atuin-server: add config

2024-08-08 17:00:11 +02:00 · 2024-08-08 17:00:11 +02:00 · fe35e4baf1
parent b7d3ed7f18
commit fe35e4baf1
12 changed files with 157 additions and 0 deletions
--- a/hosts.ini
+++ b/hosts.ini
@ -23,3 +23,6 @@

 [matrix]
 192.168.0.2 static_ip=192.168.0.2
+
+[atuin-server]
+192.168.0.2 static_ip=192.168.0.2
--- a/roles/atuin-server-web/meta/main.yml
+++ b/roles/atuin-server-web/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: caddy
--- a/roles/atuin-server-web/tasks/main.yml
+++ b/roles/atuin-server-web/tasks/main.yml
@ -0,0 +1,9 @@
+---
+- name: Ensure Caddyfile is present
+  template:
+    src: 'atuin-server.Caddyfile.j2'
+    dest: '/etc/caddy/atuin-server.Caddyfile'
+    owner: root
+    group: root
+    mode: '0644'
+  notify: caddy-reload
--- a/roles/atuin-server-web/templates/atuin-server.Caddyfile.j2
+++ b/roles/atuin-server-web/templates/atuin-server.Caddyfile.j2
@ -0,0 +1,3 @@
+atuin.roosens.me {
+    reverse_proxy {{ hostvars[groups['atuin-server'][0]].static_ip }}:8009
+}
--- a/roles/atuin-server/files/atuin-server.postgres.backup.sh
+++ b/roles/atuin-server/files/atuin-server.postgres.backup.sh
@ -0,0 +1,5 @@
+cd /etc/atuin
+
+/usr/bin/docker compose exec -T db pg_dump -U atuin atuin |
+    /usr/bin/gzip --rsyncable |
+    /usr/local/bin/restic backup --stdin --stdin-filename atuin-server-postgres.sql.gz
--- a/roles/atuin-server/files/atuin-server.service
+++ b/roles/atuin-server/files/atuin-server.service
@ -0,0 +1,15 @@
+[Unit]
+Description=Sync server for Atuin
+After=docker.target 
+Requires=docker.target
+
+[Service]
+Type=exec
+User=atuin
+Group=atuin
+WorkingDirectory=/etc/atuin
+ExecStart=/usr/bin/docker compose up
+ExecStop=/usr/bin/docker compose down
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/atuin-server/files/compose.yml
+++ b/roles/atuin-server/files/compose.yml
@ -0,0 +1,33 @@
+# vim: ft=yaml
+version: '3'
+
+services:
+  app:
+    image: 'ghcr.io/atuinsh/atuin:18.3.0'
+    command: 'server start'
+    restart: 'always'
+
+    ports:
+      - '8009:8888'
+    volumes:
+      - '/etc/atuin/server.toml:/config/server.toml'
+
+    depends_on:
+      db:
+        condition: service_healthy
+
+  db:
+    image: 'postgres:16.4-alpine'
+    restart: 'always'
+
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "atuin"]
+      interval: 10s
+      start_period: 30s
+
+    environment:
+      - POSTGRES_USER=atuin
+      - POSTGRES_PASSWORD=atuin
+      - POSTGRES_DB=atuin
+    volumes:
+      - 'mnt/data1/atuin-server/postgres:/var/lib/postgresql/data'
--- a/roles/atuin-server/files/server.toml
+++ b/roles/atuin-server/files/server.toml
@ -0,0 +1,4 @@
+host = "0.0.0.0"
+port = 8888
+open_registration = true
+db_uri = "postgres://atuin:atuin@db/atuin"
--- a/roles/atuin-server/handlers/main.yml
+++ b/roles/atuin-server/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: 'restart atuin-server'
+  ansible.builtin.service:
+    name: 'atuin-server'
+    state: 'restarted'
--- a/roles/atuin-server/tasks/main.yml
+++ b/roles/atuin-server/tasks/main.yml
@ -0,0 +1,65 @@
+---
+- name: Ensure data directory is present
+  ansible.builtin.file:
+    path: '/mnt/data1/atuin-server'
+    state: directory
+    mode: '0755'
+    owner: 'root'
+    group: 'root'
+
+- name: Ensure data subvolumes are present
+  community.general.btrfs_subvolume:
+    name: '/atuin-server/{{ item }}'
+  loop:
+    - 'postgres'
+
+- name: Ensure configuration directory is present
+  ansible.builtin.file:
+    path: '/etc/atuin'
+    state: directory
+    mode: '0755'
+
+- name: Ensure compose file is present
+  ansible.builtin.copy:
+    src: 'compose.yml'
+    dest: '/etc/atuin/compose.yml'
+    mode: '0644'
+    owner: 'root'
+    group: 'root'
+  notify: 'restart atuin-server'
+
+- name: Ensure config file is present
+  ansible.builtin.copy:
+    src: 'server.toml'
+    dest: '/etc/atuin/server.yml'
+    mode: '0644'
+    owner: 'root'
+    group: 'root'
+  notify: 'restart atuin-server'
+
+- name: Ensure backup script is present
+  ansible.builtin.copy:
+    src: 'atuin-server.postgres.backup.sh'
+    dest: '/etc/backups/atuin-server.postgres.backup.sh'
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+
+- name: Ensure service file is present
+  ansible.builtin.copy:
+    src: 'atuin-server.service'
+    dest: '/lib/systemd/system/atuin-server.service'
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+  register: res
+
+- name: systemd-reload
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+  when: 'res.changed'
+
+- name: Ensure atuin-server service is enabled
+  ansible.builtin.service:
+    name: 'atuin-server'
+    enabled: true
--- a/ruby.yml
+++ b/ruby.yml
@ -51,3 +51,9 @@
  roles:
    - baikal
  tags: baikal
+
+- hosts: ruby
+  become: yes
+  roles:
+    - atuin-server
+  tags: atuin
--- a/web.yml
+++ b/web.yml
@ -40,3 +40,9 @@
  roles:
    - nefarious-web
  tags: nefarious
+
+- hosts: web
+  become: yes
+  roles:
+    - atuin-server-web
+  tags: atuin