bastian/deploy_home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

major cleanup of ansible tasks in podman role

Browse Source
This commit is contained in:
Bastian de Byl
2023-07-24 13:38:34 -04:00
parent 71e9f4590b
commit 4c40a42707
18 changed files with 227 additions and 249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
ansible/roles/podman/tasks/container-awsddns.yml
View File

@@ -1,13 +1,16 @@
---
- import_tasks: podman/podman-check.yml
vars:
container_name: awsddns
container_image: "{{ image }}"
- name: create home.bdebyl.net awsddns server container
become: true
become_user: "{{ podman_user }}"
diff: false
containers.podman.podman_container:
name: awsddns
image: docker.io/bdebyl/awsddns:1.0.34
recreate: false
restart: true
image: "{{ image }}"
restart_policy: on-failure:3
log_driver: journald
env:
@@ -17,13 +20,16 @@
AWS_ACCESS_KEY_ID: "{{ aws_access_key_id }}"
AWS_SECRET_ACCESS_KEY: "{{ aws_secret_access_key }}"
AWS_DEFAULT_REGION: "{{ aws_default_region }}"
tags: ddns
- name: create systemd startup job for awsddns
include_tasks: systemd-generate.yml
include_tasks: podman/systemd-generate.yml
vars:
container_name: awsddns
tags: ddns
- import_tasks: podman/podman-check.yml
vars:
container_name: awsddns-skudak
container_image: "{{ image }}"
- name: create wiki.skudakrennsport.com awsddns server container
become: true
@@ -31,9 +37,7 @@
diff: false
containers.podman.podman_container:
name: awsddns-skudak
image: docker.io/bdebyl/awsddns:1.0.34
recreate: false
restart: true
image: "{{ image }}"
restart_policy: on-failure:3
log_driver: journald
env:
@@ -43,10 +47,8 @@
AWS_ACCESS_KEY_ID: "{{ aws_skudak_access_key_id }}"
AWS_SECRET_ACCESS_KEY: "{{ aws_skudak_secret_access_key }}"
AWS_DEFAULT_REGION: "{{ aws_default_region }}"
tags: ddns
- name: create systemd startup job for awsddns-skudak
include_tasks: systemd-generate.yml
include_tasks: podman/systemd-generate.yml
vars:
container_name: awsddns
tags: ddns

29
ansible/roles/podman/tasks/container-bookstack.yml
View File

@@ -12,11 +12,9 @@
- "{{ bookstack_path }}/mysql"
- "{{ bookstack_path }}/public"
- "{{ bookstack_path }}/storage"
tags: bookstack
- name: flush handlers
ansible.builtin.meta: flush_handlers
tags: bookstack
- name: unshare chown the bookstack upload volumes
become: true
@@ -24,16 +22,18 @@
changed_when: false
ansible.builtin.command: |
podman unshare chown -R 33:33 {{ bookstack_path }}/public {{ bookstack_path }}/storage
tags: bookstack
- import_tasks: podman/podman-check.yml
vars:
container_name: bookstack-db
container_image: "{{ db_image }}"
- name: create bookstack-db container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: bookstack-db
image: docker.io/mysql:5.7.21
recreate: false
restart: false
image: "{{ db_image }}"
restart_policy: on-failure:3
log_driver: journald
network:
@@ -46,22 +46,23 @@
MYSQL_PASSWORD: "{{ bookstack_db_pass }}"
volumes:
- "{{ bookstack_path }}/mysql:/var/lib/mysql"
tags: bookstack
- name: create systemd startup job for bookstack-db
include_tasks: systemd-generate.yml
include_tasks: podman/systemd-generate.yml
vars:
container_name: bookstack-db
tags: bookstack
- import_tasks: podman/podman-check.yml
vars:
container_name: bookstack
container_image: "{{ image }}"
- name: create bookstack container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: bookstack
image: docker.io/solidnerd/bookstack:23.6
recreate: true
restart: false
image: "{{ image }}"
restart_policy: on-failure:3
log_driver: journald
network:
@@ -85,10 +86,8 @@
volumes:
- "{{ bookstack_path }}/public:/var/www/bookstack/public/uploads"
- "{{ bookstack_path }}/storage:/var/www/bookstack/storage/uploads"
tags: bookstack
- name: create systemd startup job for bookstack
include_tasks: systemd-generate.yml
include_tasks: podman/systemd-generate.yml
vars:
container_name: bookstack
tags: bookstack

31
ansible/roles/podman/tasks/container-cloud.yml
View File

@@ -13,7 +13,6 @@
- "{{ cloud_path }}/config"
- "{{ cloud_path }}/data"
- "{{ cloud_path }}/mysql"
tags: cloud
- name: unshare chown the nextcloud volumes
become: true
@@ -21,14 +20,12 @@
changed_when: false
ansible.builtin.command: |
podman unshare chown -R 33:33 {{ cloud_path }}/data {{ cloud_path}}/config
tags: cloud
- name: get user/group id from unshare
become: true
ansible.builtin.stat:
path: "{{ cloud_path }}/data"
register: cloud_owner
tags: cloud
- name: mount cloud cifs
become: true
@@ -38,20 +35,21 @@
fstype: cifs
opts: "username=cloud,password={{ cloud_cifs_pass }},uid={{ cloud_owner.stat.uid }},gid={{ cloud_owner.stat.uid }}"
state: mounted
tags: cloud
- name: flush handlers
ansible.builtin.meta: flush_handlers
tags: cloud
- import_tasks: podman/podman-check.yml
vars:
container_name: cloud-db
container_image: "{{ db_image }}"
- name: create cloud-db container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: cloud-db
image: docker.io/mariadb:10.5
recreate: false
restart: false
image: "{{ db_image }}"
restart_policy: on-failure:3
log_driver: journald
network:
@@ -63,22 +61,23 @@
MYSQL_USER: cloud
volumes:
- "{{ cloud_path }}/mysql:/var/lib/mysql"
tags: cloud
- name: create systemd startup job for cloud-db
include_tasks: systemd-generate.yml
include_tasks: podman/systemd-generate.yml
vars:
container_name: cloud-db
tags: cloud
- import_tasks: podman/podman-check.yml
vars:
container_name: cloud
container_image: "{{ image }}"
- name: create cloud container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: cloud
image: docker.io/nextcloud:24.0.5-apache
recreate: false
restart: false
image: "{{ image }}"
restart_policy: on-failure:3
log_driver: journald
network:
@@ -94,10 +93,8 @@
- "{{ cloud_path }}/config:/var/www/html/config"
ports:
- "8089:80"
tags: cloud
- name: create systemd startup job for cloud
include_tasks: systemd-generate.yml
include_tasks: podman/systemd-generate.yml
vars:
container_name: cloud
tags: cloud

28
ansible/roles/podman/tasks/container-drone.yml
View File

@@ -10,20 +10,21 @@
notify: restorecon podman
loop:
- "{{ drone_path }}/data"
tags: drone
- name: flush handlers
ansible.builtin.meta: flush_handlers
tags: drone
- import_tasks: podman/podman-check.yml
vars:
container_name: drone
container_image: "{{ image }}"
- name: create drone-ci server container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: drone
image: docker.io/drone/drone:2.16.0
recreate: true
restart: true
image: "{{ image }}"
restart_policy: on-failure:3
log_driver: journald
network:
@@ -41,22 +42,23 @@
- "{{ drone_path }}/data:/data"
ports:
- "8080:80"
tags: drone
- name: create systemd startup job for drone
include_tasks: systemd-generate.yml
include_tasks: podman/systemd-generate.yml
vars:
container_name: drone
tags: drone
- import_tasks: podman/podman-check.yml
vars:
container_name: drone-runner
container_image: "{{ runner_image }}"
- name: create drone-ci worker container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: drone-runner
image: docker.io/drone/drone-runner-docker:1.8.3
recreate: false
restart: true
image: "{{ runner_image }}"
restart_policy: on-failure:3
log_driver: journald
network:
@@ -70,10 +72,8 @@
- "/run/user/1002/podman/podman.sock:/var/run/docker.sock"
ports:
- "3000:3000"
tags: drone
- name: create systemd startup job for drone-runner
include_tasks: systemd-generate.yml
include_tasks: podman/systemd-generate.yml
vars:
container_name: drone-runner
tags: drone

16
ansible/roles/podman/tasks/container-factorio.yml
View File

@@ -10,7 +10,6 @@
notify: restorecon podman
loop:
- "{{ factorio_path }}"
tags: factorio
- name: unshare chown the elastic volume
become: true
@@ -18,20 +17,21 @@
changed_when: false
ansible.builtin.command: |
podman unshare chown -R 845:845 {{ factorio_path }}
tags: factorio
- name: flush handlers
ansible.builtin.meta: flush_handlers
tags: factorio
- import_tasks: podman/podman-check.yml
vars:
container_name: factorio
container_image: "{{ image }}"
- name: create factorio server container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: factorio
image: docker.io/factoriotools/factorio:1.1.80
recreate: true
restart: true
image: "{{ image }}"
restart_policy: on-failure:3
log_driver: journald
volumes:
@@ -39,10 +39,8 @@
ports:
- 34197:34197/udp
- 27015:27015/tcp
tags: factorio
- name: create systemd startup job for factorio
include_tasks: systemd-generate.yml
include_tasks: podman/systemd-generate.yml
vars:
container_name: factorio
tags: factorio

18
ansible/roles/podman/tasks/container-fulfillr.yml
View File

@@ -1,5 +1,5 @@
---
- import_tasks: podman-ecr-login.yml
- import_tasks: ecr/podman-ecr-login.yml
- name: create fulfillr host directory volumes
become: true
@@ -12,7 +12,6 @@
notify: restorecon podman
loop:
- "{{ fulfillr_path }}"
tags: fulfillr
- name: template fulfillr config
become: true
@@ -26,32 +25,31 @@
- production.json
notify:
- restorecon podman
tags: fulfillr
- name: flush handlers
ansible.builtin.meta: flush_handlers
tags: fulfillr
- import_tasks: podman/podman-check.yml
vars:
container_name: fulfillr
container_image: "{{ image }}"
- name: create fulfillr server container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: fulfillr
image: "{{ aws_ecr_endpoint }}/fulfillr:20230711.1654"
image: "{{ image }}"
image_strict: true
command: --config /config/production.json
recreate: true
restart: true
restart_policy: on-failure:3
log_driver: journald
volumes:
- "{{ fulfillr_path }}:/config"
ports:
- 9054:8080/tcp
tags: fulfillr
- name: create systemd startup job for fulfillr
include_tasks: systemd-generate.yml
include_tasks: podman/systemd-generate.yml
vars:
container_name: fulfillr
tags: fulfillr

43
ansible/roles/podman/tasks/container-graylog.yml
View File

@@ -13,7 +13,6 @@
- "{{ graylog_path }}/elastic"
- "{{ graylog_path }}/conf"
- "{{ graylog_path }}/bin"
tags: graylog
- name: copy configuration files
become: true
@@ -29,7 +28,6 @@
- src: "graylog.conf"
dest: "conf/graylog.conf"
notify: restorecon podman
tags: graylog
- name: unshare chown the elastic volume
become: true
@@ -37,41 +35,43 @@
changed_when: false
ansible.builtin.command: |
podman unshare chown -R 1000:1000 {{ graylog_path }}/elastic
tags: graylog
- name: flush handlers
ansible.builtin.meta: flush_handlers
tags: graylog
- import_tasks: podman/podman-check.yml
vars:
container_name: graylog-mongo
container_image: "{{ db_image }}"
- name: create graylog mongodb container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: graylog-mongo
image: docker.io/mongo:4.2
recreate: false
restart: false
image: "{{ db_image }}"
restart_policy: on-failure:3
network:
- shared
volumes:
- "{{ graylog_path }}/mongo:/data/db"
tags: graylog
- name: create systemd startup job for graylog-mongo
include_tasks: systemd-generate.yml
include_tasks: podman/systemd-generate.yml
vars:
container_name: graylog-mongo
tags: graylog
- import_tasks: podman/podman-check.yml
vars:
container_name: graylog-elastic
container_image: "{{ es_image }}"
- name: create graylog elasticsearch container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: graylog-elastic
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
recreate: false
restart: false
image: "{{ es_image }}"
restart_policy: on-failure:3
network:
- shared
@@ -83,22 +83,23 @@
network.host: "0.0.0.0"
cluster.name: "graylog"
ES_JAVA_OPTS: "-Dlog4j2.formatMsgNoLookups=true -Xms512m -Xmx2048m"
tags: graylog
- name: create systemd startup job for graylog-elastic
include_tasks: systemd-generate.yml
include_tasks: podman/systemd-generate.yml
vars:
container_name: graylog-elastic
tags: graylog
- import_tasks: podman/podman-check.yml
vars:
container_name: graylog
container_image: "{{ image }}"
- name: create graylog container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: graylog
image: docker.io/graylog/graylog:4.3.11
recreate: true
restart: true
image: "{{ image }}"
restart_policy: on-failure:3
sysctl:
net.ipv6.conf.all.disable_ipv6: 1
@@ -120,10 +121,8 @@
- "{{ syslog_udp_default }}:{{ syslog_udp_default }}/udp"
- "{{ syslog_udp_unifi }}:{{ syslog_udp_unifi }}/udp"
- "{{ syslog_udp_error }}:{{ syslog_udp_error }}/udp"
tags: graylog
- name: create systemd startup job for graylog
include_tasks: systemd-generate.yml
include_tasks: podman/systemd-generate.yml
vars:
container_name: graylog
tags: graylog

16
ansible/roles/podman/tasks/container-hass.yml
View File

@@ -11,7 +11,6 @@
loop:
- "{{ hass_path }}/media"
- "{{ hass_path }}/config"
tags: hass
- name: copy configuration and automations
become: true
@@ -25,20 +24,21 @@
loop:
- configuration.yaml
- automations.yaml
tags: hass
- name: flush handlers
ansible.builtin.meta: flush_handlers
tags: hass
- import_tasks: podman/podman-check.yml
vars:
container_name: hass
container_image: "{{ image }}"
- name: create home-assistant server container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: hass
image: ghcr.io/home-assistant/home-assistant:stable
recreate: false
restart: true
image: "{{ image }}"
restart_policy: on-failure:3
log_driver: journald
cap_add:
@@ -49,10 +49,8 @@
- "{{ hass_path }}/media:/share"
ports:
- "8123:8123"
tags: hass
- name: create systemd startup job for hass
include_tasks: systemd-generate.yml
include_tasks: podman/systemd-generate.yml
vars:
container_name: hass
tags: hass

13
ansible/roles/podman/tasks/container-nginx.yml
View File

@@ -1,14 +1,17 @@
---
- import_tasks: podman/podman-check.yml
vars:
container_name: nginx
container_image: "{{ image }}"
- name: create nginx container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: nginx
image: docker.io/owasp/modsecurity:nginx
image: "{{ image }}"
entrypoint: ""
command: ["nginx", "-g", "daemon off;"]
recreate: false
restart: true
restart_policy: on-failure:3
log_driver: journald
network:
@@ -22,10 +25,8 @@
- "{{ nginx_path }}/etc:/etc/nginx:ro"
- "/srv/http/letsencrypt:/srv/http/letsencrypt:z"
- "/etc/letsencrypt:/etc/letsencrypt:ro"
tags: nginx
- name: create systemd startup job for nginx
include_tasks: systemd-generate.yml
include_tasks: podman/systemd-generate.yml
vars:
container_name: nginx
tags: nginx

28
ansible/roles/podman/tasks/container-partkeepr.yml
View File

@@ -10,20 +10,21 @@
notify: restorecon podman
loop:
- "{{ partkeepr_path }}/mysql"
tags: partkeepr
- name: flush handlers
ansible.builtin.meta: flush_handlers
tags: partkeepr
- import_tasks: podman/podman-check.yml
vars:
container_name: partkeepr-db
container_image: "{{ db_image }}"
- name: create partkeepr-db container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: partkeepr-db
image: docker.io/mariadb:10.0
recreate: false
restart: false
image: "{{ db_image }}"
restart_policy: on-failure:3
log_driver: journald
network:
@@ -35,32 +36,31 @@
MYSQL_PASSWORD: "{{ partkeepr_mysql_password }}"
volumes:
- "{{ partkeepr_path }}/mysql:/var/lib/mysql"
tags: partkeepr
- name: create systemd startup job for partkeepr-db
include_tasks: systemd-generate.yml
include_tasks: podman/systemd-generate.yml
vars:
container_name: partkeepr-db
tags: partkeepr
- import_tasks: podman/podman-check.yml
vars:
container_name: partkeepr
container_image: "{{ image }}"
- name: create partkeepr container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: partkeepr
image: docker.io/bdebyl/partkeepr:0.1.10
recreate: false
restart: false
image: "{{ image }}"
restart_policy: on-failure:3
log_driver: journald
network:
- shared
ports:
- "8081:80"
tags: partkeepr
- name: create systemd startup job for partkeepr
include_tasks: systemd-generate.yml
include_tasks: podman/systemd-generate.yml
vars:
container_name: partkeepr
tags: partkeepr

29
ansible/roles/podman/tasks/container-photos.yml
View File

@@ -11,11 +11,9 @@
loop:
- "{{ photos_path }}/mysql"
- "{{ photos_path }}/storage"
tags: photos
- name: flush handlers
ansible.builtin.meta: flush_handlers
tags: photos
- name: mount photos cifs
become: true
@@ -25,16 +23,18 @@
fstype: cifs
opts: "username=photos,password={{ photos_cifs_pass }},uid={{ podman_subuid.stdout }},gid={{ podman_subuid.stdout }}"
state: mounted
tags: photos
- import_tasks: podman/podman-check.yml
vars:
container_name: photos-db
container_image: "{{ db_image }}"
- name: create photos-db container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: photos-db
image: docker.io/mariadb:10.8
recreate: false
restart: false
image: "{{ db_image }}"
restart_policy: on-failure:3
log_driver: journald
network:
@@ -47,22 +47,23 @@
MYSQL_PASSWORD: "{{ photos_db_pass }}"
volumes:
- "{{ photos_path }}/mysql:/var/lib/mysql"
tags: photos
- name: create systemd startup job for photos-db
include_tasks: systemd-generate.yml
include_tasks: podman/systemd-generate.yml
vars:
container_name: photos-db
tags: photos
- import_tasks: podman/podman-check.yml
vars:
container_name: photos
container_image: "{{ image }}"
- name: create photos container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: photos
image: docker.io/photoprism/photoprism:230625-ce
recreate: false
restart: false
image: "{{ image }}"
restart_policy: on-failure:3
log_driver: journald
network:
@@ -99,10 +100,8 @@
- "{{ photos_path }}/storage:/photoprism/"
ports:
- "8088:2342"
tags: photos
- name: create systemd startup job for photos
include_tasks: systemd-generate.yml
include_tasks: podman/systemd-generate.yml
vars:
container_name: photos
tags: photos

81
ansible/roles/podman/tasks/container-pihole.yml
View File

@@ -1,81 +0,0 @@
---
- name: create required pihole volumes
become: true
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "{{ podman_subuid.stdout }}"
mode: 0755
notify: restorecon podman
loop:
- "{{ pihole_path }}/config"
- "{{ pihole_path }}/dnsmasq"
- "/srv/http/letsencrypt"
tags: pihole
- name: flush handlers
ansible.builtin.meta: flush_handlers
tags: pihole
- name: create pihole container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: pihole
image: docker.io/pihole/pihole:2022.04.3
recreate: false
restart: true
restart_policy: on-failure:3
log_driver: journald
cap_add:
- CAP_NET_BIND_SERVICE
- NET_ADMIN
env:
DNSMASQ_USER: "root"
INTERFACE: "tap0"
PIHOLE_UID: 0
TZ: "America/New_York"
VIRTUAL_HOST: "{{ pi_server_name }}"
WEBPASSWORD: "{{ pihole_password }}"
volumes:
- "{{ pihole_path }}/config:/etc/pihole"
- "{{ pihole_path }}/dnsmasq:/etc/dnsmasq.d"
ports:
- 1153:53/udp
- 1153:53/tcp
- 8082:80
tags: pihole
- name: create systemd startup job for pihole
include_tasks: systemd-generate.yml
vars:
container_name: pihole
tags: pihole
- name: Redirect DNS, DHCP, HTTP and HTTPS to pihole
become: true
ansible.builtin.iptables:
table: nat
chain: PREROUTING
in_interface: eno1
protocol: "{{ item }}"
match: "{{ item }}"
destination_port: 53
jump: REDIRECT
to_ports: 1153
comment: Redirect DNS traffic to port 1153
loop:
- udp
- tcp
tags:
- pihole
- firewall
- name: Save state of iptables for IPv4
become: true
community.general.iptables_state:
state: saved
path: /etc/sysconfig/iptables
tags:
- pihole
- firewall

20
ansible/roles/podman/tasks/container-sshpass-cron.yml
View File

@@ -10,7 +10,6 @@
notify: restorecon podman
loop:
- "{{ sshpass_cron_path }}"
tags: sshpass_cron
- name: copy sshpass_cron crontab
become: true
@@ -24,7 +23,6 @@
- crontab
notify:
- restorecon podman
tags: sshpass_cron
- name: create sshpass_cron password file
become: true
@@ -36,29 +34,29 @@
mode: 0400
notify:
- restorecon podman
tags: sshpass_cron
- name: flush handlers
ansible.builtin.meta: flush_handlers
tags: sshpass_cron
- import_tasks: podman/podman-check.yml
vars:
container_name: sshpass_cron
container_image: "{{ image }}"
- name: create sshpass_cron container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: sshpass_cron
image: docker.io/bdebyl/sshpass-cron:1.0.9
image_strict: true
recreate: true
restart: true
image: "{{ image }}"
restart_policy: on-failure:3
log_driver: journald
volumes:
- "{{ sshpass_cron_path }}:/mnt"
tags: sshpass_cron
env:
TZ: "America/New_York"
- name: create systemd startup job for sshpass_cron
include_tasks: systemd-generate.yml
include_tasks: podman/systemd-generate.yml
vars:
container_name: sshpass_cron
tags: sshpass_cron

10
ansible/roles/podman/tasks/podman-ecr-login.yml → ansible/roles/podman/tasks/ecr/podman-ecr-login.yml
View File

@@ -1,25 +1,21 @@
---
- name: fetch aws ecr auth token
become: true
become_user: podman
become_user: "{{ podman_user }}"
shell: |
aws ecr get-authorization-token --region us-east-1
register: ecr_command
tags: always
- set_fact:
ecr_authorization_data: "{{ (ecr_command.stdout | from_json).authorizationData[0] }}"
tags: always
- set_fact:
ecr_credentials: "{{ (ecr_authorization_data.authorizationToken | b64decode).split(':') }}"
tags: always
- name: podman login to AWS ECR
become: true
become_user: podman
become_user: "{{ podman_user }}"
containers.podman.podman_login:
registry: "{{ aws_ecr_endpoint }}"
username: "{{ ecr_credentials[0] }}"
password: "{{ ecr_credentials[1] }}"
tags: always
password: "{{ ecr_credentials[1] }}"

60
ansible/roles/podman/tasks/main.yml
View File

@@ -1,17 +1,71 @@
---
- import_tasks: podman.yml
- import_tasks: configuration-nginx.yml
- import_tasks: firewall.yml
- import_tasks: container-awsddns.yml
vars:
image: docker.io/bdebyl/awsddns:1.0.34
tags: ddns
- import_tasks: container-drone.yml
vars:
runner_image: docker.io/drone/drone-runner-docker:1.8.3
image: docker.io/drone/drone:2.16.0
tags: drone
- import_tasks: container-hass.yml
vars:
image: ghcr.io/home-assistant/home-assistant:stable
tags: hass
- import_tasks: container-partkeepr.yml
vars:
db_image: docker.io/library/mariadb:10.0
image: docker.io/bdebyl/partkeepr:0.1.10
tags: partkeepr
- import_tasks: container-graylog.yml
- import_tasks: container-pihole.yml
vars:
db_image: docker.io/library/mongo:4.2
es_image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
image: docker.io/graylog/graylog:4.3.11
tags: graylog
- import_tasks: container-bookstack.yml
vars:
db_image: docker.io/library/mysql:5.7.21
image: docker.io/solidnerd/bookstack:23.6
tags: bookstack
- import_tasks: container-photos.yml
vars:
db_image: docker.io/library/mariadb:10.8
image: docker.io/photoprism/photoprism:230625-ce
tags: photos
- import_tasks: container-cloud.yml
vars:
db_image: docker.io/library/mariadb:10.5
image: docker.io/library/nextcloud:24.0.5-apache
tags: cloud
- import_tasks: container-fulfillr.yml
vars:
image: "{{ aws_ecr_endpoint }}/fulfillr:20230711.1654"
tags: fulfillr
- import_tasks: configuration-nginx.yml
- import_tasks: container-nginx.yml
- import_tasks: container-factorio.yml
vars:
image: docker.io/owasp/modsecurity:nginx
tags: nginx
- import_tasks: container-sshpass-cron.yml
vars:
image: docker.io/bdebyl/sshpass-cron:1.0.11
tags: sshpass_cron
- import_tasks: container-factorio.yml
vars:
image: docker.io/factoriotools/factorio:1.1.80
tags: factorio

20
ansible/roles/podman/tasks/podman/podman-check.yml Normal file
View File

@@ -0,0 +1,20 @@
---
- name: get container info
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container_info:
name: "{{ container_name }}"
register: container
- name: check
debug:
msg: "image '{{ container.containers[0]['ImageName'] }}' not equivalent to '{{ container_image }}'!"
when: container.containers[0]["ImageName"] != container_image
- name: delete container if necessary
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: "{{ container_name }}"
state: absent
when: container.containers[0]["ImageName"] != container_image

0
ansible/roles/podman/tasks/systemd-generate.yml → ansible/roles/podman/tasks/podman/systemd-generate.yml
View File