diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/authentik/files/docker-compose.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/authentik/files/docker-compose.yaml index 538085d..5e58f42 100644 --- a/collections/ansible_collections/adhdgirl/minilab/roles/authentik/files/docker-compose.yaml +++ b/collections/ansible_collections/adhdgirl/minilab/roles/authentik/files/docker-compose.yaml @@ -1,5 +1,4 @@ --- - services: postgresql: image: docker.io/library/postgres:16-alpine diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/caddy/files/docker-compose.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/caddy/files/docker-compose.yaml new file mode 100644 index 0000000..6829d13 --- /dev/null +++ b/collections/ansible_collections/adhdgirl/minilab/roles/caddy/files/docker-compose.yaml @@ -0,0 +1,15 @@ +--- +services: + caddy: + image: ghcr.io/caddybuilds/caddy-cloudflare:latest + restart: unless-stopped + cap_add: + - NET_ADMIN + ports: + - 80:80 + - 443:443 + - 443:443/udp + volumes: + - /opt/caddy/Caddyfile:/etc/caddy/Caddyfile + - /opt/caddy/data:/data + - /opt/caddy/config:/config diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/caddy/tasks/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/caddy/tasks/main.yaml new file mode 100644 index 0000000..0b3393d --- /dev/null +++ b/collections/ansible_collections/adhdgirl/minilab/roles/caddy/tasks/main.yaml @@ -0,0 +1,48 @@ +--- +- name: Load distro-specific variables + ansible.builtin.include_vars: '{{ item }}' + tags: always + with_first_found: + - files: + - "{{ ansible_distribution }}.yaml" + skip: true + +- name: Ensure Caddy is running on this device + block: + - name: Ensure presense of folders for Caddy Home + tags: packages,docker,caddy + ansible.builtin.file: + path: "/opt/caddy/{{ item }}" + state: directory + recurse: true + owner: root + group: root + loop: + - data + - config + - name: Ensure compose file is available on the server + tags: docker,caddy,settings + ansible.builtin.copy: + src: docker-compose.yaml + dest: /opt/caddy/docker-compose.yaml + owner: root + group: root + mode: u=rw,g=r,o=r + - name: Ensure environment file is available on the server + tags: docker,caddy,settings + ansible.builtin.template: + src: Caddyfile.j2 + dest: /opt/caddy/Caddyfile + owner: root + group: root + mode: u=rw,g=,o= + - name: Ensure docker containers are pulled and running + tags: docker,caddy + community.docker.docker_compose_v2: + project_src: /opt/caddy + pull: always + + rescue: + - name: Set that this task failed + ansible.builtin.set_fact: + task_failed: true diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/caddy/templates/Caddyfile.j2 b/collections/ansible_collections/adhdgirl/minilab/roles/caddy/templates/Caddyfile.j2 new file mode 100644 index 0000000..b052bed --- /dev/null +++ b/collections/ansible_collections/adhdgirl/minilab/roles/caddy/templates/Caddyfile.j2 @@ -0,0 +1,22 @@ +{ + email annika@adhdgirl.dev + acme_dns cloudflare {{ caddy_cobblgbt_key }} +} + +authentik.local.cobb.lgbt { + reverse_proxy 10.69.11.52:9000 { + trusted_proxies private_ranges + } +} + +pve.local.cobb.lgbt { + reverse_proxy 10.69.128.5:8006 { + transport http { + tls_insecure_skip_verify + } + } +} + +code.local.cobb.lgbt { + reverse_proxy 10.69.11.51:8443 +} diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/caddy/vars/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/caddy/vars/main.yaml new file mode 100644 index 0000000..987cf7e --- /dev/null +++ b/collections/ansible_collections/adhdgirl/minilab/roles/caddy/vars/main.yaml @@ -0,0 +1,9 @@ +--- +caddy_cobblgbt_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 32396232646666616261393537613662386165353765323763353739343232323363636331656338 + 3133323662636436326535323637633261313163366237300a383865393032326331336335636262 + 30646461653832323262373863646261333865613763356365666130636262636430616238643538 + 3039316461356630620a323536643638396164303965346465356563326131663939633236343532 + 61363338313435316334616462376433643732343936316437656165373961306438393665343265 + 3132636333313635633533353461333236666561363865653236 diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/coder/templates/env.j2 b/collections/ansible_collections/adhdgirl/minilab/roles/coder/templates/env.j2 index 0a0d8ad..cecca5d 100644 --- a/collections/ansible_collections/adhdgirl/minilab/roles/coder/templates/env.j2 +++ b/collections/ansible_collections/adhdgirl/minilab/roles/coder/templates/env.j2 @@ -2,3 +2,4 @@ HASHED_PASSWORD={{ coder_hashed_password }} SUDO_PASSWORD_HASH={{ coder_sudo_hashed_password }} PROXY_DOMAIN={{ coder_proxy_domain }} DEFAULT_WORKSPACE={{ coder_default_workspace }} +CODE_VERSION={{ coder_version }} diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/coder/vars/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/coder/vars/main.yaml index c0f9f37..d179ff0 100644 --- a/collections/ansible_collections/adhdgirl/minilab/roles/coder/vars/main.yaml +++ b/collections/ansible_collections/adhdgirl/minilab/roles/coder/vars/main.yaml @@ -23,3 +23,4 @@ coder_sudo_hashed_password: !vault | 3762 coder_proxy_domain: coder.local.cobb.lgbt coder_default_workspace: /workspace +coder_version: 4.100.0 diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/users.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/users.yaml index 07a8421..57d61c3 100644 --- a/collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/users.yaml +++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/users.yaml @@ -8,6 +8,9 @@ name: "{{ user_name }}" check_mode: true register: user_exists +# - name: Debug user_exists +# ansible.builtin.debug: +# msg: "user_exists: {{ user_exists }}" - name: Ensure group exists tags: groups,users ansible.builtin.group: @@ -25,7 +28,7 @@ ansible.builtin.user: name: "{{ user_name }}" password: "{{ common_user_password | string | password_hash('sha512') }}" - when: user_exists is defined and user_exists.state != 'present' + when: user_exists.state is undefined or user_exists.state != 'present' - name: Adjust shell for Debian hosts tags: settings,users,debian ansible.builtin.user: diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/wikijs/files/docker-compose.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/wikijs/files/docker-compose.yaml new file mode 100644 index 0000000..821ad3b --- /dev/null +++ b/collections/ansible_collections/adhdgirl/minilab/roles/wikijs/files/docker-compose.yaml @@ -0,0 +1,30 @@ +services: + db: + image: postgres:15-alpine + environment: + POSTGRES_DB: wiki + POSTGRES_PASSWORD: wikijsrocks + POSTGRES_USER: wikijs + logging: + driver: none + restart: unless-stopped + volumes: + - db-data:/var/lib/postgresql/data + + wiki: + image: ghcr.io/requarks/wiki:2 + depends_on: + - db + environment: + DB_TYPE: postgres + DB_HOST: db + DB_PORT: 5432 + DB_USER: wikijs + DB_PASS: wikijsrocks + DB_NAME: wiki + restart: unless-stopped + ports: + - "80:3000" + +volumes: + db-data: \ No newline at end of file diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/wikijs/tasks/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/wikijs/tasks/main.yaml new file mode 100644 index 0000000..e69de29 diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/wikijs/vars/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/wikijs/vars/main.yaml new file mode 100644 index 0000000..e69de29 diff --git a/minilab.yaml b/minilab.yaml index f87081d..0733ff4 100644 --- a/minilab.yaml +++ b/minilab.yaml @@ -41,9 +41,10 @@ become: true roles: - adhdgirl.minilab.coder -- name: Configure authentik - hosts: authentik - tags: docker,authentik +- name: Configure nemetona + hosts: nemetona + tags: docker,authentik,caddy become: true roles: - adhdgirl.minilab.authentik + - adhdgirl.minilab.caddy