diff --git a/ansible/roles/podman/files/sshpass_cron/crontab b/ansible/roles/podman/files/sshpass_cron/crontab index e6794d7..206541c 100644 --- a/ansible/roles/podman/files/sshpass_cron/crontab +++ b/ansible/roles/podman/files/sshpass_cron/crontab @@ -1,4 +1,4 @@ -0 5 * * * sshpass -f /mnt/unifi-pass ssh -o 'StrictHostKeyChecking=no' ubnt@Garage.localdomain 'reboot' -15 5 * * * sshpass -f /mnt/unifi-pass ssh -o 'StrictHostKeyChecking=no' ubnt@LivingRoom.localdomain 'reboot' -30 5 * * * sshpass -f /mnt/unifi-pass ssh -o 'StrictHostKeyChecking=no' ubnt@FrontYard.localdomain 'reboot' -45 5 * * * sshpass -f /mnt/unifi-pass ssh -o 'StrictHostKeyChecking=no' ubnt@Office.localdomain 'reboot' \ No newline at end of file +0 5 * * * sshpass -f /mnt/unifi-pass ssh -o 'StrictHostKeyChecking=no' ubnt@192.168.1.254 'reboot' +15 5 * * * sshpass -f /mnt/unifi-pass ssh -o 'StrictHostKeyChecking=no' ubnt@192.168.1.253 'reboot' +30 5 * * * sshpass -f /mnt/unifi-pass ssh -o 'StrictHostKeyChecking=no' ubnt@192.168.1.252 'reboot' +45 5 * * * sshpass -f /mnt/unifi-pass ssh -o 'StrictHostKeyChecking=no' ubnt@192.168.1.251 'reboot' \ No newline at end of file diff --git a/ansible/roles/podman/tasks/container-awsddns.yml b/ansible/roles/podman/tasks/container-awsddns.yml index a0d2d65..49ae694 100644 --- a/ansible/roles/podman/tasks/container-awsddns.yml +++ b/ansible/roles/podman/tasks/container-awsddns.yml @@ -1,13 +1,16 @@ --- +- import_tasks: podman/podman-check.yml + vars: + container_name: awsddns + container_image: "{{ image }}" + - name: create home.bdebyl.net awsddns server container become: true become_user: "{{ podman_user }}" diff: false containers.podman.podman_container: name: awsddns - image: docker.io/bdebyl/awsddns:1.0.34 - recreate: false - restart: true + image: "{{ image }}" restart_policy: on-failure:3 log_driver: journald env: @@ -17,13 +20,16 @@ AWS_ACCESS_KEY_ID: "{{ aws_access_key_id }}" AWS_SECRET_ACCESS_KEY: "{{ aws_secret_access_key }}" AWS_DEFAULT_REGION: "{{ aws_default_region }}" - tags: ddns - name: create systemd startup job for awsddns - include_tasks: systemd-generate.yml + include_tasks: podman/systemd-generate.yml vars: container_name: awsddns - tags: ddns + +- import_tasks: podman/podman-check.yml + vars: + container_name: awsddns-skudak + container_image: "{{ image }}" - name: create wiki.skudakrennsport.com awsddns server container become: true @@ -31,9 +37,7 @@ diff: false containers.podman.podman_container: name: awsddns-skudak - image: docker.io/bdebyl/awsddns:1.0.34 - recreate: false - restart: true + image: "{{ image }}" restart_policy: on-failure:3 log_driver: journald env: @@ -43,10 +47,8 @@ AWS_ACCESS_KEY_ID: "{{ aws_skudak_access_key_id }}" AWS_SECRET_ACCESS_KEY: "{{ aws_skudak_secret_access_key }}" AWS_DEFAULT_REGION: "{{ aws_default_region }}" - tags: ddns - name: create systemd startup job for awsddns-skudak - include_tasks: systemd-generate.yml + include_tasks: podman/systemd-generate.yml vars: container_name: awsddns - tags: ddns diff --git a/ansible/roles/podman/tasks/container-bookstack.yml b/ansible/roles/podman/tasks/container-bookstack.yml index 668c6d7..a83a4ae 100644 --- a/ansible/roles/podman/tasks/container-bookstack.yml +++ b/ansible/roles/podman/tasks/container-bookstack.yml @@ -12,11 +12,9 @@ - "{{ bookstack_path }}/mysql" - "{{ bookstack_path }}/public" - "{{ bookstack_path }}/storage" - tags: bookstack - name: flush handlers ansible.builtin.meta: flush_handlers - tags: bookstack - name: unshare chown the bookstack upload volumes become: true @@ -24,16 +22,18 @@ changed_when: false ansible.builtin.command: | podman unshare chown -R 33:33 {{ bookstack_path }}/public {{ bookstack_path }}/storage - tags: bookstack +- import_tasks: podman/podman-check.yml + vars: + container_name: bookstack-db + container_image: "{{ db_image }}" + - name: create bookstack-db container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: name: bookstack-db - image: docker.io/mysql:5.7.21 - recreate: false - restart: false + image: "{{ db_image }}" restart_policy: on-failure:3 log_driver: journald network: @@ -46,22 +46,23 @@ MYSQL_PASSWORD: "{{ bookstack_db_pass }}" volumes: - "{{ bookstack_path }}/mysql:/var/lib/mysql" - tags: bookstack - name: create systemd startup job for bookstack-db - include_tasks: systemd-generate.yml + include_tasks: podman/systemd-generate.yml vars: container_name: bookstack-db - tags: bookstack + +- import_tasks: podman/podman-check.yml + vars: + container_name: bookstack + container_image: "{{ image }}" - name: create bookstack container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: name: bookstack - image: docker.io/solidnerd/bookstack:23.6 - recreate: true - restart: false + image: "{{ image }}" restart_policy: on-failure:3 log_driver: journald network: @@ -85,10 +86,8 @@ volumes: - "{{ bookstack_path }}/public:/var/www/bookstack/public/uploads" - "{{ bookstack_path }}/storage:/var/www/bookstack/storage/uploads" - tags: bookstack - name: create systemd startup job for bookstack - include_tasks: systemd-generate.yml + include_tasks: podman/systemd-generate.yml vars: container_name: bookstack - tags: bookstack diff --git a/ansible/roles/podman/tasks/container-cloud.yml b/ansible/roles/podman/tasks/container-cloud.yml index ea96787..c393092 100644 --- a/ansible/roles/podman/tasks/container-cloud.yml +++ b/ansible/roles/podman/tasks/container-cloud.yml @@ -13,7 +13,6 @@ - "{{ cloud_path }}/config" - "{{ cloud_path }}/data" - "{{ cloud_path }}/mysql" - tags: cloud - name: unshare chown the nextcloud volumes become: true @@ -21,14 +20,12 @@ changed_when: false ansible.builtin.command: | podman unshare chown -R 33:33 {{ cloud_path }}/data {{ cloud_path}}/config - tags: cloud - name: get user/group id from unshare become: true ansible.builtin.stat: path: "{{ cloud_path }}/data" register: cloud_owner - tags: cloud - name: mount cloud cifs become: true @@ -38,20 +35,21 @@ fstype: cifs opts: "username=cloud,password={{ cloud_cifs_pass }},uid={{ cloud_owner.stat.uid }},gid={{ cloud_owner.stat.uid }}" state: mounted - tags: cloud - name: flush handlers ansible.builtin.meta: flush_handlers - tags: cloud + +- import_tasks: podman/podman-check.yml + vars: + container_name: cloud-db + container_image: "{{ db_image }}" - name: create cloud-db container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: name: cloud-db - image: docker.io/mariadb:10.5 - recreate: false - restart: false + image: "{{ db_image }}" restart_policy: on-failure:3 log_driver: journald network: @@ -63,22 +61,23 @@ MYSQL_USER: cloud volumes: - "{{ cloud_path }}/mysql:/var/lib/mysql" - tags: cloud - name: create systemd startup job for cloud-db - include_tasks: systemd-generate.yml + include_tasks: podman/systemd-generate.yml vars: container_name: cloud-db - tags: cloud + +- import_tasks: podman/podman-check.yml + vars: + container_name: cloud + container_image: "{{ image }}" - name: create cloud container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: name: cloud - image: docker.io/nextcloud:24.0.5-apache - recreate: false - restart: false + image: "{{ image }}" restart_policy: on-failure:3 log_driver: journald network: @@ -94,10 +93,8 @@ - "{{ cloud_path }}/config:/var/www/html/config" ports: - "8089:80" - tags: cloud - name: create systemd startup job for cloud - include_tasks: systemd-generate.yml + include_tasks: podman/systemd-generate.yml vars: container_name: cloud - tags: cloud diff --git a/ansible/roles/podman/tasks/container-drone.yml b/ansible/roles/podman/tasks/container-drone.yml index 80a1984..bf0b58e 100644 --- a/ansible/roles/podman/tasks/container-drone.yml +++ b/ansible/roles/podman/tasks/container-drone.yml @@ -10,20 +10,21 @@ notify: restorecon podman loop: - "{{ drone_path }}/data" - tags: drone - name: flush handlers ansible.builtin.meta: flush_handlers - tags: drone + +- import_tasks: podman/podman-check.yml + vars: + container_name: drone + container_image: "{{ image }}" - name: create drone-ci server container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: name: drone - image: docker.io/drone/drone:2.16.0 - recreate: true - restart: true + image: "{{ image }}" restart_policy: on-failure:3 log_driver: journald network: @@ -41,22 +42,23 @@ - "{{ drone_path }}/data:/data" ports: - "8080:80" - tags: drone - name: create systemd startup job for drone - include_tasks: systemd-generate.yml + include_tasks: podman/systemd-generate.yml vars: container_name: drone - tags: drone + +- import_tasks: podman/podman-check.yml + vars: + container_name: drone-runner + container_image: "{{ runner_image }}" - name: create drone-ci worker container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: name: drone-runner - image: docker.io/drone/drone-runner-docker:1.8.3 - recreate: false - restart: true + image: "{{ runner_image }}" restart_policy: on-failure:3 log_driver: journald network: @@ -70,10 +72,8 @@ - "/run/user/1002/podman/podman.sock:/var/run/docker.sock" ports: - "3000:3000" - tags: drone - name: create systemd startup job for drone-runner - include_tasks: systemd-generate.yml + include_tasks: podman/systemd-generate.yml vars: container_name: drone-runner - tags: drone diff --git a/ansible/roles/podman/tasks/container-factorio.yml b/ansible/roles/podman/tasks/container-factorio.yml index f70b640..68625b6 100644 --- a/ansible/roles/podman/tasks/container-factorio.yml +++ b/ansible/roles/podman/tasks/container-factorio.yml @@ -10,7 +10,6 @@ notify: restorecon podman loop: - "{{ factorio_path }}" - tags: factorio - name: unshare chown the elastic volume become: true @@ -18,20 +17,21 @@ changed_when: false ansible.builtin.command: | podman unshare chown -R 845:845 {{ factorio_path }} - tags: factorio - name: flush handlers ansible.builtin.meta: flush_handlers - tags: factorio + +- import_tasks: podman/podman-check.yml + vars: + container_name: factorio + container_image: "{{ image }}" - name: create factorio server container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: name: factorio - image: docker.io/factoriotools/factorio:1.1.80 - recreate: true - restart: true + image: "{{ image }}" restart_policy: on-failure:3 log_driver: journald volumes: @@ -39,10 +39,8 @@ ports: - 34197:34197/udp - 27015:27015/tcp - tags: factorio - name: create systemd startup job for factorio - include_tasks: systemd-generate.yml + include_tasks: podman/systemd-generate.yml vars: container_name: factorio - tags: factorio diff --git a/ansible/roles/podman/tasks/container-fulfillr.yml b/ansible/roles/podman/tasks/container-fulfillr.yml index cb0ca72..1f197db 100644 --- a/ansible/roles/podman/tasks/container-fulfillr.yml +++ b/ansible/roles/podman/tasks/container-fulfillr.yml @@ -1,5 +1,5 @@ --- -- import_tasks: podman-ecr-login.yml +- import_tasks: ecr/podman-ecr-login.yml - name: create fulfillr host directory volumes become: true @@ -12,7 +12,6 @@ notify: restorecon podman loop: - "{{ fulfillr_path }}" - tags: fulfillr - name: template fulfillr config become: true @@ -26,32 +25,31 @@ - production.json notify: - restorecon podman - tags: fulfillr - name: flush handlers ansible.builtin.meta: flush_handlers - tags: fulfillr + +- import_tasks: podman/podman-check.yml + vars: + container_name: fulfillr + container_image: "{{ image }}" - name: create fulfillr server container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: name: fulfillr - image: "{{ aws_ecr_endpoint }}/fulfillr:20230711.1654" + image: "{{ image }}" image_strict: true command: --config /config/production.json - recreate: true - restart: true restart_policy: on-failure:3 log_driver: journald volumes: - "{{ fulfillr_path }}:/config" ports: - 9054:8080/tcp - tags: fulfillr - name: create systemd startup job for fulfillr - include_tasks: systemd-generate.yml + include_tasks: podman/systemd-generate.yml vars: container_name: fulfillr - tags: fulfillr diff --git a/ansible/roles/podman/tasks/container-graylog.yml b/ansible/roles/podman/tasks/container-graylog.yml index 6ac5c5b..2cb22d9 100644 --- a/ansible/roles/podman/tasks/container-graylog.yml +++ b/ansible/roles/podman/tasks/container-graylog.yml @@ -13,7 +13,6 @@ - "{{ graylog_path }}/elastic" - "{{ graylog_path }}/conf" - "{{ graylog_path }}/bin" - tags: graylog - name: copy configuration files become: true @@ -29,7 +28,6 @@ - src: "graylog.conf" dest: "conf/graylog.conf" notify: restorecon podman - tags: graylog - name: unshare chown the elastic volume become: true @@ -37,41 +35,43 @@ changed_when: false ansible.builtin.command: | podman unshare chown -R 1000:1000 {{ graylog_path }}/elastic - tags: graylog - name: flush handlers ansible.builtin.meta: flush_handlers - tags: graylog + +- import_tasks: podman/podman-check.yml + vars: + container_name: graylog-mongo + container_image: "{{ db_image }}" - name: create graylog mongodb container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: name: graylog-mongo - image: docker.io/mongo:4.2 - recreate: false - restart: false + image: "{{ db_image }}" restart_policy: on-failure:3 network: - shared volumes: - "{{ graylog_path }}/mongo:/data/db" - tags: graylog - name: create systemd startup job for graylog-mongo - include_tasks: systemd-generate.yml + include_tasks: podman/systemd-generate.yml vars: container_name: graylog-mongo - tags: graylog + +- import_tasks: podman/podman-check.yml + vars: + container_name: graylog-elastic + container_image: "{{ es_image }}" - name: create graylog elasticsearch container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: name: graylog-elastic - image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2 - recreate: false - restart: false + image: "{{ es_image }}" restart_policy: on-failure:3 network: - shared @@ -83,22 +83,23 @@ network.host: "0.0.0.0" cluster.name: "graylog" ES_JAVA_OPTS: "-Dlog4j2.formatMsgNoLookups=true -Xms512m -Xmx2048m" - tags: graylog - name: create systemd startup job for graylog-elastic - include_tasks: systemd-generate.yml + include_tasks: podman/systemd-generate.yml vars: container_name: graylog-elastic - tags: graylog + +- import_tasks: podman/podman-check.yml + vars: + container_name: graylog + container_image: "{{ image }}" - name: create graylog container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: name: graylog - image: docker.io/graylog/graylog:4.3.11 - recreate: true - restart: true + image: "{{ image }}" restart_policy: on-failure:3 sysctl: net.ipv6.conf.all.disable_ipv6: 1 @@ -120,10 +121,8 @@ - "{{ syslog_udp_default }}:{{ syslog_udp_default }}/udp" - "{{ syslog_udp_unifi }}:{{ syslog_udp_unifi }}/udp" - "{{ syslog_udp_error }}:{{ syslog_udp_error }}/udp" - tags: graylog - name: create systemd startup job for graylog - include_tasks: systemd-generate.yml + include_tasks: podman/systemd-generate.yml vars: container_name: graylog - tags: graylog diff --git a/ansible/roles/podman/tasks/container-hass.yml b/ansible/roles/podman/tasks/container-hass.yml index e0c7573..2cd7f68 100644 --- a/ansible/roles/podman/tasks/container-hass.yml +++ b/ansible/roles/podman/tasks/container-hass.yml @@ -11,7 +11,6 @@ loop: - "{{ hass_path }}/media" - "{{ hass_path }}/config" - tags: hass - name: copy configuration and automations become: true @@ -25,20 +24,21 @@ loop: - configuration.yaml - automations.yaml - tags: hass - name: flush handlers ansible.builtin.meta: flush_handlers - tags: hass + +- import_tasks: podman/podman-check.yml + vars: + container_name: hass + container_image: "{{ image }}" - name: create home-assistant server container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: name: hass - image: ghcr.io/home-assistant/home-assistant:stable - recreate: false - restart: true + image: "{{ image }}" restart_policy: on-failure:3 log_driver: journald cap_add: @@ -49,10 +49,8 @@ - "{{ hass_path }}/media:/share" ports: - "8123:8123" - tags: hass - name: create systemd startup job for hass - include_tasks: systemd-generate.yml + include_tasks: podman/systemd-generate.yml vars: container_name: hass - tags: hass diff --git a/ansible/roles/podman/tasks/container-nginx.yml b/ansible/roles/podman/tasks/container-nginx.yml index e0f47a3..ef77395 100644 --- a/ansible/roles/podman/tasks/container-nginx.yml +++ b/ansible/roles/podman/tasks/container-nginx.yml @@ -1,14 +1,17 @@ --- +- import_tasks: podman/podman-check.yml + vars: + container_name: nginx + container_image: "{{ image }}" + - name: create nginx container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: name: nginx - image: docker.io/owasp/modsecurity:nginx + image: "{{ image }}" entrypoint: "" command: ["nginx", "-g", "daemon off;"] - recreate: false - restart: true restart_policy: on-failure:3 log_driver: journald network: @@ -22,10 +25,8 @@ - "{{ nginx_path }}/etc:/etc/nginx:ro" - "/srv/http/letsencrypt:/srv/http/letsencrypt:z" - "/etc/letsencrypt:/etc/letsencrypt:ro" - tags: nginx - name: create systemd startup job for nginx - include_tasks: systemd-generate.yml + include_tasks: podman/systemd-generate.yml vars: container_name: nginx - tags: nginx diff --git a/ansible/roles/podman/tasks/container-partkeepr.yml b/ansible/roles/podman/tasks/container-partkeepr.yml index 2481026..7f751d7 100644 --- a/ansible/roles/podman/tasks/container-partkeepr.yml +++ b/ansible/roles/podman/tasks/container-partkeepr.yml @@ -10,20 +10,21 @@ notify: restorecon podman loop: - "{{ partkeepr_path }}/mysql" - tags: partkeepr - name: flush handlers ansible.builtin.meta: flush_handlers - tags: partkeepr + +- import_tasks: podman/podman-check.yml + vars: + container_name: partkeepr-db + container_image: "{{ db_image }}" - name: create partkeepr-db container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: name: partkeepr-db - image: docker.io/mariadb:10.0 - recreate: false - restart: false + image: "{{ db_image }}" restart_policy: on-failure:3 log_driver: journald network: @@ -35,32 +36,31 @@ MYSQL_PASSWORD: "{{ partkeepr_mysql_password }}" volumes: - "{{ partkeepr_path }}/mysql:/var/lib/mysql" - tags: partkeepr - name: create systemd startup job for partkeepr-db - include_tasks: systemd-generate.yml + include_tasks: podman/systemd-generate.yml vars: container_name: partkeepr-db - tags: partkeepr + +- import_tasks: podman/podman-check.yml + vars: + container_name: partkeepr + container_image: "{{ image }}" - name: create partkeepr container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: name: partkeepr - image: docker.io/bdebyl/partkeepr:0.1.10 - recreate: false - restart: false + image: "{{ image }}" restart_policy: on-failure:3 log_driver: journald network: - shared ports: - "8081:80" - tags: partkeepr - name: create systemd startup job for partkeepr - include_tasks: systemd-generate.yml + include_tasks: podman/systemd-generate.yml vars: container_name: partkeepr - tags: partkeepr diff --git a/ansible/roles/podman/tasks/container-photos.yml b/ansible/roles/podman/tasks/container-photos.yml index f990447..ff0f406 100644 --- a/ansible/roles/podman/tasks/container-photos.yml +++ b/ansible/roles/podman/tasks/container-photos.yml @@ -11,11 +11,9 @@ loop: - "{{ photos_path }}/mysql" - "{{ photos_path }}/storage" - tags: photos - name: flush handlers ansible.builtin.meta: flush_handlers - tags: photos - name: mount photos cifs become: true @@ -25,16 +23,18 @@ fstype: cifs opts: "username=photos,password={{ photos_cifs_pass }},uid={{ podman_subuid.stdout }},gid={{ podman_subuid.stdout }}" state: mounted - tags: photos + +- import_tasks: podman/podman-check.yml + vars: + container_name: photos-db + container_image: "{{ db_image }}" - name: create photos-db container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: name: photos-db - image: docker.io/mariadb:10.8 - recreate: false - restart: false + image: "{{ db_image }}" restart_policy: on-failure:3 log_driver: journald network: @@ -47,22 +47,23 @@ MYSQL_PASSWORD: "{{ photos_db_pass }}" volumes: - "{{ photos_path }}/mysql:/var/lib/mysql" - tags: photos - name: create systemd startup job for photos-db - include_tasks: systemd-generate.yml + include_tasks: podman/systemd-generate.yml vars: container_name: photos-db - tags: photos + +- import_tasks: podman/podman-check.yml + vars: + container_name: photos + container_image: "{{ image }}" - name: create photos container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: name: photos - image: docker.io/photoprism/photoprism:230625-ce - recreate: false - restart: false + image: "{{ image }}" restart_policy: on-failure:3 log_driver: journald network: @@ -99,10 +100,8 @@ - "{{ photos_path }}/storage:/photoprism/" ports: - "8088:2342" - tags: photos - name: create systemd startup job for photos - include_tasks: systemd-generate.yml + include_tasks: podman/systemd-generate.yml vars: container_name: photos - tags: photos diff --git a/ansible/roles/podman/tasks/container-pihole.yml b/ansible/roles/podman/tasks/container-pihole.yml deleted file mode 100644 index 8e77fb4..0000000 --- a/ansible/roles/podman/tasks/container-pihole.yml +++ /dev/null @@ -1,81 +0,0 @@ ---- -- name: create required pihole volumes - become: true - ansible.builtin.file: - path: "{{ item }}" - state: directory - owner: "{{ podman_subuid.stdout }}" - mode: 0755 - notify: restorecon podman - loop: - - "{{ pihole_path }}/config" - - "{{ pihole_path }}/dnsmasq" - - "/srv/http/letsencrypt" - tags: pihole - -- name: flush handlers - ansible.builtin.meta: flush_handlers - tags: pihole - -- name: create pihole container - become: true - become_user: "{{ podman_user }}" - containers.podman.podman_container: - name: pihole - image: docker.io/pihole/pihole:2022.04.3 - recreate: false - restart: true - restart_policy: on-failure:3 - log_driver: journald - cap_add: - - CAP_NET_BIND_SERVICE - - NET_ADMIN - env: - DNSMASQ_USER: "root" - INTERFACE: "tap0" - PIHOLE_UID: 0 - TZ: "America/New_York" - VIRTUAL_HOST: "{{ pi_server_name }}" - WEBPASSWORD: "{{ pihole_password }}" - volumes: - - "{{ pihole_path }}/config:/etc/pihole" - - "{{ pihole_path }}/dnsmasq:/etc/dnsmasq.d" - ports: - - 1153:53/udp - - 1153:53/tcp - - 8082:80 - tags: pihole - -- name: create systemd startup job for pihole - include_tasks: systemd-generate.yml - vars: - container_name: pihole - tags: pihole - -- name: Redirect DNS, DHCP, HTTP and HTTPS to pihole - become: true - ansible.builtin.iptables: - table: nat - chain: PREROUTING - in_interface: eno1 - protocol: "{{ item }}" - match: "{{ item }}" - destination_port: 53 - jump: REDIRECT - to_ports: 1153 - comment: Redirect DNS traffic to port 1153 - loop: - - udp - - tcp - tags: - - pihole - - firewall - -- name: Save state of iptables for IPv4 - become: true - community.general.iptables_state: - state: saved - path: /etc/sysconfig/iptables - tags: - - pihole - - firewall diff --git a/ansible/roles/podman/tasks/container-sshpass-cron.yml b/ansible/roles/podman/tasks/container-sshpass-cron.yml index 536f973..17051c5 100644 --- a/ansible/roles/podman/tasks/container-sshpass-cron.yml +++ b/ansible/roles/podman/tasks/container-sshpass-cron.yml @@ -10,7 +10,6 @@ notify: restorecon podman loop: - "{{ sshpass_cron_path }}" - tags: sshpass_cron - name: copy sshpass_cron crontab become: true @@ -24,7 +23,6 @@ - crontab notify: - restorecon podman - tags: sshpass_cron - name: create sshpass_cron password file become: true @@ -36,29 +34,29 @@ mode: 0400 notify: - restorecon podman - tags: sshpass_cron - name: flush handlers ansible.builtin.meta: flush_handlers - tags: sshpass_cron + +- import_tasks: podman/podman-check.yml + vars: + container_name: sshpass_cron + container_image: "{{ image }}" - name: create sshpass_cron container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: name: sshpass_cron - image: docker.io/bdebyl/sshpass-cron:1.0.9 - image_strict: true - recreate: true - restart: true + image: "{{ image }}" restart_policy: on-failure:3 log_driver: journald volumes: - "{{ sshpass_cron_path }}:/mnt" - tags: sshpass_cron + env: + TZ: "America/New_York" - name: create systemd startup job for sshpass_cron - include_tasks: systemd-generate.yml + include_tasks: podman/systemd-generate.yml vars: container_name: sshpass_cron - tags: sshpass_cron diff --git a/ansible/roles/podman/tasks/podman-ecr-login.yml b/ansible/roles/podman/tasks/ecr/podman-ecr-login.yml similarity index 78% rename from ansible/roles/podman/tasks/podman-ecr-login.yml rename to ansible/roles/podman/tasks/ecr/podman-ecr-login.yml index b12dfe0..9cdd9d2 100644 --- a/ansible/roles/podman/tasks/podman-ecr-login.yml +++ b/ansible/roles/podman/tasks/ecr/podman-ecr-login.yml @@ -1,25 +1,21 @@ --- - name: fetch aws ecr auth token become: true - become_user: podman + become_user: "{{ podman_user }}" shell: | aws ecr get-authorization-token --region us-east-1 register: ecr_command - tags: always - set_fact: ecr_authorization_data: "{{ (ecr_command.stdout | from_json).authorizationData[0] }}" - tags: always - set_fact: ecr_credentials: "{{ (ecr_authorization_data.authorizationToken | b64decode).split(':') }}" - tags: always - name: podman login to AWS ECR become: true - become_user: podman + become_user: "{{ podman_user }}" containers.podman.podman_login: registry: "{{ aws_ecr_endpoint }}" username: "{{ ecr_credentials[0] }}" - password: "{{ ecr_credentials[1] }}" - tags: always \ No newline at end of file + password: "{{ ecr_credentials[1] }}" \ No newline at end of file diff --git a/ansible/roles/podman/tasks/main.yml b/ansible/roles/podman/tasks/main.yml index be04b0e..f8bca13 100644 --- a/ansible/roles/podman/tasks/main.yml +++ b/ansible/roles/podman/tasks/main.yml @@ -1,17 +1,71 @@ --- - import_tasks: podman.yml -- import_tasks: configuration-nginx.yml - import_tasks: firewall.yml + - import_tasks: container-awsddns.yml + vars: + image: docker.io/bdebyl/awsddns:1.0.34 + tags: ddns + - import_tasks: container-drone.yml + vars: + runner_image: docker.io/drone/drone-runner-docker:1.8.3 + image: docker.io/drone/drone:2.16.0 + tags: drone + - import_tasks: container-hass.yml + vars: + image: ghcr.io/home-assistant/home-assistant:stable + tags: hass + - import_tasks: container-partkeepr.yml + vars: + db_image: docker.io/library/mariadb:10.0 + image: docker.io/bdebyl/partkeepr:0.1.10 + tags: partkeepr + - import_tasks: container-graylog.yml -- import_tasks: container-pihole.yml + vars: + db_image: docker.io/library/mongo:4.2 + es_image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2 + image: docker.io/graylog/graylog:4.3.11 + tags: graylog + - import_tasks: container-bookstack.yml + vars: + db_image: docker.io/library/mysql:5.7.21 + image: docker.io/solidnerd/bookstack:23.6 + tags: bookstack + - import_tasks: container-photos.yml + vars: + db_image: docker.io/library/mariadb:10.8 + image: docker.io/photoprism/photoprism:230625-ce + tags: photos + - import_tasks: container-cloud.yml + vars: + db_image: docker.io/library/mariadb:10.5 + image: docker.io/library/nextcloud:24.0.5-apache + tags: cloud + - import_tasks: container-fulfillr.yml + vars: + image: "{{ aws_ecr_endpoint }}/fulfillr:20230711.1654" + tags: fulfillr + +- import_tasks: configuration-nginx.yml - import_tasks: container-nginx.yml -- import_tasks: container-factorio.yml + vars: + image: docker.io/owasp/modsecurity:nginx + tags: nginx + - import_tasks: container-sshpass-cron.yml + vars: + image: docker.io/bdebyl/sshpass-cron:1.0.11 + tags: sshpass_cron + +- import_tasks: container-factorio.yml + vars: + image: docker.io/factoriotools/factorio:1.1.80 + tags: factorio \ No newline at end of file diff --git a/ansible/roles/podman/tasks/podman/podman-check.yml b/ansible/roles/podman/tasks/podman/podman-check.yml new file mode 100644 index 0000000..2889979 --- /dev/null +++ b/ansible/roles/podman/tasks/podman/podman-check.yml @@ -0,0 +1,20 @@ +--- +- name: get container info + become: true + become_user: "{{ podman_user }}" + containers.podman.podman_container_info: + name: "{{ container_name }}" + register: container + +- name: check + debug: + msg: "image '{{ container.containers[0]['ImageName'] }}' not equivalent to '{{ container_image }}'!" + when: container.containers[0]["ImageName"] != container_image + +- name: delete container if necessary + become: true + become_user: "{{ podman_user }}" + containers.podman.podman_container: + name: "{{ container_name }}" + state: absent + when: container.containers[0]["ImageName"] != container_image \ No newline at end of file diff --git a/ansible/roles/podman/tasks/systemd-generate.yml b/ansible/roles/podman/tasks/podman/systemd-generate.yml similarity index 100% rename from ansible/roles/podman/tasks/systemd-generate.yml rename to ansible/roles/podman/tasks/podman/systemd-generate.yml