fix volume perms and deploy filestash

6 files changed, 72 insertions, 0 deletions

diff --git a/playbooks/roles/bin/tasks/main.yml b/playbooks/roles/bin/tasks/main.yml
new file mode 100644
index 0000000..69516ab
--- /dev/null
+++ b/playbooks/roles/bin/tasks/main.yml
@@ -0,0 +1,25 @@
+---
+
+- name: Build bin compose dirs
+  ansible.builtin.file:
+    state: directory
+    dest: '{{ bin_base }}/{{ item.path }}'
+    owner: 1000
+    group: 1000
+    mode: 755
+  with_filetree: '../templates'
+  when: item.state == 'directory'
+
+- name: Build bin compose files
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ bin_base }}/{{ item.path }}'
+    owner: 1000
+    group: 1000
+    mode: 755
+  with_filetree: '../templates'
+  when: item.state == 'file'
+
+- name: Deploy bin stack
+  ansible.builtin.command:
+    cmd: 'docker stack deploy -c {{ bin_base }}/stacks/docker-compose.yml bin'
diff --git a/playbooks/roles/bin/templates/stacks/docker-compose.yml b/playbooks/roles/bin/templates/stacks/docker-compose.yml
new file mode 100644
index 0000000..fe52d9d
--- /dev/null
+++ b/playbooks/roles/bin/templates/stacks/docker-compose.yml
@@ -0,0 +1,24 @@
+services:
+  bin:
+    image: machines/filestash:latest
+    volumes:
+      - {{ bin_base }}/volumes/data:/app/data/state/
+    environment:
+      - TZ={{ timezone }}
+    networks:
+      - proxy
+    deploy:
+      mode: replicated
+      replicas: 1
+      labels:
+        - traefik.enable=true
+        - traefik.swarm.network=proxy
+        - traefik.http.routers.bin.tls=true
+        - traefik.http.routers.bin.tls.certResolver=letsencrypt
+        - traefik.http.routers.bin.rule=Host(`{{ bin_domain }}`)
+        - traefik.http.routers.bin.entrypoints=websecure
+        - traefik.http.services.bin.loadbalancer.server.port=8334
+
+networks:
+  proxy:
+    external: true
diff --git a/playbooks/roles/bin/templates/volumes/data/.gitkeep b/playbooks/roles/bin/templates/volumes/data/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/playbooks/roles/bin/templates/volumes/data/.gitkeep
diff --git a/playbooks/roles/outbound/templates/proxy/sites-enabled/bin.conf b/playbooks/roles/outbound/templates/proxy/sites-enabled/bin.conf
new file mode 100644
index 0000000..3c5682d
--- /dev/null
+++ b/playbooks/roles/outbound/templates/proxy/sites-enabled/bin.conf
@@ -0,0 +1,17 @@
+server {
+    listen 80;
+    server_name bin.liz.coffee;
+    client_max_body_size 200M;
+
+    location / {
+        proxy_pass https://{{ loadbalancer_ip }};
+        proxy_ssl_verify off;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}
diff --git a/playbooks/roles/pihole/tasks/main.yml b/playbooks/roles/pihole/tasks/main.yml
index 6990623..a0094f4 100644
--- a/playbooks/roles/pihole/tasks/main.yml
+++ b/playbooks/roles/pihole/tasks/main.yml
@@ -4,6 +4,9 @@
   ansible.builtin.file:
     state: directory
     dest: '{{ pihole_base }}/{{ item.path }}'
+    owner: 1000
+    group: 1000
+    mode: 0755
   with_filetree: '../templates'
   when: item.state == 'directory'
 
@@ -11,6 +14,9 @@
   ansible.builtin.template:
     src: '{{ item.src }}'
     dest: '{{ pihole_base }}/{{ item.path }}'
+    owner: 1000
+    group: 1000
+    mode: 0755
   with_filetree: '../templates'
   when: item.state == 'file'
 
diff --git a/playbooks/roles/traefik/templates/volumes/headscale/.gitkeep b/playbooks/roles/traefik/templates/volumes/headscale/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/playbooks/roles/traefik/templates/volumes/headscale/.gitkeep