bastian/deploy_home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: reorganize fluent-bit and geoip out of containers

Browse Source 
- Move fluent-bit to common role (systemd service, not a container)
- Move geoip to podman/tasks/data/ (data prep, not a container)
- Remove debyltech tag from geoip (not a debyltech service)
- Fix check_mode for fetch subuid task to enable dry-run mode

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Bastian de Byl
2026-01-28 12:34:43 -05:00
parent 9d562c7188
commit 61692b36a2
9 changed files with 25 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ansible/roles/common/handlers/main.yml
View File

@@ -10,3 +10,9 @@
ansible.builtin.service: ansible.builtin.service:
name: fail2ban name: fail2ban
state: restarted state: restarted
- name: restart fluent-bit
become: true
ansible.builtin.systemd:
name: fluent-bit
state: restarted

19
ansible/roles/podman/tasks/containers/base/fluent-bit.yml → ansible/roles/common/tasks/fluent-bit.yml
View File

@@ -2,25 +2,6 @@
# Fluent Bit - Log forwarder from journald to Graylog GELF # Fluent Bit - Log forwarder from journald to Graylog GELF
# Deployed as systemd service (not container) for direct journal access # Deployed as systemd service (not container) for direct journal access
# Clean up old container deployment if it exists
- name: stop and remove fluent-bit container if exists
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: fluent-bit
state: absent
ignore_errors: true
- name: disable old fluent-bit container systemd service
become: true
become_user: "{{ podman_user }}"
ansible.builtin.systemd:
name: fluent-bit
enabled: false
state: stopped
scope: user
ignore_errors: true
- name: install fluent-bit package - name: install fluent-bit package
become: true become: true
ansible.builtin.dnf: ansible.builtin.dnf:

3
ansible/roles/common/tasks/main.yml
View File

@@ -3,6 +3,9 @@
- import_tasks: security.yml - import_tasks: security.yml
- import_tasks: service.yml - import_tasks: service.yml
- import_tasks: fluent-bit.yml
tags: fluent-bit, graylog
- name: create the docker group - name: create the docker group
become: true become: true
ansible.builtin.group: ansible.builtin.group:

10
ansible/roles/podman/templates/fluent-bit/fluent-bit.conf.j2 → ansible/roles/common/templates/fluent-bit/fluent-bit.conf.j2
View File

@@ -74,6 +74,12 @@
# ============================================================================= # =============================================================================
# FILTERS: Add metadata for Graylog categorization # FILTERS: Add metadata for Graylog categorization
# ============================================================================= # =============================================================================
# Exclude Graylog stack containers to prevent feedback loop
[FILTER]
Name grep
Match podman.*
Exclude CONTAINER_NAME ^graylog
[FILTER] [FILTER]
Name record_modifier Name record_modifier
Match podman.* Match podman.*
@@ -143,7 +149,7 @@
Name gelf Name gelf
Match * Match *
Host 127.0.0.1 Host 127.0.0.1
Port 12203 Port 12202
Mode udp Mode tcp
Gelf_Short_Message_Key MESSAGE Gelf_Short_Message_Key MESSAGE
Gelf_Host_Key host Gelf_Host_Key host

0
ansible/roles/podman/templates/fluent-bit/parsers.conf.j2 → ansible/roles/common/templates/fluent-bit/parsers.conf.j2
View File

8
ansible/roles/podman/handlers/main.yml
View File

@@ -42,11 +42,3 @@
scope: user scope: user
tags: tags:
- zomboid - zomboid
- name: restart fluent-bit
become: true
ansible.builtin.systemd:
name: fluent-bit
state: restarted
tags:
- fluent-bit

0
ansible/roles/podman/tasks/containers/debyltech/geoip.yml → ansible/roles/podman/tasks/data/geoip.yml
View File

13
ansible/roles/podman/tasks/main.yml
View File

@@ -31,7 +31,7 @@
- import_tasks: containers/home/hass.yml - import_tasks: containers/home/hass.yml
vars: vars:
image: ghcr.io/home-assistant/home-assistant:2025.9 image: ghcr.io/home-assistant/home-assistant:2026.1
tags: hass tags: hass
- import_tasks: containers/home/partkeepr.yml - import_tasks: containers/home/partkeepr.yml
@@ -86,15 +86,16 @@
image: docker.io/louislam/uptime-kuma:2.0.2 image: docker.io/louislam/uptime-kuma:2.0.2
tags: home, uptime tags: home, uptime
- import_tasks: containers/debyltech/geoip.yml - import_tasks: data/geoip.yml
tags: debyltech, graylog, geoip tags: graylog, geoip
- import_tasks: containers/debyltech/graylog.yml - import_tasks: containers/debyltech/graylog.yml
vars:
mongo_image: docker.io/mongo:7.0
opensearch_image: docker.io/opensearchproject/opensearch:2
image: docker.io/graylog/graylog:7.0.1
tags: debyltech, graylog tags: debyltech, graylog
- import_tasks: containers/base/fluent-bit.yml
tags: fluent-bit, graylog
- import_tasks: containers/home/gregtime.yml - import_tasks: containers/home/gregtime.yml
vars: vars:
image: localhost/greg-time-bot:3.0.2 image: localhost/greg-time-bot:3.0.2

1
ansible/roles/podman/tasks/podman/podman.yml
View File

@@ -112,6 +112,7 @@
- name: fetch subuid of {{ podman_user }} - name: fetch subuid of {{ podman_user }}
become: true become: true
changed_when: false changed_when: false
check_mode: false
ansible.builtin.shell: | ansible.builtin.shell: |
set -o pipefail && cat /etc/subuid | awk -F':' '/{{ podman_user }}/{ print $2 }' | head -n 1 set -o pipefail && cat /etc/subuid | awk -F':' '/{{ podman_user }}/{ print $2 }' | head -n 1
register: podman_subuid register: podman_subuid