From af3767fdfa51d763e6f0abaf6a6c6f4e9716f958 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Wed, 9 Jul 2025 10:17:32 +0200 Subject: [PATCH] General optimations --- Makefile | 15 +- docs/guides/developer/Role_Creation.md | 182 ----------- roles/README.md | 29 +- roles/alert-email/meta/main.yml | 1 + roles/alert-telegram/meta/main.yml | 3 +- roles/bkp-docker-to-local/tasks/main.yml | 36 +-- roles/bkp-docker-to-local/tasks/reset.yml | 4 + .../tasks/seed-database-to-backup.yml | 6 +- roles/bkp-docker-to-local/vars/main.yml | 1 + roles/bkp-remote-to-local/meta/main.yml | 1 + roles/bkp-remote-to-local/tasks/main.yml | 2 +- roles/cln-backups-service/meta/main.yml | 1 + roles/cln-backups-timer/meta/main.yml | 1 + roles/cln-certs/meta/main.yml | 1 + roles/cln-certs/tasks/main.yml | 2 +- roles/cln-disc-space/meta/main.yml | 1 + roles/cln-disc-space/tasks/main.yml | 2 +- .../meta/main.yml | 4 +- roles/cln-domains/meta/main.yml | 3 +- roles/cln-failed-docker-backups/meta/main.yml | 1 + .../cln-failed-docker-backups/tasks/main.yml | 24 +- roles/cln-failed-docker-backups/vars/main.yml | 1 + roles/core-daemon/README.md | 24 ++ roles/core-daemon/meta/main.yml | 19 ++ roles/core-daemon/tasks/main.yml | 8 + roles/core-daemon/tasks/reset.yml | 28 ++ roles/docker-compose/handlers/main.yml | 9 - roles/docker-compose/tasks/main.yml | 10 +- roles/docker-compose/tasks/reset.yml | 11 + roles/docker-compose/vars/main.yml | 1 + roles/drv-msi-keyboard-color/tasks/main.yml | 2 +- roles/gen-timer/tasks/main.yml | 11 +- roles/gen-timer/tasks/reset.yml | 26 ++ .../maint-btrfs-auto-balancer/tasks/main.yml | 2 +- roles/maint-docker-heal/tasks/main.yml | 2 +- roles/maint-docker-restart/tasks/main.yml | 2 +- roles/mon-bot-btrfs/tasks/main.yml | 2 +- roles/mon-bot-disc-space/tasks/main.yml | 2 +- roles/mon-bot-docker-container/tasks/main.yml | 2 +- roles/mon-bot-docker-volumes/tasks/main.yml | 2 +- roles/mon-bot-journalctl/tasks/main.yml | 2 +- roles/mon-bot-msmtp/tasks/main.yml | 2 +- roles/mon-bot-webserver/tasks/main.yml | 2 +- roles/srv-web-core/handlers/main.yml | 13 +- roles/srv-web-core/tasks/main.yml | 26 +- roles/srv-web-core/tasks/reset.yml | 4 + roles/srv-web-tls-renew/tasks/main.yml | 2 +- .../templates/docker-compose.yml.j2 | 4 +- roles/svc-openldap/vars/main.yml | 2 +- roles/web-app-discourse/tasks/main.yml | 21 +- roles/web-app-discourse/tasks/reset.yml | 14 + roles/web-app-portfolio/meta/main.yml | 2 +- roles/web-app-roulette-wheel/meta/main.yml | 2 + roles/web-app-sphinx/meta/main.yml | 4 +- roles/web-svc-html/meta/main.yml | 2 + roles/web-svc-legal/README.md | 7 +- .../README.md | 0 .../config/main.yml | 2 +- .../meta/main.yml | 0 .../tasks/main.yml | 0 .../templates/Dockerfile.j2 | 0 .../templates/docker-compose.yml.j2 | 0 .../templates/env.j2 | 0 .../templates/package.json.j2 | 0 .../templates/server.js.j2 | 0 .../vars/main.yml | 0 tasks/plays/01_constructor.yml | 5 +- tasks/plays/02_personal-computer.yml | 1 - tasks/plays/02_server.yml | 2 +- tasks/utils/.gitignore | 2 +- tasks/utils/web-app-roles.yml | 300 ------------------ tests/integration/test_mode_reset.py | 90 ++++++ 72 files changed, 377 insertions(+), 618 deletions(-) delete mode 100644 docs/guides/developer/Role_Creation.md create mode 100644 roles/bkp-docker-to-local/tasks/reset.yml create mode 100644 roles/bkp-docker-to-local/vars/main.yml create mode 100644 roles/cln-failed-docker-backups/vars/main.yml create mode 100644 roles/core-daemon/README.md create mode 100644 roles/core-daemon/meta/main.yml create mode 100644 roles/core-daemon/tasks/main.yml create mode 100644 roles/core-daemon/tasks/reset.yml create mode 100644 roles/docker-compose/tasks/reset.yml create mode 100644 roles/gen-timer/tasks/reset.yml create mode 100644 roles/srv-web-core/tasks/reset.yml create mode 100644 roles/web-app-discourse/tasks/reset.yml rename roles/{web-app-simpleicons => web-svc-simpleicons}/README.md (100%) rename roles/{web-app-simpleicons => web-svc-simpleicons}/config/main.yml (92%) rename roles/{web-app-simpleicons => web-svc-simpleicons}/meta/main.yml (100%) rename roles/{web-app-simpleicons => web-svc-simpleicons}/tasks/main.yml (100%) rename roles/{web-app-simpleicons => web-svc-simpleicons}/templates/Dockerfile.j2 (100%) rename roles/{web-app-simpleicons => web-svc-simpleicons}/templates/docker-compose.yml.j2 (100%) rename roles/{web-app-simpleicons => web-svc-simpleicons}/templates/env.j2 (100%) rename roles/{web-app-simpleicons => web-svc-simpleicons}/templates/package.json.j2 (100%) rename roles/{web-app-simpleicons => web-svc-simpleicons}/templates/server.js.j2 (100%) rename roles/{web-app-simpleicons => web-svc-simpleicons}/vars/main.yml (100%) delete mode 100644 tasks/utils/web-app-roles.yml create mode 100644 tests/integration/test_mode_reset.py diff --git a/Makefile b/Makefile index ffd879c6..3d9ca837 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ APPLICATIONS_OUT := ./group_vars/all/04_applications.yml APPLICATIONS_SCRIPT := ./cli/generate_applications.py USERS_OUT := ./group_vars/all/03_users.yml USERS_SCRIPT := ./cli/generate_users.py -INCLUDES_OUT := ./tasks/utils/web-app-roles.yml +INCLUDES_OUT := ./tasks/utils/server-roles.yml INCLUDES_SCRIPT := ./cli/generate_playbook.py EXTRA_USERS := $(shell \ @@ -24,12 +24,19 @@ build: @echo "🔧 Generating users defaults → $(USERS_OUT) from roles in $(ROLES_DIR)
" @echo "🔧 Generating Docker role includes → $(INCLUDES_OUT)
" @mkdir -p $(dir $(INCLUDES_OUT)) - python3 $(INCLUDES_SCRIPT) $(ROLES_DIR) -o $(INCLUDES_OUT) -p web-app- -p svc-openldap -p svc-rdbms-postgres -p svc-rdbms-mariadb + python3 $(INCLUDES_SCRIPT) $(ROLES_DIR) -o $(INCLUDES_OUT) \ + -p web-app \ + -p web-svc \ + -p svc-openldap \ + -p svc-rdbms-postgres \ + -p svc-rdbms-mariadb @echo "✅ Docker role includes written to $(INCLUDES_OUT)" install: build @echo "⚙ Install complete." test: - @echo "đŸ§Ș Running Tests..." - python -m unittest discover -s tests \ No newline at end of file + @echo "đŸ§Ș Running Python Tests..." + python -m unittest discover -s tests + @echo "📑 Syntax Checking Ansible Playbook..." + ansible-playbook playbook.yml --syntax-check diff --git a/docs/guides/developer/Role_Creation.md b/docs/guides/developer/Role_Creation.md deleted file mode 100644 index 076156e8..00000000 --- a/docs/guides/developer/Role_Creation.md +++ /dev/null @@ -1,182 +0,0 @@ -### *Guide to Create a New Docker Role for CyMaIS - -This guide will walk you through the steps to add a new Docker role for a service (in this case, `my_service`) in **CyMaIS**. We will cover where to add the application settings, domain, and other required configuration to ensure that your new service is correctly integrated into the CyMaIS environment. - ---- - -### **1. Define the Application Configuration in `templates/vars/applications.yml.j2`** - -First, you'll need to add the default configuration for your new service under the `defaults_applications` section in `templates/vars/applications.yml.j2`. - -#### **Steps:** -- Open `templates/vars/applications.yml.j2` -- Add the configuration for `my_service` under the `defaults_applications` section. - -```yaml -defaults_applications: - - ## My Service Configuration - my_service: - version: "latest" - features: # Version of the service - matomo: true # Enable Matomo tracking for analytics - css: true # Enable or disable global CSS styling - portfolio_iframe: false # Allow embedding the landing page in an iframe (if true) - database: true # Enable central database integration - ldap: true # Enable ldap integration - oauth2: true # Enable oauth2 proxy - oidc: true # Enable oidc -``` - ---- - -### **2. Add the Domain for `my_service` in `group_vars/all/03_domains.yml`** - -Next, define the domain for your service in the `group_vars/all/03_domains.yml` file. The domain should be dynamic, using the `{{ primary_domain }}` placeholder, which will automatically resolve to the correct domain based on the primary domain used for your environment. - -#### **Steps:** -- Open `group_vars/all/03_domains.yml` -- Add the domain for `my_service`. - -```yaml -defaults_domains: - # Other services... - my_service: "slides.{{ primary_domain }}" # Domain for the new service -``` - ---- - -### **3. Set the Application ID in `vars/main.yml`** - -In the `vars/main.yml` file, set the `application_id` to `my_service`. This step is essential as it allows CyMaIS to correctly reference and configure the new service when deploying it via Docker. - -#### **Steps:** -- Open `vars/main.yml` -- Add the `application_id` for the new service. - -```yaml -application_id: "my_service" # Set the application ID for the service -``` - ---- - -### **4. Create the Docker Role for the New Service** - -Now that you have defined the application settings, domain, and application ID, you need to create a Docker role that will build and run the containerized version of `my_service`. - -#### **Steps:** -- Create a new directory under the `roles` directory, e.g., `roles/web-app-my_service`. -- Inside the `web-app-my_service` role, create the following files: - -1. **`README.md`**: - - Provide documentation on the new service and how it works within CyMaIS. - -2. **`tasks/main.yml`**: - - Define the tasks for building and running the Docker container for `my_service`. - - Example `tasks/main.yml`: - ```yaml - --- - # Docker Routines for my_service - - name: "include docker-compose role" - include_role: - name: docker-compose - - - name: install cymais-my_service - command: - cmd: "pkgmgr install cymais-my_service --clone-mode https" - notify: docker compose project build and setup - - - name: Get path of cymais-my_service using pkgmgr - command: pkgmgr path cymais-my_service - register: path_cymais_my_service_output - - - name: "include role srv-web-proxy-domain for {{ application_id }}" - include_role: - name: srv-web-proxy-domain - vars: - domain: "{{ domains | get_domain(application_id) }}" - http_port: "{{ ports.localhost.http[application_id] }}" - ``` - -3. **`docker-compose.yml.j2`**: - - Define the `docker-compose.yml` template for building and running the Docker container for the new service. - - Example `docker-compose.yml.j2`: - ```yaml - services: - my_service: - build: - context: {{ path_cymais_my_service_output.stdout }} - dockerfile: {{ path_cymais_my_service_output.stdout }}/Dockerfile - ports: - - "127.0.0.1:{{ ports.localhost.http[application_id] }}:5000" - volumes: - - {{ path_cymais_my_service_output.stdout }}:/app - - {{ path_cymais_output.stdout }}:/source - ``` - -4. **`vars/main.yml`**: - - Define any specific variables for `my_service`. - - Example `vars/main.yml`: - ```yaml - application_id: "my_service" - ``` - -5. **`meta/main.yml`**: - - Add metadata for your new role. - - Example `meta/main.yml`: - ```yaml - galaxy_info: - author: "Your Name" - description: "Docker role to deploy and manage my_service within CyMaIS." - license: "CyMaIS NonCommercial License (CNCL)" - company: "Your Company" - min_ansible_version: "2.9" - platforms: - - name: Docker - versions: - - all - - name: Linux - versions: - - all - repository: "https://github.com/yourrepo/my_service" - documentation: "https://yourdocumentationlink" - ``` - ---- - -### **5. Test the Configuration** - -Once you have defined the Docker role, configuration settings, and other necessary files, it is essential to test your changes: - -#### **Steps:** -- Run the Ansible playbook for deploying your new service. -- Check if `my_service` is correctly deployed and if the domain is resolving as expected. -- Verify that the application is accessible via the assigned port (e.g., `http://slides.{{ primary_domain }}:5000`). - ---- - -### **6. Additional Steps for Integration** - -- You can add additional configurations or adjust existing settings based on the requirements for `my_service`. For instance: - - Modify the health check settings in the `docker-compose.yml` template. - - Update Nginx or other web servers to properly route traffic to your new service. - ---- - -### **Conclusion** - -By following this guide, you have successfully added a new Dockerized service (`my_service`) to the CyMaIS platform. You have: -- Configured the service settings in `templates/vars/applications.yml.j2` -- Added the domain for the service in `group_vars/all/03_domains.yml` -- Set the `application_id` in `vars/main.yml` -- Created the necessary Docker role for managing `my_service`. - -This process allows you to extend the functionality of CyMaIS with new services while maintaining a consistent and reproducible deployment workflow. - ---- - -For any further details or troubleshooting, please consult the official CyMaIS documentation or reach out to the CyMaIS community for assistance. \ No newline at end of file diff --git a/roles/README.md b/roles/README.md index 3969d2f0..8f9520da 100644 --- a/roles/README.md +++ b/roles/README.md @@ -18,7 +18,7 @@ For a complete list of role categories and detailed definitions, see: Generic helpers and language/tool installers (e.g. `gen-git`, `gen-locales`, `gen-timer`) - **desk-*** - Desktop environment and application roles (e.g. `desk-gnome`, `utils-desk-browser`, `desk-libreoffice`) + Desktop environment and application roles (e.g. `desk-gnome`, `desk-browser`, `desk-libreoffice`) --- @@ -28,7 +28,7 @@ For a complete list of role categories and detailed definitions, see: Installs and configures the base Nginx server. - **srv-web-tls-*** - Manages TLS certificates and renewal (formerly “https”). + Manages TLS certificates and renewal (formerly “https”; e.g. `srv-web-tls-deploy`, `srv-web-tls-renew`). - **srv-web-proxy-*** Proxy and vhost orchestration roles (domain setup, OAuth2 proxy, etc.) @@ -43,43 +43,43 @@ For a complete list of role categories and detailed definitions, see: Static‐content servers (assets, HTML, legal pages, file hosting). - **web-app-*** - Application-specific Docker/Compose roles (e.g. GitLab, Nextcloud, Mastodon). + Application-specific Docker/Compose roles (e.g. GitLab, Nextcloud, Mastodon, Redis). --- ## Network - **net-*** - Network infrastructure (DNS records, WireGuard, Let’s Encrypt entrypoints). + Network infrastructure (DNS records, Let’s Encrypt HTTP entrypoints, WireGuard, etc.) - **svc-*** - Docker‐deployed services that aren’t “apps” (RDBMS, LDAP, Redis, OpenLDAP). + Docker-deployed services that aren’t “apps” (RDBMS, LDAP, Redis, OpenLDAP). --- ## Monitoring & Alerting - **mon-bot-*** - “Bot”-style health checks with alerts via Telegram, email, etc. + “Bot”-style health checks (Btrfs, disk‐space, Docker, journalctl, CSP crawler, webserver) with alerts. - **monitor-core-*** - Low-level system monitors (journalctl, Docker containers, disk space). + Low-level system monitors (journalctl, Docker containers, disk space, etc.) - **alert-*** - Failure or status notification handlers (core, email, Telegram). + Notification handlers for failures (core, email, Telegram). --- ## Maintenance & Healing - **maint-*** - Periodic maintenance tasks (Btrfs balancing, swapfile management). + Periodic maintenance tasks (Btrfs balancing, swapfile management, etc.) - **maint-docker-*** Automated recovery and restarts for Docker Compose workloads. - **cln-*** - Housekeeping tasks (old backups, certs, log rotation). + Housekeeping tasks (old backups, expired certs, log rotation). --- @@ -96,7 +96,7 @@ For a complete list of role categories and detailed definitions, see: Keeps OS and language packages up to date (`update-apt`, `update-docker`, `update-pip`, etc.) - **pkgmgr-*** - Language or platform package managers (npm, pip, AUR helper). + Language or platform package managers (npm, pip, AUR helper, etc.) --- @@ -106,14 +106,15 @@ For a complete list of role categories and detailed definitions, see: Creates user accounts and SSH keys. - **user-administrator**, **user-root** - Specialized account configurations for privileged users. + Specialized configurations for privileged users. --- > **Tip:** To find a role quickly, search for its prefix: > `core-`, `gen-`, `desk-`, `srv-web-`, `web-svc-`, `web-app-`, -> `net-`, `svc-`, `monitor-`, `alert-`, `maint-`, `cln-`, -> `bkp-`, `update-`, `pkgmgr-`, `user-`. +> `net-`, `svc-`, `mon-bot-`, `monitor-core-`, `alert-`, +> `maint-`, `maint-docker-`, `cln-`, `bkp-`, `update-`, +> `pkgmgr-`, `user-`. --- diff --git a/roles/alert-email/meta/main.yml b/roles/alert-email/meta/main.yml index 6ff3fafe..b33d669f 100644 --- a/roles/alert-email/meta/main.yml +++ b/roles/alert-email/meta/main.yml @@ -24,3 +24,4 @@ galaxy_info: documentation: "https://s.veen.world/cymais" dependencies: - gen-msmtp + - core-daemon diff --git a/roles/alert-telegram/meta/main.yml b/roles/alert-telegram/meta/main.yml index 5c8cacfa..bffccf4f 100644 --- a/roles/alert-telegram/meta/main.yml +++ b/roles/alert-telegram/meta/main.yml @@ -22,4 +22,5 @@ galaxy_info: repository: "https://s.veen.world/cymais" issue_tracker_url: "https://s.veen.world/cymaisissues" documentation: "https://s.veen.world/cymais" -dependencies: [] +dependencies: + - core-daemon diff --git a/roles/bkp-docker-to-local/tasks/main.yml b/roles/bkp-docker-to-local/tasks/main.yml index f0df0730..fe0c79f7 100644 --- a/roles/bkp-docker-to-local/tasks/main.yml +++ b/roles/bkp-docker-to-local/tasks/main.yml @@ -2,57 +2,55 @@ include_role: name: pkgmgr-install vars: - package_name: bkp-docker-to-local - when: run_once_backup_docker_to_local is not defined + package_name: "{{ bkp_docker_to_local_pkg }}" + when: run_once_bkp_docker_to_local is not defined -- name: Retrieve bkp-docker-to-local path from pkgmgr - command: pkgmgr path bkp-docker-to-local +- name: "Retrieve {{ bkp_docker_to_local_pkg }} path from pkgmgr" + command: "pkgmgr path {{ bkp_docker_to_local_pkg }}" register: pkgmgr_output changed_when: false - when: run_once_backup_docker_to_local is not defined + when: run_once_bkp_docker_to_local is not defined - name: Set fact for backup_docker_to_local_folder set_fact: backup_docker_to_local_folder: "{{ pkgmgr_output.stdout }}/" changed_when: false - when: run_once_backup_docker_to_local is not defined + when: run_once_bkp_docker_to_local is not defined + +- name: "reset (if enabled)" + include_tasks: reset.yml + when: mode_reset | bool and run_once_bkp_docker_to_local is not defined - name: configure bkp-docker-to-local-everything.cymais.service template: src: bkp-docker-to-local-everything.service.j2 dest: /etc/systemd/system/bkp-docker-to-local-everything.cymais.service notify: reload bkp-docker-to-local-everything.cymais.service - when: run_once_backup_docker_to_local is not defined + when: run_once_bkp_docker_to_local is not defined - name: configure bkp-docker-to-local.cymais.service template: src: bkp-docker-to-local.service.j2 dest: /etc/systemd/system/bkp-docker-to-local.cymais.service notify: reload bkp-docker-to-local.cymais.service - when: run_once_backup_docker_to_local is not defined + when: run_once_bkp_docker_to_local is not defined -- name: set service_name to the name of the current role +- name: "set 'service_name' to '{{ role_name }}'" set_fact: service_name: "{{ role_name }}" - when: run_once_backup_docker_to_local is not defined + when: run_once_bkp_docker_to_local is not defined - name: "include role for gen-timer for {{service_name}}" include_role: name: gen-timer vars: on_calendar: "{{on_calendar_backup_docker_to_local}}" - when: run_once_backup_docker_to_local is not defined - -- name: "reset {{ backup_docker_to_local_folder }}databases.csv" - file: - path: "{{ backup_docker_to_local_folder }}databases.csv" - state: absent - when: mode_reset | bool and run_once_backup_docker_to_local is not defined + when: run_once_bkp_docker_to_local is not defined - name: "include seed-database-to-backup.yml" include_tasks: seed-database-to-backup.yml - name: run the backup_docker_to_local tasks once set_fact: - run_once_backup_docker_to_local: true - when: run_once_backup_docker_to_local is not defined + run_once_bkp_docker_to_local: true + when: run_once_bkp_docker_to_local is not defined diff --git a/roles/bkp-docker-to-local/tasks/reset.yml b/roles/bkp-docker-to-local/tasks/reset.yml new file mode 100644 index 00000000..5f7cc8d9 --- /dev/null +++ b/roles/bkp-docker-to-local/tasks/reset.yml @@ -0,0 +1,4 @@ +- name: "reset {{ backup_docker_to_local_folder }}databases.csv" + file: + path: "{{ backup_docker_to_local_folder }}databases.csv" + state: absent \ No newline at end of file diff --git a/roles/bkp-docker-to-local/tasks/seed-database-to-backup.yml b/roles/bkp-docker-to-local/tasks/seed-database-to-backup.yml index 6a186e91..3136342a 100644 --- a/roles/bkp-docker-to-local/tasks/seed-database-to-backup.yml +++ b/roles/bkp-docker-to-local/tasks/seed-database-to-backup.yml @@ -51,10 +51,10 @@ database_name is defined and database_username is defined and database_password is defined) and - run_once_backup_docker_to_local_file_permission is not defined + run_once_bkp_docker_to_local_file_permission is not defined register: file_permission_result - name: run the backup_docker_to_local_file_permission tasks once set_fact: - run_once_backup_docker_to_local_file_permission: true - when: run_once_backup_docker_to_local_file_permission is not defined and file_permission_result is defined and file_permission_result.changed \ No newline at end of file + run_once_bkp_docker_to_local_file_permission: true + when: run_once_bkp_docker_to_local_file_permission is not defined and file_permission_result is defined and file_permission_result.changed \ No newline at end of file diff --git a/roles/bkp-docker-to-local/vars/main.yml b/roles/bkp-docker-to-local/vars/main.yml new file mode 100644 index 00000000..50ba6abd --- /dev/null +++ b/roles/bkp-docker-to-local/vars/main.yml @@ -0,0 +1 @@ +bkp_docker_to_local_pkg: backup-docker-to-local \ No newline at end of file diff --git a/roles/bkp-remote-to-local/meta/main.yml b/roles/bkp-remote-to-local/meta/main.yml index 2ae1f767..cf73ef3c 100644 --- a/roles/bkp-remote-to-local/meta/main.yml +++ b/roles/bkp-remote-to-local/meta/main.yml @@ -31,3 +31,4 @@ dependencies: - cln-failed-docker-backups - maint-lock - user-root + - core-daemon diff --git a/roles/bkp-remote-to-local/tasks/main.yml b/roles/bkp-remote-to-local/tasks/main.yml index 54fce452..568ff34a 100644 --- a/roles/bkp-remote-to-local/tasks/main.yml +++ b/roles/bkp-remote-to-local/tasks/main.yml @@ -22,7 +22,7 @@ dest: "{{docker_backup_remote_to_local_folder}}backups-remote-to-local.sh" mode: 0755 -- name: set service_name to the name of the current role +- name: "set 'service_name' to '{{ role_name }}'" set_fact: service_name: "{{ role_name }}" diff --git a/roles/cln-backups-service/meta/main.yml b/roles/cln-backups-service/meta/main.yml index 2ba577fe..4f4575f3 100644 --- a/roles/cln-backups-service/meta/main.yml +++ b/roles/cln-backups-service/meta/main.yml @@ -25,3 +25,4 @@ dependencies: - gen-python-pip - alert-compose - maint-lock + - core-daemon diff --git a/roles/cln-backups-timer/meta/main.yml b/roles/cln-backups-timer/meta/main.yml index 75ae5ccd..b1a4e115 100644 --- a/roles/cln-backups-timer/meta/main.yml +++ b/roles/cln-backups-timer/meta/main.yml @@ -23,3 +23,4 @@ galaxy_info: documentation: "https://s.veen.world/cymais" dependencies: - cln-backups-service + - core-daemon diff --git a/roles/cln-certs/meta/main.yml b/roles/cln-certs/meta/main.yml index 6f63b8ec..9ee95b82 100644 --- a/roles/cln-certs/meta/main.yml +++ b/roles/cln-certs/meta/main.yml @@ -25,3 +25,4 @@ galaxy_info: dependencies: - alert-compose + - core-daemon diff --git a/roles/cln-certs/tasks/main.yml b/roles/cln-certs/tasks/main.yml index 50790703..a95ec484 100644 --- a/roles/cln-certs/tasks/main.yml +++ b/roles/cln-certs/tasks/main.yml @@ -12,7 +12,7 @@ notify: Reload and restart cln-certs.cymais.service when: run_once_cleanup_certs is not defined -- name: set service_name to the name of the current role +- name: "set 'service_name' to '{{ role_name }}'" set_fact: service_name: "{{ role_name }}" when: run_once_cleanup_certs is not defined diff --git a/roles/cln-disc-space/meta/main.yml b/roles/cln-disc-space/meta/main.yml index 9c72ffb2..039c9cb4 100644 --- a/roles/cln-disc-space/meta/main.yml +++ b/roles/cln-disc-space/meta/main.yml @@ -24,3 +24,4 @@ galaxy_info: dependencies: - alert-compose - maint-lock + - core-daemon diff --git a/roles/cln-disc-space/tasks/main.yml b/roles/cln-disc-space/tasks/main.yml index b434c2e8..78c8aab2 100644 --- a/roles/cln-disc-space/tasks/main.yml +++ b/roles/cln-disc-space/tasks/main.yml @@ -15,7 +15,7 @@ dest: /etc/systemd/system/cln-disc-space.cymais.service notify: reload cln-disc-space.cymais.service -- name: set service_name to the name of the current role +- name: "set 'service_name' to '{{ role_name }}'" set_fact: service_name: "{{ role_name }}" diff --git a/roles/cln-docker-anonymous-volumes/meta/main.yml b/roles/cln-docker-anonymous-volumes/meta/main.yml index f938690c..3ff67918 100644 --- a/roles/cln-docker-anonymous-volumes/meta/main.yml +++ b/roles/cln-docker-anonymous-volumes/meta/main.yml @@ -22,4 +22,6 @@ galaxy_info: - pkgmgr repository: "https://github.com/kevinveenbirkenbach/web-app-volume-cleaner" issue_tracker_url: "https://github.com/kevinveenbirkenbach/web-app-volume-cleaner/issues" - documentation: "https://github.com/kevinveenbirkenbach/web-app-volume-cleaner#readme" + documentation: "https://github.com/kevinveenbirkenbach/web-app-volume-cleaner" + dependencies: + - core-daemon diff --git a/roles/cln-domains/meta/main.yml b/roles/cln-domains/meta/main.yml index a2d7c0f3..5af49bd3 100644 --- a/roles/cln-domains/meta/main.yml +++ b/roles/cln-domains/meta/main.yml @@ -21,4 +21,5 @@ galaxy_info: issue_tracker_url: "https://s.veen.world/cymaisissues" documentation: "https://s.veen.world/cymais" dependencies: - - srv-web-core \ No newline at end of file + - srv-web-core + - core-daemon \ No newline at end of file diff --git a/roles/cln-failed-docker-backups/meta/main.yml b/roles/cln-failed-docker-backups/meta/main.yml index 368ec6cf..893f4eab 100644 --- a/roles/cln-failed-docker-backups/meta/main.yml +++ b/roles/cln-failed-docker-backups/meta/main.yml @@ -25,3 +25,4 @@ dependencies: - alert-compose - maint-lock - bkp-directory-validator + - core-daemon diff --git a/roles/cln-failed-docker-backups/tasks/main.yml b/roles/cln-failed-docker-backups/tasks/main.yml index 56b00f10..174d5ed0 100644 --- a/roles/cln-failed-docker-backups/tasks/main.yml +++ b/roles/cln-failed-docker-backups/tasks/main.yml @@ -2,41 +2,41 @@ include_role: name: pkgmgr-install vars: - package_name: cln-failed-docker-backups - when: run_once_cleanup_failed_docker_backups is not defined + package_name: "{{ cln_failed_docker_backups_pkg }}" + when: run_once_cln_failed_docker_backups is not defined -- name: Retrieve bkp-docker-to-local path from pkgmgr - command: pkgmgr path cln-failed-docker-backups +- name: "Retrieve {{ cln_failed_docker_backups_pkg }} path from pkgmgr" + command: "pkgmgr path {{ cln_failed_docker_backups_pkg }}" register: pkgmgr_output changed_when: false - when: run_once_cleanup_failed_docker_backups is not defined + when: run_once_cln_failed_docker_backups is not defined - name: Set fact for backup_docker_to_local_cleanup_script set_fact: backup_docker_to_local_cleanup_script: "{{ pkgmgr_output.stdout.rstrip('/') ~ '/cln-all.sh' }}" changed_when: false - when: run_once_cleanup_failed_docker_backups is not defined + when: run_once_cln_failed_docker_backups is not defined - name: configure cln-failed-docker-backups.cymais.service template: src: cln-failed-docker-backups.service.j2 dest: /etc/systemd/system/cln-failed-docker-backups.cymais.service notify: Reload cln-failed-docker-backups.cymais.service - when: run_once_cleanup_failed_docker_backups is not defined + when: run_once_cln_failed_docker_backups is not defined -- name: set service_name to the name of the current role +- name: "set 'service_name' to '{{ role_name }}'" set_fact: service_name: "{{ role_name }}" - when: run_once_cleanup_failed_docker_backups is not defined + when: run_once_cln_failed_docker_backups is not defined - name: "include role for gen-timer for {{service_name}}" include_role: name: gen-timer vars: on_calendar: "{{on_calendar_cleanup_failed_docker}}" - when: run_once_cleanup_failed_docker_backups is not defined + when: run_once_cln_failed_docker_backups is not defined - name: run the cleanup_failed_docker_backups tasks once set_fact: - run_once_cleanup_failed_docker_backups: true - when: run_once_cleanup_failed_docker_backups is not defined \ No newline at end of file + run_once_cln_failed_docker_backups: true + when: run_once_cln_failed_docker_backups is not defined \ No newline at end of file diff --git a/roles/cln-failed-docker-backups/vars/main.yml b/roles/cln-failed-docker-backups/vars/main.yml new file mode 100644 index 00000000..7df3fb2b --- /dev/null +++ b/roles/cln-failed-docker-backups/vars/main.yml @@ -0,0 +1 @@ +cln_failed_docker_backups_pkg: cleanup-failed-docker-backups \ No newline at end of file diff --git a/roles/core-daemon/README.md b/roles/core-daemon/README.md new file mode 100644 index 00000000..cbe7e7d7 --- /dev/null +++ b/roles/core-daemon/README.md @@ -0,0 +1,24 @@ +# Core Daemon Role + +This Ansible role handles resetting and cleaning up “CyMaIS” systemd service units for the core daemon. + +## Description + +When enabled via the `mode_reset` flag, this role will: + +1. Run its reset tasks exactly once per play (`run_once_core_daemon` guard). +2. Find all `/etc/systemd/system/*.cymais.service` units. +3. Stop and disable each unit. +4. Remove the unit files. +5. Reload the systemd daemon. + +## License + +This role is released under the CyMaIS NonCommercial License (CNCL). +See [license details](https://s.veen.world/cncl) + +## Author Information + +Kevin Veen-Birkenbach +Consulting & Coaching Solutions +[https://www.veen.world](https://www.veen.world) \ No newline at end of file diff --git a/roles/core-daemon/meta/main.yml b/roles/core-daemon/meta/main.yml new file mode 100644 index 00000000..f6bb5cbf --- /dev/null +++ b/roles/core-daemon/meta/main.yml @@ -0,0 +1,19 @@ +galaxy_info: + author: "Kevin Veen-Birkenbach" + description: "Role to reset and clean up CyMaIS systemd service units for the core daemon." + company: | + Kevin Veen-Birkenbach + Consulting & Coaching Solutions + https://www.veen.world + license: "CyMaIS NonCommercial License (CNCL)" + license_url: "https://s.veen.world/cncl" + min_ansible_version: "2.9" + galaxy_tags: + - systemd + - cleanup + - cymais + repository: "https://github.com/kevinveenbirkenbach/cymais" + issue_tracker_url: "https://github.com/kevinveenbirkenbach/cymais/issues" + documentation: "https://github.com/kevinveenbirkenbach/cymais/#core-daemon-role" + +dependencies: [] diff --git a/roles/core-daemon/tasks/main.yml b/roles/core-daemon/tasks/main.yml new file mode 100644 index 00000000..cbd0fd04 --- /dev/null +++ b/roles/core-daemon/tasks/main.yml @@ -0,0 +1,8 @@ +- name: "reset (if enabled)" + include_tasks: reset.yml + when: mode_reset | bool and run_once_core_daemon is not defined + +- name: run {{ role_name }} once + set_fact: + run_once_core_daemon: true + when: run_once_core_daemon is not defined \ No newline at end of file diff --git a/roles/core-daemon/tasks/reset.yml b/roles/core-daemon/tasks/reset.yml new file mode 100644 index 00000000..11f82fcf --- /dev/null +++ b/roles/core-daemon/tasks/reset.yml @@ -0,0 +1,28 @@ +- name: Find all cymais.service units + find: + paths: /etc/systemd/system + patterns: '*.cymais.service' + register: cymais_services + +- name: Disable and stop each cymais service + become: true + systemd: + name: "{{ item.path | basename }}" + enabled: no + state: stopped + loop: "{{ cymais_services.files }}" + loop_control: + label: "{{ item.path | basename }}" + +- name: Remove all cymais.service files + become: true + file: + path: "{{ item.path }}" + state: absent + loop: "{{ cymais_services.files }}" + loop_control: + label: "{{ item.path | basename }}" + +- name: Reload systemd daemon + become: true + command: systemctl daemon-reload diff --git a/roles/docker-compose/handlers/main.yml b/roles/docker-compose/handlers/main.yml index 2b6db519..73244334 100644 --- a/roles/docker-compose/handlers/main.yml +++ b/roles/docker-compose/handlers/main.yml @@ -1,13 +1,4 @@ --- -# It is necessary to shut the projects down, when reset is activated. -# Otherwise it can lead to this bug: -# https://github.com/ansible/ansible/issues/10244 -#- name: shut down docker compose project -# command: -# cmd: docker-compose -p "{{ application_id }}" down -# listen: docker compose up -# when: mode_reset | bool - - name: rebuild docker repository command: cmd: docker compose build diff --git a/roles/docker-compose/tasks/main.yml b/roles/docker-compose/tasks/main.yml index 02272040..9b1dd4bc 100644 --- a/roles/docker-compose/tasks/main.yml +++ b/roles/docker-compose/tasks/main.yml @@ -1,10 +1,8 @@ -- name: "Load variables from {{ role_path }}/vars/docker-compose.yml for whole play" - include_vars: "{{ role_path }}/vars/docker-compose.yml" +- name: "Load variables from {{ docker_compose_variable_file }} for whole play" + include_vars: "{{ docker_compose_variable_file }}" -- name: "Remove {{ docker_compose.directories.instance }} and all its contents" - file: - path: "{{ docker_compose.directories.instance }}" - state: absent +- name: "reset (if enabled)" + include_tasks: reset.yml when: mode_reset | bool # This could lead to problems in docker-compose directories which are based on a git repository diff --git a/roles/docker-compose/tasks/reset.yml b/roles/docker-compose/tasks/reset.yml new file mode 100644 index 00000000..0799fd54 --- /dev/null +++ b/roles/docker-compose/tasks/reset.yml @@ -0,0 +1,11 @@ +# It is necessary to shut the projects down, when reset is activated. +# Otherwise it can lead to this bug: +# https://github.com/ansible/ansible/issues/10244 +- name: shut down docker compose project + command: + cmd: "docker-compose -p {{ application_id }} down" + +- name: "Remove {{ docker_compose.directories.instance }} and all its contents" + file: + path: "{{ docker_compose.directories.instance }}" + state: absent \ No newline at end of file diff --git a/roles/docker-compose/vars/main.yml b/roles/docker-compose/vars/main.yml index e69de29b..c22ee039 100644 --- a/roles/docker-compose/vars/main.yml +++ b/roles/docker-compose/vars/main.yml @@ -0,0 +1 @@ +docker_compose_variable_file: "{{ role_path }}/vars/docker-compose.yml" \ No newline at end of file diff --git a/roles/drv-msi-keyboard-color/tasks/main.yml b/roles/drv-msi-keyboard-color/tasks/main.yml index 66615320..7dee8bf2 100644 --- a/roles/drv-msi-keyboard-color/tasks/main.yml +++ b/roles/drv-msi-keyboard-color/tasks/main.yml @@ -21,7 +21,7 @@ systemd: daemon_reload: yes -- name: set service_name to the name of the current role +- name: "set 'service_name' to '{{ role_name }}'" set_fact: service_name: "{{ role_name }}" diff --git a/roles/gen-timer/tasks/main.yml b/roles/gen-timer/tasks/main.yml index 42d95104..bdacfe39 100644 --- a/roles/gen-timer/tasks/main.yml +++ b/roles/gen-timer/tasks/main.yml @@ -1,3 +1,7 @@ +- name: "reset (if enabled)" + include_tasks: reset.yml + when: mode_reset | bool and run_once_gen_timer is not defined + - name: create {{service_name}}.cymais.timer template: src: dummy.timer.j2 @@ -10,4 +14,9 @@ name: "{{service_name}}.cymais.timer" state: restarted enabled: yes - when: dummy_timer.changed or activate_all_timers | bool \ No newline at end of file + when: dummy_timer.changed or activate_all_timers | bool + +- name: run {{ role_name }} once + set_fact: + run_once_gen_timer: true + when: run_once_gen_timer is not defined diff --git a/roles/gen-timer/tasks/reset.yml b/roles/gen-timer/tasks/reset.yml new file mode 100644 index 00000000..fc6d7287 --- /dev/null +++ b/roles/gen-timer/tasks/reset.yml @@ -0,0 +1,26 @@ +- name: Find all cymais.timer units + find: + paths: /etc/systemd/system + patterns: '*.cymais.timer' + register: cymais_timers + +- name: Disable and stop each cymais timer + systemd: + name: "{{ item.path | basename }}" + enabled: no + state: stopped + loop: "{{ cymais_timers.files }}" + loop_control: + label: "{{ item.path | basename }}" + +- name: Remove all cymais.timer files + file: + path: "{{ item.path }}" + state: absent + loop: "{{ cymais_timers.files }}" + loop_control: + label: "{{ item.path | basename }}" + +- name: Reload systemd daemon + command: systemctl daemon-reload + become: true diff --git a/roles/maint-btrfs-auto-balancer/tasks/main.yml b/roles/maint-btrfs-auto-balancer/tasks/main.yml index 7356cbce..6f3850b4 100644 --- a/roles/maint-btrfs-auto-balancer/tasks/main.yml +++ b/roles/maint-btrfs-auto-balancer/tasks/main.yml @@ -12,7 +12,7 @@ notify: reload maint-btrfs-auto-balancer.cymais.service when: run_once_system_btrfs_auto_balancer is not defined -- name: set service_name to the name of the current role +- name: "set 'service_name' to '{{ role_name }}'" set_fact: service_name: "{{ role_name }}" when: run_once_system_btrfs_auto_balancer is not defined diff --git a/roles/maint-docker-heal/tasks/main.yml b/roles/maint-docker-heal/tasks/main.yml index 0390aa09..212f0cac 100644 --- a/roles/maint-docker-heal/tasks/main.yml +++ b/roles/maint-docker-heal/tasks/main.yml @@ -19,7 +19,7 @@ notify: restart maint-docker-heal.cymais.service when: run_once_heal_docker is not defined -- name: set service_name to the name of the current role +- name: "set 'service_name' to '{{ role_name }}'" set_fact: service_name: "{{ role_name }}" when: run_once_heal_docker is not defined diff --git a/roles/maint-docker-restart/tasks/main.yml b/roles/maint-docker-restart/tasks/main.yml index 7e3402d8..e04dc951 100644 --- a/roles/maint-docker-restart/tasks/main.yml +++ b/roles/maint-docker-restart/tasks/main.yml @@ -16,7 +16,7 @@ dest: /etc/systemd/system/maint-docker-restart.cymais.service notify: "reload maint-docker-restart.cymais.service" - - name: set service_name to the name of the current role + - name: "set 'service_name' to '{{ role_name }}'" set_fact: service_name: "{{ role_name }}" diff --git a/roles/mon-bot-btrfs/tasks/main.yml b/roles/mon-bot-btrfs/tasks/main.yml index 765dd366..78289e47 100644 --- a/roles/mon-bot-btrfs/tasks/main.yml +++ b/roles/mon-bot-btrfs/tasks/main.yml @@ -15,7 +15,7 @@ dest: /etc/systemd/system/mon-bot-btrfs.cymais.service notify: reload mon-bot-btrfs.cymais.service -- name: set service_name to the name of the current role +- name: "set 'service_name' to '{{ role_name }}'" set_fact: service_name: "{{ role_name }}" diff --git a/roles/mon-bot-disc-space/tasks/main.yml b/roles/mon-bot-disc-space/tasks/main.yml index 6d49488e..423d8995 100644 --- a/roles/mon-bot-disc-space/tasks/main.yml +++ b/roles/mon-bot-disc-space/tasks/main.yml @@ -15,7 +15,7 @@ dest: /etc/systemd/system/mon-bot-disc-space.cymais.service notify: reload mon-bot-disc-space.cymais.service -- name: set service_name to the name of the current role +- name: "set 'service_name' to '{{ role_name }}'" set_fact: service_name: "{{ role_name }}" diff --git a/roles/mon-bot-docker-container/tasks/main.yml b/roles/mon-bot-docker-container/tasks/main.yml index 2d54b526..97da273d 100644 --- a/roles/mon-bot-docker-container/tasks/main.yml +++ b/roles/mon-bot-docker-container/tasks/main.yml @@ -18,7 +18,7 @@ notify: reload mon-bot-docker-container.cymais.service when: run_once_health_docker_container is not defined -- name: set service_name to the name of the current role +- name: "set 'service_name' to '{{ role_name }}'" set_fact: service_name: "{{ role_name }}" when: run_once_health_docker_container is not defined diff --git a/roles/mon-bot-docker-volumes/tasks/main.yml b/roles/mon-bot-docker-volumes/tasks/main.yml index de869075..0bd3e9c3 100644 --- a/roles/mon-bot-docker-volumes/tasks/main.yml +++ b/roles/mon-bot-docker-volumes/tasks/main.yml @@ -18,7 +18,7 @@ notify: reload mon-bot-docker-volumes.cymais.service when: run_once_health_docker_volumes is not defined -- name: set service_name to the name of the current role +- name: "set 'service_name' to '{{ role_name }}'" set_fact: service_name: "{{ role_name }}" when: run_once_health_docker_volumes is not defined diff --git a/roles/mon-bot-journalctl/tasks/main.yml b/roles/mon-bot-journalctl/tasks/main.yml index 9d657f67..2e6614e7 100644 --- a/roles/mon-bot-journalctl/tasks/main.yml +++ b/roles/mon-bot-journalctl/tasks/main.yml @@ -18,7 +18,7 @@ notify: reload mon-bot-journalctl.cymais.service when: run_once_health_journalctl is not defined -- name: set service_name to the name of the current role +- name: "set 'service_name' to '{{ role_name }}'" set_fact: service_name: "{{ role_name }}" when: run_once_health_journalctl is not defined diff --git a/roles/mon-bot-msmtp/tasks/main.yml b/roles/mon-bot-msmtp/tasks/main.yml index a8b235f2..ff0d1631 100644 --- a/roles/mon-bot-msmtp/tasks/main.yml +++ b/roles/mon-bot-msmtp/tasks/main.yml @@ -16,7 +16,7 @@ dest: /etc/systemd/system/mon-bot-msmtp.cymais.service notify: reload mon-bot-msmtp.cymais.service -- name: set service_name to the name of the current role +- name: "set 'service_name' to '{{ role_name }}'" set_fact: service_name: "{{ role_name }}" diff --git a/roles/mon-bot-webserver/tasks/main.yml b/roles/mon-bot-webserver/tasks/main.yml index 8303fb70..19557c81 100644 --- a/roles/mon-bot-webserver/tasks/main.yml +++ b/roles/mon-bot-webserver/tasks/main.yml @@ -24,7 +24,7 @@ notify: reload mon-bot-webserver.cymais.service when: run_once_health_nginx is not defined -- name: set service_name to the name of the current role +- name: "set 'service_name' to '{{ role_name }}'" set_fact: service_name: "{{ role_name }}" when: run_once_health_nginx is not defined diff --git a/roles/srv-web-core/handlers/main.yml b/roles/srv-web-core/handlers/main.yml index 16d81924..12e4e5cd 100644 --- a/roles/srv-web-core/handlers/main.yml +++ b/roles/srv-web-core/handlers/main.yml @@ -1,3 +1,14 @@ --- +- name: Validate Nginx configuration + command: nginx -t + register: nginx_test + changed_when: false + failed_when: nginx_test.rc != 0 + listen: restart nginx + - name: restart nginx - service: name=nginx state=restarted enabled=yes + service: + name: nginx + state: restarted + enabled: yes + listen: restart nginx diff --git a/roles/srv-web-core/tasks/main.yml b/roles/srv-web-core/tasks/main.yml index e07de921..37ab9086 100644 --- a/roles/srv-web-core/tasks/main.yml +++ b/roles/srv-web-core/tasks/main.yml @@ -6,14 +6,12 @@ - nginx-mod-stream state: present notify: restart nginx - when: run_once_nginx is not defined - -- name: "Delete {{nginx.directories.configuration}} directory, when mode_reset" - file: - path: "{{ nginx.directories.configuration }}" - state: absent - when: mode_reset | bool and run_once_nginx is not defined + when: run_once_srv_web_core is not defined +- name: "reset (if enabled)" + include_tasks: reset.yml + when: mode_reset | bool and run_once_srv_web_core is not defined + - name: Ensure nginx configuration directories are present file: path: "{{ item }}" @@ -28,7 +26,7 @@ (nginx.directories.http.values() | list) + [ nginx.directories.streams ] }} - when: run_once_nginx is not defined + when: run_once_srv_web_core is not defined - name: Ensure nginx data storage directories are present file: @@ -40,7 +38,7 @@ mode: '0755' loop: > {{ nginx.directories.data.values() | list }} - when: run_once_nginx is not defined + when: run_once_srv_web_core is not defined - name: "Include tasks to create cache directories" include_tasks: cache_directories.yml @@ -50,13 +48,13 @@ src: nginx.conf.j2 dest: /etc/nginx/nginx.conf notify: restart nginx - when: run_once_nginx is not defined + when: run_once_srv_web_core is not defined - name: flush nginx service meta: flush_handlers - when: run_once_nginx is not defined + when: run_once_srv_web_core is not defined -- name: run the nginx tasks once +- name: run {{ role_name }} once set_fact: - run_once_nginx: true - when: run_once_nginx is not defined + run_once_srv_web_core: true + when: run_once_srv_web_core is not defined diff --git a/roles/srv-web-core/tasks/reset.yml b/roles/srv-web-core/tasks/reset.yml new file mode 100644 index 00000000..b0b637ae --- /dev/null +++ b/roles/srv-web-core/tasks/reset.yml @@ -0,0 +1,4 @@ +- name: "Delete {{nginx.directories.configuration}} directory, when mode_reset" + file: + path: "{{ nginx.directories.configuration }}" + state: absent \ No newline at end of file diff --git a/roles/srv-web-tls-renew/tasks/main.yml b/roles/srv-web-tls-renew/tasks/main.yml index 809d9380..3afb5aa0 100644 --- a/roles/srv-web-tls-renew/tasks/main.yml +++ b/roles/srv-web-tls-renew/tasks/main.yml @@ -12,7 +12,7 @@ notify: reload certbot service when: run_once_nginx_certbot is not defined -- name: set service_name to the name of the current role +- name: "set 'service_name' to '{{ role_name }}'" set_fact: service_name: "{{ role_name }}" when: run_once_nginx_certbot is not defined diff --git a/roles/svc-openldap/templates/docker-compose.yml.j2 b/roles/svc-openldap/templates/docker-compose.yml.j2 index 6d343f16..f4549b76 100644 --- a/roles/svc-openldap/templates/docker-compose.yml.j2 +++ b/roles/svc-openldap/templates/docker-compose.yml.j2 @@ -6,11 +6,11 @@ {% include 'roles/docker-container/templates/base.yml.j2' %} {% if applications[application_id].network.public | bool or applications[application_id].network.local | bool %} ports: - - 127.0.0.1:{{ports.localhost.ldap.ldap}}:{{ldap_docker_port}} # Expose just on localhost so that nginx stream proxy can use it + - 127.0.0.1:{{ports.localhost.ldap.ldap}}:{{ldap_docker_port}} {% endif %} volumes: - 'data:/bitnami/openldap' - - '{{ldif_host_path}}:{{ldif_docker_path}}:ro' # Mounting all ldif files for import + - '{{ldif_host_path}}:{{ldif_docker_path}}:ro' healthcheck: test: > bash -c ' diff --git a/roles/svc-openldap/vars/main.yml b/roles/svc-openldap/vars/main.yml index 629a01f4..f380e94d 100644 --- a/roles/svc-openldap/vars/main.yml +++ b/roles/svc-openldap/vars/main.yml @@ -1,4 +1,4 @@ -application_id: "ldap" +application_id: "openldap" # LDAP Variables ldaps_docker_port: 636 diff --git a/roles/web-app-discourse/tasks/main.yml b/roles/web-app-discourse/tasks/main.yml index 013af900..af115b19 100644 --- a/roles/web-app-discourse/tasks/main.yml +++ b/roles/web-app-discourse/tasks/main.yml @@ -1,4 +1,7 @@ --- +- name: "reset (if enabled)" + include_tasks: reset.yml + when: mode_reset | bool and run_once_docker_discourse is not defined # Necessary for building: https://chat.openai.com/share/99d258cc-294b-4924-8eef-02fe419bb838 - name: install which @@ -20,14 +23,6 @@ http_port: "{{ ports.localhost.http[application_id] }}" when: run_once_docker_discourse is not defined -- name: "cleanup central database from {{application_id}}_default network" - command: - cmd: "docker network disconnect {{applications[application_id].network}} {{ database_host }}" - ignore_errors: true - when: - - mode_reset | bool - - run_once_docker_discourse is not defined - - name: add docker-compose.yml template: src: docker-compose.yml.j2 @@ -64,16 +59,6 @@ notify: recreate discourse when: run_once_docker_discourse is not defined -- name: "destroy container discourse_application" - command: - cmd: "./launcher destroy discourse_application" - chdir: "{{docker_repository_directory }}" - ignore_errors: true - notify: recreate discourse - when: - - mode_reset | bool - - run_once_docker_discourse is not defined - - name: flush, to recreate discourse app meta: flush_handlers when: run_once_docker_discourse is not defined diff --git a/roles/web-app-discourse/tasks/reset.yml b/roles/web-app-discourse/tasks/reset.yml new file mode 100644 index 00000000..aedac923 --- /dev/null +++ b/roles/web-app-discourse/tasks/reset.yml @@ -0,0 +1,14 @@ +- name: "Load database variables for reset function" + include_vars: "{{playbook_dir}}/roles/svc-rdbms-central/vars/main.yml" + +- name: "cleanup central database from {{application_id}}_default network" + command: + cmd: "docker network disconnect {{applications[application_id].network}} {{ database_host }}" + ignore_errors: true + +- name: "destroy container discourse_application" + command: + cmd: "./launcher destroy discourse_application" + chdir: "{{ docker_repository_directory }}" + ignore_errors: true + notify: recreate discourse \ No newline at end of file diff --git a/roles/web-app-portfolio/meta/main.yml b/roles/web-app-portfolio/meta/main.yml index 64b88f1e..f2bb9368 100644 --- a/roles/web-app-portfolio/meta/main.yml +++ b/roles/web-app-portfolio/meta/main.yml @@ -25,4 +25,4 @@ galaxy_info: logo: class: "fa-solid fa-briefcase" run_after: - - web-app-simpleicons \ No newline at end of file + - web-svc-simpleicons \ No newline at end of file diff --git a/roles/web-app-roulette-wheel/meta/main.yml b/roles/web-app-roulette-wheel/meta/main.yml index 8ccf01a6..6bdfda6a 100644 --- a/roles/web-app-roulette-wheel/meta/main.yml +++ b/roles/web-app-roulette-wheel/meta/main.yml @@ -21,5 +21,7 @@ galaxy_info: documentation: "https://s.veen.world/cymais" logo: class: "fa-solid fa-dice" + run_after: + - web-app-matomo dependencies: - docker-compose diff --git a/roles/web-app-sphinx/meta/main.yml b/roles/web-app-sphinx/meta/main.yml index 9781d2b5..bcc3ae70 100644 --- a/roles/web-app-sphinx/meta/main.yml +++ b/roles/web-app-sphinx/meta/main.yml @@ -26,4 +26,6 @@ galaxy_info: issue_tracker_url: "https://s.veen.world/cymaisissues" documentation: "https://s.veen.world/cymais" logo: - class: "fa-solid fa-book" \ No newline at end of file + class: "fa-solid fa-book" + run_after: + - web-app-matomo \ No newline at end of file diff --git a/roles/web-svc-html/meta/main.yml b/roles/web-svc-html/meta/main.yml index 4e216a8b..ee060e5e 100644 --- a/roles/web-svc-html/meta/main.yml +++ b/roles/web-svc-html/meta/main.yml @@ -26,6 +26,8 @@ galaxy_info: repository: "https://s.veen.world/cymais" issue_tracker_url: "https://s.veen.world/cymaisissues" documentation: "https://s.veen.world/cymais" + run_after: + - web-app-matomo dependencies: - srv-web-https - gen-git diff --git a/roles/web-svc-legal/README.md b/roles/web-svc-legal/README.md index 1a752fa0..e52f440c 100644 --- a/roles/web-svc-legal/README.md +++ b/roles/web-svc-legal/README.md @@ -1,6 +1 @@ -# Nginx Homepage Role - -This Ansible role configures an Nginx server to serve a static homepage. It handles domain configuration, SSL certificate retrieval with Let's Encrypt. - -## Author Information -This role was created in 2023 by [Kevin Veen Birkenbach](https://www.veen.world/). \ No newline at end of file +NGinx Legal role \ No newline at end of file diff --git a/roles/web-app-simpleicons/README.md b/roles/web-svc-simpleicons/README.md similarity index 100% rename from roles/web-app-simpleicons/README.md rename to roles/web-svc-simpleicons/README.md diff --git a/roles/web-app-simpleicons/config/main.yml b/roles/web-svc-simpleicons/config/main.yml similarity index 92% rename from roles/web-app-simpleicons/config/main.yml rename to roles/web-svc-simpleicons/config/main.yml index 51b36bdc..d4ef33ed 100644 --- a/roles/web-app-simpleicons/config/main.yml +++ b/roles/web-svc-simpleicons/config/main.yml @@ -9,7 +9,7 @@ docker: database: enabled: false # Enable the database features: - matomo: true # Enable Matomo Tracking + matomo: false # Matomo tracking isn't necessary css: true # Enable Global CSS Styling portfolio_iframe: true # Enable loading of app in iframe ldap: false # Enable LDAP Network diff --git a/roles/web-app-simpleicons/meta/main.yml b/roles/web-svc-simpleicons/meta/main.yml similarity index 100% rename from roles/web-app-simpleicons/meta/main.yml rename to roles/web-svc-simpleicons/meta/main.yml diff --git a/roles/web-app-simpleicons/tasks/main.yml b/roles/web-svc-simpleicons/tasks/main.yml similarity index 100% rename from roles/web-app-simpleicons/tasks/main.yml rename to roles/web-svc-simpleicons/tasks/main.yml diff --git a/roles/web-app-simpleicons/templates/Dockerfile.j2 b/roles/web-svc-simpleicons/templates/Dockerfile.j2 similarity index 100% rename from roles/web-app-simpleicons/templates/Dockerfile.j2 rename to roles/web-svc-simpleicons/templates/Dockerfile.j2 diff --git a/roles/web-app-simpleicons/templates/docker-compose.yml.j2 b/roles/web-svc-simpleicons/templates/docker-compose.yml.j2 similarity index 100% rename from roles/web-app-simpleicons/templates/docker-compose.yml.j2 rename to roles/web-svc-simpleicons/templates/docker-compose.yml.j2 diff --git a/roles/web-app-simpleicons/templates/env.j2 b/roles/web-svc-simpleicons/templates/env.j2 similarity index 100% rename from roles/web-app-simpleicons/templates/env.j2 rename to roles/web-svc-simpleicons/templates/env.j2 diff --git a/roles/web-app-simpleicons/templates/package.json.j2 b/roles/web-svc-simpleicons/templates/package.json.j2 similarity index 100% rename from roles/web-app-simpleicons/templates/package.json.j2 rename to roles/web-svc-simpleicons/templates/package.json.j2 diff --git a/roles/web-app-simpleicons/templates/server.js.j2 b/roles/web-svc-simpleicons/templates/server.js.j2 similarity index 100% rename from roles/web-app-simpleicons/templates/server.js.j2 rename to roles/web-svc-simpleicons/templates/server.js.j2 diff --git a/roles/web-app-simpleicons/vars/main.yml b/roles/web-svc-simpleicons/vars/main.yml similarity index 100% rename from roles/web-app-simpleicons/vars/main.yml rename to roles/web-svc-simpleicons/vars/main.yml diff --git a/tasks/plays/01_constructor.yml b/tasks/plays/01_constructor.yml index 548f0afa..4dfd4425 100644 --- a/tasks/plays/01_constructor.yml +++ b/tasks/plays/01_constructor.yml @@ -50,7 +50,7 @@ [] | add_redirect_if_group('assets-server', domains | get_domain('assets-server'), domains | get_domain('file-server'), group_names) | merge_mapping(redirect_domain_mappings| default([]), 'source') - }}" + }}" - name: Set current play redirect domain mappings set_fact: @@ -120,7 +120,8 @@ ## backup setup - name: setup replica backup hosts when: ('backup_remote_to_local' | application_allowed(group_names, allowed_applications)) - include_role: bkp-remote-to-local + include_role: + name: bkp-remote-to-local - name: setup backup to swappable when: ('backup_to_usb' | application_allowed(group_names, allowed_applications)) diff --git a/tasks/plays/02_personal-computer.yml b/tasks/plays/02_personal-computer.yml index 3213e232..48b52423 100644 --- a/tasks/plays/02_personal-computer.yml +++ b/tasks/plays/02_personal-computer.yml @@ -16,7 +16,6 @@ - utils-desk-office-tools - desk-jrnl - - name: personal computer for business when: ("business_personal_computer" in group_names) include_role: diff --git a/tasks/plays/02_server.yml b/tasks/plays/02_server.yml index 624b8b6f..830ae55c 100644 --- a/tasks/plays/02_server.yml +++ b/tasks/plays/02_server.yml @@ -12,7 +12,7 @@ - maint-btrfs-auto-balancer - name: "Integrate Docker Role includes" - include_tasks: "./tasks/utils/web-app-roles.yml" + include_tasks: "./tasks/utils/server-roles.yml" # Native Webserver Roles - name: setup web-svc-htmls diff --git a/tasks/utils/.gitignore b/tasks/utils/.gitignore index c16affc9..c6b775e3 100644 --- a/tasks/utils/.gitignore +++ b/tasks/utils/.gitignore @@ -1 +1 @@ -docker-roles.yml \ No newline at end of file +server-roles.yml diff --git a/tasks/utils/web-app-roles.yml b/tasks/utils/web-app-roles.yml deleted file mode 100644 index 56cc068b..00000000 --- a/tasks/utils/web-app-roles.yml +++ /dev/null @@ -1,300 +0,0 @@ -- name: setup roulette-wheel - when: ('roulette-wheel' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-roulette-wheel -- name: flush handlers after roulette-wheel - meta: flush_handlers -- name: setup ldap - when: ('ldap' | application_allowed(group_names, allowed_applications)) - include_role: - name: svc-openldap -- name: flush handlers after ldap - meta: flush_handlers -- name: setup simpleicons - when: ('simpleicons' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-simpleicons -- name: flush handlers after simpleicons - meta: flush_handlers -- name: setup sphinx - when: ('sphinx' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-sphinx -- name: flush handlers after sphinx - meta: flush_handlers -- name: setup presentation - when: ('presentation' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-presentation -- name: flush handlers after presentation - meta: flush_handlers -- name: setup libretranslate - when: ('libretranslate' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-libretranslate -- name: flush handlers after libretranslate - meta: flush_handlers -- name: setup postgres - when: ('postgres' | application_allowed(group_names, allowed_applications)) - include_role: - name: svc-rdbms-postgres -- name: flush handlers after postgres - meta: flush_handlers -- name: setup matrix-deprecated - when: ('matrix-deprecated' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-matrix-deprecated -- name: flush handlers after matrix-deprecated - meta: flush_handlers -- name: setup syncope - when: ('syncope' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-syncope -- name: flush handlers after syncope - meta: flush_handlers -- name: setup pretix - when: ('pretix' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-pretix -- name: flush handlers after pretix - meta: flush_handlers -- name: setup mariadb - when: ('mariadb' | application_allowed(group_names, allowed_applications)) - include_role: - name: svc-rdbms-mariadb -- name: flush handlers after mariadb - meta: flush_handlers -- name: setup elk - when: ('elk' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-elk -- name: flush handlers after elk - meta: flush_handlers -- name: setup collabora - when: ('collabora' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-collabora -- name: flush handlers after collabora - meta: flush_handlers -- name: setup jenkins - when: ('jenkins' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-jenkins -- name: flush handlers after jenkins - meta: flush_handlers -- name: setup portfolio - when: ('portfolio' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-portfolio -- name: flush handlers after portfolio - meta: flush_handlers -- name: setup matomo - when: ('matomo' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-matomo -- name: flush handlers after matomo - meta: flush_handlers -- name: setup keycloak - when: ('keycloak' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-keycloak -- name: flush handlers after keycloak - meta: flush_handlers -- name: setup mailu - when: ('mailu' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-mailu -- name: flush handlers after mailu - meta: flush_handlers -- name: setup taiga - when: ('taiga' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-taiga -- name: flush handlers after taiga - meta: flush_handlers -- name: setup wordpress - when: ('wordpress' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-wordpress -- name: flush handlers after wordpress - meta: flush_handlers -- name: setup pgadmin - when: ('pgadmin' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-pgadmin -- name: flush handlers after pgadmin - meta: flush_handlers -- name: setup lam - when: ('lam' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-lam -- name: flush handlers after lam - meta: flush_handlers -- name: setup peertube - when: ('peertube' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-peertube -- name: flush handlers after peertube - meta: flush_handlers -- name: setup yourls - when: ('yourls' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-yourls -- name: flush handlers after yourls - meta: flush_handlers -- name: setup phpldapadmin - when: ('phpldapadmin' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-phpldapadmin -- name: flush handlers after phpldapadmin - meta: flush_handlers -- name: setup mastodon - when: ('mastodon' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-mastodon -- name: flush handlers after mastodon - meta: flush_handlers -- name: setup friendica - when: ('friendica' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-friendica -- name: flush handlers after friendica - meta: flush_handlers -- name: setup pixelfed - when: ('pixelfed' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-pixelfed -- name: flush handlers after pixelfed - meta: flush_handlers -- name: setup bigbluebutton - when: ('bigbluebutton' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-bigbluebutton -- name: flush handlers after bigbluebutton - meta: flush_handlers -- name: setup moodle - when: ('moodle' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-moodle -- name: flush handlers after moodle - meta: flush_handlers -- name: setup phpmyadmin - when: ('phpmyadmin' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-phpmyadmin -- name: flush handlers after phpmyadmin - meta: flush_handlers -- name: setup openproject - when: ('openproject' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-openproject -- name: flush handlers after openproject - meta: flush_handlers -- name: setup mobilizon - when: ('mobilizon' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-mobilizon -- name: flush handlers after mobilizon - meta: flush_handlers -- name: setup funkwhale - when: ('funkwhale' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-funkwhale -- name: flush handlers after funkwhale - meta: flush_handlers -- name: setup matrix - when: ('matrix' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-matrix -- name: flush handlers after matrix - meta: flush_handlers -- name: setup baserow - when: ('baserow' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-baserow -- name: flush handlers after baserow - meta: flush_handlers -- name: setup gitea - when: ('gitea' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-gitea -- name: flush handlers after gitea - meta: flush_handlers -- name: setup bluesky - when: ('bluesky' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-bluesky -- name: flush handlers after bluesky - meta: flush_handlers -- name: setup mediawiki - when: ('mediawiki' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-mediawiki -- name: flush handlers after mediawiki - meta: flush_handlers -- name: setup attendize - when: ('attendize' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-attendize -- name: flush handlers after attendize - meta: flush_handlers -- name: setup snipe-it - when: ('snipe-it' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-snipe-it -- name: flush handlers after snipe-it - meta: flush_handlers -- name: setup fusiondirectory - when: ('fusiondirectory' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-fusiondirectory -- name: flush handlers after fusiondirectory - meta: flush_handlers -- name: setup akaunting - when: ('akaunting' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-akaunting -- name: flush handlers after akaunting - meta: flush_handlers -- name: setup mybb - when: ('mybb' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-mybb -- name: flush handlers after mybb - meta: flush_handlers -- name: setup gitlab - when: ('gitlab' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-gitlab -- name: flush handlers after gitlab - meta: flush_handlers -- name: setup espocrm - when: ('espocrm' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-espocrm -- name: flush handlers after espocrm - meta: flush_handlers -- name: setup joomla - when: ('joomla' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-joomla -- name: flush handlers after joomla - meta: flush_handlers -- name: setup listmonk - when: ('listmonk' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-listmonk -- name: flush handlers after listmonk - meta: flush_handlers -- name: setup discourse - when: ('discourse' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-discourse -- name: flush handlers after discourse - meta: flush_handlers -- name: setup nextcloud - when: ('nextcloud' | application_allowed(group_names, allowed_applications)) - include_role: - name: web-app-nextcloud -- name: flush handlers after nextcloud - meta: flush_handlers diff --git a/tests/integration/test_mode_reset.py b/tests/integration/test_mode_reset.py new file mode 100644 index 00000000..53b5d0da --- /dev/null +++ b/tests/integration/test_mode_reset.py @@ -0,0 +1,90 @@ +import os +import unittest +import yaml + +# Base directory for roles (adjust if needed) +BASE_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), '../../roles')) + +class TestModeResetIntegration(unittest.TestCase): + """ + Integration test to verify that when 'mode_reset' is used in any task file, + the role provides a reset.yml and includes it correctly in main.yml, + and that the include_tasks for reset.yml with the mode_reset condition appears only once. + """ + + def test_mode_reset_tasks(self): + # Iterate through each role directory + for role_name in os.listdir(BASE_DIR): + with self.subTest(role=role_name): + role_path = os.path.join(BASE_DIR, role_name) + tasks_dir = os.path.join(role_path, 'tasks') + + # Only consider directories with a tasks folder + if not os.path.isdir(tasks_dir): + self.skipTest(f"Role '{role_name}' has no tasks directory.") + + # Simplified detection: check raw file content for 'mode_reset' + mode_reset_found = False + for root, _, files in os.walk(tasks_dir): + for fname in files: + if not fname.lower().endswith(('.yml', '.yaml')): + continue + file_path = os.path.join(root, fname) + with open(file_path, 'r', encoding='utf-8') as f: + file_content = f.read() + if 'mode_reset' in file_content: + mode_reset_found = True + break + if mode_reset_found: + break + + # If no mode_reset usage, skip this role + if not mode_reset_found: + self.skipTest(f"Role '{role_name}': no mode_reset usage detected.") + + # 1) Check reset.yml exists + reset_yml = os.path.join(tasks_dir, 'reset.yml') + self.assertTrue( + os.path.isfile(reset_yml), + f"Role '{role_name}': 'mode_reset' used but tasks/reset.yml is missing." + ) + + # 2) Check inclusion in main.yml + main_yml = os.path.join(tasks_dir, 'main.yml') + self.assertTrue( + os.path.isfile(main_yml), + f"Role '{role_name}': tasks/main.yml is missing." + ) + + with open(main_yml, 'r', encoding='utf-8') as f: + content = f.read() + + include_line = 'include_tasks: reset.yml' + when_line = 'when: mode_reset | bool' + + # Ensure the include and when lines are present + self.assertIn( + include_line, + content, + f"Role '{role_name}': tasks/main.yml missing '{include_line}'." + ) + self.assertIn( + when_line, + content, + f"Role '{role_name}': tasks/main.yml missing '{when_line}'." + ) + + # 3) Ensure the reset include with mode_reset appears only once + include_count = content.count(include_line) + when_count = content.count(when_line) + self.assertEqual( + include_count, 1, + f"Role '{role_name}': 'include_tasks: reset.yml' must appear exactly once, found {include_count}." + ) + self.assertEqual( + when_count, 1, + f"Role '{role_name}': 'when: mode_reset | bool' must appear exactly once, found {when_count}." + ) + +if __name__ == '__main__': + unittest.main(verbosity=2)