kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-15 08:30:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ensure that keycloak is up

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-08-08 17:25:31 +02:00
parent c7b25ed093
commit aae69ea15b
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
27 changed files with 74 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
group_vars/all/00_general.yml
View File

@ -50,16 +50,17 @@ certbot_dns_propagation_wait_seconds: 300 # How long sho
certbot_flavor: san # Possible options: san (recommended, with a dns flavor like cloudflare, or hetzner), wildcard(doesn't function with www redirect), dedicated
# Path where Certbot stores challenge webroot files
letsencrypt_webroot_path: "/var/lib/letsencrypt/"
letsencrypt_webroot_path: "/var/lib/letsencrypt/"
# Base directory containing Certbot configuration, account data, and archives
letsencrypt_base_path: "/etc/letsencrypt/"
letsencrypt_base_path: "/etc/letsencrypt/"
# Symlink directory for the current active certificate and private key
letsencrypt_live_path: "{{ letsencrypt_base_path }}live/"
letsencrypt_live_path: "{{ letsencrypt_base_path }}live/"
## Docker Role Specific Parameters
docker_restart_policy: "unless-stopped"
DOCKER_RESTART_POLICY: "unless-stopped"
DOCKER_VARS_FILE: "{{ playbook_dir }}/roles/docker-compose/vars/docker-compose.yml"
# default value if not set via CLI (-e) or in playbook vars
allowed_applications: []

2
roles/cmp-db-docker/tasks/main.yml
View File

@ -7,7 +7,7 @@
- name: "For '{{ application_id }}': Load database variables"
include_vars: "{{ item }}"
loop:
- "{{ cmp_db_docker_vars_file_docker }}" # Important to load docker variables first so that database can use them
- "{{ DOCKER_VARS_FILE }}" # Important to load docker variables first so that database can use them
- "{{ cmp_db_docker_vars_file_db }}" # Important to load them before docker role so that backup can use them
- name: "For '{{ application_id }}': Load cmp-docker-oauth2"

3
roles/cmp-db-docker/vars/main.yml
View File

@ -1,2 +1 @@
cmp_db_docker_vars_file_db: "{{ playbook_dir }}/roles/cmp-rdbms/vars/database.yml"
cmp_db_docker_vars_file_docker: "{{ playbook_dir }}/roles/docker-compose/vars/docker-compose.yml"
cmp_db_docker_vars_file_db: "{{ playbook_dir }}/roles/cmp-rdbms/vars/database.yml"

2
roles/cmp-rdbms/templates/services/mariadb.yml.j2
View File

@ -6,7 +6,7 @@
logging:
driver: journald
image: mariadb
restart: {{docker_restart_policy}}
restart: {{DOCKER_RESTART_POLICY}}
env_file:
- {{database_env}}
command: "--transaction-isolation=READ-COMMITTED --binlog-format=ROW"

2
roles/cmp-rdbms/templates/services/postgres.yml.j2
View File

@ -6,7 +6,7 @@
container_name: {{ application_id | get_entity_name }}-database
env_file:
- {{database_env}}
restart: {{docker_restart_policy}}
restart: {{DOCKER_RESTART_POLICY}}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U {{database_name}}"]
interval: 10s

5
roles/docker-compose/tasks/helpers/ensure.yml Normal file
View File

@ -0,0 +1,5 @@
- name: "Load handlers without when condition. to guaranty that they are executed"
import_role:
name: docker-compose
tasks_from: helpers/none
handlers_from: main

1
roles/docker-compose/tasks/helpers/none.yml Normal file
View File

@ -0,0 +1 @@
# Dummy file for handler import

2
roles/docker-compose/tasks/main.yml
View File

@ -16,7 +16,7 @@
mode: '0755'
with_dict: "{{ docker_compose.directories }}"
- name: "Include routines to set up a git repository based installaion for '{{application_id}}'."
- name: "Include routines to set up a git repository based installation for '{{application_id}}'."
include_tasks: "02_repository.yml"
when: docker_pull_git_repository | bool

2
roles/docker-container/templates/base.yml.j2
View File

@ -1,6 +1,6 @@
{# Base for docker services #}
restart: {{docker_restart_policy}}
restart: {{DOCKER_RESTART_POLICY}}
{% if application_id | has_env %}
env_file:
- "{{docker_compose.files.env}}"

2
roles/svc-db-mariadb/tasks/main.yml
View File

@ -21,7 +21,7 @@
published_ports:
- "127.0.0.1:{{ mariadb_port }}:3306" # can be that this will be removed if all applications use sockets
command: "--transaction-isolation=READ-COMMITTED --binlog-format=ROW" #for nextcloud
restart_policy: "{{ docker_restart_policy }}"
restart_policy: "{{ DOCKER_RESTART_POLICY }}"
healthcheck:
test: "/usr/bin/mariadb --user=root --password={{ mariadb_root_pwd }} --execute \"SHOW DATABASES;\""
interval: 10s

3
roles/svc-db-postgres/tasks/main.yml
View File

@ -25,6 +25,9 @@
- include_tasks: utils/run_once.yml
when: run_once_svc_db_postgres is not defined
- name: "Ensure that {{ docker_compose.directories.instance }} is up"
include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/helpers/ensure.yml"
- name: "Initialize database for '{{ database_name }}'"
include_tasks: init.yml
when: "{{ postgres_init }}"

2
roles/svc-db-redis/README.md
View File

@ -25,7 +25,7 @@ Include this snippet in your top-level `docker-compose.yml.j2` where you want Re
Sets container name (`{{ application_id }}-redis`).
- **Restart policy**
Controlled by `docker_restart_policy`.
Controlled by `DOCKER_RESTART_POLICY`.
- **Journald logging**
Ensures logs are captured by systemds journal.

2
roles/svc-db-redis/templates/service.yml.j2
View File

@ -4,7 +4,7 @@
redis:
image: "{{ redis_image }}:{{ redis_version }}"
container_name: {{ application_id | get_entity_name }}-redis
restart: {{ docker_restart_policy }}
restart: {{ DOCKER_RESTART_POLICY }}
logging:
driver: journald
volumes:

4
roles/web-app-espocrm/templates/docker-compose.yml.j2
View File

@ -13,7 +13,7 @@
daemon:
image: "{{ espocrm_image }}:{{ espocrm_version }}"
restart: {{docker_restart_policy}}
restart: {{DOCKER_RESTART_POLICY}}
logging:
driver: journald
entrypoint: docker-daemon.sh
@ -23,7 +23,7 @@
websocket:
image: "{{ espocrm_image }}:{{ espocrm_version }}"
restart: {{docker_restart_policy}}
restart: {{DOCKER_RESTART_POLICY}}
logging:
driver: journald
environment:

2
roles/web-app-jenkins/templates/docker-compose.yml.j2
View File

@ -1,7 +1,7 @@
{% include 'roles/docker-compose/templates/base.yml.j2' %}
application:
image: jenkins/jenkins:lts
restart: "{{docker_restart_policy}}"
restart: "{{DOCKER_RESTART_POLICY}}"
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:8080"
volumes:

19
roles/web-app-keycloak/tasks/01_import.yml Normal file
View File

@ -0,0 +1,19 @@
- name: "load variables from {{ DOCKER_VARS_FILE }}"
include_vars: "{{ DOCKER_VARS_FILE }}"
- name: Set the directory to which keycloack import files will be copied on host
set_fact:
keycloak_host_import_directory: "{{ docker_compose.directories.volumes }}import/"
- name: "create directory {{keycloak_host_import_directory}}"
file:
path: "{{keycloak_host_import_directory}}"
state: directory
mode: 0755
- name: "Copy import files to {{ keycloak_host_import_directory }}"
template:
src: "{{ item }}"
dest: "{{ keycloak_host_import_directory }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
mode: '770'
loop: "{{ lookup('fileglob', '{{ role_path }}/templates/import/*.j2', wantlist=True) }}"

19
roles/web-app-keycloak/tasks/main.yml
View File

@ -1,22 +1,11 @@
---
- name: "create import files for {{application_id}}"
include_tasks: 01_import.yml
- name: "load docker, db and proxy for {{application_id}}"
include_role:
name: cmp-db-docker-proxy
- name: "create directory {{keycloak_host_import_directory}}"
file:
path: "{{keycloak_host_import_directory}}"
state: directory
mode: 0755
- name: "Copy import files to {{ keycloak_host_import_directory }}"
template:
src: "{{ item }}"
dest: "{{ keycloak_host_import_directory }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
mode: '770'
loop: "{{ lookup('fileglob', '{{ role_path }}/templates/import/*.j2', wantlist=True) }}"
notify: docker compose up
# Deactivated temporary. Import now via realm.yml
#- name: Implement SSH Public Key Attribut
# include_tasks: attributes/ssh_public_key.yml
# include_tasks: attributes/ssh_public_key.yml

3
roles/web-app-keycloak/vars/main.yml
View File

@ -4,7 +4,6 @@ database_type: "postgres"
# Keycloak Specific
keycloak_container: "{{ applications | get_app_conf(application_id, 'docker.services.keycloak.name', True) }}" # Name of the keycloack docker container
keycloak_host_import_directory: "{{ docker_compose.directories.volumes }}import/" # Directory in which keycloack import files are placed on the host
keycloak_docker_import_directory: "/opt/keycloak/data/import/" # Directory in which keycloack import files are placed in the running docker container
keycloak_realm: "{{ primary_domain}}" # This is the name of the default realm which is used by the applications
keycloak_administrator: "{{ applications | get_app_conf(application_id, 'users.administrator', True) }}" # Master Administrator
@ -20,4 +19,4 @@ keycloak_import_realm: "{{ applications | get_app_conf(application_id
keycloak_debug_enabled: "{{ enable_debug }}"
# Docker
docker_compose_flush_handlers: false # Copy realm import etc. before flush
docker_compose_flush_handlers: true # Remember to copy realm import before flushg when set to true

2
roles/web-app-mailu/templates/docker-compose.yml.j2
View File

@ -82,7 +82,7 @@
container_name: {{mailu_name}}_oletools
image: {{docker_source}}/oletools:{{ mailu_version }}
hostname: oletools
restart: {{docker_restart_policy}}
restart: {{DOCKER_RESTART_POLICY}}
depends_on:
- resolver
dns:

8
roles/web-app-matrix/templates/docker-compose.yml.j2
View File

@ -3,7 +3,7 @@
{% set container_port = 8008 %}
image: "{{ matrix_synapse_image }}:{{ matrix_synapse_version }}"
container_name: {{ matrix_synapse_name }}
restart: {{docker_restart_policy}}
restart: {{DOCKER_RESTART_POLICY}}
logging:
driver: journald
volumes:
@ -32,7 +32,7 @@
{% set container_port = 80 %}
image: "{{ matrix_element_image }}:{{ matrix_element_version }}"
container_name: {{ matrix_element_name }}
restart: {{docker_restart_policy}}
restart: {{DOCKER_RESTART_POLICY}}
volumes:
- ./element-config.json:/app/config.json
ports:
@ -44,7 +44,7 @@
mautrix-{{item.bridge_name}}:
container_name: matrix-{{item.bridge_name}}
image: dock.mau.dev/mautrix/{{ item.bridge_name }}:latest
restart: {{docker_restart_policy}}
restart: {{DOCKER_RESTART_POLICY}}
volumes:
- ./mautrix/{{item.bridge_name}}:/data
healthcheck:
@ -56,7 +56,7 @@
{% endfor %}
{% if applications | get_app_conf(application_id, 'plugins.chatgpt', True) | bool %}
matrix-chatgpt-bot:
restart: {{docker_restart_policy}}
restart: {{DOCKER_RESTART_POLICY}}
container_name: matrix-chatgpt
image: ghcr.io/matrixgpt/matrix-chatgpt-bot:latest
volumes:

4
roles/web-app-mybb/templates/docker-compose.yml.j2
View File

@ -6,7 +6,7 @@
tag: "mybb_application"
image: {{ mybb_image }}:{{ mybb_version }}
container_name: {{ mybb_name }}
restart: {{docker_restart_policy}}
restart: {{DOCKER_RESTART_POLICY}}
volumes:
- data:/var/www/html
{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
@ -18,7 +18,7 @@
options:
tag: "mybb_server"
image: nginx:mainline
restart: {{docker_restart_policy}}
restart: {{DOCKER_RESTART_POLICY}}
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
volumes:

4
roles/web-app-nextcloud/templates/docker-compose.yml.j2
View File

@ -37,7 +37,7 @@
container_name: "{{ nextcloud_proxy_name }}"
logging:
driver: journald
restart: {{docker_restart_policy}}
restart: {{DOCKER_RESTART_POLICY}}
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
volumes:
@ -53,7 +53,7 @@
cron:
container_name: "{{ nextcloud_cron_name }}"
image: "{{ nextcloud_image }}:{{ nextcloud_version }}"
restart: {{docker_restart_policy}}
restart: {{DOCKER_RESTART_POLICY}}
logging:
driver: journald
volumes:

2
roles/web-app-oauth2-proxy/templates/container.yml.j2
View File

@ -1,7 +1,7 @@
{% if applications | get_app_conf(application_id, 'features.oauth2', False) %}
oauth2-proxy:
image: quay.io/oauth2-proxy/oauth2-proxy:{{applications['web-app-oauth2-proxy'].version}}
restart: {{docker_restart_policy}}
restart: {{DOCKER_RESTART_POLICY}}
command: --config /oauth2-proxy.cfg
hostname: oauth2-proxy
ports:

2
roles/web-app-port-ui/tasks/main.yml
View File

@ -62,4 +62,4 @@
notify: docker compose up
- include_tasks: utils/run_once.yml
when: run_once_web_app_port_ui is not defined
when: run_once_web_app_port_ui is not defined

2
roles/web-app-roulette-wheel/templates/docker-compose.yml.j2
View File

@ -5,6 +5,6 @@
context: .
ports:
- 127.0.0.1:{{ports.localhost.http[application_id]}}:8080
restart: {{docker_restart_policy}}
restart: {{DOCKER_RESTART_POLICY}}
{% include 'roles/docker-compose/templates/networks.yml.j2' %}

5
roles/web-svc-cdn/tasks/main.yml
View File

@ -17,4 +17,7 @@
- name: run the web svc cdn tasks once
set_fact:
run_once_web_svc_cdn: true
when: run_once_web_svc_cdn is not defined
when: run_once_web_svc_cdn is not defined
- name: "Ensure that {{ docker_compose.directories.instance }} is up"
include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/helpers/ensure.yml"

8
tasks/utils/run_once.yml
View File

@ -1,6 +1,14 @@
---
# This is necessary to flush the handlers before the when is set, because otherwise the when will be attached to the handlers
- name: "Ensure that {{ docker_compose.directories.instance }} is up"
# This is a little hack to guaranty that the docker containers are allways up
# It isn't the cleanest solution to have it here but it should fullfill their purpose
include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/04_ensure_up.yml"
when:
- docker_compose is defined
- (application_id | get_entity_name) == (docker_compose.directories.instance | basename)
- meta: flush_handlers
- name: Set “run-once” fact for role {{ role_name }}