diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/caddy/tasks/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/caddy/tasks/main.yaml index 061083e..3803ad9 100644 --- a/collections/ansible_collections/adhdgirl/minilab/roles/caddy/tasks/main.yaml +++ b/collections/ansible_collections/adhdgirl/minilab/roles/caddy/tasks/main.yaml @@ -41,6 +41,7 @@ community.docker.docker_compose_v2: project_src: /opt/caddy pull: policy + recreate: always rescue: - name: Set that this task failed diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/caddy/templates/Caddyfile.j2 b/collections/ansible_collections/adhdgirl/minilab/roles/caddy/templates/Caddyfile.j2 index 207c214..cc29cd9 100644 --- a/collections/ansible_collections/adhdgirl/minilab/roles/caddy/templates/Caddyfile.j2 +++ b/collections/ansible_collections/adhdgirl/minilab/roles/caddy/templates/Caddyfile.j2 @@ -53,3 +53,6 @@ lidarr.local.cobb.lgbt { ha.local.cobb.lgbt { reverse_proxy 10.69.2.13:8123 } +ntfy.local.cobb.lgbt { + reverse_proxy 10.69.2.52:8085 +} diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/cloudflared/files/docker-compose.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/cloudflared/files/docker-compose.yaml new file mode 100644 index 0000000..0db7c49 --- /dev/null +++ b/collections/ansible_collections/adhdgirl/minilab/roles/cloudflared/files/docker-compose.yaml @@ -0,0 +1,10 @@ +--- +services: + cloudflared: + image: cloudflare/cloudflared:latest + container_name: cloudflare-tunnel + restart: always + command: tunnel run + env_file: + - path: ./.env + required: true diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/cloudflared/tasks/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/cloudflared/tasks/main.yaml new file mode 100644 index 0000000..0b0a6c4 --- /dev/null +++ b/collections/ansible_collections/adhdgirl/minilab/roles/cloudflared/tasks/main.yaml @@ -0,0 +1,46 @@ +--- +- name: Load distro-specific variables + ansible.builtin.include_vars: '{{ item }}' + tags: always + with_first_found: + - files: + - "{{ ansible_facts['distribution'] }}.yaml" + skip: true + +- name: Ensure cloudflared is running and configured on this device + block: + - name: Ensure presense of folders for cloudflared + tags: packages,docker,cloudflared + ansible.builtin.file: + path: /opt/cloudflared + state: directory + recurse: true + owner: 1000 + group: 1000 + mode: "0644" + - name: Ensure compose files are properly loaded on the server + tags: packages,docker,cloudflared + ansible.builtin.copy: + src: "docker-compose.yaml" + dest: "/opt/cloudflared/docker-compose.yaml" + owner: 1000 + group: 1000 + mode: u=rw,g=r,o=r + - name: Ensure environment file is available on the server + tags: packages,cloudflared + ansible.builtin.template: + src: env.j2 + dest: /opt/cloudflared/.env + owner: 1000 + group: 1000 + mode: "0600" + - name: Ensure docker containers are pulled and running + tags: packages,docker,cloudflared + community.docker.docker_compose_v2: + project_src: /opt/cloudflared + pull: policy + + rescue: + - name: Set that this task failed + ansible.builtin.set_fact: + task_failed: true diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/cloudflared/templates/env.j2 b/collections/ansible_collections/adhdgirl/minilab/roles/cloudflared/templates/env.j2 new file mode 100644 index 0000000..2cffa9b --- /dev/null +++ b/collections/ansible_collections/adhdgirl/minilab/roles/cloudflared/templates/env.j2 @@ -0,0 +1 @@ +TUNNEL_TOKEN={{ cloudflared_tunnel_token }} diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/cloudflared/vars/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/cloudflared/vars/main.yaml new file mode 100644 index 0000000..cd59840 --- /dev/null +++ b/collections/ansible_collections/adhdgirl/minilab/roles/cloudflared/vars/main.yaml @@ -0,0 +1,16 @@ +--- +cloudflared_tunnel_token: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 62323939303466396563353432386135326366343135383632346463306336623938323532656136 + 6463633532343134396438396634373038613331623334300a326531383565333635663533393234 + 65343639376563326366303330343232666262333963393665323763303533383431623635653132 + 6137646434346335300a396238653535656665653761653738666334666166313564373632396137 + 62326262373361323162653265396237623637333838643837343434613734643865326135386339 + 35383933646531396135393237363238656435376261663235356264376363313461613862326531 + 31303136323562623137663535656366356263633433643739663733343732336663396262383436 + 61636662616432373734663139316262316534323936353864646330303730323739386135633536 + 37336235396333343437303238656637323135613332613661363963653431346238626463313532 + 37323661373562383661306630613838376334343563346138363138356234353963373462306163 + 38333534323238313766653862383664386265663733383036343961376666316239393731326531 + 37356233626261393030626366313431333461306661373164336635633436306138343430376264 + 62663866333430616162366138343237396432346634616165363262653662323564 diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/ntfy/tasks/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/ntfy/tasks/main.yaml new file mode 100644 index 0000000..9b21af9 --- /dev/null +++ b/collections/ansible_collections/adhdgirl/minilab/roles/ntfy/tasks/main.yaml @@ -0,0 +1,55 @@ +--- +- name: Load distro-specific variables + ansible.builtin.include_vars: '{{ item }}' + tags: always + with_first_found: + - files: + - "{{ ansible_facts['distribution'] }}.yaml" + skip: true + +- name: Ensure ntfy is running on this device + block: + - name: Ensure presense of folders for ntfy + tags: packages,docker,ntfy + ansible.builtin.file: + path: /opt/ntfy/config + state: directory + recurse: true + owner: 1000 + group: 1000 + mode: "0755" + - name: Ensure presense of folders for ntfy + tags: packages,docker,ntfy + ansible.builtin.file: + path: /opt/ntfy/cache/ + state: directory + recurse: true + owner: 1000 + group: 1000 + mode: "0755" + - name: Ensure compose files are properly loaded on the server + tags: packages,docker,ntfy + ansible.builtin.template: + src: docker-compose.yaml.j2 + dest: /opt/ntfy/docker-compose.yaml + owner: 1000 + group: 1000 + mode: "0644" + - name: Ensure ntfy config is available for container + tags: packages,ntfy + ansible.builtin.template: + src: ntfy-config.yaml.j2 + dest: /opt/ntfy/config/server.yml + owner: 1000 + group: 1000 + mode: "0644" + - name: Ensure docker containers are pulled and running + tags: packages,docker,ntfy + community.docker.docker_compose_v2: + project_src: /opt/ntfy + pull: policy + + rescue: + - name: Set that this task failed + ansible.builtin.set_fact: + task_failed: true diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/ntfy/templates/docker-compose.yaml.j2 b/collections/ansible_collections/adhdgirl/minilab/roles/ntfy/templates/docker-compose.yaml.j2 new file mode 100644 index 0000000..db35cbb --- /dev/null +++ b/collections/ansible_collections/adhdgirl/minilab/roles/ntfy/templates/docker-compose.yaml.j2 @@ -0,0 +1,26 @@ +--- +services: + ntfy: + image: binwiederhier/ntfy:{{ ntfy_image_tag }} + container_name: ntfy + command: serve --debug + environment: + - TZ=America/New_York # optional: set desired timezone + user: 1000:1000 # optional: replace with your own user/group or uid/gid + volumes: + - /opt/ntfy/cache/ntfy:/var/cache/ntfy + - /opt/ntfy/config:/etc/ntfy + ports: + - 8085:80 + healthcheck: # optional: remember to adapt the host:port to your environment + test: + [ + "CMD-SHELL", + "wget -q --tries=1 http://{{ ntfy_host_and_port }}/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1", + ] + interval: 60s + timeout: 10s + retries: 3 + start_period: 40s + restart: unless-stopped + init: true # needed, if healthcheck is used. Prevents zombie processes diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/ntfy/templates/ntfy-config.yaml.j2 b/collections/ansible_collections/adhdgirl/minilab/roles/ntfy/templates/ntfy-config.yaml.j2 new file mode 100644 index 0000000..a2b8382 --- /dev/null +++ b/collections/ansible_collections/adhdgirl/minilab/roles/ntfy/templates/ntfy-config.yaml.j2 @@ -0,0 +1,16 @@ +base_url: "https://ntfy.cobb.lgbt" +log_level: "debug" +attachment_cache_dir: "/var/cache/ntfy/attachments" +auth_file: "/etc/ntfy/user.db" +auth_default_access: "deny-all" +auth_users: + - "adhdgirl:{{ ntfy_adhdgirl_pwd }}:admin" + - "servers:{{ ntfy_servers_pwd }}:user" +auth_tokens: + - "adhdgirl:{{ ntfy_adhdgirl_token }}" + - "servers:{{ ntfy_servers_token }}:Server Alerts" +auth_access: + - "servers:server_alerts:rw" + - "*:server_alerts:deny-all" + - "*:up*:write-only" +behind_proxy: true diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/ntfy/vars/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/ntfy/vars/main.yaml new file mode 100644 index 0000000..46b084f --- /dev/null +++ b/collections/ansible_collections/adhdgirl/minilab/roles/ntfy/vars/main.yaml @@ -0,0 +1,6 @@ +ntfy_image_tag: v2.16 +ntfy_host_and_port: 10.69.2.52:8085 +ntfy_adhdgirl_pwd: $2a$10$oWYoIjSNo9X7I8S7UTUCEuXD2RjP66Jv.I7fkEDIRc05ssd8b/l9u +ntfy_servers_pwd: $2a$10$E4fd4Q/CXp/qmTjbdwfbMOnJRpGY6f8MWSAopEfgbMqZIdZWNzgrm +ntfy_adhdgirl_token: tk_lhmrd5ija9aelyr51zirpc8l8zjia +ntfy_servers_token: tk_7vo6ttnjev0f3a10x9zu8geyix2ua diff --git a/minilab.yaml b/minilab.yaml index cc0e5ba..a4488b0 100644 --- a/minilab.yaml +++ b/minilab.yaml @@ -55,3 +55,5 @@ - adhdgirl.minilab.authentik - adhdgirl.minilab.caddy - adhdgirl.minilab.arr + - adhdgirl.minilab.ntfy + - adhdgirl.minilab.cloudflared