annika/minilab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Sync

Browse source
This commit is contained in:
Annika Merris 2025-05-02 21:51:45 +00:00
parent 5816898404
commit 6eef878c4d
11 changed files with 276 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

92
collections/ansible_collections/adhdgirl/minilab/roles/authentik/files/docker-compose.yml Normal file
View file

@ -0,0 +1,92 @@
---
services:
postgresql:
image: docker.io/library/postgres:16-alpine
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
volumes:
- database:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: ${PG_PASS:?database password required}
POSTGRES_USER: ${PG_USER:-authentik}
POSTGRES_DB: ${PG_DB:-authentik}
env_file:
- .env
redis:
image: docker.io/library/redis:alpine
command: --save 60 1 --loglevel warning
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
volumes:
- redis:/data
server:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.4.0}
restart: unless-stopped
command: server
environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required}
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
volumes:
- ./media:/media
- ./custom-templates:/templates
env_file:
- .env
ports:
- "${COMPOSE_PORT_HTTP:-9000}:9000"
- "${COMPOSE_PORT_HTTPS:-9443}:9443"
depends_on:
postgresql:
condition: service_healthy
redis:
condition: service_healthy
worker:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.4.0}
restart: unless-stopped
command: worker
environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required}
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
# `user: root` and the docker socket volume are optional.
# See more for the docker socket integration here:
# https://goauthentik.io/docs/outposts/integrations/docker
# Removing `user: root` also prevents the worker from fixing the permissions
# on the mounted folders, so when removing this make sure the folders have the correct UID/GID
# (1000:1000 by default)
user: root
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./media:/media
- ./certs:/certs
- ./custom-templates:/templates
env_file:
- .env
depends_on:
postgresql:
condition: service_healthy
redis:
condition: service_healthy
volumes:
database:
driver: local
redis:
driver: local

48
collections/ansible_collections/adhdgirl/minilab/roles/authentik/tasks/main.yaml Normal file
View file

@ -0,0 +1,48 @@
---
- name: Load distro-specific variables
ansible.builtin.include_vars: '{{ item }}'
tags: always
with_first_found:
- files:
- "{{ ansible_distribution }}.yaml"
skip: true
- name: Ensure Authentik is running on this device
block:
- name: Ensure presense of folders for Authentik Home
tags: packages,docker,authentik
ansible.builtin.file:
path: "/opt/authentik/{{ item }}"
state: directory
recurse: true
owner: root
group: root
loop:
- "media"
- "custom-templates"
- name: Ensure compose file is available on the server
tags: docker,authentik,settings
ansible.builtin.copy:
src: docker-compose.yaml
dest: /opt/authentik/docker-compose.yaml
owner: root
group: root
mode: u=rw,g=r,o=r
- name: Ensure environment file is available on the server
tags: docker,authentik,settings
ansible.builtin.copy:
src: .env
dest: /opt/authentik/.env
owner: root
group: root
mode: u=rw,g=r,o=r
- name: Ensure docker containers are pulled and running
tags: docker,authentik
community.docker.docker_compose_v2:
project_src: /opt/authentik
pull: always
rescue:
- name: Set that this task failed
ansible.builtin.set_fact:
task_failed: true

12
collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/main.yaml
View file

@ -24,6 +24,18 @@
loop_control: loop_control:
loop_var: user_name loop_var: user_name
# Make sure that hostnames match
- name: Ensure the correct hostname is set for host (Alpine)
ansible.builtin.hostname:
name: "{{ server_name }}"
use: "alpine"
when: ansible_distribution == "Alpine"
- name: Ensure the correct hostname is set for host (Debian)
ansible.builtin.hostname:
name: "{{ server_name }}"
use: "debian"
when: ansible_distribution in debian_derivatives
# Install software not specific to Ansible # Install software not specific to Ansible
# - name: Ensure software wanted on all hosts is installed # - name: Ensure software wanted on all hosts is installed
# ansible.builtin.import_tasks: general/software.yaml # ansible.builtin.import_tasks: general/software.yaml

57
collections/ansible_collections/adhdgirl/minilab/roles/run/README.md
View file

@ -1,57 +0,0 @@
Adhdgirl.Minilab Run Role
========================
A brief description of the role is here.
Requirements
------------
Any prerequisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. host vars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
```yaml
- name: Execute tasks on servers
hosts: servers
roles:
- role: adhdgirl.minilab.run
run_x: 42
```
Another way to consume this role would be:
```yaml
- name: Initialize the run role from adhdgirl.minilab
hosts: servers
gather_facts: false
tasks:
- name: Trigger invocation of run role
ansible.builtin.include_role:
name: adhdgirl.minilab.run
vars:
run_x: 42
```
License
-------
# TO-DO: Update the license to the one you want to use (delete this line after setting the license)
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

12
collections/ansible_collections/adhdgirl/minilab/roles/run/tasks/main.yml
View file

@ -1,12 +0,0 @@
---
- name: Debug print task-1
ansible.builtin.debug:
msg: "This is task-1"
- name: Debug print task-2
ansible.builtin.debug:
msg: "This is task-2"
- name: Debug print task-3
ansible.builtin.debug:
msg: "This is task-3"

42
collections/ansible_collections/adhdgirl/minilab/roles/unifi-controller/files/docker-compose.yaml Normal file
View file

@ -0,0 +1,42 @@
---
services:
unifi-network-application:
image: lscr.io/linuxserver/unifi-network-application:latest
container_name: unifi-network-application
environment:
- PUID=1000
- PGID=1000
- TZ=America/New_York
- MONGO_USER=unifi
- MONGO_PASS=pIsSixZKxArEWFnV9DoZ4815Cvpkzlbwmkpcgsl7ylxBidbSD75jpuqMz4PNOT40
- MONGO_HOST=unifi-db
- MONGO_PORT=27017
- MONGO_DBNAME=unifi
- MONGO_AUTHSOURCE=admin
volumes:
- /opt/unifi/unifi/data:/config
ports:
- 8443:8443
- 3478:3478/udp
- 10001:10001/udp
- 8080:8080
- 1900:1900/udp #optional
- 8843:8843 #optional
- 8880:8880 #optional
- 6789:6789 #optional
- 5514:5514/udp #optional
restart: unless-stopped
unifi-db:
image: docker.io/mongo:4.4.6
container_name: unifi-db
environment:
- MONGO_INITDB_ROOT_USERNAME=root
- MONGO_INITDB_ROOT_PASSWORD=r6N9pg0UJoCY3a50wtHe4KyQfu5ln996ZWHRI7SZWosX4AZz6d6xZaXfk7XSEgKs
- MONGO_USER=unifi
- MONGO_PASS=pIsSixZKxArEWFnV9DoZ4815Cvpkzlbwmkpcgsl7ylxBidbSD75jpuqMz4PNOT40
- MONGO_DBNAME=unifi
- MONGO_AUTHSOURCE=admin
volumes:
- /opt/unifi/mongo/data
- /opt/unifi/init-mongo.sh:/docker-entrypoint-initdb.d/init-mongo.sh:root
restart: unless-stopped

19
collections/ansible_collections/adhdgirl/minilab/roles/unifi-controller/files/init-mongo.sh Normal file
View file

@ -0,0 +1,19 @@
#!/bin/bash
if which mongosh > /dev/null 2>&1; then
mongo_init_bin='mongosh'
else
mongo_init_bin='mongo'
fi
"${mongo_init_bin}" <<EOF
use ${MONGO_AUTHSOURCE}
db.auth("${MONGO_INITDB_ROOT_USERNAME}", "${MONGO_INITDB_ROOT_PASSWORD}")
db.createUser({
user: "${MONGO_USER}",
pwd: "${MONGO_PASS}",
roles: [
{ db: "${MONGO_DBNAME}", role: "dbOwner" },
{ db: "${MONGO_DBNAME}_stat", role: "dbOwner" }
]
})
EOF

49
collections/ansible_collections/adhdgirl/minilab/roles/unifi-controller/tasks/main.yaml Normal file
View file

@ -0,0 +1,49 @@
---
- name: Load distro-specific variables
ansible.builtin.include_vars: '{{ item }}'
tags: always
with_first_found:
- files:
- "{{ ansible_distribution }}.yaml"
skip: true
- name: Ensure unifi-network-application is installed on hosts
block:
- name: Ensure presense of folders for processes on the server
tags: packages,docker,unifi
ansible.builtin.file:
path: "/opt/unifi/{{ item }}"
state: directory
owner: 1000
group: 1000
recurse: true
loop:
- unifi/data
- mongo/data
- name: Ensure compose files are available on the server
tags: packages,docker,unifi
ansible.builtin.copy:
src: docker-compose.yaml
dest: "/opt/unifi/docker-compose.yaml"
owner: 1000
group: 1000
mode: u=rw,g=r,o=r
- name: Ensure mongo initialization script is available
tags: packages,docker,unifi
ansible.builtin.copy:
src: init-mongo.sh
dest: /opt/unifi/init-mongo.sh
owner: 1000
group: 1000
mode: u=rw,g=r,o=r
- name: Ensure docker containers are pulled and running
tags: docker,unifi
community.docker.docker_compose_v2:
project_src: "/opt/unifi"
pull: always
rescue:
- name: Set that this task failed
ansible.builtin.set_fact:
task_failed: true
# code: language=ansible

4
inventory/group_vars/all.yaml
View file

@ -1,6 +1,6 @@
--- ---
# ansible_user: ansible ansible_user: ansible
# ansible_ssh_private_key_file: /home/annika/ansible/minilab/ansible_ed25519 ansible_ssh_private_key_file: /home/annika/ansible/minilab/ansible_ed25519
debian_derivatives: debian_derivatives:
- "Debian" - "Debian"
- "Pop!_OS" - "Pop!_OS"

2
inventory/host_vars/adguard.yaml Normal file
View file

@ -0,0 +1,2 @@
---
server_name: adguard

17
inventory/hosts.yaml
View file

@ -1,33 +1,36 @@
--- ---
all: all:
hosts: hosts:
pump: adguard:
ansible_host: 10.69.11.4 ansible_host: 10.69.11.4
maxim: maxim:
ansible_host: 10.69.10.50 ansible_host: 10.69.10.50
docker1: pump:
ansible_host: 10.69.10.51 ansible_host: 10.69.10.51
fifi: fifi:
ansible_host: 10.69.10.52 ansible_host: 10.69.10.52
knivi: knivi:
ansible_host: 10.69.10.53 ansible_host: 10.69.10.53
reir: reir:
ansible_host: 10.69.10.62 ansible_host: 10.69.10.54
children: children:
alpine: alpine:
hosts: hosts:
pump: adguard:
debian: debian:
hosts: hosts:
maxim: maxim:
docker1: pump:
fifi: fifi:
knivi: knivi:
reir: reir:
docker: docker:
hosts: hosts:
adguard:
pump: pump:
docker1: unifi_controller:
adguard_servers:
hosts: hosts:
pump: pump:
adguard_servers:
hosts:
adguard: