Compare commits

...

4 Commits

47 changed files with 156 additions and 85 deletions

View File

@ -1,12 +1,20 @@
--- ---
# general setup - name: variable mapping
- name: general setup hosts: all
vars:
activate_all_timers: "{{ activate_all_timers | lower | bool }}"
nginx_matomo_tracking: "{{ nginx_matomo_tracking | lower | bool }}"
execute_updates: "{{ execute_updates | lower | bool }}"
force_backup_before_update: "{{ force_backup_before_update | lower | bool }}"
enable_central_database: "{{ enable_central_database | lower | bool }}"
- name: update device
hosts: all hosts: all
become: true become: true
tasks: tasks:
roles: roles:
- role: update - role: update
when: execute_updates | bool when: execute_updates
- name: setup standard wireguard - name: setup standard wireguard
hosts: wireguard_server hosts: wireguard_server

View File

@ -37,7 +37,7 @@
- name: configure backup-docker-to-local.timer.tpl - name: configure backup-docker-to-local.timer.tpl
template: src=backup-docker-to-local.timer.j2 dest=/etc/systemd/system/backup-docker-to-local.timer template: src=backup-docker-to-local.timer.j2 dest=/etc/systemd/system/backup-docker-to-local.timer
register: backup_docker_to_local_timer register: backup_docker_to_local_timer
changed_when: backup_docker_to_local_timer.changed or activate_all_timers | bool changed_when: backup_docker_to_local_timer.changed or activate_all_timers
notify: restart backup-docker-to-local.timer notify: restart backup-docker-to-local.timer
when: run_once_backup_docker_to_local is not defined when: run_once_backup_docker_to_local is not defined

View File

@ -4,3 +4,4 @@ dependencies:
- cleanup-backups-timer - cleanup-backups-timer
- cleanup-failed-docker-backups - cleanup-failed-docker-backups
- system-maintenance-lock - system-maintenance-lock
- user-root

View File

@ -17,7 +17,7 @@
- name: create backup-remote-to-local.timer - name: create backup-remote-to-local.timer
template: src=backup-remote-to-local.timer.j2 dest=/etc/systemd/system/backup-remote-to-local.timer template: src=backup-remote-to-local.timer.j2 dest=/etc/systemd/system/backup-remote-to-local.timer
register: backup_backup_remote_to_local_timer register: backup_backup_remote_to_local_timer
changed_when: backup_backup_remote_to_local_timer.changed or activate_all_timers | bool changed_when: backup_backup_remote_to_local_timer.changed or activate_all_timers
notify: restart backup-remote-to-local timer notify: restart backup-remote-to-local timer
- name: create backups-remote-to-local.sh - name: create backups-remote-to-local.sh

View File

@ -3,7 +3,7 @@
src: "cleanup-backups.timer.j2" src: "cleanup-backups.timer.j2"
dest: "/etc/systemd/system/cleanup-backups.timer" dest: "/etc/systemd/system/cleanup-backups.timer"
register: cleanup_backups_timer register: cleanup_backups_timer
changed_when: cleanup_backups_timer.changed or activate_all_timers | bool changed_when: cleanup_backups_timer.changed or activate_all_timers
notify: restart cleanup-backups.timer notify: restart cleanup-backups.timer
when: run_once_cleanup_backups_timer is not defined when: run_once_cleanup_backups_timer is not defined

View File

@ -20,5 +20,5 @@
src: cleanup-disc-space.timer.j2 src: cleanup-disc-space.timer.j2
dest: /etc/systemd/system/cleanup-disc-space.timer dest: /etc/systemd/system/cleanup-disc-space.timer
register: cleanup_disc_space_timer register: cleanup_disc_space_timer
changed_when: cleanup_disc_space_timer.changed or activate_all_timers | bool changed_when: cleanup_disc_space_timer.changed or activate_all_timers
notify: restart cleanup-disc-space.timer notify: restart cleanup-disc-space.timer

View File

@ -24,7 +24,7 @@
src: cleanup-failed-docker-backups.timer.j2 src: cleanup-failed-docker-backups.timer.j2
dest: /etc/systemd/system/cleanup-failed-docker-backups.timer dest: /etc/systemd/system/cleanup-failed-docker-backups.timer
register: cleanup_failed_docker_backups_timer register: cleanup_failed_docker_backups_timer
changed_when: cleanup_failed_docker_backups_timer.changed or activate_all_timers | bool changed_when: cleanup_failed_docker_backups_timer.changed or activate_all_timers
notify: restart cleanup-failed-docker-backups.timer notify: restart cleanup-failed-docker-backups.timer
when: run_once_cleanup_failed_docker_backups is not defined when: run_once_cleanup_failed_docker_backups is not defined

View File

@ -5,4 +5,4 @@ OnFailure=systemd-notifier@%n.service
[Service] [Service]
Type=oneshot Type=oneshot
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ') }} --ignore {{system_maintenance_cleanup_services| join(' ') }} --timeout "{{sytem_maintenance_lock_timeoutbackup_services}}"' ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ') }} --ignore {{system_maintenance_cleanup_services| join(' ') }} --timeout "{{sytem_maintenance_lock_timeoutbackup_services}}"'
ExecStart=/bin/sh -c '/usr/bin/yes | /usr/bin/bash {{backup_docker_to_local_cleanup_folder}}cleanup.sh {{backup_docker_to_local_cleanup_machine_id}} {{backup_docker_to_local_cleanup_trigger_directory}}' ExecStart=/bin/sh -c '/usr/bin/yes | /usr/bin/bash {{backup_docker_to_local_cleanup_folder}}cleanup-all.sh {{backup_docker_to_local_cleanup_trigger_directory}}'

View File

@ -14,7 +14,7 @@ services:
- env/run.env - env/run.env
environment: environment:
- AKAUNTING_SETUP - AKAUNTING_SETUP
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
depends_on: depends_on:
- database - database
@ -23,6 +23,6 @@ services:
volumes: volumes:
data: data:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
database: database:
{% endif %} {% endif %}

View File

@ -9,7 +9,7 @@ services:
- .:/usr/share/nginx/html - .:/usr/share/nginx/html
- .:/var/www - .:/var/www
depends_on: depends_on:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
- database - database
{% endif %} {% endif %}
- maildev - maildev
@ -20,7 +20,7 @@ services:
worker: worker:
image: attendize_worker:latest image: attendize_worker:latest
depends_on: depends_on:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
- database - database
{% endif %} {% endif %}
- maildev - maildev
@ -36,7 +36,7 @@ services:
{% include 'templates/docker-redis-service.yml.j2' %} {% include 'templates/docker-redis-service.yml.j2' %}
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
depends_on: depends_on:
- database - database
@ -45,6 +45,6 @@ services:
volumes: volumes:
redis: redis:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
database: database:
{% endif %} {% endif %}

View File

@ -10,7 +10,7 @@ services:
restart: always restart: always
image: funkwhale/api:${FUNKWHALE_VERSION:-latest} image: funkwhale/api:${FUNKWHALE_VERSION:-latest}
depends_on: depends_on:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
- postgres - postgres
% endif %} % endif %}
- redis - redis
@ -25,7 +25,7 @@ services:
restart: always restart: always
image: funkwhale/api:${FUNKWHALE_VERSION:-latest} image: funkwhale/api:${FUNKWHALE_VERSION:-latest}
depends_on: depends_on:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
- postgres - postgres
% endif %} % endif %}
- redis - redis
@ -62,7 +62,7 @@ services:
# override those variables in your .env file if needed # override those variables in your .env file if needed
- "${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}:80" - "${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}:80"
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
{% include 'templates/docker-postgres-service.yml.j2' %} {% include 'templates/docker-postgres-service.yml.j2' %}
{% endif %} {% endif %}
@ -70,6 +70,6 @@ volumes:
data: data:
redis: redis:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
database: database:
{% endif %} {% endif %}

View File

@ -27,20 +27,18 @@ services:
- data:/data - data:/data
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
depends_on: depends_on:
- database - database
links:
- database
{% include 'templates/docker-mariadb-service.yml.j2' %} {% include 'templates/docker-mariadb-service.yml.j2' %}
{% endif %} {% endif %}
volumes: volumes:
data: data:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
database: database:
{% endif %} {% endif %}
networks: networks:
default: default:
driver: bridge driver: bridge

View File

@ -33,7 +33,7 @@ services:
- 'data:/var/opt/gitlab' - 'data:/var/opt/gitlab'
shm_size: '256m' shm_size: '256m'
depends_on: depends_on:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
database: database:
condition: service_healthy condition: service_healthy
{% endif %} {% endif %}
@ -41,7 +41,7 @@ services:
{% include 'templates/docker-redis-service.yml.j2' %} {% include 'templates/docker-redis-service.yml.j2' %}
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
{% include 'templates/docker-postgres-service.yml.j2' %} {% include 'templates/docker-postgres-service.yml.j2' %}
{% endif %} {% endif %}
@ -50,6 +50,6 @@ volumes:
config: config:
logs: logs:
data: data:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
database: database:
{% endif %} {% endif %}

View File

@ -11,8 +11,8 @@ services:
JOOMLA_DB_PASSWORD: "{{database_password}}" JOOMLA_DB_PASSWORD: "{{database_password}}"
JOOMLA_DB_NAME: "{{database_databasename}}" JOOMLA_DB_NAME: "{{database_databasename}}"
restart: always restart: always
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
links: depends_on:
- database - database
{% endif %} {% endif %}
volumes: volumes:
@ -20,12 +20,12 @@ services:
ports: ports:
- "127.0.0.1:{{http_port}}:80" - "127.0.0.1:{{http_port}}:80"
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
{% include 'templates/docker-mariadb-service.yml.j2' %} {% include 'templates/docker-mariadb-service.yml.j2' %}
{% endif %} {% endif %}
volumes: volumes:
data: data:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
database: database:
{% endif %} {% endif %}

View File

@ -12,7 +12,7 @@ services:
volumes: volumes:
- ./config.toml:/listmonk/config.toml - ./config.toml:/listmonk/config.toml
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
depends_on: depends_on:
- database - database

View File

@ -61,5 +61,5 @@
src: "deploy-letsencrypt-mailu.timer.j2" src: "deploy-letsencrypt-mailu.timer.j2"
dest: "/etc/systemd/system/deploy-letsencrypt-mailu.timer" dest: "/etc/systemd/system/deploy-letsencrypt-mailu.timer"
register: deploy_letsencrypt_mailu_timer register: deploy_letsencrypt_mailu_timer
changed_when: deploy_letsencrypt_mailu_timer.changed or activate_all_timers | bool changed_when: deploy_letsencrypt_mailu_timer.changed or activate_all_timers
notify: restart deploy-letsencrypt-mailu.timer notify: restart deploy-letsencrypt-mailu.timer

View File

@ -49,7 +49,7 @@ services:
depends_on: depends_on:
resolver: resolver:
condition: service_started condition: service_started
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
database: database:
condition: service_healthy condition: service_healthy
{% endif %} {% endif %}
@ -71,7 +71,7 @@ services:
- resolver - resolver
- front - front
- redis - redis
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
- database - database
{% endif %} {% endif %}
logging: logging:
@ -202,12 +202,12 @@ services:
- webmail - webmail
dns: dns:
- 192.168.203.254 - 192.168.203.254
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
{% include 'templates/docker-postgres-service.yml.j2' %} {% include 'templates/docker-postgres-service.yml.j2' %}
{% endif %} {% endif %}
volumes: volumes:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
database: database:
{% endif %} {% endif %}
smtp_queue: smtp_queue:

View File

@ -20,7 +20,7 @@ services:
ports: ports:
- "127.0.0.1:{{http_port}}:3000" - "127.0.0.1:{{http_port}}:3000"
depends_on: depends_on:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
- database - database
{% endif %} {% endif %}
- redis - redis
@ -42,7 +42,7 @@ services:
ports: ports:
- "127.0.0.1:{{stream_port}}:4000" - "127.0.0.1:{{stream_port}}:4000"
depends_on: depends_on:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
- database - database
{% endif %} {% endif %}
- redis - redis
@ -54,7 +54,7 @@ services:
env_file: .env.production env_file: .env.production
command: bundle exec sidekiq command: bundle exec sidekiq
depends_on: depends_on:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
- database - database
{% endif %} {% endif %}
- redis - redis
@ -67,12 +67,12 @@ services:
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"] test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
logging: logging:
driver: journald driver: journald
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
{% include 'templates/docker-postgres-service.yml.j2' %} {% include 'templates/docker-postgres-service.yml.j2' %}
{% endif %} {% endif %}
volumes: volumes:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
database: database:
{% endif %} {% endif %}
redis: redis:

View File

@ -8,7 +8,7 @@ server {
{% include 'roles/letsencrypt/templates/ssl_header.j2' %} {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
{% if nginx_matomo_tracking | bool %} {% if nginx_matomo_tracking %}
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %} {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
{% endif %} {% endif %}

View File

@ -16,14 +16,14 @@ services:
MATOMO_DATABASE_DBNAME: "{{database_databasename}}" MATOMO_DATABASE_DBNAME: "{{database_databasename}}"
volumes: volumes:
- data:/var/www/html - data:/var/www/html
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
depends_on: depends_on:
- database - database
{% include 'templates/docker-mariadb-service.yml.j2' %} {% include 'templates/docker-mariadb-service.yml.j2' %}
{% endif %} {% endif %}
volumes: volumes:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
database: database:
{% endif %} {% endif %}
data: data:

View File

@ -16,7 +16,7 @@ services:
- SYNAPSE_REPORT_STATS=no - SYNAPSE_REPORT_STATS=no
ports: ports:
- "127.0.0.1:{{synapse_http_port}}:8008" - "127.0.0.1:{{synapse_http_port}}:8008"
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
depends_on: depends_on:
- database - database
{% include 'templates/docker-postgres-service.yml.j2' %} {% include 'templates/docker-postgres-service.yml.j2' %}
@ -60,7 +60,7 @@ services:
# - instagram_bridge_data:/data # - instagram_bridge_data:/data
volumes: volumes:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
database: database:
{% endif %} {% endif %}
synapse_data: synapse_data:

View File

@ -9,7 +9,7 @@
log_driver: journald log_driver: journald
image: mediawiki image: mediawiki
restart: always restart: always
links: depends_on:
- database - database
volumes: volumes:
- "mediawiki-data:/var/www/html/" - "mediawiki-data:/var/www/html/"

View File

@ -9,7 +9,7 @@ services:
restart: always restart: always
volumes: volumes:
- data:/var/www/html - data:/var/www/html
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
depends_on: depends_on:
- database - database
{% endif %} {% endif %}
@ -26,12 +26,12 @@ services:
- "{{docker_compose_instance_confd_directory}}:{{target_mount_conf_d_directory}}:ro" - "{{docker_compose_instance_confd_directory}}:{{target_mount_conf_d_directory}}:ro"
- "data:/var/www/html:ro" - "data:/var/www/html:ro"
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
{% include 'templates/docker-mariadb-service.yml.j2' %} {% include 'templates/docker-mariadb-service.yml.j2' %}
{% endif %} {% endif %}
volumes: volumes:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
database: database:
{% endif %} {% endif %}
data: data:

View File

@ -13,7 +13,7 @@ services:
MYSQL_USER: "{{database_username}}" MYSQL_USER: "{{database_username}}"
MYSQL_PASSWORD: "{{database_password}}" MYSQL_PASSWORD: "{{database_password}}"
MYSQL_HOST: {{database_host}}:3306 MYSQL_HOST: {{database_host}}:3306
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
depends_on: depends_on:
- database - database
@ -45,12 +45,12 @@ services:
- data:/var/www/html - data:/var/www/html
entrypoint: /cron.sh entrypoint: /cron.sh
depends_on: depends_on:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
- database - database
{% endif %} {% endif %}
- redis - redis
volumes: volumes:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
database: database:
{% endif %} {% endif %}
data: data:

View File

@ -4,7 +4,7 @@ server
{% include 'roles/letsencrypt/templates/ssl_header.j2' %} {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
{% if nginx_matomo_tracking | bool %} {% if nginx_matomo_tracking %}
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %} {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
{% endif %} {% endif %}

View File

@ -5,7 +5,7 @@ networks:
backend: backend:
volumes: volumes:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
database: database:
{% endif %} {% endif %}
data: data:
@ -30,13 +30,13 @@ x-op-app: &app
IMAP_ENABLED: "${IMAP_ENABLED:-false}" IMAP_ENABLED: "${IMAP_ENABLED:-false}"
volumes: volumes:
- "data:/var/openproject/assets" - "data:/var/openproject/assets"
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
- "database:/var/openproject/pgdata" - "database:/var/openproject/pgdata"
{% endif %} {% endif %}
services: services:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
{% include 'templates/docker-postgres-service.yml.j2' %} {% include 'templates/docker-postgres-service.yml.j2' %}
{% endif %} {% endif %}
networks: networks:
@ -62,7 +62,7 @@ services:
- frontend - frontend
volumes: volumes:
- "data:/var/openproject/assets" - "data:/var/openproject/assets"
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
- "database:/var/openproject/pgdata" - "database:/var/openproject/pgdata"
{% endif %} {% endif %}
@ -73,7 +73,7 @@ services:
- frontend - frontend
- backend - backend
depends_on: depends_on:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
- database - database
{% endif %} {% endif %}
- cache - cache
@ -102,7 +102,7 @@ services:
networks: networks:
- backend - backend
depends_on: depends_on:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
- database - database
{% endif %} {% endif %}
- cache - cache
@ -114,7 +114,7 @@ services:
networks: networks:
- backend - backend
depends_on: depends_on:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
- database - database
{% endif %} {% endif %}
- cache - cache

View File

@ -15,7 +15,7 @@ services:
restart: "always" restart: "always"
depends_on: depends_on:
- redis - redis
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
- database - database
{% include 'templates/docker-postgres-service.yml.j2' %} {% include 'templates/docker-postgres-service.yml.j2' %}
@ -27,7 +27,7 @@ services:
- .env - .env
volumes: volumes:
assets: assets:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
database: database:
{% endif %} {% endif %}
data: data:

View File

@ -3,7 +3,7 @@ server {
{% include 'roles/letsencrypt/templates/ssl_header.j2' %} {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
{% if nginx_matomo_tracking | bool %} {% if nginx_matomo_tracking %}
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %} {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
{% endif %} {% endif %}

View File

@ -15,7 +15,7 @@ services:
ports: ports:
- "{{http_port}}:80" - "{{http_port}}:80"
depends_on: depends_on:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
- database - database
{% endif %} {% endif %}
- redis - redis
@ -39,7 +39,7 @@ services:
depends_on: depends_on:
- redis - redis
- application - application
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
- database - database
@ -49,7 +49,7 @@ services:
{% include 'templates/docker-redis-service.yml.j2' %} {% include 'templates/docker-redis-service.yml.j2' %}
volumes: volumes:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
database: database:
{% endif %} {% endif %}
redis: redis:

View File

@ -17,7 +17,7 @@ services:
WORDPRESS_DB_NAME: "{{database_databasename}}" WORDPRESS_DB_NAME: "{{database_databasename}}"
volumes: volumes:
- data:/var/www/html - data:/var/www/html
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
depends_on: depends_on:
- database - database
@ -25,7 +25,7 @@ services:
{% endif %} {% endif %}
volumes: volumes:
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
database: database:
{% endif %} {% endif %}
data: data:

View File

@ -16,7 +16,7 @@ services:
YOURLS_SITE: "https://{{domain}}" YOURLS_SITE: "https://{{domain}}"
YOURLS_USER: "{{yourls_user}}" YOURLS_USER: "{{yourls_user}}"
YOURLS_PASS: "{{yourls_user_password}}" YOURLS_PASS: "{{yourls_user_password}}"
{% if not ( enable_central_database | lower | bool ) %} {% if not enable_central_database %}
depends_on: depends_on:
- database - database

View File

@ -23,7 +23,7 @@
src: heal-docker.timer.j2 src: heal-docker.timer.j2
dest: "/etc/systemd/system/heal-docker.timer" dest: "/etc/systemd/system/heal-docker.timer"
register: heal_docker_timer register: heal_docker_timer
changed_when: heal_docker_timer.changed or activate_all_timers | bool changed_when: heal_docker_timer.changed or activate_all_timers
notify: restart heal-docker.timer notify: restart heal-docker.timer
when: run_once_heal_docker is not defined when: run_once_heal_docker is not defined

View File

@ -20,5 +20,5 @@
src: health-btrfs.timer.j2 src: health-btrfs.timer.j2
dest: "/etc/systemd/system/health-btrfs.timer" dest: "/etc/systemd/system/health-btrfs.timer"
register: health_btrs_timer register: health_btrs_timer
changed_when: health_btrs_timer.changed or activate_all_timers | bool changed_when: health_btrs_timer.changed or activate_all_timers
notify: restart health-btrfs.timer notify: restart health-btrfs.timer

View File

@ -20,5 +20,5 @@
src: health-disc-space.timer.j2 src: health-disc-space.timer.j2
dest: /etc/systemd/system/health-disc-space.timer dest: /etc/systemd/system/health-disc-space.timer
register: health_disc_space_timer register: health_disc_space_timer
changed_when: health_disc_space_timer.changed or activate_all_timers | bool changed_when: health_disc_space_timer.changed or activate_all_timers
notify: restart health-disc-space.timer notify: restart health-disc-space.timer

View File

@ -21,7 +21,7 @@
src: health-docker-container.timer.j2 src: health-docker-container.timer.j2
dest: "/etc/systemd/system/health-docker-container.timer" dest: "/etc/systemd/system/health-docker-container.timer"
register: health_docker_container_timer register: health_docker_container_timer
changed_when: health_docker_container_timer.changed or activate_all_timers | bool changed_when: health_docker_container_timer.changed or activate_all_timers
notify: restart health-docker-container.timer notify: restart health-docker-container.timer
when: run_once_health_docker_container is not defined when: run_once_health_docker_container is not defined

View File

@ -21,7 +21,7 @@
src: health-docker-volumes.timer.j2 src: health-docker-volumes.timer.j2
dest: "/etc/systemd/system/health-docker-volumes.timer" dest: "/etc/systemd/system/health-docker-volumes.timer"
register: health_docker_volumes_timer register: health_docker_volumes_timer
changed_when: health_docker_volumes_timer.changed or activate_all_timers | bool changed_when: health_docker_volumes_timer.changed or activate_all_timers
notify: restart health-docker-volumes.timer notify: restart health-docker-volumes.timer
when: run_once_health_docker_volumes is not defined when: run_once_health_docker_volumes is not defined

View File

@ -20,5 +20,5 @@
src: health-journalctl.timer.j2 src: health-journalctl.timer.j2
dest: /etc/systemd/system/health-journalctl.timer dest: /etc/systemd/system/health-journalctl.timer
register: health_journalctl_timer register: health_journalctl_timer
changed_when: health_journalctl_timer.changed or activate_all_timers | bool changed_when: health_journalctl_timer.changed or activate_all_timers
notify: restart health-journalctl.timer notify: restart health-journalctl.timer

View File

@ -29,7 +29,7 @@
src: health-nginx.timer.j2 src: health-nginx.timer.j2
dest: "/etc/systemd/system/health-nginx.timer" dest: "/etc/systemd/system/health-nginx.timer"
register: health_nginx_timer register: health_nginx_timer
changed_when: health_nginx_timer.changed or activate_all_timers | bool changed_when: health_nginx_timer.changed or activate_all_timers
notify: restart health-nginx.timer notify: restart health-nginx.timer
when: run_once_health_nginx is not defined when: run_once_health_nginx is not defined

View File

@ -31,7 +31,7 @@ for filename in os.listdir(config_path):
# Determine expected status codes based on the domain # Determine expected status codes based on the domain
if domain == '{{domain_listmonk}}': if domain == '{{domain_listmonk}}':
expected_statuses = [401] expected_statuses = [401]
{% if nginx_matomo_tracking | bool %} {% if nginx_matomo_tracking %}
elif parts[0] == 'www' or domain in redirected_domains: elif parts[0] == 'www' or domain in redirected_domains:
expected_statuses = [301] expected_statuses = [301]
{% endif %} {% endif %}

View File

@ -16,7 +16,7 @@
src: certbot.timer.j2 src: certbot.timer.j2
dest: /etc/systemd/system/certbot.timer dest: /etc/systemd/system/certbot.timer
register: certbot_timer register: certbot_timer
changed_when: certbot_timer.changed or activate_all_timers | bool changed_when: certbot_timer.changed or activate_all_timers
notify: restart certbot timer notify: restart certbot timer
when: run_once_nginx_certbot is not defined when: run_once_nginx_certbot is not defined

View File

@ -3,7 +3,7 @@ server
server_name {{domain}}; server_name {{domain}};
# Include Matomo Tracking Code # Include Matomo Tracking Code
{% if nginx_matomo_tracking | bool %} {% if nginx_matomo_tracking %}
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %} {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
{% endif %} {% endif %}

View File

@ -5,7 +5,7 @@ server
{% include 'roles/letsencrypt/templates/ssl_header.j2' %} {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
{% if nginx_matomo_tracking | bool %} {% if nginx_matomo_tracking %}
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %} {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
{% endif %} {% endif %}

View File

@ -2,7 +2,7 @@
systemd: systemd:
name: backup-docker-to-local-everything.service name: backup-docker-to-local-everything.service
state: started state: started
when: force_backup_before_update | bool when: force_backup_before_update
- name: create {{update_docker_script}} - name: create {{update_docker_script}}
copy: copy:

View File

@ -8,7 +8,16 @@
ssh_key_type: rsa ssh_key_type: rsa
ssh_key_bits: 8192 ssh_key_bits: 8192
when: run_once_user_administrator is not defined when: run_once_user_administrator is not defined
- name: "set correct rights for {{path_administrator_home}}"
file:
path: "{{path_administrator_home}}"
state: directory
owner: administrator
group: administrator
mode: 0700
when: run_once_user_administrator is not defined
- name: "create {{path_administrator_scripts}}" - name: "create {{path_administrator_scripts}}"
file: file:
path: "{{path_administrator_home}}scripts" path: "{{path_administrator_home}}scripts"

29
roles/user-root/README.md Normal file
View File

@ -0,0 +1,29 @@
Certainly! Below is a README file in English for an Ansible role that includes the tasks you've provided:
# Root User
## Overview
This Ansible role is designed to manage the generation and handling of an SSH key for the root user on a target system. It ensures that an SSH key is generated if it does not already exist and displays the public key. This role is particularly useful for setting up secure SSH access for root users in automated environments.
## Role Variables
- `run_once_user_root`: A variable to ensure that certain tasks are only run once. This is used for idempotency purposes.
## Tasks
1. **Check if the SSH key for root already exists**: Verifies the existence of an SSH public key for the root user.
2. **Generate a SSH key for root if it does not exist**: Generates a new SSH key pair (RSA 4096 bits) for the root user if it is not already present.
3. **Display the public SSH key**: Outputs the content of the generated public SSH key.
4. **Output the public SSH key**: Debug task to display the SSH public key in the Ansible output.
5. **Run the user_root tasks once**: Sets a fact to ensure that the tasks for generating and displaying the key are executed only once.
## Usage
To use this role, include it in your playbook and set any necessary variables in your playbook's `vars` section. Ensure you have the necessary permissions to execute tasks as the root user.
```yaml
- hosts: servers
become: yes
roles:
- ssh_key_generator_root
```
## Important Notes
- Running this role will affect the root user's SSH configuration on the target system. Ensure you understand the implications of modifying root SSH keys.
- Always test the role in a controlled environment before deploying to production.

View File

@ -0,0 +1,26 @@
- name: Check if the SSH key for root already exists
ansible.builtin.stat:
path: "/root/.ssh/id_rsa.pub"
register: ssh_key
- name: Generate a SSH key for root if it does not exist
ansible.builtin.openssh_keypair:
path: "/root/.ssh/id_rsa"
type: rsa
size: 4096
when: not ssh_key.stat.exists and run_once_user_administrator is not defined
- name: Display the public SSH key
command: cat /root/.ssh/id_rsa.pub
register: public_key
when: not ssh_key.stat.exists and run_once_user_administrator is not defined
- name: Output the public SSH key
debug:
msg: "{{ public_key.stdout }}"
when: not ssh_key.stat.exists and run_once_user_administrator is not defined
- name: run the user_administrator tasks once
set_fact:
run_once_user_administrator: true
when: run_once_user_administrator is not defined

View File

@ -1,4 +1,4 @@
- name: Activate NGINX matomo tracking - name: Activate NGINX matomo tracking
include_role: include_role:
name: nginx-matomo-tracking name: nginx-matomo-tracking
when: nginx_matomo_tracking | bool and domain is defined when: nginx_matomo_tracking and domain is defined