mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2024-11-21 20:31:02 +01:00
Compare commits
6 Commits
1e1b569d2f
...
1ad6c6110a
| Author | SHA1 | Date | |
|---|---|---|---|
| 1ad6c6110a | |||
| 8c89d08980 | |||
| 518b98cfd1 | |||
| 58c70659cf | |||
| 868af86f0b | |||
| 4766da2ea7 |
@ -74,7 +74,7 @@ Contact me for more details:
|
||||
## Showcases
|
||||
The following list showcases the extensive range of solutions that CyMaIS incorporates, each playing a vital role in providing a comprehensive, efficient, and secure IT infrastructure setup:
|
||||
|
||||
[ELK Stack](./roles/docker-elk), [Intel Driver](./roles/driver-intel), [Nginx Docker Reverse Proxy](./roles/nginx-docker-reverse-proxy), , [Sudo](./roles/sudo), [Funkwhale](./roles/docker-funkwhale), [MSI Keyboard Color Driver](./roles/driver-msi-keyboard-color), [Nginx Domain Redirect](./roles/nginx-domain-redirect), [GnuCash](./roles/pc-gnucash), [Backup Data to USB](./roles/backup-data-to-usb), [Gitea](./roles/docker-gitea), [Non-Free Driver](./roles/driver-non-free), [Nginx Homepage](./roles/nginx-homepage), [Jrnl](./roles/pc-jrnl), [Systemd Notifier](./roles/systemd-notifier), [Backup Docker to Local](./roles/backup-docker-to-local), [Jenkins](./roles/docker-jenkins), [Git](./roles/git), [Nginx HTTPS](./roles/nginx-https), [Latex](./roles/pc-latex), [Email Notifier](./roles/systemd-notifier-email), [Remote to Local Backup Solution](./roles/backup-remote-to-local), [Joomla](./roles/docker-joomla), [Heal Defect Docker Installations](./roles/heal-docker), [Nginx Matomo Tracking](./roles/nginx-matomo-tracking), [LibreOffice](./roles/pc-libreoffice), [Telegram Notifier](./roles/systemd-notifier-telegram), [Listmonk](./roles/docker-listmonk), [Btrfs Health Check](./roles/health-btrfs), [Nginx WWW Redirect](./roles/nginx-www-redirect), [Network Analyze Tools](./roles/pc-network-analyze-tools), [System Security](./roles/system-security), [Mailu](./roles/docker-mailu), [Disc Space Health Check](./roles/health-disc-space), [Administrator Tools](./roles/pc-administrator-tools), [Nextcloud](./roles/pc-nextcloud), [Swapfile Setup](./roles/system-swapfile), [Backups Cleanup](./roles/cleanup-backups-service), [Mastodon](./roles/docker-mastodon), [Docker Container Health Checker](./roles/health-docker-container), [Blu-ray Player Tools](./roles/pc-bluray-player-tools), [Office](./roles/pc-office), [Update Solutions](./roles/update), [Matomo](./roles/docker-matomo), [Docker Volumes Health Checker](./roles/health-docker-volumes), [Caffeine](./roles/pc-caffeine), [Qbittorrent](./roles/pc-qbittorrent), [Update Apt](./roles/update-apt), [Disc Space Cleanup](./roles/cleanup-disc-space), [Matrix](./roles/docker-matrix), [Health Journalctl](./roles/health-journalctl), [Designer Tools](./roles/pc-designer-tools), [Security Tools](./roles/pc-security-tools), [Update Docker](./roles/update-docker), [Failed Docker Backups Cleanup](./roles/cleanup-failed-docker-backups), [MediaWiki](./roles/docker-mediawiki), [Nginx Health Checker](./roles/health-nginx), [Developer Tools](./roles/pc-developer-tools), [Spotify](./roles/pc-spotify), [Update Pacman](./roles/update-pacman), [Client Wireguard](./roles/client-wireguard), [MyBB](./roles/docker-mybb), [Developer Tools for Arduino](./roles/pc-developer-tools-arduino), [SSH](./roles/pc-ssh), [Update Yay](./roles/update-yay), [Client Setup for Wireguard Behind Firewall](./roles/client-wireguard-behind-firewall), [Nextcloud](./roles/docker-nextcloud), [Hunspell](./roles/hunspell), [Developer Tools for Bash](./roles/pc-developer-tools-bash), [Streaming Tools](./roles/pc-streaming-tools), [Administrator](./roles/user-administrator), [Docker](./roles/docker), [Peertube](./roles/docker-peertube), [Java](./roles/java), [Developer Tools for Java](./roles/pc-developer-tools-java), [Tor Browser](./roles/pc-torbrowser), [Video Conference](./roles/pc-video-conference), [Wireguard](./roles/wireguard), [Akaunting](./roles/docker-akaunting), [Pixelfed](./roles/docker-pixelfed), [Journalctl](./roles/journalctl), [Developer Tools for PHP](./roles/pc-developer-tools-php), [Virtual Box](./roles/pc-virtual-box), [Postfix](./roles/postfix), [Attendize](./roles/docker-attendize), [Wordpress](./roles/docker-wordpress), [Locales](./roles/locales), [Docker for End Users](./roles/pc-docker), [Games](./roles/pc-games), [Python Pip](./roles/python-pip), [Discourse](./roles/docker-discourse), [Epson Multiprinter Driver](./roles/driver-epson-multiprinter), [Nginx Certbot](./roles/nginx-certbot), [Git](./roles/pc-git), [SSHD](./roles/sshd), [YOURLS](./roles/docker-yourls), [BigBlueButton](./roles/docker-bigbluebutton)...
|
||||
[ELK Stack](./roles/docker-elk), [Intel Driver](./roles/driver-intel), [Nginx Docker Reverse Proxy](./roles/nginx-docker-reverse-proxy), [Sudo](./roles/sudo), [Funkwhale](./roles/docker-funkwhale), [MSI Keyboard Color Driver](./roles/driver-msi-keyboard-color), [Nginx Domain Redirect](./roles/nginx-domain-redirect), [GnuCash](./roles/pc-gnucash), [Backup Data to USB](./roles/backup-data-to-usb), [Gitea](./roles/docker-gitea), [Non-Free Driver](./roles/driver-non-free), [Nginx Homepage](./roles/nginx-homepage), [Jrnl](./roles/pc-jrnl), [Systemd Notifier](./roles/systemd-notifier), [Backup Docker to Local](./roles/backup-docker-to-local), [Jenkins](./roles/docker-jenkins), [Git](./roles/git), [Nginx HTTPS](./roles/nginx-https), [Latex](./roles/pc-latex), [Email Notifier](./roles/systemd-notifier-email), [Remote to Local Backup Solution](./roles/backup-remote-to-local), [Joomla](./roles/docker-joomla), [Heal Defect Docker Installations](./roles/heal-docker), [Nginx Matomo Tracking](./roles/nginx-matomo-tracking), [LibreOffice](./roles/pc-libreoffice), [Telegram Notifier](./roles/systemd-notifier-telegram), [Listmonk](./roles/docker-listmonk), [Btrfs Health Check](./roles/health-btrfs), [Nginx WWW Redirect](./roles/nginx-www-redirect), [Network Analyze Tools](./roles/pc-network-analyze-tools), [System Security](./roles/system-security), [Mailu](./roles/docker-mailu), [Disc Space Health Check](./roles/health-disc-space), [Administrator Tools](./roles/pc-administrator-tools), [Nextcloud](./roles/pc-nextcloud), [Swapfile Setup](./roles/system-swapfile), [Backups Cleanup](./roles/cleanup-backups-service), [Mastodon](./roles/docker-mastodon), [Docker Container Health Checker](./roles/health-docker-container), [Blu-ray Player Tools](./roles/pc-bluray-player-tools), [Office](./roles/pc-office), [Update Solutions](./roles/update), [Matomo](./roles/docker-matomo), [Docker Volumes Health Checker](./roles/health-docker-volumes), [Caffeine](./roles/pc-caffeine), [Qbittorrent](./roles/pc-qbittorrent), [Update Apt](./roles/update-apt), [Disc Space Cleanup](./roles/cleanup-disc-space), [Matrix](./roles/docker-matrix), [Health Journalctl](./roles/health-journalctl), [Designer Tools](./roles/pc-designer-tools), [Security Tools](./roles/pc-security-tools), [Update Docker](./roles/update-docker), [Failed Docker Backups Cleanup](./roles/cleanup-failed-docker-backups), [MediaWiki](./roles/docker-mediawiki), [Nginx Health Checker](./roles/health-nginx), [Developer Tools](./roles/pc-developer-tools), [Spotify](./roles/pc-spotify), [Update Pacman](./roles/update-pacman), [Client Wireguard](./roles/client-wireguard), [MyBB](./roles/docker-mybb), [Developer Tools for Arduino](./roles/pc-developer-tools-arduino), [SSH](./roles/pc-ssh), [Update Yay](./roles/update-yay), [Client Setup for Wireguard Behind Firewall](./roles/client-wireguard-behind-firewall), [Nextcloud](./roles/docker-nextcloud), [Hunspell](./roles/hunspell), [Developer Tools for Bash](./roles/pc-developer-tools-bash), [Streaming Tools](./roles/pc-streaming-tools), [Administrator](./roles/user-administrator), [Docker](./roles/docker), [Peertube](./roles/docker-peertube), [Java](./roles/java), [Developer Tools for Java](./roles/pc-developer-tools-java), [Tor Browser](./roles/pc-torbrowser), [Video Conference](./roles/pc-video-conference), [Wireguard](./roles/wireguard), [Akaunting](./roles/docker-akaunting), [Pixelfed](./roles/docker-pixelfed), [Journalctl](./roles/journalctl), [Developer Tools for PHP](./roles/pc-developer-tools-php), [Virtual Box](./roles/pc-virtual-box), [Postfix](./roles/postfix), [Attendize](./roles/docker-attendize), [Wordpress](./roles/docker-wordpress), [Locales](./roles/locales), [Docker for End Users](./roles/pc-docker), [Games](./roles/pc-games), [Python Pip](./roles/python-pip), [Discourse](./roles/docker-discourse), [Epson Multiprinter Driver](./roles/driver-epson-multiprinter), [Nginx Certbot](./roles/nginx-certbot), [Git](./roles/pc-git), [SSHD](./roles/sshd), [YOURLS](./roles/docker-yourls), [BigBlueButton](./roles/docker-bigbluebutton)...
|
||||
|
||||
## License
|
||||
|
||||
|
||||
8
destructor.yml
Normal file
8
destructor.yml
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
- name: call destructor method
|
||||
hosts: all
|
||||
become: true
|
||||
roles:
|
||||
- role: system-maintenance-service-freezer
|
||||
vars:
|
||||
system_maintenance_service_freeze_action: "defrost"
|
||||
@ -100,4 +100,6 @@
|
||||
hosts: msi_perkeyrgb
|
||||
become: true
|
||||
roles:
|
||||
- driver-msi-keyboard-color
|
||||
- driver-msi-keyboard-color
|
||||
|
||||
- import_playbook: destructor.yml
|
||||
@ -26,10 +26,11 @@ size_percent_disc_space_warning: 85
|
||||
size_percent_cleanup_disc_space: 90
|
||||
|
||||
# Path Variables
|
||||
path_administrator_home: "/home/administrator/"
|
||||
path_administrator_scripts: "{{path_administrator_home}}scripts/"
|
||||
path_docker_volumes: "{{path_administrator_home}}volumes/docker/"
|
||||
path_docker_compose_instances: "{{path_administrator_home}}docker-compose/"
|
||||
path_administrator_home: "/home/administrator/"
|
||||
path_administrator_scripts: "{{path_administrator_home}}scripts/"
|
||||
path_docker_volumes: "{{path_administrator_home}}volumes/docker/"
|
||||
path_docker_compose_instances: "{{path_administrator_home}}docker-compose/"
|
||||
path_system_maintenance_service_freezer_script: "{{path_administrator_scripts}}system-maintenance-service-freezer.py"
|
||||
|
||||
# Runtime Variables
|
||||
activate_all_timers: false # Activates all timers, independend if the handlers had been triggered
|
||||
@ -61,6 +62,24 @@ domain_roulette: "roulette.{{top_domain}}"
|
||||
domain_attendize: "tickets.{{top_domain}}"
|
||||
domain_yourls: "s.{{top_domain}}"
|
||||
|
||||
# Software versions
|
||||
version_nextcloud: "production" # Nextcloud can't skipp major version updates.
|
||||
version_mailu: "2.0"
|
||||
version_akaunting: "latest"
|
||||
version_mastodon: "latest"
|
||||
|
||||
# Services which modify the system:
|
||||
system_maintenance_services:
|
||||
- "backup-docker-to-local"
|
||||
- "backup-remote-to-local"
|
||||
- "backup-data-to-usb"
|
||||
- "cleanup-backups"
|
||||
- "cleanup-disc-space"
|
||||
- "cleanup-failed-docker-backups"
|
||||
- "heal-docker"
|
||||
- "update-docker"
|
||||
|
||||
system_maintenance_service_freeze_action: 'freeze' # Valid Values: freeze, defrost
|
||||
|
||||
# Routings
|
||||
redirect_domain_mappings:
|
||||
@ -79,4 +98,7 @@ redirect_domain_mappings:
|
||||
nginx_configuration_directory: "/etc/nginx/conf.d/"
|
||||
nginx_servers_directory: "{{nginx_configuration_directory}}servers/"
|
||||
nginx_maps_directory: "{{nginx_configuration_directory}}maps/"
|
||||
nginx_upstreams_directory: "{{nginx_configuration_directory}}upstreams/"
|
||||
nginx_upstreams_directory: "{{nginx_configuration_directory}}upstreams/"
|
||||
|
||||
# Role specific configuration
|
||||
pixelfed_app_name: "Pictures"
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
---
|
||||
dependencies:
|
||||
- role: cleanup-backups-service
|
||||
- role: system-maintenance-service-freezer
|
||||
|
||||
@ -2,4 +2,5 @@ dependencies:
|
||||
- git
|
||||
- backups-provider
|
||||
- systemd-notifier
|
||||
- cleanup-failed-docker-backups
|
||||
- cleanup-failed-docker-backups
|
||||
- system-maintenance-service-freezer
|
||||
@ -4,4 +4,6 @@ OnFailure=systemd-notifier@%n.service cleanup-failed-docker-backups.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/bin/python {{backup_docker_to_local_folder}}backup-docker-to-local.py
|
||||
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "backup-docker-to-local") | join(',') }}"'
|
||||
ExecStart=/usr/bin/python {{backup_docker_to_local_folder}}backup-docker-to-local.py
|
||||
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'
|
||||
@ -3,3 +3,4 @@ dependencies:
|
||||
- systemd-notifier
|
||||
- cleanup-backups-timer
|
||||
- cleanup-failed-docker-backups
|
||||
- system-maintenance-service-freezer
|
||||
|
||||
@ -4,4 +4,6 @@ OnFailure=systemd-notifier@%n.service cleanup-failed-docker-backups.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "backup-remote-to-local") | join(',') }}"'
|
||||
ExecStart=/usr/bin/bash {{docker_backup_remote_to_local_folder}}backups-remote-to-local.sh
|
||||
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
dependencies:
|
||||
- python-pip
|
||||
- systemd-notifier
|
||||
- system-maintenance-service-freezer
|
||||
|
||||
@ -4,4 +4,6 @@ OnFailure=systemd-notifier@%n.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "cleanup-backups") | join(',') }}"'
|
||||
ExecStart=/usr/bin/python {{docker_cleanup_backups}}cleanup-backups.py --backups-folder-path {{backups_folder_path}} --maximum-backup-size-percent {{size_percent_maximum_backup}}
|
||||
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'
|
||||
@ -1,2 +1,3 @@
|
||||
dependencies:
|
||||
- systemd-notifier
|
||||
- system-maintenance-service-freezer
|
||||
|
||||
@ -4,4 +4,6 @@ OnFailure=systemd-notifier@%n.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/bin/bash {{cleanup_disc_space_folder}}cleanup-disc-space.sh {{size_percent_cleanup_disc_space}}
|
||||
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "cleanup-disc-space") | join(',') }}"'
|
||||
ExecStart=/bin/bash {{cleanup_disc_space_folder}}cleanup-disc-space.sh {{size_percent_cleanup_disc_space}}
|
||||
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'
|
||||
@ -1,3 +1,4 @@
|
||||
dependencies:
|
||||
- git
|
||||
- systemd-notifier
|
||||
- system-maintenance-service-freezer
|
||||
|
||||
@ -4,4 +4,6 @@ OnFailure=systemd-notifier@%n.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/bin/sh -c '/usr/bin/yes | /usr/bin/bash {{backup_docker_to_local_cleanup_folder}}cleanup.sh {{backup_docker_to_local_cleanup_machine_id}} {{backup_docker_to_local_cleanup_trigger_directory}}'
|
||||
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "cleanup-failed-docker-backups") | join(',') }}"'
|
||||
ExecStart=/bin/sh -c '/usr/bin/yes | /usr/bin/bash {{backup_docker_to_local_cleanup_folder}}cleanup.sh {{backup_docker_to_local_cleanup_machine_id}} {{backup_docker_to_local_cleanup_trigger_directory}}'
|
||||
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'
|
||||
@ -82,7 +82,7 @@ Detailed steps for backing up your Akaunting instance, including setting manual
|
||||
Variables are crucial in configuring your Akaunting setup. Ensure you set the following variables correctly in your environment:
|
||||
|
||||
- `docker_compose_instance_directory`: Set this variable to the path where your Docker Compose files for Akaunting are located.
|
||||
- `akaunting_db_password`, `akaunting_version`, `akaunting_company_name`, `akaunting_company_email`, `akaunting_setup_admin_email`, and `akaunting_setup_admin_password`: These should be set in your `.env` files as per your requirements.
|
||||
- `akaunting_db_password`, `version_akaunting`, `akaunting_company_name`, `akaunting_company_email`, `akaunting_setup_admin_email`, and `akaunting_setup_admin_password`: These should be set in your `.env` files as per your requirements.
|
||||
|
||||
### Additional Configuration
|
||||
- **SSL Certificate**: The guide includes steps to receive a certificate for your domain.
|
||||
|
||||
@ -30,7 +30,7 @@
|
||||
when: git_result.failed
|
||||
|
||||
- name: set akaunting version
|
||||
ansible.builtin.shell: find . -type f -exec sed -i 's/akaunting:latest/akaunting:{{akaunting_version}}/' {} + && find . -type f -exec sed -i 's/version=latest/version={{akaunting_version}}/' {} +
|
||||
ansible.builtin.shell: find . -type f -exec sed -i 's/akaunting:latest/akaunting:{{version_akaunting}}/' {} + && find . -type f -exec sed -i 's/version=latest/version={{version_akaunting}}/' {} +
|
||||
become: true
|
||||
args:
|
||||
chdir: "{{docker_compose_instance_directory}}"
|
||||
|
||||
@ -50,7 +50,7 @@ services:
|
||||
|
||||
# Core services
|
||||
resolver:
|
||||
image: ghcr.io/mailu/unbound:{{mailu_version}}
|
||||
image: ghcr.io/mailu/unbound:{{version_mailu}}
|
||||
env_file: mailu.env
|
||||
restart: always
|
||||
networks:
|
||||
@ -60,7 +60,7 @@ services:
|
||||
driver: journald
|
||||
|
||||
front:
|
||||
image: ghcr.io/mailu/nginx:{{mailu_version}}
|
||||
image: ghcr.io/mailu/nginx:{{version_mailu}}
|
||||
restart: always
|
||||
env_file: mailu.env
|
||||
logging:
|
||||
@ -90,7 +90,7 @@ services:
|
||||
- 192.168.203.254
|
||||
|
||||
admin:
|
||||
image: ghcr.io/mailu/admin:{{mailu_version}}
|
||||
image: ghcr.io/mailu/admin:{{version_mailu}}
|
||||
restart: always
|
||||
env_file: mailu.env
|
||||
volumes:
|
||||
@ -106,7 +106,7 @@ services:
|
||||
dns:
|
||||
- 192.168.203.254
|
||||
imap:
|
||||
image: ghcr.io/mailu/dovecot:{{mailu_version}}
|
||||
image: ghcr.io/mailu/dovecot:{{version_mailu}}
|
||||
restart: always
|
||||
env_file: mailu.env
|
||||
volumes:
|
||||
@ -121,7 +121,7 @@ services:
|
||||
driver: journald
|
||||
|
||||
smtp:
|
||||
image: ghcr.io/mailu/postfix:{{mailu_version}}
|
||||
image: ghcr.io/mailu/postfix:{{version_mailu}}
|
||||
restart: always
|
||||
env_file: mailu.env
|
||||
volumes:
|
||||
@ -136,7 +136,7 @@ services:
|
||||
driver: journald
|
||||
|
||||
oletools:
|
||||
image: ghcr.io/mailu/oletools:{{mailu_version}}
|
||||
image: ghcr.io/mailu/oletools:{{version_mailu}}
|
||||
hostname: oletools
|
||||
restart: always
|
||||
depends_on:
|
||||
@ -147,7 +147,7 @@ services:
|
||||
- noinet
|
||||
|
||||
antispam:
|
||||
image: ghcr.io/mailu/rspamd:{{mailu_version}}
|
||||
image: ghcr.io/mailu/rspamd:{{version_mailu}}
|
||||
restart: always
|
||||
env_file: mailu.env
|
||||
volumes:
|
||||
@ -169,7 +169,7 @@ services:
|
||||
|
||||
# Optional services
|
||||
antivirus:
|
||||
image: ghcr.io/mailu/clamav:{{mailu_version}}
|
||||
image: ghcr.io/mailu/clamav:{{version_mailu}}
|
||||
restart: always
|
||||
env_file: mailu.env
|
||||
volumes:
|
||||
@ -182,7 +182,7 @@ services:
|
||||
driver: journald
|
||||
|
||||
webdav:
|
||||
image: ghcr.io/mailu/radicale:{{mailu_version}}
|
||||
image: ghcr.io/mailu/radicale:{{version_mailu}}
|
||||
restart: always
|
||||
env_file: mailu.env
|
||||
volumes:
|
||||
@ -197,7 +197,7 @@ services:
|
||||
- 192.168.203.254
|
||||
|
||||
fetchmail:
|
||||
image: ghcr.io/mailu/fetchmail:{{mailu_version}}
|
||||
image: ghcr.io/mailu/fetchmail:{{version_mailu}}
|
||||
volumes:
|
||||
- "admin_data:/data"
|
||||
restart: always
|
||||
@ -213,7 +213,7 @@ services:
|
||||
- 192.168.203.254
|
||||
|
||||
webmail:
|
||||
image: ghcr.io/mailu/webmail:{{mailu_version}}
|
||||
image: ghcr.io/mailu/webmail:{{version_mailu}}
|
||||
restart: always
|
||||
env_file: mailu.env
|
||||
volumes:
|
||||
|
||||
@ -26,7 +26,7 @@ services:
|
||||
logging:
|
||||
driver: journald
|
||||
web:
|
||||
image: tootsuite/mastodon:{{mastodon_version}}
|
||||
image: tootsuite/mastodon:{{version_mastodon}}
|
||||
restart: always
|
||||
env_file: .env.production
|
||||
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
|
||||
@ -46,7 +46,7 @@ services:
|
||||
logging:
|
||||
driver: journald
|
||||
streaming:
|
||||
image: tootsuite/mastodon:{{mastodon_version}}
|
||||
image: tootsuite/mastodon:{{version_mastodon}}
|
||||
restart: always
|
||||
env_file: .env.production
|
||||
command: node ./streaming
|
||||
@ -64,7 +64,7 @@ services:
|
||||
logging:
|
||||
driver: journald
|
||||
sidekiq:
|
||||
image: tootsuite/mastodon:{{mastodon_version}}
|
||||
image: tootsuite/mastodon:{{version_mastodon}}
|
||||
restart: always
|
||||
env_file: .env.production
|
||||
command: bundle exec sidekiq
|
||||
|
||||
@ -21,7 +21,7 @@ To update the nextcloud container execute the following commands on the server:
|
||||
docker-compose down
|
||||
```
|
||||
|
||||
Afterwards update the ***nextcloud_version*** variable to the next version and run the this repository with this ansible role.
|
||||
Afterwards update the ***version_nextcloud*** variable to the next version and run the this repository with this ansible role.
|
||||
|
||||
It is only possible to update from one to the next major version at a time
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@ version: '3'
|
||||
|
||||
services:
|
||||
application:
|
||||
image: "nextcloud:{{nextcloud_version}}-fpm-alpine"
|
||||
image: "nextcloud:{{version_nextcloud}}-fpm-alpine"
|
||||
restart: always
|
||||
logging:
|
||||
driver: journald
|
||||
@ -60,7 +60,7 @@ services:
|
||||
timeout: 3s
|
||||
retries: 30
|
||||
cron:
|
||||
image: "nextcloud:{{nextcloud_version}}-fpm-alpine"
|
||||
image: "nextcloud:{{version_nextcloud}}-fpm-alpine"
|
||||
restart: always
|
||||
logging:
|
||||
driver: journald
|
||||
|
||||
2
roles/heal-docker/meta/main.yml
Normal file
2
roles/heal-docker/meta/main.yml
Normal file
@ -0,0 +1,2 @@
|
||||
dependencies:
|
||||
- system-maintenance-service-freezer
|
||||
@ -4,4 +4,6 @@ OnFailure=systemd-notifier@%n.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "heal-docker") | join(',') }}"'
|
||||
ExecStart=/bin/python {{heal_docker}}heal-docker.py
|
||||
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'
|
||||
16
roles/system-maintenance-service-freezer/README.md
Normal file
16
roles/system-maintenance-service-freezer/README.md
Normal file
@ -0,0 +1,16 @@
|
||||
# System Maintenance Service Freezer
|
||||
|
||||
## Overview
|
||||
This Ansible role is designed to manage system services through freezing (disabling) and defrosting (enabling) actions. It automates the process of managing crucial system services, especially useful for maintenance tasks like backups, cleanups, and updates.
|
||||
|
||||
|
||||
## Role Variables
|
||||
- `system_maintenance_services`: List of services to be managed by this role.
|
||||
|
||||
## Usage
|
||||
Configure the role by defining the required variables. The role creates systemd service files that control the specified services based on the `freeze` or `defrost` actions.
|
||||
|
||||
For further details and usage examples, refer to the chat conversation with ChatGPT: [Link to ChatGPT Conversation](https://chat.openai.com/share/212af169-1b57-41df-bd2d-c3d32eb1331b).
|
||||
|
||||
## Dependencies
|
||||
- `systemd-notifier`: Ensure this role is present for handling service failures.
|
||||
@ -0,0 +1,71 @@
|
||||
import argparse
|
||||
import subprocess
|
||||
import time
|
||||
|
||||
|
||||
def check_service_active(service_name):
|
||||
"""Check if a service is active."""
|
||||
result = subprocess.run(['systemctl', 'is-active', service_name], stdout=subprocess.PIPE)
|
||||
return result.stdout.decode('utf-8').strip() == 'active'
|
||||
|
||||
def service_exists(service_name):
|
||||
"""Check if a service exists."""
|
||||
result = subprocess.run(['systemctl', 'status', service_name], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
||||
return result.returncode == 0
|
||||
|
||||
def freeze(services_to_wait_for, ignored_services):
|
||||
# Filter services that exist and are not in the ignored list
|
||||
active_services = [service for service in services_to_wait_for if service_exists(service) and service not in ignored_services]
|
||||
|
||||
while active_services:
|
||||
for service in active_services:
|
||||
if not check_service_active(service):
|
||||
print(f"{service} stopped.")
|
||||
# Disable the service
|
||||
subprocess.run(['systemctl', 'disable', service])
|
||||
print(f"{service} disabled.")
|
||||
|
||||
# Stop and disable the corresponding timer, if it exists
|
||||
timer_name = service + ".timer"
|
||||
timer_check = subprocess.run(['systemctl', 'list-timers', '--all', timer_name], stdout=subprocess.PIPE)
|
||||
if timer_name in timer_check.stdout.decode():
|
||||
subprocess.run(['systemctl', 'stop', timer_name])
|
||||
subprocess.run(['systemctl', 'disable', timer_name])
|
||||
print(f"{timer_name} stopped and disabled.")
|
||||
active_services.remove(service)
|
||||
else:
|
||||
print(f"Waiting for {service} to stop...")
|
||||
time.sleep(5)
|
||||
print("All required services have stopped.")
|
||||
|
||||
def defrost(services_to_wait_for, ignored_services):
|
||||
for service in services_to_wait_for:
|
||||
if service not in ignored_services and service_exists(service):
|
||||
# Enable the service
|
||||
subprocess.run(['systemctl', 'enable', service])
|
||||
print(f"{service} enabled.")
|
||||
|
||||
# Start and enable the corresponding timer, if it exists
|
||||
timer_name = service + ".timer"
|
||||
timer_check = subprocess.run(['systemctl', 'list-timers', '--all', timer_name], stdout=subprocess.PIPE)
|
||||
if timer_name in timer_check.stdout.decode():
|
||||
subprocess.run(['systemctl', 'start', timer_name])
|
||||
subprocess.run(['systemctl', 'enable', timer_name])
|
||||
print(f"{timer_name} started and enabled.")
|
||||
|
||||
def main(services_to_wait_for, ignored_services, action):
|
||||
if action == 'freeze':
|
||||
# Code to handle freeze action
|
||||
freeze(services_to_wait_for, ignored_services)
|
||||
elif action == 'defrost':
|
||||
defrost(services_to_wait_for, ignored_services)
|
||||
|
||||
if __name__ == "__main__":
|
||||
parser = argparse.ArgumentParser(description='freezes and defrost systemctl services and timers')
|
||||
parser.add_argument('action', choices=['freeze', 'defrost'], help='Action to perform: freeze or defrost services.')
|
||||
parser.add_argument('services', help='Comma-separated list of services to apply the action to')
|
||||
parser.add_argument('--ignore', help='Comma-separated list of services to ignore in the action', default='')
|
||||
args = parser.parse_args()
|
||||
services_to_wait_for = args.services.split(',')
|
||||
ignored_services = args.ignore.split(',') if args.ignore else []
|
||||
main(services_to_wait_for, ignored_services,args.action)
|
||||
@ -0,0 +1,9 @@
|
||||
- name: "reload system-maintenance-service-freeze.service"
|
||||
systemd:
|
||||
name: system-maintenance-service-freeze.service
|
||||
daemon_reload: yes
|
||||
|
||||
- name: "reload system-maintenance-service-defrost.service"
|
||||
systemd:
|
||||
name: system-maintenance-service-defrost.service
|
||||
daemon_reload: yes
|
||||
3
roles/system-maintenance-service-freezer/meta/main.yml
Normal file
3
roles/system-maintenance-service-freezer/meta/main.yml
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
dependencies:
|
||||
- role: systemd-notifier
|
||||
33
roles/system-maintenance-service-freezer/tasks/main.yml
Normal file
33
roles/system-maintenance-service-freezer/tasks/main.yml
Normal file
@ -0,0 +1,33 @@
|
||||
---
|
||||
- name: create {{path_system_maintenance_service_freezer_script}}
|
||||
copy:
|
||||
src: system-maintenance-service-freezer.py
|
||||
dest: "{{path_system_maintenance_service_freezer_script}}"
|
||||
when: run_once_system_maintenance_service_freeze is not defined
|
||||
|
||||
- name: Configure system-maintenance-service for each action
|
||||
loop:
|
||||
- freeze
|
||||
- defrost
|
||||
template:
|
||||
src: system-maintenance-service-freezer.service.j2
|
||||
dest: "/etc/systemd/system/system-maintenance-service-{{ item }}.service"
|
||||
notify: "reload system-maintenance-service-{{ item }} service"
|
||||
when: run_once_system_maintenance_service_freeze is not defined
|
||||
|
||||
- name: run the system_maintenance_service_freezer tasks once
|
||||
set_fact:
|
||||
run_once_system_maintenance_service_freeze: true
|
||||
when: run_once_system_maintenance_service_freeze is not defined
|
||||
|
||||
- name: "restart system-maintenance-service.service"
|
||||
systemd:
|
||||
name: system-maintenance-service-{{system_maintenance_service_freeze_action}}.service
|
||||
state: restart
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
when: maintenance_service_freeze_action_last is not defined or maintenance_service_freeze_action_last != system_maintenance_service_freeze_action
|
||||
|
||||
- name: "set variable to prevent loading when action status didn't change"
|
||||
set_fact:
|
||||
maintenance_service_freeze_action_last: "{{system_maintenance_service_freeze_action}}"
|
||||
@ -0,0 +1,7 @@
|
||||
[Unit]
|
||||
Description={{item}} systemctl maintanance services
|
||||
OnFailure=systemd-notifier@%n.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} {{item}} {{ system_maintenance_services | join(",") }}'
|
||||
2
roles/update-docker/meta/main.yml
Normal file
2
roles/update-docker/meta/main.yml
Normal file
@ -0,0 +1,2 @@
|
||||
dependencies:
|
||||
- system-maintenance-service-freezer
|
||||
@ -4,4 +4,6 @@ OnFailure=systemd-notifier@%n.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/bin/sh -c '/usr/bin/python {{update_docker_script}} {{path_docker_compose_instances}}'
|
||||
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "update-docker") | join(',') }}"'
|
||||
ExecStart=/bin/sh -c '/usr/bin/python {{update_docker_script}} {{path_docker_compose_instances}}'
|
||||
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
|
||||
- import_playbook: playbook-common.yml
|
||||
- import_playbook: constructor.yml
|
||||
|
||||
- name: servers host setup
|
||||
hosts: servers
|
||||
@ -241,3 +241,5 @@
|
||||
roles:
|
||||
- role: nginx-www-redirect
|
||||
when: nginx_www_redirect | bool
|
||||
|
||||
- import_playbook: destructor.yml
|
||||
Loading…
Reference in New Issue
Block a user