fulfillr-dev: bump image to 20260606.0357 (inventory editor, logs page, branded shipped email, U5 trim)
This commit is contained in:
Bastian de Byl
@@ -1,52 +0,0 @@
|
|||||||
# TODO
|
|
||||||
|
|
||||||
## ✅ Caddy Migration - COMPLETED
|
|
||||||
- [x] Migrate from nginx + ModSecurity to Caddy
|
|
||||||
- [x] Automatic HTTPS certificate provisioning
|
|
||||||
- [x] All sites working with proper IP restrictions
|
|
||||||
- [x] Remove migration_mode logic - Caddy is now default
|
|
||||||
|
|
||||||
## Infrastructure Cleanup Tasks
|
|
||||||
|
|
||||||
### ✅ Phase 1: System LetsEncrypt to Caddy Migration - COMPLETED
|
|
||||||
- [x] ~~Create dedicated Caddy certificates volume~~ - Not needed, Caddy manages in /data
|
|
||||||
- [x] ~~Copy existing system LetsEncrypt certificates~~ - Not needed, Caddy generated new ones
|
|
||||||
- [x] ~~Set proper permissions~~ - Already correct, Caddy runs as podman user
|
|
||||||
- [x] Remove LetsEncrypt cron jobs from Ansible (cleanup.yml created)
|
|
||||||
- [x] Remove LetsEncrypt cron jobs from remote host (both weekly + 5min jobs removed)
|
|
||||||
- [x] Disable ssl role tasks and certificate generation (disabled in deploy_home.yml)
|
|
||||||
- [x] ~~Remove certbot installation from common role~~ - Not installed there
|
|
||||||
- [x] Uninstall certbot/letsencrypt packages from remote host (removed via dnf)
|
|
||||||
- [x] Stop any running LetsEncrypt services (certbot.timer not running)
|
|
||||||
- [x] Backup and remove /etc/letsencrypt directory (backup created, directory removed)
|
|
||||||
- [x] Remove /srv/http/letsencrypt directory (webroot removed)
|
|
||||||
|
|
||||||
### ✅ Phase 2: nginx + ModSecurity Cleanup - COMPLETED
|
|
||||||
- [x] Remove nginx container configuration and tasks (deleted all conf-nginx*.yml, nginx.yml)
|
|
||||||
- [x] Remove nginx configuration templates and files (removed entire templates/nginx/ directory)
|
|
||||||
- [x] Remove ModSecurity rules and configuration (removed from defaults/main.yml variables)
|
|
||||||
- [x] Remove nginx/ModSecurity volume mounts and directories (nginx volume backed up and removed)
|
|
||||||
- [x] Clean up nginx-related variables from defaults/main.yml (nginx_path removed)
|
|
||||||
- [x] ~~Remove firewall rules for nginx~~ - Not needed, Caddy uses same ports
|
|
||||||
- [x] Remove nginx systemd services from remote host (container-nginx service removed)
|
|
||||||
- [x] ~~Uninstall nginx/ModSecurity packages~~ - Were never system-installed, container-only
|
|
||||||
- [x] Clean up nginx log directories and files (/var/log/nginx, /var/log/modsecurity removed)
|
|
||||||
- [x] Remove ModSecurity installation directories (/usr/share/modsecurity, /usr/share/coreruleset removed)
|
|
||||||
- [x] Create backup of nginx configuration (nginx-backup-{timestamp}.tar.gz created)
|
|
||||||
|
|
||||||
### ✅ Phase 3: Final Cleanup - COMPLETED
|
|
||||||
- [x] Remove Drone CI infrastructure and ci.bdebyl.net host
|
|
||||||
- [x] Remove Drone container from podman configuration (drone.yml deleted)
|
|
||||||
- [x] Remove ci.bdebyl.net from Caddyfile (site configuration removed)
|
|
||||||
- [x] Clean up drone-related volumes and data (drone volume backed up and removed)
|
|
||||||
- [x] Update firewall rules to remove CI ports (ports were not explicitly opened)
|
|
||||||
- [x] Review and remove unused variables and templates
|
|
||||||
- [x] Removed ci_server_name variable
|
|
||||||
- [x] Removed drone-related variables (drone_path, drone_server_proto, etc.)
|
|
||||||
- [x] Cleaned up nginx handler in handlers/main.yml
|
|
||||||
- [x] Updated firewall.yml comments
|
|
||||||
- [x] Update documentation to reflect Caddy as web server
|
|
||||||
- [x] Updated CLAUDE.md container organization section
|
|
||||||
- [x] Updated tagging strategy (nginx→caddy, drone marked decommissioned)
|
|
||||||
- [x] Updated target environment description (nginx→Caddy)
|
|
||||||
- [x] Verify all services working after cleanup (sites tested and working)
|
|
||||||
@@ -1,92 +0,0 @@
|
|||||||
---
|
|
||||||
- name: install ESP-IDF build dependencies
|
|
||||||
become: true
|
|
||||||
ansible.builtin.dnf:
|
|
||||||
name:
|
|
||||||
- git
|
|
||||||
- wget
|
|
||||||
- flex
|
|
||||||
- bison
|
|
||||||
- gperf
|
|
||||||
- python3
|
|
||||||
- python3-pip
|
|
||||||
- cmake
|
|
||||||
- ninja-build
|
|
||||||
- ccache
|
|
||||||
- libffi-devel
|
|
||||||
- libusb1-devel
|
|
||||||
state: present
|
|
||||||
tags: gitea-actions
|
|
||||||
|
|
||||||
- name: check if ESP-IDF is installed
|
|
||||||
ansible.builtin.stat:
|
|
||||||
path: "{{ esp_idf_path }}"
|
|
||||||
register: esp_idf_dir
|
|
||||||
tags: gitea-actions
|
|
||||||
|
|
||||||
- name: clone ESP-IDF repository
|
|
||||||
become: true
|
|
||||||
ansible.builtin.git:
|
|
||||||
repo: https://github.com/espressif/esp-idf.git
|
|
||||||
dest: "{{ esp_idf_path }}"
|
|
||||||
version: "{{ esp_idf_version }}"
|
|
||||||
recursive: true
|
|
||||||
force: false
|
|
||||||
when: not esp_idf_dir.stat.exists
|
|
||||||
tags: gitea-actions
|
|
||||||
|
|
||||||
- name: add ESP-IDF to git safe.directory
|
|
||||||
become: true
|
|
||||||
ansible.builtin.command:
|
|
||||||
cmd: git config --global --add safe.directory {{ esp_idf_path }}
|
|
||||||
changed_when: false
|
|
||||||
tags: gitea-actions
|
|
||||||
|
|
||||||
- name: ensure ESP-IDF submodules are initialized
|
|
||||||
become: true
|
|
||||||
ansible.builtin.command:
|
|
||||||
cmd: git submodule update --init --recursive
|
|
||||||
chdir: "{{ esp_idf_path }}"
|
|
||||||
changed_when: false
|
|
||||||
tags: gitea-actions
|
|
||||||
|
|
||||||
- name: set ESP-IDF directory ownership
|
|
||||||
become: true
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ esp_idf_path }}"
|
|
||||||
owner: "{{ gitea_runner_user }}"
|
|
||||||
group: "{{ gitea_runner_user }}"
|
|
||||||
recurse: true
|
|
||||||
tags: gitea-actions
|
|
||||||
|
|
||||||
- name: set SELinux context for ESP-IDF directory
|
|
||||||
become: true
|
|
||||||
community.general.sefcontext:
|
|
||||||
target: "{{ esp_idf_path }}(/.*)?"
|
|
||||||
setype: usr_t
|
|
||||||
state: present
|
|
||||||
when: ansible_selinux.status == "enabled"
|
|
||||||
notify: restore esp-idf selinux context
|
|
||||||
tags: gitea-actions
|
|
||||||
|
|
||||||
- name: create ESP-IDF tools directory for runner user
|
|
||||||
become: true
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ gitea_runner_home }}/.espressif"
|
|
||||||
state: directory
|
|
||||||
owner: "{{ gitea_runner_user }}"
|
|
||||||
group: "{{ gitea_runner_user }}"
|
|
||||||
mode: "0755"
|
|
||||||
tags: gitea-actions
|
|
||||||
|
|
||||||
- name: install ESP-IDF tools for runner user
|
|
||||||
become: true
|
|
||||||
become_user: "{{ gitea_runner_user }}"
|
|
||||||
ansible.builtin.shell: |
|
|
||||||
export IDF_TOOLS_PATH="{{ gitea_runner_home }}/.espressif"
|
|
||||||
{{ esp_idf_path }}/install.sh esp32
|
|
||||||
args:
|
|
||||||
creates: "{{ gitea_runner_home }}/.espressif/python_env"
|
|
||||||
environment:
|
|
||||||
HOME: "{{ gitea_runner_home }}"
|
|
||||||
tags: gitea-actions
|
|
||||||
@@ -78,9 +78,15 @@
|
|||||||
|
|
||||||
- import_tasks: containers/debyltech/fulfillr.yml
|
- import_tasks: containers/debyltech/fulfillr.yml
|
||||||
vars:
|
vars:
|
||||||
image: git.debyl.io/debyltech/fulfillr:20260603.0222
|
image: git.debyl.io/debyltech/fulfillr:20260605.2021
|
||||||
tags: debyltech, fulfillr
|
tags: debyltech, fulfillr
|
||||||
|
|
||||||
|
# Staging back-office (fulfillr-dev.debyltech.com) — same image, staging Turso config.
|
||||||
|
- import_tasks: containers/debyltech/fulfillr-dev.yml
|
||||||
|
vars:
|
||||||
|
image: git.debyl.io/debyltech/fulfillr:20260606.0357
|
||||||
|
tags: debyltech, fulfillr-dev
|
||||||
|
|
||||||
- import_tasks: containers/debyltech/uptime-kuma.yml
|
- import_tasks: containers/debyltech/uptime-kuma.yml
|
||||||
vars:
|
vars:
|
||||||
image: docker.io/louislam/uptime-kuma:2.3.2
|
image: docker.io/louislam/uptime-kuma:2.3.2
|
||||||
|
|||||||
Reference in New Issue
Block a user