-compose.yaml & homeserver.yaml to project directory + template: + src: "{{ item }}" + dest: "{{ project_dir }}/{{ item }}" + owner: "{{ host_uid }}" + group: "{{ host_uid }}" + mode: '640' + loop: + - docker-compose.yaml + - homeserver.yaml + +# Separate task because template module cannot chown/chgrp to a non-existing user/group +- name: "Change group of homeserver.yaml to synapse GID ({{ users['synapse'] + uid_shift }})" + file: + path: "{{ project_dir }}/homeserver.yaml" + group: "{{ users['synapse'] + uid_shift }}" + become: true + +- name: "Create (if not exists) directory {{ volumes['synapse_datadir'] }} & set permissions" + file: + path: "{{ volumes['synapse_datadir'] }}" + state: directory + owner: "{{ users['synapse'] + uid_shift }}" + group: "{{ users['synapse'] + uid_shift }}" + mode: '770' + become: true diff --git a/roles/synapse/tasks/update.yml b/roles/synapse/tasks/update.yml index f0f1715..06c6347 100644 --- a/roles/synapse/tasks/update.yml +++ b/roles/synapse/tasks/update.yml @@ -1,41 +1,3 @@ -- name: "Create {{ project_dir }} project directory" - file: - path: "{{ project_dir }}" - state: directory - -- name: Template docker-compose.yaml to project directory - template: - src: docker-compose.yaml - dest: "{{ project_dir }}/docker-compose.yaml" - owner: "{{ host_uid }}" - group: "{{ host_uid }}" - mode: '640' - -- name: Template homeserver.yaml to project directory - template: - src: homeserver.yaml - dest: "{{ project_dir }}/homeserver.yaml" - owner: "{{ host_uid }}" - mode: '640' - # Store result to restart services if the file changed - register: synapse_template_homeserver_result - -# Separate task because template module cannot chown/chgrp to a non-existing user/group -- name: "Change group of homeserver.yaml to synapse GID ({{ users['synapse'] + uid_shift }})" - file: - path: "{{ project_dir }}/homeserver.yaml" - group: "{{ users['synapse'] + uid_shift }}" - become: true - -- name: "Create directory {{ volumes['synapse_datadir'] }} with correct permissions" - file: - path: "{{ volumes['synapse_datadir'] }}" - state: directory - owner: "{{ users['synapse'] + uid_shift }}" - group: "{{ users['synapse'] + uid_shift }}" - mode: '770' - become: true - - name: Pull project services community.docker.docker_compose: project_src: "{{ project_dir }}" @@ -54,10 +16,9 @@ include_tasks: file: backup.yml # Make a backup if we didn't already make one and we pulled a new image - when: not run_backup and synapse_pulled_images is defined + when: not run_backup | default(false) and synapse_pulled_images is defined - name: Create/Restart project services community.docker.docker_compose: project_src: "{{ project_dir }}" - # Restart if config file(s) changed - restarted: "{{ synapse_template_homeserver_result['changed'] | bool }}" + restarted: "{{ run_setup | default(false) | bool }}" diff --git a/roles/syncthing/tasks/main.yml b/roles/syncthing/tasks/main.yml index 15b33e7..2b65be3 100644 --- a/roles/syncthing/tasks/main.yml +++ b/roles/syncthing/tasks/main.yml @@ -1,3 +1,8 @@ +- name: Include setup tasks + include_tasks: + file: setup.yml + when: run_setup | default(false) | bool + - name: Include update tasks include_tasks: file: update.yml diff --git a/roles/syncthing/tasks/setup.yml b/roles/syncthing/tasks/setup.yml new file mode 100644 index 0000000..6a5daaa --- /dev/null +++ b/roles/syncthing/tasks/setup.yml @@ -0,0 +1,15 @@ +- name: "(Re)Create {{ project_dir }} project directory" + file: + path: "{{ project_dir }}" + state: "{{ item }}" + loop: + - absent + - directory + +- name: Template docker-compose.yaml to project directory + template: + src: docker-compose.yaml + dest: "{{ project_dir }}/docker-compose.yaml" + owner: "{{ host_uid }}" + group: "{{ host_uid }}" + mode: '640' diff --git a/roles/syncthing/tasks/update.yml b/roles/syncthing/tasks/update.yml index 9682759..8b8a9df 100644 --- a/roles/syncthing/tasks/update.yml +++ b/roles/syncthing/tasks/update.yml @@ -1,16 +1,3 @@ -- name: "Create {{ project_dir }} project directory" - file: - path: "{{ project_dir }}" - state: directory - -- name: Template docker-compose.yaml to project directory - template: - src: docker-compose.yaml - dest: "{{ project_dir }}/docker-compose.yaml" - owner: "{{ host_uid }}" - group: "{{ host_uid }}" - mode: '640' - - name: Pull project services community.docker.docker_compose: project_src: "{{ project_dir }}" @@ -28,3 +15,4 @@ - name: Create/Restart project services community.docker.docker_compose: project_src: "{{ project_dir }}" + restarted: "{{ run_setup | default(false) | bool }}" diff --git a/roles/uptime-kuma/tasks/main.yml b/roles/uptime-kuma/tasks/main.yml index ed95f38..89bf793 100644 --- a/roles/uptime-kuma/tasks/main.yml +++ b/roles/uptime-kuma/tasks/main.yml @@ -3,6 +3,11 @@ file: backup.yml when: run_backup | default(false) | bool +- name: Include setup tasks + include_tasks: + file: setup.yml + when: run_setup | default(false) | bool + - name: Include update tasks include_tasks: file: update.yml diff --git a/roles/uptime-kuma/tasks/setup.yml b/roles/uptime-kuma/tasks/setup.yml new file mode 100644 index 0000000..1aa9c95 --- /dev/null +++ b/roles/uptime-kuma/tasks/setup.yml @@ -0,0 +1,24 @@ +- name: "(Re)Create {{ project_dir }} project directory" + file: + path: "{{ project_dir }}" + state: "{{ item }}" + loop: + - absent + - directory + +- name: Template docker-compose.yaml to project directory + template: + src: docker-compose.yaml + dest: "{{ project_dir }}/docker-compose.yaml" + owner: "{{ host_uid }}" + group: "{{ host_uid }}" + mode: '640' + +- name: "Create (if not exists) directory {{ volumes['uptime_kuma_datadir'] }} & set permissions" + file: + path: "{{ volumes['uptime_kuma_datadir'] }}" + state: directory + owner: "{{ users['uptime_kuma'] + uid_shift }}" + group: "{{ users['uptime_kuma'] + uid_shift }}" + mode: '770' + become: true diff --git a/roles/uptime-kuma/tasks/update.yml b/roles/uptime-kuma/tasks/update.yml index 7afaec8..af454ea 100644 --- a/roles/uptime-kuma/tasks/update.yml +++ b/roles/uptime-kuma/tasks/update.yml @@ -1,25 +1,3 @@ -- name: "Create {{ project_dir }} project directory" - file: - path: "{{ project_dir }}" - state: directory - -- name: Template docker-compose.yaml to project directory - template: - src: docker-compose.yaml - dest: "{{ project_dir }}/docker-compose.yaml" - owner: "{{ host_uid }}" - group: "{{ host_uid }}" - mode: '640' - -- name: "Create directory {{ volumes['uptime_kuma_datadir'] }} with correct permissions" - file: - path: "{{ volumes['uptime_kuma_datadir'] }}" - state: directory - owner: "{{ users['uptime_kuma'] + uid_shift }}" - group: "{{ users['uptime_kuma'] + uid_shift }}" - mode: '770' - become: true - - name: Pull project services community.docker.docker_compose: project_src: "{{ project_dir }}" @@ -38,8 +16,9 @@ include_tasks: file: backup.yml # Make a backup if we didn't already make one and we pulled a new image - when: not run_backup and uptime_kuma_pulled_images is defined + when: not run_backup | default(false) and uptime_kuma_pulled_images is defined - name: Create/Restart project services community.docker.docker_compose: project_src: "{{ project_dir }}" + restarted: "{{ run_setup | default(false) | bool }}" diff --git a/roles/vaultwarden/tasks/main.yml b/roles/vaultwarden/tasks/main.yml index ed95f38..89bf793 100644 --- a/roles/vaultwarden/tasks/main.yml +++ b/roles/vaultwarden/tasks/main.yml @@ -3,6 +3,11 @@ file: backup.yml when: run_backup | default(false) | bool +- name: Include setup tasks + include_tasks: + file: setup.yml + when: run_setup | default(false) | bool + - name: Include update tasks include_tasks: file: update.yml diff --git a/roles/vaultwarden/tasks/setup.yml b/roles/vaultwarden/tasks/setup.yml new file mode 100644 index 0000000..34c46b6 --- /dev/null +++ b/roles/vaultwarden/tasks/setup.yml @@ -0,0 +1,27 @@ +- name: "(Re)Create {{ project_dir }} project directory" + file: + path: "{{ project_dir }}" + state: "{{ item }}" + loop: + - absent + - directory + +- name: Template docker-compose.yaml & .env to project directory + template: + src: "{{ item }}" + dest: "{{ project_dir }}/{{ item }}" + owner: "{{ host_uid }}" + group: "{{ host_uid }}" + mode: '640' + loop: + - docker-compose.yaml + - .env + +- name: "Create (if not exists) directory {{ volumes['vaultwarden_datadir'] }} & set permissions" + file: + path: "{{ volumes['vaultwarden_datadir'] }}" + state: directory + owner: "{{ users['vaultwarden'] + uid_shift }}" + group: "{{ users['vaultwarden'] + uid_shift }}" + mode: '770' + become: true diff --git a/roles/vaultwarden/tasks/update.yml b/roles/vaultwarden/tasks/update.yml index 147498b..a5cc306 100644 --- a/roles/vaultwarden/tasks/update.yml +++ b/roles/vaultwarden/tasks/update.yml @@ -1,28 +1,3 @@ -- name: "Create {{ project_dir }} project directory" - file: - path: "{{ project_dir }}" - state: directory - -- name: Template docker-compose.yaml & .env to project directory - template: - src: "{{ item }}" - dest: "{{ project_dir }}/{{ item }}" - owner: "{{ host_uid }}" - group: "{{ host_uid }}" - mode: '640' - loop: - - docker-compose.yaml - - .env - -- name: "Create directory {{ volumes['vaultwarden_datadir'] }} with correct permissions" - file: - path: "{{ volumes['vaultwarden_datadir'] }}" - state: directory - owner: "{{ users['vaultwarden'] + uid_shift }}" - group: "{{ users['vaultwarden'] + uid_shift }}" - mode: '770' - become: true - - name: Pull project services community.docker.docker_compose: project_src: "{{ project_dir }}" @@ -41,8 +16,9 @@ include_tasks: file: backup.yml # Make a backup if we didn't already make one and we pulled a new image - when: not run_backup and vaultwarden_pulled_images is defined + when: not run_backup | default(false) and vaultwarden_pulled_images is defined - name: Create/Restart project services community.docker.docker_compose: project_src: "{{ project_dir }}" + restarted: "{{ run_setup | default(false) | bool }}" diff --git a/roles/vaultwarden/templates/.env b/roles/vaultwarden/templates/.env index a6bf8df..90f9059 100644 --- a/roles/vaultwarden/templates/.env +++ b/roles/vaultwarden/templates/.env @@ -1,2 +1,9 @@ ADMIN_TOKEN='{{ vaultwarden_secrets["admin_token_hash"] }}' +DOMAIN=https://vw.{{ domain }} +SIGNUPS_ALLOWED=false +SMTP_HOST=mail.{{ domain }} +SMTP_FROM=vaultwarden@{{ domain }} +SMTP_PORT={{ ports['mailserver_smtps'] }} +SMTP_SECURITY=force_tls +SMTP_USERNAME='{{ vaultwarden_secrets["smtp_username"] }}' SMTP_PASSWORD='{{ vaultwarden_secrets["smtp_password"] }}' diff --git a/roles/vaultwarden/templates/docker-compose.yaml b/roles/vaultwarden/templates/docker-compose.yaml index deedff0..cb09ae5 100644 --- a/roles/vaultwarden/templates/docker-compose.yaml +++ b/roles/vaultwarden/templates/docker-compose.yaml @@ -4,16 +4,7 @@ services: container_name: vaultwarden restart: always user: {{ users['vaultwarden'] }}:{{ users['vaultwarden'] }} - environment: - - DOMAIN=https://vw.{{ domain }} - - SIGNUPS_ALLOWED=false - - ADMIN_TOKEN=${ADMIN_TOKEN} - - SMTP_HOST=mail.{{ domain }} - - SMTP_FROM=vaultwarden@{{ domain }} - - SMTP_PORT={{ ports['mailserver_smtps'] }} - - SMTP_SECURITY=force_tls - - SMTP_USERNAME={{ vaultwarden_secrets['smtp_username'] }} - - SMTP_PASSWORD=${SMTP_PASSWORD} + env_file: .env ports: - 127.0.0.1:{{ ports['vaultwarden'] }}:80 volumes: