summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xcreate.py2
-rw-r--r--deploy.yml9
-rw-r--r--group_vars/all.yml5
-rw-r--r--group_vars/labdns.yml1
-rw-r--r--group_vars/nginx_proxy.yml (renamed from group_vars/nginx-proxy.yml)0
-rw-r--r--group_vars/test.yml4
-rw-r--r--inventory5
-rw-r--r--playbooks/ceph_mount.yml (renamed from playbooks/ceph-mount.yml)0
-rw-r--r--playbooks/nginx-proxy.yml7
-rw-r--r--playbooks/nginx_proxy.yml7
-rw-r--r--playbooks/roles/mail/tasks/main.yml1
-rwxr-xr-xplaybooks/roles/mail/templates/volumes/data/dms/config/user-patches.sh6
-rw-r--r--playbooks/roles/nginx_proxy/handlers/main.yml (renamed from playbooks/roles/nginx-proxy/handlers/main.yml)0
-rw-r--r--playbooks/roles/nginx_proxy/tasks/main.yml (renamed from playbooks/roles/nginx-proxy/tasks/main.yml)0
-rw-r--r--playbooks/roles/nginx_proxy/templates/docker-compose.yml (renamed from playbooks/roles/nginx-proxy/templates/docker-compose.yml)0
-rw-r--r--playbooks/roles/nginx_proxy/templates/toplevel.conf.d/stream.conf (renamed from playbooks/roles/nginx-proxy/templates/toplevel.conf.d/stream.conf)0
-rw-r--r--playbooks/roles/swarm_init/tasks/main.yml (renamed from playbooks/roles/swarm-init/tasks/main.yml)0
-rw-r--r--playbooks/roles/swarm_join/tasks/main.yml (renamed from playbooks/roles/swarm-join/tasks/main.yml)1
-rw-r--r--playbooks/roles/test/tasks/main.yml8
-rw-r--r--playbooks/roles/test/templates/stacks/docker-compose.yml30
-rw-r--r--playbooks/roles/test/templates/volumes/data/.gitkeep0
-rw-r--r--playbooks/roles/traefik/templates/stacks/docker-compose.yml10
-rw-r--r--playbooks/swarm_cluster.yml (renamed from playbooks/swarm-cluster.yml)6
-rw-r--r--playbooks/test.yml7
24 files changed, 85 insertions, 24 deletions
diff --git a/create.py b/create.py
index c956f1b..01dcaef 100755
--- a/create.py
+++ b/create.py
@@ -153,7 +153,7 @@ class RoleGenerator:
networks:
- proxy
healthcheck:
- test: ["CMD-SHELL", "curl", "--fail", "http://localhost:8000"]
+ test: ["CMD-SHELL", "curl", "--fail", "http://localhost:{self.port}"]
timeout: 15s
interval: 30s
retries: 3
diff --git a/deploy.yml b/deploy.yml
index 0484fe8..89fd643 100644
--- a/deploy.yml
+++ b/deploy.yml
@@ -7,16 +7,16 @@
ansible.builtin.import_playbook: playbooks/docker.yml
- name: NGINX Proxy
- ansible.builtin.import_playbook: playbooks/nginx-proxy.yml
+ ansible.builtin.import_playbook: playbooks/nginx_proxy.yml
- name: Outbound
ansible.builtin.import_playbook: playbooks/outbound.yml
- name: Ceph mountpoints
- ansible.builtin.import_playbook: playbooks/ceph-mount.yml
+ ansible.builtin.import_playbook: playbooks/ceph_mount.yml
- name: Swarm
- ansible.builtin.import_playbook: playbooks/swarm-cluster.yml
+ ansible.builtin.import_playbook: playbooks/swarm_cluster.yml
- name: Traefik
ansible.builtin.import_playbook: playbooks/traefik.yml
@@ -53,3 +53,6 @@
- name: src
ansible.builtin.import_playbook: playbooks/src.yml
+
+- name: test
+ ansible.builtin.import_playbook: playbooks/test.yml
diff --git a/group_vars/all.yml b/group_vars/all.yml
index 6c39b25..f6747d0 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -9,19 +9,20 @@ ansible_user: serve
loadbalancer_ip: "10.128.0.200"
homelab_network: "10.0.0.0/8"
docker_network: "172.16.0.0/12"
+headnet_network: "100.64.0.0/10"
rfc1918_cgnat_networks:
- "{{ homelab_network }}"
- "{{ docker_network }}"
- 192.168.0.0/16
- - 100.64.0.0/10
+ - "{{ headnet_network }}"
timezone: "America/Los_Angeles"
domain: "liz.coffee"
idm_domain: "idm.{{ domain }}"
headscale_host: "vpn.{{ domain }}"
-
mail_domain: "mail.{{ domain }}"
+
info_mail_user: "info"
info_mail: "{{ info_mail_user }}@{{ domain }}"
diff --git a/group_vars/labdns.yml b/group_vars/labdns.yml
index 1209e98..5ec022c 100644
--- a/group_vars/labdns.yml
+++ b/group_vars/labdns.yml
@@ -3,6 +3,7 @@
labdns_base: "{{ swarm_base }}/labdns"
internal_services:
+ - test
- bin
- ci
- idm
diff --git a/group_vars/nginx-proxy.yml b/group_vars/nginx_proxy.yml
index bd5a27a..bd5a27a 100644
--- a/group_vars/nginx-proxy.yml
+++ b/group_vars/nginx_proxy.yml
diff --git a/group_vars/test.yml b/group_vars/test.yml
new file mode 100644
index 0000000..0b3f4c4
--- /dev/null
+++ b/group_vars/test.yml
@@ -0,0 +1,4 @@
+---
+
+test_domain: test.liz.coffee
+test_base: "{{ swarm_base }}/test"
diff --git a/inventory b/inventory
index 2b7107c..69d14d8 100644
--- a/inventory
+++ b/inventory
@@ -6,7 +6,7 @@ swarm-three ansible_host=10.128.0.203 ansible_user=serve ansible_connection=ssh
# outbound-one.liz.coffee ansible_user=serve ansible_connection=ssh ansible_become_password='{{ outbound_become_password }}'
outbound-two.liz.coffee ansible_user=serve ansible_connection=ssh ansible_become_password='{{ outbound_become_password }}'
-[nginx-proxy]
+[nginx_proxy]
outbound-two.liz.coffee ansible_user=serve ansible_connection=ssh ansible_become_password='{{ outbound_become_password }}'
# outbound-one.liz.coffee ansible_user=serve ansible_connection=ssh ansible_become_password='{{ outbound_become_password }}'
@@ -62,3 +62,6 @@ swarm-one ansible_host=10.128.0.201 ansible_user=serve ansible_connectio
[src]
swarm-one ansible_host=10.128.0.201 ansible_user=serve ansible_connection=ssh ansible_become_password='{{ swarm_become_password }}'
+[test]
+swarm-one ansible_host=10.128.0.201 ansible_user=serve ansible_connection=ssh ansible_become_password='{{ swarm_become_password }}'
+
diff --git a/playbooks/ceph-mount.yml b/playbooks/ceph_mount.yml
index de2dd5b..de2dd5b 100644
--- a/playbooks/ceph-mount.yml
+++ b/playbooks/ceph_mount.yml
diff --git a/playbooks/nginx-proxy.yml b/playbooks/nginx-proxy.yml
deleted file mode 100644
index 329f186..0000000
--- a/playbooks/nginx-proxy.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-
-- name: nginx-proxy setup
- hosts: nginx-proxy
- become: true
- roles:
- - nginx-proxy
diff --git a/playbooks/nginx_proxy.yml b/playbooks/nginx_proxy.yml
new file mode 100644
index 0000000..1a328eb
--- /dev/null
+++ b/playbooks/nginx_proxy.yml
@@ -0,0 +1,7 @@
+---
+
+- name: nginx_proxy setup
+ hosts: nginx_proxy
+ become: true
+ roles:
+ - nginx_proxy
diff --git a/playbooks/roles/mail/tasks/main.yml b/playbooks/roles/mail/tasks/main.yml
index dbda130..0d07acd 100644
--- a/playbooks/roles/mail/tasks/main.yml
+++ b/playbooks/roles/mail/tasks/main.yml
@@ -15,3 +15,4 @@
service_name: mail
template_render_dir: "../templates"
service_destination_dir: "{{ mail_base }}"
+
diff --git a/playbooks/roles/mail/templates/volumes/data/dms/config/user-patches.sh b/playbooks/roles/mail/templates/volumes/data/dms/config/user-patches.sh
index 34ecd51..e2aa356 100755
--- a/playbooks/roles/mail/templates/volumes/data/dms/config/user-patches.sh
+++ b/playbooks/roles/mail/templates/volumes/data/dms/config/user-patches.sh
@@ -1,5 +1,9 @@
#!/bin/bash
+# fix perms for potential rollbacks
+chown -R 5000:5000 /var/mail/*
+chown -R 100:102 /var/mail-state/lib-postfix
+
postconf -e 'smtpd_sasl_type = dovecot'
postconf -e 'smtpd_sasl_path = /dev/shm/sasl-auth.sock'
postconf -e 'smtpd_sasl_auth_enable = yes'
@@ -55,5 +59,3 @@ userdb {
postconf -e 'virtual_uid_maps = static:5000'
postconf -e 'virtual_gid_maps = static:5000'
postconf -e 'virtual_minimum_uid = 5000'
-
-chown -R 5000:5000 /var/mail/*
diff --git a/playbooks/roles/nginx-proxy/handlers/main.yml b/playbooks/roles/nginx_proxy/handlers/main.yml
index 98486dc..98486dc 100644
--- a/playbooks/roles/nginx-proxy/handlers/main.yml
+++ b/playbooks/roles/nginx_proxy/handlers/main.yml
diff --git a/playbooks/roles/nginx-proxy/tasks/main.yml b/playbooks/roles/nginx_proxy/tasks/main.yml
index aa7f922..aa7f922 100644
--- a/playbooks/roles/nginx-proxy/tasks/main.yml
+++ b/playbooks/roles/nginx_proxy/tasks/main.yml
diff --git a/playbooks/roles/nginx-proxy/templates/docker-compose.yml b/playbooks/roles/nginx_proxy/templates/docker-compose.yml
index 33b3243..33b3243 100644
--- a/playbooks/roles/nginx-proxy/templates/docker-compose.yml
+++ b/playbooks/roles/nginx_proxy/templates/docker-compose.yml
diff --git a/playbooks/roles/nginx-proxy/templates/toplevel.conf.d/stream.conf b/playbooks/roles/nginx_proxy/templates/toplevel.conf.d/stream.conf
index 3e7c125..3e7c125 100644
--- a/playbooks/roles/nginx-proxy/templates/toplevel.conf.d/stream.conf
+++ b/playbooks/roles/nginx_proxy/templates/toplevel.conf.d/stream.conf
diff --git a/playbooks/roles/swarm-init/tasks/main.yml b/playbooks/roles/swarm_init/tasks/main.yml
index 19967e9..19967e9 100644
--- a/playbooks/roles/swarm-init/tasks/main.yml
+++ b/playbooks/roles/swarm_init/tasks/main.yml
diff --git a/playbooks/roles/swarm-join/tasks/main.yml b/playbooks/roles/swarm_join/tasks/main.yml
index 5fdb66f..f6fe454 100644
--- a/playbooks/roles/swarm-join/tasks/main.yml
+++ b/playbooks/roles/swarm_join/tasks/main.yml
@@ -19,3 +19,4 @@
cmd: docker node update --label-add manager=true {{ ansible_hostname }}
when: swarm_join is changed
changed_when: false
+
diff --git a/playbooks/roles/test/tasks/main.yml b/playbooks/roles/test/tasks/main.yml
new file mode 100644
index 0000000..e370cae
--- /dev/null
+++ b/playbooks/roles/test/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Deploy test
+ ansible.builtin.import_tasks: manage-docker-swarm-service.yml
+ vars:
+ service_name: test
+ template_render_dir: "../templates"
+ service_destination_dir: "{{ test_base }}"
diff --git a/playbooks/roles/test/templates/stacks/docker-compose.yml b/playbooks/roles/test/templates/stacks/docker-compose.yml
new file mode 100644
index 0000000..52f220f
--- /dev/null
+++ b/playbooks/roles/test/templates/stacks/docker-compose.yml
@@ -0,0 +1,30 @@
+services:
+ test:
+ image: traefik/whoami:latest
+ volumes:
+ - {{ test_base }}/volumes/data:/data
+ environment:
+ - TZ={{ timezone }}
+ - DEPLOYMENT_TIME={{ deployment_time }}
+ networks:
+ - proxy
+ deploy:
+ mode: replicated
+ update_config:
+ parallelism: 1
+ failure_action: rollback
+ order: start-first
+ delay: 5s
+ replicas: 1
+ labels:
+ - traefik.enable=true
+ - traefik.swarm.network=proxy
+ - traefik.http.routers.test.tls=true
+ - traefik.http.routers.test.tls.certResolver=letsencrypt
+ - traefik.http.routers.test.rule=Host(`{{ test_domain }}`)
+ - traefik.http.routers.test.entrypoints=websecure
+ - traefik.http.services.test.loadbalancer.server.port=80
+
+networks:
+ proxy:
+ external: true
diff --git a/playbooks/roles/test/templates/volumes/data/.gitkeep b/playbooks/roles/test/templates/volumes/data/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/playbooks/roles/test/templates/volumes/data/.gitkeep
diff --git a/playbooks/roles/traefik/templates/stacks/docker-compose.yml b/playbooks/roles/traefik/templates/stacks/docker-compose.yml
index dfcf72c..ad5e228 100644
--- a/playbooks/roles/traefik/templates/stacks/docker-compose.yml
+++ b/playbooks/roles/traefik/templates/stacks/docker-compose.yml
@@ -1,7 +1,7 @@
services:
headscale-client:
image: tailscale/tailscale:latest
- hostname: headscale-traefik
+ hostname: headscale-client-{{ deployment_time }}
environment:
- DEPLOYMENT_TIME={{ deployment_time }}
- TZ={{ timezone }}
@@ -27,7 +27,7 @@ services:
replicas: 1
update_config:
parallelism: 1
- order: stop-first # hostname conflicts
+ order: start-first
failure_action: rollback
monitor: 8s
traefik:
@@ -35,9 +35,10 @@ services:
depends_on:
- headscale-client
ports:
+ # TODO: FIGURE OUT HOW TO READ X-FORWARDED-FOR CORRECTLY
# http
- - 80:80
- - 443:443
+ - "80:80"
+ - "443:443"
healthcheck:
test: traefik healthcheck --ping
interval: 10s
@@ -57,7 +58,6 @@ services:
- headnet
deploy:
mode: replicated
- replicas: 2
update_config:
parallelism: 1
order: start-first
diff --git a/playbooks/swarm-cluster.yml b/playbooks/swarm_cluster.yml
index 945edb9..6a13f8c 100644
--- a/playbooks/swarm-cluster.yml
+++ b/playbooks/swarm_cluster.yml
@@ -7,18 +7,18 @@
- name: Enable Local Swarm Communications
community.general.ufw:
rule: allow
- from: "10.0.0.0/8"
+ from: "{{ homelab_network }}"
state: enabled
- name: Setup swarm on init node
hosts: swarm[0]
become: true
roles:
- - swarm-init
+ - swarm_init
- name: Join non-init nodes
hosts: swarm:!swarm[0]
become: true
roles:
- - swarm-join
+ - swarm_join
diff --git a/playbooks/test.yml b/playbooks/test.yml
new file mode 100644
index 0000000..305f111
--- /dev/null
+++ b/playbooks/test.yml
@@ -0,0 +1,7 @@
+---
+
+- name: test setup
+ hosts: test
+ become: true
+ roles:
+ - test
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-09-21 15:44:01 +0000