Compare commits

..

6 Commits

33 changed files with 229 additions and 32 deletions

View File

@ -74,7 +74,7 @@ Contact me for more details:
## Showcases ## Showcases
The following list showcases the extensive range of solutions that CyMaIS incorporates, each playing a vital role in providing a comprehensive, efficient, and secure IT infrastructure setup: The following list showcases the extensive range of solutions that CyMaIS incorporates, each playing a vital role in providing a comprehensive, efficient, and secure IT infrastructure setup:
[ELK Stack](./roles/docker-elk), [Intel Driver](./roles/driver-intel), [Nginx Docker Reverse Proxy](./roles/nginx-docker-reverse-proxy), , [Sudo](./roles/sudo), [Funkwhale](./roles/docker-funkwhale), [MSI Keyboard Color Driver](./roles/driver-msi-keyboard-color), [Nginx Domain Redirect](./roles/nginx-domain-redirect), [GnuCash](./roles/pc-gnucash), [Backup Data to USB](./roles/backup-data-to-usb), [Gitea](./roles/docker-gitea), [Non-Free Driver](./roles/driver-non-free), [Nginx Homepage](./roles/nginx-homepage), [Jrnl](./roles/pc-jrnl), [Systemd Notifier](./roles/systemd-notifier), [Backup Docker to Local](./roles/backup-docker-to-local), [Jenkins](./roles/docker-jenkins), [Git](./roles/git), [Nginx HTTPS](./roles/nginx-https), [Latex](./roles/pc-latex), [Email Notifier](./roles/systemd-notifier-email), [Remote to Local Backup Solution](./roles/backup-remote-to-local), [Joomla](./roles/docker-joomla), [Heal Defect Docker Installations](./roles/heal-docker), [Nginx Matomo Tracking](./roles/nginx-matomo-tracking), [LibreOffice](./roles/pc-libreoffice), [Telegram Notifier](./roles/systemd-notifier-telegram), [Listmonk](./roles/docker-listmonk), [Btrfs Health Check](./roles/health-btrfs), [Nginx WWW Redirect](./roles/nginx-www-redirect), [Network Analyze Tools](./roles/pc-network-analyze-tools), [System Security](./roles/system-security), [Mailu](./roles/docker-mailu), [Disc Space Health Check](./roles/health-disc-space), [Administrator Tools](./roles/pc-administrator-tools), [Nextcloud](./roles/pc-nextcloud), [Swapfile Setup](./roles/system-swapfile), [Backups Cleanup](./roles/cleanup-backups-service), [Mastodon](./roles/docker-mastodon), [Docker Container Health Checker](./roles/health-docker-container), [Blu-ray Player Tools](./roles/pc-bluray-player-tools), [Office](./roles/pc-office), [Update Solutions](./roles/update), [Matomo](./roles/docker-matomo), [Docker Volumes Health Checker](./roles/health-docker-volumes), [Caffeine](./roles/pc-caffeine), [Qbittorrent](./roles/pc-qbittorrent), [Update Apt](./roles/update-apt), [Disc Space Cleanup](./roles/cleanup-disc-space), [Matrix](./roles/docker-matrix), [Health Journalctl](./roles/health-journalctl), [Designer Tools](./roles/pc-designer-tools), [Security Tools](./roles/pc-security-tools), [Update Docker](./roles/update-docker), [Failed Docker Backups Cleanup](./roles/cleanup-failed-docker-backups), [MediaWiki](./roles/docker-mediawiki), [Nginx Health Checker](./roles/health-nginx), [Developer Tools](./roles/pc-developer-tools), [Spotify](./roles/pc-spotify), [Update Pacman](./roles/update-pacman), [Client Wireguard](./roles/client-wireguard), [MyBB](./roles/docker-mybb), [Developer Tools for Arduino](./roles/pc-developer-tools-arduino), [SSH](./roles/pc-ssh), [Update Yay](./roles/update-yay), [Client Setup for Wireguard Behind Firewall](./roles/client-wireguard-behind-firewall), [Nextcloud](./roles/docker-nextcloud), [Hunspell](./roles/hunspell), [Developer Tools for Bash](./roles/pc-developer-tools-bash), [Streaming Tools](./roles/pc-streaming-tools), [Administrator](./roles/user-administrator), [Docker](./roles/docker), [Peertube](./roles/docker-peertube), [Java](./roles/java), [Developer Tools for Java](./roles/pc-developer-tools-java), [Tor Browser](./roles/pc-torbrowser), [Video Conference](./roles/pc-video-conference), [Wireguard](./roles/wireguard), [Akaunting](./roles/docker-akaunting), [Pixelfed](./roles/docker-pixelfed), [Journalctl](./roles/journalctl), [Developer Tools for PHP](./roles/pc-developer-tools-php), [Virtual Box](./roles/pc-virtual-box), [Postfix](./roles/postfix), [Attendize](./roles/docker-attendize), [Wordpress](./roles/docker-wordpress), [Locales](./roles/locales), [Docker for End Users](./roles/pc-docker), [Games](./roles/pc-games), [Python Pip](./roles/python-pip), [Discourse](./roles/docker-discourse), [Epson Multiprinter Driver](./roles/driver-epson-multiprinter), [Nginx Certbot](./roles/nginx-certbot), [Git](./roles/pc-git), [SSHD](./roles/sshd), [YOURLS](./roles/docker-yourls), [BigBlueButton](./roles/docker-bigbluebutton)... [ELK Stack](./roles/docker-elk), [Intel Driver](./roles/driver-intel), [Nginx Docker Reverse Proxy](./roles/nginx-docker-reverse-proxy), [Sudo](./roles/sudo), [Funkwhale](./roles/docker-funkwhale), [MSI Keyboard Color Driver](./roles/driver-msi-keyboard-color), [Nginx Domain Redirect](./roles/nginx-domain-redirect), [GnuCash](./roles/pc-gnucash), [Backup Data to USB](./roles/backup-data-to-usb), [Gitea](./roles/docker-gitea), [Non-Free Driver](./roles/driver-non-free), [Nginx Homepage](./roles/nginx-homepage), [Jrnl](./roles/pc-jrnl), [Systemd Notifier](./roles/systemd-notifier), [Backup Docker to Local](./roles/backup-docker-to-local), [Jenkins](./roles/docker-jenkins), [Git](./roles/git), [Nginx HTTPS](./roles/nginx-https), [Latex](./roles/pc-latex), [Email Notifier](./roles/systemd-notifier-email), [Remote to Local Backup Solution](./roles/backup-remote-to-local), [Joomla](./roles/docker-joomla), [Heal Defect Docker Installations](./roles/heal-docker), [Nginx Matomo Tracking](./roles/nginx-matomo-tracking), [LibreOffice](./roles/pc-libreoffice), [Telegram Notifier](./roles/systemd-notifier-telegram), [Listmonk](./roles/docker-listmonk), [Btrfs Health Check](./roles/health-btrfs), [Nginx WWW Redirect](./roles/nginx-www-redirect), [Network Analyze Tools](./roles/pc-network-analyze-tools), [System Security](./roles/system-security), [Mailu](./roles/docker-mailu), [Disc Space Health Check](./roles/health-disc-space), [Administrator Tools](./roles/pc-administrator-tools), [Nextcloud](./roles/pc-nextcloud), [Swapfile Setup](./roles/system-swapfile), [Backups Cleanup](./roles/cleanup-backups-service), [Mastodon](./roles/docker-mastodon), [Docker Container Health Checker](./roles/health-docker-container), [Blu-ray Player Tools](./roles/pc-bluray-player-tools), [Office](./roles/pc-office), [Update Solutions](./roles/update), [Matomo](./roles/docker-matomo), [Docker Volumes Health Checker](./roles/health-docker-volumes), [Caffeine](./roles/pc-caffeine), [Qbittorrent](./roles/pc-qbittorrent), [Update Apt](./roles/update-apt), [Disc Space Cleanup](./roles/cleanup-disc-space), [Matrix](./roles/docker-matrix), [Health Journalctl](./roles/health-journalctl), [Designer Tools](./roles/pc-designer-tools), [Security Tools](./roles/pc-security-tools), [Update Docker](./roles/update-docker), [Failed Docker Backups Cleanup](./roles/cleanup-failed-docker-backups), [MediaWiki](./roles/docker-mediawiki), [Nginx Health Checker](./roles/health-nginx), [Developer Tools](./roles/pc-developer-tools), [Spotify](./roles/pc-spotify), [Update Pacman](./roles/update-pacman), [Client Wireguard](./roles/client-wireguard), [MyBB](./roles/docker-mybb), [Developer Tools for Arduino](./roles/pc-developer-tools-arduino), [SSH](./roles/pc-ssh), [Update Yay](./roles/update-yay), [Client Setup for Wireguard Behind Firewall](./roles/client-wireguard-behind-firewall), [Nextcloud](./roles/docker-nextcloud), [Hunspell](./roles/hunspell), [Developer Tools for Bash](./roles/pc-developer-tools-bash), [Streaming Tools](./roles/pc-streaming-tools), [Administrator](./roles/user-administrator), [Docker](./roles/docker), [Peertube](./roles/docker-peertube), [Java](./roles/java), [Developer Tools for Java](./roles/pc-developer-tools-java), [Tor Browser](./roles/pc-torbrowser), [Video Conference](./roles/pc-video-conference), [Wireguard](./roles/wireguard), [Akaunting](./roles/docker-akaunting), [Pixelfed](./roles/docker-pixelfed), [Journalctl](./roles/journalctl), [Developer Tools for PHP](./roles/pc-developer-tools-php), [Virtual Box](./roles/pc-virtual-box), [Postfix](./roles/postfix), [Attendize](./roles/docker-attendize), [Wordpress](./roles/docker-wordpress), [Locales](./roles/locales), [Docker for End Users](./roles/pc-docker), [Games](./roles/pc-games), [Python Pip](./roles/python-pip), [Discourse](./roles/docker-discourse), [Epson Multiprinter Driver](./roles/driver-epson-multiprinter), [Nginx Certbot](./roles/nginx-certbot), [Git](./roles/pc-git), [SSHD](./roles/sshd), [YOURLS](./roles/docker-yourls), [BigBlueButton](./roles/docker-bigbluebutton)...
## License ## License

8
destructor.yml Normal file
View File

@ -0,0 +1,8 @@
---
- name: call destructor method
hosts: all
become: true
roles:
- role: system-maintenance-service-freezer
vars:
system_maintenance_service_freeze_action: "defrost"

View File

@ -100,4 +100,6 @@
hosts: msi_perkeyrgb hosts: msi_perkeyrgb
become: true become: true
roles: roles:
- driver-msi-keyboard-color - driver-msi-keyboard-color
- import_playbook: destructor.yml

View File

@ -26,10 +26,11 @@ size_percent_disc_space_warning: 85
size_percent_cleanup_disc_space: 90 size_percent_cleanup_disc_space: 90
# Path Variables # Path Variables
path_administrator_home: "/home/administrator/" path_administrator_home: "/home/administrator/"
path_administrator_scripts: "{{path_administrator_home}}scripts/" path_administrator_scripts: "{{path_administrator_home}}scripts/"
path_docker_volumes: "{{path_administrator_home}}volumes/docker/" path_docker_volumes: "{{path_administrator_home}}volumes/docker/"
path_docker_compose_instances: "{{path_administrator_home}}docker-compose/" path_docker_compose_instances: "{{path_administrator_home}}docker-compose/"
path_system_maintenance_service_freezer_script: "{{path_administrator_scripts}}system-maintenance-service-freezer.py"
# Runtime Variables # Runtime Variables
activate_all_timers: false # Activates all timers, independend if the handlers had been triggered activate_all_timers: false # Activates all timers, independend if the handlers had been triggered
@ -61,6 +62,24 @@ domain_roulette: "roulette.{{top_domain}}"
domain_attendize: "tickets.{{top_domain}}" domain_attendize: "tickets.{{top_domain}}"
domain_yourls: "s.{{top_domain}}" domain_yourls: "s.{{top_domain}}"
# Software versions
version_nextcloud: "production" # Nextcloud can't skipp major version updates.
version_mailu: "2.0"
version_akaunting: "latest"
version_mastodon: "latest"
# Services which modify the system:
system_maintenance_services:
- "backup-docker-to-local"
- "backup-remote-to-local"
- "backup-data-to-usb"
- "cleanup-backups"
- "cleanup-disc-space"
- "cleanup-failed-docker-backups"
- "heal-docker"
- "update-docker"
system_maintenance_service_freeze_action: 'freeze' # Valid Values: freeze, defrost
# Routings # Routings
redirect_domain_mappings: redirect_domain_mappings:
@ -79,4 +98,7 @@ redirect_domain_mappings:
nginx_configuration_directory: "/etc/nginx/conf.d/" nginx_configuration_directory: "/etc/nginx/conf.d/"
nginx_servers_directory: "{{nginx_configuration_directory}}servers/" nginx_servers_directory: "{{nginx_configuration_directory}}servers/"
nginx_maps_directory: "{{nginx_configuration_directory}}maps/" nginx_maps_directory: "{{nginx_configuration_directory}}maps/"
nginx_upstreams_directory: "{{nginx_configuration_directory}}upstreams/" nginx_upstreams_directory: "{{nginx_configuration_directory}}upstreams/"
# Role specific configuration
pixelfed_app_name: "Pictures"

View File

@ -1,3 +1,4 @@
--- ---
dependencies: dependencies:
- role: cleanup-backups-service - role: cleanup-backups-service
- role: system-maintenance-service-freezer

View File

@ -2,4 +2,5 @@ dependencies:
- git - git
- backups-provider - backups-provider
- systemd-notifier - systemd-notifier
- cleanup-failed-docker-backups - cleanup-failed-docker-backups
- system-maintenance-service-freezer

View File

@ -4,4 +4,6 @@ OnFailure=systemd-notifier@%n.service cleanup-failed-docker-backups.service
[Service] [Service]
Type=oneshot Type=oneshot
ExecStart=/usr/bin/python {{backup_docker_to_local_folder}}backup-docker-to-local.py ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "backup-docker-to-local") | join(',') }}"'
ExecStart=/usr/bin/python {{backup_docker_to_local_folder}}backup-docker-to-local.py
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'

View File

@ -3,3 +3,4 @@ dependencies:
- systemd-notifier - systemd-notifier
- cleanup-backups-timer - cleanup-backups-timer
- cleanup-failed-docker-backups - cleanup-failed-docker-backups
- system-maintenance-service-freezer

View File

@ -4,4 +4,6 @@ OnFailure=systemd-notifier@%n.service cleanup-failed-docker-backups.service
[Service] [Service]
Type=oneshot Type=oneshot
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "backup-remote-to-local") | join(',') }}"'
ExecStart=/usr/bin/bash {{docker_backup_remote_to_local_folder}}backups-remote-to-local.sh ExecStart=/usr/bin/bash {{docker_backup_remote_to_local_folder}}backups-remote-to-local.sh
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'

View File

@ -1,3 +1,4 @@
dependencies: dependencies:
- python-pip - python-pip
- systemd-notifier - systemd-notifier
- system-maintenance-service-freezer

View File

@ -4,4 +4,6 @@ OnFailure=systemd-notifier@%n.service
[Service] [Service]
Type=oneshot Type=oneshot
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "cleanup-backups") | join(',') }}"'
ExecStart=/usr/bin/python {{docker_cleanup_backups}}cleanup-backups.py --backups-folder-path {{backups_folder_path}} --maximum-backup-size-percent {{size_percent_maximum_backup}} ExecStart=/usr/bin/python {{docker_cleanup_backups}}cleanup-backups.py --backups-folder-path {{backups_folder_path}} --maximum-backup-size-percent {{size_percent_maximum_backup}}
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'

View File

@ -1,2 +1,3 @@
dependencies: dependencies:
- systemd-notifier - systemd-notifier
- system-maintenance-service-freezer

View File

@ -4,4 +4,6 @@ OnFailure=systemd-notifier@%n.service
[Service] [Service]
Type=oneshot Type=oneshot
ExecStart=/bin/bash {{cleanup_disc_space_folder}}cleanup-disc-space.sh {{size_percent_cleanup_disc_space}} ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "cleanup-disc-space") | join(',') }}"'
ExecStart=/bin/bash {{cleanup_disc_space_folder}}cleanup-disc-space.sh {{size_percent_cleanup_disc_space}}
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'

View File

@ -1,3 +1,4 @@
dependencies: dependencies:
- git - git
- systemd-notifier - systemd-notifier
- system-maintenance-service-freezer

View File

@ -4,4 +4,6 @@ OnFailure=systemd-notifier@%n.service
[Service] [Service]
Type=oneshot Type=oneshot
ExecStart=/bin/sh -c '/usr/bin/yes | /usr/bin/bash {{backup_docker_to_local_cleanup_folder}}cleanup.sh {{backup_docker_to_local_cleanup_machine_id}} {{backup_docker_to_local_cleanup_trigger_directory}}' ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "cleanup-failed-docker-backups") | join(',') }}"'
ExecStart=/bin/sh -c '/usr/bin/yes | /usr/bin/bash {{backup_docker_to_local_cleanup_folder}}cleanup.sh {{backup_docker_to_local_cleanup_machine_id}} {{backup_docker_to_local_cleanup_trigger_directory}}'
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'

View File

@ -82,7 +82,7 @@ Detailed steps for backing up your Akaunting instance, including setting manual
Variables are crucial in configuring your Akaunting setup. Ensure you set the following variables correctly in your environment: Variables are crucial in configuring your Akaunting setup. Ensure you set the following variables correctly in your environment:
- `docker_compose_instance_directory`: Set this variable to the path where your Docker Compose files for Akaunting are located. - `docker_compose_instance_directory`: Set this variable to the path where your Docker Compose files for Akaunting are located.
- `akaunting_db_password`, `akaunting_version`, `akaunting_company_name`, `akaunting_company_email`, `akaunting_setup_admin_email`, and `akaunting_setup_admin_password`: These should be set in your `.env` files as per your requirements. - `akaunting_db_password`, `version_akaunting`, `akaunting_company_name`, `akaunting_company_email`, `akaunting_setup_admin_email`, and `akaunting_setup_admin_password`: These should be set in your `.env` files as per your requirements.
### Additional Configuration ### Additional Configuration
- **SSL Certificate**: The guide includes steps to receive a certificate for your domain. - **SSL Certificate**: The guide includes steps to receive a certificate for your domain.

View File

@ -30,7 +30,7 @@
when: git_result.failed when: git_result.failed
- name: set akaunting version - name: set akaunting version
ansible.builtin.shell: find . -type f -exec sed -i 's/akaunting:latest/akaunting:{{akaunting_version}}/' {} + && find . -type f -exec sed -i 's/version=latest/version={{akaunting_version}}/' {} + ansible.builtin.shell: find . -type f -exec sed -i 's/akaunting:latest/akaunting:{{version_akaunting}}/' {} + && find . -type f -exec sed -i 's/version=latest/version={{version_akaunting}}/' {} +
become: true become: true
args: args:
chdir: "{{docker_compose_instance_directory}}" chdir: "{{docker_compose_instance_directory}}"

View File

@ -50,7 +50,7 @@ services:
# Core services # Core services
resolver: resolver:
image: ghcr.io/mailu/unbound:{{mailu_version}} image: ghcr.io/mailu/unbound:{{version_mailu}}
env_file: mailu.env env_file: mailu.env
restart: always restart: always
networks: networks:
@ -60,7 +60,7 @@ services:
driver: journald driver: journald
front: front:
image: ghcr.io/mailu/nginx:{{mailu_version}} image: ghcr.io/mailu/nginx:{{version_mailu}}
restart: always restart: always
env_file: mailu.env env_file: mailu.env
logging: logging:
@ -90,7 +90,7 @@ services:
- 192.168.203.254 - 192.168.203.254
admin: admin:
image: ghcr.io/mailu/admin:{{mailu_version}} image: ghcr.io/mailu/admin:{{version_mailu}}
restart: always restart: always
env_file: mailu.env env_file: mailu.env
volumes: volumes:
@ -106,7 +106,7 @@ services:
dns: dns:
- 192.168.203.254 - 192.168.203.254
imap: imap:
image: ghcr.io/mailu/dovecot:{{mailu_version}} image: ghcr.io/mailu/dovecot:{{version_mailu}}
restart: always restart: always
env_file: mailu.env env_file: mailu.env
volumes: volumes:
@ -121,7 +121,7 @@ services:
driver: journald driver: journald
smtp: smtp:
image: ghcr.io/mailu/postfix:{{mailu_version}} image: ghcr.io/mailu/postfix:{{version_mailu}}
restart: always restart: always
env_file: mailu.env env_file: mailu.env
volumes: volumes:
@ -136,7 +136,7 @@ services:
driver: journald driver: journald
oletools: oletools:
image: ghcr.io/mailu/oletools:{{mailu_version}} image: ghcr.io/mailu/oletools:{{version_mailu}}
hostname: oletools hostname: oletools
restart: always restart: always
depends_on: depends_on:
@ -147,7 +147,7 @@ services:
- noinet - noinet
antispam: antispam:
image: ghcr.io/mailu/rspamd:{{mailu_version}} image: ghcr.io/mailu/rspamd:{{version_mailu}}
restart: always restart: always
env_file: mailu.env env_file: mailu.env
volumes: volumes:
@ -169,7 +169,7 @@ services:
# Optional services # Optional services
antivirus: antivirus:
image: ghcr.io/mailu/clamav:{{mailu_version}} image: ghcr.io/mailu/clamav:{{version_mailu}}
restart: always restart: always
env_file: mailu.env env_file: mailu.env
volumes: volumes:
@ -182,7 +182,7 @@ services:
driver: journald driver: journald
webdav: webdav:
image: ghcr.io/mailu/radicale:{{mailu_version}} image: ghcr.io/mailu/radicale:{{version_mailu}}
restart: always restart: always
env_file: mailu.env env_file: mailu.env
volumes: volumes:
@ -197,7 +197,7 @@ services:
- 192.168.203.254 - 192.168.203.254
fetchmail: fetchmail:
image: ghcr.io/mailu/fetchmail:{{mailu_version}} image: ghcr.io/mailu/fetchmail:{{version_mailu}}
volumes: volumes:
- "admin_data:/data" - "admin_data:/data"
restart: always restart: always
@ -213,7 +213,7 @@ services:
- 192.168.203.254 - 192.168.203.254
webmail: webmail:
image: ghcr.io/mailu/webmail:{{mailu_version}} image: ghcr.io/mailu/webmail:{{version_mailu}}
restart: always restart: always
env_file: mailu.env env_file: mailu.env
volumes: volumes:

View File

@ -26,7 +26,7 @@ services:
logging: logging:
driver: journald driver: journald
web: web:
image: tootsuite/mastodon:{{mastodon_version}} image: tootsuite/mastodon:{{version_mastodon}}
restart: always restart: always
env_file: .env.production env_file: .env.production
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000" command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
@ -46,7 +46,7 @@ services:
logging: logging:
driver: journald driver: journald
streaming: streaming:
image: tootsuite/mastodon:{{mastodon_version}} image: tootsuite/mastodon:{{version_mastodon}}
restart: always restart: always
env_file: .env.production env_file: .env.production
command: node ./streaming command: node ./streaming
@ -64,7 +64,7 @@ services:
logging: logging:
driver: journald driver: journald
sidekiq: sidekiq:
image: tootsuite/mastodon:{{mastodon_version}} image: tootsuite/mastodon:{{version_mastodon}}
restart: always restart: always
env_file: .env.production env_file: .env.production
command: bundle exec sidekiq command: bundle exec sidekiq

View File

@ -21,7 +21,7 @@ To update the nextcloud container execute the following commands on the server:
docker-compose down docker-compose down
``` ```
Afterwards update the ***nextcloud_version*** variable to the next version and run the this repository with this ansible role. Afterwards update the ***version_nextcloud*** variable to the next version and run the this repository with this ansible role.
It is only possible to update from one to the next major version at a time It is only possible to update from one to the next major version at a time

View File

@ -2,7 +2,7 @@ version: '3'
services: services:
application: application:
image: "nextcloud:{{nextcloud_version}}-fpm-alpine" image: "nextcloud:{{version_nextcloud}}-fpm-alpine"
restart: always restart: always
logging: logging:
driver: journald driver: journald
@ -60,7 +60,7 @@ services:
timeout: 3s timeout: 3s
retries: 30 retries: 30
cron: cron:
image: "nextcloud:{{nextcloud_version}}-fpm-alpine" image: "nextcloud:{{version_nextcloud}}-fpm-alpine"
restart: always restart: always
logging: logging:
driver: journald driver: journald

View File

@ -0,0 +1,2 @@
dependencies:
- system-maintenance-service-freezer

View File

@ -4,4 +4,6 @@ OnFailure=systemd-notifier@%n.service
[Service] [Service]
Type=oneshot Type=oneshot
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "heal-docker") | join(',') }}"'
ExecStart=/bin/python {{heal_docker}}heal-docker.py ExecStart=/bin/python {{heal_docker}}heal-docker.py
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'

View File

@ -0,0 +1,16 @@
# System Maintenance Service Freezer
## Overview
This Ansible role is designed to manage system services through freezing (disabling) and defrosting (enabling) actions. It automates the process of managing crucial system services, especially useful for maintenance tasks like backups, cleanups, and updates.
## Role Variables
- `system_maintenance_services`: List of services to be managed by this role.
## Usage
Configure the role by defining the required variables. The role creates systemd service files that control the specified services based on the `freeze` or `defrost` actions.
For further details and usage examples, refer to the chat conversation with ChatGPT: [Link to ChatGPT Conversation](https://chat.openai.com/share/212af169-1b57-41df-bd2d-c3d32eb1331b).
## Dependencies
- `systemd-notifier`: Ensure this role is present for handling service failures.

View File

@ -0,0 +1,71 @@
import argparse
import subprocess
import time
def check_service_active(service_name):
"""Check if a service is active."""
result = subprocess.run(['systemctl', 'is-active', service_name], stdout=subprocess.PIPE)
return result.stdout.decode('utf-8').strip() == 'active'
def service_exists(service_name):
"""Check if a service exists."""
result = subprocess.run(['systemctl', 'status', service_name], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
return result.returncode == 0
def freeze(services_to_wait_for, ignored_services):
# Filter services that exist and are not in the ignored list
active_services = [service for service in services_to_wait_for if service_exists(service) and service not in ignored_services]
while active_services:
for service in active_services:
if not check_service_active(service):
print(f"{service} stopped.")
# Disable the service
subprocess.run(['systemctl', 'disable', service])
print(f"{service} disabled.")
# Stop and disable the corresponding timer, if it exists
timer_name = service + ".timer"
timer_check = subprocess.run(['systemctl', 'list-timers', '--all', timer_name], stdout=subprocess.PIPE)
if timer_name in timer_check.stdout.decode():
subprocess.run(['systemctl', 'stop', timer_name])
subprocess.run(['systemctl', 'disable', timer_name])
print(f"{timer_name} stopped and disabled.")
active_services.remove(service)
else:
print(f"Waiting for {service} to stop...")
time.sleep(5)
print("All required services have stopped.")
def defrost(services_to_wait_for, ignored_services):
for service in services_to_wait_for:
if service not in ignored_services and service_exists(service):
# Enable the service
subprocess.run(['systemctl', 'enable', service])
print(f"{service} enabled.")
# Start and enable the corresponding timer, if it exists
timer_name = service + ".timer"
timer_check = subprocess.run(['systemctl', 'list-timers', '--all', timer_name], stdout=subprocess.PIPE)
if timer_name in timer_check.stdout.decode():
subprocess.run(['systemctl', 'start', timer_name])
subprocess.run(['systemctl', 'enable', timer_name])
print(f"{timer_name} started and enabled.")
def main(services_to_wait_for, ignored_services, action):
if action == 'freeze':
# Code to handle freeze action
freeze(services_to_wait_for, ignored_services)
elif action == 'defrost':
defrost(services_to_wait_for, ignored_services)
if __name__ == "__main__":
parser = argparse.ArgumentParser(description='freezes and defrost systemctl services and timers')
parser.add_argument('action', choices=['freeze', 'defrost'], help='Action to perform: freeze or defrost services.')
parser.add_argument('services', help='Comma-separated list of services to apply the action to')
parser.add_argument('--ignore', help='Comma-separated list of services to ignore in the action', default='')
args = parser.parse_args()
services_to_wait_for = args.services.split(',')
ignored_services = args.ignore.split(',') if args.ignore else []
main(services_to_wait_for, ignored_services,args.action)

View File

@ -0,0 +1,9 @@
- name: "reload system-maintenance-service-freeze.service"
systemd:
name: system-maintenance-service-freeze.service
daemon_reload: yes
- name: "reload system-maintenance-service-defrost.service"
systemd:
name: system-maintenance-service-defrost.service
daemon_reload: yes

View File

@ -0,0 +1,3 @@
---
dependencies:
- role: systemd-notifier

View File

@ -0,0 +1,33 @@
---
- name: create {{path_system_maintenance_service_freezer_script}}
copy:
src: system-maintenance-service-freezer.py
dest: "{{path_system_maintenance_service_freezer_script}}"
when: run_once_system_maintenance_service_freeze is not defined
- name: Configure system-maintenance-service for each action
loop:
- freeze
- defrost
template:
src: system-maintenance-service-freezer.service.j2
dest: "/etc/systemd/system/system-maintenance-service-{{ item }}.service"
notify: "reload system-maintenance-service-{{ item }} service"
when: run_once_system_maintenance_service_freeze is not defined
- name: run the system_maintenance_service_freezer tasks once
set_fact:
run_once_system_maintenance_service_freeze: true
when: run_once_system_maintenance_service_freeze is not defined
- name: "restart system-maintenance-service.service"
systemd:
name: system-maintenance-service-{{system_maintenance_service_freeze_action}}.service
state: restart
enabled: yes
daemon_reload: yes
when: maintenance_service_freeze_action_last is not defined or maintenance_service_freeze_action_last != system_maintenance_service_freeze_action
- name: "set variable to prevent loading when action status didn't change"
set_fact:
maintenance_service_freeze_action_last: "{{system_maintenance_service_freeze_action}}"

View File

@ -0,0 +1,7 @@
[Unit]
Description={{item}} systemctl maintanance services
OnFailure=systemd-notifier@%n.service
[Service]
Type=oneshot
ExecStart=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} {{item}} {{ system_maintenance_services | join(",") }}'

View File

@ -0,0 +1,2 @@
dependencies:
- system-maintenance-service-freezer

View File

@ -4,4 +4,6 @@ OnFailure=systemd-notifier@%n.service
[Service] [Service]
Type=oneshot Type=oneshot
ExecStart=/bin/sh -c '/usr/bin/python {{update_docker_script}} {{path_docker_compose_instances}}' ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "update-docker") | join(',') }}"'
ExecStart=/bin/sh -c '/usr/bin/python {{update_docker_script}} {{path_docker_compose_instances}}'
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'

View File

@ -1,6 +1,6 @@
--- ---
- import_playbook: playbook-common.yml - import_playbook: constructor.yml
- name: servers host setup - name: servers host setup
hosts: servers hosts: servers
@ -241,3 +241,5 @@
roles: roles:
- role: nginx-www-redirect - role: nginx-www-redirect
when: nginx_www_redirect | bool when: nginx_www_redirect | bool
- import_playbook: destructor.yml