diff options
Diffstat (limited to 'playbooks')
17 files changed, 44 insertions, 38 deletions
diff --git a/playbooks/roles/bin/templates/stacks/docker-compose.yml b/playbooks/roles/bin/templates/stacks/docker-compose.yml index 2580fd6..5f99f8b 100644 --- a/playbooks/roles/bin/templates/stacks/docker-compose.yml +++ b/playbooks/roles/bin/templates/stacks/docker-compose.yml @@ -5,7 +5,7 @@ services: - {{ bin_base }}/volumes/data:/data environment: - TZ={{ timezone }} - - DEPLOYMENT_TIME={{ now() }} + - DEPLOYMENT_TIME={{ deployment_time }} - TRUST_PROXY=true - API_URL=https://{{ bin_domain }} - DATA_DIRECTORY=/data diff --git a/playbooks/roles/kanboard/templates/stacks/docker-compose.yml b/playbooks/roles/kanboard/templates/stacks/docker-compose.yml index 1055c25..d4174fb 100644 --- a/playbooks/roles/kanboard/templates/stacks/docker-compose.yml +++ b/playbooks/roles/kanboard/templates/stacks/docker-compose.yml @@ -11,7 +11,7 @@ services: start_period: 5s environment: - TZ={{ timezone }} - - DEPLOYMENT_TIME={{ now() }} + - DEPLOYMENT_TIME={{ deployment_time }} - LOG_DRIVER=syslog - LDAP_AUTH={{ kanboard_ldap_auth }} - LDAP_SERVER={{ kanboard_ldap_server }} diff --git a/playbooks/roles/kanidm/templates/stacks/docker-compose.yml b/playbooks/roles/kanidm/templates/stacks/docker-compose.yml index 183d77e..36ec4f5 100644 --- a/playbooks/roles/kanidm/templates/stacks/docker-compose.yml +++ b/playbooks/roles/kanidm/templates/stacks/docker-compose.yml @@ -26,7 +26,7 @@ services: {% endif %} environment: - TZ={{ timezone }} - - DEPLOYMENT_TIME={{ now() }} + - DEPLOYMENT_TIME={{ deployment_time }} deploy: mode: replicated replicas: 1 diff --git a/playbooks/roles/mail/tasks/main.yml b/playbooks/roles/mail/tasks/main.yml index b2a7ea8..dbda130 100644 --- a/playbooks/roles/mail/tasks/main.yml +++ b/playbooks/roles/mail/tasks/main.yml @@ -1,9 +1,17 @@ --- +- name: Set non-lazily-evaluated mail deployment time + ansible.builtin.set_fact: + deployment_time: "{{ now(utc=true,fmt='%s') }}" + +- name: Ensure mail state for deployment "{{ deployment_time }}" exists + ansible.builtin.file: + path: "{{ mail_base }}/volumes/data/dms/mail-state/{{ deployment_time }}" + state: directory + - name: Deploy mail ansible.builtin.import_tasks: manage-docker-swarm-service.yml vars: service_name: mail template_render_dir: "../templates" service_destination_dir: "{{ mail_base }}" - diff --git a/playbooks/roles/mail/templates/stacks/docker-compose.yml b/playbooks/roles/mail/templates/stacks/docker-compose.yml index b1c3982..debaac1 100644 --- a/playbooks/roles/mail/templates/stacks/docker-compose.yml +++ b/playbooks/roles/mail/templates/stacks/docker-compose.yml @@ -6,7 +6,7 @@ services: - {{ mail_base }}/volumes/data/roundcube/db:/var/roundcube/db - {{ mail_base }}/volumes/data/roundcube/config:/var/roundcube/config/ environment: - - DEPLOYMENT_TIME={{ now() }} + - DEPLOYMENT_TIME={{ deployment_time }} - ROUNDCUBEMAIL_DB_TYPE=sqlite - ROUNDCUBEMAIL_SKIN={{ roundcube_skin | default('elastic') }} - ROUNDCUBEMAIL_PLUGINS={{ roundcube_plugins }} @@ -66,26 +66,18 @@ services: update_config: parallelism: 1 failure_action: rollback - # order: start-first - # We need to stop the old container first because it holds a lock on the - # Postfix mail queue. I don't believe there is a feasible way to solve - # this without either a tiny bit of downtime waiting for the lock to clear, - # or lost mail since we'd have to ignore the lock and thus two competing mailservers - # are accepting mail. - # One of these is more acceptable than the other haha. - # See stuff in scripts/ for the last attempt if interested. - order: stop-first + order: start-first volumes: - {{ mail_base }}/volumes/scripts/:/scripts/ - {{ mail_base }}/volumes/data/dms/vmail/:/var/mail/ - - {{ mail_base }}/volumes/data/dms/mail-state/:/var/mail-state/ + - {{ mail_base }}/volumes/data/dms/mail-state/{{ deployment_time }}/:/var/mail-state/ - {{ mail_base }}/volumes/data/dms/mail-logs/:/var/log/mail/ - {{ mail_base }}/volumes/data/dms/config/:/tmp/docker-mailserver/ - {{ mail_base }}/volumes/data/dms/config/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf.ext - {{ letsencrypt_certs }}:/certs/:ro - /etc/localtime:/etc/localtime:ro environment: - - DEPLOYMENT_TIME={{ now() }} + - DEPLOYMENT_TIME={{ deployment_time }} - SSL_TYPE=manual - SSL_CERT_PATH=/certs/{{ mail_domain }}.pem - SSL_KEY_PATH=/certs/{{ mail_domain }}.key @@ -93,7 +85,7 @@ services: - ENABLE_AMAVIS=0 - ENABLE_SASLAUTHD=1 - ENABLE_MANAGESIEVE=1 - - ENABLE_POSTGREY=1 + - ENABLE_POSTGREY=0 - ENABLE_FAIL2BAN=1 - SPOOF_PROTECTION=1 diff --git a/playbooks/roles/nginx-proxy/templates/docker-compose.yml b/playbooks/roles/nginx-proxy/templates/docker-compose.yml index c97f858..49947a6 100644 --- a/playbooks/roles/nginx-proxy/templates/docker-compose.yml +++ b/playbooks/roles/nginx-proxy/templates/docker-compose.yml @@ -22,7 +22,7 @@ services: - {{ nginx_proxy_base }}/toplevel.conf.d:/etc/nginx/toplevel.conf.d environment: - TZ={{ timezone }} - - DEPLOYMENT_TIME={{ now() }} + - DEPLOYMENT_TIME={{ deployment_time }} networks: - proxy labels: @@ -38,7 +38,7 @@ services: - {{ nginx_proxy_base }}/certs:/etc/nginx/certs environment: - TZ={{ timezone }} - - DEPLOYMENT_TIME={{ now() }} + - DEPLOYMENT_TIME={{ deployment_time }} - DEFAULT_EMAIL={{ certs_email }} - ACME_CHALLENGE=DNS-01 - "ACMESH_DNS_API_CONFIG={'DNS_API': 'dns_cf', 'CF_Key': '{{ cloudflare_token }}', 'CF_Email': '{{ cloudflare_email }}'}" diff --git a/playbooks/roles/nginx-proxy/templates/toplevel.conf.d/stream.conf b/playbooks/roles/nginx-proxy/templates/toplevel.conf.d/stream.conf index 7e3b39d..fd2babe 100644 --- a/playbooks/roles/nginx-proxy/templates/toplevel.conf.d/stream.conf +++ b/playbooks/roles/nginx-proxy/templates/toplevel.conf.d/stream.conf @@ -1,3 +1,5 @@ +{% if not homelab_build %} + stream { log_format basic '$proxy_protocol_addr - [$time_local] ' '$protocol $status $bytes_sent $bytes_received ' @@ -44,3 +46,5 @@ stream { proxy_protocol on; } } + +{% endif %} diff --git a/playbooks/roles/outbound/tasks/main.yml b/playbooks/roles/outbound/tasks/main.yml index 45540b4..bd590df 100644 --- a/playbooks/roles/outbound/tasks/main.yml +++ b/playbooks/roles/outbound/tasks/main.yml @@ -7,8 +7,7 @@ template_render_dir: "../templates/headscale" service_destination_dir: "{{ headscale_base }}" state: started - rollout_services: - - name: headscale + rollout_services: "{{ headscale_rollout_services }}" - name: Generate Headscale API key (if requested) when: generate_api_key | default(false) diff --git a/playbooks/roles/outbound/templates/headscale/docker-compose.yml b/playbooks/roles/outbound/templates/headscale/docker-compose.yml index 04b3d9f..515630c 100644 --- a/playbooks/roles/outbound/templates/headscale/docker-compose.yml +++ b/playbooks/roles/outbound/templates/headscale/docker-compose.yml @@ -12,15 +12,20 @@ services: networks: - proxy environment: - - DEPLOYMENT_TIME={{ now() }} + - DEPLOYMENT_TIME={{ deployment_time }} - VIRTUAL_HOST={{ headscale_host }} - VIRTUAL_PORT={{ headscale_port }} - LETSENCRYPT_HOST={{ headscale_host }} +{% if homelab_build %} + healthcheck: + disable: true +{% else %} healthcheck: test: ["CMD", "wget", "-qO", "-", "http://localhost:{{ headscale_port }}/health"] interval: 10s timeout: 5s retries: 3 +{% endif %} headscale-ui: image: ghcr.io/gurucomputing/headscale-ui:latest @@ -29,7 +34,7 @@ services: networks: - proxy environment: - - DEPLOYMENT_TIME={{ now() }} + - DEPLOYMENT_TIME={{ deployment_time }} - VIRTUAL_HOST={{ headscale_host }} - VIRTUAL_PORT={{ headscale_port }} - LETSENCRYPT_HOST={{ headscale_host }} diff --git a/playbooks/roles/outbound/templates/proxy/docker-compose.yml b/playbooks/roles/outbound/templates/proxy/docker-compose.yml index c5aa3ac..c754cdc 100644 --- a/playbooks/roles/outbound/templates/proxy/docker-compose.yml +++ b/playbooks/roles/outbound/templates/proxy/docker-compose.yml @@ -4,7 +4,7 @@ services: headscale-client: image: tailscale/tailscale:latest environment: - - DEPLOYMENT_TIME={{ now() }} + - DEPLOYMENT_TIME={{ deployment_time }} - TS_AUTHKEY={{ headscale_user_auth_key }} - TS_EXTRA_ARGS=--login-server=https://{{ headscale_host }} --accept-routes --accept-dns --stateful-filtering=false - TS_STATE_DIR=/var/lib/tailscale @@ -40,7 +40,7 @@ services: cap_add: - NET_ADMIN # to modify the routing table environment: - - DEPLOYMENT_TIME={{ now() }} + - DEPLOYMENT_TIME={{ deployment_time }} - VIRTUAL_HOST=*.{{ domain }},{{ domain }} - VIRTUAL_PORT=80 - LETSENCRYPT_HOST=*.{{ domain }},{{ domain }} diff --git a/playbooks/roles/passwd/templates/stacks/docker-compose.yml b/playbooks/roles/passwd/templates/stacks/docker-compose.yml index 7f2c373..f4aa2f1 100644 --- a/playbooks/roles/passwd/templates/stacks/docker-compose.yml +++ b/playbooks/roles/passwd/templates/stacks/docker-compose.yml @@ -7,7 +7,7 @@ services: - {{ passwd_base }}/volumes/data:/data environment: - TZ={{ timezone }} - - DEPLOYMENT_TIME={{ now() }} + - DEPLOYMENT_TIME={{ deployment_time }} - DOMAIN=https://{{ passwd_domain }} - SENDS_ALLOWED=true - EMERGENCY_ACCESS_ALLOWED=true @@ -39,8 +39,8 @@ services: update_config: parallelism: 1 failure_action: rollback - order: start-first - monitor: 90s + order: stop-first + monitor: 30s replicas: 1 labels: - traefik.enable=true diff --git a/playbooks/roles/pihole/templates/stacks/docker-compose.yml b/playbooks/roles/pihole/templates/stacks/docker-compose.yml index 47422f1..573121f 100644 --- a/playbooks/roles/pihole/templates/stacks/docker-compose.yml +++ b/playbooks/roles/pihole/templates/stacks/docker-compose.yml @@ -8,7 +8,7 @@ services: - {{ pihole_base }}/volumes/pihole:/etc/pihole - {{ pihole_base }}/volumes/dnsmasq:/etc/dnsmasq.d environment: - - DEPLOYMENT_TIME={{ now() }} + - DEPLOYMENT_TIME={{ deployment_time }} - TZ={{ timezone }} - FTLCONF_webserver_api_password={{ pihole_webpwd }} - FTLCONF_dns_upstreams={{ upstream_dns_servers | join(';') }} diff --git a/playbooks/roles/portainer/templates/stacks/docker-compose.yml b/playbooks/roles/portainer/templates/stacks/docker-compose.yml index c304153..5f28e5a 100644 --- a/playbooks/roles/portainer/templates/stacks/docker-compose.yml +++ b/playbooks/roles/portainer/templates/stacks/docker-compose.yml @@ -14,7 +14,7 @@ services: constraints: [node.platform.os == linux] environment: - TZ={{ timezone }} - - DEPLOYMENT_TIME={{ now() }} + - DEPLOYMENT_TIME={{ deployment_time }} portainer: image: portainer/portainer-ce:alpine @@ -26,7 +26,7 @@ services: - {{ portainer_base }}/volumes/data:/data environment: - TZ={{ timezone }} - - DEPLOYMENT_TIME={{ now() }} + - DEPLOYMENT_TIME={{ deployment_time }} networks: - proxy - agent_network diff --git a/playbooks/roles/silverbullet/templates/stacks/docker-compose.yml b/playbooks/roles/silverbullet/templates/stacks/docker-compose.yml index bedbeec..4175c4e 100644 --- a/playbooks/roles/silverbullet/templates/stacks/docker-compose.yml +++ b/playbooks/roles/silverbullet/templates/stacks/docker-compose.yml @@ -4,7 +4,7 @@ services: restart: unless-stopped environment: - TZ={{ timezone }} - - DEPLOYMENT_TIME={{ now() }} + - DEPLOYMENT_TIME={{ deployment_time }} - SB_USER={{ silverbullet_password }} volumes: - {{ silverbullet_base }}/volumes/data:/space diff --git a/playbooks/roles/traefik/tasks/main.yml b/playbooks/roles/traefik/tasks/main.yml index ad96334..4de095d 100644 --- a/playbooks/roles/traefik/tasks/main.yml +++ b/playbooks/roles/traefik/tasks/main.yml @@ -7,7 +7,7 @@ template_render_dir: "../templates" service_destination_dir: "{{ traefik_base }}" -- name: Pause for user confirmation (Auth Key) +- name: Pause for user confirmation for headscale when: homelab_build ansible.builtin.pause: prompt: "Please accept the subnet router in headscale..." diff --git a/playbooks/roles/traefik/templates/stacks/docker-compose.yml b/playbooks/roles/traefik/templates/stacks/docker-compose.yml index 7e9daef..dfcf72c 100644 --- a/playbooks/roles/traefik/templates/stacks/docker-compose.yml +++ b/playbooks/roles/traefik/templates/stacks/docker-compose.yml @@ -2,9 +2,8 @@ services: headscale-client: image: tailscale/tailscale:latest hostname: headscale-traefik - restart: unless-stopped environment: - - DEPLOYMENT_TIME={{ now() }} + - DEPLOYMENT_TIME={{ deployment_time }} - TZ={{ timezone }} - TS_AUTHKEY={{ headscale_user_auth_key }} - TS_EXTRA_ARGS=--login-server=https://{{ headscale_host }} --accept-dns --stateful-filtering=false --advertise-routes={{ loadbalancer_ip }}/32 @@ -33,7 +32,6 @@ services: monitor: 8s traefik: image: traefik:v3 - restart: unless-stopped depends_on: - headscale-client ports: @@ -46,7 +44,7 @@ services: retries: 2 timeout: 3s environment: - - DEPLOYMENT_TIME={{ now() }} + - DEPLOYMENT_TIME={{ deployment_time }} - TZ={{ timezone }} - CF_API_EMAIL={{ cloudflare_email }} - CF_DNS_API_TOKEN={{ cloudflare_dns_api_token }} diff --git a/playbooks/roles/traextor/templates/stacks/docker-compose.yml b/playbooks/roles/traextor/templates/stacks/docker-compose.yml index d15358e..db3c660 100644 --- a/playbooks/roles/traextor/templates/stacks/docker-compose.yml +++ b/playbooks/roles/traextor/templates/stacks/docker-compose.yml @@ -8,7 +8,7 @@ services: - /var/run/docker.sock:/var/run/docker.sock command: -H unix:///var/run/docker.sock environment: - DEPLOYMENT_TIME: {{ now() }} + DEPLOYMENT_TIME: {{ deployment_time }} TZ: {{ timezone }} OUTPUT_DIR: /certs deploy: |