added nosql (redis) container with pass, update fulfillr

2023-09-19 18:55:38 -04:00
parent 10fef844d6
commit 8686b40525
5 changed files with 56 additions and 4 deletions
--- a/ansible/roles/podman/defaults/main.yml
+++ b/ansible/roles/podman/defaults/main.yml
@@ -8,6 +8,7 @@ fulfillr_path: "{{ podman_volumes }}/fulfillr"
 graylog_path: "{{ podman_volumes }}/graylog"
 hass_path: "{{ podman_volumes }}/hass"
 nginx_path: "{{ podman_volumes }}/nginx"
+nosql_path: "{{ podman_volumes }}/nosql"
 partkeepr_path: "{{ podman_volumes }}/partkeepr"
 photos_path: "{{ podman_volumes }}/photos"
 pihole_path: "{{ podman_volumes }}/pihole"
--- a/ansible/roles/podman/tasks/container-nosql.yml
+++ b/ansible/roles/podman/tasks/container-nosql.yml
@@ -0,0 +1,44 @@
+---
+- name: create nosql host directory volumes
+  become: true
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ podman_user }}"
+    group: "{{ podman_user }}"
+    mode: 0755
+  notify: restorecon podman
+  loop:
+    - "{{ nosql_path }}/conf"
+    - "{{ nosql_path }}/data"
+
+- name: flush handlers
+  ansible.builtin.meta: flush_handlers
+
+- import_tasks: podman/podman-check.yml
+  vars:
+    container_name: nosql
+    container_image: "{{ image }}"
+
+- name: create nosql container
+  become: true
+  become_user: "{{ podman_user }}"
+  containers.podman.podman_container:
+    name: nosql
+    image: "{{ image }}"
+    command: redis-server --requirepass {{ nosql_password }} 
+    restart_policy: on-failure:3
+    log_driver: journald
+    volumes:
+      - "{{ nosql_path }}/conf:/usr/local/etc/redis/"
+      - "{{ nosql_path }}/data:/var/lib/redis"
+    env:
+      TZ: America/New_York
+      REDIS_REPLICATION_MODE: master
+    ports:
+      - 6379:6379/tcp
+
+- name: create systemd startup job for nosql
+  include_tasks: podman/systemd-generate.yml
+  vars:
+    container_name: nosql
--- a/ansible/roles/podman/tasks/firewall.yml
+++ b/ansible/roles/podman/tasks/firewall.yml
@@ -16,9 +16,8 @@
    # pihole (unused?)
    - 53/tcp
    - 53/udp
-    # pihole (iptables preroute)
-    - 1153/tcp
-    - 1153/udp
+    # nosql/redis
+    - 6379/tcp
    # ???
    - 6875/tcp
    # Satisfactory
@@ -39,6 +38,9 @@
    immediate: true
    state: disabled
  loop:
+    - 1153/tcp
+    - 1153/udp
+    - 2000/udp
    - 2456/udp
    - 2457/udp
    - 9093/tcp
--- a/ansible/roles/podman/tasks/main.yml
+++ b/ansible/roles/podman/tasks/main.yml
@@ -51,7 +51,7 @@

 - import_tasks: container-fulfillr.yml
  vars:
-    image: "{{ aws_ecr_endpoint }}/fulfillr:20230913.2009"
+    image: "{{ aws_ecr_endpoint }}/fulfillr:20230919.2233"
  tags: fulfillr

 - import_tasks: configuration-nginx.yml
@@ -60,6 +60,11 @@
    image: docker.io/owasp/modsecurity:nginx
  tags: nginx

+- import_tasks: container-nosql.yml
+  vars:
+    image: docker.io/redis:7.2.1-alpine
+  tags: nosql
+
 - import_tasks: container-sshpass-cron.yml
  vars:
    image: docker.io/bdebyl/sshpass-cron:1.0.11
--- a/ansible/vars/vault.yml
+++ b/ansible/vars/vault.yml