Add GPG import public key

Comment not safe changement
Fixes
2024-07-14 22:54:31 +02:00 · 2024-07-14 22:47:15 +02:00 · 2024-07-14 22:33:59 +02:00 · 2024-07-14 22:17:33 +02:00 · 2024-07-14 21:39:23 +02:00
39 changed files with 64 additions and 112 deletions
--- a/flake.nix
+++ b/flake.nix
@ -11,6 +11,14 @@
      let
        pkgs = import nixpkgs { inherit system; };

+        import_pub_gpg = pkgs.writeScriptBin "import_pub_gpg" ''
+          #!${pkgs.runtimeShell}
+          
+          echo "Importing public key"
+          gpg --import <(curl https://gitea.mrdev023.fr/florian.richer.gpg)
+        '';
+
+
        init_sops = pkgs.writeScriptBin "init_sops" ''
          #!${pkgs.runtimeShell}
          
@ -37,6 +45,7 @@
            buildInputs = [
              pkgs.ansible
              pkgs.sops
+              import_pub_gpg
              init_sops
              clean_sops
            ];
--- a/roles/borg/tasks/base.yml
+++ b/roles/borg/tasks/base.yml
@ -8,5 +8,5 @@
    owner: root
    mode: u=rwx,g=rx,o=rx
  loop:
-    - { src: 'backup.j2', dest: 'backup' }
+    - { src: 'backup', dest: 'backup' }
  become: true
--- a/roles/borg/templates/backup.j2
+++ b/roles/borg/templates/backup.j2
--- a/roles/clean/tasks/docker.yml
+++ b/roles/clean/tasks/docker.yml
@ -5,6 +5,6 @@
    containers: true
    images: true
    networks: true
-    volumes: true
+    # volumes: true
    builder_cache: true
  become: yes
--- a/roles/cloud/tasks/base.yml
+++ b/roles/cloud/tasks/base.yml
@ -23,13 +23,12 @@
    src: "{{ item.src }}"
    dest: "cloud/{{ item.dest }}"
  loop:
-    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
-  register: cloud_copy_templates_results
+    - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }

 - name: Update and restart container
-  community.docker.docker_compose:
+  community.docker.docker_compose_v2:
    project_src: cloud
    state: present
-    pull: true
-    restarted: "{{ cloud_copy_files_results.changed or cloud_copy_templates_results.changed }}"
+    pull: always
+    recreate: "{{ 'always' if cloud_copy_files_results.changed else 'auto' }}"
  become: true
--- a/roles/cloud/templates/docker-compose.yml.j2
+++ b/roles/cloud/templates/docker-compose.yml.j2
@ -1,5 +1,3 @@
-version: '3'
-
 services:
  db:
    image: postgres:14
--- a/roles/dolibarr/tasks/base.yml
+++ b/roles/dolibarr/tasks/base.yml
@ -11,8 +11,7 @@
    src: "{{ item.src }}"
    dest: "dolibarr/{{ item.dest }}"
  loop:
-    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
-  register: dolibarr_copy_templates_results
+    - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }

 - name: Prepare volume folder
  ansible.builtin.file:
@ -25,9 +24,8 @@
  become: true

 - name: Update and restart container
-  community.docker.docker_compose:
+  community.docker.docker_compose_v2:
    project_src: dolibarr
    state: present
-    pull: true
-    restarted: "{{ dolibarr_copy_templates_results.changed }}"
+    pull: always
  become: true
--- a/roles/dolibarr/templates/docker-compose.yml.j2
+++ b/roles/dolibarr/templates/docker-compose.yml.j2
@ -1,5 +1,3 @@
-version: '3'
-
 services:
  mariadb:
    image: mariadb:latest
--- a/roles/gitea/tasks/base.yml
+++ b/roles/gitea/tasks/base.yml
@ -12,12 +12,10 @@
  loop:
    - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }
    - { src: 'config.yml', dest: 'config.yml' }
-  register: gitea_copy_templates_results

 - name: Update and restart container
-  community.docker.docker_compose:
+  community.docker.docker_compose_v2:
    project_src: gitea
    state: present
-    pull: true
-    restarted: "{{ gitea_copy_templates_results.changed }}"
+    pull: always
  become: true
--- a/roles/gitea/templates/docker-compose.yml
+++ b/roles/gitea/templates/docker-compose.yml
@ -1,5 +1,3 @@
-version: "3"
-
 services:
  gitea:
    image: gitea/gitea:latest
@ -59,4 +57,4 @@ networks:
  metrics:
    external: true
  proxy:
-    external: true
+    external: true
--- a/roles/home_assistant/tasks/base.yml
+++ b/roles/home_assistant/tasks/base.yml
@ -10,13 +10,11 @@
    src: "{{ item.src }}"
    dest: "home_assistant/{{ item.dest }}"
  loop:
-    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
-  register: home_assistant_copy_templates_results
+    - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }

 - name: Update and restart container
-  community.docker.docker_compose:
+  community.docker.docker_compose_v2:
    project_src: home_assistant
    state: present
-    pull: true
-    restarted: "{{ home_assistant_copy_templates_results.changed }}"
+    pull: always
  become: true
--- a/roles/home_assistant/templates/docker-compose.yml.j2
+++ b/roles/home_assistant/templates/docker-compose.yml.j2
@ -1,5 +1,3 @@
-version: '3'
-
 services:
  home_assistant:
    image: homeassistant/home-assistant
--- a/roles/iptables/tasks/base.yml
+++ b/roles/iptables/tasks/base.yml
@ -7,7 +7,7 @@
    group: root
    mode: u=rwx,g=rx,o=rx
  loop:
-    - { src: 'firewall.j2', dest: '/usr/bin/firewall' }
+    - { src: 'firewall', dest: '/usr/bin/firewall' }
  register: iptables_templates_results
  become: yes

--- a/roles/iptables/templates/firewall.j2
+++ b/roles/iptables/templates/firewall.j2
--- a/roles/matrix/tasks/base.yml
+++ b/roles/matrix/tasks/base.yml
@ -16,13 +16,12 @@
    src: "{{ item.src }}"
    dest: "matrix/{{ item.dest }}"
  loop:
-    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
-  register: matrix_copy_templates_results
+    - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }

 - name: Update and restart container
-  community.docker.docker_compose:
+  community.docker.docker_compose_v2:
    project_src: matrix
    state: present
-    pull: true
-    restarted: "{{ matrix_copy_files_results.changed or matrix_copy_templates_results.changed }}"
+    pull: always
+    recreate: "{{ 'always' if matrix_copy_files_results.changed else 'auto' }}"
  become: true
--- a/roles/matrix/templates/docker-compose.yml.j2
+++ b/roles/matrix/templates/docker-compose.yml.j2
@ -1,5 +1,3 @@
-version: '3'
-
 services:
  postgres:
    image: postgres:15
--- a/roles/metrics/tasks/base.yml
+++ b/roles/metrics/tasks/base.yml
@ -11,12 +11,10 @@
    dest: "metrics/{{ item.dest }}"
  loop:
    - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }
-  register: metrics_copy_templates_results

 - name: Update and restart container
-  community.docker.docker_compose:
+  community.docker.docker_compose_v2:
    project_src: metrics
    state: present
-    pull: true
-    restarted: "{{ metrics_copy_templates_results.changed }}"
+    pull: always
  become: true
--- a/roles/metrics/templates/docker-compose.yml
+++ b/roles/metrics/templates/docker-compose.yml
@ -1,5 +1,3 @@
-version: '3'
-
 services:
  prometheus:
    image: prom/prometheus:latest
--- a/roles/n8n/tasks/base.yml
+++ b/roles/n8n/tasks/base.yml
@ -10,13 +10,11 @@
    src: "{{ item.src }}"
    dest: "n8n/{{ item.dest }}"
  loop:
-    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
-  register: n8n_copy_templates_results
+    - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }

 - name: Update and restart container
-  community.docker.docker_compose:
+  community.docker.docker_compose_v2:
    project_src: n8n
    state: present
-    pull: true
-    restarted: "{{ n8n_copy_templates_results.changed }}"
+    pull: always
  become: true
--- a/roles/n8n/templates/docker-compose.yml.j2
+++ b/roles/n8n/templates/docker-compose.yml.j2
@ -1,5 +1,3 @@
-version: '3'
-
 services:
  db:
    image: postgres:14
--- a/roles/portfolio/tasks/base.yml
+++ b/roles/portfolio/tasks/base.yml
@ -11,12 +11,10 @@
    dest: "portfolio/{{ item.dest }}"
  loop:
    - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }
-  register: portfolio_copy_templates_results

 - name: Update and restart container
-  community.docker.docker_compose:
+  community.docker.docker_compose_v2:
    project_src: portfolio
    state: present
-    pull: true
-    restarted: "{{ portfolio_copy_templates_results.changed }}"
+    pull: always
  become: true
--- a/roles/portfolio/templates/docker-compose.yml
+++ b/roles/portfolio/templates/docker-compose.yml
@ -1,5 +1,3 @@
-version: "3"
-
 services:
  portfolio:
    image: gitea.mrdev023.fr/florian.richer/portfolio:latest
--- a/roles/protonmail/tasks/base.yml
+++ b/roles/protonmail/tasks/base.yml
@ -16,8 +16,7 @@
    src: "{{ item.src }}"
    dest: "protonmail/{{ item.dest }}"
  loop:
-    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
-  register: protonmail_copy_templates_results
+    - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }

 - name: Create protonmail network
  community.docker.docker_network:
@ -31,9 +30,9 @@
  when: not protonmail.initialized

 - name: Update and restart container
-  community.docker.docker_compose:
+  community.docker.docker_compose_v2:
    project_src: protonmail
    state: present
-    pull: true
-    restarted: "{{ protonmail.initialized and (protonmail_copy_templates_results.changed or protonmail_copy_files_results.changed) }}"
+    pull: always
+    recreate: "{{ 'always' if protonmail.initialized and protonmail_copy_files_results.changed else 'auto' }}"
  become: true
--- a/roles/protonmail/templates/docker-compose.yml.j2
+++ b/roles/protonmail/templates/docker-compose.yml.j2
@ -1,5 +1,3 @@
-version: '3'
-
 services: 
  protonmail-bridge:
    image: shenxn/protonmail-bridge
--- a/roles/ryot/tasks/base.yml
+++ b/roles/ryot/tasks/base.yml
@ -10,13 +10,11 @@
    src: "{{ item.src }}"
    dest: "ryot/{{ item.dest }}"
  loop:
-    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
-  register: ryot_copy_templates_results
+    - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }

 - name: Update and restart container
-  community.docker.docker_compose:
+  community.docker.docker_compose_v2:
    project_src: ryot
    state: present
-    pull: true
-    restarted: "{{ ryot_copy_templates_results.changed }}"
+    pull: always
  become: true
--- a/roles/ryot/templates/docker-compose.yml.j2
+++ b/roles/ryot/templates/docker-compose.yml.j2
@ -1,5 +1,3 @@
-version: "3.9"
-
 services:
  postgres:
    image: postgres:16-alpine
--- a/roles/ssh/tasks/base.yml
+++ b/roles/ssh/tasks/base.yml
@ -7,7 +7,7 @@
    group: root
    mode: u=rwx,g=rx,o=rx
  loop:
-    - { src: 'port.conf.j2', dest: '/etc/ssh/sshd_config.d/99-port.conf' }
+    - { src: 'port.conf', dest: '/etc/ssh/sshd_config.d/99-port.conf' }
  register: iptables_templates_results
  become: yes

--- a/roles/ssh/templates/port.conf.j2
+++ b/roles/ssh/templates/port.conf.j2
--- a/roles/traefik/tasks/base.yml
+++ b/roles/traefik/tasks/base.yml
@ -12,7 +12,6 @@
  loop:
    - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }
    - { src: 'config/traefik.yml', dest: 'config/traefik.yml' }
-  register: traefik_copy_templates_results

 # Avoid restart docker if dynamic_conf updated
 - name: Copy dynamic_conf conf
@ -20,10 +19,9 @@
    src: "config/dynamic_conf.yml"
    dest: "traefik/config/dynamic_conf.yml"

- name: Update and restart container
-  community.docker.docker_compose:
-    project_src: traefik
-    state: present
-    pull: true
-    restarted: "{{ traefik_copy_templates_results.changed }}"
-  become: true
+# - name: Update and restart container
+#   community.docker.docker_compose_v2:
+#     project_src: traefik
+#     state: present
+#     pull: always
+#   become: true
--- a/roles/traefik/templates/docker-compose.yml
+++ b/roles/traefik/templates/docker-compose.yml
@ -1,5 +1,3 @@
-version: '3'
-
 services:
  traefik:
    image: traefik:latest
--- a/roles/vaultwarden/tasks/base.yml
+++ b/roles/vaultwarden/tasks/base.yml
@ -11,14 +11,13 @@
    src: "{{ item.src }}"
    dest: "vaultwarden/{{ item.dest }}"
  loop:
-    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
-  register: vaultwarden_copy_templates_results
+    - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }

 - name: Copy dotenv as root
  ansible.builtin.template:
    owner: root
    group: root
-    src: ".env.j2"
+    src: ".env"
    dest: "vaultwarden/.env"
    mode: 0600
  become: true
@ -34,9 +33,8 @@
  become: true

 - name: Update and restart container
-  community.docker.docker_compose:
+  community.docker.docker_compose_v2:
    project_src: vaultwarden
    state: present
-    pull: true
-    restarted: "{{ vaultwarden_copy_templates_results.changed }}"
+    pull: always
  become: true
--- a/roles/vaultwarden/templates/.env.j2
+++ b/roles/vaultwarden/templates/.env.j2
@ -1,6 +1,6 @@
 WEBSOCKET_ENABLED=true
 SIGNUPS_ALLOWED=false
-ADMIN_TOKEN={{ vaultwarden.admin_token }}
+ADMIN_TOKEN='{{ vaultwarden.admin_token }}'
 POSTGRES_PASSWORD=vaultwarden
 POSTGRES_DB=vaultwarden
 POSTGRES_USER=vaultwarden
--- a/roles/vaultwarden/templates/docker-compose.yml.j2
+++ b/roles/vaultwarden/templates/docker-compose.yml.j2
@ -1,5 +1,3 @@
-version: '3'
-
 services:
  db:
    image: postgres:15
--- a/roles/watchtower/tasks/base.yml
+++ b/roles/watchtower/tasks/base.yml
@ -10,13 +10,11 @@
    src: "{{ item.src }}"
    dest: "watchtower/{{ item.dest }}"
  loop:
-    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
-  register: watchtower_copy_templates_results
+    - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }

 - name: Force update and restart container
-  community.docker.docker_compose:
+  community.docker.docker_compose_v2:
    project_src: watchtower
    state: present
-    pull: true
-    restarted: "{{ watchtower_copy_templates_results.changed }}"
+    pull: always
  become: true
--- a/roles/watchtower/templates/docker-compose.yml.j2
+++ b/roles/watchtower/templates/docker-compose.yml.j2
@ -1,5 +1,3 @@
-version: '3'
-
 services: 
  watchtower:
    image: containrrr/watchtower:latest
--- a/roles/whoami/tasks/base.yml
+++ b/roles/whoami/tasks/base.yml
@ -10,13 +10,11 @@
    src: "{{ item.src }}"
    dest: "whoami/{{ item.dest }}"
  loop:
-    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
-  register: whoami_copy_templates_results
+    - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }

 - name: Force update and restart container
-  community.docker.docker_compose:
+  community.docker.docker_compose_v2:
    project_src: whoami
    state: present
-    pull: true
-    restarted: "{{ whoami_copy_templates_results.changed }}"
+    pull: always
  become: true
--- a/roles/whoami/templates/docker-compose.yml.j2
+++ b/roles/whoami/templates/docker-compose.yml.j2
@ -1,5 +1,3 @@
-version: '3'
-
 services: 
  whoami:
    image: "containous/whoami"
--- a/roles/wireguard/tasks/base.yml
+++ b/roles/wireguard/tasks/base.yml
@ -10,13 +10,11 @@
    src: "{{ item.src }}"
    dest: "wireguard/{{ item.dest }}"
  loop:
-    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
-  register: wireguard_copy_templates_results
+    - { src: 'docker-compose.yml', dest: 'docker-compose.yml' }

 - name: Update and restart container
-  community.docker.docker_compose:
+  community.docker.docker_compose_v2:
    project_src: wireguard
    state: present
-    pull: true
-    restarted: "{{ wireguard_copy_templates_results.changed }}"
+    pull: always
  become: true
--- a/roles/wireguard/templates/docker-compose.yml.j2
+++ b/roles/wireguard/templates/docker-compose.yml.j2
@ -1,5 +1,3 @@
-version: '3'
-
 services:
  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
Author	SHA1	Message	Date
Florian RICHER	d6727970ff	Add GPG import public key	2024-07-14 22:54:31 +02:00
Florian RICHER	ba37728d72	Comment not safe changement	2024-07-14 22:47:15 +02:00
Florian RICHER	6dcef5cbbb	Fixes	2024-07-14 22:33:59 +02:00
Florian RICHER	a7140e5a84	Begin migration to v2 Step 2	2024-07-14 22:17:33 +02:00
Florian RICHER	b91292576f	Begin migration to v2	2024-07-14 21:39:23 +02:00