Split setup & updates tasks to allow running only update ones.
This commit is contained in:
parent
87fcad3add
commit
e3abbbb8fe
45 changed files with 492 additions and 399 deletions
|
@ -8,7 +8,6 @@
|
|||
hosts: localhost
|
||||
vars:
|
||||
run_backup: true
|
||||
run_update: false
|
||||
vars_prompt:
|
||||
- name: selected_projects
|
||||
prompt: "Choose projects to backup (leave empty to backup all. Projects list: {{ hostvars['localhost']['projects_to_backup'] }})"
|
||||
|
|
30
playbooks/setup-services.yml
Normal file
30
playbooks/setup-services.yml
Normal file
|
@ -0,0 +1,30 @@
|
|||
- name: Include variables files
|
||||
hosts: localhost
|
||||
roles:
|
||||
- include-vars
|
||||
|
||||
- name: Setup & update project(s)
|
||||
hosts: localhost
|
||||
vars:
|
||||
run_setup: true
|
||||
run_update: true
|
||||
vars_prompt:
|
||||
- name: selected_projects
|
||||
prompt: "Choose projects to setup & update (Keep empty to select all. Projects list: {{ hostvars['localhost']['projects'] }})"
|
||||
private: false
|
||||
unsafe: true
|
||||
|
||||
- name: docker_pull_images
|
||||
prompt: "Pull project(s) images?"
|
||||
default: false
|
||||
private: false
|
||||
|
||||
tasks:
|
||||
- name: Setup & update project(s)
|
||||
include_role:
|
||||
name: "{{ project }}"
|
||||
loop: "{{ (selected_projects | split) | default(projects, true) }}"
|
||||
loop_control:
|
||||
# Do not use default variable name 'item' to prevent collisions with loops in roles.
|
||||
loop_var: project
|
||||
when: project in projects
|
|
@ -6,8 +6,6 @@
|
|||
- name: Update project(s)
|
||||
hosts: localhost
|
||||
vars:
|
||||
run_backup: false
|
||||
run_setup: true
|
||||
run_update: true
|
||||
vars_prompt:
|
||||
- name: selected_projects
|
||||
|
|
|
@ -1,7 +1,10 @@
|
|||
- name: "Create {{ project_dir }} project directory"
|
||||
- name: "(Re)Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: directory
|
||||
state: "{{ item }}"
|
||||
loop:
|
||||
- absent
|
||||
- directory
|
||||
|
||||
- name: Template docker-compose.yaml & configuration.yml to project directory
|
||||
template:
|
||||
|
@ -13,7 +16,6 @@
|
|||
loop:
|
||||
- docker-compose.yaml
|
||||
- configuration.yml
|
||||
register: authelia_template_configuration_result
|
||||
|
||||
# Separate task because template module cannot chown/chgrp to a non-existing user/group
|
||||
- name: "Change group of homeserver.yaml to Authelia GID ({{ users['authelia'] + uid_shift }})"
|
||||
|
|
|
@ -16,9 +16,9 @@
|
|||
include_tasks:
|
||||
file: backup.yml
|
||||
# Make a backup if we didn't already make one and we pulled a new image
|
||||
when: not run_backup and authelia_pulled_images is defined
|
||||
when: not run_backup | default(false) and authelia_pulled_images is defined
|
||||
|
||||
- name: Create/Restart project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
restarted: "{{ authelia_template_configuration_result['changed'] | default(false) | bool }}"
|
||||
restarted: "{{ run_setup | default(false) | bool }}"
|
||||
|
|
|
@ -1,3 +1,8 @@
|
|||
- name: Include setup tasks
|
||||
include_tasks:
|
||||
file: setup.yml
|
||||
when: run_setup | default(false) | bool
|
||||
|
||||
- name: Include update tasks
|
||||
include_tasks:
|
||||
file: update.yml
|
||||
|
|
58
roles/coturn/tasks/setup.yml
Normal file
58
roles/coturn/tasks/setup.yml
Normal file
|
@ -0,0 +1,58 @@
|
|||
- name: "(Re)Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: "{{ item }}"
|
||||
loop:
|
||||
- absent
|
||||
- directory
|
||||
|
||||
- name: Template docker-compose.yaml & turnserver.conf to project directory
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ project_dir }}/{{ item }}"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '640'
|
||||
loop:
|
||||
- docker-compose.yaml
|
||||
- turnserver.conf
|
||||
|
||||
# Separate task because template module cannot chown/chgrp to a non-existing user/group
|
||||
- name: "Change group of turnserver.conf to coturn GID ({{ users['coturn'] + uid_shift }})"
|
||||
file:
|
||||
path: "{{ project_dir }}/turnserver.conf"
|
||||
group: "{{ users['coturn'] + uid_shift }}"
|
||||
become: true
|
||||
|
||||
- name: Set limited permissions on certificate directories
|
||||
file:
|
||||
path: "/etc/{{ item }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: '751'
|
||||
become: true
|
||||
loop:
|
||||
- letsencrypt
|
||||
- letsencrypt/live
|
||||
- letsencrypt/archive
|
||||
|
||||
- name: Set limited permissions on certificate directories
|
||||
file:
|
||||
path: "/etc/letsencrypt/{{ item }}/turn.{{ domain }}"
|
||||
state: directory
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ users['coturn'] + uid_shift }}"
|
||||
mode: '550'
|
||||
become: true
|
||||
loop:
|
||||
- live
|
||||
- archive
|
||||
|
||||
- name: Set limited permissions on certificate key file
|
||||
file:
|
||||
path: "/etc/letsencrypt/live/turn.{{ domain }}/privkey.pem"
|
||||
owner: root
|
||||
group: "{{ users['coturn'] + uid_shift }}"
|
||||
mode: '640'
|
||||
become: true
|
|
@ -1,65 +1,3 @@
|
|||
- name: "Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: directory
|
||||
|
||||
- name: Template docker-compose.yaml to project directory
|
||||
template:
|
||||
src: docker-compose.yaml
|
||||
dest: "{{ project_dir }}/docker-compose.yaml"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '640'
|
||||
|
||||
- name: Template turnserver.conf to project directory
|
||||
template:
|
||||
src: turnserver.conf
|
||||
dest: "{{ project_dir }}/turnserver.conf"
|
||||
owner: "{{ host_uid }}"
|
||||
mode: '640'
|
||||
# Store result to restart services if the file changed
|
||||
register: coturn_template_turnserver_result
|
||||
|
||||
# Separate task because template module cannot chown/chgrp to a non-existing user/group
|
||||
- name: "Change group of turnserver.conf to coturn GID ({{ users['coturn'] + uid_shift }})"
|
||||
file:
|
||||
path: "{{ project_dir }}/turnserver.conf"
|
||||
group: "{{ users['coturn'] + uid_shift }}"
|
||||
become: true
|
||||
|
||||
- name: Set limited permissions on certificate directories
|
||||
file:
|
||||
path: "/etc/{{ item }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: '751'
|
||||
become: true
|
||||
loop:
|
||||
- letsencrypt
|
||||
- letsencrypt/live
|
||||
- letsencrypt/archive
|
||||
|
||||
- name: Set limited permissions on certificate directories
|
||||
file:
|
||||
path: "/etc/letsencrypt/{{ item }}/turn.{{ domain }}"
|
||||
state: directory
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ users['coturn'] + uid_shift }}"
|
||||
mode: '550'
|
||||
become: true
|
||||
loop:
|
||||
- live
|
||||
- archive
|
||||
|
||||
- name: Set limited permissions on certificate key file
|
||||
file:
|
||||
path: "/etc/letsencrypt/live/turn.{{ domain }}/privkey.pem"
|
||||
owner: root
|
||||
group: "{{ users['coturn'] + uid_shift }}"
|
||||
mode: '640'
|
||||
become: true
|
||||
|
||||
- name: Pull project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
|
@ -77,5 +15,4 @@
|
|||
- name: Create/Restart project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
# Restart if config file(s) changed
|
||||
restarted: "{{ coturn_template_turnserver_result['changed'] | bool }}"
|
||||
restarted: "{{ run_setup | default(false) | bool }}"
|
||||
|
|
|
@ -1,3 +1,8 @@
|
|||
- name: Include setup tasks
|
||||
include_tasks:
|
||||
file: setup.yml
|
||||
when: run_setup | default(false) | bool
|
||||
|
||||
- name: Include update tasks
|
||||
include_tasks:
|
||||
file: update.yml
|
||||
|
|
18
roles/element/tasks/setup.yml
Normal file
18
roles/element/tasks/setup.yml
Normal file
|
@ -0,0 +1,18 @@
|
|||
- name: "(Re)Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: "{{ item }}"
|
||||
loop:
|
||||
- absent
|
||||
- directory
|
||||
|
||||
- name: Template docker-compose.yaml & config.json to project directory
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ project_dir }}/{{ item }}"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '644'
|
||||
loop:
|
||||
- docker-compose.yaml
|
||||
- config.json
|
|
@ -1,25 +1,3 @@
|
|||
- name: "Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: directory
|
||||
|
||||
- name: Template docker-compose.yaml to project directory
|
||||
template:
|
||||
src: docker-compose.yaml
|
||||
dest: "{{ project_dir }}/docker-compose.yaml"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '640'
|
||||
|
||||
- name: Template config.json to project directory
|
||||
template:
|
||||
src: config.json
|
||||
dest: "{{ project_dir }}/config.json"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '644'
|
||||
register: element_template_config_result
|
||||
|
||||
- name: Pull project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
|
@ -37,5 +15,4 @@
|
|||
- name: Create/Restart project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
# Restart if config file(s) changed
|
||||
restarted: "{{ element_template_config_result['changed'] | bool }}"
|
||||
restarted: "{{ run_setup | default(false) | bool }}"
|
||||
|
|
|
@ -3,6 +3,11 @@
|
|||
file: backup.yml
|
||||
when: run_backup | default(false) | bool
|
||||
|
||||
- name: Include setup tasks
|
||||
include_tasks:
|
||||
file: setup.yml
|
||||
when: run_setup | default(false) | bool
|
||||
|
||||
- name: Include update tasks
|
||||
include_tasks:
|
||||
file: update.yml
|
||||
|
|
27
roles/etebase/tasks/setup.yml
Normal file
27
roles/etebase/tasks/setup.yml
Normal file
|
@ -0,0 +1,27 @@
|
|||
- name: "(Re)Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: "{{ item }}"
|
||||
loop:
|
||||
- absent
|
||||
- directory
|
||||
|
||||
- name: Template docker-compose.yaml & etebase-server.ini to project directory
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ project_dir }}/{{ item }}"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '644'
|
||||
loop:
|
||||
- docker-compose.yaml
|
||||
- etebase-server.ini
|
||||
|
||||
- name: "Create (if not exists) directory {{ volumes['etebase_datadir'] }} & set permissions"
|
||||
file:
|
||||
path: "{{ volumes['etebase_datadir'] }}"
|
||||
state: directory
|
||||
owner: "{{ users['etebase'] + uid_shift }}"
|
||||
group: "{{ users['etebase'] + uid_shift }}"
|
||||
mode: '770'
|
||||
become: true
|
|
@ -1,33 +1,3 @@
|
|||
- name: "Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: directory
|
||||
|
||||
- name: Template docker-compose.yaml to project directory
|
||||
template:
|
||||
src: docker-compose.yaml
|
||||
dest: "{{ project_dir }}/docker-compose.yaml"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '640'
|
||||
|
||||
- name: Template etebase-server.ini to project directory
|
||||
template:
|
||||
src: etebase-server.ini
|
||||
dest: "{{ project_dir }}/etebase-server.ini"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '644'
|
||||
|
||||
- name: "Create directory {{ volumes['etebase_datadir'] }} with correct permissions"
|
||||
file:
|
||||
path: "{{ volumes['etebase_datadir'] }}"
|
||||
state: directory
|
||||
owner: "{{ users['etebase'] + uid_shift }}"
|
||||
group: "{{ users['etebase'] + uid_shift }}"
|
||||
mode: '770'
|
||||
become: true
|
||||
|
||||
- name: Pull project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
|
@ -46,8 +16,9 @@
|
|||
include_tasks:
|
||||
file: backup.yml
|
||||
# Make a backup if we didn't already make one and we pulled a new image
|
||||
when: not run_backup and etebase_pulled_images is defined
|
||||
when: not run_backup | default(false) and etebase_pulled_images is defined
|
||||
|
||||
- name: Create/Restart project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
restarted: "{{ run_setup | default(false) | bool }}"
|
||||
|
|
|
@ -3,6 +3,11 @@
|
|||
file: backup.yml
|
||||
when: run_backup | default(false) | bool
|
||||
|
||||
- name: Include setup tasks
|
||||
include_tasks:
|
||||
file: setup.yml
|
||||
when: run_setup | default(false) | bool
|
||||
|
||||
- name: Include update tasks
|
||||
include_tasks:
|
||||
file: update.yml
|
||||
|
|
27
roles/hedgedoc/tasks/setup.yml
Normal file
27
roles/hedgedoc/tasks/setup.yml
Normal file
|
@ -0,0 +1,27 @@
|
|||
- name: "(Re)Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: "{{ item }}"
|
||||
loop:
|
||||
- absent
|
||||
- directory
|
||||
|
||||
- name: Template docker-compose.yaml & .env to project directory
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ project_dir }}/{{ item }}"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '600'
|
||||
loop:
|
||||
- docker-compose.yaml
|
||||
- .env
|
||||
|
||||
- name: "Create (if not exists) directory {{ volumes['hedgedoc_uploadsdir'] }} & set permissions"
|
||||
file:
|
||||
path: "{{ volumes['hedgedoc_uploadsdir'] }}"
|
||||
state: directory
|
||||
owner: "{{ users['hedgedoc'] + uid_shift }}"
|
||||
group: "{{ users['hedgedoc'] + uid_shift }}"
|
||||
mode: '700'
|
||||
become: true
|
|
@ -1,28 +1,3 @@
|
|||
- name: "Create {{ project_dir }} directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: directory
|
||||
|
||||
- name: Template docker-compose.yaml & .env to project directory
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ project_dir }}/{{ item }}"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '600'
|
||||
loop:
|
||||
- docker-compose.yaml
|
||||
- .env
|
||||
|
||||
- name: "Create (if not exists) directory {{ volumes['hedgedoc_uploadsdir'] }} & set permissions"
|
||||
file:
|
||||
path: "{{ volumes['hedgedoc_uploadsdir'] }}"
|
||||
state: directory
|
||||
owner: "{{ users['hedgedoc'] + uid_shift }}"
|
||||
group: "{{ users['hedgedoc'] + uid_shift }}"
|
||||
mode: '700'
|
||||
become: true
|
||||
|
||||
- name: Pull project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
|
@ -41,8 +16,9 @@
|
|||
include_tasks:
|
||||
file: backup.yml
|
||||
# Make a backup if we didn't already make one and we pulled a new image
|
||||
when: not run_backup and hedgedoc_pulled_images is defined
|
||||
when: not run_backup | default(false) and hedgedoc_pulled_images is defined
|
||||
|
||||
- name: Create/Restart project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
restarted: "{{ run_setup | default(false) | bool }}"
|
||||
|
|
|
@ -1,3 +1,8 @@
|
|||
- name: Include setup tasks
|
||||
include_tasks:
|
||||
file: setup.yml
|
||||
when: run_setup | default(false) | bool
|
||||
|
||||
- name: Include update tasks
|
||||
include_tasks:
|
||||
file: update.yml
|
||||
|
|
15
roles/homepage/tasks/setup.yml
Normal file
15
roles/homepage/tasks/setup.yml
Normal file
|
@ -0,0 +1,15 @@
|
|||
- name: "(Re)Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: "{{ item }}"
|
||||
loop:
|
||||
- absent
|
||||
- directory
|
||||
|
||||
- name: Template docker-compose.yaml to project directory
|
||||
template:
|
||||
src: docker-compose.yaml
|
||||
dest: "{{ project_dir }}/docker-compose.yaml"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '640'
|
|
@ -1,16 +1,3 @@
|
|||
- name: "Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: directory
|
||||
|
||||
- name: Template docker-compose.yaml to project directory
|
||||
template:
|
||||
src: docker-compose.yaml
|
||||
dest: "{{ project_dir }}/docker-compose.yaml"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '640'
|
||||
|
||||
- name: Pull project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
|
@ -28,3 +15,4 @@
|
|||
- name: Create/Restart project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
restarted: "{{ run_setup | default(false) | bool }}"
|
||||
|
|
|
@ -1,7 +1,10 @@
|
|||
- name: "Create {{ project_dir }} project directory"
|
||||
- name: "(Re)Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: directory
|
||||
state: "{{ item }}"
|
||||
loop:
|
||||
- absent
|
||||
- directory
|
||||
|
||||
- name: Template docker-compose.yaml & .env to project directory
|
||||
template:
|
||||
|
|
|
@ -16,8 +16,9 @@
|
|||
include_tasks:
|
||||
file: backup.yml
|
||||
# Make a backup if we didn't already make one and we pulled a new image
|
||||
when: not run_backup and lldap_pulled_images is defined
|
||||
when: not run_backup | default(false) and lldap_pulled_images is defined
|
||||
|
||||
- name: Create/Restart project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
restarted: "{{ run_setup | default(false) | bool }}"
|
||||
|
|
|
@ -3,6 +3,11 @@
|
|||
file: backup.yml
|
||||
when: run_backup | default(false) | bool
|
||||
|
||||
- name: Include setup tasks
|
||||
include_tasks:
|
||||
file: setup.yml
|
||||
when: run_setup | default(false) | bool
|
||||
|
||||
- name: Include update tasks
|
||||
include_tasks:
|
||||
file: update.yml
|
||||
|
|
60
roles/mailserver/tasks/setup.yml
Normal file
60
roles/mailserver/tasks/setup.yml
Normal file
|
@ -0,0 +1,60 @@
|
|||
- name: "(Re)Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: "{{ item }}"
|
||||
loop:
|
||||
- absent
|
||||
- directory
|
||||
|
||||
- name: Template configuration files to project directory
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ project_dir }}/{{ item.path }}"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ users['mailserver'] + uid_shift }}"
|
||||
mode: '640'
|
||||
with_filetree: ../templates/
|
||||
when: item.state == 'file'
|
||||
become: true
|
||||
|
||||
- name: "Create (if not exists) directory {{ volumes['mailserver_datadir'] }} & set permissions"
|
||||
file:
|
||||
path: "{{ volumes['mailserver_datadir'] }}"
|
||||
state: directory
|
||||
owner: "{{ users['mailserver'] + uid_shift }}"
|
||||
group: "{{ users['mailserver'] + uid_shift }}"
|
||||
mode: '700'
|
||||
become: true
|
||||
|
||||
- name: Set limited permissions on certificate directories
|
||||
file:
|
||||
path: "/etc/{{ item }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: '751'
|
||||
become: true
|
||||
loop:
|
||||
- letsencrypt
|
||||
- letsencrypt/live
|
||||
- letsencrypt/archive
|
||||
|
||||
- name: Set limited permissions on certificate directories
|
||||
file:
|
||||
path: "/etc/letsencrypt/{{ item }}/mail.{{ domain }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: "{{ host_uid }}"
|
||||
mode: '550'
|
||||
become: true
|
||||
loop:
|
||||
- live
|
||||
- archive
|
||||
|
||||
- name: Set limited permissions on certificate key file
|
||||
file:
|
||||
path: "/etc/letsencrypt/live/mail.{{ domain }}/privkey.pem"
|
||||
owner: root
|
||||
group: "{{ host_uid }}"
|
||||
mode: '640'
|
||||
become: true
|
|
@ -1,61 +1,3 @@
|
|||
- name: "Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: directory
|
||||
|
||||
- name: Template configuration files to project directory
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ project_dir }}/{{ item.path }}"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ users['mailserver'] + uid_shift }}"
|
||||
mode: '640'
|
||||
with_filetree: ../templates/
|
||||
when: item.state == 'file'
|
||||
become: true
|
||||
|
||||
- name: "Create (if not exists) directory {{ volumes['mailserver_datadir'] }} & set permissions"
|
||||
file:
|
||||
path: "{{ volumes['mailserver_datadir'] }}"
|
||||
state: directory
|
||||
owner: "{{ users['mailserver'] + uid_shift }}"
|
||||
group: "{{ users['mailserver'] + uid_shift }}"
|
||||
mode: '700'
|
||||
become: true
|
||||
|
||||
- name: Set limited permissions on certificate directories
|
||||
file:
|
||||
path: "/etc/{{ item }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: '751'
|
||||
become: true
|
||||
loop:
|
||||
- letsencrypt
|
||||
- letsencrypt/live
|
||||
- letsencrypt/archive
|
||||
|
||||
- name: Set limited permissions on certificate directories
|
||||
file:
|
||||
path: "/etc/letsencrypt/{{ item }}/mail.{{ domain }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: "{{ host_uid }}"
|
||||
mode: '550'
|
||||
become: true
|
||||
loop:
|
||||
- live
|
||||
- archive
|
||||
|
||||
- name: Set limited permissions on certificate key file
|
||||
file:
|
||||
path: "/etc/letsencrypt/live/mail.{{ domain }}/privkey.pem"
|
||||
owner: root
|
||||
group: "{{ host_uid }}"
|
||||
mode: '640'
|
||||
become: true
|
||||
|
||||
- name: Pull project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
|
@ -74,9 +16,9 @@
|
|||
include_tasks:
|
||||
file: backup.yml
|
||||
# Make a backup if we didn't already make one and we pulled a new image
|
||||
when: not run_backup and mailserver_pulled_images is defined
|
||||
when: not run_backup | default(false) and mailserver_pulled_images is defined
|
||||
|
||||
- name: Create/Restart project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
restarted: true
|
||||
restarted: "{{ run_setup | default(false) | bool }}"
|
||||
|
|
|
@ -3,6 +3,11 @@
|
|||
file: backup.yml
|
||||
when: run_backup | default(false) | bool
|
||||
|
||||
- name: Include setup tasks
|
||||
include_tasks:
|
||||
file: setup.yml
|
||||
when: run_setup | default(false) | bool
|
||||
|
||||
- name: Include update tasks
|
||||
include_tasks:
|
||||
file: update.yml
|
||||
|
|
33
roles/postgres/tasks/setup.yml
Normal file
33
roles/postgres/tasks/setup.yml
Normal file
|
@ -0,0 +1,33 @@
|
|||
- name: "(Re)Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: "{{ item }}"
|
||||
loop:
|
||||
- absent
|
||||
- directory
|
||||
|
||||
- name: "Create (if not exists) directory {{ volumes['postgres_datadir'] }} & set permissions"
|
||||
file:
|
||||
path: "{{ volumes['postgres_datadir'] }}"
|
||||
state: directory
|
||||
owner: "{{ users['postgres'] + uid_shift }}"
|
||||
group: "{{ users['postgres'] + uid_shift }}"
|
||||
mode: '700'
|
||||
become: true
|
||||
|
||||
- name: "Check if directory {{ volumes['postgres_datadir'] }} is empty"
|
||||
find:
|
||||
paths: "{{ volumes['postgres_datadir'] }}"
|
||||
register: postgres_find_datadir_result
|
||||
become: true
|
||||
|
||||
- name: Template docker-compose.yaml & .env to project directory
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ project_dir }}/{{ item }}"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '600'
|
||||
loop:
|
||||
- docker-compose.yaml
|
||||
- .env
|
|
@ -1,34 +1,3 @@
|
|||
- name: "Create {{ project_dir }} directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: directory
|
||||
|
||||
- name: "Create (if not exists) directory {{ volumes['postgres_datadir'] }} & set permissions"
|
||||
file:
|
||||
path: "{{ volumes['postgres_datadir'] }}"
|
||||
state: directory
|
||||
owner: "{{ users['postgres'] + uid_shift }}"
|
||||
group: "{{ users['postgres'] + uid_shift }}"
|
||||
mode: '700'
|
||||
become: true
|
||||
|
||||
- name: "Check if directory {{ volumes['postgres_datadir'] }} is empty"
|
||||
find:
|
||||
paths: "{{ volumes['postgres_datadir'] }}"
|
||||
register: postgres_find_datadir_result
|
||||
become: true
|
||||
|
||||
- name: Template docker-compose.yaml & .env to project directory
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ project_dir }}/{{ item }}"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '600'
|
||||
loop:
|
||||
- docker-compose.yaml
|
||||
- .env
|
||||
|
||||
- name: Pull project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
|
@ -47,8 +16,9 @@
|
|||
include_tasks:
|
||||
file: backup.yml
|
||||
# Make a backup if we didn't already make one and we pulled a new image
|
||||
when: not run_backup and postgres_pulled_images is defined
|
||||
when: not run_backup | default(false) and postgres_pulled_images is defined
|
||||
|
||||
- name: Create/Restart project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
restarted: "{{ run_setup | default(false) | bool }}"
|
||||
|
|
|
@ -1,3 +1,8 @@
|
|||
- name: Include setup tasks
|
||||
include_tasks:
|
||||
file: setup.yml
|
||||
when: run_setup | default(false) | bool
|
||||
|
||||
- name: Include update tasks
|
||||
include_tasks:
|
||||
file: update.yml
|
||||
|
|
23
roles/searxng/tasks/setup.yml
Normal file
23
roles/searxng/tasks/setup.yml
Normal file
|
@ -0,0 +1,23 @@
|
|||
- name: "(Re)Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: "{{ item }}"
|
||||
loop:
|
||||
- absent
|
||||
- directory
|
||||
|
||||
- name: Template docker-compose.yaml to project directory
|
||||
template:
|
||||
src: docker-compose.yaml
|
||||
dest: "{{ project_dir }}/docker-compose.yaml"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '640'
|
||||
|
||||
- name: Copy settings.yml and limiter.toml to project directory
|
||||
copy:
|
||||
src: "{{ role_path }}/files/"
|
||||
dest: "{{ project_dir }}"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '644'
|
|
@ -1,26 +1,3 @@
|
|||
- name: "Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: directory
|
||||
|
||||
- name: Template docker-compose.yaml to project directory
|
||||
template:
|
||||
src: docker-compose.yaml
|
||||
dest: "{{ project_dir }}/docker-compose.yaml"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '640'
|
||||
|
||||
- name: Copy settings.yml and limiter.toml to project directory
|
||||
copy:
|
||||
src: "{{ role_path }}/files/"
|
||||
dest: "{{ project_dir }}"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '644'
|
||||
# Store result to restart services if the file(s) changed
|
||||
register: searxng_copy_files_result
|
||||
|
||||
- name: Pull project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
|
@ -38,5 +15,4 @@
|
|||
- name: Create/Restart project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
# Restart if config file(s) changed
|
||||
restarted: "{{ searxng_copy_files_result['changed'] | bool }}"
|
||||
restarted: "{{ run_setup | default(false) | bool }}"
|
||||
|
|
|
@ -3,6 +3,11 @@
|
|||
file: backup.yml
|
||||
when: run_backup | default(false) | bool
|
||||
|
||||
- name: Include setup tasks
|
||||
include_tasks:
|
||||
file: setup.yml
|
||||
when: run_setup | default(false) | bool
|
||||
|
||||
- name: Include update tasks
|
||||
include_tasks:
|
||||
file: update.yml
|
||||
|
|
34
roles/synapse/tasks/setup.yml
Normal file
34
roles/synapse/tasks/setup.yml
Normal file
|
@ -0,0 +1,34 @@
|
|||
- name: "(Re)Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: "{{ item }}"
|
||||
loop:
|
||||
- absent
|
||||
- directory
|
||||
|
||||
- name: Template docker-compose.yaml & homeserver.yaml to project directory
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ project_dir }}/{{ item }}"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '640'
|
||||
loop:
|
||||
- docker-compose.yaml
|
||||
- homeserver.yaml
|
||||
|
||||
# Separate task because template module cannot chown/chgrp to a non-existing user/group
|
||||
- name: "Change group of homeserver.yaml to synapse GID ({{ users['synapse'] + uid_shift }})"
|
||||
file:
|
||||
path: "{{ project_dir }}/homeserver.yaml"
|
||||
group: "{{ users['synapse'] + uid_shift }}"
|
||||
become: true
|
||||
|
||||
- name: "Create (if not exists) directory {{ volumes['synapse_datadir'] }} & set permissions"
|
||||
file:
|
||||
path: "{{ volumes['synapse_datadir'] }}"
|
||||
state: directory
|
||||
owner: "{{ users['synapse'] + uid_shift }}"
|
||||
group: "{{ users['synapse'] + uid_shift }}"
|
||||
mode: '770'
|
||||
become: true
|
|
@ -1,41 +1,3 @@
|
|||
- name: "Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: directory
|
||||
|
||||
- name: Template docker-compose.yaml to project directory
|
||||
template:
|
||||
src: docker-compose.yaml
|
||||
dest: "{{ project_dir }}/docker-compose.yaml"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '640'
|
||||
|
||||
- name: Template homeserver.yaml to project directory
|
||||
template:
|
||||
src: homeserver.yaml
|
||||
dest: "{{ project_dir }}/homeserver.yaml"
|
||||
owner: "{{ host_uid }}"
|
||||
mode: '640'
|
||||
# Store result to restart services if the file changed
|
||||
register: synapse_template_homeserver_result
|
||||
|
||||
# Separate task because template module cannot chown/chgrp to a non-existing user/group
|
||||
- name: "Change group of homeserver.yaml to synapse GID ({{ users['synapse'] + uid_shift }})"
|
||||
file:
|
||||
path: "{{ project_dir }}/homeserver.yaml"
|
||||
group: "{{ users['synapse'] + uid_shift }}"
|
||||
become: true
|
||||
|
||||
- name: "Create directory {{ volumes['synapse_datadir'] }} with correct permissions"
|
||||
file:
|
||||
path: "{{ volumes['synapse_datadir'] }}"
|
||||
state: directory
|
||||
owner: "{{ users['synapse'] + uid_shift }}"
|
||||
group: "{{ users['synapse'] + uid_shift }}"
|
||||
mode: '770'
|
||||
become: true
|
||||
|
||||
- name: Pull project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
|
@ -54,10 +16,9 @@
|
|||
include_tasks:
|
||||
file: backup.yml
|
||||
# Make a backup if we didn't already make one and we pulled a new image
|
||||
when: not run_backup and synapse_pulled_images is defined
|
||||
when: not run_backup | default(false) and synapse_pulled_images is defined
|
||||
|
||||
- name: Create/Restart project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
# Restart if config file(s) changed
|
||||
restarted: "{{ synapse_template_homeserver_result['changed'] | bool }}"
|
||||
restarted: "{{ run_setup | default(false) | bool }}"
|
||||
|
|
|
@ -1,3 +1,8 @@
|
|||
- name: Include setup tasks
|
||||
include_tasks:
|
||||
file: setup.yml
|
||||
when: run_setup | default(false) | bool
|
||||
|
||||
- name: Include update tasks
|
||||
include_tasks:
|
||||
file: update.yml
|
||||
|
|
15
roles/syncthing/tasks/setup.yml
Normal file
15
roles/syncthing/tasks/setup.yml
Normal file
|
@ -0,0 +1,15 @@
|
|||
- name: "(Re)Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: "{{ item }}"
|
||||
loop:
|
||||
- absent
|
||||
- directory
|
||||
|
||||
- name: Template docker-compose.yaml to project directory
|
||||
template:
|
||||
src: docker-compose.yaml
|
||||
dest: "{{ project_dir }}/docker-compose.yaml"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '640'
|
|
@ -1,16 +1,3 @@
|
|||
- name: "Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: directory
|
||||
|
||||
- name: Template docker-compose.yaml to project directory
|
||||
template:
|
||||
src: docker-compose.yaml
|
||||
dest: "{{ project_dir }}/docker-compose.yaml"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '640'
|
||||
|
||||
- name: Pull project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
|
@ -28,3 +15,4 @@
|
|||
- name: Create/Restart project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
restarted: "{{ run_setup | default(false) | bool }}"
|
||||
|
|
|
@ -3,6 +3,11 @@
|
|||
file: backup.yml
|
||||
when: run_backup | default(false) | bool
|
||||
|
||||
- name: Include setup tasks
|
||||
include_tasks:
|
||||
file: setup.yml
|
||||
when: run_setup | default(false) | bool
|
||||
|
||||
- name: Include update tasks
|
||||
include_tasks:
|
||||
file: update.yml
|
||||
|
|
24
roles/uptime-kuma/tasks/setup.yml
Normal file
24
roles/uptime-kuma/tasks/setup.yml
Normal file
|
@ -0,0 +1,24 @@
|
|||
- name: "(Re)Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: "{{ item }}"
|
||||
loop:
|
||||
- absent
|
||||
- directory
|
||||
|
||||
- name: Template docker-compose.yaml to project directory
|
||||
template:
|
||||
src: docker-compose.yaml
|
||||
dest: "{{ project_dir }}/docker-compose.yaml"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '640'
|
||||
|
||||
- name: "Create (if not exists) directory {{ volumes['uptime_kuma_datadir'] }} & set permissions"
|
||||
file:
|
||||
path: "{{ volumes['uptime_kuma_datadir'] }}"
|
||||
state: directory
|
||||
owner: "{{ users['uptime_kuma'] + uid_shift }}"
|
||||
group: "{{ users['uptime_kuma'] + uid_shift }}"
|
||||
mode: '770'
|
||||
become: true
|
|
@ -1,25 +1,3 @@
|
|||
- name: "Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: directory
|
||||
|
||||
- name: Template docker-compose.yaml to project directory
|
||||
template:
|
||||
src: docker-compose.yaml
|
||||
dest: "{{ project_dir }}/docker-compose.yaml"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '640'
|
||||
|
||||
- name: "Create directory {{ volumes['uptime_kuma_datadir'] }} with correct permissions"
|
||||
file:
|
||||
path: "{{ volumes['uptime_kuma_datadir'] }}"
|
||||
state: directory
|
||||
owner: "{{ users['uptime_kuma'] + uid_shift }}"
|
||||
group: "{{ users['uptime_kuma'] + uid_shift }}"
|
||||
mode: '770'
|
||||
become: true
|
||||
|
||||
- name: Pull project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
|
@ -38,8 +16,9 @@
|
|||
include_tasks:
|
||||
file: backup.yml
|
||||
# Make a backup if we didn't already make one and we pulled a new image
|
||||
when: not run_backup and uptime_kuma_pulled_images is defined
|
||||
when: not run_backup | default(false) and uptime_kuma_pulled_images is defined
|
||||
|
||||
- name: Create/Restart project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
restarted: "{{ run_setup | default(false) | bool }}"
|
||||
|
|
|
@ -3,6 +3,11 @@
|
|||
file: backup.yml
|
||||
when: run_backup | default(false) | bool
|
||||
|
||||
- name: Include setup tasks
|
||||
include_tasks:
|
||||
file: setup.yml
|
||||
when: run_setup | default(false) | bool
|
||||
|
||||
- name: Include update tasks
|
||||
include_tasks:
|
||||
file: update.yml
|
||||
|
|
27
roles/vaultwarden/tasks/setup.yml
Normal file
27
roles/vaultwarden/tasks/setup.yml
Normal file
|
@ -0,0 +1,27 @@
|
|||
- name: "(Re)Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: "{{ item }}"
|
||||
loop:
|
||||
- absent
|
||||
- directory
|
||||
|
||||
- name: Template docker-compose.yaml & .env to project directory
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ project_dir }}/{{ item }}"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '640'
|
||||
loop:
|
||||
- docker-compose.yaml
|
||||
- .env
|
||||
|
||||
- name: "Create (if not exists) directory {{ volumes['vaultwarden_datadir'] }} & set permissions"
|
||||
file:
|
||||
path: "{{ volumes['vaultwarden_datadir'] }}"
|
||||
state: directory
|
||||
owner: "{{ users['vaultwarden'] + uid_shift }}"
|
||||
group: "{{ users['vaultwarden'] + uid_shift }}"
|
||||
mode: '770'
|
||||
become: true
|
|
@ -1,28 +1,3 @@
|
|||
- name: "Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: directory
|
||||
|
||||
- name: Template docker-compose.yaml & .env to project directory
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ project_dir }}/{{ item }}"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '640'
|
||||
loop:
|
||||
- docker-compose.yaml
|
||||
- .env
|
||||
|
||||
- name: "Create directory {{ volumes['vaultwarden_datadir'] }} with correct permissions"
|
||||
file:
|
||||
path: "{{ volumes['vaultwarden_datadir'] }}"
|
||||
state: directory
|
||||
owner: "{{ users['vaultwarden'] + uid_shift }}"
|
||||
group: "{{ users['vaultwarden'] + uid_shift }}"
|
||||
mode: '770'
|
||||
become: true
|
||||
|
||||
- name: Pull project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
|
@ -41,8 +16,9 @@
|
|||
include_tasks:
|
||||
file: backup.yml
|
||||
# Make a backup if we didn't already make one and we pulled a new image
|
||||
when: not run_backup and vaultwarden_pulled_images is defined
|
||||
when: not run_backup | default(false) and vaultwarden_pulled_images is defined
|
||||
|
||||
- name: Create/Restart project services
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ project_dir }}"
|
||||
restarted: "{{ run_setup | default(false) | bool }}"
|
||||
|
|
|
@ -1,2 +1,9 @@
|
|||
ADMIN_TOKEN='{{ vaultwarden_secrets["admin_token_hash"] }}'
|
||||
DOMAIN=https://vw.{{ domain }}
|
||||
SIGNUPS_ALLOWED=false
|
||||
SMTP_HOST=mail.{{ domain }}
|
||||
SMTP_FROM=vaultwarden@{{ domain }}
|
||||
SMTP_PORT={{ ports['mailserver_smtps'] }}
|
||||
SMTP_SECURITY=force_tls
|
||||
SMTP_USERNAME='{{ vaultwarden_secrets["smtp_username"] }}'
|
||||
SMTP_PASSWORD='{{ vaultwarden_secrets["smtp_password"] }}'
|
||||
|
|
|
@ -4,16 +4,7 @@ services:
|
|||
container_name: vaultwarden
|
||||
restart: always
|
||||
user: {{ users['vaultwarden'] }}:{{ users['vaultwarden'] }}
|
||||
environment:
|
||||
- DOMAIN=https://vw.{{ domain }}
|
||||
- SIGNUPS_ALLOWED=false
|
||||
- ADMIN_TOKEN=${ADMIN_TOKEN}
|
||||
- SMTP_HOST=mail.{{ domain }}
|
||||
- SMTP_FROM=vaultwarden@{{ domain }}
|
||||
- SMTP_PORT={{ ports['mailserver_smtps'] }}
|
||||
- SMTP_SECURITY=force_tls
|
||||
- SMTP_USERNAME={{ vaultwarden_secrets['smtp_username'] }}
|
||||
- SMTP_PASSWORD=${SMTP_PASSWORD}
|
||||
env_file: .env
|
||||
ports:
|
||||
- 127.0.0.1:{{ ports['vaultwarden'] }}:80
|
||||
volumes:
|
||||
|
|
Loading…
Reference in a new issue