gaugendre/ansible
1
0
Fork 0
mirror of https://github.com/Crocmagnon/ansible.git synced 2024-11-23 15:58:04 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: gaugendre:7cdcbd9d879b782e799e01e190c098cd2e993341
Branches Tags
gaugendre:master
gaugendre:feat/dry-run-pr
..
compare: gaugendre:32d5c7588392fe958d558352424596d7e85aed86
Branches Tags
gaugendre:master
gaugendre:feat/dry-run-pr

No commits in common. "7cdcbd9d879b782e799e01e190c098cd2e993341" and "32d5c7588392fe958d558352424596d7e85aed86" have entirely different histories.
7cdcbd9d87 ... 32d5c75883

67 changed files with 102 additions and 940 deletions
Show stats Expand all files Collapse all files

2
.ansible-lint
View file

@ -3,6 +3,4 @@ profile: production
strict: true strict: true
exclude_paths: exclude_paths:
- "**/*docker-compose.yaml" - "**/*docker-compose.yaml"
- "**/*docker-compose.yml"
- .github/ - .github/
- .pre-commit-config.yaml

0
.ansible-lint-ignore Normal file
View file

32
.github/workflows/dry-run.yml vendored
View file

@ -1,32 +0,0 @@
on:
workflow_dispatch:
pull_request:
jobs:
ansible:
name: dry-run ansible
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v5.2.0
with:
python-version: 3
cache: pip
check-latest: true
- name: Run ansible
env:
DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
DEPLOY_PORT: ${{ secrets.DEPLOY_PORT }}
DEPLOY_USERNAME: ${{ secrets.DEPLOY_USERNAME }}
ANSIBLE_INVENTORY: inventories/github.yaml
ANSIBLE_VAULT_PASSWORD_FILE: vault.pass
ANSIBLE_FORCE_COLOR: "true"
ANSIBLE_ROLES_PATH: "./roles"
run: |
echo '${{ secrets.ANSIBLE_VAULT_PASSWORD }}' > $ANSIBLE_VAULT_PASSWORD_FILE
ls $ANSIBLE_VAULT_PASSWORD_FILE
export KEY_FILE=$(mktemp)
echo "${{ secrets.DEPLOY_KEY }}" > $KEY_FILE
ansible-playbook playbooks/all.yaml --check

4
.github/workflows/deploy.yml → .github/workflows/main.yml vendored
View file

@ -14,8 +14,11 @@ jobs:
- name: Setup Python - name: Setup Python
uses: actions/setup-python@v5.2.0 uses: actions/setup-python@v5.2.0
with: with:
# Version range or exact version of Python or PyPy to use, using SemVer's version range syntax. Reads from .python-version if unset.
python-version: 3 python-version: 3
# Used to specify a package manager for caching in the default directory. Supported values: pip, pipenv, poetry.
cache: pip cache: pip
# Set this option if you want the action to check for the latest available version that satisfies the version spec.
check-latest: true check-latest: true
- name: Run ansible - name: Run ansible
env: env:
@ -25,7 +28,6 @@ jobs:
ANSIBLE_INVENTORY: inventories/github.yaml ANSIBLE_INVENTORY: inventories/github.yaml
ANSIBLE_VAULT_PASSWORD_FILE: vault.pass ANSIBLE_VAULT_PASSWORD_FILE: vault.pass
ANSIBLE_FORCE_COLOR: "true" ANSIBLE_FORCE_COLOR: "true"
ANSIBLE_ROLES_PATH: "./roles"
run: | run: |
echo '${{ secrets.ANSIBLE_VAULT_PASSWORD }}' > $ANSIBLE_VAULT_PASSWORD_FILE echo '${{ secrets.ANSIBLE_VAULT_PASSWORD }}' > $ANSIBLE_VAULT_PASSWORD_FILE
ls $ANSIBLE_VAULT_PASSWORD_FILE ls $ANSIBLE_VAULT_PASSWORD_FILE

1
.gitignore vendored
View file

@ -1,3 +1,2 @@
vault.pass vault.pass
.idea .idea
.cache_ggshield

1
.mise.toml
View file

@ -1,4 +1,3 @@
[env] [env]
ANSIBLE_INVENTORY = "{{config_root}}/inventories/local.yaml" ANSIBLE_INVENTORY = "{{config_root}}/inventories/local.yaml"
ANSIBLE_VAULT_PASSWORD_FILE = "{{config_root}}/vault.pass" ANSIBLE_VAULT_PASSWORD_FILE = "{{config_root}}/vault.pass"
ANSIBLE_ROLES_PATH = "{{config_root}}/roles"

8
.pre-commit-config.yaml
View file

@ -5,7 +5,6 @@ ci:
# build of https://github.com/ansible/ansible-lint:ansible@v24.9.2 for python@python3 exceeds tier max size 250MiB: 405.6MiB # build of https://github.com/ansible/ansible-lint:ansible@v24.9.2 for python@python3 exceeds tier max size 250MiB: 405.6MiB
- ansible-lint - ansible-lint
- ggshield - ggshield
- caddy-fmt
repos: repos:
- repo: https://github.com/pre-commit/pre-commit-hooks - repo: https://github.com/pre-commit/pre-commit-hooks
@ -38,10 +37,3 @@ repos:
rev: v1.32.1 rev: v1.32.1
hooks: hooks:
- id: ggshield - id: ggshield
- repo: local
hooks:
- id: caddy-fmt
name: caddy fmt
language: system
entry: caddy fmt --overwrite
files: Caddyfile

3
ansible.cfg
View file

@ -1,3 +0,0 @@
[defaults]
callbacks_enabled = timer, profile_tasks
pipelining = True

8
new-app
View file

@ -1,8 +0,0 @@
#!/bin/bash
echo "creating directories for '$1'"
mkdir -p "playbooks/apps/files/$1"
mkdir -p "playbooks/apps/templates/$1"
cp playbooks/apps/template.yaml.dist "playbooks/apps/$1.yaml"
sed -i '' "s/==APP==/$1/g" "playbooks/apps/$1.yaml"
echo "done"

6
playbooks/apps/all.yaml
View file

@ -1,14 +1,8 @@
--- ---
- import_playbook: bin.yaml # noqa: name[play]
- import_playbook: caddy.yaml # noqa: name[play] - import_playbook: caddy.yaml # noqa: name[play]
- import_playbook: charasheet.yaml # noqa: name[play]
- import_playbook: checkout.yaml # noqa: name[play]
- import_playbook: code.yaml # noqa: name[play]
- import_playbook: collabora.yaml # noqa: name[play]
- import_playbook: ghost-update.yaml # noqa: name[play] - import_playbook: ghost-update.yaml # noqa: name[play]
- import_playbook: gitea.yaml # noqa: name[play] - import_playbook: gitea.yaml # noqa: name[play]
- import_playbook: goatcounter.yaml # noqa: name[play] - import_playbook: goatcounter.yaml # noqa: name[play]
- import_playbook: lyon-transports.yaml # noqa: name[play] - import_playbook: lyon-transports.yaml # noqa: name[play]
- import_playbook: manuels.yaml # noqa: name[play]
- import_playbook: test_headers.yaml # noqa: name[play] - import_playbook: test_headers.yaml # noqa: name[play]
- import_playbook: wallabag.yaml # noqa: name[play] - import_playbook: wallabag.yaml # noqa: name[play]

65
playbooks/apps/bin.yaml
View file

@ -1,65 +0,0 @@
---
- name: Bin files & scripts
hosts: servers
gather_facts: false
tasks:
- name: Write bin files
ansible.builtin.copy:
src: "{{ item }}"
dest: /mnt/data/bin/
mode: preserve
with_fileglob:
- files/bin/*
- name: Template bin files
ansible.builtin.template:
src: "{{ item }}"
dest: /mnt/data/bin/{{ item | basename | regex_replace('\.j2$', '') }}
mode: preserve
with_fileglob:
- templates/bin/*.j2
vars:
ghost_db_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
35343430343439653064613033383830396264306538376535346637613166376663393062353132
6537386534656239333731313938653539643165323532380a336162663839303339623266383662
39346464306261633239363665666334613064393432663335313431326463376637356437653262
3161633364303839300a366135653466313836376361326165303465396438333962386230336133
34643963356538356464366433373464316337636337386430373265633336636537
healthcheck_webhook_token: !vault |
$ANSIBLE_VAULT;1.1;AES256
61303433666361376638353034323834623935393834346362623538663936303764363866636164
3364306166303430343532623935373838333632323032360a373330376464376438613764326662
32653135316361636163356363623364323537396236333233313933336565373530313363303536
3339613565313033360a346438376336386638653534356333633439613530396139383635643439
33313266373566376162643536386365386132346261623733343762356639396436
hetrixtools_token: !vault |
$ANSIBLE_VAULT;1.1;AES256
38663431333361643538646361353237613930646135633962386639376333366230343131633562
6531646235333565656266613236313133653563323737340a643931643366396236393935363038
34613661373863623033616431363531633136303830363434393135613365353938656337353936
6563353164313363380a613039623761613632306364616365316332333563306636356238636532
34333035346534383064346561316665343233373031353238383864386365393234356137396332
3363323336613962386638633539393636663461323035333065
ovh_app_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
30646561656638353734373835386238383365393064656439646437326432383663666263623431
3639346366646538336333323161656562646266373233320a356136386234646234363732376266
33316461326132336534326266636239386532656262353034333434653933333637616332616632
6562643965353037660a656631656563633136356565323536363738663461653736303864383630
38346637396239316163666661373439656462623861653063393464616530323633
ovh_app_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
32396331666132363362313331633832303562633932353963636533663132353465636331653134
6466613637373933623063623563663331373764393262360a643030663036366335646234646335
38393036626139653733313362323866336164343335656635343564366439663264363866336137
6464346632396630610a303337316535326633376235383963313865373064363064306134323231
39633061336366393563366636656339623134323531613462636334636264353934303963633437
6161656465303732373366386134666234363636613832333166
ovh_consumer_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
33623537363436363139346132353336383930333133643535383465373163636266356262306466
6563363661353337626462313338633465333865626162350a306332313233356366386236393066
66363735386566623335613966353462613963386435636537663235366134336461363837336638
3466633264626636620a613634653933333332386365393639343030616234376537373635343237
37373364303732343264623239353837613435363363393862383765376435376166343237333664
3330623266383462666564376166373032393361653234633863

29
playbooks/apps/charasheet.yaml
View file

@ -1,29 +0,0 @@
---
- name: Charasheet
hosts: servers
gather_facts: false
tasks:
- name: Docker
ansible.builtin.include_role:
name: docker
vars:
docker_app_name: charasheet
secret_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
35666131616231643064336266303061326534356131666364633932373330663637343836353837
3438356431373434613435613165313631333133396133360a363335326135613537633132306530
33623239356433393361393737386461626230613561326632623736303038303130396530353538
3561613065623130620a306631393062613161333335366261386534623539646361663736306432
30636239663263623938383137363034633061343163393665363932376662663063336634316261
63363166656462343763343263373535353763303939316430613335653033303036313864616234
313763346663393432323132386536326636
mailgun_api_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
38613137366132646234316137646431373839343530316536326230643035643635643431663064
6531316662373736656230336361353261633862323939310a353637366466643334333436373464
34616564303465396333326333393462343339643636653231623536613431623135373836626261
6632633330383265350a316632303961643363393332636635313333643561653031313038396535
37666334346634306263613063383061393264366163633939373165616461383831383364353364
33383366326138373862323166653531363233643861363132336363306137363737356633643235
393863373065633639656232373732383632

28
playbooks/apps/checkout.yaml
View file

@ -1,28 +0,0 @@
---
- name: Checkout
hosts: servers
gather_facts: false
tasks:
- name: Docker
ansible.builtin.include_role:
name: docker
vars:
docker_app_name: checkout
secret_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
33393761643061393863616663323863663033313865383135663939636433393730643831616231
6661313965396164373665663063653461336230313762640a643763346132663238613362336563
35643862643139306333346163646161323031376237623661333434326639303233666135616635
3135333138336164380a396666363830316237643432366237626431616565376261336534346366
64656461343037323137643235373836633766366465373335653162623564653235623362303732
34313332316165643437613737663461656231326530356334353237643633303133306561303762
643439313139613931313630636333626532
mailgun_api_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
34656232613133373865613436623261656331663632666334626664366238636564633931613534
3137313234343739333738386664333532613066383533610a613337383462393432303235366132
30333433353362653765343638346639333735356631633633633633663863396139646431393463
3031346139393432390a336235363635653461303762393731313034393566333031356434386362
37333861343838623338663062303539616331323262643031613130363766626261653130373631
3063393236333239363366333338303665363930303031373965

19
playbooks/apps/code.yaml
View file

@ -1,19 +0,0 @@
---
- name: Visual Studio Code
hosts: servers
gather_facts: false
tasks:
- name: Docker
ansible.builtin.include_role:
name: docker
vars:
docker_app_name: code
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
65333933333436616332666161653932633431333334636364346239346530336337303939643435
3935336230623135343638646130313936363034396665650a653066313862326632333130656164
38346631366162393833333361633663636362653530666466376162643534303866363261373033
6339303930656638660a626635313736663065373535613132326531343737396662626434373039
38646136383662346264613534373663326136393361323933383062346336346264643731303333
6132373439346165313066353334353532393262346435306134

19
playbooks/apps/collabora.yaml
View file

@ -1,19 +0,0 @@
---
- name: Collabora
hosts: servers
gather_facts: false
tasks:
- name: Docker
ansible.builtin.include_role:
name: docker
vars:
docker_app_name: collabora
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
64396634656334643030623536313236663438653730663266346530326233353836656339356631
3762666139313164663236323936626530623334356663620a336232383763333039643834636131
66396663393662316535346530656636343931383833313234653338623934346265363563366138
3838653135306563340a656661343434663230336566396335633165356663633030383065626233
34633162303534353231636537613262653865646231313464316164653239376166316266663963
6163643335386535366239363637613066306661343866393433

2
playbooks/apps/files/Caddyfile
View file

@ -142,7 +142,7 @@ ghost.augendre.info {
import common_headers import common_headers
redir / /ghost/ redir / /ghost/
reverse_proxy localhost:2368 reverse_proxy localhost:2368
} }
voyages-lois.augendre.info { voyages-lois.augendre.info {

3
playbooks/apps/files/bin/clean-old-backups
View file

@ -1,3 +0,0 @@
#!/bin/bash
set -euo pipefail
find /mnt/data/backups/hass/* -mtime +5 -delete

8
playbooks/apps/files/bin/cron2bash
View file

@ -1,8 +0,0 @@
#!/bin/bash
set -euo pipefail
script_name=$1
cp .template $script_name
chmod +x $script_name
shift
echo "$@" >> $script_name
echo $(realpath $script_name)

3
playbooks/apps/files/bin/docker-system-prune
View file

@ -1,3 +0,0 @@
#!/bin/bash
set -euo pipefail
/usr/bin/docker system prune -af

3
playbooks/apps/files/bin/dump-manuels
View file

@ -1,3 +0,0 @@
#!/bin/bash
set -euo pipefail
/usr/bin/docker compose -f /mnt/data/manuels/docker-compose.yaml exec -T db pg_dump -Fc -U manuels manuels > /mnt/data/manuels/db_export/backup.dump

3
playbooks/apps/files/bin/dump-miniflux
View file

@ -1,3 +0,0 @@
#!/bin/bash
set -euo pipefail
/usr/bin/docker compose -f /mnt/data/miniflux/docker-compose.yaml exec -T db pg_dump -Fc -U miniflux miniflux > /mnt/data/miniflux/db_export/backup.dump

4
playbooks/apps/files/bin/dump-nextcloud
View file

@ -1,4 +0,0 @@
#!/bin/bash
set -euo pipefail
/usr/bin/docker compose -f /mnt/data/nextcloud/docker-compose.yaml exec -T db pg_dump -Fc -U nextcloud nextcloud > /mnt/data/nextcloud/db_export/backup.dump
/usr/bin/docker compose -f /mnt/data/nextcloud/docker-compose.yaml exec -T db pg_dumpall --globals-only -U nextcloud > /mnt/data/nextcloud/db_export/roles.sql

3
playbooks/apps/files/bin/failure
View file

@ -1,3 +0,0 @@
#!/bin/bash
set -euxo pipefail
exit 1

3
playbooks/apps/files/bin/nextcloud-auto-update
View file

@ -1,3 +0,0 @@
#!/bin/bash
set -euo pipefail
/usr/bin/docker compose -f /mnt/data/nextcloud/docker-compose.yaml exec -T --user www-data nextcloud php occ app:update --all

3
playbooks/apps/files/bin/nextcloud-cron
View file

@ -1,3 +0,0 @@
#!/bin/bash
set -euo pipefail
/usr/bin/docker compose -f /mnt/data/nextcloud/docker-compose.yaml exec -dT --user www-data nextcloud php cron.php

3
playbooks/apps/files/bin/nextcloud-preview
View file

@ -1,3 +0,0 @@
#!/bin/bash
set -euo pipefail
/usr/bin/docker compose -f /mnt/data/nextcloud/docker-compose.yaml exec -dT --user www-data nextcloud php occ preview:pre-generate

6
playbooks/apps/files/bin/restic-backup
View file

@ -1,6 +0,0 @@
#!/bin/bash
set -euo pipefail
killall restic || true
source /mnt/data/bin/resticenv
/usr/bin/restic unlock
/usr/bin/restic backup --exclude-file /mnt/data/bin/restic-excludes /mnt/data/ /var/spool/cron/ $@

4
playbooks/apps/files/bin/restic-check
View file

@ -1,4 +0,0 @@
#!/bin/bash
set -euo pipefail
source /mnt/data/bin/resticenv
/usr/bin/restic check --read-data-subset=700M

24
playbooks/apps/files/bin/restic-excludes
View file

@ -1,24 +0,0 @@
db_data
mysql_data
redis_data
*venv*
deluge_data
plex_data
shared_media
media/data
deluge
plex
prowlarr
radarr
sonarr
transmission
nextcloud_data/lib
nextcloud_data/data/appdata_ocw94g5hjk8b/preview
source_code
sources
.cache
.mozilla
prometheus_data
.es_temp_file
timemachine
elastic_data

6
playbooks/apps/files/bin/restic-prune
View file

@ -1,6 +0,0 @@
#!/bin/bash
set -euo pipefail
killall restic || true
source /mnt/data/bin/resticenv
/usr/bin/restic unlock
/usr/bin/restic forget --prune --keep-within-hourly 1d --keep-within-daily 7d --keep-within-weekly 1m --keep-within-monthly 6m

18
playbooks/apps/files/bin/resticenv
View file

@ -1,18 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
34643931646634623466323636613561313364633364663034363863353162323266343166363632
3334363465393362393631356631666161653066663032350a613763383934376138646134313234
66656436353737333138346133623261356137633066663937646565326439336532616436666336
3137626464343636650a653064383038363231656136353532396436316363643235653739666631
33316437333131636434383130376231366562323765343763343164303234386562333962346235
61333865313138313462613738363231333536386639313433396533636433663432633236366232
33643137306536626164353338623234393461373339333763356232376431363062373233303762
38326239306535623237623634363439383838306263343964636637333865346261653639313030
63353437343237346461313364336461633466383832363637643662633633633665383565623062
34346338363936336163336431613634616136333163353961653436396332636332323832656338
37653364366235636663626231636462663836343566343337346461633562663262626135303633
36333366613033623836623064323238626661323037343266613530306439653535333032636336
61316133383962353530383133323237333562336463623963613330373762636230616130633738
31363232353937333536313266346266393233376236373834393232353362646266666336646134
33323239636464313561646238656337333633366161336266353130343061323963356531356563
62643136343535346538613738373561313362323833303739636637323366356430376135326132
6666

6
playbooks/apps/files/bin/smartlong
View file

@ -1,6 +0,0 @@
#!/bin/bash
/usr/sbin/smartctl -t long /dev/sda
/usr/sbin/smartctl -t long /dev/sdb
/usr/sbin/smartctl -t long /dev/sdc
/usr/sbin/smartctl -t long /dev/sdd

6
playbooks/apps/files/bin/smartshort
View file

@ -1,6 +0,0 @@
#!/bin/bash
/usr/sbin/smartctl -t short /dev/sda
/usr/sbin/smartctl -t short /dev/sdb
/usr/sbin/smartctl -t short /dev/sdc
/usr/sbin/smartctl -t short /dev/sdd

267
playbooks/apps/files/bin/z.sh
View file

@ -1,267 +0,0 @@
# Copyright (c) 2009 rupa deadwyler. Licensed under the WTFPL license, Version 2
# maintains a jump-list of the directories you actually use
#
# INSTALL:
# * put something like this in your .bashrc/.zshrc:
# . /path/to/z.sh
# * cd around for a while to build up the db
# * PROFIT!!
# * optionally:
# set $_Z_CMD in .bashrc/.zshrc to change the command (default z).
# set $_Z_DATA in .bashrc/.zshrc to change the datafile (default ~/.z).
# set $_Z_MAX_SCORE lower to age entries out faster (default 9000).
# set $_Z_NO_RESOLVE_SYMLINKS to prevent symlink resolution.
# set $_Z_NO_PROMPT_COMMAND if you're handling PROMPT_COMMAND yourself.
# set $_Z_EXCLUDE_DIRS to an array of directories to exclude.
# set $_Z_OWNER to your username if you want use z while sudo with $HOME kept
#
# USE:
# * z foo # cd to most frecent dir matching foo
# * z foo bar # cd to most frecent dir matching foo and bar
# * z -r foo # cd to highest ranked dir matching foo
# * z -t foo # cd to most recently accessed dir matching foo
# * z -l foo # list matches instead of cd
# * z -e foo # echo the best match, don't cd
# * z -c foo # restrict matches to subdirs of $PWD
# * z -x # remove the current directory from the datafile
# * z -h # show a brief help message
[ -d "${_Z_DATA:-$HOME/.z}" ] && {
echo "ERROR: z.sh's datafile (${_Z_DATA:-$HOME/.z}) is a directory."
}
_z() {
local datafile="${_Z_DATA:-$HOME/.z}"
# if symlink, dereference
[ -h "$datafile" ] && datafile=$(readlink "$datafile")
# bail if we don't own ~/.z and $_Z_OWNER not set
[ -z "$_Z_OWNER" -a -f "$datafile" -a ! -O "$datafile" ] && return
_z_dirs () {
[ -f "$datafile" ] || return
local line
while read line; do
# only count directories
[ -d "${line%%\|*}" ] && echo "$line"
done < "$datafile"
return 0
}
# add entries
if [ "$1" = "--add" ]; then
shift
# $HOME and / aren't worth matching
[ "$*" = "$HOME" -o "$*" = '/' ] && return
# don't track excluded directory trees
if [ ${#_Z_EXCLUDE_DIRS[@]} -gt 0 ]; then
local exclude
for exclude in "${_Z_EXCLUDE_DIRS[@]}"; do
case "$*" in "$exclude"*) return;; esac
done
fi
# maintain the data file
local tempfile="$datafile.$RANDOM"
local score=${_Z_MAX_SCORE:-9000}
_z_dirs | awk -v path="$*" -v now="$(date +%s)" -v score=$score -F"|" '
BEGIN {
rank[path] = 1
time[path] = now
}
$2 >= 1 {
# drop ranks below 1
if( $1 == path ) {
rank[$1] = $2 + 1
time[$1] = now
} else {
rank[$1] = $2
time[$1] = $3
}
count += $2
}
END {
if( count > score ) {
# aging
for( x in rank ) print x "|" 0.99*rank[x] "|" time[x]
} else for( x in rank ) print x "|" rank[x] "|" time[x]
}
' 2>/dev/null >| "$tempfile"
# do our best to avoid clobbering the datafile in a race condition.
if [ $? -ne 0 -a -f "$datafile" ]; then
env rm -f "$tempfile"
else
[ "$_Z_OWNER" ] && chown $_Z_OWNER:"$(id -ng $_Z_OWNER)" "$tempfile"
env mv -f "$tempfile" "$datafile" || env rm -f "$tempfile"
fi
# tab completion
elif [ "$1" = "--complete" -a -s "$datafile" ]; then
_z_dirs | awk -v q="$2" -F"|" '
BEGIN {
q = substr(q, 3)
if( q == tolower(q) ) imatch = 1
gsub(/ /, ".*", q)
}
{
if( imatch ) {
if( tolower($1) ~ q ) print $1
} else if( $1 ~ q ) print $1
}
' 2>/dev/null
else
# list/go
local echo fnd last list opt typ
while [ "$1" ]; do case "$1" in
--) while [ "$1" ]; do shift; fnd="$fnd${fnd:+ }$1";done;;
-*) opt=${1:1}; while [ "$opt" ]; do case ${opt:0:1} in
c) fnd="^$PWD $fnd";;
e) echo=1;;
h) echo "${_Z_CMD:-z} [-cehlrtx] args" >&2; return;;
l) list=1;;
r) typ="rank";;
t) typ="recent";;
x) sed -i -e "\:^${PWD}|.*:d" "$datafile";;
esac; opt=${opt:1}; done;;
*) fnd="$fnd${fnd:+ }$1";;
esac; last=$1; [ "$#" -gt 0 ] && shift; done
[ "$fnd" -a "$fnd" != "^$PWD " ] || list=1
# if we hit enter on a completion just go there
case "$last" in
# completions will always start with /
/*) [ -z "$list" -a -d "$last" ] && builtin cd "$last" && return;;
esac
# no file yet
[ -f "$datafile" ] || return
local cd
cd="$( < <( _z_dirs ) awk -v t="$(date +%s)" -v list="$list" -v typ="$typ" -v q="$fnd" -F"|" '
function frecent(rank, time) {
# relate frequency and time
dx = t - time
return int(10000 * rank * (3.75/((0.0001 * dx + 1) + 0.25)))
}
function output(matches, best_match, common) {
# list or return the desired directory
if( list ) {
if( common ) {
printf "%-10s %s\n", "common:", common > "/dev/stderr"
}
cmd = "sort -n >&2"
for( x in matches ) {
if( matches[x] ) {
printf "%-10s %s\n", matches[x], x | cmd
}
}
} else {
if( common && !typ ) best_match = common
print best_match
}
}
function common(matches) {
# find the common root of a list of matches, if it exists
for( x in matches ) {
if( matches[x] && (!short || length(x) < length(short)) ) {
short = x
}
}
if( short == "/" ) return
for( x in matches ) if( matches[x] && index(x, short) != 1 ) {
return
}
return short
}
BEGIN {
gsub(" ", ".*", q)
hi_rank = ihi_rank = -9999999999
}
{
if( typ == "rank" ) {
rank = $2
} else if( typ == "recent" ) {
rank = $3 - t
} else rank = frecent($2, $3)
if( $1 ~ q ) {
matches[$1] = rank
} else if( tolower($1) ~ tolower(q) ) imatches[$1] = rank
if( matches[$1] && matches[$1] > hi_rank ) {
best_match = $1
hi_rank = matches[$1]
} else if( imatches[$1] && imatches[$1] > ihi_rank ) {
ibest_match = $1
ihi_rank = imatches[$1]
}
}
END {
# prefer case sensitive
if( best_match ) {
output(matches, best_match, common(matches))
exit
} else if( ibest_match ) {
output(imatches, ibest_match, common(imatches))
exit
}
exit(1)
}
')"
if [ "$?" -eq 0 ]; then
if [ "$cd" ]; then
if [ "$echo" ]; then echo "$cd"; else builtin cd "$cd"; fi
fi
else
return $?
fi
fi
}
alias ${_Z_CMD:-z}='_z 2>&1'
[ "$_Z_NO_RESOLVE_SYMLINKS" ] || _Z_RESOLVE_SYMLINKS="-P"
if type compctl >/dev/null 2>&1; then
# zsh
[ "$_Z_NO_PROMPT_COMMAND" ] || {
# populate directory list, avoid clobbering any other precmds.
if [ "$_Z_NO_RESOLVE_SYMLINKS" ]; then
_z_precmd() {
(_z --add "${PWD:a}" &)
: $RANDOM
}
else
_z_precmd() {
(_z --add "${PWD:A}" &)
: $RANDOM
}
fi
[[ -n "${precmd_functions[(r)_z_precmd]}" ]] || {
precmd_functions[$(($#precmd_functions+1))]=_z_precmd
}
}
_z_zsh_tab_completion() {
# tab completion
local compl
read -l compl
reply=(${(f)"$(_z --complete "$compl")"})
}
compctl -U -K _z_zsh_tab_completion _z
elif type complete >/dev/null 2>&1; then
# bash
# tab completion
complete -o filenames -C '_z --complete "$COMP_LINE"' ${_Z_CMD:-z}
[ "$_Z_NO_PROMPT_COMMAND" ] || {
# populate directory list. avoid clobbering other PROMPT_COMMANDs.
grep "_z --add" <<< "$PROMPT_COMMAND" >/dev/null || {
PROMPT_COMMAND="$PROMPT_COMMAND"$'\n''(_z --add "$(command pwd '$_Z_RESOLVE_SYMLINKS' 2>/dev/null)" 2>/dev/null &);'
}
}
fi

15
playbooks/apps/files/charasheet/docker-compose.yml
View file

@ -1,15 +0,0 @@
services:
django:
image: crocmagnon/charasheet:latest
env_file:
- .env
volumes:
- ./db:/app/db
- ./data:/app/data
ports:
- "8001:8000"
user: 1000:1000
restart: always
init: true
tty: true
mem_limit: 512m

8
playbooks/apps/files/charasheet/update
View file

@ -1,8 +0,0 @@
#!/bin/bash
set -euxo pipefail
pushd /mnt/data/charasheet
docker compose --ansi never pull --quiet
docker compose --ansi never up -d
docker compose exec django python manage.py migrate
popd
docker image prune -f

14
playbooks/apps/files/checkout/docker-compose.yml
View file

@ -1,14 +0,0 @@
services:
django:
image: crocmagnon/checkout:latest
env_file:
- .env
volumes:
- ./db:/app/db
- ./media:/app/media
ports:
- "8002:8000"
restart: always
init: true
tty: true
mem_limit: 512m

6
playbooks/apps/files/checkout/generate_data
View file

@ -1,6 +0,0 @@
#!/bin/bash
set -euxo pipefail
pushd /mnt/data/checkout
docker compose exec django python manage.py clear_all_data
docker compose exec django python manage.py generate_dummy_baskets
popd

9
playbooks/apps/files/checkout/update
View file

@ -1,9 +0,0 @@
#!/bin/bash
set -euxo pipefail
pushd /mnt/data/checkout
docker compose --ansi never pull --quiet
docker compose --ansi never up -d
docker compose exec django python manage.py migrate
docker compose exec django python manage.py refresh_cache
popd
docker image prune -f

11
playbooks/apps/files/code/docker-compose.yaml
View file

@ -1,11 +0,0 @@
services:
code:
image: ghcr.io/linuxserver/code-server
env_file: code.env
restart: always
volumes:
- ./code_data:/config
mem_limit: 3g
cpus: 3
ports:
- "9002:8443"

0
playbooks/apps/files/git/docker-compose.yaml → playbooks/apps/files/gitea/docker-compose.yaml
View file

0
playbooks/apps/files/git/gitea.env → playbooks/apps/files/gitea/gitea.env
View file

7
playbooks/apps/files/manuels/update
View file

@ -1,7 +0,0 @@
#!/bin/bash
set -euxo pipefail
pushd /mnt/data/manuels
docker compose --ansi never pull
docker compose --ansi never up -d
popd
docker image prune -f

0
playbooks/apps/files/wallabag/docker-compose.yaml → playbooks/apps/files/wallabag-docker-compose.yaml
View file

17
playbooks/apps/ghost-update.yaml
View file

@ -3,13 +3,14 @@
hosts: servers hosts: servers
gather_facts: false gather_facts: false
tasks: tasks:
# Run the first task synchronously to download dependencies. - name: Start update on gabnotes.org
- name: Update gabnotes.org
ansible.builtin.command: ansible.builtin.command:
chdir: /mnt/data/gabnotes.org chdir: /mnt/data/gabnotes.org
cmd: ghost update cmd: ghost update
register: gabnotes register: gabnotes_async
changed_when: '"Restarting Ghost" in gabnotes.stdout' changed_when: false
async: 300
poll: 0
- name: Start update on voyages-lois.augendre.info - name: Start update on voyages-lois.augendre.info
ansible.builtin.command: ansible.builtin.command:
chdir: /mnt/data/voyages-lois.augendre.info chdir: /mnt/data/voyages-lois.augendre.info
@ -26,6 +27,14 @@
changed_when: false changed_when: false
async: 300 async: 300
poll: 0 poll: 0
- name: Check gabnotes.org
ansible.builtin.async_status:
jid: "{{ gabnotes_async.ansible_job_id }}"
register: gabnotes
until: gabnotes.finished
changed_when: '"Restarting Ghost" in gabnotes.stdout'
retries: 100
delay: 10
- name: Check voyages-lois.augendre.info - name: Check voyages-lois.augendre.info
ansible.builtin.async_status: ansible.builtin.async_status:
jid: "{{ voyages_lois_async.ansible_job_id }}" jid: "{{ voyages_lois_async.ansible_job_id }}"

33
playbooks/apps/gitea.yaml
View file

@ -1,11 +1,23 @@
--- ---
- name: Gitea - name: Setup gitea
hosts: servers hosts: servers
gather_facts: false gather_facts: false
tasks: tasks:
- name: Docker - name: Create dir
ansible.builtin.include_role: ansible.builtin.file:
name: docker path: "{{ dir }}"
state: directory
mode: "0775"
- name: Write env file
ansible.builtin.copy:
src: files/gitea/gitea.env
dest: "{{ dir }}/gitea.env"
mode: "0644"
- name: Write docker-compose.yaml
ansible.builtin.copy:
src: files/gitea/docker-compose.yaml
dest: "{{ dir }}/docker-compose.yaml"
mode: "0644"
- name: Write app.ini - name: Write app.ini
ansible.builtin.template: ansible.builtin.template:
src: templates/gitea_app.ini.j2 src: templates/gitea_app.ini.j2
@ -13,10 +25,19 @@
mode: "0600" mode: "0600"
notify: notify:
- Restart service - Restart service
- name: Ensure service is started
community.docker.docker_compose_v2:
project_src: "{{ dir }}"
state: present
handlers:
- name: Restart service
community.docker.docker_compose_v2:
project_src: "{{ dir }}"
state: restarted
vars: vars:
docker_app_name: git dir: /mnt/data/git
dir: /mnt/data/{{ docker_app_name }}
lfs_jwt_secret: !vault | lfs_jwt_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
34656631616165623233353835386162343837363230366136303764613334323262313233616462 34656631616165623233353835386162343837363230366136303764613334323262313233616462

6
playbooks/apps/goatcounter.yaml
View file

@ -17,6 +17,8 @@
url: https://github.com/arp242/goatcounter/releases/download/{{ release.tag }}/goatcounter-{{ release.tag }}-linux-amd64.gz url: https://github.com/arp242/goatcounter/releases/download/{{ release.tag }}/goatcounter-{{ release.tag }}-linux-amd64.gz
dest: "{{ dir }}/goatcounter-{{ release.tag }}.gz" dest: "{{ dir }}/goatcounter-{{ release.tag }}.gz"
mode: "0644" mode: "0644"
owner: gaugendre
group: gaugendre
- name: Uncompress - name: Uncompress
ansible.builtin.command: gunzip {{ dir }}/goatcounter-{{ release.tag }}.gz ansible.builtin.command: gunzip {{ dir }}/goatcounter-{{ release.tag }}.gz
args: args:
@ -24,7 +26,7 @@
- name: Make executable - name: Make executable
ansible.builtin.file: ansible.builtin.file:
path: "{{ dir }}/goatcounter-{{ release.tag }}" path: "{{ dir }}/goatcounter-{{ release.tag }}"
mode: "0755" mode: "0775"
- name: Symlink - name: Symlink
ansible.builtin.file: ansible.builtin.file:
src: "{{ dir }}/goatcounter-{{ release.tag }}" src: "{{ dir }}/goatcounter-{{ release.tag }}"
@ -35,7 +37,7 @@
ansible.builtin.template: ansible.builtin.template:
src: templates/goatcounter.service.j2 src: templates/goatcounter.service.j2
dest: /etc/systemd/system/goatcounter.service dest: /etc/systemd/system/goatcounter.service
mode: "0600" mode: "0644"
owner: root owner: root
group: root group: root
notify: notify:

2
playbooks/apps/lyon-transports.yaml
View file

@ -8,7 +8,7 @@
ansible.builtin.template: ansible.builtin.template:
src: templates/lyon-transports.service.j2 src: templates/lyon-transports.service.j2
dest: /etc/systemd/system/lyon-transports.service dest: /etc/systemd/system/lyon-transports.service
mode: "0600" mode: "0644"
owner: root owner: root
group: root group: root
notify: notify:

34
playbooks/apps/manuels.yaml
View file

@ -1,34 +0,0 @@
---
- name: Manuels
hosts: servers
gather_facts: false
tasks:
- name: Docker
ansible.builtin.include_role:
name: docker
vars:
docker_app_name: manuels
secret_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
64306561643134653031316464326531643532383663343665326331626132313930633031636435
6663383862663966333161356563323035643434303263640a393638393336346138313566663165
63373662376364353335313234396161646466336439306463633238326536643838633735653661
6430346530313939310a363233663934373433656634646335623336353964666539346534393931
39343066343736343831313430346537346437366430643465303130393734646238323465356231
3931363962306337613030663239623536316339303836343530
mailgun_api_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
33656537666436376336653161333165306265623161333430626333633039383433613135383435
6234316438616462663834383363626363643232386363620a323465653063346432303965663831
65396230336134376264303166626638333265633139333230353731363964333434666338386336
3965653834656536340a396239363339663231626635323364636331386330643030346132343035
35623961373734616264636666376464346430613137613438316337636361336434613064366435
3331306630663536343162346235383338366234666333633563
pg_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
62323036653035616437353636363339323162646135613434306366386362643466663163356461
3163613832333865663564373439333866383638643137390a323364616536313465306138666463
65356437313031373736396133383236383763376138383031633365633730646439643863383037
6133316535373830620a373162656264376164396434373064636235613762666361326231653237
35323539613232633037643465636338376531656230646632313533656364653566

11
playbooks/apps/template.yaml.dist
View file

@ -1,11 +0,0 @@
---
- name: ==APP==
hosts: servers
gather_facts: false
tasks:
- name: Docker
ansible.builtin.include_role:
name: docker
vars:
docker_app_name: ==APP==

3
playbooks/apps/templates/bin/dump-gabnotes.org.j2
View file

@ -1,3 +0,0 @@
#!/bin/bash
set -euo pipefail
/usr/bin/mysqldump --no-tablespaces -u root --password={{ ghost_db_password }} gabnotes_org_prod > /mnt/data/gabnotes.org/db_export/backup.sql

3
playbooks/apps/templates/bin/dump-voyages.coccomagnard.fr.j2
View file

@ -1,3 +0,0 @@
#!/bin/bash
set -euo pipefail
/usr/bin/mysqldump --no-tablespaces -u root --password={{ ghost_db_password }} voyages_coccomagnard_fr_prod > /mnt/data/voyages.coccomagnard.fr/db_export/backup.sql

11
playbooks/apps/templates/bin/healthcheck.j2
View file

@ -1,11 +0,0 @@
#!/bin/bash
set -uo pipefail
RID=`uuidgen`
BASE_URL="https://hc-ping.com/{{ healthcheck_webhook_token }}/$1"
START_URL="$BASE_URL/start?rid=$RID"
shift
curl -A "ubuntu-vm" -fsS --retry 5 -o /dev/null $START_URL
logs=$($@ 2>&1)
status=$?
curl -A "ubuntu-vm" -fsS --retry 5 --data-raw "$logs" -o /dev/null "$BASE_URL/$status?rid=$RID"

30
playbooks/apps/templates/bin/maintenance.j2
View file

@ -1,30 +0,0 @@
#!/bin/bash
set -euo pipefail
# https://api.hetrixtools.com/v2/<API_TOKEN>/maintenance/<UPTIME_MONITOR_ID>/<MAINTENANCE_MODE>/
# Modify the maintenance status of any of your Uptime Monitors.
# <API_TOKEN> - Your API Access Token, in your particular case it's: {{ hetrixtools_token }}
# <UPTIME_MONITOR_ID> - You can find the ID of any of your Uptime Monitors by using the API Call 'v1 List Uptime Monitors', it is listed for every uptime monitor as 'ID'
# <MAINTENANCE_MODE> - The type of maintenance. Accepted values (numbers): 1, 2, or 3.
# 1 - no maintenance mode (normal) - use this to exit maintenance mode
# 2 - maintenance mode with notifications
# 3 - maintenance mode without notifications
API_TOKEN="{{ hetrixtools_token }}"
mode=$1
if [ "$mode" == "on" ]; then
mode=3
elif [ "$mode" == "off" ]; then
mode=1
else
echo "usage $0 <on|off>"
exit 1
fi
ids=$(curl -sSL https://api.hetrixtools.com/v1/$API_TOKEN/uptime/monitors/0/5000/ | jq -r '.[0][] | .ID')
for id in $ids; do
curl -sSL https://api.hetrixtools.com/v2/$API_TOKEN/maintenance/$id/$mode/ > /dev/null
done
echo "Done"

42
playbooks/apps/templates/bin/new_domain.py.j2
View file

@ -1,42 +0,0 @@
#!/usr/bin/env python3
import json
import sys
import ovh
# Instantiate an OVH Client.
# You can generate new credentials with full access to your account on
# the token creation page (https://api.ovh.com/createToken/index.cgi?GET=/*&PUT=/*&POST=/*&DELETE=/*)
# List of available endpoints: https://github.com/ovh/python-ovh#2-configure-your-application
client = ovh.Client(
endpoint='ovh-eu',
application_key='{{ ovh_app_key }}',
application_secret='{{ ovh_app_secret }}',
consumer_key='{{ ovh_consumer_key }}',
)
if len(sys.argv) != 2:
print(f"usage: {sys.argv[0]} <subdomain>")
print(f"example: {sys.argv[0]} testing")
print("no need to include '.augendre.info'")
sys.exit(1)
subdomain = sys.argv[1].removesuffix(".augendre.info")
res = client.get("/domain/zone/augendre.info/record", fieldType="CNAME", subDomain=subdomain)
if len(res) > 0:
print("CNAME already exists")
sys.exit(0)
print("creating domain:")
res = client.post("/domain/zone/augendre.info/record",
fieldType="CNAME",
subDomain=subdomain,
target="nginx.augendre.info.",
ttl=86400,
)
print(json.dumps(res, indent=4))
print("refreshing zone:")
res = client.post("/domain/zone/augendre.info/refresh")
print(json.dumps(res, indent=4))

7
playbooks/apps/templates/charasheet/.env.j2
View file

@ -1,7 +0,0 @@
SECRET_KEY='{{ secret_key }}'
DEBUG=false
ALLOWED_HOSTS=charasheet.augendre.info,localhost
MAILGUN_API_KEY={{ mailgun_api_key }}
MAILGUN_SENDER_DOMAIN=mg.augendre.info
REGISTRATION_OPEN=true
CSRF_TRUSTED_ORIGINS=https://charasheet.augendre.info

7
playbooks/apps/templates/checkout/.env.j2
View file

@ -1,7 +0,0 @@
SECRET_KEY='{{ secret_key }}'
DEBUG=false
HOSTS=checkout.augendre.info
ADMINS=Gabriel Augendre|gabriel@augendre.info
MAILGUN_API_KEY={{ mailgun_api_key }}
MAILGUN_SENDER_DOMAIN=mg.augendre.info
MPLCONFIGDIR=/app/.matplotlib

7
playbooks/apps/templates/code/code.env.j2
View file

@ -1,7 +0,0 @@
PUID=1000
PGID=1000
TZ=Europe/Paris
PASSWORD={{ password }}
SUDO_PASSWORD={{ password }}
PROXY_DOMAIN=code.augendre.info
DOCKER_MODS=linuxserver/mods:code-server-python3|linuxserver/mods:code-server-golang

14
playbooks/apps/templates/collabora/docker-compose.yaml.j2
View file

@ -1,14 +0,0 @@
services:
code:
image: collabora/code
restart: always
environment:
server_name: 'cloud.augendre.info'
aliasgroup1: 'https://cloud.augendre.info:443'
DONT_GEN_SSL_CERT: '1'
username: admin
password: "{{password}}"
extra_params: '--o:ssl.enable=false --o:ssl.termination=true'
mem_limit: 2g
ports:
- "8007:9980"

10
playbooks/apps/templates/manuels/.env.j2
View file

@ -1,10 +0,0 @@
SECRET_KEY='{{ secret_key }}'
DEBUG=true
HOSTS=fournitures.augendre.info,manuels.augendre.info
ADMINS=Gabriel Augendre|gabriel@augendre.info
MAILGUN_API_KEY={{ mailgun_api_key }}
MAILGUN_SENDER_DOMAIN=mg.augendre.info
SERVER_EMAIL=Fournitures et manuels scolaires CDI LPHB <manuels@mg.augendre.info>
LIBRARIAN_EMAILS=sandrine.augendre@ac-lyon.fr
EMAIL_REPLY_TO=Sandrine Augendre <sandrine.augendre@ac-lyon.fr>
DATABASE_URL=postgres://manuels:{{ pg_password }}@db:5432/manuels

24
playbooks/apps/templates/manuels/docker-compose.yaml.j2
View file

@ -1,24 +0,0 @@
services:
django:
image: crocmagnon/manuels-scolaires:latest
env_file:
- .env
volumes:
- ./media:/app/media
depends_on:
- db
restart: always
init: true
tty: true
mem_limit: 512m
ports:
- "8012:8000"
db:
image: postgres:15
restart: always
environment:
POSTGRES_PASSWORD: "{{ pg_password }}"
POSTGRES_USER: "manuels"
POSTGRES_DB: "manuels"
volumes:
- ./db_data:/var/lib/postgresql/data

0
playbooks/apps/templates/wallabag/wallabag.env.j2 → playbooks/apps/templates/wallabag.env.j2
View file

38
playbooks/apps/test_headers.yaml
View file

@ -1,11 +1,37 @@
--- ---
- name: Test headers - name: Setup test_headers
hosts: servers hosts: servers
gather_facts: false gather_facts: false
tasks: tasks:
- name: Docker - name: Create dir
ansible.builtin.include_role: ansible.builtin.file:
name: docker path: "{{ dir }}"
state: directory
mode: "0775"
- name: Write app.py
ansible.builtin.copy:
src: files/test_headers/app.py
dest: "{{ dir }}/app.py"
mode: "0644"
owner: gaugendre
group: gaugendre
notify:
- Restart service
- name: Write docker-compose.yaml
ansible.builtin.copy:
src: files/test_headers/docker-compose.yaml
dest: "{{ dir }}/docker-compose.yaml"
mode: "0644"
owner: gaugendre
group: gaugendre
- name: Ensure service is started
community.docker.docker_compose_v2:
project_src: "{{ dir }}"
state: present
handlers:
- name: Restart service
community.docker.docker_compose_v2:
project_src: "{{ dir }}"
state: restarted
vars: vars:
docker_app_name: test_headers dir: /mnt/data/test_headers

27
playbooks/apps/wallabag.yaml
View file

@ -1,14 +1,29 @@
--- ---
- name: Wallabag - name: Setup wallabag
hosts: servers hosts: servers
gather_facts: false gather_facts: false
tasks: tasks:
- name: Docker - name: Create dir
ansible.builtin.include_role: ansible.builtin.file:
name: docker path: "{{ dir }}"
state: directory
mode: "0775"
- name: Write env file
ansible.builtin.template:
src: templates/wallabag.env.j2
dest: "{{ dir }}/wallabag.env"
mode: "0644"
- name: Write docker-compose.yaml
ansible.builtin.copy:
src: files/wallabag-docker-compose.yaml
dest: "{{ dir }}/docker-compose.yaml"
mode: "0644"
- name: Ensure service is started
community.docker.docker_compose_v2:
project_src: "{{ dir }}"
state: present
vars: vars:
docker_app_name: wallabag dir: /mnt/data/wallabag
secret_key: !vault | secret_key: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
31346432623062383331306633383230376264326530643236393838356166346563653637376666 31346432623062383331306633383230376264326530643236393838356166346563653637376666

3
roles/docker/defaults/main.yaml
View file

@ -1,3 +0,0 @@
---
docker_app_name: some-app
docker_dir: /mnt/data/{{ docker_app_name }}

11
roles/docker/handlers/main.yaml
View file

@ -1,11 +0,0 @@
---
- name: Stop service
community.docker.docker_compose_v2:
project_src: "{{ docker_dir }}"
state: stopped
listen: Restart service
- name: Start service
community.docker.docker_compose_v2:
project_src: "{{ docker_dir }}"
state: present
listen: Restart service

32
roles/docker/tasks/main.yaml
View file

@ -1,32 +0,0 @@
---
- name: Create dir
ansible.builtin.file:
path: "{{ docker_dir }}"
state: directory
mode: "0775"
- name: Write files
ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ docker_dir }}/"
mode: "0600"
with_fileglob:
- files/{{ docker_app_name }}/*
- files/{{ docker_app_name }}/.*
notify:
- Restart service
- name: Write templates
ansible.builtin.template:
src: "{{ item }}"
dest: "{{ docker_dir }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
mode: "0600"
with_fileglob:
- templates/{{ docker_app_name }}/*.j2
- templates/{{ docker_app_name }}/.*.j2
notify:
- Restart service
- name: Flush handlers
ansible.builtin.meta: flush_handlers
- name: Ensure service is started
community.docker.docker_compose_v2:
project_src: "{{ docker_dir }}"
state: present