mirror of
https://github.com/Crocmagnon/ansible.git
synced 2024-11-23 15:58:04 +01:00
Compare commits
17 commits
32d5c75883
...
7cdcbd9d87
Author | SHA1 | Date | |
---|---|---|---|
7cdcbd9d87 | |||
62b42a9a85 | |||
b0efecdd53 | |||
3bb3d926e1 | |||
b3706204ce | |||
c6b4cb700b | |||
85623a90f8 | |||
cc3d3687b7 | |||
9bc26be65d | |||
3bcb33d76c | |||
ed9fe33ccb | |||
638574dd10 | |||
12eaa03650 | |||
624fb2492a | |||
045933d7d4 | |||
54485d1ae1 | |||
c41144cfeb |
67 changed files with 940 additions and 102 deletions
|
@ -3,4 +3,6 @@ profile: production
|
|||
strict: true
|
||||
exclude_paths:
|
||||
- "**/*docker-compose.yaml"
|
||||
- "**/*docker-compose.yml"
|
||||
- .github/
|
||||
- .pre-commit-config.yaml
|
||||
|
|
|
@ -14,11 +14,8 @@ jobs:
|
|||
- name: Setup Python
|
||||
uses: actions/setup-python@v5.2.0
|
||||
with:
|
||||
# Version range or exact version of Python or PyPy to use, using SemVer's version range syntax. Reads from .python-version if unset.
|
||||
python-version: 3
|
||||
# Used to specify a package manager for caching in the default directory. Supported values: pip, pipenv, poetry.
|
||||
cache: pip
|
||||
# Set this option if you want the action to check for the latest available version that satisfies the version spec.
|
||||
check-latest: true
|
||||
- name: Run ansible
|
||||
env:
|
||||
|
@ -28,6 +25,7 @@ jobs:
|
|||
ANSIBLE_INVENTORY: inventories/github.yaml
|
||||
ANSIBLE_VAULT_PASSWORD_FILE: vault.pass
|
||||
ANSIBLE_FORCE_COLOR: "true"
|
||||
ANSIBLE_ROLES_PATH: "./roles"
|
||||
run: |
|
||||
echo '${{ secrets.ANSIBLE_VAULT_PASSWORD }}' > $ANSIBLE_VAULT_PASSWORD_FILE
|
||||
ls $ANSIBLE_VAULT_PASSWORD_FILE
|
32
.github/workflows/dry-run.yml
vendored
Normal file
32
.github/workflows/dry-run.yml
vendored
Normal file
|
@ -0,0 +1,32 @@
|
|||
on:
|
||||
workflow_dispatch:
|
||||
pull_request:
|
||||
|
||||
jobs:
|
||||
ansible:
|
||||
name: dry-run ansible
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@v5.2.0
|
||||
with:
|
||||
python-version: 3
|
||||
cache: pip
|
||||
check-latest: true
|
||||
- name: Run ansible
|
||||
env:
|
||||
DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
|
||||
DEPLOY_PORT: ${{ secrets.DEPLOY_PORT }}
|
||||
DEPLOY_USERNAME: ${{ secrets.DEPLOY_USERNAME }}
|
||||
ANSIBLE_INVENTORY: inventories/github.yaml
|
||||
ANSIBLE_VAULT_PASSWORD_FILE: vault.pass
|
||||
ANSIBLE_FORCE_COLOR: "true"
|
||||
ANSIBLE_ROLES_PATH: "./roles"
|
||||
run: |
|
||||
echo '${{ secrets.ANSIBLE_VAULT_PASSWORD }}' > $ANSIBLE_VAULT_PASSWORD_FILE
|
||||
ls $ANSIBLE_VAULT_PASSWORD_FILE
|
||||
export KEY_FILE=$(mktemp)
|
||||
echo "${{ secrets.DEPLOY_KEY }}" > $KEY_FILE
|
||||
ansible-playbook playbooks/all.yaml --check
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,2 +1,3 @@
|
|||
vault.pass
|
||||
.idea
|
||||
.cache_ggshield
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
[env]
|
||||
ANSIBLE_INVENTORY = "{{config_root}}/inventories/local.yaml"
|
||||
ANSIBLE_VAULT_PASSWORD_FILE = "{{config_root}}/vault.pass"
|
||||
ANSIBLE_ROLES_PATH = "{{config_root}}/roles"
|
||||
|
|
|
@ -5,6 +5,7 @@ ci:
|
|||
# build of https://github.com/ansible/ansible-lint:ansible@v24.9.2 for python@python3 exceeds tier max size 250MiB: 405.6MiB
|
||||
- ansible-lint
|
||||
- ggshield
|
||||
- caddy-fmt
|
||||
|
||||
repos:
|
||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||
|
@ -37,3 +38,10 @@ repos:
|
|||
rev: v1.32.1
|
||||
hooks:
|
||||
- id: ggshield
|
||||
- repo: local
|
||||
hooks:
|
||||
- id: caddy-fmt
|
||||
name: caddy fmt
|
||||
language: system
|
||||
entry: caddy fmt --overwrite
|
||||
files: Caddyfile
|
||||
|
|
3
ansible.cfg
Normal file
3
ansible.cfg
Normal file
|
@ -0,0 +1,3 @@
|
|||
[defaults]
|
||||
callbacks_enabled = timer, profile_tasks
|
||||
pipelining = True
|
8
new-app
Executable file
8
new-app
Executable file
|
@ -0,0 +1,8 @@
|
|||
#!/bin/bash
|
||||
|
||||
echo "creating directories for '$1'"
|
||||
mkdir -p "playbooks/apps/files/$1"
|
||||
mkdir -p "playbooks/apps/templates/$1"
|
||||
cp playbooks/apps/template.yaml.dist "playbooks/apps/$1.yaml"
|
||||
sed -i '' "s/==APP==/$1/g" "playbooks/apps/$1.yaml"
|
||||
echo "done"
|
|
@ -1,8 +1,14 @@
|
|||
---
|
||||
- import_playbook: bin.yaml # noqa: name[play]
|
||||
- import_playbook: caddy.yaml # noqa: name[play]
|
||||
- import_playbook: charasheet.yaml # noqa: name[play]
|
||||
- import_playbook: checkout.yaml # noqa: name[play]
|
||||
- import_playbook: code.yaml # noqa: name[play]
|
||||
- import_playbook: collabora.yaml # noqa: name[play]
|
||||
- import_playbook: ghost-update.yaml # noqa: name[play]
|
||||
- import_playbook: gitea.yaml # noqa: name[play]
|
||||
- import_playbook: goatcounter.yaml # noqa: name[play]
|
||||
- import_playbook: lyon-transports.yaml # noqa: name[play]
|
||||
- import_playbook: manuels.yaml # noqa: name[play]
|
||||
- import_playbook: test_headers.yaml # noqa: name[play]
|
||||
- import_playbook: wallabag.yaml # noqa: name[play]
|
||||
|
|
65
playbooks/apps/bin.yaml
Normal file
65
playbooks/apps/bin.yaml
Normal file
|
@ -0,0 +1,65 @@
|
|||
---
|
||||
- name: Bin files & scripts
|
||||
hosts: servers
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Write bin files
|
||||
ansible.builtin.copy:
|
||||
src: "{{ item }}"
|
||||
dest: /mnt/data/bin/
|
||||
mode: preserve
|
||||
with_fileglob:
|
||||
- files/bin/*
|
||||
- name: Template bin files
|
||||
ansible.builtin.template:
|
||||
src: "{{ item }}"
|
||||
dest: /mnt/data/bin/{{ item | basename | regex_replace('\.j2$', '') }}
|
||||
mode: preserve
|
||||
with_fileglob:
|
||||
- templates/bin/*.j2
|
||||
vars:
|
||||
ghost_db_password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
35343430343439653064613033383830396264306538376535346637613166376663393062353132
|
||||
6537386534656239333731313938653539643165323532380a336162663839303339623266383662
|
||||
39346464306261633239363665666334613064393432663335313431326463376637356437653262
|
||||
3161633364303839300a366135653466313836376361326165303465396438333962386230336133
|
||||
34643963356538356464366433373464316337636337386430373265633336636537
|
||||
healthcheck_webhook_token: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
61303433666361376638353034323834623935393834346362623538663936303764363866636164
|
||||
3364306166303430343532623935373838333632323032360a373330376464376438613764326662
|
||||
32653135316361636163356363623364323537396236333233313933336565373530313363303536
|
||||
3339613565313033360a346438376336386638653534356333633439613530396139383635643439
|
||||
33313266373566376162643536386365386132346261623733343762356639396436
|
||||
hetrixtools_token: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
38663431333361643538646361353237613930646135633962386639376333366230343131633562
|
||||
6531646235333565656266613236313133653563323737340a643931643366396236393935363038
|
||||
34613661373863623033616431363531633136303830363434393135613365353938656337353936
|
||||
6563353164313363380a613039623761613632306364616365316332333563306636356238636532
|
||||
34333035346534383064346561316665343233373031353238383864386365393234356137396332
|
||||
3363323336613962386638633539393636663461323035333065
|
||||
ovh_app_key: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
30646561656638353734373835386238383365393064656439646437326432383663666263623431
|
||||
3639346366646538336333323161656562646266373233320a356136386234646234363732376266
|
||||
33316461326132336534326266636239386532656262353034333434653933333637616332616632
|
||||
6562643965353037660a656631656563633136356565323536363738663461653736303864383630
|
||||
38346637396239316163666661373439656462623861653063393464616530323633
|
||||
ovh_app_secret: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
32396331666132363362313331633832303562633932353963636533663132353465636331653134
|
||||
6466613637373933623063623563663331373764393262360a643030663036366335646234646335
|
||||
38393036626139653733313362323866336164343335656635343564366439663264363866336137
|
||||
6464346632396630610a303337316535326633376235383963313865373064363064306134323231
|
||||
39633061336366393563366636656339623134323531613462636334636264353934303963633437
|
||||
6161656465303732373366386134666234363636613832333166
|
||||
ovh_consumer_key: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
33623537363436363139346132353336383930333133643535383465373163636266356262306466
|
||||
6563363661353337626462313338633465333865626162350a306332313233356366386236393066
|
||||
66363735386566623335613966353462613963386435636537663235366134336461363837336638
|
||||
3466633264626636620a613634653933333332386365393639343030616234376537373635343237
|
||||
37373364303732343264623239353837613435363363393862383765376435376166343237333664
|
||||
3330623266383462666564376166373032393361653234633863
|
29
playbooks/apps/charasheet.yaml
Normal file
29
playbooks/apps/charasheet.yaml
Normal file
|
@ -0,0 +1,29 @@
|
|||
---
|
||||
- name: Charasheet
|
||||
hosts: servers
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Docker
|
||||
ansible.builtin.include_role:
|
||||
name: docker
|
||||
|
||||
vars:
|
||||
docker_app_name: charasheet
|
||||
secret_key: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
35666131616231643064336266303061326534356131666364633932373330663637343836353837
|
||||
3438356431373434613435613165313631333133396133360a363335326135613537633132306530
|
||||
33623239356433393361393737386461626230613561326632623736303038303130396530353538
|
||||
3561613065623130620a306631393062613161333335366261386534623539646361663736306432
|
||||
30636239663263623938383137363034633061343163393665363932376662663063336634316261
|
||||
63363166656462343763343263373535353763303939316430613335653033303036313864616234
|
||||
313763346663393432323132386536326636
|
||||
mailgun_api_key: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
38613137366132646234316137646431373839343530316536326230643035643635643431663064
|
||||
6531316662373736656230336361353261633862323939310a353637366466643334333436373464
|
||||
34616564303465396333326333393462343339643636653231623536613431623135373836626261
|
||||
6632633330383265350a316632303961643363393332636635313333643561653031313038396535
|
||||
37666334346634306263613063383061393264366163633939373165616461383831383364353364
|
||||
33383366326138373862323166653531363233643861363132336363306137363737356633643235
|
||||
393863373065633639656232373732383632
|
28
playbooks/apps/checkout.yaml
Normal file
28
playbooks/apps/checkout.yaml
Normal file
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
- name: Checkout
|
||||
hosts: servers
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Docker
|
||||
ansible.builtin.include_role:
|
||||
name: docker
|
||||
|
||||
vars:
|
||||
docker_app_name: checkout
|
||||
secret_key: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
33393761643061393863616663323863663033313865383135663939636433393730643831616231
|
||||
6661313965396164373665663063653461336230313762640a643763346132663238613362336563
|
||||
35643862643139306333346163646161323031376237623661333434326639303233666135616635
|
||||
3135333138336164380a396666363830316237643432366237626431616565376261336534346366
|
||||
64656461343037323137643235373836633766366465373335653162623564653235623362303732
|
||||
34313332316165643437613737663461656231326530356334353237643633303133306561303762
|
||||
643439313139613931313630636333626532
|
||||
mailgun_api_key: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
34656232613133373865613436623261656331663632666334626664366238636564633931613534
|
||||
3137313234343739333738386664333532613066383533610a613337383462393432303235366132
|
||||
30333433353362653765343638346639333735356631633633633633663863396139646431393463
|
||||
3031346139393432390a336235363635653461303762393731313034393566333031356434386362
|
||||
37333861343838623338663062303539616331323262643031613130363766626261653130373631
|
||||
3063393236333239363366333338303665363930303031373965
|
19
playbooks/apps/code.yaml
Normal file
19
playbooks/apps/code.yaml
Normal file
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
- name: Visual Studio Code
|
||||
hosts: servers
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Docker
|
||||
ansible.builtin.include_role:
|
||||
name: docker
|
||||
|
||||
vars:
|
||||
docker_app_name: code
|
||||
password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
65333933333436616332666161653932633431333334636364346239346530336337303939643435
|
||||
3935336230623135343638646130313936363034396665650a653066313862326632333130656164
|
||||
38346631366162393833333361633663636362653530666466376162643534303866363261373033
|
||||
6339303930656638660a626635313736663065373535613132326531343737396662626434373039
|
||||
38646136383662346264613534373663326136393361323933383062346336346264643731303333
|
||||
6132373439346165313066353334353532393262346435306134
|
19
playbooks/apps/collabora.yaml
Normal file
19
playbooks/apps/collabora.yaml
Normal file
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
- name: Collabora
|
||||
hosts: servers
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Docker
|
||||
ansible.builtin.include_role:
|
||||
name: docker
|
||||
|
||||
vars:
|
||||
docker_app_name: collabora
|
||||
password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
64396634656334643030623536313236663438653730663266346530326233353836656339356631
|
||||
3762666139313164663236323936626530623334356663620a336232383763333039643834636131
|
||||
66396663393662316535346530656636343931383833313234653338623934346265363563366138
|
||||
3838653135306563340a656661343434663230336566396335633165356663633030383065626233
|
||||
34633162303534353231636537613262653865646231313464316164653239376166316266663963
|
||||
6163643335386535366239363637613066306661343866393433
|
|
@ -142,7 +142,7 @@ ghost.augendre.info {
|
|||
import common_headers
|
||||
redir / /ghost/
|
||||
|
||||
reverse_proxy localhost:2368
|
||||
reverse_proxy localhost:2368
|
||||
}
|
||||
|
||||
voyages-lois.augendre.info {
|
||||
|
|
3
playbooks/apps/files/bin/clean-old-backups
Executable file
3
playbooks/apps/files/bin/clean-old-backups
Executable file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
find /mnt/data/backups/hass/* -mtime +5 -delete
|
8
playbooks/apps/files/bin/cron2bash
Executable file
8
playbooks/apps/files/bin/cron2bash
Executable file
|
@ -0,0 +1,8 @@
|
|||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
script_name=$1
|
||||
cp .template $script_name
|
||||
chmod +x $script_name
|
||||
shift
|
||||
echo "$@" >> $script_name
|
||||
echo $(realpath $script_name)
|
3
playbooks/apps/files/bin/docker-system-prune
Executable file
3
playbooks/apps/files/bin/docker-system-prune
Executable file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
/usr/bin/docker system prune -af
|
3
playbooks/apps/files/bin/dump-manuels
Executable file
3
playbooks/apps/files/bin/dump-manuels
Executable file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
/usr/bin/docker compose -f /mnt/data/manuels/docker-compose.yaml exec -T db pg_dump -Fc -U manuels manuels > /mnt/data/manuels/db_export/backup.dump
|
3
playbooks/apps/files/bin/dump-miniflux
Executable file
3
playbooks/apps/files/bin/dump-miniflux
Executable file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
/usr/bin/docker compose -f /mnt/data/miniflux/docker-compose.yaml exec -T db pg_dump -Fc -U miniflux miniflux > /mnt/data/miniflux/db_export/backup.dump
|
4
playbooks/apps/files/bin/dump-nextcloud
Executable file
4
playbooks/apps/files/bin/dump-nextcloud
Executable file
|
@ -0,0 +1,4 @@
|
|||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
/usr/bin/docker compose -f /mnt/data/nextcloud/docker-compose.yaml exec -T db pg_dump -Fc -U nextcloud nextcloud > /mnt/data/nextcloud/db_export/backup.dump
|
||||
/usr/bin/docker compose -f /mnt/data/nextcloud/docker-compose.yaml exec -T db pg_dumpall --globals-only -U nextcloud > /mnt/data/nextcloud/db_export/roles.sql
|
3
playbooks/apps/files/bin/failure
Executable file
3
playbooks/apps/files/bin/failure
Executable file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
set -euxo pipefail
|
||||
exit 1
|
3
playbooks/apps/files/bin/nextcloud-auto-update
Executable file
3
playbooks/apps/files/bin/nextcloud-auto-update
Executable file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
/usr/bin/docker compose -f /mnt/data/nextcloud/docker-compose.yaml exec -T --user www-data nextcloud php occ app:update --all
|
3
playbooks/apps/files/bin/nextcloud-cron
Executable file
3
playbooks/apps/files/bin/nextcloud-cron
Executable file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
/usr/bin/docker compose -f /mnt/data/nextcloud/docker-compose.yaml exec -dT --user www-data nextcloud php cron.php
|
3
playbooks/apps/files/bin/nextcloud-preview
Executable file
3
playbooks/apps/files/bin/nextcloud-preview
Executable file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
/usr/bin/docker compose -f /mnt/data/nextcloud/docker-compose.yaml exec -dT --user www-data nextcloud php occ preview:pre-generate
|
6
playbooks/apps/files/bin/restic-backup
Executable file
6
playbooks/apps/files/bin/restic-backup
Executable file
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
killall restic || true
|
||||
source /mnt/data/bin/resticenv
|
||||
/usr/bin/restic unlock
|
||||
/usr/bin/restic backup --exclude-file /mnt/data/bin/restic-excludes /mnt/data/ /var/spool/cron/ $@
|
4
playbooks/apps/files/bin/restic-check
Executable file
4
playbooks/apps/files/bin/restic-check
Executable file
|
@ -0,0 +1,4 @@
|
|||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
source /mnt/data/bin/resticenv
|
||||
/usr/bin/restic check --read-data-subset=700M
|
24
playbooks/apps/files/bin/restic-excludes
Normal file
24
playbooks/apps/files/bin/restic-excludes
Normal file
|
@ -0,0 +1,24 @@
|
|||
db_data
|
||||
mysql_data
|
||||
redis_data
|
||||
*venv*
|
||||
deluge_data
|
||||
plex_data
|
||||
shared_media
|
||||
media/data
|
||||
deluge
|
||||
plex
|
||||
prowlarr
|
||||
radarr
|
||||
sonarr
|
||||
transmission
|
||||
nextcloud_data/lib
|
||||
nextcloud_data/data/appdata_ocw94g5hjk8b/preview
|
||||
source_code
|
||||
sources
|
||||
.cache
|
||||
.mozilla
|
||||
prometheus_data
|
||||
.es_temp_file
|
||||
timemachine
|
||||
elastic_data
|
6
playbooks/apps/files/bin/restic-prune
Executable file
6
playbooks/apps/files/bin/restic-prune
Executable file
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
killall restic || true
|
||||
source /mnt/data/bin/resticenv
|
||||
/usr/bin/restic unlock
|
||||
/usr/bin/restic forget --prune --keep-within-hourly 1d --keep-within-daily 7d --keep-within-weekly 1m --keep-within-monthly 6m
|
18
playbooks/apps/files/bin/resticenv
Normal file
18
playbooks/apps/files/bin/resticenv
Normal file
|
@ -0,0 +1,18 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
34643931646634623466323636613561313364633364663034363863353162323266343166363632
|
||||
3334363465393362393631356631666161653066663032350a613763383934376138646134313234
|
||||
66656436353737333138346133623261356137633066663937646565326439336532616436666336
|
||||
3137626464343636650a653064383038363231656136353532396436316363643235653739666631
|
||||
33316437333131636434383130376231366562323765343763343164303234386562333962346235
|
||||
61333865313138313462613738363231333536386639313433396533636433663432633236366232
|
||||
33643137306536626164353338623234393461373339333763356232376431363062373233303762
|
||||
38326239306535623237623634363439383838306263343964636637333865346261653639313030
|
||||
63353437343237346461313364336461633466383832363637643662633633633665383565623062
|
||||
34346338363936336163336431613634616136333163353961653436396332636332323832656338
|
||||
37653364366235636663626231636462663836343566343337346461633562663262626135303633
|
||||
36333366613033623836623064323238626661323037343266613530306439653535333032636336
|
||||
61316133383962353530383133323237333562336463623963613330373762636230616130633738
|
||||
31363232353937333536313266346266393233376236373834393232353362646266666336646134
|
||||
33323239636464313561646238656337333633366161336266353130343061323963356531356563
|
||||
62643136343535346538613738373561313362323833303739636637323366356430376135326132
|
||||
6666
|
6
playbooks/apps/files/bin/smartlong
Executable file
6
playbooks/apps/files/bin/smartlong
Executable file
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
|
||||
/usr/sbin/smartctl -t long /dev/sda
|
||||
/usr/sbin/smartctl -t long /dev/sdb
|
||||
/usr/sbin/smartctl -t long /dev/sdc
|
||||
/usr/sbin/smartctl -t long /dev/sdd
|
6
playbooks/apps/files/bin/smartshort
Executable file
6
playbooks/apps/files/bin/smartshort
Executable file
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
|
||||
/usr/sbin/smartctl -t short /dev/sda
|
||||
/usr/sbin/smartctl -t short /dev/sdb
|
||||
/usr/sbin/smartctl -t short /dev/sdc
|
||||
/usr/sbin/smartctl -t short /dev/sdd
|
267
playbooks/apps/files/bin/z.sh
Normal file
267
playbooks/apps/files/bin/z.sh
Normal file
|
@ -0,0 +1,267 @@
|
|||
# Copyright (c) 2009 rupa deadwyler. Licensed under the WTFPL license, Version 2
|
||||
|
||||
# maintains a jump-list of the directories you actually use
|
||||
#
|
||||
# INSTALL:
|
||||
# * put something like this in your .bashrc/.zshrc:
|
||||
# . /path/to/z.sh
|
||||
# * cd around for a while to build up the db
|
||||
# * PROFIT!!
|
||||
# * optionally:
|
||||
# set $_Z_CMD in .bashrc/.zshrc to change the command (default z).
|
||||
# set $_Z_DATA in .bashrc/.zshrc to change the datafile (default ~/.z).
|
||||
# set $_Z_MAX_SCORE lower to age entries out faster (default 9000).
|
||||
# set $_Z_NO_RESOLVE_SYMLINKS to prevent symlink resolution.
|
||||
# set $_Z_NO_PROMPT_COMMAND if you're handling PROMPT_COMMAND yourself.
|
||||
# set $_Z_EXCLUDE_DIRS to an array of directories to exclude.
|
||||
# set $_Z_OWNER to your username if you want use z while sudo with $HOME kept
|
||||
#
|
||||
# USE:
|
||||
# * z foo # cd to most frecent dir matching foo
|
||||
# * z foo bar # cd to most frecent dir matching foo and bar
|
||||
# * z -r foo # cd to highest ranked dir matching foo
|
||||
# * z -t foo # cd to most recently accessed dir matching foo
|
||||
# * z -l foo # list matches instead of cd
|
||||
# * z -e foo # echo the best match, don't cd
|
||||
# * z -c foo # restrict matches to subdirs of $PWD
|
||||
# * z -x # remove the current directory from the datafile
|
||||
# * z -h # show a brief help message
|
||||
|
||||
[ -d "${_Z_DATA:-$HOME/.z}" ] && {
|
||||
echo "ERROR: z.sh's datafile (${_Z_DATA:-$HOME/.z}) is a directory."
|
||||
}
|
||||
|
||||
_z() {
|
||||
|
||||
local datafile="${_Z_DATA:-$HOME/.z}"
|
||||
|
||||
# if symlink, dereference
|
||||
[ -h "$datafile" ] && datafile=$(readlink "$datafile")
|
||||
|
||||
# bail if we don't own ~/.z and $_Z_OWNER not set
|
||||
[ -z "$_Z_OWNER" -a -f "$datafile" -a ! -O "$datafile" ] && return
|
||||
|
||||
_z_dirs () {
|
||||
[ -f "$datafile" ] || return
|
||||
|
||||
local line
|
||||
while read line; do
|
||||
# only count directories
|
||||
[ -d "${line%%\|*}" ] && echo "$line"
|
||||
done < "$datafile"
|
||||
return 0
|
||||
}
|
||||
|
||||
# add entries
|
||||
if [ "$1" = "--add" ]; then
|
||||
shift
|
||||
|
||||
# $HOME and / aren't worth matching
|
||||
[ "$*" = "$HOME" -o "$*" = '/' ] && return
|
||||
|
||||
# don't track excluded directory trees
|
||||
if [ ${#_Z_EXCLUDE_DIRS[@]} -gt 0 ]; then
|
||||
local exclude
|
||||
for exclude in "${_Z_EXCLUDE_DIRS[@]}"; do
|
||||
case "$*" in "$exclude"*) return;; esac
|
||||
done
|
||||
fi
|
||||
|
||||
# maintain the data file
|
||||
local tempfile="$datafile.$RANDOM"
|
||||
local score=${_Z_MAX_SCORE:-9000}
|
||||
_z_dirs | awk -v path="$*" -v now="$(date +%s)" -v score=$score -F"|" '
|
||||
BEGIN {
|
||||
rank[path] = 1
|
||||
time[path] = now
|
||||
}
|
||||
$2 >= 1 {
|
||||
# drop ranks below 1
|
||||
if( $1 == path ) {
|
||||
rank[$1] = $2 + 1
|
||||
time[$1] = now
|
||||
} else {
|
||||
rank[$1] = $2
|
||||
time[$1] = $3
|
||||
}
|
||||
count += $2
|
||||
}
|
||||
END {
|
||||
if( count > score ) {
|
||||
# aging
|
||||
for( x in rank ) print x "|" 0.99*rank[x] "|" time[x]
|
||||
} else for( x in rank ) print x "|" rank[x] "|" time[x]
|
||||
}
|
||||
' 2>/dev/null >| "$tempfile"
|
||||
# do our best to avoid clobbering the datafile in a race condition.
|
||||
if [ $? -ne 0 -a -f "$datafile" ]; then
|
||||
env rm -f "$tempfile"
|
||||
else
|
||||
[ "$_Z_OWNER" ] && chown $_Z_OWNER:"$(id -ng $_Z_OWNER)" "$tempfile"
|
||||
env mv -f "$tempfile" "$datafile" || env rm -f "$tempfile"
|
||||
fi
|
||||
|
||||
# tab completion
|
||||
elif [ "$1" = "--complete" -a -s "$datafile" ]; then
|
||||
_z_dirs | awk -v q="$2" -F"|" '
|
||||
BEGIN {
|
||||
q = substr(q, 3)
|
||||
if( q == tolower(q) ) imatch = 1
|
||||
gsub(/ /, ".*", q)
|
||||
}
|
||||
{
|
||||
if( imatch ) {
|
||||
if( tolower($1) ~ q ) print $1
|
||||
} else if( $1 ~ q ) print $1
|
||||
}
|
||||
' 2>/dev/null
|
||||
|
||||
else
|
||||
# list/go
|
||||
local echo fnd last list opt typ
|
||||
while [ "$1" ]; do case "$1" in
|
||||
--) while [ "$1" ]; do shift; fnd="$fnd${fnd:+ }$1";done;;
|
||||
-*) opt=${1:1}; while [ "$opt" ]; do case ${opt:0:1} in
|
||||
c) fnd="^$PWD $fnd";;
|
||||
e) echo=1;;
|
||||
h) echo "${_Z_CMD:-z} [-cehlrtx] args" >&2; return;;
|
||||
l) list=1;;
|
||||
r) typ="rank";;
|
||||
t) typ="recent";;
|
||||
x) sed -i -e "\:^${PWD}|.*:d" "$datafile";;
|
||||
esac; opt=${opt:1}; done;;
|
||||
*) fnd="$fnd${fnd:+ }$1";;
|
||||
esac; last=$1; [ "$#" -gt 0 ] && shift; done
|
||||
[ "$fnd" -a "$fnd" != "^$PWD " ] || list=1
|
||||
|
||||
# if we hit enter on a completion just go there
|
||||
case "$last" in
|
||||
# completions will always start with /
|
||||
/*) [ -z "$list" -a -d "$last" ] && builtin cd "$last" && return;;
|
||||
esac
|
||||
|
||||
# no file yet
|
||||
[ -f "$datafile" ] || return
|
||||
|
||||
local cd
|
||||
cd="$( < <( _z_dirs ) awk -v t="$(date +%s)" -v list="$list" -v typ="$typ" -v q="$fnd" -F"|" '
|
||||
function frecent(rank, time) {
|
||||
# relate frequency and time
|
||||
dx = t - time
|
||||
return int(10000 * rank * (3.75/((0.0001 * dx + 1) + 0.25)))
|
||||
}
|
||||
function output(matches, best_match, common) {
|
||||
# list or return the desired directory
|
||||
if( list ) {
|
||||
if( common ) {
|
||||
printf "%-10s %s\n", "common:", common > "/dev/stderr"
|
||||
}
|
||||
cmd = "sort -n >&2"
|
||||
for( x in matches ) {
|
||||
if( matches[x] ) {
|
||||
printf "%-10s %s\n", matches[x], x | cmd
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if( common && !typ ) best_match = common
|
||||
print best_match
|
||||
}
|
||||
}
|
||||
function common(matches) {
|
||||
# find the common root of a list of matches, if it exists
|
||||
for( x in matches ) {
|
||||
if( matches[x] && (!short || length(x) < length(short)) ) {
|
||||
short = x
|
||||
}
|
||||
}
|
||||
if( short == "/" ) return
|
||||
for( x in matches ) if( matches[x] && index(x, short) != 1 ) {
|
||||
return
|
||||
}
|
||||
return short
|
||||
}
|
||||
BEGIN {
|
||||
gsub(" ", ".*", q)
|
||||
hi_rank = ihi_rank = -9999999999
|
||||
}
|
||||
{
|
||||
if( typ == "rank" ) {
|
||||
rank = $2
|
||||
} else if( typ == "recent" ) {
|
||||
rank = $3 - t
|
||||
} else rank = frecent($2, $3)
|
||||
if( $1 ~ q ) {
|
||||
matches[$1] = rank
|
||||
} else if( tolower($1) ~ tolower(q) ) imatches[$1] = rank
|
||||
if( matches[$1] && matches[$1] > hi_rank ) {
|
||||
best_match = $1
|
||||
hi_rank = matches[$1]
|
||||
} else if( imatches[$1] && imatches[$1] > ihi_rank ) {
|
||||
ibest_match = $1
|
||||
ihi_rank = imatches[$1]
|
||||
}
|
||||
}
|
||||
END {
|
||||
# prefer case sensitive
|
||||
if( best_match ) {
|
||||
output(matches, best_match, common(matches))
|
||||
exit
|
||||
} else if( ibest_match ) {
|
||||
output(imatches, ibest_match, common(imatches))
|
||||
exit
|
||||
}
|
||||
exit(1)
|
||||
}
|
||||
')"
|
||||
|
||||
if [ "$?" -eq 0 ]; then
|
||||
if [ "$cd" ]; then
|
||||
if [ "$echo" ]; then echo "$cd"; else builtin cd "$cd"; fi
|
||||
fi
|
||||
else
|
||||
return $?
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
alias ${_Z_CMD:-z}='_z 2>&1'
|
||||
|
||||
[ "$_Z_NO_RESOLVE_SYMLINKS" ] || _Z_RESOLVE_SYMLINKS="-P"
|
||||
|
||||
if type compctl >/dev/null 2>&1; then
|
||||
# zsh
|
||||
[ "$_Z_NO_PROMPT_COMMAND" ] || {
|
||||
# populate directory list, avoid clobbering any other precmds.
|
||||
if [ "$_Z_NO_RESOLVE_SYMLINKS" ]; then
|
||||
_z_precmd() {
|
||||
(_z --add "${PWD:a}" &)
|
||||
: $RANDOM
|
||||
}
|
||||
else
|
||||
_z_precmd() {
|
||||
(_z --add "${PWD:A}" &)
|
||||
: $RANDOM
|
||||
}
|
||||
fi
|
||||
[[ -n "${precmd_functions[(r)_z_precmd]}" ]] || {
|
||||
precmd_functions[$(($#precmd_functions+1))]=_z_precmd
|
||||
}
|
||||
}
|
||||
_z_zsh_tab_completion() {
|
||||
# tab completion
|
||||
local compl
|
||||
read -l compl
|
||||
reply=(${(f)"$(_z --complete "$compl")"})
|
||||
}
|
||||
compctl -U -K _z_zsh_tab_completion _z
|
||||
elif type complete >/dev/null 2>&1; then
|
||||
# bash
|
||||
# tab completion
|
||||
complete -o filenames -C '_z --complete "$COMP_LINE"' ${_Z_CMD:-z}
|
||||
[ "$_Z_NO_PROMPT_COMMAND" ] || {
|
||||
# populate directory list. avoid clobbering other PROMPT_COMMANDs.
|
||||
grep "_z --add" <<< "$PROMPT_COMMAND" >/dev/null || {
|
||||
PROMPT_COMMAND="$PROMPT_COMMAND"$'\n''(_z --add "$(command pwd '$_Z_RESOLVE_SYMLINKS' 2>/dev/null)" 2>/dev/null &);'
|
||||
}
|
||||
}
|
||||
fi
|
15
playbooks/apps/files/charasheet/docker-compose.yml
Normal file
15
playbooks/apps/files/charasheet/docker-compose.yml
Normal file
|
@ -0,0 +1,15 @@
|
|||
services:
|
||||
django:
|
||||
image: crocmagnon/charasheet:latest
|
||||
env_file:
|
||||
- .env
|
||||
volumes:
|
||||
- ./db:/app/db
|
||||
- ./data:/app/data
|
||||
ports:
|
||||
- "8001:8000"
|
||||
user: 1000:1000
|
||||
restart: always
|
||||
init: true
|
||||
tty: true
|
||||
mem_limit: 512m
|
8
playbooks/apps/files/charasheet/update
Executable file
8
playbooks/apps/files/charasheet/update
Executable file
|
@ -0,0 +1,8 @@
|
|||
#!/bin/bash
|
||||
set -euxo pipefail
|
||||
pushd /mnt/data/charasheet
|
||||
docker compose --ansi never pull --quiet
|
||||
docker compose --ansi never up -d
|
||||
docker compose exec django python manage.py migrate
|
||||
popd
|
||||
docker image prune -f
|
14
playbooks/apps/files/checkout/docker-compose.yml
Normal file
14
playbooks/apps/files/checkout/docker-compose.yml
Normal file
|
@ -0,0 +1,14 @@
|
|||
services:
|
||||
django:
|
||||
image: crocmagnon/checkout:latest
|
||||
env_file:
|
||||
- .env
|
||||
volumes:
|
||||
- ./db:/app/db
|
||||
- ./media:/app/media
|
||||
ports:
|
||||
- "8002:8000"
|
||||
restart: always
|
||||
init: true
|
||||
tty: true
|
||||
mem_limit: 512m
|
6
playbooks/apps/files/checkout/generate_data
Executable file
6
playbooks/apps/files/checkout/generate_data
Executable file
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
set -euxo pipefail
|
||||
pushd /mnt/data/checkout
|
||||
docker compose exec django python manage.py clear_all_data
|
||||
docker compose exec django python manage.py generate_dummy_baskets
|
||||
popd
|
9
playbooks/apps/files/checkout/update
Executable file
9
playbooks/apps/files/checkout/update
Executable file
|
@ -0,0 +1,9 @@
|
|||
#!/bin/bash
|
||||
set -euxo pipefail
|
||||
pushd /mnt/data/checkout
|
||||
docker compose --ansi never pull --quiet
|
||||
docker compose --ansi never up -d
|
||||
docker compose exec django python manage.py migrate
|
||||
docker compose exec django python manage.py refresh_cache
|
||||
popd
|
||||
docker image prune -f
|
11
playbooks/apps/files/code/docker-compose.yaml
Normal file
11
playbooks/apps/files/code/docker-compose.yaml
Normal file
|
@ -0,0 +1,11 @@
|
|||
services:
|
||||
code:
|
||||
image: ghcr.io/linuxserver/code-server
|
||||
env_file: code.env
|
||||
restart: always
|
||||
volumes:
|
||||
- ./code_data:/config
|
||||
mem_limit: 3g
|
||||
cpus: 3
|
||||
ports:
|
||||
- "9002:8443"
|
7
playbooks/apps/files/manuels/update
Executable file
7
playbooks/apps/files/manuels/update
Executable file
|
@ -0,0 +1,7 @@
|
|||
#!/bin/bash
|
||||
set -euxo pipefail
|
||||
pushd /mnt/data/manuels
|
||||
docker compose --ansi never pull
|
||||
docker compose --ansi never up -d
|
||||
popd
|
||||
docker image prune -f
|
|
@ -3,14 +3,13 @@
|
|||
hosts: servers
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Start update on gabnotes.org
|
||||
# Run the first task synchronously to download dependencies.
|
||||
- name: Update gabnotes.org
|
||||
ansible.builtin.command:
|
||||
chdir: /mnt/data/gabnotes.org
|
||||
cmd: ghost update
|
||||
register: gabnotes_async
|
||||
changed_when: false
|
||||
async: 300
|
||||
poll: 0
|
||||
register: gabnotes
|
||||
changed_when: '"Restarting Ghost" in gabnotes.stdout'
|
||||
- name: Start update on voyages-lois.augendre.info
|
||||
ansible.builtin.command:
|
||||
chdir: /mnt/data/voyages-lois.augendre.info
|
||||
|
@ -27,14 +26,6 @@
|
|||
changed_when: false
|
||||
async: 300
|
||||
poll: 0
|
||||
- name: Check gabnotes.org
|
||||
ansible.builtin.async_status:
|
||||
jid: "{{ gabnotes_async.ansible_job_id }}"
|
||||
register: gabnotes
|
||||
until: gabnotes.finished
|
||||
changed_when: '"Restarting Ghost" in gabnotes.stdout'
|
||||
retries: 100
|
||||
delay: 10
|
||||
- name: Check voyages-lois.augendre.info
|
||||
ansible.builtin.async_status:
|
||||
jid: "{{ voyages_lois_async.ansible_job_id }}"
|
||||
|
|
|
@ -1,23 +1,11 @@
|
|||
---
|
||||
- name: Setup gitea
|
||||
- name: Gitea
|
||||
hosts: servers
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Create dir
|
||||
ansible.builtin.file:
|
||||
path: "{{ dir }}"
|
||||
state: directory
|
||||
mode: "0775"
|
||||
- name: Write env file
|
||||
ansible.builtin.copy:
|
||||
src: files/gitea/gitea.env
|
||||
dest: "{{ dir }}/gitea.env"
|
||||
mode: "0644"
|
||||
- name: Write docker-compose.yaml
|
||||
ansible.builtin.copy:
|
||||
src: files/gitea/docker-compose.yaml
|
||||
dest: "{{ dir }}/docker-compose.yaml"
|
||||
mode: "0644"
|
||||
- name: Docker
|
||||
ansible.builtin.include_role:
|
||||
name: docker
|
||||
- name: Write app.ini
|
||||
ansible.builtin.template:
|
||||
src: templates/gitea_app.ini.j2
|
||||
|
@ -25,19 +13,10 @@
|
|||
mode: "0600"
|
||||
notify:
|
||||
- Restart service
|
||||
- name: Ensure service is started
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: "{{ dir }}"
|
||||
state: present
|
||||
|
||||
handlers:
|
||||
- name: Restart service
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: "{{ dir }}"
|
||||
state: restarted
|
||||
|
||||
vars:
|
||||
dir: /mnt/data/git
|
||||
docker_app_name: git
|
||||
dir: /mnt/data/{{ docker_app_name }}
|
||||
lfs_jwt_secret: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
34656631616165623233353835386162343837363230366136303764613334323262313233616462
|
||||
|
|
|
@ -17,8 +17,6 @@
|
|||
url: https://github.com/arp242/goatcounter/releases/download/{{ release.tag }}/goatcounter-{{ release.tag }}-linux-amd64.gz
|
||||
dest: "{{ dir }}/goatcounter-{{ release.tag }}.gz"
|
||||
mode: "0644"
|
||||
owner: gaugendre
|
||||
group: gaugendre
|
||||
- name: Uncompress
|
||||
ansible.builtin.command: gunzip {{ dir }}/goatcounter-{{ release.tag }}.gz
|
||||
args:
|
||||
|
@ -26,7 +24,7 @@
|
|||
- name: Make executable
|
||||
ansible.builtin.file:
|
||||
path: "{{ dir }}/goatcounter-{{ release.tag }}"
|
||||
mode: "0775"
|
||||
mode: "0755"
|
||||
- name: Symlink
|
||||
ansible.builtin.file:
|
||||
src: "{{ dir }}/goatcounter-{{ release.tag }}"
|
||||
|
@ -37,7 +35,7 @@
|
|||
ansible.builtin.template:
|
||||
src: templates/goatcounter.service.j2
|
||||
dest: /etc/systemd/system/goatcounter.service
|
||||
mode: "0644"
|
||||
mode: "0600"
|
||||
owner: root
|
||||
group: root
|
||||
notify:
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
ansible.builtin.template:
|
||||
src: templates/lyon-transports.service.j2
|
||||
dest: /etc/systemd/system/lyon-transports.service
|
||||
mode: "0644"
|
||||
mode: "0600"
|
||||
owner: root
|
||||
group: root
|
||||
notify:
|
||||
|
|
34
playbooks/apps/manuels.yaml
Normal file
34
playbooks/apps/manuels.yaml
Normal file
|
@ -0,0 +1,34 @@
|
|||
---
|
||||
- name: Manuels
|
||||
hosts: servers
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Docker
|
||||
ansible.builtin.include_role:
|
||||
name: docker
|
||||
|
||||
vars:
|
||||
docker_app_name: manuels
|
||||
secret_key: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
64306561643134653031316464326531643532383663343665326331626132313930633031636435
|
||||
6663383862663966333161356563323035643434303263640a393638393336346138313566663165
|
||||
63373662376364353335313234396161646466336439306463633238326536643838633735653661
|
||||
6430346530313939310a363233663934373433656634646335623336353964666539346534393931
|
||||
39343066343736343831313430346537346437366430643465303130393734646238323465356231
|
||||
3931363962306337613030663239623536316339303836343530
|
||||
mailgun_api_key: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
33656537666436376336653161333165306265623161333430626333633039383433613135383435
|
||||
6234316438616462663834383363626363643232386363620a323465653063346432303965663831
|
||||
65396230336134376264303166626638333265633139333230353731363964333434666338386336
|
||||
3965653834656536340a396239363339663231626635323364636331386330643030346132343035
|
||||
35623961373734616264636666376464346430613137613438316337636361336434613064366435
|
||||
3331306630663536343162346235383338366234666333633563
|
||||
pg_password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
62323036653035616437353636363339323162646135613434306366386362643466663163356461
|
||||
3163613832333865663564373439333866383638643137390a323364616536313465306138666463
|
||||
65356437313031373736396133383236383763376138383031633365633730646439643863383037
|
||||
6133316535373830620a373162656264376164396434373064636235613762666361326231653237
|
||||
35323539613232633037643465636338376531656230646632313533656364653566
|
11
playbooks/apps/template.yaml.dist
Normal file
11
playbooks/apps/template.yaml.dist
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
- name: ==APP==
|
||||
hosts: servers
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Docker
|
||||
ansible.builtin.include_role:
|
||||
name: docker
|
||||
|
||||
vars:
|
||||
docker_app_name: ==APP==
|
3
playbooks/apps/templates/bin/dump-gabnotes.org.j2
Executable file
3
playbooks/apps/templates/bin/dump-gabnotes.org.j2
Executable file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
/usr/bin/mysqldump --no-tablespaces -u root --password={{ ghost_db_password }} gabnotes_org_prod > /mnt/data/gabnotes.org/db_export/backup.sql
|
3
playbooks/apps/templates/bin/dump-voyages.coccomagnard.fr.j2
Executable file
3
playbooks/apps/templates/bin/dump-voyages.coccomagnard.fr.j2
Executable file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
/usr/bin/mysqldump --no-tablespaces -u root --password={{ ghost_db_password }} voyages_coccomagnard_fr_prod > /mnt/data/voyages.coccomagnard.fr/db_export/backup.sql
|
11
playbooks/apps/templates/bin/healthcheck.j2
Executable file
11
playbooks/apps/templates/bin/healthcheck.j2
Executable file
|
@ -0,0 +1,11 @@
|
|||
#!/bin/bash
|
||||
set -uo pipefail
|
||||
RID=`uuidgen`
|
||||
BASE_URL="https://hc-ping.com/{{ healthcheck_webhook_token }}/$1"
|
||||
START_URL="$BASE_URL/start?rid=$RID"
|
||||
shift
|
||||
|
||||
curl -A "ubuntu-vm" -fsS --retry 5 -o /dev/null $START_URL
|
||||
logs=$($@ 2>&1)
|
||||
status=$?
|
||||
curl -A "ubuntu-vm" -fsS --retry 5 --data-raw "$logs" -o /dev/null "$BASE_URL/$status?rid=$RID"
|
30
playbooks/apps/templates/bin/maintenance.j2
Executable file
30
playbooks/apps/templates/bin/maintenance.j2
Executable file
|
@ -0,0 +1,30 @@
|
|||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
# https://api.hetrixtools.com/v2/<API_TOKEN>/maintenance/<UPTIME_MONITOR_ID>/<MAINTENANCE_MODE>/
|
||||
# Modify the maintenance status of any of your Uptime Monitors.
|
||||
# <API_TOKEN> - Your API Access Token, in your particular case it's: {{ hetrixtools_token }}
|
||||
# <UPTIME_MONITOR_ID> - You can find the ID of any of your Uptime Monitors by using the API Call 'v1 List Uptime Monitors', it is listed for every uptime monitor as 'ID'
|
||||
# <MAINTENANCE_MODE> - The type of maintenance. Accepted values (numbers): 1, 2, or 3.
|
||||
# 1 - no maintenance mode (normal) - use this to exit maintenance mode
|
||||
# 2 - maintenance mode with notifications
|
||||
# 3 - maintenance mode without notifications
|
||||
|
||||
API_TOKEN="{{ hetrixtools_token }}"
|
||||
mode=$1
|
||||
if [ "$mode" == "on" ]; then
|
||||
mode=3
|
||||
elif [ "$mode" == "off" ]; then
|
||||
mode=1
|
||||
else
|
||||
echo "usage $0 <on|off>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
ids=$(curl -sSL https://api.hetrixtools.com/v1/$API_TOKEN/uptime/monitors/0/5000/ | jq -r '.[0][] | .ID')
|
||||
|
||||
for id in $ids; do
|
||||
curl -sSL https://api.hetrixtools.com/v2/$API_TOKEN/maintenance/$id/$mode/ > /dev/null
|
||||
done
|
||||
|
||||
echo "Done"
|
42
playbooks/apps/templates/bin/new_domain.py.j2
Executable file
42
playbooks/apps/templates/bin/new_domain.py.j2
Executable file
|
@ -0,0 +1,42 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
import json
|
||||
import sys
|
||||
|
||||
import ovh
|
||||
|
||||
# Instantiate an OVH Client.
|
||||
# You can generate new credentials with full access to your account on
|
||||
# the token creation page (https://api.ovh.com/createToken/index.cgi?GET=/*&PUT=/*&POST=/*&DELETE=/*)
|
||||
# List of available endpoints: https://github.com/ovh/python-ovh#2-configure-your-application
|
||||
client = ovh.Client(
|
||||
endpoint='ovh-eu',
|
||||
application_key='{{ ovh_app_key }}',
|
||||
application_secret='{{ ovh_app_secret }}',
|
||||
consumer_key='{{ ovh_consumer_key }}',
|
||||
)
|
||||
|
||||
if len(sys.argv) != 2:
|
||||
print(f"usage: {sys.argv[0]} <subdomain>")
|
||||
print(f"example: {sys.argv[0]} testing")
|
||||
print("no need to include '.augendre.info'")
|
||||
sys.exit(1)
|
||||
|
||||
subdomain = sys.argv[1].removesuffix(".augendre.info")
|
||||
res = client.get("/domain/zone/augendre.info/record", fieldType="CNAME", subDomain=subdomain)
|
||||
if len(res) > 0:
|
||||
print("CNAME already exists")
|
||||
sys.exit(0)
|
||||
|
||||
print("creating domain:")
|
||||
res = client.post("/domain/zone/augendre.info/record",
|
||||
fieldType="CNAME",
|
||||
subDomain=subdomain,
|
||||
target="nginx.augendre.info.",
|
||||
ttl=86400,
|
||||
)
|
||||
print(json.dumps(res, indent=4))
|
||||
|
||||
print("refreshing zone:")
|
||||
res = client.post("/domain/zone/augendre.info/refresh")
|
||||
print(json.dumps(res, indent=4))
|
7
playbooks/apps/templates/charasheet/.env.j2
Normal file
7
playbooks/apps/templates/charasheet/.env.j2
Normal file
|
@ -0,0 +1,7 @@
|
|||
SECRET_KEY='{{ secret_key }}'
|
||||
DEBUG=false
|
||||
ALLOWED_HOSTS=charasheet.augendre.info,localhost
|
||||
MAILGUN_API_KEY={{ mailgun_api_key }}
|
||||
MAILGUN_SENDER_DOMAIN=mg.augendre.info
|
||||
REGISTRATION_OPEN=true
|
||||
CSRF_TRUSTED_ORIGINS=https://charasheet.augendre.info
|
7
playbooks/apps/templates/checkout/.env.j2
Normal file
7
playbooks/apps/templates/checkout/.env.j2
Normal file
|
@ -0,0 +1,7 @@
|
|||
SECRET_KEY='{{ secret_key }}'
|
||||
DEBUG=false
|
||||
HOSTS=checkout.augendre.info
|
||||
ADMINS=Gabriel Augendre|gabriel@augendre.info
|
||||
MAILGUN_API_KEY={{ mailgun_api_key }}
|
||||
MAILGUN_SENDER_DOMAIN=mg.augendre.info
|
||||
MPLCONFIGDIR=/app/.matplotlib
|
7
playbooks/apps/templates/code/code.env.j2
Normal file
7
playbooks/apps/templates/code/code.env.j2
Normal file
|
@ -0,0 +1,7 @@
|
|||
PUID=1000
|
||||
PGID=1000
|
||||
TZ=Europe/Paris
|
||||
PASSWORD={{ password }}
|
||||
SUDO_PASSWORD={{ password }}
|
||||
PROXY_DOMAIN=code.augendre.info
|
||||
DOCKER_MODS=linuxserver/mods:code-server-python3|linuxserver/mods:code-server-golang
|
14
playbooks/apps/templates/collabora/docker-compose.yaml.j2
Normal file
14
playbooks/apps/templates/collabora/docker-compose.yaml.j2
Normal file
|
@ -0,0 +1,14 @@
|
|||
services:
|
||||
code:
|
||||
image: collabora/code
|
||||
restart: always
|
||||
environment:
|
||||
server_name: 'cloud.augendre.info'
|
||||
aliasgroup1: 'https://cloud.augendre.info:443'
|
||||
DONT_GEN_SSL_CERT: '1'
|
||||
username: admin
|
||||
password: "{{password}}"
|
||||
extra_params: '--o:ssl.enable=false --o:ssl.termination=true'
|
||||
mem_limit: 2g
|
||||
ports:
|
||||
- "8007:9980"
|
10
playbooks/apps/templates/manuels/.env.j2
Normal file
10
playbooks/apps/templates/manuels/.env.j2
Normal file
|
@ -0,0 +1,10 @@
|
|||
SECRET_KEY='{{ secret_key }}'
|
||||
DEBUG=true
|
||||
HOSTS=fournitures.augendre.info,manuels.augendre.info
|
||||
ADMINS=Gabriel Augendre|gabriel@augendre.info
|
||||
MAILGUN_API_KEY={{ mailgun_api_key }}
|
||||
MAILGUN_SENDER_DOMAIN=mg.augendre.info
|
||||
SERVER_EMAIL=Fournitures et manuels scolaires CDI LPHB <manuels@mg.augendre.info>
|
||||
LIBRARIAN_EMAILS=sandrine.augendre@ac-lyon.fr
|
||||
EMAIL_REPLY_TO=Sandrine Augendre <sandrine.augendre@ac-lyon.fr>
|
||||
DATABASE_URL=postgres://manuels:{{ pg_password }}@db:5432/manuels
|
24
playbooks/apps/templates/manuels/docker-compose.yaml.j2
Normal file
24
playbooks/apps/templates/manuels/docker-compose.yaml.j2
Normal file
|
@ -0,0 +1,24 @@
|
|||
services:
|
||||
django:
|
||||
image: crocmagnon/manuels-scolaires:latest
|
||||
env_file:
|
||||
- .env
|
||||
volumes:
|
||||
- ./media:/app/media
|
||||
depends_on:
|
||||
- db
|
||||
restart: always
|
||||
init: true
|
||||
tty: true
|
||||
mem_limit: 512m
|
||||
ports:
|
||||
- "8012:8000"
|
||||
db:
|
||||
image: postgres:15
|
||||
restart: always
|
||||
environment:
|
||||
POSTGRES_PASSWORD: "{{ pg_password }}"
|
||||
POSTGRES_USER: "manuels"
|
||||
POSTGRES_DB: "manuels"
|
||||
volumes:
|
||||
- ./db_data:/var/lib/postgresql/data
|
|
@ -1,37 +1,11 @@
|
|||
---
|
||||
- name: Setup test_headers
|
||||
- name: Test headers
|
||||
hosts: servers
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Create dir
|
||||
ansible.builtin.file:
|
||||
path: "{{ dir }}"
|
||||
state: directory
|
||||
mode: "0775"
|
||||
- name: Write app.py
|
||||
ansible.builtin.copy:
|
||||
src: files/test_headers/app.py
|
||||
dest: "{{ dir }}/app.py"
|
||||
mode: "0644"
|
||||
owner: gaugendre
|
||||
group: gaugendre
|
||||
notify:
|
||||
- Restart service
|
||||
- name: Write docker-compose.yaml
|
||||
ansible.builtin.copy:
|
||||
src: files/test_headers/docker-compose.yaml
|
||||
dest: "{{ dir }}/docker-compose.yaml"
|
||||
mode: "0644"
|
||||
owner: gaugendre
|
||||
group: gaugendre
|
||||
- name: Ensure service is started
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: "{{ dir }}"
|
||||
state: present
|
||||
handlers:
|
||||
- name: Restart service
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: "{{ dir }}"
|
||||
state: restarted
|
||||
- name: Docker
|
||||
ansible.builtin.include_role:
|
||||
name: docker
|
||||
|
||||
vars:
|
||||
dir: /mnt/data/test_headers
|
||||
docker_app_name: test_headers
|
||||
|
|
|
@ -1,29 +1,14 @@
|
|||
---
|
||||
- name: Setup wallabag
|
||||
- name: Wallabag
|
||||
hosts: servers
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Create dir
|
||||
ansible.builtin.file:
|
||||
path: "{{ dir }}"
|
||||
state: directory
|
||||
mode: "0775"
|
||||
- name: Write env file
|
||||
ansible.builtin.template:
|
||||
src: templates/wallabag.env.j2
|
||||
dest: "{{ dir }}/wallabag.env"
|
||||
mode: "0644"
|
||||
- name: Write docker-compose.yaml
|
||||
ansible.builtin.copy:
|
||||
src: files/wallabag-docker-compose.yaml
|
||||
dest: "{{ dir }}/docker-compose.yaml"
|
||||
mode: "0644"
|
||||
- name: Ensure service is started
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: "{{ dir }}"
|
||||
state: present
|
||||
- name: Docker
|
||||
ansible.builtin.include_role:
|
||||
name: docker
|
||||
|
||||
vars:
|
||||
dir: /mnt/data/wallabag
|
||||
docker_app_name: wallabag
|
||||
secret_key: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
31346432623062383331306633383230376264326530643236393838356166346563653637376666
|
||||
|
|
3
roles/docker/defaults/main.yaml
Normal file
3
roles/docker/defaults/main.yaml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
docker_app_name: some-app
|
||||
docker_dir: /mnt/data/{{ docker_app_name }}
|
11
roles/docker/handlers/main.yaml
Normal file
11
roles/docker/handlers/main.yaml
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
- name: Stop service
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: "{{ docker_dir }}"
|
||||
state: stopped
|
||||
listen: Restart service
|
||||
- name: Start service
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: "{{ docker_dir }}"
|
||||
state: present
|
||||
listen: Restart service
|
32
roles/docker/tasks/main.yaml
Normal file
32
roles/docker/tasks/main.yaml
Normal file
|
@ -0,0 +1,32 @@
|
|||
---
|
||||
- name: Create dir
|
||||
ansible.builtin.file:
|
||||
path: "{{ docker_dir }}"
|
||||
state: directory
|
||||
mode: "0775"
|
||||
- name: Write files
|
||||
ansible.builtin.copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ docker_dir }}/"
|
||||
mode: "0600"
|
||||
with_fileglob:
|
||||
- files/{{ docker_app_name }}/*
|
||||
- files/{{ docker_app_name }}/.*
|
||||
notify:
|
||||
- Restart service
|
||||
- name: Write templates
|
||||
ansible.builtin.template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ docker_dir }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
|
||||
mode: "0600"
|
||||
with_fileglob:
|
||||
- templates/{{ docker_app_name }}/*.j2
|
||||
- templates/{{ docker_app_name }}/.*.j2
|
||||
notify:
|
||||
- Restart service
|
||||
- name: Flush handlers
|
||||
ansible.builtin.meta: flush_handlers
|
||||
- name: Ensure service is started
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: "{{ docker_dir }}"
|
||||
state: present
|
Loading…
Reference in a new issue