kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-07-18 06:24:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

General optimations

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-07-09 10:17:32 +02:00
parent a69b2c9cb2
commit af3767fdfa
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
72 changed files with 377 additions and 618 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Makefile
View File

@ -3,7 +3,7 @@ APPLICATIONS_OUT := ./group_vars/all/04_applications.yml
APPLICATIONS_SCRIPT := ./cli/generate_applications.py
USERS_OUT := ./group_vars/all/03_users.yml
USERS_SCRIPT := ./cli/generate_users.py
INCLUDES_OUT := ./tasks/utils/web-app-roles.yml
INCLUDES_OUT := ./tasks/utils/server-roles.yml
INCLUDES_SCRIPT := ./cli/generate_playbook.py
EXTRA_USERS := $(shell \
@ -24,12 +24,19 @@ build:
@echo "🔧 Generating users defaults → $(USERS_OUT) from roles in $(ROLES_DIR)"
@echo "🔧 Generating Docker role includes → $(INCLUDES_OUT)"
@mkdir -p $(dir $(INCLUDES_OUT))
python3 $(INCLUDES_SCRIPT) $(ROLES_DIR) -o $(INCLUDES_OUT) -p web-app- -p svc-openldap -p svc-rdbms-postgres -p svc-rdbms-mariadb
python3 $(INCLUDES_SCRIPT) $(ROLES_DIR) -o $(INCLUDES_OUT) \
-p web-app \
-p web-svc \
-p svc-openldap \
-p svc-rdbms-postgres \
-p svc-rdbms-mariadb
@echo "✅ Docker role includes written to $(INCLUDES_OUT)"
install: build
@echo "⚙️ Install complete."
test:
@echo "🧪 Running Tests..."
@echo "🧪 Running Python Tests..."
python -m unittest discover -s tests
@echo "📑 Syntax Checking Ansible Playbook..."
ansible-playbook playbook.yml --syntax-check

182
docs/guides/developer/Role_Creation.md
View File

@ -1,182 +0,0 @@
### *Guide to Create a New Docker Role for CyMaIS
This guide will walk you through the steps to add a new Docker role for a service (in this case, `my_service`) in **CyMaIS**. We will cover where to add the application settings, domain, and other required configuration to ensure that your new service is correctly integrated into the CyMaIS environment.
---
### **1. Define the Application Configuration in `templates/vars/applications.yml.j2`**
First, you'll need to add the default configuration for your new service under the `defaults_applications` section in `templates/vars/applications.yml.j2`.
#### **Steps:**
- Open `templates/vars/applications.yml.j2`
- Add the configuration for `my_service` under the `defaults_applications` section.
```yaml
defaults_applications:
## My Service Configuration
my_service:
version: "latest"
features: # Version of the service
matomo: true # Enable Matomo tracking for analytics
css: true # Enable or disable global CSS styling
portfolio_iframe: false # Allow embedding the landing page in an iframe (if true)
database: true # Enable central database integration
ldap: true # Enable ldap integration
oauth2: true # Enable oauth2 proxy
oidc: true # Enable oidc
```
---
### **2. Add the Domain for `my_service` in `group_vars/all/03_domains.yml`**
Next, define the domain for your service in the `group_vars/all/03_domains.yml` file. The domain should be dynamic, using the `{{ primary_domain }}` placeholder, which will automatically resolve to the correct domain based on the primary domain used for your environment.
#### **Steps:**
- Open `group_vars/all/03_domains.yml`
- Add the domain for `my_service`.
```yaml
defaults_domains:
# Other services...
my_service: "slides.{{ primary_domain }}" # Domain for the new service
```
---
### **3. Set the Application ID in `vars/main.yml`**
In the `vars/main.yml` file, set the `application_id` to `my_service`. This step is essential as it allows CyMaIS to correctly reference and configure the new service when deploying it via Docker.
#### **Steps:**
- Open `vars/main.yml`
- Add the `application_id` for the new service.
```yaml
application_id: "my_service" # Set the application ID for the service
```
---
### **4. Create the Docker Role for the New Service**
Now that you have defined the application settings, domain, and application ID, you need to create a Docker role that will build and run the containerized version of `my_service`.
#### **Steps:**
- Create a new directory under the `roles` directory, e.g., `roles/web-app-my_service`.
- Inside the `web-app-my_service` role, create the following files:
1. **`README.md`**:
- Provide documentation on the new service and how it works within CyMaIS.
2. **`tasks/main.yml`**:
- Define the tasks for building and running the Docker container for `my_service`.
Example `tasks/main.yml`:
```yaml
---
# Docker Routines for my_service
- name: "include docker-compose role"
include_role:
name: docker-compose
- name: install cymais-my_service
command:
cmd: "pkgmgr install cymais-my_service --clone-mode https"
notify: docker compose project build and setup
- name: Get path of cymais-my_service using pkgmgr
command: pkgmgr path cymais-my_service
register: path_cymais_my_service_output
- name: "include role srv-web-proxy-domain for {{ application_id }}"
include_role:
name: srv-web-proxy-domain
vars:
domain: "{{ domains | get_domain(application_id) }}"
http_port: "{{ ports.localhost.http[application_id] }}"
```
3. **`docker-compose.yml.j2`**:
- Define the `docker-compose.yml` template for building and running the Docker container for the new service.
Example `docker-compose.yml.j2`:
```yaml
services:
my_service:
build:
context: {{ path_cymais_my_service_output.stdout }}
dockerfile: {{ path_cymais_my_service_output.stdout }}/Dockerfile
ports:
- "127.0.0.1:{{ ports.localhost.http[application_id] }}:5000"
volumes:
- {{ path_cymais_my_service_output.stdout }}:/app
- {{ path_cymais_output.stdout }}:/source
```
4. **`vars/main.yml`**:
- Define any specific variables for `my_service`.
Example `vars/main.yml`:
```yaml
application_id: "my_service"
```
5. **`meta/main.yml`**:
- Add metadata for your new role.
Example `meta/main.yml`:
```yaml
galaxy_info:
author: "Your Name"
description: "Docker role to deploy and manage my_service within CyMaIS."
license: "CyMaIS NonCommercial License (CNCL)"
company: "Your Company"
min_ansible_version: "2.9"
platforms:
- name: Docker
versions:
- all
- name: Linux
versions:
- all
repository: "https://github.com/yourrepo/my_service"
documentation: "https://yourdocumentationlink"
```
---
### **5. Test the Configuration**
Once you have defined the Docker role, configuration settings, and other necessary files, it is essential to test your changes:
#### **Steps:**
- Run the Ansible playbook for deploying your new service.
- Check if `my_service` is correctly deployed and if the domain is resolving as expected.
- Verify that the application is accessible via the assigned port (e.g., `http://slides.{{ primary_domain }}:5000`).
---
### **6. Additional Steps for Integration**
- You can add additional configurations or adjust existing settings based on the requirements for `my_service`. For instance:
- Modify the health check settings in the `docker-compose.yml` template.
- Update Nginx or other web servers to properly route traffic to your new service.
---
### **Conclusion**
By following this guide, you have successfully added a new Dockerized service (`my_service`) to the CyMaIS platform. You have:
- Configured the service settings in `templates/vars/applications.yml.j2`
- Added the domain for the service in `group_vars/all/03_domains.yml`
- Set the `application_id` in `vars/main.yml`
- Created the necessary Docker role for managing `my_service`.
This process allows you to extend the functionality of CyMaIS with new services while maintaining a consistent and reproducible deployment workflow.
---
For any further details or troubleshooting, please consult the official CyMaIS documentation or reach out to the CyMaIS community for assistance.

29
roles/README.md
View File

@ -18,7 +18,7 @@ For a complete list of role categories and detailed definitions, see:
Generic helpers and language/tool installers (e.g. `gen-git`, `gen-locales`, `gen-timer`)
- **desk-***
Desktop environment and application roles (e.g. `desk-gnome`, `utils-desk-browser`, `desk-libreoffice`)
Desktop environment and application roles (e.g. `desk-gnome`, `desk-browser`, `desk-libreoffice`)
---
@ -28,7 +28,7 @@ For a complete list of role categories and detailed definitions, see:
Installs and configures the base Nginx server.
- **srv-web-tls-***
Manages TLS certificates and renewal (formerly “https”).
Manages TLS certificates and renewal (formerly “https”; e.g. `srv-web-tls-deploy`, `srv-web-tls-renew`).
- **srv-web-proxy-***
Proxy and vhost orchestration roles (domain setup, OAuth2 proxy, etc.)
@ -43,43 +43,43 @@ For a complete list of role categories and detailed definitions, see:
Staticcontent servers (assets, HTML, legal pages, file hosting).
- **web-app-***
Application-specific Docker/Compose roles (e.g. GitLab, Nextcloud, Mastodon).
Application-specific Docker/Compose roles (e.g. GitLab, Nextcloud, Mastodon, Redis).
---
## Network
- **net-***
Network infrastructure (DNS records, WireGuard, Lets Encrypt entrypoints).
Network infrastructure (DNS records, Lets Encrypt HTTP entrypoints, WireGuard, etc.)
- **svc-***
Dockerdeployed services that arent “apps” (RDBMS, LDAP, Redis, OpenLDAP).
Docker-deployed services that arent “apps” (RDBMS, LDAP, Redis, OpenLDAP).
---
## Monitoring & Alerting
- **mon-bot-***
“Bot”-style health checks with alerts via Telegram, email, etc.
“Bot”-style health checks (Btrfs, diskspace, Docker, journalctl, CSP crawler, webserver) with alerts.
- **monitor-core-***
Low-level system monitors (journalctl, Docker containers, disk space).
Low-level system monitors (journalctl, Docker containers, disk space, etc.)
- **alert-***
Failure or status notification handlers (core, email, Telegram).
Notification handlers for failures (core, email, Telegram).
---
## Maintenance & Healing
- **maint-***
Periodic maintenance tasks (Btrfs balancing, swapfile management).
Periodic maintenance tasks (Btrfs balancing, swapfile management, etc.)
- **maint-docker-***
Automated recovery and restarts for Docker Compose workloads.
- **cln-***
Housekeeping tasks (old backups, certs, log rotation).
Housekeeping tasks (old backups, expired certs, log rotation).
---
@ -96,7 +96,7 @@ For a complete list of role categories and detailed definitions, see:
Keeps OS and language packages up to date (`update-apt`, `update-docker`, `update-pip`, etc.)
- **pkgmgr-***
Language or platform package managers (npm, pip, AUR helper).
Language or platform package managers (npm, pip, AUR helper, etc.)
---
@ -106,14 +106,15 @@ For a complete list of role categories and detailed definitions, see:
Creates user accounts and SSH keys.
- **user-administrator**, **user-root**
Specialized account configurations for privileged users.
Specialized configurations for privileged users.
---
> **Tip:** To find a role quickly, search for its prefix:
> `core-`, `gen-`, `desk-`, `srv-web-`, `web-svc-`, `web-app-`,
> `net-`, `svc-`, `monitor-`, `alert-`, `maint-`, `cln-`,
> `bkp-`, `update-`, `pkgmgr-`, `user-`.
> `net-`, `svc-`, `mon-bot-`, `monitor-core-`, `alert-`,
> `maint-`, `maint-docker-`, `cln-`, `bkp-`, `update-`,
> `pkgmgr-`, `user-`.
---

1
roles/alert-email/meta/main.yml
View File

@ -24,3 +24,4 @@ galaxy_info:
documentation: "https://s.veen.world/cymais"
dependencies:
- gen-msmtp
- core-daemon

3
roles/alert-telegram/meta/main.yml
View File

@ -22,4 +22,5 @@ galaxy_info:
repository: "https://s.veen.world/cymais"
issue_tracker_url: "https://s.veen.world/cymaisissues"
documentation: "https://s.veen.world/cymais"
dependencies: []
dependencies:
- core-daemon

36
roles/bkp-docker-to-local/tasks/main.yml
View File

@ -2,57 +2,55 @@
include_role:
name: pkgmgr-install
vars:
package_name: bkp-docker-to-local
when: run_once_backup_docker_to_local is not defined
package_name: "{{ bkp_docker_to_local_pkg }}"
when: run_once_bkp_docker_to_local is not defined
- name: Retrieve bkp-docker-to-local path from pkgmgr
command: pkgmgr path bkp-docker-to-local
- name: "Retrieve {{ bkp_docker_to_local_pkg }} path from pkgmgr"
command: "pkgmgr path {{ bkp_docker_to_local_pkg }}"
register: pkgmgr_output
changed_when: false
when: run_once_backup_docker_to_local is not defined
when: run_once_bkp_docker_to_local is not defined
- name: Set fact for backup_docker_to_local_folder
set_fact:
backup_docker_to_local_folder: "{{ pkgmgr_output.stdout }}/"
changed_when: false
when: run_once_backup_docker_to_local is not defined
when: run_once_bkp_docker_to_local is not defined
- name: "reset (if enabled)"
include_tasks: reset.yml
when: mode_reset | bool and run_once_bkp_docker_to_local is not defined
- name: configure bkp-docker-to-local-everything.cymais.service
template:
src: bkp-docker-to-local-everything.service.j2
dest: /etc/systemd/system/bkp-docker-to-local-everything.cymais.service
notify: reload bkp-docker-to-local-everything.cymais.service
when: run_once_backup_docker_to_local is not defined
when: run_once_bkp_docker_to_local is not defined
- name: configure bkp-docker-to-local.cymais.service
template:
src: bkp-docker-to-local.service.j2
dest: /etc/systemd/system/bkp-docker-to-local.cymais.service
notify: reload bkp-docker-to-local.cymais.service
when: run_once_backup_docker_to_local is not defined
when: run_once_bkp_docker_to_local is not defined
- name: set service_name to the name of the current role
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
when: run_once_backup_docker_to_local is not defined
when: run_once_bkp_docker_to_local is not defined
- name: "include role for gen-timer for {{service_name}}"
include_role:
name: gen-timer
vars:
on_calendar: "{{on_calendar_backup_docker_to_local}}"
when: run_once_backup_docker_to_local is not defined
- name: "reset {{ backup_docker_to_local_folder }}databases.csv"
file:
path: "{{ backup_docker_to_local_folder }}databases.csv"
state: absent
when: mode_reset | bool and run_once_backup_docker_to_local is not defined
when: run_once_bkp_docker_to_local is not defined
- name: "include seed-database-to-backup.yml"
include_tasks: seed-database-to-backup.yml
- name: run the backup_docker_to_local tasks once
set_fact:
run_once_backup_docker_to_local: true
when: run_once_backup_docker_to_local is not defined
run_once_bkp_docker_to_local: true
when: run_once_bkp_docker_to_local is not defined

4
roles/bkp-docker-to-local/tasks/reset.yml Normal file
View File

@ -0,0 +1,4 @@
- name: "reset {{ backup_docker_to_local_folder }}databases.csv"
file:
path: "{{ backup_docker_to_local_folder }}databases.csv"
state: absent

6
roles/bkp-docker-to-local/tasks/seed-database-to-backup.yml
View File

@ -51,10 +51,10 @@
database_name is defined and
database_username is defined and
database_password is defined) and
run_once_backup_docker_to_local_file_permission is not defined
run_once_bkp_docker_to_local_file_permission is not defined
register: file_permission_result
- name: run the backup_docker_to_local_file_permission tasks once
set_fact:
run_once_backup_docker_to_local_file_permission: true
when: run_once_backup_docker_to_local_file_permission is not defined and file_permission_result is defined and file_permission_result.changed
run_once_bkp_docker_to_local_file_permission: true
when: run_once_bkp_docker_to_local_file_permission is not defined and file_permission_result is defined and file_permission_result.changed

1
roles/bkp-docker-to-local/vars/main.yml Normal file
View File

@ -0,0 +1 @@
bkp_docker_to_local_pkg: backup-docker-to-local

1
roles/bkp-remote-to-local/meta/main.yml
View File

@ -31,3 +31,4 @@ dependencies:
- cln-failed-docker-backups
- maint-lock
- user-root
- core-daemon

2
roles/bkp-remote-to-local/tasks/main.yml
View File

@ -22,7 +22,7 @@
dest: "{{docker_backup_remote_to_local_folder}}backups-remote-to-local.sh"
mode: 0755
- name: set service_name to the name of the current role
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"

1
roles/cln-backups-service/meta/main.yml
View File

@ -25,3 +25,4 @@ dependencies:
- gen-python-pip
- alert-compose
- maint-lock
- core-daemon

1
roles/cln-backups-timer/meta/main.yml
View File

@ -23,3 +23,4 @@ galaxy_info:
documentation: "https://s.veen.world/cymais"
dependencies:
- cln-backups-service
- core-daemon

1
roles/cln-certs/meta/main.yml
View File

@ -25,3 +25,4 @@ galaxy_info:
dependencies:
- alert-compose
- core-daemon

2
roles/cln-certs/tasks/main.yml
View File

@ -12,7 +12,7 @@
notify: Reload and restart cln-certs.cymais.service
when: run_once_cleanup_certs is not defined
- name: set service_name to the name of the current role
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
when: run_once_cleanup_certs is not defined

1
roles/cln-disc-space/meta/main.yml
View File

@ -24,3 +24,4 @@ galaxy_info:
dependencies:
- alert-compose
- maint-lock
- core-daemon

2
roles/cln-disc-space/tasks/main.yml
View File

@ -15,7 +15,7 @@
dest: /etc/systemd/system/cln-disc-space.cymais.service
notify: reload cln-disc-space.cymais.service
- name: set service_name to the name of the current role
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"

4
roles/cln-docker-anonymous-volumes/meta/main.yml
View File

@ -22,4 +22,6 @@ galaxy_info:
- pkgmgr
repository: "https://github.com/kevinveenbirkenbach/web-app-volume-cleaner"
issue_tracker_url: "https://github.com/kevinveenbirkenbach/web-app-volume-cleaner/issues"
documentation: "https://github.com/kevinveenbirkenbach/web-app-volume-cleaner#readme"
documentation: "https://github.com/kevinveenbirkenbach/web-app-volume-cleaner"
dependencies:
- core-daemon

1
roles/cln-domains/meta/main.yml
View File

@ -22,3 +22,4 @@ galaxy_info:
documentation: "https://s.veen.world/cymais"
dependencies:
- srv-web-core
- core-daemon

1
roles/cln-failed-docker-backups/meta/main.yml
View File

@ -25,3 +25,4 @@ dependencies:
- alert-compose
- maint-lock
- bkp-directory-validator
- core-daemon

24
roles/cln-failed-docker-backups/tasks/main.yml
View File

@ -2,41 +2,41 @@
include_role:
name: pkgmgr-install
vars:
package_name: cln-failed-docker-backups
when: run_once_cleanup_failed_docker_backups is not defined
package_name: "{{ cln_failed_docker_backups_pkg }}"
when: run_once_cln_failed_docker_backups is not defined
- name: Retrieve bkp-docker-to-local path from pkgmgr
command: pkgmgr path cln-failed-docker-backups
- name: "Retrieve {{ cln_failed_docker_backups_pkg }} path from pkgmgr"
command: "pkgmgr path {{ cln_failed_docker_backups_pkg }}"
register: pkgmgr_output
changed_when: false
when: run_once_cleanup_failed_docker_backups is not defined
when: run_once_cln_failed_docker_backups is not defined
- name: Set fact for backup_docker_to_local_cleanup_script
set_fact:
backup_docker_to_local_cleanup_script: "{{ pkgmgr_output.stdout.rstrip('/') ~ '/cln-all.sh' }}"
changed_when: false
when: run_once_cleanup_failed_docker_backups is not defined
when: run_once_cln_failed_docker_backups is not defined
- name: configure cln-failed-docker-backups.cymais.service
template:
src: cln-failed-docker-backups.service.j2
dest: /etc/systemd/system/cln-failed-docker-backups.cymais.service
notify: Reload cln-failed-docker-backups.cymais.service
when: run_once_cleanup_failed_docker_backups is not defined
when: run_once_cln_failed_docker_backups is not defined
- name: set service_name to the name of the current role
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
when: run_once_cleanup_failed_docker_backups is not defined
when: run_once_cln_failed_docker_backups is not defined
- name: "include role for gen-timer for {{service_name}}"
include_role:
name: gen-timer
vars:
on_calendar: "{{on_calendar_cleanup_failed_docker}}"
when: run_once_cleanup_failed_docker_backups is not defined
when: run_once_cln_failed_docker_backups is not defined
- name: run the cleanup_failed_docker_backups tasks once
set_fact:
run_once_cleanup_failed_docker_backups: true
when: run_once_cleanup_failed_docker_backups is not defined
run_once_cln_failed_docker_backups: true
when: run_once_cln_failed_docker_backups is not defined

1
roles/cln-failed-docker-backups/vars/main.yml Normal file
View File

@ -0,0 +1 @@
cln_failed_docker_backups_pkg: cleanup-failed-docker-backups

24
roles/core-daemon/README.md Normal file
View File

@ -0,0 +1,24 @@
# Core Daemon Role
This Ansible role handles resetting and cleaning up “CyMaIS” systemd service units for the core daemon.
## Description
When enabled via the `mode_reset` flag, this role will:
1. Run its reset tasks exactly once per play (`run_once_core_daemon` guard).
2. Find all `/etc/systemd/system/*.cymais.service` units.
3. Stop and disable each unit.
4. Remove the unit files.
5. Reload the systemd daemon.
## License
This role is released under the CyMaIS NonCommercial License (CNCL).
See [license details](https://s.veen.world/cncl)
## Author Information
Kevin Veen-Birkenbach
Consulting & Coaching Solutions
[https://www.veen.world](https://www.veen.world)

19
roles/core-daemon/meta/main.yml Normal file
View File

@ -0,0 +1,19 @@
galaxy_info:
author: "Kevin Veen-Birkenbach"
description: "Role to reset and clean up CyMaIS systemd service units for the core daemon."
company: |
Kevin Veen-Birkenbach
Consulting & Coaching Solutions
https://www.veen.world
license: "CyMaIS NonCommercial License (CNCL)"
license_url: "https://s.veen.world/cncl"
min_ansible_version: "2.9"
galaxy_tags:
- systemd
- cleanup
- cymais
repository: "https://github.com/kevinveenbirkenbach/cymais"
issue_tracker_url: "https://github.com/kevinveenbirkenbach/cymais/issues"
documentation: "https://github.com/kevinveenbirkenbach/cymais/#core-daemon-role"
dependencies: []

8
roles/core-daemon/tasks/main.yml Normal file
View File

@ -0,0 +1,8 @@
- name: "reset (if enabled)"
include_tasks: reset.yml
when: mode_reset | bool and run_once_core_daemon is not defined
- name: run {{ role_name }} once
set_fact:
run_once_core_daemon: true
when: run_once_core_daemon is not defined

28
roles/core-daemon/tasks/reset.yml Normal file
View File

@ -0,0 +1,28 @@
- name: Find all cymais.service units
find:
paths: /etc/systemd/system
patterns: '*.cymais.service'
register: cymais_services
- name: Disable and stop each cymais service
become: true
systemd:
name: "{{ item.path | basename }}"
enabled: no
state: stopped
loop: "{{ cymais_services.files }}"
loop_control:
label: "{{ item.path | basename }}"
- name: Remove all cymais.service files
become: true
file:
path: "{{ item.path }}"
state: absent
loop: "{{ cymais_services.files }}"
loop_control:
label: "{{ item.path | basename }}"
- name: Reload systemd daemon
become: true
command: systemctl daemon-reload

9
roles/docker-compose/handlers/main.yml
View File

@ -1,13 +1,4 @@
---
# It is necessary to shut the projects down, when reset is activated.
# Otherwise it can lead to this bug:
# https://github.com/ansible/ansible/issues/10244
#- name: shut down docker compose project
# command:
# cmd: docker-compose -p "{{ application_id }}" down
# listen: docker compose up
# when: mode_reset | bool
- name: rebuild docker repository
command:
cmd: docker compose build

10
roles/docker-compose/tasks/main.yml
View File

@ -1,10 +1,8 @@
- name: "Load variables from {{ role_path }}/vars/docker-compose.yml for whole play"
include_vars: "{{ role_path }}/vars/docker-compose.yml"
- name: "Load variables from {{ docker_compose_variable_file }} for whole play"
include_vars: "{{ docker_compose_variable_file }}"
- name: "Remove {{ docker_compose.directories.instance }} and all its contents"
file:
path: "{{ docker_compose.directories.instance }}"
state: absent
- name: "reset (if enabled)"
include_tasks: reset.yml
when: mode_reset | bool
# This could lead to problems in docker-compose directories which are based on a git repository

11
roles/docker-compose/tasks/reset.yml Normal file
View File

@ -0,0 +1,11 @@
# It is necessary to shut the projects down, when reset is activated.
# Otherwise it can lead to this bug:
# https://github.com/ansible/ansible/issues/10244
- name: shut down docker compose project
command:
cmd: "docker-compose -p {{ application_id }} down"
- name: "Remove {{ docker_compose.directories.instance }} and all its contents"
file:
path: "{{ docker_compose.directories.instance }}"
state: absent

1
roles/docker-compose/vars/main.yml
View File

@ -0,0 +1 @@
docker_compose_variable_file: "{{ role_path }}/vars/docker-compose.yml"

2
roles/drv-msi-keyboard-color/tasks/main.yml
View File

@ -21,7 +21,7 @@
systemd:
daemon_reload: yes
- name: set service_name to the name of the current role
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"

9
roles/gen-timer/tasks/main.yml
View File

@ -1,3 +1,7 @@
- name: "reset (if enabled)"
include_tasks: reset.yml
when: mode_reset | bool and run_once_gen_timer is not defined
- name: create {{service_name}}.cymais.timer
template:
src: dummy.timer.j2
@ -11,3 +15,8 @@
state: restarted
enabled: yes
when: dummy_timer.changed or activate_all_timers | bool
- name: run {{ role_name }} once
set_fact:
run_once_gen_timer: true
when: run_once_gen_timer is not defined

26
roles/gen-timer/tasks/reset.yml Normal file
View File

@ -0,0 +1,26 @@
- name: Find all cymais.timer units
find:
paths: /etc/systemd/system
patterns: '*.cymais.timer'
register: cymais_timers
- name: Disable and stop each cymais timer
systemd:
name: "{{ item.path | basename }}"
enabled: no
state: stopped
loop: "{{ cymais_timers.files }}"
loop_control:
label: "{{ item.path | basename }}"
- name: Remove all cymais.timer files
file:
path: "{{ item.path }}"
state: absent
loop: "{{ cymais_timers.files }}"
loop_control:
label: "{{ item.path | basename }}"
- name: Reload systemd daemon
command: systemctl daemon-reload
become: true

2
roles/maint-btrfs-auto-balancer/tasks/main.yml
View File

@ -12,7 +12,7 @@
notify: reload maint-btrfs-auto-balancer.cymais.service
when: run_once_system_btrfs_auto_balancer is not defined
- name: set service_name to the name of the current role
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
when: run_once_system_btrfs_auto_balancer is not defined

2
roles/maint-docker-heal/tasks/main.yml
View File

@ -19,7 +19,7 @@
notify: restart maint-docker-heal.cymais.service
when: run_once_heal_docker is not defined
- name: set service_name to the name of the current role
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
when: run_once_heal_docker is not defined

2
roles/maint-docker-restart/tasks/main.yml
View File

@ -16,7 +16,7 @@
dest: /etc/systemd/system/maint-docker-restart.cymais.service
notify: "reload maint-docker-restart.cymais.service"
- name: set service_name to the name of the current role
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"

2
roles/mon-bot-btrfs/tasks/main.yml
View File

@ -15,7 +15,7 @@
dest: /etc/systemd/system/mon-bot-btrfs.cymais.service
notify: reload mon-bot-btrfs.cymais.service
- name: set service_name to the name of the current role
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"

2
roles/mon-bot-disc-space/tasks/main.yml
View File

@ -15,7 +15,7 @@
dest: /etc/systemd/system/mon-bot-disc-space.cymais.service
notify: reload mon-bot-disc-space.cymais.service
- name: set service_name to the name of the current role
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"

2
roles/mon-bot-docker-container/tasks/main.yml
View File

@ -18,7 +18,7 @@
notify: reload mon-bot-docker-container.cymais.service
when: run_once_health_docker_container is not defined
- name: set service_name to the name of the current role
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
when: run_once_health_docker_container is not defined

2
roles/mon-bot-docker-volumes/tasks/main.yml
View File

@ -18,7 +18,7 @@
notify: reload mon-bot-docker-volumes.cymais.service
when: run_once_health_docker_volumes is not defined
- name: set service_name to the name of the current role
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
when: run_once_health_docker_volumes is not defined

2
roles/mon-bot-journalctl/tasks/main.yml
View File

@ -18,7 +18,7 @@
notify: reload mon-bot-journalctl.cymais.service
when: run_once_health_journalctl is not defined
- name: set service_name to the name of the current role
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
when: run_once_health_journalctl is not defined

2
roles/mon-bot-msmtp/tasks/main.yml
View File

@ -16,7 +16,7 @@
dest: /etc/systemd/system/mon-bot-msmtp.cymais.service
notify: reload mon-bot-msmtp.cymais.service
- name: set service_name to the name of the current role
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"

2
roles/mon-bot-webserver/tasks/main.yml
View File

@ -24,7 +24,7 @@
notify: reload mon-bot-webserver.cymais.service
when: run_once_health_nginx is not defined
- name: set service_name to the name of the current role
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
when: run_once_health_nginx is not defined

13
roles/srv-web-core/handlers/main.yml
View File

@ -1,3 +1,14 @@
---
- name: Validate Nginx configuration
command: nginx -t
register: nginx_test
changed_when: false
failed_when: nginx_test.rc != 0
listen: restart nginx
- name: restart nginx
service: name=nginx state=restarted enabled=yes
service:
name: nginx
state: restarted
enabled: yes
listen: restart nginx

24
roles/srv-web-core/tasks/main.yml
View File

@ -6,13 +6,11 @@
- nginx-mod-stream
state: present
notify: restart nginx
when: run_once_nginx is not defined
when: run_once_srv_web_core is not defined
- name: "Delete {{nginx.directories.configuration}} directory, when mode_reset"
file:
path: "{{ nginx.directories.configuration }}"
state: absent
when: mode_reset | bool and run_once_nginx is not defined
- name: "reset (if enabled)"
include_tasks: reset.yml
when: mode_reset | bool and run_once_srv_web_core is not defined
- name: Ensure nginx configuration directories are present
file:
@ -28,7 +26,7 @@
(nginx.directories.http.values() | list) +
[ nginx.directories.streams ]
}}
when: run_once_nginx is not defined
when: run_once_srv_web_core is not defined
- name: Ensure nginx data storage directories are present
file:
@ -40,7 +38,7 @@
mode: '0755'
loop: >
{{ nginx.directories.data.values() | list }}
when: run_once_nginx is not defined
when: run_once_srv_web_core is not defined
- name: "Include tasks to create cache directories"
include_tasks: cache_directories.yml
@ -50,13 +48,13 @@
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify: restart nginx
when: run_once_nginx is not defined
when: run_once_srv_web_core is not defined
- name: flush nginx service
meta: flush_handlers
when: run_once_nginx is not defined
when: run_once_srv_web_core is not defined
- name: run the nginx tasks once
- name: run {{ role_name }} once
set_fact:
run_once_nginx: true
when: run_once_nginx is not defined
run_once_srv_web_core: true
when: run_once_srv_web_core is not defined

4
roles/srv-web-core/tasks/reset.yml Normal file
View File

@ -0,0 +1,4 @@
- name: "Delete {{nginx.directories.configuration}} directory, when mode_reset"
file:
path: "{{ nginx.directories.configuration }}"
state: absent

2
roles/srv-web-tls-renew/tasks/main.yml
View File

@ -12,7 +12,7 @@
notify: reload certbot service
when: run_once_nginx_certbot is not defined
- name: set service_name to the name of the current role
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
when: run_once_nginx_certbot is not defined

4
roles/svc-openldap/templates/docker-compose.yml.j2
View File

@ -6,11 +6,11 @@
{% include 'roles/docker-container/templates/base.yml.j2' %}
{% if applications[application_id].network.public | bool or applications[application_id].network.local | bool %}
ports:
- 127.0.0.1:{{ports.localhost.ldap.ldap}}:{{ldap_docker_port}} # Expose just on localhost so that nginx stream proxy can use it
- 127.0.0.1:{{ports.localhost.ldap.ldap}}:{{ldap_docker_port}}
{% endif %}
volumes:
- 'data:/bitnami/openldap'
- '{{ldif_host_path}}:{{ldif_docker_path}}:ro' # Mounting all ldif files for import
- '{{ldif_host_path}}:{{ldif_docker_path}}:ro'
healthcheck:
test: >
bash -c '

2
roles/svc-openldap/vars/main.yml
View File

@ -1,4 +1,4 @@
application_id: "ldap"
application_id: "openldap"
# LDAP Variables
ldaps_docker_port: 636

21
roles/web-app-discourse/tasks/main.yml
View File

@ -1,4 +1,7 @@
---
- name: "reset (if enabled)"
include_tasks: reset.yml
when: mode_reset | bool and run_once_docker_discourse is not defined
# Necessary for building: https://chat.openai.com/share/99d258cc-294b-4924-8eef-02fe419bb838
- name: install which
@ -20,14 +23,6 @@
http_port: "{{ ports.localhost.http[application_id] }}"
when: run_once_docker_discourse is not defined
- name: "cleanup central database from {{application_id}}_default network"
command:
cmd: "docker network disconnect {{applications[application_id].network}} {{ database_host }}"
ignore_errors: true
when:
- mode_reset | bool
- run_once_docker_discourse is not defined
- name: add docker-compose.yml
template:
src: docker-compose.yml.j2
@ -64,16 +59,6 @@
notify: recreate discourse
when: run_once_docker_discourse is not defined
- name: "destroy container discourse_application"
command:
cmd: "./launcher destroy discourse_application"
chdir: "{{docker_repository_directory }}"
ignore_errors: true
notify: recreate discourse
when:
- mode_reset | bool
- run_once_docker_discourse is not defined
- name: flush, to recreate discourse app
meta: flush_handlers
when: run_once_docker_discourse is not defined

14
roles/web-app-discourse/tasks/reset.yml Normal file
View File

@ -0,0 +1,14 @@
- name: "Load database variables for reset function"
include_vars: "{{playbook_dir}}/roles/svc-rdbms-central/vars/main.yml"
- name: "cleanup central database from {{application_id}}_default network"
command:
cmd: "docker network disconnect {{applications[application_id].network}} {{ database_host }}"
ignore_errors: true
- name: "destroy container discourse_application"
command:
cmd: "./launcher destroy discourse_application"
chdir: "{{ docker_repository_directory }}"
ignore_errors: true
notify: recreate discourse

2
roles/web-app-portfolio/meta/main.yml
View File

@ -25,4 +25,4 @@ galaxy_info:
logo:
class: "fa-solid fa-briefcase"
run_after:
- web-app-simpleicons
- web-svc-simpleicons

2
roles/web-app-roulette-wheel/meta/main.yml
View File

@ -21,5 +21,7 @@ galaxy_info:
documentation: "https://s.veen.world/cymais"
logo:
class: "fa-solid fa-dice"
run_after:
- web-app-matomo
dependencies:
- docker-compose

2
roles/web-app-sphinx/meta/main.yml
View File

@ -27,3 +27,5 @@ galaxy_info:
documentation: "https://s.veen.world/cymais"
logo:
class: "fa-solid fa-book"
run_after:
- web-app-matomo

2
roles/web-svc-html/meta/main.yml
View File

@ -26,6 +26,8 @@ galaxy_info:
repository: "https://s.veen.world/cymais"
issue_tracker_url: "https://s.veen.world/cymaisissues"
documentation: "https://s.veen.world/cymais"
run_after:
- web-app-matomo
dependencies:
- srv-web-https
- gen-git

7
roles/web-svc-legal/README.md
View File

@ -1,6 +1 @@
# Nginx Homepage Role
This Ansible role configures an Nginx server to serve a static homepage. It handles domain configuration, SSL certificate retrieval with Let's Encrypt.
## Author Information
This role was created in 2023 by [Kevin Veen Birkenbach](https://www.veen.world/).
NGinx Legal role

0
roles/web-app-simpleicons/README.md → roles/web-svc-simpleicons/README.md
View File

2
roles/web-app-simpleicons/config/main.yml → roles/web-svc-simpleicons/config/main.yml
View File

@ -9,7 +9,7 @@ docker:
database:
enabled: false # Enable the database
features:
matomo: true # Enable Matomo Tracking
matomo: false # Matomo tracking isn't necessary
css: true # Enable Global CSS Styling
portfolio_iframe: true # Enable loading of app in iframe
ldap: false # Enable LDAP Network

0
roles/web-app-simpleicons/meta/main.yml → roles/web-svc-simpleicons/meta/main.yml
View File

0
roles/web-app-simpleicons/tasks/main.yml → roles/web-svc-simpleicons/tasks/main.yml
View File

0
roles/web-app-simpleicons/templates/Dockerfile.j2 → roles/web-svc-simpleicons/templates/Dockerfile.j2
View File

0
roles/web-app-simpleicons/templates/docker-compose.yml.j2 → roles/web-svc-simpleicons/templates/docker-compose.yml.j2
View File

0
roles/web-app-simpleicons/templates/env.j2 → roles/web-svc-simpleicons/templates/env.j2
View File

0
roles/web-app-simpleicons/templates/package.json.j2 → roles/web-svc-simpleicons/templates/package.json.j2
View File

0
roles/web-app-simpleicons/templates/server.js.j2 → roles/web-svc-simpleicons/templates/server.js.j2
View File

0
roles/web-app-simpleicons/vars/main.yml → roles/web-svc-simpleicons/vars/main.yml
View File

5
tasks/plays/01_constructor.yml
View File

@ -50,7 +50,7 @@
[] |
add_redirect_if_group('assets-server', domains | get_domain('assets-server'), domains | get_domain('file-server'), group_names) |
merge_mapping(redirect_domain_mappings| default([]), 'source')
}}"
}}"
- name: Set current play redirect domain mappings
set_fact:
@ -120,7 +120,8 @@
## backup setup
- name: setup replica backup hosts
when: ('backup_remote_to_local' | application_allowed(group_names, allowed_applications))
include_role: bkp-remote-to-local
include_role:
name: bkp-remote-to-local
- name: setup backup to swappable
when: ('backup_to_usb' | application_allowed(group_names, allowed_applications))

1
tasks/plays/02_personal-computer.yml
View File

@ -16,7 +16,6 @@
- utils-desk-office-tools
- desk-jrnl
- name: personal computer for business
when: ("business_personal_computer" in group_names)
include_role:

2
tasks/plays/02_server.yml
View File

@ -12,7 +12,7 @@
- maint-btrfs-auto-balancer
- name: "Integrate Docker Role includes"
include_tasks: "./tasks/utils/web-app-roles.yml"
include_tasks: "./tasks/utils/server-roles.yml"
# Native Webserver Roles
- name: setup web-svc-htmls

2
tasks/utils/.gitignore vendored
View File

@ -1 +1 @@
docker-roles.yml
server-roles.yml

300
tasks/utils/web-app-roles.yml
View File

@ -1,300 +0,0 @@
- name: setup roulette-wheel
when: ('roulette-wheel' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-roulette-wheel
- name: flush handlers after roulette-wheel
meta: flush_handlers
- name: setup ldap
when: ('ldap' | application_allowed(group_names, allowed_applications))
include_role:
name: svc-openldap
- name: flush handlers after ldap
meta: flush_handlers
- name: setup simpleicons
when: ('simpleicons' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-simpleicons
- name: flush handlers after simpleicons
meta: flush_handlers
- name: setup sphinx
when: ('sphinx' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-sphinx
- name: flush handlers after sphinx
meta: flush_handlers
- name: setup presentation
when: ('presentation' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-presentation
- name: flush handlers after presentation
meta: flush_handlers
- name: setup libretranslate
when: ('libretranslate' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-libretranslate
- name: flush handlers after libretranslate
meta: flush_handlers
- name: setup postgres
when: ('postgres' | application_allowed(group_names, allowed_applications))
include_role:
name: svc-rdbms-postgres
- name: flush handlers after postgres
meta: flush_handlers
- name: setup matrix-deprecated
when: ('matrix-deprecated' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-matrix-deprecated
- name: flush handlers after matrix-deprecated
meta: flush_handlers
- name: setup syncope
when: ('syncope' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-syncope
- name: flush handlers after syncope
meta: flush_handlers
- name: setup pretix
when: ('pretix' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-pretix
- name: flush handlers after pretix
meta: flush_handlers
- name: setup mariadb
when: ('mariadb' | application_allowed(group_names, allowed_applications))
include_role:
name: svc-rdbms-mariadb
- name: flush handlers after mariadb
meta: flush_handlers
- name: setup elk
when: ('elk' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-elk
- name: flush handlers after elk
meta: flush_handlers
- name: setup collabora
when: ('collabora' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-collabora
- name: flush handlers after collabora
meta: flush_handlers
- name: setup jenkins
when: ('jenkins' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-jenkins
- name: flush handlers after jenkins
meta: flush_handlers
- name: setup portfolio
when: ('portfolio' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-portfolio
- name: flush handlers after portfolio
meta: flush_handlers
- name: setup matomo
when: ('matomo' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-matomo
- name: flush handlers after matomo
meta: flush_handlers
- name: setup keycloak
when: ('keycloak' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-keycloak
- name: flush handlers after keycloak
meta: flush_handlers
- name: setup mailu
when: ('mailu' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-mailu
- name: flush handlers after mailu
meta: flush_handlers
- name: setup taiga
when: ('taiga' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-taiga
- name: flush handlers after taiga
meta: flush_handlers
- name: setup wordpress
when: ('wordpress' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-wordpress
- name: flush handlers after wordpress
meta: flush_handlers
- name: setup pgadmin
when: ('pgadmin' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-pgadmin
- name: flush handlers after pgadmin
meta: flush_handlers
- name: setup lam
when: ('lam' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-lam
- name: flush handlers after lam
meta: flush_handlers
- name: setup peertube
when: ('peertube' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-peertube
- name: flush handlers after peertube
meta: flush_handlers
- name: setup yourls
when: ('yourls' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-yourls
- name: flush handlers after yourls
meta: flush_handlers
- name: setup phpldapadmin
when: ('phpldapadmin' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-phpldapadmin
- name: flush handlers after phpldapadmin
meta: flush_handlers
- name: setup mastodon
when: ('mastodon' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-mastodon
- name: flush handlers after mastodon
meta: flush_handlers
- name: setup friendica
when: ('friendica' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-friendica
- name: flush handlers after friendica
meta: flush_handlers
- name: setup pixelfed
when: ('pixelfed' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-pixelfed
- name: flush handlers after pixelfed
meta: flush_handlers
- name: setup bigbluebutton
when: ('bigbluebutton' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-bigbluebutton
- name: flush handlers after bigbluebutton
meta: flush_handlers
- name: setup moodle
when: ('moodle' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-moodle
- name: flush handlers after moodle
meta: flush_handlers
- name: setup phpmyadmin
when: ('phpmyadmin' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-phpmyadmin
- name: flush handlers after phpmyadmin
meta: flush_handlers
- name: setup openproject
when: ('openproject' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-openproject
- name: flush handlers after openproject
meta: flush_handlers
- name: setup mobilizon
when: ('mobilizon' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-mobilizon
- name: flush handlers after mobilizon
meta: flush_handlers
- name: setup funkwhale
when: ('funkwhale' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-funkwhale
- name: flush handlers after funkwhale
meta: flush_handlers
- name: setup matrix
when: ('matrix' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-matrix
- name: flush handlers after matrix
meta: flush_handlers
- name: setup baserow
when: ('baserow' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-baserow
- name: flush handlers after baserow
meta: flush_handlers
- name: setup gitea
when: ('gitea' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-gitea
- name: flush handlers after gitea
meta: flush_handlers
- name: setup bluesky
when: ('bluesky' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-bluesky
- name: flush handlers after bluesky
meta: flush_handlers
- name: setup mediawiki
when: ('mediawiki' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-mediawiki
- name: flush handlers after mediawiki
meta: flush_handlers
- name: setup attendize
when: ('attendize' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-attendize
- name: flush handlers after attendize
meta: flush_handlers
- name: setup snipe-it
when: ('snipe-it' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-snipe-it
- name: flush handlers after snipe-it
meta: flush_handlers
- name: setup fusiondirectory
when: ('fusiondirectory' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-fusiondirectory
- name: flush handlers after fusiondirectory
meta: flush_handlers
- name: setup akaunting
when: ('akaunting' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-akaunting
- name: flush handlers after akaunting
meta: flush_handlers
- name: setup mybb
when: ('mybb' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-mybb
- name: flush handlers after mybb
meta: flush_handlers
- name: setup gitlab
when: ('gitlab' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-gitlab
- name: flush handlers after gitlab
meta: flush_handlers
- name: setup espocrm
when: ('espocrm' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-espocrm
- name: flush handlers after espocrm
meta: flush_handlers
- name: setup joomla
when: ('joomla' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-joomla
- name: flush handlers after joomla
meta: flush_handlers
- name: setup listmonk
when: ('listmonk' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-listmonk
- name: flush handlers after listmonk
meta: flush_handlers
- name: setup discourse
when: ('discourse' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-discourse
- name: flush handlers after discourse
meta: flush_handlers
- name: setup nextcloud
when: ('nextcloud' | application_allowed(group_names, allowed_applications))
include_role:
name: web-app-nextcloud
- name: flush handlers after nextcloud
meta: flush_handlers

90
tests/integration/test_mode_reset.py Normal file
View File

@ -0,0 +1,90 @@
import os
import unittest
import yaml
# Base directory for roles (adjust if needed)
BASE_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), '../../roles'))
class TestModeResetIntegration(unittest.TestCase):
"""
Integration test to verify that when 'mode_reset' is used in any task file,
the role provides a reset.yml and includes it correctly in main.yml,
and that the include_tasks for reset.yml with the mode_reset condition appears only once.
"""
def test_mode_reset_tasks(self):
# Iterate through each role directory
for role_name in os.listdir(BASE_DIR):
with self.subTest(role=role_name):
role_path = os.path.join(BASE_DIR, role_name)
tasks_dir = os.path.join(role_path, 'tasks')
# Only consider directories with a tasks folder
if not os.path.isdir(tasks_dir):
self.skipTest(f"Role '{role_name}' has no tasks directory.")
# Simplified detection: check raw file content for 'mode_reset'
mode_reset_found = False
for root, _, files in os.walk(tasks_dir):
for fname in files:
if not fname.lower().endswith(('.yml', '.yaml')):
continue
file_path = os.path.join(root, fname)
with open(file_path, 'r', encoding='utf-8') as f:
file_content = f.read()
if 'mode_reset' in file_content:
mode_reset_found = True
break
if mode_reset_found:
break
# If no mode_reset usage, skip this role
if not mode_reset_found:
self.skipTest(f"Role '{role_name}': no mode_reset usage detected.")
# 1) Check reset.yml exists
reset_yml = os.path.join(tasks_dir, 'reset.yml')
self.assertTrue(
os.path.isfile(reset_yml),
f"Role '{role_name}': 'mode_reset' used but tasks/reset.yml is missing."
)
# 2) Check inclusion in main.yml
main_yml = os.path.join(tasks_dir, 'main.yml')
self.assertTrue(
os.path.isfile(main_yml),
f"Role '{role_name}': tasks/main.yml is missing."
)
with open(main_yml, 'r', encoding='utf-8') as f:
content = f.read()
include_line = 'include_tasks: reset.yml'
when_line = 'when: mode_reset | bool'
# Ensure the include and when lines are present
self.assertIn(
include_line,
content,
f"Role '{role_name}': tasks/main.yml missing '{include_line}'."
)
self.assertIn(
when_line,
content,
f"Role '{role_name}': tasks/main.yml missing '{when_line}'."
)
# 3) Ensure the reset include with mode_reset appears only once
include_count = content.count(include_line)
when_count = content.count(when_line)
self.assertEqual(
include_count, 1,
f"Role '{role_name}': 'include_tasks: reset.yml' must appear exactly once, found {include_count}."
)
self.assertEqual(
when_count, 1,
f"Role '{role_name}': 'when: mode_reset | bool' must appear exactly once, found {when_count}."
)
if __name__ == '__main__':
unittest.main(verbosity=2)