Spread services across multiple groups

2025-08-16 18:57:09 +10:00 · 2025-08-16 18:57:09 +10:00 · 2355aa6e12
commit 2355aa6e12
parent e4b0ed2fc2
19 changed files with 130 additions and 34 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,3 @@
 .venv
 .vscode
+.vault_pass
--- a/.gitmodules
+++ b/.gitmodules
@ -0,0 +1,3 @@
+[submodule "services"]
+	path = services
+	url = https://git.lgoon.xyz/gabriel/lgoon-services
--- a/README.md
+++ b/README.md
@ -6,13 +6,20 @@ This playbook was tested against a debian 12 image.
 ## Usage
 ```bash
 ansible-playbook run.yml
+ansible-playbook run.yml --ask-pass --ask-become-pass
+ansible-playbook run.yml --vault-password-file .vault_pass
 ```

 ## Variables
 Should be defined in `group_vars/server/vars.yml`:
- - **services_dir**: fodler path containing all folders with docker-compose stacks. they should have the scructure `<service>/docker-compose.yml` and optionally include `<service>/.env` files 
+ - **services_dir**: folder path containing all folders with docker-compose stacks. they should have the scructure `<service>/docker-compose.yml` and optionally include `<service>/.env` files 
 - **services**: list of services in the service_dir container all `<service>` folders
- - **packages**: utils packages for linxu environment
-


+##  Secrets
+```bash
+ansible-vault create secret.yml
+ansible-vault edit secret
+ansible-vault view secret
+ansible-vault encrypt secret.yml
+```
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -0,0 +1,8 @@
+packages:
+  - git
+  - htop
+  - rsync
+  - wget
+base_services:
+  - portainer
+services_configs_dir: ""
--- a/group_vars/dev-server/vars.yml
+++ b/group_vars/dev-server/vars.yml
@ -0,0 +1,3 @@
+services:
+  - gitea
+services: "{{ base_services + services }}"
--- a/group_vars/file-server/vars.yml
+++ b/group_vars/file-server/vars.yml
@ -0,0 +1,5 @@
+services:
+  - nextcloud
+  - syncthing
+  - immich
+services: "{{ base_services + services }}"
--- a/group_vars/management-server/vars.yml
+++ b/group_vars/management-server/vars.yml
@ -0,0 +1,9 @@
+services:
+  # - pinry
+  # - piped
+  # - immich
+  # - monica
+  # - piwigo
+  # - vikunja
+  - syncthing
+services: "{{ base_services + services }}"
--- a/group_vars/media-downloading-server/vars.yml
+++ b/group_vars/media-downloading-server/vars.yml
@ -0,0 +1,9 @@
+services:
+  # - pinry
+  # - piped
+  # - immich
+  # - monica
+  # - piwigo
+  # - vikunja
+  - syncthing
+services: "{{ base_services + services }}"
--- a/group_vars/media-server/vars.yml
+++ b/group_vars/media-server/vars.yml
@ -0,0 +1,9 @@
+services:
+  # - pinry
+  # - piped
+  # - immich
+  # - monica
+  # - piwigo
+  # - vikunja
+  - syncthing
+services: "{{ base_services + services }}"
--- a/group_vars/server/vars.yml
+++ b/group_vars/server/vars.yml
@ -1,10 +1,9 @@
-packages:
-  - git
-  - htop
+
 services:
-  - pinry
-  - immich
-  - monica
-  - piwigo
-  - vikunja
-services_dir: /home/gabriel/hosted
+  # - pinry
+  # - piped
+  # - immich
+  # - monica
+  # - piwigo
+  # - vikunja
+  - syncthing
--- a/group_vars/socialmedia-server/vars.yml
+++ b/group_vars/socialmedia-server/vars.yml
@ -0,0 +1,9 @@
+services:
+  # - pinry
+  # - piped
+  # - immich
+  # - monica
+  # - piwigo
+  # - vikunja
+  - syncthing
+services: "{{ global_services + services }}"
--- a/inventory.yml
+++ b/inventory.yml
@ -1,8 +1,22 @@
-server:
+file-servers:
  hosts:
-    ec2-13-239-10-136.ap-southeast-2.compute.amazonaws.com:
+    debianpx:
+      ansible_host: 192.168.122.177
+      ansible_user: gabriel
  vars:
-    ansible_user: admin
-    ansible_ssh_private_key_file: /home/gabriel/dev/terraform/terraform-lab/ec2ml/my_ssh.pem
-    PERSISTENT_DIRECTORY: /persistent
-    VOLATILE_DIRECTORY: /volatile  %
+    services_dir: /home/gabriel/hosted
+    services_configs_dir: /home/gabriel/hosted/configs
+    PERSISTENT_DIRECTORY: /home/gabriel/hosted/persistent
+    VOLATILE_DIRECTORY: /home/gabriel/hosted/volatile
+    BACKUPDIR: /home/gabriel/hosted/backup
+    APPSDIR: /home/gabriel/hosted/apps
+    MEDIADIR: /home/gabriel/hosted/media
+  
+media-servers:
+  hosts:
+    algrroca:
+      ansible_user: root
+      # ansible_ssh_private_key_file: /home/gabriel/.ssh/aws_ec2_ssh.pem 
+      # PERSISTENT_DIRECTORY: /home/srv/raidded
+      # VOLATILE_DIRECTORY: /home/srv/mstorage
+      # ansible_sudo_pass:
--- a/requirments.txt
+++ b/requirments.txt
@ -0,0 +1 @@
+ansible
--- a/roles/webserver/tasks/dependencies.yml
+++ b/roles/webserver/tasks/dependencies.yml
@ -1,10 +1,10 @@
 ---
 - name: Update packages
-  apt:
-    update_cache: yes
-    upgrade: yes
+  ansible.builtin.apt:
+    update_cache: true
+    upgrade: true

 - name: Install essential packages
-  package:
+  ansible.builtin.package:
    name: "{{ packages }}"
    state: latest
--- a/roles/webserver/tasks/install_docker.yml
+++ b/roles/webserver/tasks/install_docker.yml
@ -1,12 +1,12 @@
 ---
    - name: Install aptitude
-      apt:
+      ansible.builtin.apt:
        name: aptitude
        state: latest
        update_cache: true

    - name: Install required system packages
-      apt:
+      ansible.builtin.apt:
        pkg:
          - apt-transport-https
          - ca-certificates
@ -19,23 +19,23 @@
        update_cache: true

    - name: Add Docker GPG apt Key
-      apt_key:
+      ansible.builtin.apt_key:
        url: https://download.docker.com/linux/debian/gpg
        state: present

    - name: Add Docker Repository
-      apt_repository:
+      ansible.builtin.apt_repository:
        repo: deb https://download.docker.com/linux/debian bookworm stable
        state: present

    - name: Update apt and install docker-ce
-      apt:
+      ansible.builtin.apt:
        name: docker-ce
        state: latest
        update_cache: true

    - name: Update apt and install docker-compose
-      apt:
+      ansible.builtin.apt:
        name: docker-compose
        state: latest
        update_cache: true
@ -44,3 +44,9 @@
      ansible.builtin.pip:
        name: docker
        extra_args: --break-system-packages
+
+    - name: adding existing user to group docker '{{ ansible_user }}'
+      ansible.builtin.user:
+        name: '{{ ansible_user }}'
+        groups: docker
+        append: true
--- a/roles/webserver/tasks/main.yml
+++ b/roles/webserver/tasks/main.yml
@ -1,5 +1,5 @@
 ---
- include_tasks: dependencies.yml
- include_tasks: install_docker.yml
- include_tasks: start_service.yml
- include_tasks: nginx_config.yml
+- ansible.builtin.include_tasks: dependencies.yml
+- ansible.builtin.include_tasks: install_docker.yml
+- ansible.builtin.include_tasks: start_service.yml
+- ansible.builtin.include_tasks: nginx_config.yml
--- a/roles/webserver/tasks/nginx_config.yml
+++ b/roles/webserver/tasks/nginx_config.yml
@ -1,6 +1,6 @@
 ---
 - name: Copy service folder
-  copy:
+  ansible.builtin.copy:
    src: "{{ services_dir }}/nginx-npm"
    dest: /services/

--- a/roles/webserver/tasks/start_service.yml
+++ b/roles/webserver/tasks/start_service.yml
@ -8,4 +8,5 @@
 - name: Start Docker compose
  community.docker.docker_compose:
    project_src: "/services/{{ item }}"
+    environment: "{{ compose_env }}"
  with_items: "{{ services }}"
--- a/run.yml
+++ b/run.yml
@ -1,5 +1,17 @@
 ---
 - hosts: server
-  become: yes
+  become: true
+  roles: 
+    - role: webserver
+  # vars_files:
+  #   - secret
+
+- hosts: file-servers
+  become: true
+  roles: 
+    - role: webserver
+
+- hosts: media-servers
+  become: true
  roles: 
    - role: webserver