fix stuff in WIP IN node playbook

This commit is contained in:
Arya 2024-01-07 22:06:11 +05:30
parent 0efcaa83f7
commit 5223300807
Signed by: arya
GPG Key ID: 842D12BDA50DF120
3 changed files with 66 additions and 42 deletions

View File

@ -1,18 +1,17 @@
- name: Docker - name: Docker
hosts: in2 hosts: in
vars_files: vars_files:
- ./vars.yaml - ./vars.yaml
tasks: tasks:
- name: Debug apps.groups
debug:
msg: "{{ apps.groups }}"
- name: Deploy stack role - name: Deploy stack role
ansible.builtin.include_role: ansible.builtin.include_role:
name: docker name: gi-yt.docker_compose_declarative
vars: vars:
app: "{{ item.value }}" app: "{{ item.value }}"
app_name: "{{ item.key | lower }}" app_name: "{{ item.key | lower }}"
default_restart_policy: unless-stopped
configs_dir: "/opt/configs"
configs_dir_local: "./configs/{{ item.key }}" configs_dir_local: "./configs/{{ item.key }}"
compose_dir: "/opt/docker" loop: "{{ apps.groups | default({}) | dict2items }}"
data_dir: "/opt/docker"
loop: "{{ apps.groups | dict2items }}"
when: item.value.docker_settings when: item.value.docker_settings

View File

@ -1,7 +1,13 @@
--- ---
default_restart_policy: unless-stopped
configs_dir: "/opt/configs"
compose_dir: "/opt/docker"
data_dir: "/opt/docker"
apps: apps:
groups: groups:
semaphore: semaphore:
needs_configs_dir: false
needs_data_dir: false
docker_settings: docker_settings:
services: services:
- name: semaphore - name: semaphore
@ -10,20 +16,22 @@ apps:
- "3527:3000" - "3527:3000"
environment: environment:
SEMAPHORE_DB_USER: semaphore SEMAPHORE_DB_USER: semaphore
#SEMAPHORE_DB_PASS: "{{semaphore_db_pass}}" # SEMAPHORE_DB_PASS: "{{semaphore_db_pass}}"
#SEMAPHORE_DB_HOST: "{{common_postgres_ip}}" # SEMAPHORE_DB_HOST: "{{common_postgres_ip}}"
SEMAPHORE_DB_PORT: 5432 SEMAPHORE_DB_PORT: 5432
SEMAPHORE_DB_DIALECT: postgres SEMAPHORE_DB_DIALECT: postgres
SEMAPHORE_DB: semaphore SEMAPHORE_DB: semaphore
SEMAPHORE_PLAYBOOK_PATH: /tmp/semaphore/ SEMAPHORE_PLAYBOOK_PATH: /tmp/semaphore/
#SEMAPHORE_ADMIN_PASSWORD: "{{semaphore_admin_password}}" # SEMAPHORE_ADMIN_PASSWORD: "{{semaphore_admin_password}}"
SEMAPHORE_ADMIN_NAME: admin SEMAPHORE_ADMIN_NAME: admin
SEMAPHORE_ADMIN_EMAIL: admin@projectsegfau.lt SEMAPHORE_ADMIN_EMAIL: admin@projectsegfau.lt
SEMAPHORE_ADMIN: admin SEMAPHORE_ADMIN: admin
#SEMAPHORE_ACCESS_KEY_ENCRYPTION: "{{semaphore_access_key_encryption}}" # SEMAPHORE_ACCESS_KEY_ENCRYPTION: "{{semaphore_access_key_encryption}}"
SEMAPHORE_LDAP_ACTIVATED: 'no' # if you wish to use ldap, set to: 'yes' SEMAPHORE_LDAP_ACTIVATED: 'no' # if you wish to use ldap, set to: 'yes'
ANSIBLE_HOST_KEY_CHECKING: 'false' ANSIBLE_HOST_KEY_CHECKING: 'false'
ghost: ghost:
needs_configs_dir: true
needs_data_dir: true
docker_settings: docker_settings:
services: services:
- name: ghost - name: ghost
@ -37,6 +45,8 @@ apps:
- "{{data_dir}}/ghost/content:/var/lib/ghost/content:z" - "{{data_dir}}/ghost/content:/var/lib/ghost/content:z"
gitea: gitea:
needs_configs_dir: true
needs_data_dir: true
docker_settings: docker_settings:
services: services:
- name: gitea - name: gitea
@ -44,8 +54,6 @@ apps:
environment: environment:
USER_UID=1000 USER_UID=1000
USER_GID=1000 USER_GID=1000
networks:
- gitea
mounts: mounts:
- "{{data_dir}}/gitea:/data" - "{{data_dir}}/gitea:/data"
- "{{configs_dir}}/gitea/templates:/data/gitea/templates" - "{{configs_dir}}/gitea/templates:/data/gitea/templates"
@ -56,6 +64,8 @@ apps:
- "3444:3000" - "3444:3000"
- "222:22" - "222:22"
headscale: headscale:
needs_configs_dir: true
needs_data_dir: true
docker_settings: docker_settings:
services: services:
- name: headscale - name: headscale
@ -66,6 +76,8 @@ apps:
- "{{data_dir}}/headscale:/etc/headscale" - "{{data_dir}}/headscale:/etc/headscale"
- "{{configs_dir}}/headscale/config.yaml:/etc/headscale/config.yaml" - "{{configs_dir}}/headscale/config.yaml:/etc/headscale/config.yaml"
healthchecks: healthchecks:
needs_configs_dir: false
needs_data_dir: false
docker_settings: docker_settings:
services: services:
- name: healthchecks - name: healthchecks
@ -74,41 +86,43 @@ apps:
- "8450:8000" - "8450:8000"
environment: environment:
ALLOWED_HOSTS: "*" ALLOWED_HOSTS: "*"
APPRISE_ENABLED: True APPRISE_ENABLED: true
DB: postgres DB: postgres
DB_CONN_MAX_AGE: 0 DB_CONN_MAX_AGE: 0
#DB_HOST: {{common_postgres_ip}} # DB_HOST: {{common_postgres_ip}}
DB_NAME: healthchecks DB_NAME: healthchecks
#DB_PASSWORD: {{healthchecks_db_pass}} # DB_PASSWORD: {{healthchecks_db_pass}}
DB_PORT: 5432 DB_PORT: 5432
DB_SSLMODE: prefer DB_SSLMODE: prefer
DB_TARGET_SESSION_ATTRS: read-write DB_TARGET_SESSION_ATTRS: read-write
DB_USER: healthchecks DB_USER: healthchecks
DEBUG: False DEBUG: false
DEFAULT_FROM_EMAIL: healthchecks@projectsegfau.lt DEFAULT_FROM_EMAIL: healthchecks@projectsegfau.lt
EMAIL_HOST: mail.projectsegfau.lt EMAIL_HOST: mail.projectsegfau.lt
#EMAIL_HOST_PASSWORD: {{healthchecks_email_pass}} # EMAIL_HOST_PASSWORD: {{healthchecks_email_pass}}
EMAIL_HOST_USER: healthchecks@projectsegfau.lt EMAIL_HOST_USER: healthchecks@projectsegfau.lt
EMAIL_PORT: 587 EMAIL_PORT: 587
EMAIL_USE_TLS: True EMAIL_USE_TLS: true
EMAIL_USE_VERIFICATION: True EMAIL_USE_VERIFICATION: true
INTEGRATIONS_ALLOW_PRIVATE_IPS: False INTEGRATIONS_ALLOW_PRIVATE_IPS: false
#MATRIX_ACCESS_TOKEN: {{healthchecks_matrix_access_token}} # MATRIX_ACCESS_TOKEN: {{healthchecks_matrix_access_token}}
MATRIX_HOMESERVER: https://matrix.envs.net MATRIX_HOMESERVER: https://matrix.envs.net
MATRIX_USER_ID: "@psf-bot:envs.net" MATRIX_USER_ID: "@psf-bot:envs.net"
PING_BODY_LIMIT: 10000 PING_BODY_LIMIT: 10000
PING_EMAIL_DOMAIN: healthchecks.projectsegfau.lt PING_EMAIL_DOMAIN: healthchecks.projectsegfau.lt
PING_ENDPOINT: https://healthchecks.projectsegfau.lt/ping/ PING_ENDPOINT: https://healthchecks.projectsegfau.lt/ping/
PROMETHEUS_ENABLED: True PROMETHEUS_ENABLED: true
REGISTRATION_OPEN: True REGISTRATION_OPEN: true
REMOTE_USER_HEADER: X-Forwarded-For REMOTE_USER_HEADER: X-Forwarded-For
RP_ID: healthchecks.projectsegfau.lt RP_ID: healthchecks.projectsegfau.lt
#SECRET_KEY: {{healthchecks_secret_key}} # SECRET_KEY: {{healthchecks_secret_key}}
SHELL_ENABLED: False SHELL_ENABLED: false
SITE_LOGO_URL: https://psf.lt/logo.png SITE_LOGO_URL: https://psf.lt/logo.png
SITE_NAME: Mychecks SITE_NAME: Mychecks
SITE_ROOT: https://healthchecks.projectsegfau.lt SITE_ROOT: https://healthchecks.projectsegfau.lt
hedgedoc: hedgedoc:
needs_data_dir: true
needs_configs_dir: false
docker_settings: docker_settings:
services: services:
- name: hedgedoc - name: hedgedoc
@ -119,7 +133,7 @@ apps:
ports: ports:
- "2069:3000" - "2069:3000"
environment: environment:
CMD_DB_URL: postgres://hedgedoc:{{hedgedoc_db_pass}}@{{common_postgres_ip}}/hedgedoc #CMD_DB_URL: postgres://hedgedoc:{{hedgedoc_db_pass}}@{{common_postgres_ip}}/hedgedoc
CMD_DOMAIN: doc.projectsegfau.lt CMD_DOMAIN: doc.projectsegfau.lt
CMD_PROTOCOL_USESSL: true CMD_PROTOCOL_USESSL: true
TZ: UTC TZ: UTC
@ -132,11 +146,11 @@ apps:
CMD_REQUIRE_FREEURL_AUTHENTICATION: false CMD_REQUIRE_FREEURL_AUTHENTICATION: false
CMD_ALLOW_EMAIL_REGISTER: true CMD_ALLOW_EMAIL_REGISTER: true
CMD_PORT: 3000 CMD_PORT: 3000
CMD_SESSION_SECRET: "{{hedgedoc_session_secret}}" #CMD_SESSION_SECRET: "{{hedgedoc_session_secret}}"
CMD_CSP_ENABLE: true CMD_CSP_ENABLE: true
CMD_OAUTH2_PROVIDERNAME: "authentik" CMD_OAUTH2_PROVIDERNAME: "authentik"
CMD_OAUTH2_CLIENT_ID: "{{hedgedoc_authentik_client_id}}" #CMD_OAUTH2_CLIENT_ID: "{{hedgedoc_authentik_client_id}}"
CMD_OAUTH2_CLIENT_SECRET: "{{hedgedoc_authentik_client_secret}}" #CMD_OAUTH2_CLIENT_SECRET: "{{hedgedoc_authentik_client_secret}}"
CMD_OAUTH2_SCOPE: "openid email profile" CMD_OAUTH2_SCOPE: "openid email profile"
CMD_OAUTH2_USER_PROFILE_URL: "https://auth.p.projectsegfau.lt/application/o/userinfo/" CMD_OAUTH2_USER_PROFILE_URL: "https://auth.p.projectsegfau.lt/application/o/userinfo/"
CMD_OAUTH2_TOKEN_URL: "https://auth.p.projectsegfau.lt/application/o/token/" CMD_OAUTH2_TOKEN_URL: "https://auth.p.projectsegfau.lt/application/o/token/"
@ -146,6 +160,8 @@ apps:
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: "email" CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: "email"
CMD_ALLOW_ORIGIN: "['localhost', 'doc.projectsegfau.lt', 'auth.p.projectsegfau.lt']" CMD_ALLOW_ORIGIN: "['localhost', 'doc.projectsegfau.lt', 'auth.p.projectsegfau.lt']"
website: website:
needs_data_dir: false
needs_configs_dir: false
docker_settings: docker_settings:
services: services:
- name: website - name: website
@ -153,7 +169,7 @@ apps:
ports: ports:
- "1337:3000" - "1337:3000"
environment: environment:
GHOST_API_KEY: "{{website_ghost_api_key}}" #GHOST_API_KEY: "{{website_ghost_api_key}}"
GHOST_URL: https://blog.projectsegfau.lt GHOST_URL: https://blog.projectsegfau.lt
KUMA_URL: https://st.psf.lt/api/status-page/projectsegfault KUMA_URL: https://st.psf.lt/api/status-page/projectsegfault
ADDRESS_HEADER: X-Forwarded-For ADDRESS_HEADER: X-Forwarded-For
@ -162,11 +178,13 @@ apps:
ports: ports:
- "1339:3000" - "1339:3000"
environment: environment:
GHOST_API_KEY: "{{website_ghost_api_key}}" #GHOST_API_KEY: "{{website_ghost_api_key}}"
GHOST_URL: https://blog.projectsegfau.lt GHOST_URL: https://blog.projectsegfau.lt
KUMA_URL: https://st.psf.lt/api/status-page/projectsegfault KUMA_URL: https://st.psf.lt/api/status-page/projectsegfault
ADDRESS_HEADER: X-Forwarded-For ADDRESS_HEADER: X-Forwarded-For
grafana: grafana:
needs_configs_dir: true
needs_data_dir: true
docker_settings: docker_settings:
services: services:
- name: grafana - name: grafana
@ -181,12 +199,14 @@ apps:
- name: prometheus - name: prometheus
image: prom/prometheus:latest image: prom/prometheus:latest
mounts: mounts:
- "{{config_dir}}/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml" - "{{configs_dir}}/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml"
- "{{data_dir}}/prometheus:/prometheus" - "{{data_dir}}/prometheus:/prometheus"
command: "--config.file=/etc/prometheus/prometheus.yml --storage.tsdb.path=/prometheus --web.console.libraries=/etc/prometheus/console_libraries --web.console.templates=/etc/prometheus/consoles --web.enable-lifecycle" command: "--config.file=/etc/prometheus/prometheus.yml --storage.tsdb.path=/prometheus --web.console.libraries=/etc/prometheus/console_libraries --web.console.templates=/etc/prometheus/consoles --web.enable-lifecycle"
ports: ports:
- "9090:9090" - "9090:9090"
chatclients: chatclients:
needs_configs_dir: true
needs_data_dir: false
docker_settings: docker_settings:
services: services:
- name: cinny - name: cinny
@ -194,13 +214,13 @@ apps:
ports: ports:
- "3069:80" - "3069:80"
mounts: mounts:
- "{{config_dir}}/chatclients/cinny/config.json:/usr/share/nginx/html/config.json" - "{{configs_dir}}/chatclients/cinny/config.json:/usr/share/nginx/html/config.json"
- name: element - name: element
image: vectorim/element-web:latest image: vectorim/element-web:latest
ports: ports:
- "3070:80" - "3070:80"
mounts: mounts:
- "{{config_dir}}/chatclients/element/config.json:/app/config.json" - "{{configs_dir}}/chatclients/element/config.json:/app/config.json"
- name: hydrogen - name: hydrogen
image: regsitry.gitlab.com/jcgruenhage/hydrogen-web:latest image: regsitry.gitlab.com/jcgruenhage/hydrogen-web:latest
ports: ports:
@ -215,6 +235,8 @@ apps:
APP_DEFAULT_DOMAIN: projectsegfau.lt APP_DEFAULT_DOMAIN: projectsegfau.lt
APP_HAS_SENDING_ENTER_KEY: true APP_HAS_SENDING_ENTER_KEY: true
vaultwarden: vaultwarden:
needs_data_dir: true
needs_configs_dir: false
docker_settings: docker_settings:
services: services:
- name: vaultwarden - name: vaultwarden
@ -225,7 +247,7 @@ apps:
- "6980:80" - "6980:80"
environment: environment:
DATA_FOLDER: data DATA_FOLDER: data
#DATABASE_URL: postgresql://vaultwarden:{{vaultwarden_db_pass}}@{{common_postgres_ip}}/vaultwarden # DATABASE_URL: postgresql://vaultwarden:{{vaultwarden_db_pass}}@{{common_postgres_ip}}/vaultwarden
DATABASE_MAX_CONNS: 100 DATABASE_MAX_CONNS: 100
IP_HEADER: X-Forwarded-For IP_HEADER: X-Forwarded-For
WEB_VAULT_FOLDER: web-vault/ WEB_VAULT_FOLDER: web-vault/
@ -250,7 +272,7 @@ apps:
SIGNUPS_VERIFY: true SIGNUPS_VERIFY: true
SIGNUPS_VERIFY_RESEND_TIME: 3600 SIGNUPS_VERIFY_RESEND_TIME: 3600
SIGNUPS_VERIFY_RESEND_LIMIT: 12 SIGNUPS_VERIFY_RESEND_LIMIT: 12
#ADMIN_TOKEN: {{vaultwarden_admin_token}} # ADMIN_TOKEN: {{vaultwarden_admin_token}}
INVITATIONS_ALLOWED: true INVITATIONS_ALLOWED: true
INVITATION_ORG_NAME: Vaultwarden INVITATION_ORG_NAME: Vaultwarden
INVITATION_EXPIRATION_HOURS: 120 INVITATION_EXPIRATION_HOURS: 120
@ -265,13 +287,15 @@ apps:
SMTP_SECURITY: starttls SMTP_SECURITY: starttls
SMTP_PORT: 587 SMTP_PORT: 587
SMTP_USERNAME: vaultwarden@projectsegfau.lt SMTP_USERNAME: vaultwarden@projectsegfau.lt
#SMTP_PASSWORD: {{vaultwarden_smtp_pass}} # SMTP_PASSWORD: {{vaultwarden_smtp_pass}}
SMTP_AUTH_MECHANISM: "Plain" SMTP_AUTH_MECHANISM: "Plain"
SMTP_EMBED_IMAGES: true SMTP_EMBED_IMAGES: true
REQUIRE_DEVICE_EMAIL: false REQUIRE_DEVICE_EMAIL: false
YUBICO_CLIENT_ID: 89607 YUBICO_CLIENT_ID: 89607
#YUBICO_SECRET_KEY: {{vaultwarden_yubico_secret_key}} # YUBICO_SECRET_KEY: {{vaultwarden_yubico_secret_key}}
mauliasproxy: mauliasproxy:
needs_configs_dir: true
needs_data_dir: false
docker_settings: docker_settings:
services: services:
- name: mauliasproxy - name: mauliasproxy
@ -279,4 +303,4 @@ apps:
ports: ports:
- "8456:8008" - "8456:8008"
mounts: mounts:
- "{{config_dir}}/mauliasproxy/config.yaml:/data/config.yaml" - "{{configs_dir}}/mauliasproxy/config.yaml:/data/config.yaml"

View File

@ -4,3 +4,4 @@
- src: geerlingguy.docker - src: geerlingguy.docker
- src: artis3n.tailscale - src: artis3n.tailscale
- src: borgbase.ansible_role_borgbackup - src: borgbase.ansible_role_borgbackup
- src: gi-yt.docker_compose_declarative