fix volume perms and deploy filestash

author: Elizabeth Hunt <me@liz.coffee> 2025-04-06 15:47:10 -0700
committer: Elizabeth Hunt <me@liz.coffee> 2025-04-06 15:47:10 -0700
commit: f0b1d38361d019f174d8417d141c5b880a1e01c2 (patch)
tree: 7b8362b1ab765928eeb908ca230f8c35cee9d42f
parent: 138bef2d0d87d9805431f246c55622bf8ff726dd (diff)
download: infra-f0b1d38361d019f174d8417d141c5b880a1e01c2.tar.gz
infra-f0b1d38361d019f174d8417d141c5b880a1e01c2.zip
11 files changed, 100 insertions, 0 deletions
diff --git a/create.py b/create.py
index d209650..a03f3f3 100755
--- a/create.py
+++ b/create.py
@@ -133,6 +133,9 @@ class RoleGenerator:
               ansible.builtin.file:
                 state: directory
                 dest: '{{{{ {self.service}_base }}}}/{{{{ item.path }}}}'
+                owner: 1000
+                group: 1000
+                mode: 0755
               with_filetree: '../templates'
               when: item.state == 'directory'
 
@@ -140,6 +143,9 @@ class RoleGenerator:
               ansible.builtin.template:
                 src: '{{{{ item.src }}}}'
                 dest: '{{{{ {self.service}_base }}}}/{{{{ item.path }}}}'
+                owner: 1000
+                group: 1000
+                mode: 0755
               with_filetree: '../templates'
               when: item.state == 'file'
 
@@ -187,6 +193,10 @@ class RoleGenerator:
             {self.service}_base: "{{{{ swarm_base }}}}/{self.service}"
         """))
 
+    def create_volumes(self):
+        (self.templates_path / "volumes" / "data").mkdir(parents=True, exist_ok=True)
+        (self.templates_path / "volumes" / "data" / ".gitkeep").touch()
+
     def create_deploy_hook(self):
         path = Config.ANSIBLE_PLAYBOOKS / f"{self.service}.yml"
         path.write_text(textwrap.dedent(f"""\
@@ -206,6 +216,7 @@ class RoleGenerator:
     def create_all(self):
         self.create_inventory()
         self.create_tasks()
+        self.create_volumes()
         self.create_compose_template()
         self.create_group_vars()
         self.create_deploy_hook()
diff --git a/deploy.yml b/deploy.yml
index b80c27a..eb7901e 100644
--- a/deploy.yml
+++ b/deploy.yml
@@ -41,3 +41,6 @@
 
 - name: SilverBullet
   ansible.builtin.import_playbook: playbooks/silverbullet.yml
+
+- name: bin
+  ansible.builtin.import_playbook: playbooks/bin.yml
diff --git a/group_vars/bin.yml b/group_vars/bin.yml
new file mode 100644
index 0000000..8f0701e
--- /dev/null
+++ b/group_vars/bin.yml
@@ -0,0 +1,4 @@
+---
+
+bin_domain: bin.liz.coffee
+bin_base: "{{ swarm_base }}/bin"
diff --git a/inventory b/inventory
index b55db99..85d22de 100644
--- a/inventory
+++ b/inventory
@@ -49,3 +49,6 @@ swarm-one ansible_host=10.128.0.201  ansible_user=serve ansible_connection=ssh a
 
 [silverbullet]
 swarm-one ansible_host=10.128.0.201  ansible_user=serve ansible_connection=ssh ansible_become_password='{{ swarm_become_password }}'
+[bin]
+swarm-one ansible_host=10.128.0.201 ansible_user=serve         ansible_connection=ssh ansible_become_password='{{ swarm_become_password }}'
+
diff --git a/playbooks/bin.yml b/playbooks/bin.yml
new file mode 100644
index 0000000..9a5a1cf
--- /dev/null
+++ b/playbooks/bin.yml
@@ -0,0 +1,7 @@
+---
+
+- name: bin setup
+  hosts: bin
+  become: true
+  roles:
+    - bin
diff --git a/playbooks/roles/bin/tasks/main.yml b/playbooks/roles/bin/tasks/main.yml
new file mode 100644
index 0000000..69516ab
--- /dev/null
+++ b/playbooks/roles/bin/tasks/main.yml
@@ -0,0 +1,25 @@
+---
+
+- name: Build bin compose dirs
+  ansible.builtin.file:
+    state: directory
+    dest: '{{ bin_base }}/{{ item.path }}'
+    owner: 1000
+    group: 1000
+    mode: 755
+  with_filetree: '../templates'
+  when: item.state == 'directory'
+
+- name: Build bin compose files
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ bin_base }}/{{ item.path }}'
+    owner: 1000
+    group: 1000
+    mode: 755
+  with_filetree: '../templates'
+  when: item.state == 'file'
+
+- name: Deploy bin stack
+  ansible.builtin.command:
+    cmd: 'docker stack deploy -c {{ bin_base }}/stacks/docker-compose.yml bin'
diff --git a/playbooks/roles/bin/templates/stacks/docker-compose.yml b/playbooks/roles/bin/templates/stacks/docker-compose.yml
new file mode 100644
index 0000000..fe52d9d
--- /dev/null
+++ b/playbooks/roles/bin/templates/stacks/docker-compose.yml
@@ -0,0 +1,24 @@
+services:
+  bin:
+    image: machines/filestash:latest
+    volumes:
+      - {{ bin_base }}/volumes/data:/app/data/state/
+    environment:
+      - TZ={{ timezone }}
+    networks:
+      - proxy
+    deploy:
+      mode: replicated
+      replicas: 1
+      labels:
+        - traefik.enable=true
+        - traefik.swarm.network=proxy
+        - traefik.http.routers.bin.tls=true
+        - traefik.http.routers.bin.tls.certResolver=letsencrypt
+        - traefik.http.routers.bin.rule=Host(`{{ bin_domain }}`)
+        - traefik.http.routers.bin.entrypoints=websecure
+        - traefik.http.services.bin.loadbalancer.server.port=8334
+
+networks:
+  proxy:
+    external: true
diff --git a/playbooks/roles/bin/templates/volumes/data/.gitkeep b/playbooks/roles/bin/templates/volumes/data/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/playbooks/roles/bin/templates/volumes/data/.gitkeep
diff --git a/playbooks/roles/outbound/templates/proxy/sites-enabled/bin.conf b/playbooks/roles/outbound/templates/proxy/sites-enabled/bin.conf
new file mode 100644
index 0000000..3c5682d
--- /dev/null
+++ b/playbooks/roles/outbound/templates/proxy/sites-enabled/bin.conf
@@ -0,0 +1,17 @@
+server {
+    listen 80;
+    server_name bin.liz.coffee;
+    client_max_body_size 200M;
+
+    location / {
+        proxy_pass https://{{ loadbalancer_ip }};
+        proxy_ssl_verify off;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}
diff --git a/playbooks/roles/pihole/tasks/main.yml b/playbooks/roles/pihole/tasks/main.yml
index 6990623..a0094f4 100644
--- a/playbooks/roles/pihole/tasks/main.yml
+++ b/playbooks/roles/pihole/tasks/main.yml
@@ -4,6 +4,9 @@
   ansible.builtin.file:
     state: directory
     dest: '{{ pihole_base }}/{{ item.path }}'
+    owner: 1000
+    group: 1000
+    mode: 0755
   with_filetree: '../templates'
   when: item.state == 'directory'
 
@@ -11,6 +14,9 @@
   ansible.builtin.template:
     src: '{{ item.src }}'
     dest: '{{ pihole_base }}/{{ item.path }}'
+    owner: 1000
+    group: 1000
+    mode: 0755
   with_filetree: '../templates'
   when: item.state == 'file'
 
diff --git a/playbooks/roles/traefik/templates/volumes/headscale/.gitkeep b/playbooks/roles/traefik/templates/volumes/headscale/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/playbooks/roles/traefik/templates/volumes/headscale/.gitkeep
author	Elizabeth Hunt <me@liz.coffee>	2025-04-06 15:47:10 -0700
committer	Elizabeth Hunt <me@liz.coffee>	2025-04-06 15:47:10 -0700
commit	f0b1d38361d019f174d8417d141c5b880a1e01c2 (patch)
tree	7b8362b1ab765928eeb908ca230f8c35cee9d42f
parent	138bef2d0d87d9805431f246c55622bf8ff726dd (diff)
download	infra-f0b1d38361d019f174d8417d141c5b880a1e01c2.tar.gz infra-f0b1d38361d019f174d8417d141c5b880a1e01c2.zip