diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..4ac37ef --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,4 @@ +strict: true +use_default_rules: true +skip_list: + - args[module] diff --git a/.github/workflows/infra.yaml b/.github/workflows/infra.yaml index 851b20d..a739485 100644 --- a/.github/workflows/infra.yaml +++ b/.github/workflows/infra.yaml @@ -29,13 +29,14 @@ jobs: apt update apt install -y python3-pip pip3 install -r requirements.txt - ansible-galaxy collection install community.general infisical.vault + ansible-galaxy collection install -r requirements.yml --force + + - name: Run ansible-lint + uses: ansible/ansible-lint@v6 - name: Check playbooks run: | - for file in $(find . -wholename "*/infra/*playbook.yaml" -type f); do - ansible-playbook --inventory ./inventory --syntax-check "$file" - done + ansible-playbook --inventory ./inventory --syntax-check infra/**/*playbook.yaml - name: Get changed playbooks id: files diff --git a/infra/cloud/0000_proxmox_playbook.yaml b/infra/cloud/0000_proxmox_playbook.yaml index 2ed0f49..0222d9c 100644 --- a/infra/cloud/0000_proxmox_playbook.yaml +++ b/infra/cloud/0000_proxmox_playbook.yaml @@ -36,7 +36,7 @@ community.general.proxmox_kvm: clone: "{{ node }}-debian-12" storage: nvme - register: create + notify: Initial boot - name: Wait for status community.general.proxmox_kvm: state: current @@ -65,21 +65,8 @@ ipconfig0: ip=dhcp,ip6=auto ipconfig1: ip=dhcp - # Initial boot - # For some reason debian cloud images don't use - # cloud-init for networking on first boot (cloud-init files - # are regenerated AFTER networking starts). But we need the - # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯ - - name: Initial boot - when: create.changed is true - block: - - name: Start - community.general.proxmox_kvm: - state: started - register: start - - name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init - ansible.builtin.wait_for: - timeout: 90 + - name: Force all notified handlers to run + ansible.builtin.meta: flush_handlers # VM Configuration - name: Resize root disk @@ -108,3 +95,18 @@ community.general.proxmox_kvm: state: restarted timeout: 60 + handlers: + # Initial boot + # For some reason debian cloud images don't use + # cloud-init for networking on first boot (cloud-init files + # are regenerated AFTER networking starts). But we need the + # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯ + - name: Initial boot + block: + - name: Start + community.general.proxmox_kvm: + state: started + register: start + - name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init + ansible.builtin.wait_for: + timeout: 90 diff --git a/infra/cloud/0002_docker_playbook.yaml b/infra/cloud/0002_docker_playbook.yaml index b2a09fe..726a1f3 100644 --- a/infra/cloud/0002_docker_playbook.yaml +++ b/infra/cloud/0002_docker_playbook.yaml @@ -1,4 +1,4 @@ -- name: Install software +- name: Install docker hosts: cloud gather_facts: false tasks: diff --git a/infra/cloud/0003_00_cleanup_script_deploy_playbook.yaml b/infra/cloud/0003_00_cleanup_script_deploy_playbook.yaml new file mode 100644 index 0000000..a14ecce --- /dev/null +++ b/infra/cloud/0003_00_cleanup_script_deploy_playbook.yaml @@ -0,0 +1,13 @@ +- name: Cleanup old ~/nextcloud directory + hosts: cloud + gather_facts: false + vars: + app: nextcloud + tasks: + - name: Wait for connection + ansible.builtin.wait_for_connection: + timeout: 300 + - name: Delete nextcloud directory + ansible.builtin.file: + path: "$HOME/{{ app }}" + state: absent diff --git a/infra/cloud/0003_nextcloud_playbook.yaml b/infra/cloud/0003_nextcloud_playbook.yaml index 46842d1..d3d9b63 100644 --- a/infra/cloud/0003_nextcloud_playbook.yaml +++ b/infra/cloud/0003_nextcloud_playbook.yaml @@ -2,21 +2,29 @@ hosts: cloud gather_facts: false vars: - app: nextcloud + container: nextcloud-aio-mastercontainer tasks: - name: Wait for connection ansible.builtin.wait_for_connection: timeout: 300 - - name: Get user - ansible.builtin.user: - name: debian - register: user - - name: Copy project - ansible.builtin.copy: - src: "./{{ app }}" - dest: "{{ user.home }}" - mode: "0744" - - name: Re-deploy - ansible.builtin.command: bash all-in-one.sh - args: - chdir: "{{ user.home }}/{{ app }}" + - name: Deploy master container + community.docker.docker_container: + image: nextcloud/all-in-one:latest + recreate: true + state: started + restart_policy: unless-stopped + init: true + name: "{{ container }}" + published_ports: + - 8080:8080 + env: + NEXTCLOUD_UPLOAD_LIMIT: 16G + NEXTCLOUD_MAX_TIME: "7200" + NEXTCLOUD_ADDITIONAL_APKS: imagemagick ffmpeg + APACHE_PORT: "11000" + APACHE_IP_BINDING: "0.0.0.0" + TZ: Europe/London + AIO_DISABLE_BACKUP_SECTION: "true" + volumes: + - nextcloud_aio_mastercontainer:/mnt/docker-aio-config + - /var/run/docker.sock:/var/run/docker.sock:ro diff --git a/infra/cloud/0004_decommission_immich_playbook.yaml b/infra/cloud/0004_decommission_immich_playbook.yaml deleted file mode 100644 index abdbd12..0000000 --- a/infra/cloud/0004_decommission_immich_playbook.yaml +++ /dev/null @@ -1,71 +0,0 @@ -- name: Decommission Immich - hosts: cloud - gather_facts: false - vars: - app: immich - api_user: "{{ lookup('ansible.builtin.env', 'PROXMOX_USER') }}" - api_host: "{{ lookup('ansible.builtin.env', 'PROXMOX_HOST' ) }}" - api_token_id: "{{ lookup('ansible.builtin.env', 'PROXMOX_TOKEN_ID') }}" - api_token_secret: "{{ lookup('ansible.builtin.env', 'PROXMOX_TOKEN_SECRET') }}" - vmname: "{{ inventory_hostname | regex_replace('^([^\\.]+)\\..+$', '\\1') }}" - node: pve - module_defaults: - community.general.proxmox_kvm: - api_user: "{{ api_user }}" - api_host: "{{ api_host }}" - api_token_id: "{{ api_token_id }}" - api_token_secret: "{{ api_token_secret }}" - name: "{{ vmname }}" - node: "{{ node }}" - community.general.proxmox_disk: - api_user: "{{ api_user }}" - api_host: "{{ api_host }}" - api_token_id: "{{ api_token_id }}" - api_token_secret: "{{ api_token_secret }}" - name: "{{ vmname }}" - tasks: - - name: Wait for connection - ansible.builtin.wait_for_connection: - timeout: 300 - - name: Get user - ansible.builtin.user: - name: debian - register: user - - name: Docker compose down - ansible.builtin.command: docker compose down - args: - chdir: "{{ user.home }}/{{ app }}" - ignore_errors: true - - name: Remove docker volumes - ansible.builtin.command: docker compose down --volumes - args: - chdir: "{{ user.home }}/{{ app }}" - ignore_errors: true - - name: Remove config directory - ansible.builtin.file: - path: "{{ user.home }}/{{ app }}" - state: absent - - - name: Destroy media disk - community.general.proxmox_disk: - disk: scsi2 - state: absent - delegate_to: localhost - - name: Remove media mount - ansible.posix.mount: - src: /dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:2-part1 - path: /mnt/media - fstype: ext4 - opts: rw,errors=remount-ro,x-systemd.growfs - state: absent - become: true - - name: Remove media directory - ansible.builtin.file: - path: /mnt/media - state: absent - become: true - - name: Restart VM - community.general.proxmox_kvm: - state: restarted - timeout: 60 - delegate_to: localhost diff --git a/infra/cloud/nextcloud/all-in-one.sh b/infra/cloud/nextcloud/all-in-one.sh deleted file mode 100644 index d4feaf8..0000000 --- a/infra/cloud/nextcloud/all-in-one.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -docker stop nextcloud-aio-mastercontainer || true -docker rm nextcloud-aio-mastercontainer || true - -docker run \ ---init \ ---sig-proxy=false \ ---name nextcloud-aio-mastercontainer \ ---restart unless-stopped \ ---publish 8080:8080 \ ---env NEXTCLOUD_UPLOAD_LIMIT=16G \ ---env NEXTCLOUD_MAX_TIME=7200 \ ---env NEXTCLOUD_ADDITIONAL_APKS="imagemagick ffmpeg" \ ---env APACHE_PORT=11000 \ ---env APACHE_IP_BINDING=0.0.0.0 \ ---env TZ=Europe/London \ ---env AIO_DISABLE_BACKUP_SECTION=true \ ---volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ ---volume /var/run/docker.sock:/var/run/docker.sock:ro \ --d nextcloud/all-in-one:latest diff --git a/infra/music/0000_proxmox_playbook.yaml b/infra/music/0000_proxmox_playbook.yaml index 984db1a..9df8284 100644 --- a/infra/music/0000_proxmox_playbook.yaml +++ b/infra/music/0000_proxmox_playbook.yaml @@ -36,7 +36,7 @@ community.general.proxmox_kvm: clone: "{{ node }}-debian-12" storage: nvme - register: create + notify: Initial boot - name: Wait for status community.general.proxmox_kvm: state: current @@ -65,21 +65,8 @@ ipconfig0: ip=dhcp,ip6=auto ipconfig1: ip=dhcp - # Initial boot - # For some reason debian cloud images don't use - # cloud-init for networking on first boot (cloud-init files - # are regenerated AFTER networking starts). But we need the - # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯ - - name: Initial boot - when: create.changed is true - block: - - name: Start - community.general.proxmox_kvm: - state: started - register: start - - name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init - ansible.builtin.wait_for: - timeout: 90 + - name: Force all notified handlers to run + ansible.builtin.meta: flush_handlers # VM Configuration - name: Resize root disk @@ -114,3 +101,18 @@ community.general.proxmox_kvm: state: restarted timeout: 60 + handlers: + # Initial boot + # For some reason debian cloud images don't use + # cloud-init for networking on first boot (cloud-init files + # are regenerated AFTER networking starts). But we need the + # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯ + - name: Initial boot + block: + - name: Start + community.general.proxmox_kvm: + state: started + register: start + - name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init + ansible.builtin.wait_for: + timeout: 90 diff --git a/infra/music/0002_docker_playbook.yaml b/infra/music/0002_docker_playbook.yaml index 49a6e9e..c1c9222 100644 --- a/infra/music/0002_docker_playbook.yaml +++ b/infra/music/0002_docker_playbook.yaml @@ -1,4 +1,4 @@ -- name: Install software +- name: Install docker hosts: music gather_facts: false tasks: diff --git a/infra/music/0003_music_playbook.yaml b/infra/music/0003_music_playbook.yaml index 532e885..8ec3de2 100644 --- a/infra/music/0003_music_playbook.yaml +++ b/infra/music/0003_music_playbook.yaml @@ -7,46 +7,39 @@ - name: Wait for connection ansible.builtin.wait_for_connection: timeout: 300 - - name: Get user - ansible.builtin.user: - name: debian - register: user - name: Docker compose down - ansible.builtin.command: docker compose down - args: - chdir: "{{ user.home }}/{{ app }}" - ignore_errors: true + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" + state: absent - name: Copy project ansible.builtin.copy: src: "./{{ app }}" - dest: "{{ user.home }}" + dest: "$HOME" mode: "0744" - - name: Replace LastFM API key secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "LASTFM_APIKEY_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='LASTFM_APIKEY')['value'] }}" - name: Replace LastFM secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "LASTFM_SECRET_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='LASTFM_SECRET')['value'] }}" - name: Replace Mongo Password secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "SPOTIFY_ID_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='SPOTIFY_ID')['value'] }}" - name: Replace SMTP Password secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "SPOTIFY_SECRET_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='SPOTIFY_SECRET')['value'] }}" - - name: Docker compose up -d - ansible.builtin.command: docker compose up -d - args: - chdir: "{{ user.home }}/{{ app }}" + - name: Docker compose up + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" - name: Update data permissions ansible.builtin.file: diff --git a/infra/music/music/docker-compose.yml b/infra/music/music/docker-compose.yml index 206a624..bb7d67f 100644 --- a/infra/music/music/docker-compose.yml +++ b/infra/music/music/docker-compose.yml @@ -49,4 +49,4 @@ services: volumes: - /mnt/nvme/filebrowser:/config - /mnt/media/downloads:/srv/downloads - - /mnt/media/music:/srv/music \ No newline at end of file + - /mnt/media/music:/srv/music diff --git a/infra/photos/0000_proxmox_playbook.yaml b/infra/photos/0000_proxmox_playbook.yaml index 6804b05..0f75d10 100644 --- a/infra/photos/0000_proxmox_playbook.yaml +++ b/infra/photos/0000_proxmox_playbook.yaml @@ -36,7 +36,7 @@ community.general.proxmox_kvm: clone: "{{ node }}-debian-12" storage: nvme - register: create + notify: Initial boot - name: Wait for status community.general.proxmox_kvm: state: current @@ -65,21 +65,8 @@ ipconfig0: ip=dhcp,ip6=auto ipconfig1: ip=dhcp - # Initial boot - # For some reason debian cloud images don't use - # cloud-init for networking on first boot (cloud-init files - # are regenerated AFTER networking starts). But we need the - # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯ - - name: Initial boot - when: create.changed is true - block: - - name: Start - community.general.proxmox_kvm: - state: started - register: start - - name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init - ansible.builtin.wait_for: - timeout: 90 + - name: Force all notified handlers to run + ansible.builtin.meta: flush_handlers # VM Configuration - name: Resize root disk @@ -114,3 +101,18 @@ community.general.proxmox_kvm: state: restarted timeout: 60 + handlers: + # Initial boot + # For some reason debian cloud images don't use + # cloud-init for networking on first boot (cloud-init files + # are regenerated AFTER networking starts). But we need the + # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯ + - name: Initial boot + block: + - name: Start + community.general.proxmox_kvm: + state: started + register: start + - name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init + ansible.builtin.wait_for: + timeout: 90 diff --git a/infra/photos/0002_docker_playbook.yaml b/infra/photos/0002_docker_playbook.yaml index 4e8734b..04bd766 100644 --- a/infra/photos/0002_docker_playbook.yaml +++ b/infra/photos/0002_docker_playbook.yaml @@ -1,4 +1,4 @@ -- name: Install software +- name: Install docker hosts: photos gather_facts: false tasks: diff --git a/infra/photos/0003_immich_playbook.yaml b/infra/photos/0003_immich_playbook.yaml index 50a5eed..4a4bbf8 100644 --- a/infra/photos/0003_immich_playbook.yaml +++ b/infra/photos/0003_immich_playbook.yaml @@ -7,31 +7,25 @@ - name: Wait for connection ansible.builtin.wait_for_connection: timeout: 300 - - name: Get user - ansible.builtin.user: - name: debian - register: user - name: Docker compose down - ansible.builtin.command: docker compose down - args: - chdir: "{{ user.home }}/{{ app }}" - ignore_errors: true + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" + state: absent - name: Copy project ansible.builtin.copy: src: "./{{ app }}" - dest: "{{ user.home }}" + dest: "$HOME" mode: "0744" - name: Replace Typesense secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "TYPESENSE_API_KEY_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='TYPESENSE_API_KEY')['value'] }}" - name: Replace DB secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "DB_PASSWORD_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='DB_PASSWORD')['value'] }}" - name: Docker compose up -d - ansible.builtin.command: docker compose up -d - args: - chdir: "{{ user.home }}/{{ app }}" + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" diff --git a/infra/samba/0000_proxmox_playbook.yaml b/infra/samba/0000_proxmox_playbook.yaml index 3c75130..a8dc053 100644 --- a/infra/samba/0000_proxmox_playbook.yaml +++ b/infra/samba/0000_proxmox_playbook.yaml @@ -36,7 +36,7 @@ community.general.proxmox_kvm: clone: "{{ node }}-debian-12" storage: nvme - register: create + notify: Initial boot - name: Wait for status community.general.proxmox_kvm: state: current @@ -65,21 +65,8 @@ ipconfig0: ip=dhcp,ip6=auto ipconfig1: ip=dhcp - # Initial boot - # For some reason debian cloud images don't use - # cloud-init for networking on first boot (cloud-init files - # are regenerated AFTER networking starts). But we need the - # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯ - - name: Initial boot - when: create.changed is true - block: - - name: Start - community.general.proxmox_kvm: - state: started - register: start - - name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init - ansible.builtin.wait_for: - timeout: 90 + - name: Force all notified handlers to run + ansible.builtin.meta: flush_handlers # VM Configuration - name: Resize root disk @@ -113,3 +100,18 @@ community.general.proxmox_kvm: state: restarted timeout: 60 + handlers: + # Initial boot + # For some reason debian cloud images don't use + # cloud-init for networking on first boot (cloud-init files + # are regenerated AFTER networking starts). But we need the + # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯ + - name: Initial boot + block: + - name: Start + community.general.proxmox_kvm: + state: started + register: start + - name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init + ansible.builtin.wait_for: + timeout: 90 diff --git a/infra/samba/0002_docker_playbook.yaml b/infra/samba/0002_docker_playbook.yaml index 944db90..9dfa430 100644 --- a/infra/samba/0002_docker_playbook.yaml +++ b/infra/samba/0002_docker_playbook.yaml @@ -1,4 +1,4 @@ -- name: Install software +- name: Install docker hosts: samba gather_facts: false tasks: diff --git a/infra/samba/0003_samba_playbook.yaml b/infra/samba/0003_samba_playbook.yaml index 1df1e72..5393a68 100644 --- a/infra/samba/0003_samba_playbook.yaml +++ b/infra/samba/0003_samba_playbook.yaml @@ -7,32 +7,25 @@ - name: Wait for connection ansible.builtin.wait_for_connection: timeout: 300 - - name: Get user - ansible.builtin.user: - name: debian - register: user - - name: Docker compose down - ansible.builtin.command: docker compose down - args: - chdir: "{{ user.home }}/{{ app }}" - ignore_errors: true + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" + state: absent - name: Copy project ansible.builtin.copy: src: "./{{ app }}" - dest: "{{ user.home }}" + dest: "$HOME" mode: "0744" - name: Replace KVK Password secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/config.yml" + path: "$HOME/{{ app }}/config.yml" regexp: "KVK_PASSWORD" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/samba', secret_name='KVK_PASSWORD')['value'] }}" - - name: Docker compose up -d - ansible.builtin.command: docker compose up -d - args: - chdir: "{{ user.home }}/{{ app }}" + - name: Docker compose up + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" - name: Update samba permissions ansible.builtin.file: diff --git a/infra/samba/samba/config.yml b/infra/samba/samba/config.yml index 70974af..0c577f1 100644 --- a/infra/samba/samba/config.yml +++ b/infra/samba/samba/config.yml @@ -15,12 +15,12 @@ global: - "force group = debian" share: - - name: kvkbackups + - name: kvkbackups comment: KVK Backups path: /samba/kvkbackups validusers: kvk writelist: kvk - browsable: yes - readonly: no - guestok: no - veto: no + browsable: true + readonly: false + guestok: false + veto: false diff --git a/infra/secrets/0000_proxmox_playbook.yaml b/infra/secrets/0000_proxmox_playbook.yaml index 1dcdaeb..163b180 100644 --- a/infra/secrets/0000_proxmox_playbook.yaml +++ b/infra/secrets/0000_proxmox_playbook.yaml @@ -36,7 +36,7 @@ community.general.proxmox_kvm: clone: "{{ node }}-debian-12" storage: nvme - register: create + notify: Initial boot - name: Wait for status community.general.proxmox_kvm: state: current @@ -65,21 +65,8 @@ ipconfig0: ip=dhcp,ip6=auto ipconfig1: ip=dhcp - # Initial boot - # For some reason debian cloud images don't use - # cloud-init for networking on first boot (cloud-init files - # are regenerated AFTER networking starts). But we need the - # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯ - - name: Initial boot - when: create.changed is true - block: - - name: Start - community.general.proxmox_kvm: - state: started - register: start - - name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init - ansible.builtin.wait_for: - timeout: 90 + - name: Force all notified handlers to run + ansible.builtin.meta: flush_handlers # VM Configuration - name: Resize root disk @@ -108,3 +95,18 @@ community.general.proxmox_kvm: state: restarted timeout: 60 + handlers: + # Initial boot + # For some reason debian cloud images don't use + # cloud-init for networking on first boot (cloud-init files + # are regenerated AFTER networking starts). But we need the + # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯ + - name: Initial boot + block: + - name: Start + community.general.proxmox_kvm: + state: started + register: start + - name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init + ansible.builtin.wait_for: + timeout: 90 diff --git a/infra/secrets/0002_docker_playbook.yaml b/infra/secrets/0002_docker_playbook.yaml index de544a0..780638a 100644 --- a/infra/secrets/0002_docker_playbook.yaml +++ b/infra/secrets/0002_docker_playbook.yaml @@ -1,4 +1,4 @@ -- name: Install software +- name: Install docker hosts: secrets gather_facts: false tasks: diff --git a/infra/secrets/0003_infiscal_playbook.yaml b/infra/secrets/0003_infiscal_playbook.yaml index b2e11eb..3c9b71c 100644 --- a/infra/secrets/0003_infiscal_playbook.yaml +++ b/infra/secrets/0003_infiscal_playbook.yaml @@ -7,38 +7,31 @@ - name: Wait for connection ansible.builtin.wait_for_connection: timeout: 300 - - name: Get user - ansible.builtin.user: - name: debian - register: user - name: Docker compose down - ansible.builtin.command: docker compose down - args: - chdir: "{{ user.home }}/{{ app }}" - ignore_errors: true - + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" + state: absent - name: Copy project ansible.builtin.copy: src: "./{{ app }}" - dest: "{{ user.home }}" + dest: "$HOME" mode: "0744" - name: Replace Encryption Key secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "ENCRYPTION_KEY_VALUE" replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_ENCRYPTION_KEY') }}" - name: Replace Auth secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "AUTH_SECRET_VALUE" replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_AUTH_SECRET') }}" - name: Replace SMTP Password secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "SMTP_PASSWORD_VALUE" replace: "{{ lookup('ansible.builtin.env', 'SMTP_PASSWORD') }}" - name: Docker compose up -d - ansible.builtin.command: docker compose up -d - args: - chdir: "{{ user.home }}/{{ app }}" + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" diff --git a/requirements.txt b/requirements.txt index e6d850b..35aae9b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ ansible proxmoxer requests -infisical==1.5.0 +infisical diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..8d9ddf2 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,4 @@ +collections: + - name: community.general + - name: community.docker + - name: infisical.vault