Compare commits
No commits in common. "1c1c7c22df082a9a3a8ed5775173858c3eae2f1d" and "51d9c9ec601cd3bf44471b2b18d5b5efb20d0bf5" have entirely different histories.
1c1c7c22df
...
51d9c9ec60
9 changed files with 82 additions and 39 deletions
5
env.yml
5
env.yml
|
@ -70,6 +70,7 @@ projects_to_backup:
|
||||||
|
|
||||||
borg_repodir: "{{ cifs_mounts['backups']['path'] }}/borg"
|
borg_repodir: "{{ cifs_mounts['backups']['path'] }}/borg"
|
||||||
borg_passphrase_file: /etc/borg-passphrase.txt
|
borg_passphrase_file: /etc/borg-passphrase.txt
|
||||||
|
hedgedoc_mysql_root_password_file: "/etc/hedgedoc-mysql-root-password.txt"
|
||||||
borg_prune_options: |
|
borg_prune_options: |
|
||||||
--keep-within=1d
|
--keep-within=1d
|
||||||
--keep-daily=7
|
--keep-daily=7
|
||||||
|
@ -113,6 +114,7 @@ users:
|
||||||
coturn: 666
|
coturn: 666
|
||||||
etebase: 373
|
etebase: 373
|
||||||
hedgedoc: 1004
|
hedgedoc: 1004
|
||||||
|
hedgedoc_mysql: 1005
|
||||||
homepage: 8686
|
homepage: 8686
|
||||||
lldap: 1007
|
lldap: 1007
|
||||||
mailserver: 8
|
mailserver: 8
|
||||||
|
@ -131,7 +133,8 @@ volumes:
|
||||||
coturn_tls_certificate_file: "/etc/letsencrypt/live/turn.{{ domain }}/fullchain.pem"
|
coturn_tls_certificate_file: "/etc/letsencrypt/live/turn.{{ domain }}/fullchain.pem"
|
||||||
coturn_tls_certificate_key_file: "/etc/letsencrypt/live/turn.{{ domain }}/privkey.pem"
|
coturn_tls_certificate_key_file: "/etc/letsencrypt/live/turn.{{ domain }}/privkey.pem"
|
||||||
etebase_datadir: /mnt/etebasedata
|
etebase_datadir: /mnt/etebasedata
|
||||||
hedgedoc_uploadsdir: /mnt/hedgedocuploads
|
hedgedoc_mysql_datadir: /mnt/hedgedoc/mysql-data
|
||||||
|
hedgedoc_configdir: /mnt/hedgedoc/config
|
||||||
lldap_datadir: /mnt/lldapdata
|
lldap_datadir: /mnt/lldapdata
|
||||||
mailserver_datadir: /mnt/mailserverdata
|
mailserver_datadir: /mnt/mailserverdata
|
||||||
mailserver_tls_certificate_file: "/etc/letsencrypt/live/mail.{{ domain }}/fullchain.pem"
|
mailserver_tls_certificate_file: "/etc/letsencrypt/live/mail.{{ domain }}/fullchain.pem"
|
||||||
|
|
|
@ -22,6 +22,20 @@
|
||||||
mode: '600'
|
mode: '600'
|
||||||
when: not borg_stat_passphrase_file_result.stat.exists or borg_update_passphrase | default(false) | bool
|
when: not borg_stat_passphrase_file_result.stat.exists or borg_update_passphrase | default(false) | bool
|
||||||
|
|
||||||
|
- name: Get Hedgedoc MySQL root password file stat
|
||||||
|
stat:
|
||||||
|
path: "{{ hedgedoc_mysql_root_password_file }}"
|
||||||
|
register: hedgedoc_mysql_root_password_file_result
|
||||||
|
|
||||||
|
- name: "Template hedgedoc-mysql-root-password.txt to {{ hedgedoc_mysql_root_password_file }}"
|
||||||
|
template:
|
||||||
|
src: hedgedoc-mysql-root-password.txt
|
||||||
|
dest: "{{ hedgedoc_mysql_root_password_file }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '600'
|
||||||
|
when: not hedgedoc_mysql_root_password_file_result.stat.exists or hedgedoc_update_mysql_root_password | default(false) | bool
|
||||||
|
|
||||||
- name: Get borg repository stat
|
- name: Get borg repository stat
|
||||||
stat:
|
stat:
|
||||||
path: "{{ borg_repodir }}"
|
path: "{{ borg_repodir }}"
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
{{ hedgedoc_secrets['mysql_root_password'] }}
|
|
@ -1,15 +1,22 @@
|
||||||
- name: "Backup PostgreSQL hedgedoc database & {{ volumes['hedgedoc_uploadsdir'] }} directory"
|
- name: Backup MySQL database
|
||||||
shell: >
|
community.docker.docker_container_exec:
|
||||||
docker exec postgres
|
container: hedgedoc-mysql
|
||||||
pg_dump -c {{ role_name }} |
|
docker_host: "{{ docker_host }}"
|
||||||
borg create
|
argv:
|
||||||
--compression lzma
|
- /bin/bash
|
||||||
"{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}"
|
- "-c"
|
||||||
"{{ volumes['hedgedoc_uploadsdir'] }}"
|
- "mysqldump hedgedoc > /var/lib/mysql/hedgedoc-dump.sql"
|
||||||
-
|
env:
|
||||||
--stdin-name dump_{{ role_name }}.sql
|
MYSQL_PWD: "{{ hedgedoc_secrets['mysql_root_password'] if hedgedoc_secrets['mysql_root_password'] is defined else lookup('ansible.builtin.file', hedgedoc_mysql_root_password_file) }}"
|
||||||
|
|
||||||
|
- name: Create borg backup
|
||||||
|
command:
|
||||||
|
cmd: |
|
||||||
|
borg create
|
||||||
|
--compression=lzma
|
||||||
|
"{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}"
|
||||||
|
{{ volumes['hedgedoc_mysql_datadir'] }}/hedgedoc-dump.sql
|
||||||
environment:
|
environment:
|
||||||
DOCKER_HOST: "{{ docker_host }}"
|
|
||||||
BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
|
BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
|
|
|
@ -1,26 +1,32 @@
|
||||||
- name: "Create {{ project_dir }} directory"
|
- name: "Create {{ project_dir }} project directory"
|
||||||
file:
|
file:
|
||||||
path: "{{ project_dir }}"
|
path: "{{ project_dir }}"
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
- name: Template docker-compose.yaml & .env to project directory
|
- name: Template docker-compose.yaml to project directory
|
||||||
template:
|
template:
|
||||||
src: "{{ item }}"
|
src: docker-compose.yaml
|
||||||
dest: "{{ project_dir }}/{{ item }}"
|
dest: "{{ project_dir }}/docker-compose.yaml"
|
||||||
owner: "{{ host_uid }}"
|
owner: "{{ host_uid }}"
|
||||||
group: "{{ host_uid }}"
|
group: "{{ host_uid }}"
|
||||||
mode: '600'
|
mode: '640'
|
||||||
loop:
|
|
||||||
- docker-compose.yaml
|
|
||||||
- .env
|
|
||||||
|
|
||||||
- name: "Create (if not exists) directory {{ volumes['hedgedoc_uploadsdir'] }} & set permissions"
|
- name: "Create directory {{ volumes['hedgedoc_configdir'] }} with correct permissions"
|
||||||
file:
|
file:
|
||||||
path: "{{ volumes['hedgedoc_uploadsdir'] }}"
|
path: "{{ volumes['hedgedoc_configdir'] }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ users['hedgedoc'] + uid_shift }}"
|
owner: "{{ users['hedgedoc'] + uid_shift }}"
|
||||||
group: "{{ users['hedgedoc'] + uid_shift }}"
|
group: "{{ users['hedgedoc'] + uid_shift }}"
|
||||||
mode: '700'
|
mode: '770'
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: "Create directory {{ volumes['hedgedoc_mysql_datadir'] }} with correct permissions"
|
||||||
|
file:
|
||||||
|
path: "{{ volumes['hedgedoc_mysql_datadir'] }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ users['hedgedoc_mysql'] + uid_shift }}"
|
||||||
|
group: "{{ users['hedgedoc_mysql'] + uid_shift }}"
|
||||||
|
mode: '770'
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
- name: Pull project services
|
- name: Pull project services
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
CMD_DB_DIALECT=postgres
|
|
||||||
CMD_DB_HOST='postgres.{{ domain }}'
|
|
||||||
CMD_DB_DATABASE=hedgedoc
|
|
||||||
CMD_DB_USERNAME='{{ hedgedoc_secrets["postgres_user"] }}'
|
|
||||||
CMD_DB_PASSWORD='{{ hedgedoc_secrets["postgres_password"] }}'
|
|
||||||
CMD_DOMAIN='hedgedoc.{{ domain }}'
|
|
||||||
CMD_PROTOCOL_USESSL=true
|
|
||||||
CMD_SESSION_SECRET='{{ hedgedoc_secrets["session_secret"] }}'
|
|
|
@ -1,11 +1,33 @@
|
||||||
services:
|
services:
|
||||||
hedgedoc:
|
hedgedoc:
|
||||||
container_name: hedgedoc
|
container_name: hedgedoc
|
||||||
image: quay.io/hedgedoc/hedgedoc:1.9.9
|
image: lscr.io/linuxserver/hedgedoc:latest
|
||||||
restart: always
|
restart: always
|
||||||
user: {{ users['hedgedoc'] }}:{{ users['hedgedoc'] }}
|
environment:
|
||||||
env_file: .env
|
- PUID={{ users['hedgedoc'] }}
|
||||||
|
- PGID={{ users['hedgedoc'] }}
|
||||||
|
- TZ={{ timezone }}
|
||||||
|
- DB_HOST=hedgedoc-mysql
|
||||||
|
- DB_PORT=3306
|
||||||
|
- DB_USER=root
|
||||||
|
- DB_PASS={{ hedgedoc_secrets['mysql_root_password'] }}
|
||||||
|
- DB_NAME=hedgedoc
|
||||||
|
- CMD_DOMAIN=hedgedoc.{{ domain }}
|
||||||
|
- CMD_PROTOCOL_USESSL=true
|
||||||
ports:
|
ports:
|
||||||
- 127.0.0.1:{{ ports['hedgedoc'] }}:3000
|
- 127.0.0.1:{{ ports['hedgedoc'] }}:3000
|
||||||
volumes:
|
volumes:
|
||||||
- {{ volumes['hedgedoc_uploadsdir'] }}:/hedgedoc/public/uploads
|
- {{ volumes['hedgedoc_configdir'] }}:/config
|
||||||
|
|
||||||
|
mysql:
|
||||||
|
container_name: hedgedoc-mysql
|
||||||
|
image: docker.io/library/mysql:latest
|
||||||
|
restart: always
|
||||||
|
user: {{ users['hedgedoc_mysql'] }}:{{ users['hedgedoc_mysql'] }}
|
||||||
|
environment:
|
||||||
|
MYSQL_DATABASE: hedgedoc
|
||||||
|
MYSQL_ROOT_PASSWORD: "{{ hedgedoc_secrets['mysql_root_password'] }}"
|
||||||
|
volumes:
|
||||||
|
- {{ volumes['hedgedoc_mysql_datadir'] }}:/var/lib/mysql
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
- name: Create borg backup from PostgreSQL dumpall
|
- name: Create borg backup from PostgreSQL dumpall
|
||||||
shell: >
|
shell: |
|
||||||
docker exec postgres
|
docker exec postgres
|
||||||
pg_dumpall |
|
pg_dumpall |
|
||||||
borg create
|
borg create
|
||||||
|
|
|
@ -25,9 +25,7 @@ coturn_secrets:
|
||||||
static_auth_secret:
|
static_auth_secret:
|
||||||
|
|
||||||
hedgedoc_secrets:
|
hedgedoc_secrets:
|
||||||
postgres_user:
|
mysql_root_password:
|
||||||
postgres_password:
|
|
||||||
session_secret:
|
|
||||||
|
|
||||||
lldap_secrets:
|
lldap_secrets:
|
||||||
jwt_secret:
|
jwt_secret:
|
||||||
|
|
Loading…
Reference in a new issue