From 334276e654cb091848a25603c4e5627f8a1bbcb1 Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Mon, 29 Jan 2024 22:28:02 +0000 Subject: [PATCH 01/12] proxmox playbooks - use handler for initial boot & wait --- infra/cloud/0000_proxmox_playbook.yaml | 34 +++++++++++++----------- infra/music/0000_proxmox_playbook.yaml | 34 +++++++++++++----------- infra/photos/0000_proxmox_playbook.yaml | 34 +++++++++++++----------- infra/samba/0000_proxmox_playbook.yaml | 34 +++++++++++++----------- infra/secrets/0000_proxmox_playbook.yaml | 34 +++++++++++++----------- 5 files changed, 90 insertions(+), 80 deletions(-) diff --git a/infra/cloud/0000_proxmox_playbook.yaml b/infra/cloud/0000_proxmox_playbook.yaml index 2ed0f49..0222d9c 100644 --- a/infra/cloud/0000_proxmox_playbook.yaml +++ b/infra/cloud/0000_proxmox_playbook.yaml @@ -36,7 +36,7 @@ community.general.proxmox_kvm: clone: "{{ node }}-debian-12" storage: nvme - register: create + notify: Initial boot - name: Wait for status community.general.proxmox_kvm: state: current @@ -65,21 +65,8 @@ ipconfig0: ip=dhcp,ip6=auto ipconfig1: ip=dhcp - # Initial boot - # For some reason debian cloud images don't use - # cloud-init for networking on first boot (cloud-init files - # are regenerated AFTER networking starts). But we need the - # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯ - - name: Initial boot - when: create.changed is true - block: - - name: Start - community.general.proxmox_kvm: - state: started - register: start - - name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init - ansible.builtin.wait_for: - timeout: 90 + - name: Force all notified handlers to run + ansible.builtin.meta: flush_handlers # VM Configuration - name: Resize root disk @@ -108,3 +95,18 @@ community.general.proxmox_kvm: state: restarted timeout: 60 + handlers: + # Initial boot + # For some reason debian cloud images don't use + # cloud-init for networking on first boot (cloud-init files + # are regenerated AFTER networking starts). But we need the + # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯ + - name: Initial boot + block: + - name: Start + community.general.proxmox_kvm: + state: started + register: start + - name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init + ansible.builtin.wait_for: + timeout: 90 diff --git a/infra/music/0000_proxmox_playbook.yaml b/infra/music/0000_proxmox_playbook.yaml index 984db1a..9df8284 100644 --- a/infra/music/0000_proxmox_playbook.yaml +++ b/infra/music/0000_proxmox_playbook.yaml @@ -36,7 +36,7 @@ community.general.proxmox_kvm: clone: "{{ node }}-debian-12" storage: nvme - register: create + notify: Initial boot - name: Wait for status community.general.proxmox_kvm: state: current @@ -65,21 +65,8 @@ ipconfig0: ip=dhcp,ip6=auto ipconfig1: ip=dhcp - # Initial boot - # For some reason debian cloud images don't use - # cloud-init for networking on first boot (cloud-init files - # are regenerated AFTER networking starts). But we need the - # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯ - - name: Initial boot - when: create.changed is true - block: - - name: Start - community.general.proxmox_kvm: - state: started - register: start - - name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init - ansible.builtin.wait_for: - timeout: 90 + - name: Force all notified handlers to run + ansible.builtin.meta: flush_handlers # VM Configuration - name: Resize root disk @@ -114,3 +101,18 @@ community.general.proxmox_kvm: state: restarted timeout: 60 + handlers: + # Initial boot + # For some reason debian cloud images don't use + # cloud-init for networking on first boot (cloud-init files + # are regenerated AFTER networking starts). But we need the + # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯ + - name: Initial boot + block: + - name: Start + community.general.proxmox_kvm: + state: started + register: start + - name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init + ansible.builtin.wait_for: + timeout: 90 diff --git a/infra/photos/0000_proxmox_playbook.yaml b/infra/photos/0000_proxmox_playbook.yaml index 6804b05..0f75d10 100644 --- a/infra/photos/0000_proxmox_playbook.yaml +++ b/infra/photos/0000_proxmox_playbook.yaml @@ -36,7 +36,7 @@ community.general.proxmox_kvm: clone: "{{ node }}-debian-12" storage: nvme - register: create + notify: Initial boot - name: Wait for status community.general.proxmox_kvm: state: current @@ -65,21 +65,8 @@ ipconfig0: ip=dhcp,ip6=auto ipconfig1: ip=dhcp - # Initial boot - # For some reason debian cloud images don't use - # cloud-init for networking on first boot (cloud-init files - # are regenerated AFTER networking starts). But we need the - # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯ - - name: Initial boot - when: create.changed is true - block: - - name: Start - community.general.proxmox_kvm: - state: started - register: start - - name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init - ansible.builtin.wait_for: - timeout: 90 + - name: Force all notified handlers to run + ansible.builtin.meta: flush_handlers # VM Configuration - name: Resize root disk @@ -114,3 +101,18 @@ community.general.proxmox_kvm: state: restarted timeout: 60 + handlers: + # Initial boot + # For some reason debian cloud images don't use + # cloud-init for networking on first boot (cloud-init files + # are regenerated AFTER networking starts). But we need the + # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯ + - name: Initial boot + block: + - name: Start + community.general.proxmox_kvm: + state: started + register: start + - name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init + ansible.builtin.wait_for: + timeout: 90 diff --git a/infra/samba/0000_proxmox_playbook.yaml b/infra/samba/0000_proxmox_playbook.yaml index 3c75130..a8dc053 100644 --- a/infra/samba/0000_proxmox_playbook.yaml +++ b/infra/samba/0000_proxmox_playbook.yaml @@ -36,7 +36,7 @@ community.general.proxmox_kvm: clone: "{{ node }}-debian-12" storage: nvme - register: create + notify: Initial boot - name: Wait for status community.general.proxmox_kvm: state: current @@ -65,21 +65,8 @@ ipconfig0: ip=dhcp,ip6=auto ipconfig1: ip=dhcp - # Initial boot - # For some reason debian cloud images don't use - # cloud-init for networking on first boot (cloud-init files - # are regenerated AFTER networking starts). But we need the - # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯ - - name: Initial boot - when: create.changed is true - block: - - name: Start - community.general.proxmox_kvm: - state: started - register: start - - name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init - ansible.builtin.wait_for: - timeout: 90 + - name: Force all notified handlers to run + ansible.builtin.meta: flush_handlers # VM Configuration - name: Resize root disk @@ -113,3 +100,18 @@ community.general.proxmox_kvm: state: restarted timeout: 60 + handlers: + # Initial boot + # For some reason debian cloud images don't use + # cloud-init for networking on first boot (cloud-init files + # are regenerated AFTER networking starts). But we need the + # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯ + - name: Initial boot + block: + - name: Start + community.general.proxmox_kvm: + state: started + register: start + - name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init + ansible.builtin.wait_for: + timeout: 90 diff --git a/infra/secrets/0000_proxmox_playbook.yaml b/infra/secrets/0000_proxmox_playbook.yaml index 37d9b94..bc77e4d 100644 --- a/infra/secrets/0000_proxmox_playbook.yaml +++ b/infra/secrets/0000_proxmox_playbook.yaml @@ -36,7 +36,7 @@ community.general.proxmox_kvm: clone: "{{ node }}-debian-12" storage: nvme - register: create + notify: Initial boot - name: Wait for status community.general.proxmox_kvm: state: current @@ -65,21 +65,8 @@ ipconfig0: ip=dhcp,ip6=auto ipconfig1: ip=dhcp - # Initial boot - # For some reason debian cloud images don't use - # cloud-init for networking on first boot (cloud-init files - # are regenerated AFTER networking starts). But we need the - # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯ - - name: Initial boot - when: create.changed is true - block: - - name: Start - community.general.proxmox_kvm: - state: started - register: start - - name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init - ansible.builtin.wait_for: - timeout: 90 + - name: Force all notified handlers to run + ansible.builtin.meta: flush_handlers # VM Configuration - name: Resize root disk @@ -109,3 +96,18 @@ community.general.proxmox_kvm: state: restarted timeout: 60 + handlers: + # Initial boot + # For some reason debian cloud images don't use + # cloud-init for networking on first boot (cloud-init files + # are regenerated AFTER networking starts). But we need the + # hostname to be registered with DHCP later on so ¯\_(ツ)_/¯ + - name: Initial boot + block: + - name: Start + community.general.proxmox_kvm: + state: started + register: start + - name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init + ansible.builtin.wait_for: + timeout: 90 -- 2.40.1 From e807abb376de3518c2dbebe2cfe23b8a0e7b73fd Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Mon, 29 Jan 2024 22:41:33 +0000 Subject: [PATCH 02/12] Fix name of install docker playbooks --- infra/cloud/0002_docker_playbook.yaml | 2 +- infra/music/0002_docker_playbook.yaml | 2 +- infra/photos/0002_docker_playbook.yaml | 2 +- infra/samba/0002_docker_playbook.yaml | 2 +- infra/secrets/0002_docker_playbook.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/infra/cloud/0002_docker_playbook.yaml b/infra/cloud/0002_docker_playbook.yaml index b2a09fe..726a1f3 100644 --- a/infra/cloud/0002_docker_playbook.yaml +++ b/infra/cloud/0002_docker_playbook.yaml @@ -1,4 +1,4 @@ -- name: Install software +- name: Install docker hosts: cloud gather_facts: false tasks: diff --git a/infra/music/0002_docker_playbook.yaml b/infra/music/0002_docker_playbook.yaml index 49a6e9e..c1c9222 100644 --- a/infra/music/0002_docker_playbook.yaml +++ b/infra/music/0002_docker_playbook.yaml @@ -1,4 +1,4 @@ -- name: Install software +- name: Install docker hosts: music gather_facts: false tasks: diff --git a/infra/photos/0002_docker_playbook.yaml b/infra/photos/0002_docker_playbook.yaml index 4e8734b..04bd766 100644 --- a/infra/photos/0002_docker_playbook.yaml +++ b/infra/photos/0002_docker_playbook.yaml @@ -1,4 +1,4 @@ -- name: Install software +- name: Install docker hosts: photos gather_facts: false tasks: diff --git a/infra/samba/0002_docker_playbook.yaml b/infra/samba/0002_docker_playbook.yaml index 944db90..9dfa430 100644 --- a/infra/samba/0002_docker_playbook.yaml +++ b/infra/samba/0002_docker_playbook.yaml @@ -1,4 +1,4 @@ -- name: Install software +- name: Install docker hosts: samba gather_facts: false tasks: diff --git a/infra/secrets/0002_docker_playbook.yaml b/infra/secrets/0002_docker_playbook.yaml index e7b346f..babe118 100644 --- a/infra/secrets/0002_docker_playbook.yaml +++ b/infra/secrets/0002_docker_playbook.yaml @@ -1,4 +1,4 @@ -- name: Install software +- name: Install docker hosts: secrets gather_facts: false tasks: -- 2.40.1 From 1a0114fa34115147f4ead6262c49bf6b1025f052 Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Mon, 29 Jan 2024 22:42:27 +0000 Subject: [PATCH 03/12] nextcloud aio: - remove immich decommision (it's fine(tm)) - use ansible to create container, instead of bash script --- ...003_00_cleanup_script_deploy_playbook.yaml | 13 ++++ infra/cloud/0003_nextcloud_playbook.yaml | 36 ++++++---- .../0004_decommission_immich_playbook.yaml | 71 ------------------- infra/cloud/nextcloud/all-in-one.sh | 21 ------ 4 files changed, 35 insertions(+), 106 deletions(-) create mode 100644 infra/cloud/0003_00_cleanup_script_deploy_playbook.yaml delete mode 100644 infra/cloud/0004_decommission_immich_playbook.yaml delete mode 100644 infra/cloud/nextcloud/all-in-one.sh diff --git a/infra/cloud/0003_00_cleanup_script_deploy_playbook.yaml b/infra/cloud/0003_00_cleanup_script_deploy_playbook.yaml new file mode 100644 index 0000000..a14ecce --- /dev/null +++ b/infra/cloud/0003_00_cleanup_script_deploy_playbook.yaml @@ -0,0 +1,13 @@ +- name: Cleanup old ~/nextcloud directory + hosts: cloud + gather_facts: false + vars: + app: nextcloud + tasks: + - name: Wait for connection + ansible.builtin.wait_for_connection: + timeout: 300 + - name: Delete nextcloud directory + ansible.builtin.file: + path: "$HOME/{{ app }}" + state: absent diff --git a/infra/cloud/0003_nextcloud_playbook.yaml b/infra/cloud/0003_nextcloud_playbook.yaml index 46842d1..d3d9b63 100644 --- a/infra/cloud/0003_nextcloud_playbook.yaml +++ b/infra/cloud/0003_nextcloud_playbook.yaml @@ -2,21 +2,29 @@ hosts: cloud gather_facts: false vars: - app: nextcloud + container: nextcloud-aio-mastercontainer tasks: - name: Wait for connection ansible.builtin.wait_for_connection: timeout: 300 - - name: Get user - ansible.builtin.user: - name: debian - register: user - - name: Copy project - ansible.builtin.copy: - src: "./{{ app }}" - dest: "{{ user.home }}" - mode: "0744" - - name: Re-deploy - ansible.builtin.command: bash all-in-one.sh - args: - chdir: "{{ user.home }}/{{ app }}" + - name: Deploy master container + community.docker.docker_container: + image: nextcloud/all-in-one:latest + recreate: true + state: started + restart_policy: unless-stopped + init: true + name: "{{ container }}" + published_ports: + - 8080:8080 + env: + NEXTCLOUD_UPLOAD_LIMIT: 16G + NEXTCLOUD_MAX_TIME: "7200" + NEXTCLOUD_ADDITIONAL_APKS: imagemagick ffmpeg + APACHE_PORT: "11000" + APACHE_IP_BINDING: "0.0.0.0" + TZ: Europe/London + AIO_DISABLE_BACKUP_SECTION: "true" + volumes: + - nextcloud_aio_mastercontainer:/mnt/docker-aio-config + - /var/run/docker.sock:/var/run/docker.sock:ro diff --git a/infra/cloud/0004_decommission_immich_playbook.yaml b/infra/cloud/0004_decommission_immich_playbook.yaml deleted file mode 100644 index abdbd12..0000000 --- a/infra/cloud/0004_decommission_immich_playbook.yaml +++ /dev/null @@ -1,71 +0,0 @@ -- name: Decommission Immich - hosts: cloud - gather_facts: false - vars: - app: immich - api_user: "{{ lookup('ansible.builtin.env', 'PROXMOX_USER') }}" - api_host: "{{ lookup('ansible.builtin.env', 'PROXMOX_HOST' ) }}" - api_token_id: "{{ lookup('ansible.builtin.env', 'PROXMOX_TOKEN_ID') }}" - api_token_secret: "{{ lookup('ansible.builtin.env', 'PROXMOX_TOKEN_SECRET') }}" - vmname: "{{ inventory_hostname | regex_replace('^([^\\.]+)\\..+$', '\\1') }}" - node: pve - module_defaults: - community.general.proxmox_kvm: - api_user: "{{ api_user }}" - api_host: "{{ api_host }}" - api_token_id: "{{ api_token_id }}" - api_token_secret: "{{ api_token_secret }}" - name: "{{ vmname }}" - node: "{{ node }}" - community.general.proxmox_disk: - api_user: "{{ api_user }}" - api_host: "{{ api_host }}" - api_token_id: "{{ api_token_id }}" - api_token_secret: "{{ api_token_secret }}" - name: "{{ vmname }}" - tasks: - - name: Wait for connection - ansible.builtin.wait_for_connection: - timeout: 300 - - name: Get user - ansible.builtin.user: - name: debian - register: user - - name: Docker compose down - ansible.builtin.command: docker compose down - args: - chdir: "{{ user.home }}/{{ app }}" - ignore_errors: true - - name: Remove docker volumes - ansible.builtin.command: docker compose down --volumes - args: - chdir: "{{ user.home }}/{{ app }}" - ignore_errors: true - - name: Remove config directory - ansible.builtin.file: - path: "{{ user.home }}/{{ app }}" - state: absent - - - name: Destroy media disk - community.general.proxmox_disk: - disk: scsi2 - state: absent - delegate_to: localhost - - name: Remove media mount - ansible.posix.mount: - src: /dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:2-part1 - path: /mnt/media - fstype: ext4 - opts: rw,errors=remount-ro,x-systemd.growfs - state: absent - become: true - - name: Remove media directory - ansible.builtin.file: - path: /mnt/media - state: absent - become: true - - name: Restart VM - community.general.proxmox_kvm: - state: restarted - timeout: 60 - delegate_to: localhost diff --git a/infra/cloud/nextcloud/all-in-one.sh b/infra/cloud/nextcloud/all-in-one.sh deleted file mode 100644 index d4feaf8..0000000 --- a/infra/cloud/nextcloud/all-in-one.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -docker stop nextcloud-aio-mastercontainer || true -docker rm nextcloud-aio-mastercontainer || true - -docker run \ ---init \ ---sig-proxy=false \ ---name nextcloud-aio-mastercontainer \ ---restart unless-stopped \ ---publish 8080:8080 \ ---env NEXTCLOUD_UPLOAD_LIMIT=16G \ ---env NEXTCLOUD_MAX_TIME=7200 \ ---env NEXTCLOUD_ADDITIONAL_APKS="imagemagick ffmpeg" \ ---env APACHE_PORT=11000 \ ---env APACHE_IP_BINDING=0.0.0.0 \ ---env TZ=Europe/London \ ---env AIO_DISABLE_BACKUP_SECTION=true \ ---volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ ---volume /var/run/docker.sock:/var/run/docker.sock:ro \ --d nextcloud/all-in-one:latest -- 2.40.1 From 2aa297e9013a985d230395d3fb67cb8b695fabec Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Tue, 30 Jan 2024 12:37:37 +0000 Subject: [PATCH 04/12] docker_compose_v2 ansible (instead of shell) --- .github/workflows/infra.yaml | 2 +- infra/music/0003_music_playbook.yaml | 29 +++++++++-------------- infra/photos/0003_immich_playbook.yaml | 24 +++++++------------ infra/samba/0003_samba_playbook.yaml | 23 +++++++----------- infra/secrets/0003_infiscal_playbook.yaml | 26 ++++++++------------ 5 files changed, 39 insertions(+), 65 deletions(-) diff --git a/.github/workflows/infra.yaml b/.github/workflows/infra.yaml index 149494b..a21dd87 100644 --- a/.github/workflows/infra.yaml +++ b/.github/workflows/infra.yaml @@ -29,7 +29,7 @@ jobs: apt update apt install -y python3-pip pip3 install -r requirements.txt - ansible-galaxy collection install community.general infisical.vault + ansible-galaxy collection install community.general community.docker infisical.vault --force - name: Check playbooks run: | diff --git a/infra/music/0003_music_playbook.yaml b/infra/music/0003_music_playbook.yaml index 532e885..8ec3de2 100644 --- a/infra/music/0003_music_playbook.yaml +++ b/infra/music/0003_music_playbook.yaml @@ -7,46 +7,39 @@ - name: Wait for connection ansible.builtin.wait_for_connection: timeout: 300 - - name: Get user - ansible.builtin.user: - name: debian - register: user - name: Docker compose down - ansible.builtin.command: docker compose down - args: - chdir: "{{ user.home }}/{{ app }}" - ignore_errors: true + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" + state: absent - name: Copy project ansible.builtin.copy: src: "./{{ app }}" - dest: "{{ user.home }}" + dest: "$HOME" mode: "0744" - - name: Replace LastFM API key secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "LASTFM_APIKEY_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='LASTFM_APIKEY')['value'] }}" - name: Replace LastFM secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "LASTFM_SECRET_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='LASTFM_SECRET')['value'] }}" - name: Replace Mongo Password secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "SPOTIFY_ID_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='SPOTIFY_ID')['value'] }}" - name: Replace SMTP Password secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "SPOTIFY_SECRET_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='SPOTIFY_SECRET')['value'] }}" - - name: Docker compose up -d - ansible.builtin.command: docker compose up -d - args: - chdir: "{{ user.home }}/{{ app }}" + - name: Docker compose up + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" - name: Update data permissions ansible.builtin.file: diff --git a/infra/photos/0003_immich_playbook.yaml b/infra/photos/0003_immich_playbook.yaml index 6335431..4a4bbf8 100644 --- a/infra/photos/0003_immich_playbook.yaml +++ b/infra/photos/0003_immich_playbook.yaml @@ -1,5 +1,5 @@ - name: Deploy app - hosts: photos + hosts: photos gather_facts: false vars: app: immich @@ -7,31 +7,25 @@ - name: Wait for connection ansible.builtin.wait_for_connection: timeout: 300 - - name: Get user - ansible.builtin.user: - name: debian - register: user - name: Docker compose down - ansible.builtin.command: docker compose down - args: - chdir: "{{ user.home }}/{{ app }}" - ignore_errors: true + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" + state: absent - name: Copy project ansible.builtin.copy: src: "./{{ app }}" - dest: "{{ user.home }}" + dest: "$HOME" mode: "0744" - name: Replace Typesense secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "TYPESENSE_API_KEY_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='TYPESENSE_API_KEY')['value'] }}" - name: Replace DB secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "DB_PASSWORD_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='DB_PASSWORD')['value'] }}" - name: Docker compose up -d - ansible.builtin.command: docker compose up -d - args: - chdir: "{{ user.home }}/{{ app }}" + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" diff --git a/infra/samba/0003_samba_playbook.yaml b/infra/samba/0003_samba_playbook.yaml index 1df1e72..5393a68 100644 --- a/infra/samba/0003_samba_playbook.yaml +++ b/infra/samba/0003_samba_playbook.yaml @@ -7,32 +7,25 @@ - name: Wait for connection ansible.builtin.wait_for_connection: timeout: 300 - - name: Get user - ansible.builtin.user: - name: debian - register: user - - name: Docker compose down - ansible.builtin.command: docker compose down - args: - chdir: "{{ user.home }}/{{ app }}" - ignore_errors: true + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" + state: absent - name: Copy project ansible.builtin.copy: src: "./{{ app }}" - dest: "{{ user.home }}" + dest: "$HOME" mode: "0744" - name: Replace KVK Password secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/config.yml" + path: "$HOME/{{ app }}/config.yml" regexp: "KVK_PASSWORD" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/samba', secret_name='KVK_PASSWORD')['value'] }}" - - name: Docker compose up -d - ansible.builtin.command: docker compose up -d - args: - chdir: "{{ user.home }}/{{ app }}" + - name: Docker compose up + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" - name: Update samba permissions ansible.builtin.file: diff --git a/infra/secrets/0003_infiscal_playbook.yaml b/infra/secrets/0003_infiscal_playbook.yaml index 20b4e18..899acc6 100644 --- a/infra/secrets/0003_infiscal_playbook.yaml +++ b/infra/secrets/0003_infiscal_playbook.yaml @@ -7,43 +7,37 @@ - name: Wait for connection ansible.builtin.wait_for_connection: timeout: 300 - - name: Get user - ansible.builtin.user: - name: debian - register: user - name: Docker compose down - ansible.builtin.command: docker compose down - args: - chdir: "{{ user.home }}/{{ app }}" - ignore_errors: true + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" + state: absent - name: Copy project ansible.builtin.copy: src: "./{{ app }}" - dest: "{{ user.home }}" + dest: "$HOME" mode: "0744" - name: Replace Encryption Key secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "ENCRYPTION_KEY_VALUE" replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_ENCRYPTION_KEY') }}" - name: Replace Auth secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "AUTH_SECRET_VALUE" replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_AUTH_SECRET') }}" - name: Replace Mongo Password secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "MONGO_PASSWORD_VALUE" replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_MONGO_PASSWORD') }}" - name: Replace SMTP Password secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "SMTP_PASSWORD_VALUE" replace: "{{ lookup('ansible.builtin.env', 'SMTP_PASSWORD') }}" - name: Docker compose up -d - ansible.builtin.command: docker compose up -d - args: - chdir: "{{ user.home }}/{{ app }}" + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" -- 2.40.1 From e1375aeb72eb5a3fb32770dfebad7897e2fdf740 Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Tue, 30 Jan 2024 12:40:46 +0000 Subject: [PATCH 05/12] ansible-lint --- infra/secrets/0001_initialise_playbook.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/secrets/0001_initialise_playbook.yaml b/infra/secrets/0001_initialise_playbook.yaml index b2aff9d..2fa6e7e 100644 --- a/infra/secrets/0001_initialise_playbook.yaml +++ b/infra/secrets/0001_initialise_playbook.yaml @@ -39,4 +39,4 @@ fstype: ext4 opts: rw,errors=remount-ro,x-systemd.growfs state: mounted - become: true \ No newline at end of file + become: true -- 2.40.1 From 9689da7d118463fbfd37e1973399a44ecd69a34c Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Tue, 30 Jan 2024 12:42:41 +0000 Subject: [PATCH 06/12] Add ansible-lint to github actions --- .github/workflows/infra.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/infra.yaml b/.github/workflows/infra.yaml index a21dd87..cb7244b 100644 --- a/.github/workflows/infra.yaml +++ b/.github/workflows/infra.yaml @@ -31,11 +31,13 @@ jobs: pip3 install -r requirements.txt ansible-galaxy collection install community.general community.docker infisical.vault --force + - name: Ansible lint + run: | + ansible-lint infra/**/*playbook.yaml + - name: Check playbooks run: | - for file in $(find . -wholename "*/infra/*playbook.yaml" -type f); do - ansible-playbook --inventory ./inventory --syntax-check "$file" - done + ansible-playbook --inventory ./inventory --syntax-check infra/**/*playbook.yaml - name: Get changed playbooks id: files -- 2.40.1 From 594c97f4dc8b3b1363080cf8717c52e3b708fab1 Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Tue, 30 Jan 2024 12:46:27 +0000 Subject: [PATCH 07/12] Add ansible-lint dependancy --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index 35aae9b..0e6672d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,5 @@ ansible +ansible-lint proxmoxer requests infisical -- 2.40.1 From 2834642cb7d9cde0a0a665819cef2b9079dc7a04 Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Tue, 30 Jan 2024 13:01:28 +0000 Subject: [PATCH 08/12] Use strict linting --- .github/workflows/infra.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/infra.yaml b/.github/workflows/infra.yaml index cb7244b..976ea11 100644 --- a/.github/workflows/infra.yaml +++ b/.github/workflows/infra.yaml @@ -33,7 +33,7 @@ jobs: - name: Ansible lint run: | - ansible-lint infra/**/*playbook.yaml + ansible-lint -s -x args[module] infra/**/*playbook.yaml - name: Check playbooks run: | -- 2.40.1 From 5ac073fc114d71964078fd4c1dd6a220d72b8251 Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Tue, 30 Jan 2024 17:31:29 +0000 Subject: [PATCH 09/12] use ansible-lint action --- .ansible-lint | 6 ++++++ .github/workflows/infra.yaml | 5 ++--- infra/music/music/docker-compose.yml | 2 +- infra/photos/immich/docker-compose.yml | 4 ++-- infra/samba/samba/config.yml | 10 +++++----- 5 files changed, 16 insertions(+), 11 deletions(-) create mode 100644 .ansible-lint diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..6d94bb9 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,6 @@ +strict: true +use_default_rules: true +skip_list: + - args[module] +exclude_paths: + - "!infra/**/*playbook.yaml" diff --git a/.github/workflows/infra.yaml b/.github/workflows/infra.yaml index 976ea11..13e1420 100644 --- a/.github/workflows/infra.yaml +++ b/.github/workflows/infra.yaml @@ -31,9 +31,8 @@ jobs: pip3 install -r requirements.txt ansible-galaxy collection install community.general community.docker infisical.vault --force - - name: Ansible lint - run: | - ansible-lint -s -x args[module] infra/**/*playbook.yaml + - name: Run ansible-lint + uses: ansible/ansible-lint@v6 - name: Check playbooks run: | diff --git a/infra/music/music/docker-compose.yml b/infra/music/music/docker-compose.yml index 206a624..bb7d67f 100644 --- a/infra/music/music/docker-compose.yml +++ b/infra/music/music/docker-compose.yml @@ -49,4 +49,4 @@ services: volumes: - /mnt/nvme/filebrowser:/config - /mnt/media/downloads:/srv/downloads - - /mnt/media/music:/srv/music \ No newline at end of file + - /mnt/media/music:/srv/music diff --git a/infra/photos/immich/docker-compose.yml b/infra/photos/immich/docker-compose.yml index 93a2bb4..6cbeda2 100644 --- a/infra/photos/immich/docker-compose.yml +++ b/infra/photos/immich/docker-compose.yml @@ -4,7 +4,7 @@ services: immich-server: container_name: immich_server image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release} - command: [ "start.sh", "immich" ] + command: ["start.sh", "immich"] volumes: - ${UPLOAD_LOCATION}:/usr/src/app/upload env_file: @@ -22,7 +22,7 @@ services: # extends: # file: hwaccel.yml # service: hwaccel - command: [ "start.sh", "microservices" ] + command: ["start.sh", "microservices"] volumes: - ${UPLOAD_LOCATION}:/usr/src/app/upload env_file: diff --git a/infra/samba/samba/config.yml b/infra/samba/samba/config.yml index 70974af..0c577f1 100644 --- a/infra/samba/samba/config.yml +++ b/infra/samba/samba/config.yml @@ -15,12 +15,12 @@ global: - "force group = debian" share: - - name: kvkbackups + - name: kvkbackups comment: KVK Backups path: /samba/kvkbackups validusers: kvk writelist: kvk - browsable: yes - readonly: no - guestok: no - veto: no + browsable: true + readonly: false + guestok: false + veto: false -- 2.40.1 From 8ab4968371c4c56a77d7639d62f72b7e5d90b599 Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Tue, 30 Jan 2024 17:32:13 +0000 Subject: [PATCH 10/12] Remove ansible-lint from requirements --- requirements.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 0e6672d..35aae9b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,4 @@ ansible -ansible-lint proxmoxer requests infisical -- 2.40.1 From 202abc79e318c1474bf562e232afe4d375669659 Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Tue, 30 Jan 2024 17:50:13 +0000 Subject: [PATCH 11/12] Use requirements.yml for galaxy --- .ansible-lint | 2 -- .github/workflows/infra.yaml | 2 +- requirements.yml | 4 ++++ 3 files changed, 5 insertions(+), 3 deletions(-) create mode 100644 requirements.yml diff --git a/.ansible-lint b/.ansible-lint index 6d94bb9..4ac37ef 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -2,5 +2,3 @@ strict: true use_default_rules: true skip_list: - args[module] -exclude_paths: - - "!infra/**/*playbook.yaml" diff --git a/.github/workflows/infra.yaml b/.github/workflows/infra.yaml index 13e1420..c32bc04 100644 --- a/.github/workflows/infra.yaml +++ b/.github/workflows/infra.yaml @@ -29,7 +29,7 @@ jobs: apt update apt install -y python3-pip pip3 install -r requirements.txt - ansible-galaxy collection install community.general community.docker infisical.vault --force + ansible-galaxy collection install -r requirements.yml --force - name: Run ansible-lint uses: ansible/ansible-lint@v6 diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..8d9ddf2 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,4 @@ +collections: + - name: community.general + - name: community.docker + - name: infisical.vault -- 2.40.1 From ef780275e713e280b375a76cd4cf5bc126bc5469 Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Fri, 29 Mar 2024 16:24:22 +0000 Subject: [PATCH 12/12] Infisical no longer needs pinning --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index e6d850b..35aae9b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ ansible proxmoxer requests -infisical==1.5.0 +infisical -- 2.40.1