kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-15 08:30:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

Optimized openproject for new repository structure

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-08-11 23:03:24 +02:00
parent f671678720
commit d5e5f57f92
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
9 changed files with 48 additions and 178 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/cmp-rdbms/vars/main.yml Normal file
View File

@ -0,0 +1,2 @@
# Docker
docker_pull_git_repository: false # Deactivated here to don't inhire this

1
roles/docker-compose/tasks/02_repository.yml
View File

@ -6,6 +6,7 @@
git: git:
repo: "{{ docker_repository_address }}" repo: "{{ docker_repository_address }}"
dest: "{{ docker_repository_path }}" dest: "{{ docker_repository_path }}"
version: "{{ docker_repository_branch | default('main') }}"
depth: 1 depth: 1
update: yes update: yes
recursive: yes recursive: yes

2
roles/srv-web-7-7-inj-compose/vars/main.yml Normal file
View File

@ -0,0 +1,2 @@
# Docker
docker_pull_git_repository: false # Deactivated here to don't inhire this

3
roles/svc-prx-openresty/vars/main.yml
View File

@ -10,4 +10,5 @@ openresty_version: "alpine"
openresty_container: "{{ applications | get_app_conf(application_id, 'docker.services.openresty.name', True) }}" openresty_container: "{{ applications | get_app_conf(application_id, 'docker.services.openresty.name', True) }}"
# Docker # Docker
docker_compose_flush_handlers: true docker_compose_flush_handlers: true
docker_pull_git_repository: false # Deactivated here to don't inhire this

0
roles/web-app-openproject/tasks/ldap.yml → roles/web-app-openproject/tasks/01_ldap.yml
View File

14
roles/web-app-openproject/tasks/main.yml
View File

@ -3,23 +3,23 @@
include_role: include_role:
name: cmp-db-docker-proxy name: cmp-db-docker-proxy
- name: "Create {{openproject_plugins_folder}}" - name: "Create {{ openproject_plugins_folder }}"
file: file:
path: "{{openproject_plugins_folder}}" path: "{{ openproject_plugins_folder }}"
state: directory state: directory
mode: '0755' mode: '0755'
- name: "Transfering Gemfile.plugins to {{openproject_plugins_folder}}" - name: "Transfering Gemfile.plugins to {{ openproject_plugins_folder }}"
copy: copy:
src: Gemfile.plugins src: Gemfile.plugins
dest: "{{openproject_plugins_folder}}Gemfile.plugins" dest: "{{ openproject_plugins_folder }}Gemfile.plugins"
notify: notify:
- docker compose up - docker compose up
- docker compose build - docker compose build
- name: "create {{dummy_volume}}" - name: "create {{ openproject_dummy_volume }}"
file: file:
path: "{{dummy_volume}}" path: "{{ openproject_dummy_volume }}"
state: directory state: directory
mode: 0755 mode: 0755
@ -35,5 +35,5 @@
loop: "{{ openproject_rails_settings | dict2items }}" loop: "{{ openproject_rails_settings | dict2items }}"
- name: Setup LDAP - name: Setup LDAP
include_tasks: ldap.yml include_tasks: 01_ldap.yml
when: applications | get_app_conf(application_id, 'features.ldap', True) | bool when: applications | get_app_conf(application_id, 'features.ldap', True) | bool

14
roles/web-app-openproject/templates/docker-compose.yml.j2
View File

@ -2,7 +2,7 @@
x-op-app: &app x-op-app: &app
logging: logging:
driver: journald driver: journald
image: {{custom_openproject_image}} image: {{ openproject_custom_image }}
build: build:
context: . context: .
dockerfile: Dockerfile dockerfile: Dockerfile
@ -16,7 +16,7 @@ x-op-app: &app
proxy: proxy:
{% include 'roles/docker-container/templates/base.yml.j2' %} {% include 'roles/docker-container/templates/base.yml.j2' %}
image: {{custom_openproject_image}} image: {{ openproject_custom_image }}
container_name: {{ openproject_proxy_name }} container_name: {{ openproject_proxy_name }}
command: "./docker/prod/proxy" command: "./docker/prod/proxy"
ports: ports:
@ -27,7 +27,7 @@ x-op-app: &app
- web - web
volumes: volumes:
- "data:/var/openproject/assets" - "data:/var/openproject/assets"
- "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes - "{{ openproject_dummy_volume }}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes
web: web:
<<: *app <<: *app
@ -45,7 +45,7 @@ x-op-app: &app
{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %} {% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
volumes: volumes:
- "data:/var/openproject/assets" - "data:/var/openproject/assets"
- "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes - "{{ openproject_dummy_volume }}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes
worker: worker:
<<: *app <<: *app
@ -60,7 +60,7 @@ x-op-app: &app
condition: service_started condition: service_started
volumes: volumes:
- "data:/var/openproject/assets" - "data:/var/openproject/assets"
- "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes - "{{ openproject_dummy_volume }}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes
cron: cron:
@ -76,7 +76,7 @@ x-op-app: &app
condition: service_started condition: service_started
volumes: volumes:
- "data:/var/openproject/assets" - "data:/var/openproject/assets"
- "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes - "{{ openproject_dummy_volume }}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes
seeder: seeder:
<<: *app <<: *app
@ -90,7 +90,7 @@ x-op-app: &app
{% include 'roles/docker-container/templates/networks.yml.j2' %} {% include 'roles/docker-container/templates/networks.yml.j2' %}
volumes: volumes:
- "data:/var/openproject/assets" - "data:/var/openproject/assets"
- "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes - "{{ openproject_dummy_volume }}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes
{% include 'roles/docker-compose/templates/volumes.yml.j2' %} {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
data: data:

44
roles/web-app-openproject/vars/main.yml
View File

@ -1,18 +1,22 @@
application_id: "web-app-openproject" # General
docker_repository_address: "https://github.com/opf/openproject-deploy" application_id: "web-app-openproject"
database_type: "postgres"
docker_pull_git_repository: true
openproject_version: "{{ applications | get_app_conf(application_id, 'docker.services.web.version', True) }}"
openproject_image: "{{ applications | get_app_conf(application_id, 'docker.services.web.image', True) }}"
openproject_volume: "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
openproject_web_name: "{{ applications | get_app_conf(application_id, 'docker.services.web.name', True) }}"
openproject_seeder_name: "{{ applications | get_app_conf(application_id, 'docker.services.seeder.name', True) }}"
openproject_cron_name: "{{ applications | get_app_conf(application_id, 'docker.services.cron.name', True) }}"
openproject_proxy_name: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.name', True) }}"
openproject_worker_name: "{{ applications | get_app_conf(application_id, 'docker.services.worker.name', True) }}"
openproject_cache_name: "{{ applications | get_app_conf(application_id, 'docker.services.cache.name', True) }}" # Database
openproject_cache_image: "{{ applications database_type: "postgres"
# Open Project Specific
openproject_version: "{{ applications | get_app_conf(application_id, 'docker.services.web.version', True) }}"
openproject_image: "{{ applications | get_app_conf(application_id, 'docker.services.web.image', True) }}"
openproject_volume: "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
openproject_web_name: "{{ applications | get_app_conf(application_id, 'docker.services.web.name', True) }}"
openproject_seeder_name: "{{ applications | get_app_conf(application_id, 'docker.services.seeder.name', True) }}"
openproject_cron_name: "{{ applications | get_app_conf(application_id, 'docker.services.cron.name', True) }}"
openproject_proxy_name: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.name', True) }}"
openproject_worker_name: "{{ applications | get_app_conf(application_id, 'docker.services.worker.name', True) }}"
# Open Project Cache
openproject_cache_name: "{{ applications | get_app_conf(application_id, 'docker.services.cache.name', True) }}"
openproject_cache_image: "{{ applications
| get_app_conf(application_id, 'docker.services.cache.image') | get_app_conf(application_id, 'docker.services.cache.image')
or applications or applications
| get_app_conf('svc-db-memcached', 'docker.services.memcached.image') | get_app_conf('svc-db-memcached', 'docker.services.memcached.image')
@ -25,12 +29,12 @@ openproject_cache_version: "{{ applications
}}" }}"
openproject_plugins_folder: "{{docker_compose.directories.volumes}}plugins/" openproject_plugins_folder: "{{docker_compose.directories.volumes}}plugins/"
custom_openproject_image: "custom_openproject" openproject_custom_image: "custom_openproject"
# The following volume doesn't have a practcical function. It just exist to prevent the creation of unnecessary anonymous volumes # The following volume doesn't have a practcical function. It just exist to prevent the creation of unnecessary anonymous volumes
dummy_volume: "{{docker_compose.directories.volumes}}dummy_volume" openproject_dummy_volume: "{{docker_compose.directories.volumes}}dummy_volume"
openproject_rails_settings: openproject_rails_settings:
email_delivery_method: "smtp" email_delivery_method: "smtp"
@ -46,3 +50,9 @@ openproject_filters:
users: "{{ '(memberOf=cn=openproject-users,' ~ ldap.dn.ou.roles ~ ')' users: "{{ '(memberOf=cn=openproject-users,' ~ ldap.dn.ou.roles ~ ')'
if applications | get_app_conf(application_id, 'ldap.filters.users', True) else '' }}" if applications | get_app_conf(application_id, 'ldap.filters.users', True) else '' }}"
# Docker
docker_repository_branch: "stable/{{ openproject_version }}"
docker_repository_address: "https://github.com/opf/openproject-deploy"
docker_pull_git_repository: true
docker_compose_flush_handlers: false

146
tmp
View File

@ -1,146 +0,0 @@
diff --git a/roles/docker-container/meta/main.yml b/roles/docker-container/meta/main.yml
index 7b399e6f..37c3365e 100644
--- a/roles/docker-container/meta/main.yml
+++ b/roles/docker-container/meta/main.yml
@@ -21,4 +21,3 @@ galaxy_info:
versions: [ all ]
dependencies:
- docker-core
-
diff --git a/roles/docker-core/meta/main.yml b/roles/docker-core/meta/main.yml
index 3642480a..9a4ffe9e 100644
--- a/roles/docker-core/meta/main.yml
+++ b/roles/docker-core/meta/main.yml
@@ -26,10 +26,3 @@ galaxy_info:
issue_tracker_url: "https://github.com/kevinveenbirkenbach/infinito-nexus/issues"
documentation: "https://github.com/kevinveenbirkenbach/infinito-nexus/docker"
-dependencies:
- - sys-bkp-docker-2-loc
- - user-administrator
- - sys-hlth-docker-container
- - sys-hlth-docker-volumes
- - sys-rpr-docker-soft
- - sys-rpr-docker-hard
diff --git a/roles/docker-core/tasks/01_core.yml b/roles/docker-core/tasks/01_core.yml
index 183ccd3b..b0b0c5c5 100644
--- a/roles/docker-core/tasks/01_core.yml
+++ b/roles/docker-core/tasks/01_core.yml
@@ -1,6 +1,19 @@
+- name: Include backup, repair, health and user dependencies
+ include_role:
+ name: "{{ item }}"
+ loop:
+ - sys-bkp-docker-2-loc
+ - user-administrator
+ - sys-hlth-docker-container
+ - sys-hlth-docker-volumes
+ - sys-rpr-docker-soft
+ - sys-rpr-docker-hard
+
- name: docker & docker compose install
community.general.pacman:
- name: ['docker','docker-compose']
+ name:
+ - 'docker'
+ - 'docker-compose'
state: present
notify: docker restart
diff --git a/roles/srv-web-7-4-core/meta/main.yml b/roles/srv-web-7-4-core/meta/main.yml
index 340879eb..a7c7a044 100644
--- a/roles/srv-web-7-4-core/meta/main.yml
+++ b/roles/srv-web-7-4-core/meta/main.yml
@@ -18,7 +18,4 @@ galaxy_info:
- performance
repository: "https://github.com/kevinveenbirkenbach/infinito-nexus"
issue_tracker_url: "https://github.com/kevinveenbirkenbach/infinito-nexus/issues"
- documentation: "https://github.com/kevinveenbirkenbach/infinito-nexus/roles/srv-web-7-4-core"
-dependencies:
- - sys-hlth-webserver
- - sys-hlth-csp
\ No newline at end of file
+ documentation: "https://github.com/kevinveenbirkenbach/infinito-nexus/roles/srv-web-7-4-core"
\ No newline at end of file
diff --git a/roles/srv-web-7-4-core/tasks/01_core.yml b/roles/srv-web-7-4-core/tasks/01_core.yml
index 619d972f..ce7f4370 100644
--- a/roles/srv-web-7-4-core/tasks/01_core.yml
+++ b/roles/srv-web-7-4-core/tasks/01_core.yml
@@ -1,3 +1,10 @@
+- name: Include health dependencies
+ include_role:
+ name: "{{ item }}"
+ loop:
+ - sys-hlth-webserver
+ - sys-hlth-csp
+
- name: Include openresty
# Outside of run_once block is necessary for handler loading
# Otherwise the when: condition from the block is added to the handlers
diff --git a/roles/srv-web-7-6-https/meta/main.yml b/roles/srv-web-7-6-https/meta/main.yml
index 9b959ebe..4579d6f1 100644
--- a/roles/srv-web-7-6-https/meta/main.yml
+++ b/roles/srv-web-7-6-https/meta/main.yml
@@ -22,8 +22,7 @@ galaxy_info:
repository: "https://github.com/kevinveenbirkenbach/infinito-nexus"
documentation: "https://docs.infinito.nexus"
issue_tracker_url: "https://github.com/kevinveenbirkenbach/infinito-nexus/issues"
-
dependencies:
- srv-web-7-4-core
- sys-cln-domains
- - srv-web-7-7-letsencrypt
\ No newline at end of file
+ - srv-web-7-7-letsencrypt
diff --git a/roles/srv-web-7-7-inj-compose/tasks/main.yml b/roles/srv-web-7-7-inj-compose/tasks/main.yml
index 068c25cd..9d56405f 100644
--- a/roles/srv-web-7-7-inj-compose/tasks/main.yml
+++ b/roles/srv-web-7-7-inj-compose/tasks/main.yml
@@ -38,14 +38,14 @@
matomo: "{{ applications | get_app_conf(application_id, 'features.matomo', False) }}"
port_ui: "{{ applications | get_app_conf(application_id, 'features.port-ui-desktop', False) }}"
-- name: "Activate Global CSS for {{domain}}"
+- name: "Activate Corporate CSS for {{domain}}"
include_role:
name: srv-web-7-7-inj-css
when:
- inj_enabled.css
- run_once_srv_web_7_7_inj_css is not defined
-- name: "Activate Global Matomo Tracking for {{domain}}"
+- name: "Activate Matomo Tracking for {{domain}}"
include_role:
name: srv-web-7-7-inj-matomo
when: inj_enabled.matomo
diff --git a/roles/sys-svc-sshd/tasks/main.yml b/roles/sys-svc-sshd/tasks/main.yml
index af2ff0d1..010bbb37 100644
--- a/roles/sys-svc-sshd/tasks/main.yml
+++ b/roles/sys-svc-sshd/tasks/main.yml
@@ -1,14 +1,14 @@
-- name: create sshd_config
- template:
- src: "sshd_config.j2"
- dest: /etc/ssh/sshd_config
- owner: root
- group: root
- mode: '0644'
- notify: sshd restart
- when: run_once_sys_svc_sshd is not defined
+- block:
+ - name: create sshd_config
+ template:
+ src: "sshd_config.j2"
+ dest: /etc/ssh/sshd_config
+ owner: root
+ group: root
+ mode: '0644'
+ notify: sshd restart
-- name: run the sshd tasks once
- set_fact:
- run_once_sys_svc_sshd: true
+ - name: run the sshd tasks once
+ set_fact:
+ run_once_sys_svc_sshd: true
when: run_once_sys_svc_sshd is not defined