chore: gitea-actions improvements, graylog/fluent-bit logging, zomboid mod

- Gitea actions: add handlers, improve deps and service template - Graylog: simplify container config, add Caddy reverse proxy - Add fluent-bit container for log forwarding - Add ClimbDownRope mod (Workshop ID: 3000725405) to zomboid 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-03 17:20:18 -05:00
parent 5832497bbd
commit cf200d82d6
13 changed files with 188 additions and 69 deletions
--- a/ansible/roles/podman/tasks/containers/base/fluent-bit.yml
+++ b/ansible/roles/podman/tasks/containers/base/fluent-bit.yml
@@ -0,0 +1,45 @@
+---
+# Fluent Bit - Log forwarder from journald to Graylog GELF
+# Deployed as systemd service (not container) for direct journal access
+
+# Clean up old container deployment if it exists
+- name: stop and remove fluent-bit container if exists
+  become: true
+  become_user: "{{ podman_user }}"
+  containers.podman.podman_container:
+    name: fluent-bit
+    state: absent
+  ignore_errors: true
+
+- name: disable old fluent-bit container systemd service
+  become: true
+  become_user: "{{ podman_user }}"
+  ansible.builtin.systemd:
+    name: fluent-bit
+    enabled: false
+    state: stopped
+    scope: user
+  ignore_errors: true
+
+- name: install fluent-bit package
+  become: true
+  ansible.builtin.dnf:
+    name: fluent-bit
+    state: present
+
+- name: deploy fluent-bit configuration
+  become: true
+  ansible.builtin.template:
+    src: fluent-bit/fluent-bit.conf.j2
+    dest: /etc/fluent-bit/fluent-bit.conf
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart fluent-bit
+
+- name: enable and start fluent-bit service
+  become: true
+  ansible.builtin.systemd:
+    name: fluent-bit
+    enabled: true
+    state: started
--- a/ansible/roles/podman/tasks/containers/debyltech/graylog.yml
+++ b/ansible/roles/podman/tasks/containers/debyltech/graylog.yml
@@ -1,6 +1,6 @@
 ---
 # Graylog Logging Stack
-# Deploys MongoDB, OpenSearch, Graylog, and GELF decryption proxy
+# Deploys MongoDB, OpenSearch, and Graylog

 # System prerequisite: OpenSearch requires increased virtual memory
 - name: set vm.max_map_count for OpenSearch
@@ -72,12 +72,10 @@
  tags: graylog

 # MongoDB container
- name: pull graylog-mongo image
-  become: true
-  become_user: "{{ podman_user }}"
-  containers.podman.podman_image:
-    name: docker.io/mongo:6
-    state: present
+- import_tasks: podman/podman-check.yml
+  vars:
+    container_name: graylog-mongo
+    container_image: docker.io/mongo:6
  tags: graylog

 - name: create graylog-mongo container
@@ -87,7 +85,6 @@
    name: graylog-mongo
    image: docker.io/mongo:6
    state: started
-    recreate: true
    restart_policy: on-failure:3
    log_driver: journald
    volumes:
@@ -103,12 +100,10 @@
  tags: graylog

 # OpenSearch container
- name: pull graylog-opensearch image
-  become: true
-  become_user: "{{ podman_user }}"
-  containers.podman.podman_image:
-    name: docker.io/opensearchproject/opensearch:2
-    state: present
+- import_tasks: podman/podman-check.yml
+  vars:
+    container_name: graylog-opensearch
+    container_image: docker.io/opensearchproject/opensearch:2
  tags: graylog

 - name: create graylog-opensearch container
@@ -118,7 +113,6 @@
    name: graylog-opensearch
    image: docker.io/opensearchproject/opensearch:2
    state: started
-    recreate: true
    restart_policy: on-failure:3
    log_driver: journald
    env:
@@ -138,16 +132,14 @@
  tags: graylog

 # Graylog container
- name: pull graylog image
-  become: true
-  become_user: "{{ podman_user }}"
-  containers.podman.podman_image:
-    name: docker.io/graylog/graylog:6.0
-    state: present
+- import_tasks: podman/podman-check.yml
+  vars:
+    container_name: graylog
+    container_image: docker.io/graylog/graylog:6.0
  tags: graylog

 # Graylog uses host network to reach MongoDB/OpenSearch on 127.0.0.1
-# Binds to: 9000 (web UI), 12202 (GELF UDP from gelf-proxy)
+# Binds to: 9000 (web UI), 12202 (GELF HTTP input proxied via Caddy)
 - name: create graylog container
  become: true
  become_user: "{{ podman_user }}"
@@ -155,7 +147,6 @@
    name: graylog
    image: docker.io/graylog/graylog:6.0
    state: started
-    recreate: true
    restart_policy: on-failure:3
    log_driver: journald
    network: host
@@ -178,38 +169,3 @@
  vars:
    container_name: graylog
  tags: graylog
-
-# GELF Decryption Proxy (container)
- import_tasks: gitea/podman-gitea-login.yml
-  tags: graylog
-
- name: pull gelf-proxy image
-  become: true
-  become_user: "{{ podman_user }}"
-  containers.podman.podman_image:
-    name: "{{ gelf_proxy_image }}"
-    state: present
-  tags: graylog
-
- name: create gelf-proxy container
-  become: true
-  become_user: "{{ podman_user }}"
-  containers.podman.podman_container:
-    name: gelf-proxy
-    image: "{{ gelf_proxy_image }}"
-    state: started
-    recreate: true
-    restart_policy: on-failure:3
-    log_driver: journald
-    network: host
-    env:
-      GELF_KEY: "{{ gelf_encryption_key }}"
-      GELF_LISTEN: ":12201"
-      GELF_FORWARD: "127.0.0.1:12202"
-  tags: graylog
-
- name: create systemd startup job for gelf-proxy
-  include_tasks: podman/systemd-generate.yml
-  vars:
-    container_name: gelf-proxy
-  tags: graylog
--- a/ansible/roles/podman/tasks/firewall.yml
+++ b/ansible/roles/podman/tasks/firewall.yml
@@ -69,5 +69,7 @@
    - 1080/tcp
    - 1443/tcp
    - 7000/tcp
+    # gelf-proxy (removed - now using GELF HTTP via Caddy)
+    - 12201/udp
  notify: restart firewalld
  tags: firewall
--- a/ansible/roles/podman/tasks/main.yml
+++ b/ansible/roles/podman/tasks/main.yml
@@ -81,6 +81,12 @@
    image: docker.io/louislam/uptime-kuma:1
  tags: debyltech, uptime-kuma

+- import_tasks: containers/debyltech/graylog.yml
+  tags: debyltech, graylog
+
+- import_tasks: containers/base/fluent-bit.yml
+  tags: fluent-bit, graylog
+
 - import_tasks: containers/home/nosql.yml
  vars:
    image: docker.io/redis:7.2.1-alpine