From 2355aa6e126cdc34884784ecb8fc5f95fe68f85d Mon Sep 17 00:00:00 2001 From: gabriel becker Date: Sat, 16 Aug 2025 18:57:09 +1000 Subject: [PATCH] Spread services across multiple groups --- .gitignore | 1 + .gitmodules | 3 +++ README.md | 13 +++++++--- group_vars/all.yml | 8 ++++++ group_vars/dev-server/vars.yml | 3 +++ group_vars/file-server/vars.yml | 5 ++++ group_vars/management-server/vars.yml | 9 +++++++ group_vars/media-downloading-server/vars.yml | 9 +++++++ group_vars/media-server/vars.yml | 9 +++++++ group_vars/server/vars.yml | 17 ++++++------- group_vars/socialmedia-server/vars.yml | 9 +++++++ inventory.yml | 26 +++++++++++++++----- requirments.txt | 1 + roles/webserver/tasks/dependencies.yml | 8 +++--- roles/webserver/tasks/install_docker.yml | 18 +++++++++----- roles/webserver/tasks/main.yml | 8 +++--- roles/webserver/tasks/nginx_config.yml | 2 +- roles/webserver/tasks/start_service.yml | 1 + run.yml | 14 ++++++++++- 19 files changed, 130 insertions(+), 34 deletions(-) create mode 100644 .gitmodules create mode 100644 group_vars/all.yml create mode 100644 group_vars/dev-server/vars.yml create mode 100644 group_vars/file-server/vars.yml create mode 100644 group_vars/management-server/vars.yml create mode 100644 group_vars/media-downloading-server/vars.yml create mode 100644 group_vars/media-server/vars.yml create mode 100644 group_vars/socialmedia-server/vars.yml create mode 100644 requirments.txt diff --git a/.gitignore b/.gitignore index c1d6aa5..261cb90 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .venv .vscode +.vault_pass \ No newline at end of file diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..e3ec883 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "services"] + path = services + url = https://git.lgoon.xyz/gabriel/lgoon-services diff --git a/README.md b/README.md index cb7f2d8..3026d5e 100644 --- a/README.md +++ b/README.md @@ -6,13 +6,20 @@ This playbook was tested against a debian 12 image. ## Usage ```bash ansible-playbook run.yml +ansible-playbook run.yml --ask-pass --ask-become-pass +ansible-playbook run.yml --vault-password-file .vault_pass ``` ## Variables Should be defined in `group_vars/server/vars.yml`: - - **services_dir**: fodler path containing all folders with docker-compose stacks. they should have the scructure `/docker-compose.yml` and optionally include `/.env` files + - **services_dir**: folder path containing all folders with docker-compose stacks. they should have the scructure `/docker-compose.yml` and optionally include `/.env` files - **services**: list of services in the service_dir container all `` folders - - **packages**: utils packages for linxu environment - +## Secrets +```bash +ansible-vault create secret.yml +ansible-vault edit secret +ansible-vault view secret +ansible-vault encrypt secret.yml +``` diff --git a/group_vars/all.yml b/group_vars/all.yml new file mode 100644 index 0000000..7821854 --- /dev/null +++ b/group_vars/all.yml @@ -0,0 +1,8 @@ +packages: + - git + - htop + - rsync + - wget +base_services: + - portainer +services_configs_dir: "" \ No newline at end of file diff --git a/group_vars/dev-server/vars.yml b/group_vars/dev-server/vars.yml new file mode 100644 index 0000000..507da1e --- /dev/null +++ b/group_vars/dev-server/vars.yml @@ -0,0 +1,3 @@ +services: + - gitea +services: "{{ base_services + services }}" diff --git a/group_vars/file-server/vars.yml b/group_vars/file-server/vars.yml new file mode 100644 index 0000000..800765a --- /dev/null +++ b/group_vars/file-server/vars.yml @@ -0,0 +1,5 @@ +services: + - nextcloud + - syncthing + - immich +services: "{{ base_services + services }}" diff --git a/group_vars/management-server/vars.yml b/group_vars/management-server/vars.yml new file mode 100644 index 0000000..0f1fae5 --- /dev/null +++ b/group_vars/management-server/vars.yml @@ -0,0 +1,9 @@ +services: + # - pinry + # - piped + # - immich + # - monica + # - piwigo + # - vikunja + - syncthing +services: "{{ base_services + services }}" diff --git a/group_vars/media-downloading-server/vars.yml b/group_vars/media-downloading-server/vars.yml new file mode 100644 index 0000000..0f1fae5 --- /dev/null +++ b/group_vars/media-downloading-server/vars.yml @@ -0,0 +1,9 @@ +services: + # - pinry + # - piped + # - immich + # - monica + # - piwigo + # - vikunja + - syncthing +services: "{{ base_services + services }}" diff --git a/group_vars/media-server/vars.yml b/group_vars/media-server/vars.yml new file mode 100644 index 0000000..0f1fae5 --- /dev/null +++ b/group_vars/media-server/vars.yml @@ -0,0 +1,9 @@ +services: + # - pinry + # - piped + # - immich + # - monica + # - piwigo + # - vikunja + - syncthing +services: "{{ base_services + services }}" diff --git a/group_vars/server/vars.yml b/group_vars/server/vars.yml index 98b423d..82df235 100644 --- a/group_vars/server/vars.yml +++ b/group_vars/server/vars.yml @@ -1,10 +1,9 @@ -packages: - - git - - htop + services: - - pinry - - immich - - monica - - piwigo - - vikunja -services_dir: /home/gabriel/hosted \ No newline at end of file + # - pinry + # - piped + # - immich + # - monica + # - piwigo + # - vikunja + - syncthing \ No newline at end of file diff --git a/group_vars/socialmedia-server/vars.yml b/group_vars/socialmedia-server/vars.yml new file mode 100644 index 0000000..b987cf2 --- /dev/null +++ b/group_vars/socialmedia-server/vars.yml @@ -0,0 +1,9 @@ +services: + # - pinry + # - piped + # - immich + # - monica + # - piwigo + # - vikunja + - syncthing +services: "{{ global_services + services }}" diff --git a/inventory.yml b/inventory.yml index 69913bd..c7f5cb3 100644 --- a/inventory.yml +++ b/inventory.yml @@ -1,8 +1,22 @@ -server: +file-servers: hosts: - ec2-13-239-10-136.ap-southeast-2.compute.amazonaws.com: + debianpx: + ansible_host: 192.168.122.177 + ansible_user: gabriel vars: - ansible_user: admin - ansible_ssh_private_key_file: /home/gabriel/dev/terraform/terraform-lab/ec2ml/my_ssh.pem - PERSISTENT_DIRECTORY: /persistent - VOLATILE_DIRECTORY: /volatile % + services_dir: /home/gabriel/hosted + services_configs_dir: /home/gabriel/hosted/configs + PERSISTENT_DIRECTORY: /home/gabriel/hosted/persistent + VOLATILE_DIRECTORY: /home/gabriel/hosted/volatile + BACKUPDIR: /home/gabriel/hosted/backup + APPSDIR: /home/gabriel/hosted/apps + MEDIADIR: /home/gabriel/hosted/media + +media-servers: + hosts: + algrroca: + ansible_user: root + # ansible_ssh_private_key_file: /home/gabriel/.ssh/aws_ec2_ssh.pem + # PERSISTENT_DIRECTORY: /home/srv/raidded + # VOLATILE_DIRECTORY: /home/srv/mstorage + # ansible_sudo_pass: diff --git a/requirments.txt b/requirments.txt new file mode 100644 index 0000000..90d4055 --- /dev/null +++ b/requirments.txt @@ -0,0 +1 @@ +ansible diff --git a/roles/webserver/tasks/dependencies.yml b/roles/webserver/tasks/dependencies.yml index b02a2cd..2004d65 100644 --- a/roles/webserver/tasks/dependencies.yml +++ b/roles/webserver/tasks/dependencies.yml @@ -1,10 +1,10 @@ --- - name: Update packages - apt: - update_cache: yes - upgrade: yes + ansible.builtin.apt: + update_cache: true + upgrade: true - name: Install essential packages - package: + ansible.builtin.package: name: "{{ packages }}" state: latest diff --git a/roles/webserver/tasks/install_docker.yml b/roles/webserver/tasks/install_docker.yml index a9bc42a..c652043 100644 --- a/roles/webserver/tasks/install_docker.yml +++ b/roles/webserver/tasks/install_docker.yml @@ -1,12 +1,12 @@ --- - name: Install aptitude - apt: + ansible.builtin.apt: name: aptitude state: latest update_cache: true - name: Install required system packages - apt: + ansible.builtin.apt: pkg: - apt-transport-https - ca-certificates @@ -19,23 +19,23 @@ update_cache: true - name: Add Docker GPG apt Key - apt_key: + ansible.builtin.apt_key: url: https://download.docker.com/linux/debian/gpg state: present - name: Add Docker Repository - apt_repository: + ansible.builtin.apt_repository: repo: deb https://download.docker.com/linux/debian bookworm stable state: present - name: Update apt and install docker-ce - apt: + ansible.builtin.apt: name: docker-ce state: latest update_cache: true - name: Update apt and install docker-compose - apt: + ansible.builtin.apt: name: docker-compose state: latest update_cache: true @@ -44,3 +44,9 @@ ansible.builtin.pip: name: docker extra_args: --break-system-packages + + - name: adding existing user to group docker '{{ ansible_user }}' + ansible.builtin.user: + name: '{{ ansible_user }}' + groups: docker + append: true diff --git a/roles/webserver/tasks/main.yml b/roles/webserver/tasks/main.yml index 7c8937c..f5393c8 100644 --- a/roles/webserver/tasks/main.yml +++ b/roles/webserver/tasks/main.yml @@ -1,5 +1,5 @@ --- -- include_tasks: dependencies.yml -- include_tasks: install_docker.yml -- include_tasks: start_service.yml -- include_tasks: nginx_config.yml \ No newline at end of file +- ansible.builtin.include_tasks: dependencies.yml +- ansible.builtin.include_tasks: install_docker.yml +- ansible.builtin.include_tasks: start_service.yml +- ansible.builtin.include_tasks: nginx_config.yml \ No newline at end of file diff --git a/roles/webserver/tasks/nginx_config.yml b/roles/webserver/tasks/nginx_config.yml index 32be1a2..2883609 100644 --- a/roles/webserver/tasks/nginx_config.yml +++ b/roles/webserver/tasks/nginx_config.yml @@ -1,6 +1,6 @@ --- - name: Copy service folder - copy: + ansible.builtin.copy: src: "{{ services_dir }}/nginx-npm" dest: /services/ diff --git a/roles/webserver/tasks/start_service.yml b/roles/webserver/tasks/start_service.yml index a0ead62..ba88541 100644 --- a/roles/webserver/tasks/start_service.yml +++ b/roles/webserver/tasks/start_service.yml @@ -8,4 +8,5 @@ - name: Start Docker compose community.docker.docker_compose: project_src: "/services/{{ item }}" + environment: "{{ compose_env }}" with_items: "{{ services }}" diff --git a/run.yml b/run.yml index db5166b..9e61df7 100644 --- a/run.yml +++ b/run.yml @@ -1,5 +1,17 @@ --- - hosts: server - become: yes + become: true + roles: + - role: webserver + # vars_files: + # - secret + +- hosts: file-servers + become: true + roles: + - role: webserver + +- hosts: media-servers + become: true roles: - role: webserver