florian.richer/myserver-configuration
1
0
Fork 0
Code Activity

Compare commits

base: florian.richer:93cbcd29fbc7d3904337fb57f0178ff9ace2fee2
Branches Tags
florian.richer:main
...
compare: florian.richer:d6727970ff9c6152e02d5155e0fceae13108fa6b
Branches Tags
florian.richer:main

5 commits
93cbcd29fb ... d6727970ff

Author SHA1 Message Date
Florian RICHER
d6727970ff
Add GPG import public key 2024-07-14 22:54:31 +02:00
Florian RICHER
ba37728d72
Comment not safe changement 2024-07-14 22:47:15 +02:00
Florian RICHER
6dcef5cbbb
Fixes 2024-07-14 22:33:59 +02:00
Florian RICHER
a7140e5a84
Begin migration to v2 Step 2 2024-07-14 22:17:33 +02:00
Florian RICHER
b91292576f
Begin migration to v2 2024-07-14 21:39:23 +02:00
39 changed files with 64 additions and 112 deletions
Show stats Expand all files Collapse all files

9
flake.nix
View file

@ -11,6 +11,14 @@
let let
pkgs = import nixpkgs { inherit system; }; pkgs = import nixpkgs { inherit system; };
import_pub_gpg = pkgs.writeScriptBin "import_pub_gpg" ''
#!${pkgs.runtimeShell}
echo "Importing public key"
gpg --import <(curl https://gitea.mrdev023.fr/florian.richer.gpg)
'';
init_sops = pkgs.writeScriptBin "init_sops" '' init_sops = pkgs.writeScriptBin "init_sops" ''
#!${pkgs.runtimeShell} #!${pkgs.runtimeShell}
@ -37,6 +45,7 @@
buildInputs = [ buildInputs = [
pkgs.ansible pkgs.ansible
pkgs.sops pkgs.sops
import_pub_gpg
init_sops init_sops
clean_sops clean_sops
]; ];

2
roles/borg/tasks/base.yml
View file

@ -8,5 +8,5 @@
owner: root owner: root
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx
loop: loop:
- { src: 'backup.j2', dest: 'backup' } - { src: 'backup', dest: 'backup' }
become: true become: true

0
roles/borg/templates/backup.j2 → roles/borg/templates/backup
View file

2
roles/clean/tasks/docker.yml
View file

@ -5,6 +5,6 @@
containers: true containers: true
images: true images: true
networks: true networks: true
volumes: true # volumes: true
builder_cache: true builder_cache: true
become: yes become: yes

9
roles/cloud/tasks/base.yml
View file

@ -23,13 +23,12 @@
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "cloud/{{ item.dest }}" dest: "cloud/{{ item.dest }}"
loop: loop:
- { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }
register: cloud_copy_templates_results
- name: Update and restart container - name: Update and restart container
community.docker.docker_compose: community.docker.docker_compose_v2:
project_src: cloud project_src: cloud
state: present state: present
pull: true pull: always
restarted: "{{ cloud_copy_files_results.changed or cloud_copy_templates_results.changed }}" recreate: "{{ 'always' if cloud_copy_files_results.changed else 'auto' }}"
become: true become: true

2
roles/cloud/templates/docker-compose.yml.j2 → roles/cloud/templates/docker-compose.yml
View file

@ -1,5 +1,3 @@
version: '3'
services: services:
db: db:
image: postgres:14 image: postgres:14

8
roles/dolibarr/tasks/base.yml
View file

@ -11,8 +11,7 @@
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "dolibarr/{{ item.dest }}" dest: "dolibarr/{{ item.dest }}"
loop: loop:
- { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }
register: dolibarr_copy_templates_results
- name: Prepare volume folder - name: Prepare volume folder
ansible.builtin.file: ansible.builtin.file:
@ -25,9 +24,8 @@
become: true become: true
- name: Update and restart container - name: Update and restart container
community.docker.docker_compose: community.docker.docker_compose_v2:
project_src: dolibarr project_src: dolibarr
state: present state: present
pull: true pull: always
restarted: "{{ dolibarr_copy_templates_results.changed }}"
become: true become: true

2
roles/dolibarr/templates/docker-compose.yml.j2 → roles/dolibarr/templates/docker-compose.yml
View file

@ -1,5 +1,3 @@
version: '3'
services: services:
mariadb: mariadb:
image: mariadb:latest image: mariadb:latest

6
roles/gitea/tasks/base.yml
View file

@ -12,12 +12,10 @@
loop: loop:
- { src: 'docker-compose.yml', dest: 'docker-compose.yml' } - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }
- { src: 'config.yml', dest: 'config.yml' } - { src: 'config.yml', dest: 'config.yml' }
register: gitea_copy_templates_results
- name: Update and restart container - name: Update and restart container
community.docker.docker_compose: community.docker.docker_compose_v2:
project_src: gitea project_src: gitea
state: present state: present
pull: true pull: always
restarted: "{{ gitea_copy_templates_results.changed }}"
become: true become: true

4
roles/gitea/templates/docker-compose.yml
View file

@ -1,5 +1,3 @@
version: "3"
services: services:
gitea: gitea:
image: gitea/gitea:latest image: gitea/gitea:latest
@ -59,4 +57,4 @@ networks:
metrics: metrics:
external: true external: true
proxy: proxy:
external: true external: true

8
roles/home_assistant/tasks/base.yml
View file

@ -10,13 +10,11 @@
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "home_assistant/{{ item.dest }}" dest: "home_assistant/{{ item.dest }}"
loop: loop:
- { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }
register: home_assistant_copy_templates_results
- name: Update and restart container - name: Update and restart container
community.docker.docker_compose: community.docker.docker_compose_v2:
project_src: home_assistant project_src: home_assistant
state: present state: present
pull: true pull: always
restarted: "{{ home_assistant_copy_templates_results.changed }}"
become: true become: true

2
roles/home_assistant/templates/docker-compose.yml.j2 → roles/home_assistant/templates/docker-compose.yml
View file

@ -1,5 +1,3 @@
version: '3'
services: services:
home_assistant: home_assistant:
image: homeassistant/home-assistant image: homeassistant/home-assistant

2
roles/iptables/tasks/base.yml
View file

@ -7,7 +7,7 @@
group: root group: root
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx
loop: loop:
- { src: 'firewall.j2', dest: '/usr/bin/firewall' } - { src: 'firewall', dest: '/usr/bin/firewall' }
register: iptables_templates_results register: iptables_templates_results
become: yes become: yes

0
roles/iptables/templates/firewall.j2 → roles/iptables/templates/firewall
View file

9
roles/matrix/tasks/base.yml
View file

@ -16,13 +16,12 @@
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "matrix/{{ item.dest }}" dest: "matrix/{{ item.dest }}"
loop: loop:
- { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }
register: matrix_copy_templates_results
- name: Update and restart container - name: Update and restart container
community.docker.docker_compose: community.docker.docker_compose_v2:
project_src: matrix project_src: matrix
state: present state: present
pull: true pull: always
restarted: "{{ matrix_copy_files_results.changed or matrix_copy_templates_results.changed }}" recreate: "{{ 'always' if matrix_copy_files_results.changed else 'auto' }}"
become: true become: true

2
roles/matrix/templates/docker-compose.yml.j2 → roles/matrix/templates/docker-compose.yml
View file

@ -1,5 +1,3 @@
version: '3'
services: services:
postgres: postgres:
image: postgres:15 image: postgres:15

6
roles/metrics/tasks/base.yml
View file

@ -11,12 +11,10 @@
dest: "metrics/{{ item.dest }}" dest: "metrics/{{ item.dest }}"
loop: loop:
- { src: 'docker-compose.yml', dest: 'docker-compose.yml' } - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }
register: metrics_copy_templates_results
- name: Update and restart container - name: Update and restart container
community.docker.docker_compose: community.docker.docker_compose_v2:
project_src: metrics project_src: metrics
state: present state: present
pull: true pull: always
restarted: "{{ metrics_copy_templates_results.changed }}"
become: true become: true

2
roles/metrics/templates/docker-compose.yml
View file

@ -1,5 +1,3 @@
version: '3'
services: services:
prometheus: prometheus:
image: prom/prometheus:latest image: prom/prometheus:latest

8
roles/n8n/tasks/base.yml
View file

@ -10,13 +10,11 @@
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "n8n/{{ item.dest }}" dest: "n8n/{{ item.dest }}"
loop: loop:
- { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }
register: n8n_copy_templates_results
- name: Update and restart container - name: Update and restart container
community.docker.docker_compose: community.docker.docker_compose_v2:
project_src: n8n project_src: n8n
state: present state: present
pull: true pull: always
restarted: "{{ n8n_copy_templates_results.changed }}"
become: true become: true

2
roles/n8n/templates/docker-compose.yml.j2 → roles/n8n/templates/docker-compose.yml
View file

@ -1,5 +1,3 @@
version: '3'
services: services:
db: db:
image: postgres:14 image: postgres:14

6
roles/portfolio/tasks/base.yml
View file

@ -11,12 +11,10 @@
dest: "portfolio/{{ item.dest }}" dest: "portfolio/{{ item.dest }}"
loop: loop:
- { src: 'docker-compose.yml', dest: 'docker-compose.yml' } - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }
register: portfolio_copy_templates_results
- name: Update and restart container - name: Update and restart container
community.docker.docker_compose: community.docker.docker_compose_v2:
project_src: portfolio project_src: portfolio
state: present state: present
pull: true pull: always
restarted: "{{ portfolio_copy_templates_results.changed }}"
become: true become: true

2
roles/portfolio/templates/docker-compose.yml
View file

@ -1,5 +1,3 @@
version: "3"
services: services:
portfolio: portfolio:
image: gitea.mrdev023.fr/florian.richer/portfolio:latest image: gitea.mrdev023.fr/florian.richer/portfolio:latest

9
roles/protonmail/tasks/base.yml
View file

@ -16,8 +16,7 @@
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "protonmail/{{ item.dest }}" dest: "protonmail/{{ item.dest }}"
loop: loop:
- { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }
register: protonmail_copy_templates_results
- name: Create protonmail network - name: Create protonmail network
community.docker.docker_network: community.docker.docker_network:
@ -31,9 +30,9 @@
when: not protonmail.initialized when: not protonmail.initialized
- name: Update and restart container - name: Update and restart container
community.docker.docker_compose: community.docker.docker_compose_v2:
project_src: protonmail project_src: protonmail
state: present state: present
pull: true pull: always
restarted: "{{ protonmail.initialized and (protonmail_copy_templates_results.changed or protonmail_copy_files_results.changed) }}" recreate: "{{ 'always' if protonmail.initialized and protonmail_copy_files_results.changed else 'auto' }}"
become: true become: true

2
roles/protonmail/templates/docker-compose.yml.j2 → roles/protonmail/templates/docker-compose.yml
View file

@ -1,5 +1,3 @@
version: '3'
services: services:
protonmail-bridge: protonmail-bridge:
image: shenxn/protonmail-bridge image: shenxn/protonmail-bridge

8
roles/ryot/tasks/base.yml
View file

@ -10,13 +10,11 @@
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "ryot/{{ item.dest }}" dest: "ryot/{{ item.dest }}"
loop: loop:
- { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }
register: ryot_copy_templates_results
- name: Update and restart container - name: Update and restart container
community.docker.docker_compose: community.docker.docker_compose_v2:
project_src: ryot project_src: ryot
state: present state: present
pull: true pull: always
restarted: "{{ ryot_copy_templates_results.changed }}"
become: true become: true

2
roles/ryot/templates/docker-compose.yml.j2 → roles/ryot/templates/docker-compose.yml
View file

@ -1,5 +1,3 @@
version: "3.9"
services: services:
postgres: postgres:
image: postgres:16-alpine image: postgres:16-alpine

2
roles/ssh/tasks/base.yml
View file

@ -7,7 +7,7 @@
group: root group: root
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx
loop: loop:
- { src: 'port.conf.j2', dest: '/etc/ssh/sshd_config.d/99-port.conf' } - { src: 'port.conf', dest: '/etc/ssh/sshd_config.d/99-port.conf' }
register: iptables_templates_results register: iptables_templates_results
become: yes become: yes

0
roles/ssh/templates/port.conf.j2 → roles/ssh/templates/port.conf
View file

14
roles/traefik/tasks/base.yml
View file

@ -12,7 +12,6 @@
loop: loop:
- { src: 'docker-compose.yml', dest: 'docker-compose.yml' } - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }
- { src: 'config/traefik.yml', dest: 'config/traefik.yml' } - { src: 'config/traefik.yml', dest: 'config/traefik.yml' }
register: traefik_copy_templates_results
# Avoid restart docker if dynamic_conf updated # Avoid restart docker if dynamic_conf updated
- name: Copy dynamic_conf conf - name: Copy dynamic_conf conf
@ -20,10 +19,9 @@
src: "config/dynamic_conf.yml" src: "config/dynamic_conf.yml"
dest: "traefik/config/dynamic_conf.yml" dest: "traefik/config/dynamic_conf.yml"
- name: Update and restart container # - name: Update and restart container
community.docker.docker_compose: # community.docker.docker_compose_v2:
project_src: traefik # project_src: traefik
state: present # state: present
pull: true # pull: always
restarted: "{{ traefik_copy_templates_results.changed }}" # become: true
become: true

2
roles/traefik/templates/docker-compose.yml
View file

@ -1,5 +1,3 @@
version: '3'
services: services:
traefik: traefik:
image: traefik:latest image: traefik:latest

10
roles/vaultwarden/tasks/base.yml
View file

@ -11,14 +11,13 @@
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "vaultwarden/{{ item.dest }}" dest: "vaultwarden/{{ item.dest }}"
loop: loop:
- { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }
register: vaultwarden_copy_templates_results
- name: Copy dotenv as root - name: Copy dotenv as root
ansible.builtin.template: ansible.builtin.template:
owner: root owner: root
group: root group: root
src: ".env.j2" src: ".env"
dest: "vaultwarden/.env" dest: "vaultwarden/.env"
mode: 0600 mode: 0600
become: true become: true
@ -34,9 +33,8 @@
become: true become: true
- name: Update and restart container - name: Update and restart container
community.docker.docker_compose: community.docker.docker_compose_v2:
project_src: vaultwarden project_src: vaultwarden
state: present state: present
pull: true pull: always
restarted: "{{ vaultwarden_copy_templates_results.changed }}"
become: true become: true

2
roles/vaultwarden/templates/.env.j2 → roles/vaultwarden/templates/.env
View file

@ -1,6 +1,6 @@
WEBSOCKET_ENABLED=true WEBSOCKET_ENABLED=true
SIGNUPS_ALLOWED=false SIGNUPS_ALLOWED=false
ADMIN_TOKEN={{ vaultwarden.admin_token }} ADMIN_TOKEN='{{ vaultwarden.admin_token }}'
POSTGRES_PASSWORD=vaultwarden POSTGRES_PASSWORD=vaultwarden
POSTGRES_DB=vaultwarden POSTGRES_DB=vaultwarden
POSTGRES_USER=vaultwarden POSTGRES_USER=vaultwarden

2
roles/vaultwarden/templates/docker-compose.yml.j2 → roles/vaultwarden/templates/docker-compose.yml
View file

@ -1,5 +1,3 @@
version: '3'
services: services:
db: db:
image: postgres:15 image: postgres:15

8
roles/watchtower/tasks/base.yml
View file

@ -10,13 +10,11 @@
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "watchtower/{{ item.dest }}" dest: "watchtower/{{ item.dest }}"
loop: loop:
- { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }
register: watchtower_copy_templates_results
- name: Force update and restart container - name: Force update and restart container
community.docker.docker_compose: community.docker.docker_compose_v2:
project_src: watchtower project_src: watchtower
state: present state: present
pull: true pull: always
restarted: "{{ watchtower_copy_templates_results.changed }}"
become: true become: true

2
roles/watchtower/templates/docker-compose.yml.j2 → roles/watchtower/templates/docker-compose.yml
View file

@ -1,5 +1,3 @@
version: '3'
services: services:
watchtower: watchtower:
image: containrrr/watchtower:latest image: containrrr/watchtower:latest

8
roles/whoami/tasks/base.yml
View file

@ -10,13 +10,11 @@
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "whoami/{{ item.dest }}" dest: "whoami/{{ item.dest }}"
loop: loop:
- { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }
register: whoami_copy_templates_results
- name: Force update and restart container - name: Force update and restart container
community.docker.docker_compose: community.docker.docker_compose_v2:
project_src: whoami project_src: whoami
state: present state: present
pull: true pull: always
restarted: "{{ whoami_copy_templates_results.changed }}"
become: true become: true

2
roles/whoami/templates/docker-compose.yml.j2 → roles/whoami/templates/docker-compose.yml
View file

@ -1,5 +1,3 @@
version: '3'
services: services:
whoami: whoami:
image: "containous/whoami" image: "containous/whoami"

8
roles/wireguard/tasks/base.yml
View file

@ -10,13 +10,11 @@
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "wireguard/{{ item.dest }}" dest: "wireguard/{{ item.dest }}"
loop: loop:
- { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }
register: wireguard_copy_templates_results
- name: Update and restart container - name: Update and restart container
community.docker.docker_compose: community.docker.docker_compose_v2:
project_src: wireguard project_src: wireguard
state: present state: present
pull: true pull: always
restarted: "{{ wireguard_copy_templates_results.changed }}"
become: true become: true

2
roles/wireguard/templates/docker-compose.yml.j2 → roles/wireguard/templates/docker-compose.yml
View file

@ -1,5 +1,3 @@
version: '3'
services: services:
wireguard: wireguard:
image: lscr.io/linuxserver/wireguard:latest image: lscr.io/linuxserver/wireguard:latest