implemented whitelisting of anonymous docker volumes

README.md

@@ -32,7 +32,7 @@ This software allows to setup the docker following applications:
 This software shipts the following tools which are natively setup on the server:
 - [Backups Cleanup](./roles/cleanup-backups-timer/README.md) - Cleans up old backups
 - [Btrfs Health Check](./roles/health-btrfs/README.md) - Checks the health of Btrfs file systems
-- [Docker Health Check](./roles/health-docker/) - Checks the health of docker containers
+- [Docker Health Check](./roles/health-docker-container/) - Checks the health of docker containers
 - [Docker Reverse Proxy](./roles/docker-reverse-proxy/README.md) - Docker Reverse Proxy Solution
 - [Docker Volume Backup](./roles/backup-docker-to-local/) - Backup Solution for Docker Volumes
 - [Pull Primary Backups](./roles/backup-remote-to-local/README.md) - Pulls the backups from another server and stores them

group_vars/all

@@ -4,17 +4,18 @@
 
 randomized_delay_sec:                         "15min"
 
-on_calendar_btrfs_health_check:               "*-*-* 00:00:00" 
-on_calendar_journalctl_health_check:          "*-*-* 00:00:00"
-on_calendar_disc_space_check:                 "*-*-* 06,12,18,00:00:00"
-on_calendar_docker_health_check:              "*-*-* 09,10,11,12,13,14,15,16,17,18,19,20,21,22,23,00,01,02:00:00"
-on_calendar_nginx_health_check:               "*-*-* 09,10,11,12,13,14,15,16,17,18,19,20,21,22,23,00,01,02:15:00"
+on_calendar_health_btrfs:                     "*-*-* 00:00:00" 
+on_calendar_health_journalctl:                "*-*-* 00:00:00"
+on_calendar_health_disc_space:                "*-*-* 06,12,18,00:00:00"
+on_calendar_health_docker_container:          "*-*-* 09,10,11,12,13,14,15,16,17,18,19,20,21,22,23,00,01,02:00:00"
+on_calendar_health_docker_volumes:            "*-*-* 09,10,11,12,13,14,15,16,17,18,19,20,21,22,23,00,01,02:15:00"
+on_calendar_health_nginx:                     "*-*-* 09,10,11,12,13,14,15,16,17,18,19,20,21,22,23,00,01,02:45:00"
 
-on_calendar_backups_cleanup:                  "*-*-* 06,12,18,00:30:00"
-on_calendar_free_disc_space:                  "*-*-* 07,13,19,01:30:00"
-on_calendar_docker_volume_backup:             "*-*-* 03:30:00"
-on_calendar_docker_compose_restart_unhealthy: "*-*-* 09,10,11,12,13,14,15,16,17,18,19,20,21,22,23,00,01:30:00"
-on_calendar_pull_primary_backups:             "*-*-* 21:30:00"
+on_calendar_cleanup_backups:                  "*-*-* 06,12,18,00:30:00"
+on_calendar_cleanup_disc_space:               "*-*-* 07,13,19,01:30:00"
+on_calendar_backup_docker_to_local:           "*-*-* 03:30:00"
+on_calendar_backup_remote_to_local:           "*-*-* 21:30:00"
+on_calendar_heal_docker:                      "*-*-* 09,10,11,12,13,14,15,16,17,18,19,20,21,22,23,00,01:30:00"
 on_calendar_renew_lets_encrypt_certificates:  "*-*-* 12,00:30:00"
 on_calendar_deploy_mailu_certificates:        "*-*-* 13,01:30:00"
 on_calendar_msi_keyboard_color:               "*-*-* *:*:00"
@@ -22,7 +23,7 @@ on_calendar_msi_keyboard_color:               "*-*-* *:*:00"
 # Space Variables
 size_percent_maximum_backup:                  75
 size_percent_disc_space_warning:              85
-size_percent_free_disc_space:                 90
+size_percent_cleanup_disc_space:              90
 
 # Path Variables
 path_administrator_home:                      "/home/administrator/"

playbook.yml

@@ -35,18 +35,18 @@
     - client-wireguard
 
 # Native Webserver Roles
-- name: setup homepages
-  hosts: homepage
+- name: setup nginx-homepages
+  hosts: nginx-homepage
   become: true
   roles:
-   -  role: homepage
+   -  role: nginx-homepage
       vars:
         domain: "{{top_domain}}"
 - name: setup redirect hosts
   hosts: redirect
   become: true
   roles:
-   -  role: https-redirect
+   -  role: nginx-redirect
       vars:
         domain_mappings: "{{redirect_domain_mappings}}"
 
@@ -190,6 +190,14 @@
       vars:
         domain: baserow.{{top_domain}}
         http_port: 8017
+- name: setup matomo hosts
+  hosts: matomo
+  become: true
+  roles:
+   -  role: docker-matomo
+      vars:
+        domain: matomo.{{top_domain}}
+        http_port: 8018
 - name: setup akaunting hosts
   hosts: akaunting
   become: true

roles/backup-docker-to-local/tasks/main.yml

@@ -8,7 +8,7 @@
 - name: pull backup-docker-to-local.git
   git:
     repo: "https://github.com/kevinveenbirkenbach/backup-docker-to-local.git"
-    dest: "{{docker_volume_backup_folder}}"
+    dest: "{{backup_docker_to_local_folder}}"
     update: yes
   register: git_result
   ignore_errors: true
@@ -30,9 +30,9 @@
   changed_when: backup_docker_to_local_timer.changed or activate_all_timers | default(false) | bool
   notify: restart backup-docker-to-local.timer
 
-- name: create {{docker_volume_backup_folder}}databases.csv
+- name: create {{backup_docker_to_local_folder}}databases.csv
   copy:
-    src: "{{ inventory_dir }}/files/{{ inventory_hostname }}{{docker_volume_backup_folder}}databases.csv"
-    dest: "{{docker_volume_backup_folder}}databases.csv"
+    src: "{{ inventory_dir }}/files/{{ inventory_hostname }}{{backup_docker_to_local_folder}}databases.csv"
+    dest: "{{backup_docker_to_local_folder}}databases.csv"
     owner: root
     group: root

roles/backup-docker-to-local/templates/backup-docker-to-local.service.j2

@@ -4,4 +4,4 @@ OnFailure=systemd-notifier@%n.service cleanup-failed-docker-backups.service
 
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/python {{docker_volume_backup_folder}}backup-docker-to-local.py
+ExecStart=/usr/bin/python {{backup_docker_to_local_folder}}backup-docker-to-local.py

roles/backup-docker-to-local/templates/backup-docker-to-local.timer.j2

@@ -2,7 +2,7 @@
 Description=backups the docker volumes
 
 [Timer]
-OnCalendar={{on_calendar_docker_volume_backup}}
+OnCalendar={{on_calendar_backup_docker_to_local}}
 RandomizedDelaySec={{randomized_delay_sec}}
 Persistent=false
 

roles/backup-docker-to-local/vars/main.yml

@@ -1 +1 @@
-docker_volume_backup_folder: "{{path_administrator_scripts}}backup-docker-to-local/"
+backup_docker_to_local_folder: "{{path_administrator_scripts}}backup-docker-to-local/"

roles/backup-remote-to-local/tasks/main.yml

@@ -1,13 +1,13 @@
-- name: "create {{docker_pull_primary_backups_folder}}"
+- name: "create {{docker_backup_remote_to_local_folder}}"
   file:
-    path: "{{docker_pull_primary_backups_folder}}"
+    path: "{{docker_backup_remote_to_local_folder}}"
     state: directory
     mode: 0755
 
 - name: create backup-remote-to-local.sh
   copy:
     src: backup-remote-to-local.sh
-    dest: "{{docker_pull_primary_backups_folder}}backup-remote-to-local.sh"
+    dest: "{{docker_backup_remote_to_local_folder}}backup-remote-to-local.sh"
     mode: 0755
 
 - name: create backup-remote-to-local.service
@@ -16,13 +16,13 @@
 
 - name: create backup-remote-to-local.timer
   template: src=backup-remote-to-local.timer.j2 dest=/etc/systemd/system/backup-remote-to-local.timer
-  register: backup_remote_to_local_timer
-  changed_when: backup_remote_to_local_timer.changed or activate_all_timers | default(false) | bool
+  register: backup_backup_remote_to_local_timer
+  changed_when: backup_backup_remote_to_local_timer.changed or activate_all_timers | default(false) | bool
   notify: restart backup-remote-to-local timer
 
 - name: create backup-remote-to-local.sh
   template: 
     src: backup-remote-to-local.sh.j2 
-    dest: "{{docker_pull_primary_backups_folder}}backup-remote-to-local.sh"
+    dest: "{{docker_backup_remote_to_local_folder}}backup-remote-to-local.sh"
     mode: 0755
 

roles/backup-remote-to-local/templates/backup-remote-to-local.service.j2

@@ -4,4 +4,4 @@ OnFailure=systemd-notifier@%n.service cleanup-failed-docker-backups.service
 
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/bash {{docker_pull_primary_backups_folder}}backup-remote-to-local.sh
+ExecStart=/usr/bin/bash {{docker_backup_remote_to_local_folder}}backup-remote-to-local.sh

roles/backup-remote-to-local/templates/backup-remote-to-local.sh.j2

@@ -3,6 +3,6 @@
 hosts="{{pull_remote_backups}}";
 errors=0
 for host in $hosts; do
-  bash {{docker_pull_primary_backups_folder}}backup-remote-to-local.sh $host || ((errors+=1));
+  bash {{docker_backup_remote_to_local_folder}}backup-remote-to-local.sh $host || ((errors+=1));
 done;
 exit $errors;

roles/backup-remote-to-local/templates/backup-remote-to-local.timer.j2

@@ -2,7 +2,7 @@
 Description=starts pull remote backup timer
 
 [Timer]
-OnCalendar={{on_calendar_pull_primary_backups}}
+OnCalendar={{on_calendar_backup_remote_to_local}}
 RandomizedDelaySec={{randomized_delay_sec}}
 Persistent=false
 

roles/backup-remote-to-local/vars/main.yml

@@ -1 +1 @@
-docker_pull_primary_backups_folder: "{{path_administrator_scripts}}pull-primary-backups/"
+docker_backup_remote_to_local_folder: "{{path_administrator_scripts}}pull-primary-backups/"

roles/cleanup-backups-service/tasks/main.yml

@@ -5,16 +5,16 @@
       - python-psutil
     state: present
 
-- name: "create {{docker_backups_cleanup}}"
+- name: "create {{docker_cleanup_backups}}"
   file:
-    path: "{{docker_backups_cleanup}}"
+    path: "{{docker_cleanup_backups}}"
     state: directory
     mode: 0755
 
 - name: create cleanup-backups.py
   copy: 
     src:  "cleanup-backups.py"
-    dest: "{{docker_backups_cleanup}}cleanup-backups.py"
+    dest: "{{docker_cleanup_backups}}cleanup-backups.py"
 
 - name: create cleanup-backups.service
   template: 

roles/cleanup-backups-service/templates/cleanup-backups.service.j2

@@ -4,4 +4,4 @@ OnFailure=systemd-notifier@%n.service
 
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/python {{docker_backups_cleanup}}cleanup-backups.py --backups-folder-path {{backups_folder_path}} --maximum-backup-size-percent {{size_percent_maximum_backup}}
+ExecStart=/usr/bin/python {{docker_cleanup_backups}}cleanup-backups.py --backups-folder-path {{backups_folder_path}} --maximum-backup-size-percent {{size_percent_maximum_backup}}

roles/cleanup-backups-service/vars/main.yml

@@ -1 +1 @@
-docker_backups_cleanup: "{{path_administrator_scripts}}cleanup-backups/"
+docker_cleanup_backups: "{{path_administrator_scripts}}cleanup-backups/"

roles/cleanup-backups-timer/templates/cleanup-backups.timer.j2

@@ -2,7 +2,7 @@
 Description=starts cleanup-backups.service
 
 [Timer]
-OnCalendar={{on_calendar_backups_cleanup}}
+OnCalendar={{on_calendar_cleanup_backups}}
 RandomizedDelaySec={{randomized_delay_sec}}
 Persistent=true
 

roles/cleanup-disc-space/tasks/main.yml

@@ -1,13 +1,13 @@
-- name: "create {{free_disc_space_folder}}"
+- name: "create {{cleanup_disc_space_folder}}"
   file:
-    path: "{{free_disc_space_folder}}"
+    path: "{{cleanup_disc_space_folder}}"
     state: directory
     mode: 0755
 
 - name: create cleanup-disc-space.sh
   template:
     src: cleanup-disc-space.sh.j2
-    dest: "{{free_disc_space_folder}}cleanup-disc-space.sh"
+    dest: "{{cleanup_disc_space_folder}}cleanup-disc-space.sh"
 
 - name: create cleanup-disc-space.service
   template: 

roles/cleanup-disc-space/templates/cleanup-disc-space.service.j2

@@ -4,4 +4,4 @@ OnFailure=systemd-notifier@%n.service
 
 [Service]
 Type=oneshot
-ExecStart=/bin/bash {{free_disc_space_folder}}cleanup-disc-space.sh {{size_percent_free_disc_space}}
+ExecStart=/bin/bash {{cleanup_disc_space_folder}}cleanup-disc-space.sh {{size_percent_cleanup_disc_space}}

roles/cleanup-disc-space/templates/cleanup-disc-space.sh.j2

@@ -2,8 +2,8 @@
 # @param $1 mimimum free disc space
 # @param $2 --force to for execution indepentend on how much disc space is free
 
-execute_free_disc_space=0
-minimum_percent_free_disc_space="$1"
+execute_cleanup_disc_space=0
+minimum_percent_cleanup_disc_space="$1"
 force_freeing=false
 echo "Checking free disc space..."
 df
@@ -14,12 +14,12 @@ fi
 for disc_use_percent in $(df --output=pcent | sed 1d)
 do
     disc_use_percent_number=$(echo "$disc_use_percent" | sed "s/%//")
-    if [ "$disc_use_percent_number" -gt "$minimum_percent_free_disc_space" ]; then
+    if [ "$disc_use_percent_number" -gt "$minimum_percent_cleanup_disc_space" ]; then
       echo "WARNING: $disc_use_percent_number exceeds the limit of {{size_percent_disc_space_warning}}%."
-      execute_free_disc_space+=1;
+      execute_cleanup_disc_space+=1;
     fi
 done
-if [ "$disc_use_percent_number" -gt "$minimum_percent_free_disc_space" ] || [ "$force_freeing" = true ]; then
+if [ "$disc_use_percent_number" -gt "$minimum_percent_cleanup_disc_space" ] || [ "$force_freeing" = true ]; then
   echo "cleaning up /tmp" &&
   find /tmp -type f -atime +10 -delete || exit 1
   

roles/cleanup-disc-space/templates/cleanup-disc-space.timer.j2

@@ -2,7 +2,7 @@
 Description=starts cleanup-disc-space.service
 
 [Timer]
-OnCalendar={{on_calendar_free_disc_space}}
+OnCalendar={{on_calendar_cleanup_disc_space}}
 RandomizedDelaySec={{randomized_delay_sec}}
 Persistent=true
 

roles/cleanup-disc-space/vars/main.yml

@@ -1 +1 @@
-free_disc_space_folder: "{{path_administrator_scripts}}cleanup-disc-space/"
+cleanup_disc_space_folder: "{{path_administrator_scripts}}cleanup-disc-space/"

roles/cleanup-failed-docker-backups/tasks/main.yml

@@ -1,7 +1,7 @@
 - name: pull cleanup-failed-docker-backups.git
   git:
     repo: "https://github.com/kevinveenbirkenbach/cleanup-failed-docker-backups.git"
-    dest: "{{docker_volume_backup_cleanup_folder}}"
+    dest: "{{backup_docker_to_local_cleanup_folder}}"
     update: yes
   register: git_result
   ignore_errors: true

roles/cleanup-failed-docker-backups/templates/cleanup-failed-docker-backups.service.j2

@@ -4,4 +4,4 @@ OnFailure=systemd-notifier@%n.service
 
 [Service]
 Type=oneshot
-ExecStart=/bin/sh -c '/usr/bin/yes | /usr/bin/bash {{docker_volume_backup_cleanup_folder}}cleanup.sh {{docker_volume_backup_cleanup_machine_id}} {{docker_volume_backup_cleanup_trigger_directory}}'
+ExecStart=/bin/sh -c '/usr/bin/yes | /usr/bin/bash {{backup_docker_to_local_cleanup_folder}}cleanup.sh {{backup_docker_to_local_cleanup_machine_id}} {{backup_docker_to_local_cleanup_trigger_directory}}'

roles/cleanup-failed-docker-backups/vars/main.yml

@@ -1 +1 @@
-docker_volume_backup_cleanup_folder: "{{path_administrator_scripts}}cleanup-failed-docker-backups/"
+backup_docker_to_local_cleanup_folder: "{{path_administrator_scripts}}cleanup-failed-docker-backups/"

roles/docker-matomo/README.md

@@ -0,0 +1,32 @@
+# Docker Matomo Role
+
+This Ansible role deploys a Matomo analytics platform instance using Docker.
+
+## Requirements
+
+- Docker and Docker-Compose installed on the host machine.
+- Nginx installed for reverse proxy configuration.
+- Certbot installed for SSL certificate generation.
+
+## Role Variables
+
+- `domain`: The domain where Matomo will be accessible.
+- `administrator_email`: The email used for SSL certificate registration.
+- `path_docker_compose_files`: Path to store Docker Compose files.
+- `http_port`: The host port that Matomo will be accessible on.
+- `matomo_database_password`: Password for the Matomo database.
+
+## Dependencies
+
+- `docker-reverse-proxy`: An Ansible role for configuring the reverse proxy.
+
+## Example Playbook
+
+```yaml
+- hosts: servers
+  roles:
+    - { role: docker-matomo, domain: 'example.com', http_port: 8080 }
+```
+
+## AI Generated
+This script was created with the help of ChatGPT. The full conversation is [here](https://chat.openai.com/share/49e0c7e4-a2af-4a04-adad-7a735bdd85c4) available.

roles/docker-matomo/handlers/main.yml

@@ -0,0 +1,8 @@
+---
+- name: recreate matomo
+  command:
+    cmd: docker-compose -p matomo up -d --force-recreate
+    chdir: "{{path_docker_compose_files}}matomo/"
+  environment:
+    COMPOSE_HTTP_TIMEOUT: 600
+    DOCKER_CLIENT_TIMEOUT: 600

roles/docker-matomo/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+- docker-reverse-proxy

roles/docker-matomo/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+- name: recieve {{domain}} certificate
+  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
+
+- name: configure {{domain}}.conf
+  template: 
+    src:  "roles/docker-reverse-proxy/templates/domain.conf.j2"
+    dest: "/etc/nginx/conf.d/{{domain}}.conf"
+  notify: restart nginx
+
+- name: "create {{path_docker_compose_files}}matomo/"
+  file:
+    path: "{{path_docker_compose_files}}matomo/"
+    state: directory
+    mode: 0755
+
+- name: add docker-compose.yml
+  template: 
+    src:  "docker-compose.yml.j2" 
+    dest: "{{path_docker_compose_files}}matomo/docker-compose.yml"
+  notify: recreate matomo

roles/docker-matomo/templates/docker-compose.yml.j2

@@ -0,0 +1,46 @@
+version: '3'
+
+services:
+  application:
+    logging:
+      driver: journald
+    image: matomo
+    restart: always
+    ports:
+      - "127.0.0.1:{{http_port}}:80"
+    environment:
+      MATOMO_DATABASE_HOST: "database:3306"
+      MATOMO_DATABASE_ADAPTER: "mysql"
+      MATOMO_DATABASE_USERNAME: "matomo"
+      MATOMO_DATABASE_PASSWORD: "{{matomo_database_password}}"
+      MATOMO_DATABASE_DBNAME: "matomo"
+    links:
+      - database
+    depends_on:
+      - database
+    volumes:
+      - data:/var/www/html
+  database:
+    logging:
+      driver: journald
+    image: mariadb
+    restart: always
+    environment:
+      MYSQL_DATABASE: "matomo"
+      MYSQL_USER: "matomo"
+      MYSQL_PASSWORD: "{{matomo_database_password}}"
+      MYSQL_ROOT_PASSWORD: "{{matomo_database_password}}"
+      MARIADB_AUTO_UPGRADE: "1"
+    volumes:
+      - database:/var/lib/mysql
+    healthcheck:
+      test: "/usr/bin/mariadb --user=matomo --password={{matomo_database_password}} --execute \"SHOW DATABASES;\""
+      interval: 3s
+      timeout: 1s
+      retries: 5
+volumes:
+  database:
+  data:
+networks:
+  default:
+    driver: bridge

roles/docker-reverse-proxy/meta/main.yml

@@ -1,3 +1,3 @@
 dependencies:
 - docker
-- https-server
+- nginx-https

roles/docker/meta/main.yml

@@ -1,5 +1,6 @@
 dependencies:
   - backup-docker-to-local
   - user-administrator
-  - health-docker
+  - health-docker-container
+  - health-docker-volumes
   - heal-docker

roles/heal-docker/tasks/main.yml

@@ -1,13 +1,13 @@
-- name: "create {{docker_compose_restart_unhealthy}}"
+- name: "create {{heal_docker}}"
   file:
-    path: "{{docker_compose_restart_unhealthy}}"
+    path: "{{heal_docker}}"
     state: directory
     mode: 0755
 
 - name: create heal-docker.py
   copy:
     src: heal-docker.py
-    dest: "{{docker_compose_restart_unhealthy}}heal-docker.py"
+    dest: "{{heal_docker}}heal-docker.py"
 
 - name: create heal-docker.service
   template: 

roles/heal-docker/templates/heal-docker.service.j2

@@ -4,4 +4,4 @@ OnFailure=systemd-notifier@%n.service
 
 [Service]
 Type=oneshot
-ExecStart=/bin/python {{docker_compose_restart_unhealthy}}heal-docker.py
+ExecStart=/bin/python {{heal_docker}}heal-docker.py

roles/heal-docker/templates/heal-docker.timer.j2

@@ -2,7 +2,7 @@
 Description=starts heal-docker.service
 
 [Timer]
-OnCalendar={{on_calendar_docker_compose_restart_unhealthy}}
+OnCalendar={{on_calendar_heal_docker}}
 RandomizedDelaySec={{randomized_delay_sec}}
 Persistent=false
 

roles/heal-docker/vars/main.yml

@@ -1 +1 @@
-docker_compose_restart_unhealthy: "{{path_administrator_scripts}}heal-docker/"
+heal_docker: "{{path_administrator_scripts}}heal-docker/"

roles/health-btrfs/tasks/main.yml

@@ -1,13 +1,13 @@
-- name: "create {{docker_btrfs_health_check_folder}}"
+- name: "create {{docker_health_btrfs_folder}}"
   file:
-    path: "{{docker_btrfs_health_check_folder}}"
+    path: "{{docker_health_btrfs_folder}}"
     state: directory
     mode: 0755
 
 - name: create health-btrfs.sh
   copy:
     src: health-btrfs.sh
-    dest: "{{docker_btrfs_health_check_folder}}health-btrfs.sh"
+    dest: "{{docker_health_btrfs_folder}}health-btrfs.sh"
 
 - name: create health-btrfs.service
   template: 

roles/health-btrfs/templates/health-btrfs.service.j2

@@ -4,4 +4,4 @@ OnFailure=systemd-notifier@%n.service
 
 [Service]
 Type=oneshot
-ExecStart=/bin/bash {{docker_btrfs_health_check_folder}}health-btrfs.sh
+ExecStart=/bin/bash {{docker_health_btrfs_folder}}health-btrfs.sh

roles/health-btrfs/templates/health-btrfs.timer.j2

@@ -2,7 +2,7 @@
 Description=starts health-btrfs.service
 
 [Timer]
-OnCalendar={{on_calendar_btrfs_health_check}}
+OnCalendar={{on_calendar_health_btrfs}}
 RandomizedDelaySec={{randomized_delay_sec}}
 Persistent=false
 

roles/health-btrfs/vars/main.yml

@@ -1 +1 @@
-docker_btrfs_health_check_folder: "{{path_administrator_scripts}}health-btrfs/"
+docker_health_btrfs_folder: "{{path_administrator_scripts}}health-btrfs/"

roles/health-disc-space/files/health-disc-space.sh

@@ -1,14 +1,14 @@
 #!/bin/sh
 # @param $1 mimimum free disc space
 errors=0
-minimum_percent_free_disc_space="$1"
+minimum_percent_cleanup_disc_space="$1"
 echo "checking disc space use..."
 df
 for disc_use_percent in $(df --output=pcent | sed 1d)
 do
     disc_use_percent_number=$(echo "$disc_use_percent" | sed "s/%//")
-    if [ "$disc_use_percent_number" -gt "$minimum_percent_free_disc_space" ]; then
-      echo "WARNING: $disc_use_percent_number exceeds the limit of $minimum_percent_free_disc_space%."
+    if [ "$disc_use_percent_number" -gt "$minimum_percent_cleanup_disc_space" ]; then
+      echo "WARNING: $disc_use_percent_number exceeds the limit of $minimum_percent_cleanup_disc_space%."
       errors+=1;
     fi
 done

roles/health-disc-space/tasks/main.yml

@@ -1,13 +1,13 @@
-- name: "create {{disc_space_check_folder}}"
+- name: "create {{health_disc_space_folder}}"
   file:
-    path: "{{disc_space_check_folder}}"
+    path: "{{health_disc_space_folder}}"
     state: directory
     mode: 0755
 
 - name: create health-disc-space.sh
   copy:
     src: health-disc-space.sh
-    dest: "{{disc_space_check_folder}}health-disc-space.sh"
+    dest: "{{health_disc_space_folder}}health-disc-space.sh"
 
 - name: create health-disc-space.service
   template: 

roles/health-disc-space/templates/health-disc-space.service.j2

@@ -4,4 +4,4 @@ OnFailure=systemd-notifier@%n.service
 
 [Service]
 Type=oneshot
-ExecStart=/bin/bash {{disc_space_check_folder}}health-disc-space.sh {{size_percent_disc_space_warning}}
+ExecStart=/bin/bash {{health_disc_space_folder}}health-disc-space.sh {{size_percent_disc_space_warning}}

roles/health-disc-space/templates/health-disc-space.timer.j2

@@ -2,7 +2,7 @@
 Description=starts health-disc-space.service
 
 [Timer]
-OnCalendar={{on_calendar_disc_space_check}}
+OnCalendar={{on_calendar_health_disc_space}}
 RandomizedDelaySec={{randomized_delay_sec}}
 Persistent=true
 

roles/health-disc-space/vars/main.yml

@@ -1 +1 @@
-disc_space_check_folder: "{{path_administrator_scripts}}health-disc-space/"
+health_disc_space_folder: "{{path_administrator_scripts}}health-disc-space/"

roles/health-docker-container/Readme.md

@@ -0,0 +1,21 @@
+# Health Check for Docker Containers
+
+## Description
+
+This Ansible role is designed to ensure the health of Docker containers running on a system. It includes a script that checks for unhealthy or exited Docker containers and sets up a systemd service and timer to regularly execute this check.
+
+## Files
+
+- `vars/main.yml`: Variable definitions for the script's directory.
+- `handlers/main.yml`: Handlers to reload and restart the systemd service and timer.
+- `files/health-docker-container.sh`: The script that checks the container health.
+- `tasks/main.yml`: Tasks to create necessary directories, copy scripts, and create systemd service and timer.
+- `templates/health-docker-container.service.j2`: Systemd service template.
+- `templates/health-docker-container.timer.j2`: Systemd timer template.
+- `meta/main.yml`: Meta information declaring dependencies for the role.
+
+## Usage
+
+To use this role, include it in your playbook and set the `path_administrator_scripts` variable to the desired path for the health check scripts.
+
+Ensure that the `systemd_notifier` dependency is satisfied for error notifications.

roles/health-docker-container/handlers/main.yml

@@ -0,0 +1,11 @@
+- name: "reload health-docker-container.service"
+  systemd:
+    name: health-docker-container.service
+    enabled: yes
+    daemon_reload: yes
+- name: "restart health-docker-container.timer"
+  systemd:
+    name: health-docker-container.timer
+    state: restarted
+    enabled: yes
+    daemon_reload: yes

roles/health-docker-container/tasks/main.yml

@@ -0,0 +1,22 @@
+- name: "create {{health_docker_container_folder}}"
+  file:
+    path: "{{health_docker_container_folder}}"
+    state: directory
+    mode: 0755
+
+- name: create health-docker-container.sh
+  copy:
+    src: health-docker-container.sh
+    dest: "{{health_docker_container_folder}}health-docker-container.sh"
+
+- name: create health-docker-container.service
+  template: src=health-docker-container.service.j2 dest=/etc/systemd/system/health-docker-container.service
+  notify: reload health-docker-container.service
+
+- name: create health-docker-container.timer
+  template:
+    src: health-docker-container.timer.j2
+    dest: "/etc/systemd/system/health-docker-container.timer"
+  register: health_docker_container_timer
+  changed_when: health_docker_container_timer.changed or activate_all_timers | default(false) | bool
+  notify: restart health-docker-container.timer

roles/health-docker-container/templates/health-docker-container.service.j2

@@ -4,4 +4,4 @@ OnFailure=systemd-notifier@%n.service
 
 [Service]
 Type=oneshot
-ExecStart=/bin/bash {{docker_health_check_folder}}health-docker.sh
+ExecStart=/bin/bash {{health_docker_container_folder}}health-docker-container.sh

roles/health-docker-container/templates/health-docker-container.timer.j2

@@ -0,0 +1,10 @@
+[Unit]
+Description=starts health-docker-container.service
+
+[Timer]
+OnCalendar={{on_calendar_health_docker_container}}
+RandomizedDelaySec={{randomized_delay_sec}}
+Persistent=false
+
+[Install]
+WantedBy=timers.target

roles/health-docker-container/vars/main.yml

@@ -0,0 +1 @@
+health_docker_container_folder: "{{path_administrator_scripts}}health-docker-container/"

roles/health-docker-volumes/README.md

@@ -0,0 +1,25 @@
+# Health Check for Docker Volumes
+
+## Description
+
+This role checks for anonymous Docker volumes that are not bound to a container and may be left over from previous operations. It provides a cleanup mechanism by identifying such volumes, excluding any that are whitelisted, and possibly taking action against them.
+
+## Files
+
+- `vars/main.yml`: Variable definitions for the script's directory and whitelist.
+- `handlers/main.yml`: Handlers to reload and restart the systemd service and timer.
+- `files/health-docker-volumes.sh`: The script that checks for anonymous Docker volumes and excludes whitelisted volumes.
+- `tasks/main.yml`: Tasks to create necessary directories, copy scripts, and create systemd service and timer.
+- `templates/health-docker-volumes.service.j2`: Systemd service template, including the whitelisted volumes as a parameter.
+- `templates/health-docker-volumes.timer.j2`: Systemd timer template.
+- `meta/main.yml`: Meta information declaring dependencies for the role.
+
+## Usage
+
+Include this role in your playbook and set the `path_administrator_scripts` variable to determine where the health check scripts should reside. Define `whitelisted_anonymous_volumes` in `vars/main.yml` with an array of volume IDs that should be ignored by the health check.
+
+Ensure that the `systemd_notifier` dependency is satisfied for error notifications.
+
+## Created with AI
+This script was created with the help of AI. The full conversation you find [here](https://chat.openai.com/share/1fa829f1-f001-4111-b1d4-1b2e3d583da2).
+

roles/health-docker-volumes/files/health-docker-volumes.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+
+status=0
+
+# The first argument is a space-separated list of whitelisted volume IDs
+whitelist=$1
+whitelisted_volumes=($whitelist)  # Split into an array
+
+anonymous_volumes=$(docker volume ls --format "{{.Name}}" | grep -E '^[a-f0-9]{64}$')
+
+if [ -z "$anonymous_volumes" ]; then
+    echo "No anonymous volumes found."
+    exit $status
+fi
+
+echo "Anonymous volumes found:"
+
+for volume in $anonymous_volumes; do
+    # Check if the volume is in the whitelist
+    if printf '%s\n' "${whitelisted_volumes[@]}" | grep -q "^$volume$"; then
+        echo "Volume $volume is whitelisted and will be skipped."
+        continue
+    fi
+
+    status=1
+    container_ids=$(docker ps -aq --filter volume=$volume)
+    if [ -z "$container_ids" ]; then
+        echo "Volume $volume is not used by any running containers."
+        continue
+    fi
+
+    for container_id in $container_ids; do
+        container_name=$(docker inspect --format '{{ .Name }}' $container_id | sed 's#^/##')
+        mount_path=$(docker inspect --format "{{ range .Mounts }}{{ if eq .Name \"$volume\" }}{{ .Destination }}{{ end }}{{ end }}" $container_id)
+        
+        if [ -n "$mount_path" ]; then
+            echo "Volume $volume is used by container $container_name at mount path $mount_path"
+        else
+            echo "Volume $volume is used by container $container_name, but mount path could not be determined."
+        fi
+    done
+done
+
+exit $status

roles/health-docker-volumes/handlers/main.yml

@@ -0,0 +1,11 @@
+- name: "reload health-docker-volumes.service"
+  systemd:
+    name: health-docker-volumes.service
+    enabled: yes
+    daemon_reload: yes
+- name: "restart health-docker-volumes.timer"
+  systemd:
+    name: health-docker-volumes.timer
+    state: restarted
+    enabled: yes
+    daemon_reload: yes

roles/health-docker-volumes/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+  - systemd_notifier

roles/health-docker-volumes/tasks/main.yml

@@ -0,0 +1,22 @@
+- name: "create {{health_docker_volumes_folder}}"
+  file:
+    path: "{{health_docker_volumes_folder}}"
+    state: directory
+    mode: 0755
+
+- name: create health-docker-volumes.sh
+  copy:
+    src: health-docker-volumes.sh
+    dest: "{{health_docker_volumes_folder}}health-docker-volumes.sh"
+
+- name: create health-docker-volumes.service
+  template: src=health-docker-volumes.service.j2 dest=/etc/systemd/system/health-docker-volumes.service
+  notify: reload health-docker-volumes.service
+
+- name: create health-docker-volumes.timer
+  template:
+    src: health-docker-volumes.timer.j2
+    dest: "/etc/systemd/system/health-docker-volumes.timer"
+  register: health_docker_volumes_timer
+  changed_when: health_docker_volumes_timer.changed or activate_all_timers | default(false) | bool
+  notify: restart health-docker-volumes.timer

roles/health-docker-volumes/templates/health-docker-volumes.service.j2

@@ -0,0 +1,7 @@
+[Unit]
+Description=Checking docker health
+OnFailure=systemd-notifier@%n.service
+
+[Service]
+Type=oneshot
+ExecStart=/bin/bash {{ health_docker_volumes_folder }}health-docker-volumes.sh "{{ whitelisted_anonymous_docker_volumes | join(' ') }}"

roles/health-docker-volumes/templates/health-docker-volumes.timer.j2

@@ -1,8 +1,8 @@
 [Unit]
-Description=starts health-docker.service
+Description=starts health-docker-volumes.service
 
 [Timer]
-OnCalendar={{on_calendar_docker_health_check}}
+OnCalendar={{on_calendar_health_docker_volumes}}
 RandomizedDelaySec={{randomized_delay_sec}}
 Persistent=false
 

roles/health-docker-volumes/vars/main.yml

@@ -0,0 +1 @@
+health_docker_volumes_folder: "{{path_administrator_scripts}}health-docker-volumes/"

roles/health-docker/handlers/main.yml

@@ -1,11 +0,0 @@
-- name: "reload health-docker.service"
-  systemd:
-    name: health-docker.service
-    enabled: yes
-    daemon_reload: yes
-- name: "restart health-docker.timer"
-  systemd:
-    name: health-docker.timer
-    state: restarted
-    enabled: yes
-    daemon_reload: yes

roles/health-docker/tasks/main.yml

@@ -1,22 +0,0 @@
-- name: "create {{docker_health_check_folder}}"
-  file:
-    path: "{{docker_health_check_folder}}"
-    state: directory
-    mode: 0755
-
-- name: create health-docker.sh
-  copy:
-    src: health-docker.sh
-    dest: "{{docker_health_check_folder}}health-docker.sh"
-
-- name: create health-docker.service
-  template: src=health-docker.service.j2 dest=/etc/systemd/system/health-docker.service
-  notify: reload health-docker.service
-
-- name: create health-docker.timer
-  template:
-    src: health-docker.timer.j2
-    dest: "/etc/systemd/system/health-docker.timer"
-  register: health_docker_timer
-  changed_when: health_docker_timer.changed or activate_all_timers | default(false) | bool
-  notify: restart health-docker.timer

roles/health-docker/vars/main.yml

@@ -1 +0,0 @@
-docker_health_check_folder: "{{path_administrator_scripts}}health-docker/"

roles/health-journalctl/tasks/main.yml

@@ -1,13 +1,13 @@
-- name: "create {{journalctl_health_check_folder}}"
+- name: "create {{health_journalctl_folder}}"
   file:
-    path: "{{journalctl_health_check_folder}}"
+    path: "{{health_journalctl_folder}}"
     state: directory
     mode: 0755
 
 - name: create health-journalctl.sh
   copy:
     src: health-journalctl.sh
-    dest: "{{journalctl_health_check_folder}}health-journalctl.sh"
+    dest: "{{health_journalctl_folder}}health-journalctl.sh"
 
 - name: create health-journalctl.service
   template: 

roles/health-journalctl/templates/health-journalctl.service.j2

@@ -4,4 +4,4 @@ OnFailure=systemd-notifier@%n.service
 
 [Service]
 Type=oneshot
-ExecStart=/bin/bash {{journalctl_health_check_folder}}health-journalctl.sh
+ExecStart=/bin/bash {{health_journalctl_folder}}health-journalctl.sh

roles/health-journalctl/templates/health-journalctl.timer.j2

@@ -2,7 +2,7 @@
 Description=starts health-journalctl.service
 
 [Timer]
-OnCalendar={{on_calendar_journalctl_health_check}}
+OnCalendar={{on_calendar_health_journalctl}}
 RandomizedDelaySec={{randomized_delay_sec}}
 Persistent=false
 

roles/health-journalctl/vars/main.yml

@@ -1 +1 @@
-journalctl_health_check_folder: "{{path_administrator_scripts}}health-journalctl/"
+health_journalctl_folder: "{{path_administrator_scripts}}health-journalctl/"

roles/health-nginx/tasks/main.yml

@@ -3,16 +3,16 @@
     name: python-requests
     state: present
 
-- name: "create {{ nginx_health_check_folder }}"
+- name: "create {{ health_nginx_folder }}"
   file:
-    path: "{{ nginx_health_check_folder }}"
+    path: "{{ health_nginx_folder }}"
     state: directory
     mode: 0755
 
 - name: create health-nginx.py
   copy:
     src: health-nginx.py
-    dest: "{{ nginx_health_check_folder }}health-nginx.py"
+    dest: "{{ health_nginx_folder }}health-nginx.py"
 
 - name: create health-nginx.service
   template: 

roles/health-nginx/templates/health-nginx.service.j2

@@ -4,4 +4,4 @@ OnFailure=systemd-notifier@%n.service
 
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/python3 {{ nginx_health_check_folder }}health-nginx.py
+ExecStart=/usr/bin/python3 {{ health_nginx_folder }}health-nginx.py

roles/health-nginx/templates/health-nginx.timer.j2

@@ -2,7 +2,7 @@
 Description=starts health-nginx.service
 
 [Timer]
-OnCalendar={{ on_calendar_nginx_health_check }}
+OnCalendar={{ on_calendar_health_nginx }}
 RandomizedDelaySec={{ randomized_delay_sec }}
 Persistent=false
 

roles/health-nginx/vars/main.yml

@@ -1 +1 @@
-nginx_health_check_folder: "{{ path_administrator_scripts }}health-nginx/"
+health_nginx_folder: "{{ path_administrator_scripts }}health-nginx/"

roles/https-redirect/meta/main.yml

@@ -1,2 +0,0 @@
-dependencies:
-- https-server

roles/https-redirect/readme.md

@@ -1,5 +0,0 @@
-# native https-redirect
-
-## see
-- https://stackoverflow.com/questions/6045020/how-to-redirect-to-a-different-domain-using-nginx
-- https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html

roles/nginx-homepage/Readme.md

@@ -0,0 +1,33 @@
+# Nginx Homepage Role
+
+This Ansible role configures an Nginx server to serve a static homepage. It handles domain configuration, SSL certificate retrieval with Let's Encrypt, and cloning the homepage content from a Git repository.
+
+## Requirements
+
+- Ansible 2.9 or higher
+- Nginx installed on the target machine
+- Git installed on the target machine (if cloning a repo)
+- `nginx-https` and `git` roles available or configured if they are used as dependencies
+
+## Role Variables
+
+- `nginx_homepage_root`: The directory where the homepage content will be stored (default: `/usr/share/nginx/homepage`)
+- `domain`: The domain name for the Nginx server configuration
+- `administrator_email`: The email used for SSL certificate registration with Let's Encrypt
+- `nginx_homepage_repository_address`: The Git repository address containing the homepage content
+
+## Dependencies
+
+- `nginx-https`: A role for setting up an HTTPS server
+- `git`: A role for installing Git
+
+## Example Playbook
+
+```yaml
+- hosts: servers
+  roles:
+     - { role: nginx-homepage, domain: 'example.com', administrator_email: 'admin@example.com' }
+```
+
+## Author Information
+This role was created in 2023 by Kevin Veen Birkenbach.

roles/nginx-homepage/meta/main.yml

@@ -1,3 +1,3 @@
 dependencies:
-- https-server
+- nginx-https
 - git

roles/nginx-homepage/tasks/main.yml

@@ -5,10 +5,10 @@
 - name: recieve {{domain}} certificate
   command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
 
-- name: homepage repo git
+- name: nginx-homepage repo git
   git:
-    repo: "{{homepage_repository_address}}"
-    dest: "/usr/share/nginx/homepage"
+    repo: "{{nginx_homepage_repository_address}}"
+    dest: "{{nginx_homepage_root}}"
     update: yes
   register: git_result
   ignore_errors: true

roles/nginx-homepage/templates/homepage.nginx.conf.j2

@@ -9,7 +9,7 @@ server
   
   location /
   {
-    root /usr/share/nginx/homepage;
+    root {{nginx_homepage_root}};
     index index.html index.htm;
   }
 }

roles/nginx-homepage/vars/main.yml

@@ -0,0 +1 @@
+nginx_homepage_root: /usr/share/nginx/homepage

roles/nginx-redirect/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+- nginx-https

roles/nginx-redirect/readme.md

@@ -0,0 +1,29 @@
+# Nginx Redirect Role
+
+This Ansible role configures Nginx to perform 301 redirects from one domain to another. It handles SSL certificate retrieval for the source domains and sets up the Nginx configuration to redirect to the specified target domains.
+
+## Requirements
+
+- Ansible 2.9 or higher
+- Nginx installed on the target machine
+- Let's Encrypt for SSL certificate management
+
+## Role Variables
+
+- `domain_mappings`: A list of objects with `source` and `target` properties specifying the domains to redirect from and to.
+- `administrator_email`: The email used for SSL certificate registration with Let's Encrypt.
+
+## Dependencies
+
+- `nginx-https`: A role for setting up HTTPS for Nginx
+- `letsencrypt`: A role for managing SSL certificates with Let's Encrypt
+
+## Example Playbook
+
+```yaml
+- hosts: servers
+  roles:
+    - { role: nginx-redirect, domain_mappings: [ {source: 'example.com', target: 'newdomain.com'} ] }
+
+## Author Information
+This role was created in 2023 by Kevin Veen Birkenbach.