diff options
Diffstat (limited to 'playbooks/roles')
12 files changed, 49 insertions, 7 deletions
diff --git a/playbooks/roles/mail/tasks/main.yml b/playbooks/roles/mail/tasks/main.yml index dbda130..0d07acd 100644 --- a/playbooks/roles/mail/tasks/main.yml +++ b/playbooks/roles/mail/tasks/main.yml @@ -15,3 +15,4 @@ service_name: mail template_render_dir: "../templates" service_destination_dir: "{{ mail_base }}" + diff --git a/playbooks/roles/mail/templates/volumes/data/dms/config/user-patches.sh b/playbooks/roles/mail/templates/volumes/data/dms/config/user-patches.sh index 34ecd51..e2aa356 100755 --- a/playbooks/roles/mail/templates/volumes/data/dms/config/user-patches.sh +++ b/playbooks/roles/mail/templates/volumes/data/dms/config/user-patches.sh @@ -1,5 +1,9 @@ #!/bin/bash +# fix perms for potential rollbacks +chown -R 5000:5000 /var/mail/* +chown -R 100:102 /var/mail-state/lib-postfix + postconf -e 'smtpd_sasl_type = dovecot' postconf -e 'smtpd_sasl_path = /dev/shm/sasl-auth.sock' postconf -e 'smtpd_sasl_auth_enable = yes' @@ -55,5 +59,3 @@ userdb { postconf -e 'virtual_uid_maps = static:5000' postconf -e 'virtual_gid_maps = static:5000' postconf -e 'virtual_minimum_uid = 5000' - -chown -R 5000:5000 /var/mail/* diff --git a/playbooks/roles/nginx-proxy/handlers/main.yml b/playbooks/roles/nginx_proxy/handlers/main.yml index 98486dc..98486dc 100644 --- a/playbooks/roles/nginx-proxy/handlers/main.yml +++ b/playbooks/roles/nginx_proxy/handlers/main.yml diff --git a/playbooks/roles/nginx-proxy/tasks/main.yml b/playbooks/roles/nginx_proxy/tasks/main.yml index aa7f922..aa7f922 100644 --- a/playbooks/roles/nginx-proxy/tasks/main.yml +++ b/playbooks/roles/nginx_proxy/tasks/main.yml diff --git a/playbooks/roles/nginx-proxy/templates/docker-compose.yml b/playbooks/roles/nginx_proxy/templates/docker-compose.yml index 33b3243..33b3243 100644 --- a/playbooks/roles/nginx-proxy/templates/docker-compose.yml +++ b/playbooks/roles/nginx_proxy/templates/docker-compose.yml diff --git a/playbooks/roles/nginx-proxy/templates/toplevel.conf.d/stream.conf b/playbooks/roles/nginx_proxy/templates/toplevel.conf.d/stream.conf index 3e7c125..3e7c125 100644 --- a/playbooks/roles/nginx-proxy/templates/toplevel.conf.d/stream.conf +++ b/playbooks/roles/nginx_proxy/templates/toplevel.conf.d/stream.conf diff --git a/playbooks/roles/swarm-init/tasks/main.yml b/playbooks/roles/swarm_init/tasks/main.yml index 19967e9..19967e9 100644 --- a/playbooks/roles/swarm-init/tasks/main.yml +++ b/playbooks/roles/swarm_init/tasks/main.yml diff --git a/playbooks/roles/swarm-join/tasks/main.yml b/playbooks/roles/swarm_join/tasks/main.yml index 5fdb66f..f6fe454 100644 --- a/playbooks/roles/swarm-join/tasks/main.yml +++ b/playbooks/roles/swarm_join/tasks/main.yml @@ -19,3 +19,4 @@ cmd: docker node update --label-add manager=true {{ ansible_hostname }} when: swarm_join is changed changed_when: false + diff --git a/playbooks/roles/test/tasks/main.yml b/playbooks/roles/test/tasks/main.yml new file mode 100644 index 0000000..e370cae --- /dev/null +++ b/playbooks/roles/test/tasks/main.yml @@ -0,0 +1,8 @@ +--- + +- name: Deploy test + ansible.builtin.import_tasks: manage-docker-swarm-service.yml + vars: + service_name: test + template_render_dir: "../templates" + service_destination_dir: "{{ test_base }}" diff --git a/playbooks/roles/test/templates/stacks/docker-compose.yml b/playbooks/roles/test/templates/stacks/docker-compose.yml new file mode 100644 index 0000000..52f220f --- /dev/null +++ b/playbooks/roles/test/templates/stacks/docker-compose.yml @@ -0,0 +1,30 @@ +services: + test: + image: traefik/whoami:latest + volumes: + - {{ test_base }}/volumes/data:/data + environment: + - TZ={{ timezone }} + - DEPLOYMENT_TIME={{ deployment_time }} + networks: + - proxy + deploy: + mode: replicated + update_config: + parallelism: 1 + failure_action: rollback + order: start-first + delay: 5s + replicas: 1 + labels: + - traefik.enable=true + - traefik.swarm.network=proxy + - traefik.http.routers.test.tls=true + - traefik.http.routers.test.tls.certResolver=letsencrypt + - traefik.http.routers.test.rule=Host(`{{ test_domain }}`) + - traefik.http.routers.test.entrypoints=websecure + - traefik.http.services.test.loadbalancer.server.port=80 + +networks: + proxy: + external: true diff --git a/playbooks/roles/test/templates/volumes/data/.gitkeep b/playbooks/roles/test/templates/volumes/data/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/playbooks/roles/test/templates/volumes/data/.gitkeep diff --git a/playbooks/roles/traefik/templates/stacks/docker-compose.yml b/playbooks/roles/traefik/templates/stacks/docker-compose.yml index dfcf72c..ad5e228 100644 --- a/playbooks/roles/traefik/templates/stacks/docker-compose.yml +++ b/playbooks/roles/traefik/templates/stacks/docker-compose.yml @@ -1,7 +1,7 @@ services: headscale-client: image: tailscale/tailscale:latest - hostname: headscale-traefik + hostname: headscale-client-{{ deployment_time }} environment: - DEPLOYMENT_TIME={{ deployment_time }} - TZ={{ timezone }} @@ -27,7 +27,7 @@ services: replicas: 1 update_config: parallelism: 1 - order: stop-first # hostname conflicts + order: start-first failure_action: rollback monitor: 8s traefik: @@ -35,9 +35,10 @@ services: depends_on: - headscale-client ports: + # TODO: FIGURE OUT HOW TO READ X-FORWARDED-FOR CORRECTLY # http - - 80:80 - - 443:443 + - "80:80" + - "443:443" healthcheck: test: traefik healthcheck --ping interval: 10s @@ -57,7 +58,6 @@ services: - headnet deploy: mode: replicated - replicas: 2 update_config: parallelism: 1 order: start-first |