added factorio, removed satisfactory, firewall, fulfillr, ipv4 fixes

ansible/roles/podman/tasks/configuration-nginx-http.yml

@@ -61,17 +61,18 @@
     group: "{{ podman_user }}"
     mode: 0644
   loop:
+    - "{{ api_debyltech_server_name }}.conf"
     - "{{ assistant_server_name }}.conf"
     - "{{ bookstack_server_name }}.conf"
     - "{{ ci_server_name }}.http.conf"
     - "{{ cloud_server_name }}.conf"
+    - "{{ fulfillr_server_name }}.conf"
     - "{{ home_server_name }}.conf"
     - "{{ logs_server_name }}.conf"
     - "{{ parts_server_name }}.conf"
     - "{{ photos_server_name }}.conf"
     - "{{ pi_server_name }}.conf"
     - "{{ video_server_name }}.conf"
-    - "{{ api_debyltech_server_name }}.conf"
   notify:
     - restorecon podman
     - restart nginx
@@ -86,17 +87,18 @@
     group: "{{ podman_user }}"
     state: link
   loop:
+    - "{{ api_debyltech_server_name }}.conf"
     - "{{ assistant_server_name }}.conf"
     - "{{ bookstack_server_name }}.conf"
     - "{{ ci_server_name }}.http.conf"
     - "{{ cloud_server_name }}.conf"
+    - "{{ fulfillr_server_name }}.conf"
     - "{{ home_server_name }}.conf"
     - "{{ logs_server_name }}.conf"
     - "{{ parts_server_name }}.conf"
     - "{{ photos_server_name }}.conf"
     - "{{ pi_server_name }}.conf"
     - "{{ video_server_name }}.conf"
-    - "{{ api_debyltech_server_name }}.conf"
   notify:
     - restorecon podman
     - restart nginx

ansible/roles/podman/tasks/container-debyltech.yml

@@ -1,51 +0,0 @@
----
-- name: create required debyltech volumes
-  become: true
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: directory
-    owner: "{{ podman_subuid.stdout }}"
-    group: "{{ podman_subuid.stdout }}"
-    mode: 0755
-  notify: restorecon podman
-  loop:
-    - "{{ debyltech_path }}/api"
-    - "{{ debyltech_path }}/api/config"
-  tags: debyltech
-
-- name: template api.debyltech.com files
-  become: true
-  ansible.builtin.template:
-    src: "debyltech/{{ item }}.j2"
-    dest: "{{ debyltech_path }}/api/config/{{ item }}"
-    owner: "{{ podman_user }}"
-    group: "{{ podman_user }}"
-    mode: 0644
-  loop:
-    - "config.json"
-  tags: debyltech
-
-- name: create api.debyltech.com container
-  become: true
-  become_user: "{{ podman_user }}"
-  containers.podman.podman_container:
-    name: apidebyltech
-    image: docker.io/debyltech/go-snipcart-webhook:0.1.34
-    command: --config /conf/config.json --release
-    recreate: true
-    restart: true
-    restart_policy: on-failure:3
-    log_driver: journald
-    network:
-      - shared
-    volumes:
-      - "{{ debyltech_path }}/api/config:/conf"
-    ports:
-      - "8040:8080"
-  tags: debyltech
-
-- name: create systemd startup job for api.debyltech.com
-  include_tasks: systemd-generate.yml
-  vars:
-    container_name: apidebyltech
-  tags: debyltech

ansible/roles/podman/tasks/container-factorio.yml

@@ -0,0 +1,48 @@
+---
+- name: create factorio host directory volumes
+  become: true
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ podman_user }}"
+    group: "{{ podman_user }}"
+    mode: 0755
+  notify: restorecon podman
+  loop:
+    - "{{ factorio_path }}"
+  tags: factorio
+
+- name: unshare chown the elastic volume
+  become: true
+  become_user: "{{ podman_user }}"
+  changed_when: false
+  ansible.builtin.command: |
+    podman unshare chown -R 845:845 {{ factorio_path }}
+  tags: factorio
+
+- name: flush handlers
+  ansible.builtin.meta: flush_handlers
+  tags: factorio
+
+- name: create factorio server container
+  become: true
+  become_user: "{{ podman_user }}"
+  containers.podman.podman_container:
+    name: factorio
+    image: docker.io/factoriotools/factorio:1.1.80
+    recreate: true
+    restart: true
+    restart_policy: on-failure:3
+    log_driver: journald
+    volumes:
+      - "{{ factorio_path }}:/factorio"
+    ports:
+      - 34197:34197/udp
+      - 27015:27015/tcp
+  tags: factorio
+
+- name: create systemd startup job for factorio
+  include_tasks: systemd-generate.yml
+  vars:
+    container_name: factorio
+  tags: factorio

ansible/roles/podman/tasks/container-fulfillr.yml

@@ -0,0 +1,54 @@
+---
+- name: create fulfillr host directory volumes
+  become: true
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ podman_user }}"
+    group: "{{ podman_user }}"
+    mode: 0755
+  notify: restorecon podman
+  loop:
+    - "{{ fulfillr_path }}"
+  tags: fulfillr
+
+- name: template fulfillr config
+  become: true
+  ansible.builtin.template:
+    src: "templates/fulfillr/{{ item }}.j2"
+    dest: "{{ fulfillr_path }}/{{ item }}"
+    owner: "{{ podman_user }}"
+    group: "{{ podman_user }}"
+    mode: 0644
+  loop:
+    - production.json
+  notify:
+    - restorecon podman
+  tags: fulfillr
+
+- name: flush handlers
+  ansible.builtin.meta: flush_handlers
+  tags: fulfillr
+
+- name: create fulfillr server container
+  become: true
+  become_user: "{{ podman_user }}"
+  containers.podman.podman_container:
+    name: fulfillr
+    image: "{{ aws_ecr_endpoint }}/fulfillr:20230503.1557"
+    command: --config /config/production.json
+    recreate: true
+    restart: true
+    restart_policy: on-failure:3
+    log_driver: journald
+    volumes:
+      - "{{ fulfillr_path }}:/config"
+    ports:
+      - 9054:8080/tcp
+  tags: fulfillr
+
+- name: create systemd startup job for fulfillr
+  include_tasks: systemd-generate.yml
+  vars:
+    container_name: fulfillr
+  tags: fulfillr

ansible/roles/podman/tasks/container-satisfactory.yml

@@ -1,46 +0,0 @@
----
-- name: create satisfactory host directory volumes
-  become: true
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: directory
-    owner: "{{ podman_user }}"
-    group: "{{ podman_user }}"
-    mode: 0755
-  notify: restorecon podman
-  loop:
-    - "{{ satisfactory_path }}/config"
-  tags: satisfactory
-
-- name: flush handlers
-  ansible.builtin.meta: flush_handlers
-  tags: satisfactory
-
-- name: create satisfactory server container
-  become: true
-  become_user: "{{ podman_user }}"
-  containers.podman.podman_container:
-    name: satisfactory
-    image: docker.io/wolveix/satisfactory-server:latest
-    recreate: true
-    restart: true
-    restart_policy: on-failure:3
-    log_driver: journald
-    memory: 16g
-    memory_reservation: 12g
-    volumes:
-      - "{{ satisfactory_path }}/config:/config"
-    env:
-      MAXPLAYERS: 4
-      STEAMBETA: "false"
-    ports:
-      - "7777:7777/udp"
-      - "15000:15000/udp"
-      - "15777:15777/udp"
-  tags: satisfactory
-
-- name: create systemd startup job for satisfactory
-  include_tasks: systemd-generate.yml
-  vars:
-    container_name: satisfactory
-  tags: satisfactory

ansible/roles/podman/tasks/firewall.yml

@@ -5,23 +5,29 @@
     port: "{{ item }}"
     permanent: true
     immediate: true
-    zone: "public"
     state: enabled
   loop:
     - "{{ syslog_udp_default }}/udp"
     - "{{ syslog_udp_error }}/udp"
     - "{{ syslog_udp_unifi }}/udp"
-    - 1153/tcp
-    - 1153/udp
+    # nginx
+    - 80/tcp
     - 443/tcp
+    # pihole (unused?)
     - 53/tcp
     - 53/udp
+    # pihole (iptables preroute)
+    - 1153/tcp
+    - 1153/udp
+    # ???
     - 6875/tcp
-    - 80/tcp
-    # satisfactory
+    # Satisfactory
     - 7777/udp
     - 15000/udp
     - 15777/udp
+    # Factorio
+    - 27015/tcp
+    - 34197/udp
   notify: restart firewalld
   tags: firewall
 
@@ -31,7 +37,6 @@
     port: "{{ item }}"
     permanent: true
     immediate: true
-    zone: "public"
     state: disabled
   loop:
     - 2456/udp

ansible/roles/podman/tasks/main.yml

@@ -11,6 +11,6 @@
 - import_tasks: container-bookstack.yml
 - import_tasks: container-photos.yml
 - import_tasks: container-cloud.yml
-- import_tasks: container-debyltech.yml
+- import_tasks: container-fulfillr.yml
 - import_tasks: container-nginx.yml
-- import_tasks: container-satisfactory.yml
+- import_tasks: container-factorio.yml