mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2024-11-21 20:31:02 +01:00
Compare commits
4 Commits
d379d89ea3
...
2fe38a4059
Author | SHA1 | Date | |
---|---|---|---|
2fe38a4059 | |||
6d5ed7b5b7 | |||
a8c6e5b69f | |||
2d3b69e9ab |
@ -1,12 +1,20 @@
|
|||||||
---
|
---
|
||||||
# general setup
|
- name: variable mapping
|
||||||
- name: general setup
|
hosts: all
|
||||||
|
vars:
|
||||||
|
activate_all_timers: "{{ activate_all_timers | lower | bool }}"
|
||||||
|
nginx_matomo_tracking: "{{ nginx_matomo_tracking | lower | bool }}"
|
||||||
|
execute_updates: "{{ execute_updates | lower | bool }}"
|
||||||
|
force_backup_before_update: "{{ force_backup_before_update | lower | bool }}"
|
||||||
|
enable_central_database: "{{ enable_central_database | lower | bool }}"
|
||||||
|
|
||||||
|
- name: update device
|
||||||
hosts: all
|
hosts: all
|
||||||
become: true
|
become: true
|
||||||
tasks:
|
tasks:
|
||||||
roles:
|
roles:
|
||||||
- role: update
|
- role: update
|
||||||
when: execute_updates | bool
|
when: execute_updates
|
||||||
|
|
||||||
- name: setup standard wireguard
|
- name: setup standard wireguard
|
||||||
hosts: wireguard_server
|
hosts: wireguard_server
|
||||||
|
@ -37,7 +37,7 @@
|
|||||||
- name: configure backup-docker-to-local.timer.tpl
|
- name: configure backup-docker-to-local.timer.tpl
|
||||||
template: src=backup-docker-to-local.timer.j2 dest=/etc/systemd/system/backup-docker-to-local.timer
|
template: src=backup-docker-to-local.timer.j2 dest=/etc/systemd/system/backup-docker-to-local.timer
|
||||||
register: backup_docker_to_local_timer
|
register: backup_docker_to_local_timer
|
||||||
changed_when: backup_docker_to_local_timer.changed or activate_all_timers | bool
|
changed_when: backup_docker_to_local_timer.changed or activate_all_timers
|
||||||
notify: restart backup-docker-to-local.timer
|
notify: restart backup-docker-to-local.timer
|
||||||
when: run_once_backup_docker_to_local is not defined
|
when: run_once_backup_docker_to_local is not defined
|
||||||
|
|
||||||
|
@ -4,3 +4,4 @@ dependencies:
|
|||||||
- cleanup-backups-timer
|
- cleanup-backups-timer
|
||||||
- cleanup-failed-docker-backups
|
- cleanup-failed-docker-backups
|
||||||
- system-maintenance-lock
|
- system-maintenance-lock
|
||||||
|
- user-root
|
||||||
|
@ -17,7 +17,7 @@
|
|||||||
- name: create backup-remote-to-local.timer
|
- name: create backup-remote-to-local.timer
|
||||||
template: src=backup-remote-to-local.timer.j2 dest=/etc/systemd/system/backup-remote-to-local.timer
|
template: src=backup-remote-to-local.timer.j2 dest=/etc/systemd/system/backup-remote-to-local.timer
|
||||||
register: backup_backup_remote_to_local_timer
|
register: backup_backup_remote_to_local_timer
|
||||||
changed_when: backup_backup_remote_to_local_timer.changed or activate_all_timers | bool
|
changed_when: backup_backup_remote_to_local_timer.changed or activate_all_timers
|
||||||
notify: restart backup-remote-to-local timer
|
notify: restart backup-remote-to-local timer
|
||||||
|
|
||||||
- name: create backups-remote-to-local.sh
|
- name: create backups-remote-to-local.sh
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
src: "cleanup-backups.timer.j2"
|
src: "cleanup-backups.timer.j2"
|
||||||
dest: "/etc/systemd/system/cleanup-backups.timer"
|
dest: "/etc/systemd/system/cleanup-backups.timer"
|
||||||
register: cleanup_backups_timer
|
register: cleanup_backups_timer
|
||||||
changed_when: cleanup_backups_timer.changed or activate_all_timers | bool
|
changed_when: cleanup_backups_timer.changed or activate_all_timers
|
||||||
notify: restart cleanup-backups.timer
|
notify: restart cleanup-backups.timer
|
||||||
when: run_once_cleanup_backups_timer is not defined
|
when: run_once_cleanup_backups_timer is not defined
|
||||||
|
|
||||||
|
@ -20,5 +20,5 @@
|
|||||||
src: cleanup-disc-space.timer.j2
|
src: cleanup-disc-space.timer.j2
|
||||||
dest: /etc/systemd/system/cleanup-disc-space.timer
|
dest: /etc/systemd/system/cleanup-disc-space.timer
|
||||||
register: cleanup_disc_space_timer
|
register: cleanup_disc_space_timer
|
||||||
changed_when: cleanup_disc_space_timer.changed or activate_all_timers | bool
|
changed_when: cleanup_disc_space_timer.changed or activate_all_timers
|
||||||
notify: restart cleanup-disc-space.timer
|
notify: restart cleanup-disc-space.timer
|
@ -24,7 +24,7 @@
|
|||||||
src: cleanup-failed-docker-backups.timer.j2
|
src: cleanup-failed-docker-backups.timer.j2
|
||||||
dest: /etc/systemd/system/cleanup-failed-docker-backups.timer
|
dest: /etc/systemd/system/cleanup-failed-docker-backups.timer
|
||||||
register: cleanup_failed_docker_backups_timer
|
register: cleanup_failed_docker_backups_timer
|
||||||
changed_when: cleanup_failed_docker_backups_timer.changed or activate_all_timers | bool
|
changed_when: cleanup_failed_docker_backups_timer.changed or activate_all_timers
|
||||||
notify: restart cleanup-failed-docker-backups.timer
|
notify: restart cleanup-failed-docker-backups.timer
|
||||||
when: run_once_cleanup_failed_docker_backups is not defined
|
when: run_once_cleanup_failed_docker_backups is not defined
|
||||||
|
|
||||||
|
@ -5,4 +5,4 @@ OnFailure=systemd-notifier@%n.service
|
|||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ') }} --ignore {{system_maintenance_cleanup_services| join(' ') }} --timeout "{{sytem_maintenance_lock_timeoutbackup_services}}"'
|
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ') }} --ignore {{system_maintenance_cleanup_services| join(' ') }} --timeout "{{sytem_maintenance_lock_timeoutbackup_services}}"'
|
||||||
ExecStart=/bin/sh -c '/usr/bin/yes | /usr/bin/bash {{backup_docker_to_local_cleanup_folder}}cleanup.sh {{backup_docker_to_local_cleanup_machine_id}} {{backup_docker_to_local_cleanup_trigger_directory}}'
|
ExecStart=/bin/sh -c '/usr/bin/yes | /usr/bin/bash {{backup_docker_to_local_cleanup_folder}}cleanup-all.sh {{backup_docker_to_local_cleanup_trigger_directory}}'
|
@ -14,7 +14,7 @@ services:
|
|||||||
- env/run.env
|
- env/run.env
|
||||||
environment:
|
environment:
|
||||||
- AKAUNTING_SETUP
|
- AKAUNTING_SETUP
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
depends_on:
|
depends_on:
|
||||||
- database
|
- database
|
||||||
|
|
||||||
@ -23,6 +23,6 @@ services:
|
|||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
data:
|
data:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
database:
|
database:
|
||||||
{% endif %}
|
{% endif %}
|
@ -9,7 +9,7 @@ services:
|
|||||||
- .:/usr/share/nginx/html
|
- .:/usr/share/nginx/html
|
||||||
- .:/var/www
|
- .:/var/www
|
||||||
depends_on:
|
depends_on:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
- database
|
- database
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- maildev
|
- maildev
|
||||||
@ -20,7 +20,7 @@ services:
|
|||||||
worker:
|
worker:
|
||||||
image: attendize_worker:latest
|
image: attendize_worker:latest
|
||||||
depends_on:
|
depends_on:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
- database
|
- database
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- maildev
|
- maildev
|
||||||
@ -36,7 +36,7 @@ services:
|
|||||||
|
|
||||||
{% include 'templates/docker-redis-service.yml.j2' %}
|
{% include 'templates/docker-redis-service.yml.j2' %}
|
||||||
|
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
depends_on:
|
depends_on:
|
||||||
- database
|
- database
|
||||||
|
|
||||||
@ -45,6 +45,6 @@ services:
|
|||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
redis:
|
redis:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
database:
|
database:
|
||||||
{% endif %}
|
{% endif %}
|
@ -10,7 +10,7 @@ services:
|
|||||||
restart: always
|
restart: always
|
||||||
image: funkwhale/api:${FUNKWHALE_VERSION:-latest}
|
image: funkwhale/api:${FUNKWHALE_VERSION:-latest}
|
||||||
depends_on:
|
depends_on:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
- postgres
|
- postgres
|
||||||
% endif %}
|
% endif %}
|
||||||
- redis
|
- redis
|
||||||
@ -25,7 +25,7 @@ services:
|
|||||||
restart: always
|
restart: always
|
||||||
image: funkwhale/api:${FUNKWHALE_VERSION:-latest}
|
image: funkwhale/api:${FUNKWHALE_VERSION:-latest}
|
||||||
depends_on:
|
depends_on:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
- postgres
|
- postgres
|
||||||
% endif %}
|
% endif %}
|
||||||
- redis
|
- redis
|
||||||
@ -62,7 +62,7 @@ services:
|
|||||||
# override those variables in your .env file if needed
|
# override those variables in your .env file if needed
|
||||||
- "${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}:80"
|
- "${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}:80"
|
||||||
|
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
{% include 'templates/docker-postgres-service.yml.j2' %}
|
{% include 'templates/docker-postgres-service.yml.j2' %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
@ -70,6 +70,6 @@ volumes:
|
|||||||
data:
|
data:
|
||||||
redis:
|
redis:
|
||||||
|
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
database:
|
database:
|
||||||
{% endif %}
|
{% endif %}
|
@ -27,20 +27,18 @@ services:
|
|||||||
- data:/data
|
- data:/data
|
||||||
- /etc/timezone:/etc/timezone:ro
|
- /etc/timezone:/etc/timezone:ro
|
||||||
- /etc/localtime:/etc/localtime:ro
|
- /etc/localtime:/etc/localtime:ro
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
depends_on:
|
depends_on:
|
||||||
- database
|
- database
|
||||||
links:
|
|
||||||
- database
|
|
||||||
{% include 'templates/docker-mariadb-service.yml.j2' %}
|
{% include 'templates/docker-mariadb-service.yml.j2' %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
data:
|
data:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
database:
|
database:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
default:
|
default:
|
||||||
driver: bridge
|
driver: bridge
|
@ -33,7 +33,7 @@ services:
|
|||||||
- 'data:/var/opt/gitlab'
|
- 'data:/var/opt/gitlab'
|
||||||
shm_size: '256m'
|
shm_size: '256m'
|
||||||
depends_on:
|
depends_on:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
database:
|
database:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
{% endif %}
|
{% endif %}
|
||||||
@ -41,7 +41,7 @@ services:
|
|||||||
|
|
||||||
{% include 'templates/docker-redis-service.yml.j2' %}
|
{% include 'templates/docker-redis-service.yml.j2' %}
|
||||||
|
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
{% include 'templates/docker-postgres-service.yml.j2' %}
|
{% include 'templates/docker-postgres-service.yml.j2' %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
@ -50,6 +50,6 @@ volumes:
|
|||||||
config:
|
config:
|
||||||
logs:
|
logs:
|
||||||
data:
|
data:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
database:
|
database:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -11,8 +11,8 @@ services:
|
|||||||
JOOMLA_DB_PASSWORD: "{{database_password}}"
|
JOOMLA_DB_PASSWORD: "{{database_password}}"
|
||||||
JOOMLA_DB_NAME: "{{database_databasename}}"
|
JOOMLA_DB_NAME: "{{database_databasename}}"
|
||||||
restart: always
|
restart: always
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
links:
|
depends_on:
|
||||||
- database
|
- database
|
||||||
{% endif %}
|
{% endif %}
|
||||||
volumes:
|
volumes:
|
||||||
@ -20,12 +20,12 @@ services:
|
|||||||
ports:
|
ports:
|
||||||
- "127.0.0.1:{{http_port}}:80"
|
- "127.0.0.1:{{http_port}}:80"
|
||||||
|
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
{% include 'templates/docker-mariadb-service.yml.j2' %}
|
{% include 'templates/docker-mariadb-service.yml.j2' %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
data:
|
data:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
database:
|
database:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -12,7 +12,7 @@ services:
|
|||||||
volumes:
|
volumes:
|
||||||
- ./config.toml:/listmonk/config.toml
|
- ./config.toml:/listmonk/config.toml
|
||||||
|
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
depends_on:
|
depends_on:
|
||||||
- database
|
- database
|
||||||
|
|
||||||
|
@ -61,5 +61,5 @@
|
|||||||
src: "deploy-letsencrypt-mailu.timer.j2"
|
src: "deploy-letsencrypt-mailu.timer.j2"
|
||||||
dest: "/etc/systemd/system/deploy-letsencrypt-mailu.timer"
|
dest: "/etc/systemd/system/deploy-letsencrypt-mailu.timer"
|
||||||
register: deploy_letsencrypt_mailu_timer
|
register: deploy_letsencrypt_mailu_timer
|
||||||
changed_when: deploy_letsencrypt_mailu_timer.changed or activate_all_timers | bool
|
changed_when: deploy_letsencrypt_mailu_timer.changed or activate_all_timers
|
||||||
notify: restart deploy-letsencrypt-mailu.timer
|
notify: restart deploy-letsencrypt-mailu.timer
|
@ -49,7 +49,7 @@ services:
|
|||||||
depends_on:
|
depends_on:
|
||||||
resolver:
|
resolver:
|
||||||
condition: service_started
|
condition: service_started
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
database:
|
database:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
{% endif %}
|
{% endif %}
|
||||||
@ -71,7 +71,7 @@ services:
|
|||||||
- resolver
|
- resolver
|
||||||
- front
|
- front
|
||||||
- redis
|
- redis
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
- database
|
- database
|
||||||
{% endif %}
|
{% endif %}
|
||||||
logging:
|
logging:
|
||||||
@ -202,12 +202,12 @@ services:
|
|||||||
- webmail
|
- webmail
|
||||||
dns:
|
dns:
|
||||||
- 192.168.203.254
|
- 192.168.203.254
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
{% include 'templates/docker-postgres-service.yml.j2' %}
|
{% include 'templates/docker-postgres-service.yml.j2' %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
database:
|
database:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
smtp_queue:
|
smtp_queue:
|
||||||
|
@ -20,7 +20,7 @@ services:
|
|||||||
ports:
|
ports:
|
||||||
- "127.0.0.1:{{http_port}}:3000"
|
- "127.0.0.1:{{http_port}}:3000"
|
||||||
depends_on:
|
depends_on:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
- database
|
- database
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- redis
|
- redis
|
||||||
@ -42,7 +42,7 @@ services:
|
|||||||
ports:
|
ports:
|
||||||
- "127.0.0.1:{{stream_port}}:4000"
|
- "127.0.0.1:{{stream_port}}:4000"
|
||||||
depends_on:
|
depends_on:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
- database
|
- database
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- redis
|
- redis
|
||||||
@ -54,7 +54,7 @@ services:
|
|||||||
env_file: .env.production
|
env_file: .env.production
|
||||||
command: bundle exec sidekiq
|
command: bundle exec sidekiq
|
||||||
depends_on:
|
depends_on:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
- database
|
- database
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- redis
|
- redis
|
||||||
@ -67,12 +67,12 @@ services:
|
|||||||
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
|
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
|
||||||
logging:
|
logging:
|
||||||
driver: journald
|
driver: journald
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
{% include 'templates/docker-postgres-service.yml.j2' %}
|
{% include 'templates/docker-postgres-service.yml.j2' %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
database:
|
database:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
redis:
|
redis:
|
||||||
|
@ -8,7 +8,7 @@ server {
|
|||||||
|
|
||||||
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
||||||
|
|
||||||
{% if nginx_matomo_tracking | bool %}
|
{% if nginx_matomo_tracking %}
|
||||||
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
|
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
@ -16,14 +16,14 @@ services:
|
|||||||
MATOMO_DATABASE_DBNAME: "{{database_databasename}}"
|
MATOMO_DATABASE_DBNAME: "{{database_databasename}}"
|
||||||
volumes:
|
volumes:
|
||||||
- data:/var/www/html
|
- data:/var/www/html
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
depends_on:
|
depends_on:
|
||||||
- database
|
- database
|
||||||
{% include 'templates/docker-mariadb-service.yml.j2' %}
|
{% include 'templates/docker-mariadb-service.yml.j2' %}
|
||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
volumes:
|
volumes:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
database:
|
database:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
data:
|
data:
|
||||||
|
@ -16,7 +16,7 @@ services:
|
|||||||
- SYNAPSE_REPORT_STATS=no
|
- SYNAPSE_REPORT_STATS=no
|
||||||
ports:
|
ports:
|
||||||
- "127.0.0.1:{{synapse_http_port}}:8008"
|
- "127.0.0.1:{{synapse_http_port}}:8008"
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
depends_on:
|
depends_on:
|
||||||
- database
|
- database
|
||||||
{% include 'templates/docker-postgres-service.yml.j2' %}
|
{% include 'templates/docker-postgres-service.yml.j2' %}
|
||||||
@ -60,7 +60,7 @@ services:
|
|||||||
# - instagram_bridge_data:/data
|
# - instagram_bridge_data:/data
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
database:
|
database:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
synapse_data:
|
synapse_data:
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
log_driver: journald
|
log_driver: journald
|
||||||
image: mediawiki
|
image: mediawiki
|
||||||
restart: always
|
restart: always
|
||||||
links:
|
depends_on:
|
||||||
- database
|
- database
|
||||||
volumes:
|
volumes:
|
||||||
- "mediawiki-data:/var/www/html/"
|
- "mediawiki-data:/var/www/html/"
|
||||||
|
@ -9,7 +9,7 @@ services:
|
|||||||
restart: always
|
restart: always
|
||||||
volumes:
|
volumes:
|
||||||
- data:/var/www/html
|
- data:/var/www/html
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
depends_on:
|
depends_on:
|
||||||
- database
|
- database
|
||||||
{% endif %}
|
{% endif %}
|
||||||
@ -26,12 +26,12 @@ services:
|
|||||||
- "{{docker_compose_instance_confd_directory}}:{{target_mount_conf_d_directory}}:ro"
|
- "{{docker_compose_instance_confd_directory}}:{{target_mount_conf_d_directory}}:ro"
|
||||||
- "data:/var/www/html:ro"
|
- "data:/var/www/html:ro"
|
||||||
|
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
{% include 'templates/docker-mariadb-service.yml.j2' %}
|
{% include 'templates/docker-mariadb-service.yml.j2' %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
database:
|
database:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
data:
|
data:
|
||||||
|
@ -13,7 +13,7 @@ services:
|
|||||||
MYSQL_USER: "{{database_username}}"
|
MYSQL_USER: "{{database_username}}"
|
||||||
MYSQL_PASSWORD: "{{database_password}}"
|
MYSQL_PASSWORD: "{{database_password}}"
|
||||||
MYSQL_HOST: {{database_host}}:3306
|
MYSQL_HOST: {{database_host}}:3306
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
depends_on:
|
depends_on:
|
||||||
- database
|
- database
|
||||||
|
|
||||||
@ -45,12 +45,12 @@ services:
|
|||||||
- data:/var/www/html
|
- data:/var/www/html
|
||||||
entrypoint: /cron.sh
|
entrypoint: /cron.sh
|
||||||
depends_on:
|
depends_on:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
- database
|
- database
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- redis
|
- redis
|
||||||
volumes:
|
volumes:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
database:
|
database:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
data:
|
data:
|
||||||
|
@ -4,7 +4,7 @@ server
|
|||||||
|
|
||||||
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
||||||
|
|
||||||
{% if nginx_matomo_tracking | bool %}
|
{% if nginx_matomo_tracking %}
|
||||||
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
|
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
@ -5,7 +5,7 @@ networks:
|
|||||||
backend:
|
backend:
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
database:
|
database:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
data:
|
data:
|
||||||
@ -30,13 +30,13 @@ x-op-app: &app
|
|||||||
IMAP_ENABLED: "${IMAP_ENABLED:-false}"
|
IMAP_ENABLED: "${IMAP_ENABLED:-false}"
|
||||||
volumes:
|
volumes:
|
||||||
- "data:/var/openproject/assets"
|
- "data:/var/openproject/assets"
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
- "database:/var/openproject/pgdata"
|
- "database:/var/openproject/pgdata"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
services:
|
services:
|
||||||
|
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
{% include 'templates/docker-postgres-service.yml.j2' %}
|
{% include 'templates/docker-postgres-service.yml.j2' %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
networks:
|
networks:
|
||||||
@ -62,7 +62,7 @@ services:
|
|||||||
- frontend
|
- frontend
|
||||||
volumes:
|
volumes:
|
||||||
- "data:/var/openproject/assets"
|
- "data:/var/openproject/assets"
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
- "database:/var/openproject/pgdata"
|
- "database:/var/openproject/pgdata"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
@ -73,7 +73,7 @@ services:
|
|||||||
- frontend
|
- frontend
|
||||||
- backend
|
- backend
|
||||||
depends_on:
|
depends_on:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
- database
|
- database
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- cache
|
- cache
|
||||||
@ -102,7 +102,7 @@ services:
|
|||||||
networks:
|
networks:
|
||||||
- backend
|
- backend
|
||||||
depends_on:
|
depends_on:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
- database
|
- database
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- cache
|
- cache
|
||||||
@ -114,7 +114,7 @@ services:
|
|||||||
networks:
|
networks:
|
||||||
- backend
|
- backend
|
||||||
depends_on:
|
depends_on:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
- database
|
- database
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- cache
|
- cache
|
||||||
|
@ -15,7 +15,7 @@ services:
|
|||||||
restart: "always"
|
restart: "always"
|
||||||
depends_on:
|
depends_on:
|
||||||
- redis
|
- redis
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
- database
|
- database
|
||||||
|
|
||||||
{% include 'templates/docker-postgres-service.yml.j2' %}
|
{% include 'templates/docker-postgres-service.yml.j2' %}
|
||||||
@ -27,7 +27,7 @@ services:
|
|||||||
- .env
|
- .env
|
||||||
volumes:
|
volumes:
|
||||||
assets:
|
assets:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
database:
|
database:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
data:
|
data:
|
||||||
|
@ -3,7 +3,7 @@ server {
|
|||||||
|
|
||||||
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
||||||
|
|
||||||
{% if nginx_matomo_tracking | bool %}
|
{% if nginx_matomo_tracking %}
|
||||||
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
|
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
@ -15,7 +15,7 @@ services:
|
|||||||
ports:
|
ports:
|
||||||
- "{{http_port}}:80"
|
- "{{http_port}}:80"
|
||||||
depends_on:
|
depends_on:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
- database
|
- database
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- redis
|
- redis
|
||||||
@ -39,7 +39,7 @@ services:
|
|||||||
depends_on:
|
depends_on:
|
||||||
- redis
|
- redis
|
||||||
- application
|
- application
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
|
|
||||||
- database
|
- database
|
||||||
|
|
||||||
@ -49,7 +49,7 @@ services:
|
|||||||
{% include 'templates/docker-redis-service.yml.j2' %}
|
{% include 'templates/docker-redis-service.yml.j2' %}
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
database:
|
database:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
redis:
|
redis:
|
||||||
|
@ -17,7 +17,7 @@ services:
|
|||||||
WORDPRESS_DB_NAME: "{{database_databasename}}"
|
WORDPRESS_DB_NAME: "{{database_databasename}}"
|
||||||
volumes:
|
volumes:
|
||||||
- data:/var/www/html
|
- data:/var/www/html
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
depends_on:
|
depends_on:
|
||||||
- database
|
- database
|
||||||
|
|
||||||
@ -25,7 +25,7 @@ services:
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
database:
|
database:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
data:
|
data:
|
||||||
|
@ -16,7 +16,7 @@ services:
|
|||||||
YOURLS_SITE: "https://{{domain}}"
|
YOURLS_SITE: "https://{{domain}}"
|
||||||
YOURLS_USER: "{{yourls_user}}"
|
YOURLS_USER: "{{yourls_user}}"
|
||||||
YOURLS_PASS: "{{yourls_user_password}}"
|
YOURLS_PASS: "{{yourls_user_password}}"
|
||||||
{% if not ( enable_central_database | lower | bool ) %}
|
{% if not enable_central_database %}
|
||||||
depends_on:
|
depends_on:
|
||||||
- database
|
- database
|
||||||
|
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
src: heal-docker.timer.j2
|
src: heal-docker.timer.j2
|
||||||
dest: "/etc/systemd/system/heal-docker.timer"
|
dest: "/etc/systemd/system/heal-docker.timer"
|
||||||
register: heal_docker_timer
|
register: heal_docker_timer
|
||||||
changed_when: heal_docker_timer.changed or activate_all_timers | bool
|
changed_when: heal_docker_timer.changed or activate_all_timers
|
||||||
notify: restart heal-docker.timer
|
notify: restart heal-docker.timer
|
||||||
when: run_once_heal_docker is not defined
|
when: run_once_heal_docker is not defined
|
||||||
|
|
||||||
|
@ -20,5 +20,5 @@
|
|||||||
src: health-btrfs.timer.j2
|
src: health-btrfs.timer.j2
|
||||||
dest: "/etc/systemd/system/health-btrfs.timer"
|
dest: "/etc/systemd/system/health-btrfs.timer"
|
||||||
register: health_btrs_timer
|
register: health_btrs_timer
|
||||||
changed_when: health_btrs_timer.changed or activate_all_timers | bool
|
changed_when: health_btrs_timer.changed or activate_all_timers
|
||||||
notify: restart health-btrfs.timer
|
notify: restart health-btrfs.timer
|
||||||
|
@ -20,5 +20,5 @@
|
|||||||
src: health-disc-space.timer.j2
|
src: health-disc-space.timer.j2
|
||||||
dest: /etc/systemd/system/health-disc-space.timer
|
dest: /etc/systemd/system/health-disc-space.timer
|
||||||
register: health_disc_space_timer
|
register: health_disc_space_timer
|
||||||
changed_when: health_disc_space_timer.changed or activate_all_timers | bool
|
changed_when: health_disc_space_timer.changed or activate_all_timers
|
||||||
notify: restart health-disc-space.timer
|
notify: restart health-disc-space.timer
|
||||||
|
@ -21,7 +21,7 @@
|
|||||||
src: health-docker-container.timer.j2
|
src: health-docker-container.timer.j2
|
||||||
dest: "/etc/systemd/system/health-docker-container.timer"
|
dest: "/etc/systemd/system/health-docker-container.timer"
|
||||||
register: health_docker_container_timer
|
register: health_docker_container_timer
|
||||||
changed_when: health_docker_container_timer.changed or activate_all_timers | bool
|
changed_when: health_docker_container_timer.changed or activate_all_timers
|
||||||
notify: restart health-docker-container.timer
|
notify: restart health-docker-container.timer
|
||||||
when: run_once_health_docker_container is not defined
|
when: run_once_health_docker_container is not defined
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@
|
|||||||
src: health-docker-volumes.timer.j2
|
src: health-docker-volumes.timer.j2
|
||||||
dest: "/etc/systemd/system/health-docker-volumes.timer"
|
dest: "/etc/systemd/system/health-docker-volumes.timer"
|
||||||
register: health_docker_volumes_timer
|
register: health_docker_volumes_timer
|
||||||
changed_when: health_docker_volumes_timer.changed or activate_all_timers | bool
|
changed_when: health_docker_volumes_timer.changed or activate_all_timers
|
||||||
notify: restart health-docker-volumes.timer
|
notify: restart health-docker-volumes.timer
|
||||||
when: run_once_health_docker_volumes is not defined
|
when: run_once_health_docker_volumes is not defined
|
||||||
|
|
||||||
|
@ -20,5 +20,5 @@
|
|||||||
src: health-journalctl.timer.j2
|
src: health-journalctl.timer.j2
|
||||||
dest: /etc/systemd/system/health-journalctl.timer
|
dest: /etc/systemd/system/health-journalctl.timer
|
||||||
register: health_journalctl_timer
|
register: health_journalctl_timer
|
||||||
changed_when: health_journalctl_timer.changed or activate_all_timers | bool
|
changed_when: health_journalctl_timer.changed or activate_all_timers
|
||||||
notify: restart health-journalctl.timer
|
notify: restart health-journalctl.timer
|
||||||
|
@ -29,7 +29,7 @@
|
|||||||
src: health-nginx.timer.j2
|
src: health-nginx.timer.j2
|
||||||
dest: "/etc/systemd/system/health-nginx.timer"
|
dest: "/etc/systemd/system/health-nginx.timer"
|
||||||
register: health_nginx_timer
|
register: health_nginx_timer
|
||||||
changed_when: health_nginx_timer.changed or activate_all_timers | bool
|
changed_when: health_nginx_timer.changed or activate_all_timers
|
||||||
notify: restart health-nginx.timer
|
notify: restart health-nginx.timer
|
||||||
when: run_once_health_nginx is not defined
|
when: run_once_health_nginx is not defined
|
||||||
|
|
||||||
|
@ -31,7 +31,7 @@ for filename in os.listdir(config_path):
|
|||||||
# Determine expected status codes based on the domain
|
# Determine expected status codes based on the domain
|
||||||
if domain == '{{domain_listmonk}}':
|
if domain == '{{domain_listmonk}}':
|
||||||
expected_statuses = [401]
|
expected_statuses = [401]
|
||||||
{% if nginx_matomo_tracking | bool %}
|
{% if nginx_matomo_tracking %}
|
||||||
elif parts[0] == 'www' or domain in redirected_domains:
|
elif parts[0] == 'www' or domain in redirected_domains:
|
||||||
expected_statuses = [301]
|
expected_statuses = [301]
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -16,7 +16,7 @@
|
|||||||
src: certbot.timer.j2
|
src: certbot.timer.j2
|
||||||
dest: /etc/systemd/system/certbot.timer
|
dest: /etc/systemd/system/certbot.timer
|
||||||
register: certbot_timer
|
register: certbot_timer
|
||||||
changed_when: certbot_timer.changed or activate_all_timers | bool
|
changed_when: certbot_timer.changed or activate_all_timers
|
||||||
notify: restart certbot timer
|
notify: restart certbot timer
|
||||||
when: run_once_nginx_certbot is not defined
|
when: run_once_nginx_certbot is not defined
|
||||||
|
|
||||||
|
@ -3,7 +3,7 @@ server
|
|||||||
server_name {{domain}};
|
server_name {{domain}};
|
||||||
|
|
||||||
# Include Matomo Tracking Code
|
# Include Matomo Tracking Code
|
||||||
{% if nginx_matomo_tracking | bool %}
|
{% if nginx_matomo_tracking %}
|
||||||
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
|
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
@ -5,7 +5,7 @@ server
|
|||||||
|
|
||||||
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
||||||
|
|
||||||
{% if nginx_matomo_tracking | bool %}
|
{% if nginx_matomo_tracking %}
|
||||||
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
|
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
systemd:
|
systemd:
|
||||||
name: backup-docker-to-local-everything.service
|
name: backup-docker-to-local-everything.service
|
||||||
state: started
|
state: started
|
||||||
when: force_backup_before_update | bool
|
when: force_backup_before_update
|
||||||
|
|
||||||
- name: create {{update_docker_script}}
|
- name: create {{update_docker_script}}
|
||||||
copy:
|
copy:
|
||||||
|
@ -8,7 +8,16 @@
|
|||||||
ssh_key_type: rsa
|
ssh_key_type: rsa
|
||||||
ssh_key_bits: 8192
|
ssh_key_bits: 8192
|
||||||
when: run_once_user_administrator is not defined
|
when: run_once_user_administrator is not defined
|
||||||
|
|
||||||
|
- name: "set correct rights for {{path_administrator_home}}"
|
||||||
|
file:
|
||||||
|
path: "{{path_administrator_home}}"
|
||||||
|
state: directory
|
||||||
|
owner: administrator
|
||||||
|
group: administrator
|
||||||
|
mode: 0700
|
||||||
|
when: run_once_user_administrator is not defined
|
||||||
|
|
||||||
- name: "create {{path_administrator_scripts}}"
|
- name: "create {{path_administrator_scripts}}"
|
||||||
file:
|
file:
|
||||||
path: "{{path_administrator_home}}scripts"
|
path: "{{path_administrator_home}}scripts"
|
||||||
|
29
roles/user-root/README.md
Normal file
29
roles/user-root/README.md
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
Certainly! Below is a README file in English for an Ansible role that includes the tasks you've provided:
|
||||||
|
# Root User
|
||||||
|
|
||||||
|
## Overview
|
||||||
|
This Ansible role is designed to manage the generation and handling of an SSH key for the root user on a target system. It ensures that an SSH key is generated if it does not already exist and displays the public key. This role is particularly useful for setting up secure SSH access for root users in automated environments.
|
||||||
|
|
||||||
|
## Role Variables
|
||||||
|
- `run_once_user_root`: A variable to ensure that certain tasks are only run once. This is used for idempotency purposes.
|
||||||
|
|
||||||
|
## Tasks
|
||||||
|
1. **Check if the SSH key for root already exists**: Verifies the existence of an SSH public key for the root user.
|
||||||
|
2. **Generate a SSH key for root if it does not exist**: Generates a new SSH key pair (RSA 4096 bits) for the root user if it is not already present.
|
||||||
|
3. **Display the public SSH key**: Outputs the content of the generated public SSH key.
|
||||||
|
4. **Output the public SSH key**: Debug task to display the SSH public key in the Ansible output.
|
||||||
|
5. **Run the user_root tasks once**: Sets a fact to ensure that the tasks for generating and displaying the key are executed only once.
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
To use this role, include it in your playbook and set any necessary variables in your playbook's `vars` section. Ensure you have the necessary permissions to execute tasks as the root user.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
- hosts: servers
|
||||||
|
become: yes
|
||||||
|
roles:
|
||||||
|
- ssh_key_generator_root
|
||||||
|
```
|
||||||
|
|
||||||
|
## Important Notes
|
||||||
|
- Running this role will affect the root user's SSH configuration on the target system. Ensure you understand the implications of modifying root SSH keys.
|
||||||
|
- Always test the role in a controlled environment before deploying to production.
|
26
roles/user-root/tasks/main.yml
Normal file
26
roles/user-root/tasks/main.yml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
- name: Check if the SSH key for root already exists
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "/root/.ssh/id_rsa.pub"
|
||||||
|
register: ssh_key
|
||||||
|
|
||||||
|
- name: Generate a SSH key for root if it does not exist
|
||||||
|
ansible.builtin.openssh_keypair:
|
||||||
|
path: "/root/.ssh/id_rsa"
|
||||||
|
type: rsa
|
||||||
|
size: 4096
|
||||||
|
when: not ssh_key.stat.exists and run_once_user_administrator is not defined
|
||||||
|
|
||||||
|
- name: Display the public SSH key
|
||||||
|
command: cat /root/.ssh/id_rsa.pub
|
||||||
|
register: public_key
|
||||||
|
when: not ssh_key.stat.exists and run_once_user_administrator is not defined
|
||||||
|
|
||||||
|
- name: Output the public SSH key
|
||||||
|
debug:
|
||||||
|
msg: "{{ public_key.stdout }}"
|
||||||
|
when: not ssh_key.stat.exists and run_once_user_administrator is not defined
|
||||||
|
|
||||||
|
- name: run the user_administrator tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_user_administrator: true
|
||||||
|
when: run_once_user_administrator is not defined
|
@ -1,4 +1,4 @@
|
|||||||
- name: Activate NGINX matomo tracking
|
- name: Activate NGINX matomo tracking
|
||||||
include_role:
|
include_role:
|
||||||
name: nginx-matomo-tracking
|
name: nginx-matomo-tracking
|
||||||
when: nginx_matomo_tracking | bool and domain is defined
|
when: nginx_matomo_tracking and domain is defined
|
Loading…
Reference in New Issue
Block a user