diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 02ae9c2..c71902c 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -22,8 +22,3 @@ woodpecker_secret: "{{ vault_woodpecker_secret }}" restic_version: '0.16.2' ntfy_user_pi_pass: "{{ vault_ntfy_user_pi_pass }}" - -gitea_lfs_jwt_secret: "{{ vault_gitea_lfs_jwt_secret }}" -gitea_secret_key: "{{ vault_gitea_secret_key }}" -gitea_internal_token: "{{ vault_gitea_internal_token }}" -gitea_jwt_secret: "{{ vault_gitea_jwt_secret }}" diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 13fc149..e941cec 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,32 +1,14 @@ $ANSIBLE_VAULT;1.1;AES256 -62316366343931626135336332623963643864616164386132363565303565303165326238303132 -3266623662613739333637393937373137313161306136310a613335346362346333323461336130 -61386264346464376539303733393961306664376663613034316337313963343761636634636131 -3231633934646130630a303038383563346539383561386362613935376634306561643964626334 -35333166623531383236623535636362323039613136346534343232306163393436366135373634 -31303338303939613433326633373838353431653231646430333333323665643130306436663539 -35393266346232366161653332303264623733343262636363613630323366376130646264333739 -34396139303130613631646535363831623463333565396134376234356132336236373366313830 -61386661303966313862653732653338386466643838636263393766366139373237316165643764 -66336465613838316465316166653064343066623339616530303038356238303832373135663665 -35383938333362643038326635316538666536613137663633363434336138306135316665353734 -63633439366664613633353465643466663564663832396435663931643538636238643233373039 -35623438333139353632383263343538626561343035613239366266623033636335633536643431 -30663139353634663662373062363937393838393266343264386134306333326164656334316364 -39343662313464383362646237383337393664623632653235623165666636363635383636363430 -35306365383536356265363733396165303765316638366331376230306630393735393334653362 -65313332646434323831313764306230616236383963376634623437346635653937623830653064 -62396162396165643563373239373264396137666334646238616262663464623363373565626539 -64373936346166356134306431616638346633376366336136383939666665373565383633336431 -33346431353639643063616630313630653038616430316366323137303034336539643161383734 -35346430643433653866663636333639343364363831343531363937313330343865323535353533 -32666566343736653135363966643665396234636437316438636530366231653963356237613065 -30623338323733666365613631666361306666613364393261623732623963613731613933383138 -65656565396435643833613764346139343365663766623535626166346330633938626135326230 -63356535633834633763363666333662646633366537623732623835653332316239646135373933 -30333339396237386538343434653764613036396463333263333061316136323336356663666664 -36363235643334363666336364333336366439646537306235333532343832653531356430353730 -34303830343734653631313936383962343131643965303464343031633030613635356231633566 -63366531663361386461333532383638636662633261343365633361346535366132303339346664 -33626638643233333766356534393039393962343630303137653733393532633264616664363235 -343465376233356362383334663334633033 +35353730613932643733343565323332383038383461626535616166616338653066306533366164 +6261353438653937326264623632363336633039383361620a333239333937663561613162376161 +30393966656236656634633035643336626538373733643863613864373439363564376563613361 +3666616235623631370a373439393839313336323466306461373534626661616231333436326663 +37616638353830323865356236363937313033643563646466366432623762393539386334623938 +63303331363165313437383061353037313536333132393439653538316264376362336466313231 +66313530313937373232613534343065626534666136326233626137353631386161653133643933 +37356237643362643161383131623035373037653139643331663435623162323566643635353731 +62663165383465656432613339353466313437323365393766313865323565623138363537356561 +31623565353362356464376637386633373133333365336662346331633236383934623638366662 +31326264306434633532373131303839613735343364613232306164316661313933636235633161 +37346630333565313636333435323635663962376636366437383938663763366433366230376636 +3431 diff --git a/hosts.ini b/hosts.ini index 44212dd..a7f8161 100644 --- a/hosts.ini +++ b/hosts.ini @@ -21,23 +21,8 @@ [ntfyserver] 192.168.0.3 static_ip=192.168.0.3 -[nefarious] -192.168.0.3 static_ip=192.168.0.3 - [matrix] 192.168.0.2 static_ip=192.168.0.2 [atuin-server] 192.168.0.2 static_ip=192.168.0.2 - -[gitea] -192.168.0.2 static_ip=192.168.0.2 - -[kanboard] -192.168.0.2 static_ip=192.168.0.2 - -[baikal] -192.168.0.2 static_ip=192.168.0.2 - -[photoview] -192.168.0.3 static_ip=192.168.0.3 diff --git a/nas.yml b/nas.yml index b2d828f..c8e81c8 100644 --- a/nas.yml +++ b/nas.yml @@ -56,12 +56,12 @@ - woodpecker tags: woodpecker -- name: Install Restic +- name: Install Lander hosts: nas become: yes roles: - - restic - tags: restic + - lander + tags: lander - name: Install Restic REST server hosts: nas @@ -70,21 +70,21 @@ - restic-rest tags: restic-rest -- name: Install Lander +- name: Install Restic hosts: nas become: yes roles: - - lander - tags: lander + - restic + tags: restic + +- hosts: nas + become: yes + roles: + - matrix + tags: matrix - hosts: nas become: yes roles: - nefarious tags: nefarious - -- hosts: nas - become: yes - roles: - - photoview - tags: photoview diff --git a/roles/atuin-server/files/atuin-server.postgres.backup.sh b/roles/atuin-server/files/atuin-server.backup.sh similarity index 100% rename from roles/atuin-server/files/atuin-server.postgres.backup.sh rename to roles/atuin-server/files/atuin-server.backup.sh diff --git a/roles/atuin-server/files/compose.yml b/roles/atuin-server/files/compose.yml index 9948714..f8b3167 100644 --- a/roles/atuin-server/files/compose.yml +++ b/roles/atuin-server/files/compose.yml @@ -17,7 +17,7 @@ services: condition: service_healthy db: - image: 'postgres:17.0-alpine' + image: 'postgres:16.4-alpine' restart: 'always' healthcheck: @@ -30,4 +30,4 @@ services: - POSTGRES_PASSWORD=atuin - POSTGRES_DB=atuin volumes: - - '/mnt/data1/atuin-server/postgres:/var/lib/postgresql/data' + - /mnt/data1/atuin-server/postgres:/var/lib/postgresql/data diff --git a/roles/atuin-server/tasks/main.yml b/roles/atuin-server/tasks/main.yml index 19df511..a7963c0 100644 --- a/roles/atuin-server/tasks/main.yml +++ b/roles/atuin-server/tasks/main.yml @@ -10,7 +10,7 @@ - name: Ensure data subvolumes are present community.general.btrfs_subvolume: name: '/atuin-server/{{ item }}' - loop: + with_items: - 'postgres' - name: Ensure configuration directory is present @@ -39,8 +39,8 @@ - name: Ensure backup script is present ansible.builtin.copy: - src: 'atuin-server.postgres.backup.sh' - dest: '/etc/backups/atuin-server.postgres.backup.sh' + src: 'atuin-server.backup.sh' + dest: '/etc/backups/atuin-server.backup.sh' owner: 'root' group: 'root' mode: '0644' diff --git a/roles/gitea-web/meta/main.yml b/roles/gitea-web/meta/main.yml deleted file mode 100644 index 1dbd0f6..0000000 --- a/roles/gitea-web/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -dependencies: - - role: caddy diff --git a/roles/gitea-web/tasks/main.yml b/roles/gitea-web/tasks/main.yml deleted file mode 100644 index 0cba5b5..0000000 --- a/roles/gitea-web/tasks/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Ensure Caddyfile is present - template: - src: 'gitea.Caddyfile.j2' - dest: '/etc/caddy/gitea.Caddyfile' - owner: root - group: root - mode: '0644' - notify: caddy-reload diff --git a/roles/gitea-web/templates/gitea.Caddyfile.j2 b/roles/gitea-web/templates/gitea.Caddyfile.j2 deleted file mode 100644 index b2c1cd3..0000000 --- a/roles/gitea-web/templates/gitea.Caddyfile.j2 +++ /dev/null @@ -1,3 +0,0 @@ -git.rustybever.be { - reverse_proxy {{ hostvars[groups['gitea'][0]].static_ip }}:8010 -} diff --git a/roles/gitea/files/compose.yml b/roles/gitea/files/compose.yml deleted file mode 100644 index c7fe71c..0000000 --- a/roles/gitea/files/compose.yml +++ /dev/null @@ -1,40 +0,0 @@ -version: '3' - -services: - app: - # Latest contains a development version - image: 'gitea/gitea:1.20.1' - restart: 'always' - - ports: - - '22:22' - - '8010:3000' - volumes: - - '/etc/gitea/app.ini:/data/gitea/conf/app.ini' - - '/mnt/data1/gitea/data:/data' - - '/mnt/data1/gitea/repositories:/data/git/repositories' - - '/mnt/data1/gitea/lfs:/data/git/lfs' - - '/etc/timezone:/etc/timezone:ro' - - '/etc/localtime:/etc/localtime:ro' - - depends_on: - db: - condition: service_healthy - - db: - image: 'postgres:14.8-alpine' - restart: 'always' - - healthcheck: - test: ["CMD", "pg_isready", "-U", "gitea"] - interval: 30s - start_period: 30s - timeout: 5s - retries: 3 - - environment: - - 'POSTGRES_USER=gitea' - - 'POSTGRES_PASSWORD=gitea' - - 'POSTGRES_DB=gitea' - volumes: - - '/mnt/data1/gitea/postgres:/var/lib/postgresql/data' diff --git a/roles/gitea/files/gitea.data.backup.sh b/roles/gitea/files/gitea.data.backup.sh deleted file mode 100644 index 279f68a..0000000 --- a/roles/gitea/files/gitea.data.backup.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash - -data_dir='/mnt/data1/gitea/data' -snapshot_dir="${data_dir}.snapshot" - -# Read-only snapshot for atomic backup -btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $? - -/usr/local/bin/restic backup "$snapshot_dir" - -# Always remove snapshot subvolume, even if restic fails -btrfs subvolume delete "$snapshot_dir" diff --git a/roles/gitea/files/gitea.lfs.backup.sh b/roles/gitea/files/gitea.lfs.backup.sh deleted file mode 100644 index bfc3869..0000000 --- a/roles/gitea/files/gitea.lfs.backup.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash - -data_dir='/mnt/data1/gitea/lfs' -snapshot_dir="${data_dir}.snapshot" - -# Read-only snapshot for atomic backup -btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $? - -/usr/local/bin/restic backup "$snapshot_dir" - -# Always remove snapshot subvolume, even if restic fails -btrfs subvolume delete "$snapshot_dir" diff --git a/roles/gitea/files/gitea.postgres.backup.sh b/roles/gitea/files/gitea.postgres.backup.sh deleted file mode 100644 index 6217795..0000000 --- a/roles/gitea/files/gitea.postgres.backup.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash - -cd /etc/gitea - -/usr/bin/docker compose exec -T db pg_dump -U gitea gitea | - /usr/bin/gzip --rsyncable | - /usr/local/bin/restic backup --stdin --stdin-filename gitea-postgres.sql.gz diff --git a/roles/gitea/files/gitea.repositories.backup.sh b/roles/gitea/files/gitea.repositories.backup.sh deleted file mode 100644 index f3df264..0000000 --- a/roles/gitea/files/gitea.repositories.backup.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash - -data_dir='/mnt/data1/gitea/repositories' -snapshot_dir="${data_dir}.snapshot" - -# Read-only snapshot for atomic backup -btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $? - -/usr/local/bin/restic backup "$snapshot_dir" - -# Always remove snapshot subvolume, even if restic fails -btrfs subvolume delete "$snapshot_dir" diff --git a/roles/gitea/files/gitea.service b/roles/gitea/files/gitea.service deleted file mode 100644 index 2e0aadc..0000000 --- a/roles/gitea/files/gitea.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Private, Fast, Reliable DevOps Platform -After=docker.target -Requires=docker.target - -[Service] -Type=exec -User=gitea -Group=gitea -WorkingDirectory=/etc/gitea -ExecStart=/usr/bin/docker compose up -ExecStop=/usr/bin/docker compose down - -[Install] -WantedBy=multi-user.target diff --git a/roles/gitea/handlers/main.yml b/roles/gitea/handlers/main.yml deleted file mode 100644 index f8bd4e5..0000000 --- a/roles/gitea/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: 'restart gitea' - ansible.builtin.service: - name: 'gitea' - state: 'restarted' diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml deleted file mode 100644 index 948b7e7..0000000 --- a/roles/gitea/tasks/main.yml +++ /dev/null @@ -1,73 +0,0 @@ ---- -- name: Ensure data directory is present - ansible.builtin.file: - path: '/mnt/data1/gitea' - state: directory - mode: '0755' - owner: 'root' - group: 'root' - -- name: Ensure data subvolumes are present - community.general.btrfs_subvolume: - name: '/gitea/{{ item }}' - loop: - - 'data' - - 'lfs' - - 'repositories' - - 'postgres' - -- name: Ensure configuration directory is present - ansible.builtin.file: - path: '/etc/gitea' - state: directory - mode: '0755' - -- name: Ensure compose file is present - ansible.builtin.copy: - src: 'compose.yml' - dest: '/etc/gitea/compose.yml' - mode: '0644' - owner: 'root' - group: 'root' - notify: 'restart gitea' - -- name: Ensure config file is present - ansible.builtin.template: - src: 'app.ini.j2' - dest: '/etc/gitea/app.ini' - mode: '0644' - owner: 'root' - group: 'root' - notify: 'restart gitea' - -- name: Ensure backup scripts are present - ansible.builtin.copy: - src: "gitea.{{ item }}.backup.sh" - dest: "/etc/backups/gitea.{{ item }}.backup.sh" - owner: 'root' - group: 'root' - mode: '0644' - loop: - - 'postgres' - - 'data' - - 'lfs' - - 'repositories' - -- name: Ensure service file is present - ansible.builtin.copy: - src: 'gitea.service' - dest: '/lib/systemd/system/gitea.service' - owner: 'root' - group: 'root' - mode: '0644' - register: res - -- name: systemd-reload - ansible.builtin.systemd_service: - daemon_reload: true - when: 'res.changed' - -- name: Ensure gitea service is enabled - ansible.builtin.service: - name: 'gitea' - enabled: true diff --git a/roles/gitea/templates/app.ini.j2 b/roles/gitea/templates/app.ini.j2 deleted file mode 100644 index 4653ec3..0000000 --- a/roles/gitea/templates/app.ini.j2 +++ /dev/null @@ -1,112 +0,0 @@ -APP_NAME = The Rusty Bever -RUN_MODE = prod -RUN_USER = git -WORK_PATH = /data/gitea - -[repository] -ROOT = /data/git/repositories -; Makes public the default option when creating a repo -DEFAULT_PRIVATE = public -; Disables releases, projects & wiki by default for new repos (but can be enabled when needed) -DEFAULT_REPO_UNITS = repo.code,repo.issues,repo.pulls -; Might as well be compatible with -DEFAULT_BRANCH = main - -[repository.pull-request] -WORK_IN_PROGRESS_PREFIXES = WIP:,[WIP]:,Draft:,[Draft]: - -[repository.local] -LOCAL_COPY_PATH = /data/gitea/tmp/local-repo - -[repository.upload] -TEMP_PATH = /data/gitea/uploads - -[ui] -; Always show the full name of a user when possible -DEFAULT_SHOW_FULL_NAME = true -THEMES = auto,gitea,arc-green,gitea-modern - -[server] -APP_DATA_PATH = /data/gitea -DOMAIN = git.rustybever.be -SSH_DOMAIN = git.rustybever.be -HTTP_PORT = 3000 -ROOT_URL = https://git.rustybever.be/ -DISABLE_SSH = false -SSH_PORT = 22 -SSH_LISTEN_PORT = 22 -LFS_START_SERVER = true -OFFLINE_MODE = false -LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }} - -[lfs] -PATH = /data/git/lfs - -[database] -PATH = /data/gitea/gitea.db -DB_TYPE = postgres -HOST = db:5432 -NAME = gitea -USER = gitea -PASSWD = gitea -LOG_SQL = false -SCHEMA = -SSL_MODE = disable -CHARSET = utf8 - -[indexer] -ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve - -[session] -PROVIDER_CONFIG = /data/gitea/sessions -PROVIDER = file - -[picture] -AVATAR_UPLOAD_PATH = /data/gitea/avatars -REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars -DISABLE_GRAVATAR = false -ENABLE_FEDERATED_AVATAR = true - -[attachment] -PATH = /data/gitea/attachments - -[log] -MODE = console -LEVEL = info -REDIRECT_MACARON_LOG = true -MACARON = console -ROUTER = console -ROOT_PATH = /data/gitea/log - -[security] -INSTALL_LOCK = true -MIN_PASSWORD_LENGTH = 12 -PASSWORD_COMPLEXITY = lower,upper,digit -SECRET_KEY = {{ gitea_secret_key }} -INTERNAL_TOKEN = {{ gitea_internal_token }} - -[service] -DISABLE_REGISTRATION = true -REQUIRE_SIGNIN_VIEW = false -REGISTER_EMAIL_CONFIRM = false -ENABLE_NOTIFY_MAIL = false -ALLOW_ONLY_EXTERNAL_REGISTRATION = false -ENABLE_CAPTCHA = false -DEFAULT_KEEP_EMAIL_PRIVATE = false -DEFAULT_ALLOW_CREATE_ORGANIZATION = true -DEFAULT_ENABLE_TIMETRACKING = true -NO_REPLY_ADDRESS = noreply.localhost - -[mailer] -ENABLED = false - -[openid] -ENABLE_OPENID_SIGNIN = true -ENABLE_OPENID_SIGNUP = false - -[oauth2] -JWT_SECRET = {{ gitea_jwt_secret }} - -[other] -SHOW_FOOTER_VERSION = false -SHOW_FOOTER_TEMPLATE_LOAD_TIME = false diff --git a/roles/kanboard-web/meta/main.yml b/roles/kanboard-web/meta/main.yml deleted file mode 100644 index 1dbd0f6..0000000 --- a/roles/kanboard-web/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -dependencies: - - role: caddy diff --git a/roles/kanboard-web/tasks/main.yml b/roles/kanboard-web/tasks/main.yml deleted file mode 100644 index b25ba17..0000000 --- a/roles/kanboard-web/tasks/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Ensure Caddyfile is present - template: - src: 'kanboard.Caddyfile.j2' - dest: '/etc/caddy/kanboard.Caddyfile' - owner: root - group: root - mode: '0644' - notify: caddy-reload diff --git a/roles/kanboard-web/templates/kanboard.Caddyfile.j2 b/roles/kanboard-web/templates/kanboard.Caddyfile.j2 deleted file mode 100644 index 93c6727..0000000 --- a/roles/kanboard-web/templates/kanboard.Caddyfile.j2 +++ /dev/null @@ -1,3 +0,0 @@ -kanban.roosens.me { - reverse_proxy {{ hostvars[groups['kanboard'][0]].static_ip }}:8011 -} diff --git a/roles/kanboard/files/compose.yml b/roles/kanboard/files/compose.yml deleted file mode 100644 index 3337306..0000000 --- a/roles/kanboard/files/compose.yml +++ /dev/null @@ -1,10 +0,0 @@ -services: - kanboard: - image: 'kanboard/kanboard:v1.2.39' - restart: 'always' - - ports: - - '8011:80' - volumes: - - '/mnt/data1/kanboard/data:/var/www/app/data' - - '/mnt/data1/kanboard/plugins:/var/www/app/plugins' diff --git a/roles/kanboard/files/kanboard.data.backup.sh b/roles/kanboard/files/kanboard.data.backup.sh deleted file mode 100644 index d10600a..0000000 --- a/roles/kanboard/files/kanboard.data.backup.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash - -data_dir='/mnt/data1/kanboard/data' -snapshot_dir="${data_dir}.snapshot" - -# Read-only snapshot for atomic backup -btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $? - -/usr/local/bin/restic backup "$snapshot_dir" - -# Always remove snapshot subvolume, even if restic fails -btrfs subvolume delete "$snapshot_dir" diff --git a/roles/kanboard/files/kanboard.plugins.backup.sh b/roles/kanboard/files/kanboard.plugins.backup.sh deleted file mode 100644 index 1455907..0000000 --- a/roles/kanboard/files/kanboard.plugins.backup.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash - -data_dir='/mnt/data1/kanboard/plugins' -snapshot_dir="${data_dir}.snapshot" - -# Read-only snapshot for atomic backup -btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $? - -/usr/local/bin/restic backup "$snapshot_dir" - -# Always remove snapshot subvolume, even if restic fails -btrfs subvolume delete "$snapshot_dir" diff --git a/roles/kanboard/files/kanboard.service b/roles/kanboard/files/kanboard.service deleted file mode 100644 index 5df8850..0000000 --- a/roles/kanboard/files/kanboard.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Project management software that focuses on the Kanban methodology -After=docker.service -Requires=docker.service - -[Service] -Type=exec -WorkingDirectory=/etc/kanboard -ExecStart=/usr/bin/docker compose up -ExecStop=/usr/bin/docker compose down - -[Install] -WantedBy=multi-user.target diff --git a/roles/kanboard/handlers/main.yml b/roles/kanboard/handlers/main.yml deleted file mode 100644 index d034b11..0000000 --- a/roles/kanboard/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: 'restart kanboard' - ansible.builtin.service: - name: 'kanboard' - state: 'restarted' diff --git a/roles/kanboard/tasks/main.yml b/roles/kanboard/tasks/main.yml deleted file mode 100644 index 32ad344..0000000 --- a/roles/kanboard/tasks/main.yml +++ /dev/null @@ -1,71 +0,0 @@ ---- -- name: Ensure data directory is present - ansible.builtin.file: - path: '/mnt/data1/kanboard' - state: directory - mode: '0755' - owner: 'root' - group: 'root' - -- name: Ensure data subvolumes are present - community.general.btrfs_subvolume: - name: '/kanboard/{{ item }}' - loop: - - 'data' - - 'plugins' - -- name: Ensure subvolume permissions are correct - ansible.builtin.file: - path: "/mnt/data1/kanboard/{{ item }}" - state: directory - mode: '0755' - owner: '100' - group: '101' - loop: - - 'data' - - 'plugins' - -- name: Ensure configuration directory is present - ansible.builtin.file: - path: '/etc/kanboard' - state: directory - mode: '0755' - -- name: Ensure compose file is present - ansible.builtin.copy: - src: 'compose.yml' - dest: '/etc/kanboard/compose.yml' - mode: '0644' - owner: 'root' - group: 'root' - notify: 'restart kanboard' - -- name: Ensure backup scripts are present - ansible.builtin.copy: - src: "kanboard.{{ item }}.backup.sh" - dest: "/etc/backups/kanboard.{{ item }}.backup.sh" - owner: 'root' - group: 'root' - mode: '0644' - loop: - - 'data' - - 'plugins' - -- name: Ensure service file is present - ansible.builtin.copy: - src: 'kanboard.service' - dest: '/lib/systemd/system/kanboard.service' - owner: 'root' - group: 'root' - mode: '0644' - register: res - -- name: systemd-reload - ansible.builtin.systemd_service: - daemon_reload: true - when: 'res.changed' - -- name: Ensure kanboard service is enabled - ansible.builtin.service: - name: 'kanboard' - enabled: true diff --git a/roles/photoview-web/meta/main.yml b/roles/photoview-web/meta/main.yml deleted file mode 100644 index 1dbd0f6..0000000 --- a/roles/photoview-web/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -dependencies: - - role: caddy diff --git a/roles/photoview-web/tasks/main.yml b/roles/photoview-web/tasks/main.yml deleted file mode 100644 index 0a08f13..0000000 --- a/roles/photoview-web/tasks/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Ensure Caddyfile is present - template: - src: 'photoview.Caddyfile.j2' - dest: '/etc/caddy/photoview.Caddyfile' - owner: root - group: root - mode: '0644' - notify: caddy-reload diff --git a/roles/photoview-web/templates/photoview.Caddyfile.j2 b/roles/photoview-web/templates/photoview.Caddyfile.j2 deleted file mode 100644 index 3fa63be..0000000 --- a/roles/photoview-web/templates/photoview.Caddyfile.j2 +++ /dev/null @@ -1,3 +0,0 @@ -photos.roosens.me { - reverse_proxy {{ hostvars[groups['photoview'][0]].static_ip }}:8012 -} diff --git a/roles/photoview/files/compose.yml b/roles/photoview/files/compose.yml deleted file mode 100644 index c131748..0000000 --- a/roles/photoview/files/compose.yml +++ /dev/null @@ -1,35 +0,0 @@ -services: - app: - image: 'viktorstrate/photoview:2.4.0' - restart: 'always' - - depends_on: - db: - condition: service_healthy - - environment: - PHOTOVIEW_DATABASE_DRIVER: 'postgres' - PHOTOVIEW_POSTGRES_URL: 'postgres://photoview:photoview@db/photoview?sslmode=disable' - ports: - - '8012:80' - volumes: - - '/etc/localtime:/etc/localtime:ro' - - '/etc/timezone:/etc/timezone:ro' - - '/mnt/data1/photoview/cache:/home/photoview/media-cache' - - '/mnt/data1/photos:/photos:ro' - - db: - image: 'postgres:17.0-alpine' - restart: 'always' - - healthcheck: - test: ["CMD", "pg_isready", "-U", "photoview"] - interval: 10s - start_period: 30s - - environment: - POSTGRES_USER: 'photoview' - POSTGRES_PASSWORD: 'photoview' - POSTGRES_DB: 'photoview' - volumes: - - '/mnt/data1/photoview/postgres:/var/lib/postgresql/data' diff --git a/roles/photoview/files/photoview.postgres.backup.sh b/roles/photoview/files/photoview.postgres.backup.sh deleted file mode 100644 index b68c1e2..0000000 --- a/roles/photoview/files/photoview.postgres.backup.sh +++ /dev/null @@ -1,5 +0,0 @@ -cd /etc/photoview - -/usr/bin/docker compose exec -T db pg_dump -U photoview photoview | - /usr/bin/gzip --rsyncable | - /usr/local/bin/restic backup --stdin --stdin-filename photoview-postgres.sql.gz diff --git a/roles/photoview/files/photoview.service b/roles/photoview/files/photoview.service deleted file mode 100644 index ce386fb..0000000 --- a/roles/photoview/files/photoview.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Photo gallery for self-hosted personal servers -After=docker.service -Requires=docker.service - -[Service] -Type=exec -WorkingDirectory=/etc/photoview -ExecStart=/usr/bin/docker compose up -ExecStop=/usr/bin/docker compose down - -[Install] -WantedBy=multi-user.target diff --git a/roles/photoview/handlers/main.yml b/roles/photoview/handlers/main.yml deleted file mode 100644 index b6d2e52..0000000 --- a/roles/photoview/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: 'restart photoview' - ansible.builtin.service: - name: 'photoview' - state: 'restarted' diff --git a/roles/photoview/tasks/main.yml b/roles/photoview/tasks/main.yml deleted file mode 100644 index 315e6b6..0000000 --- a/roles/photoview/tasks/main.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -- name: Ensure data directory is present - ansible.builtin.file: - path: '/mnt/data1/photoview' - state: directory - mode: '0755' - owner: 'root' - group: 'root' - -- name: Ensure data subvolumes are present - community.general.btrfs_subvolume: - name: '/photoview/{{ item }}' - loop: - - 'postgres' - - 'cache' - -- name: Ensure subvolume permissions are correct - ansible.builtin.file: - path: "/mnt/data1/photoview/{{ item }}" - state: directory - mode: '0755' - owner: '999' - group: '999' - loop: - - 'cache' - -- name: Ensure configuration directory is present - ansible.builtin.file: - path: '/etc/photoview' - state: directory - mode: '0755' - -- name: Ensure compose file is present - ansible.builtin.copy: - src: 'compose.yml' - dest: '/etc/photoview/compose.yml' - mode: '0644' - owner: 'root' - group: 'root' - notify: 'restart photoview' - -- name: Ensure backup scripts are present - ansible.builtin.copy: - src: "photoview.{{ item }}.backup.sh" - dest: "/etc/backups/photoview.{{ item }}.backup.sh" - owner: 'root' - group: 'root' - mode: '0644' - loop: - - 'postgres' - -- name: Ensure service file is present - ansible.builtin.copy: - src: 'photoview.service' - dest: '/lib/systemd/system/photoview.service' - owner: 'root' - group: 'root' - mode: '0644' - register: res - -- name: systemd-reload - ansible.builtin.systemd_service: - daemon_reload: true - when: 'res.changed' - -- name: Ensure photoview service is enabled - ansible.builtin.service: - name: 'photoview' - enabled: true diff --git a/ruby.yml b/ruby.yml index d9b900c..daca2f5 100644 --- a/ruby.yml +++ b/ruby.yml @@ -51,27 +51,3 @@ roles: - baikal tags: baikal - -- hosts: ruby - become: yes - roles: - - atuin-server - tags: atuin - -- hosts: ruby - become: yes - roles: - - gitea - tags: gitea - -- hosts: ruby - become: yes - roles: - - kanboard - tags: kanboard - -- hosts: nas - become: yes - roles: - - matrix - tags: matrix diff --git a/web.yml b/web.yml index 4a6274a..7cf2c36 100644 --- a/web.yml +++ b/web.yml @@ -40,27 +40,3 @@ roles: - nefarious-web tags: nefarious - -- hosts: web - become: yes - roles: - - atuin-server-web - tags: atuin - -- hosts: web - become: yes - roles: - - gitea-web - tags: gitea - -- hosts: web - become: yes - roles: - - kanboard-web - tags: kanboard - -- hosts: web - become: yes - roles: - - photoview-web - tags: photoview