From 303e16c1a2d1cd7a44e45248b5b71d7ddfae2a12 Mon Sep 17 00:00:00 2001 From: Kevin Heyer Date: Sun, 24 Aug 2025 09:39:07 +0200 Subject: [PATCH 1/9] add .ansible --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index fd3f0ad..41831c3 100644 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,7 @@ ansible/inventory/ *.secret ansible/.vault-* ansible/.ansible +.ansible # Packer Files packer/credentials.pkr.hcl From f49a0596754549440c08efa428a7f78ecbc43955 Mon Sep 17 00:00:00 2001 From: Kevin Heyer Date: Sun, 24 Aug 2025 09:39:19 +0200 Subject: [PATCH 2/9] Add Container Mailarchive --- .../defaults/main.yml | 13 +++ .../files/.gitkeep | 0 .../handlers/main.yml | 0 .../meta/main.yml | 0 .../tasks/main.yml | 26 ++++++ .../templates/.env.j2 | 13 +++ .../templates/docker-compose.yml.j2 | 80 +++++++++++++++++++ .../vars/main.yml | 1 + 8 files changed, 133 insertions(+) create mode 100644 ansible/roles/deploy_container_mailarchive/defaults/main.yml create mode 100644 ansible/roles/deploy_container_mailarchive/files/.gitkeep create mode 100644 ansible/roles/deploy_container_mailarchive/handlers/main.yml create mode 100644 ansible/roles/deploy_container_mailarchive/meta/main.yml create mode 100644 ansible/roles/deploy_container_mailarchive/tasks/main.yml create mode 100644 ansible/roles/deploy_container_mailarchive/templates/.env.j2 create mode 100644 ansible/roles/deploy_container_mailarchive/templates/docker-compose.yml.j2 create mode 100644 ansible/roles/deploy_container_mailarchive/vars/main.yml diff --git a/ansible/roles/deploy_container_mailarchive/defaults/main.yml b/ansible/roles/deploy_container_mailarchive/defaults/main.yml new file mode 100644 index 0000000..5f6a527 --- /dev/null +++ b/ansible/roles/deploy_container_mailarchive/defaults/main.yml @@ -0,0 +1,13 @@ +container_mailarchive_version: latest +container_mailarchive_domain: mailarchive.example.com +container_mailarchive_postgres_version: 17-alpine +container_mailarchive_postgres_user: postgres_user +container_mailarchive_postgres_password: postgres_password +container_mailarchive_auth_enable: true +container_mailarchive_auth_user: login_user +container_mailarchive_auth_password: login_password +container_mailarchive_session_timeout: 60 # Minutes +container_mailarchive_sync_interval: 15 # Minutes +container_mailarchive_sync_timeout: 60 # Minutes +container_mailarchive_connection_timeout: 180 # Seconds +container_mailarchive_command_timeout: 60 # Seconds diff --git a/ansible/roles/deploy_container_mailarchive/files/.gitkeep b/ansible/roles/deploy_container_mailarchive/files/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/deploy_container_mailarchive/handlers/main.yml b/ansible/roles/deploy_container_mailarchive/handlers/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/deploy_container_mailarchive/meta/main.yml b/ansible/roles/deploy_container_mailarchive/meta/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/deploy_container_mailarchive/tasks/main.yml b/ansible/roles/deploy_container_mailarchive/tasks/main.yml new file mode 100644 index 0000000..13f65e1 --- /dev/null +++ b/ansible/roles/deploy_container_mailarchive/tasks/main.yml @@ -0,0 +1,26 @@ +--- +- name: Ensure data directories exist + ansible.builtin.file: + path: "{{ container_base_dir }}/{{ item.dir }}" + state: directory + mode: '0755' + become: false + loop: + - {dir: "data/db"} + +- name: Deploy Docker Compose and .env files + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ container_base_dir }}/{{ item.dest }}" + mode: '0644' + loop: + - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } + - { src: '.env.j2', dest: '.env' } + become: false + +- name: Start Container + community.docker.docker_compose_v2: + project_src: "{{ container_base_dir }}" + pull: always + docker_host: "unix:///run/user/1000/docker.sock" + become: false diff --git a/ansible/roles/deploy_container_mailarchive/templates/.env.j2 b/ansible/roles/deploy_container_mailarchive/templates/.env.j2 new file mode 100644 index 0000000..b44351c --- /dev/null +++ b/ansible/roles/deploy_container_mailarchive/templates/.env.j2 @@ -0,0 +1,13 @@ +MAILARCHIVE_VERSION={{ container_mailarchive_version }} +MAILARCHIVE_DOMAIN={{ container_mailarchive_domain }} +POSTGRES_VERSION={{ container_mailarchive_postgres_version }} +DB_USER={{ container_mailarchive_postgres_user }} +DB_PASSWORD={{ container_mailarchive_postgres_password }} +AUTH_ENABLE={{ container_mailarchive_auth_enable }} +AUTH_USER={{ container_mailarchive_auth_user }} +AUTH_PASSWORD={{ container_mailarchive_auth_password }} +AUTH_SESSION_TIMEOUT_IN_MINUTES={{ container_mailarchive_session_timeout }} +MAIL_SYNC_INTERVAL_IN_MINUTES={{ container_mailarchive_sync_interval }} +MAIL_SYNC_TIMEOUT_IN_MINUTES={{ container_mailarchive_sync_timeout }} +MAIL_CONNECTION_TIMEOUT_IN_SECONDS={{ container_mailarchive_connection_timeout }} +MAIL_COMMAND_TIMEOUT_IN_SECONDS={{ container_mailarchive_command_timeout }} \ No newline at end of file diff --git a/ansible/roles/deploy_container_mailarchive/templates/docker-compose.yml.j2 b/ansible/roles/deploy_container_mailarchive/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..b970819 --- /dev/null +++ b/ansible/roles/deploy_container_mailarchive/templates/docker-compose.yml.j2 @@ -0,0 +1,80 @@ +--- +services: + mailarchive: + image: s1t5/mailarchiver:${MAILARCHIVE_VERSION} + container_name: mailarchive + restart: always + networks: + - traefik + - mailarchive + environment: + # Database Connection + - ConnectionStrings__DefaultConnection=Host=postgres;Database=MailArchiver;Username=${DB_USER};Password=${DB_PASSWORD}; + + # Authentication Settings + - Authentication__Enabled=${AUTH_ENABLE} + - Authentication__Username=${AUTH_USER} + - Authentication__Password=${AUTH_PASSWORD} + - Authentication__SessionTimeoutMinutes=${AUTH_SESSION_TIMEOUT_IN_MINUTES} + - Authentication__CookieName=MailArchiverAuth + + # MailSync Settings + - MailSync__IntervalMinutes=${MAIL_SYNC_INTERVAL_IN_MINUTES} + - MailSync__TimeoutMinutes=${MAIL_SYNC_TIMEOUT_IN_MINUTES} + - MailSync__ConnectionTimeoutSeconds=${MAIL_CONNECTION_TIMEOUT_IN_SECONDS} + - MailSync__CommandTimeoutSeconds=${MAIL_COMMAND_TIMEOUT_IN_SECONDS} + + # BatchRestore Settings + - BatchRestore__AsyncThreshold=50 + - BatchRestore__MaxSyncEmails=150 + - BatchRestore__MaxAsyncEmails=50000 + - BatchRestore__SessionTimeoutMinutes=30 + - BatchRestore__DefaultBatchSize=50 + + # BatchOperation Settings + - BatchOperation__BatchSize=50 + - BatchOperation__PauseBetweenEmailsMs=50 + - BatchOperation__PauseBetweenBatchesMs=250 + + # Npgsql Settings + - Npgsql__CommandTimeout=900 + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik" + - "traefik.http.routers.mailarchive.entrypoints=http" + - "traefik.http.routers.mailarchive.rule=Host(`${MAILARCHIVE_DOMAIN}`)" + - "traefik.http.middlewares.mailarchive-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.mailarchive.middlewares=mailarchive-https-redirect" + - "traefik.http.routers.mailarchive-secure.entrypoints=https" + - "traefik.http.routers.mailarchive-secure.rule=Host(`${MAILARCHIVE_DOMAIN}`)" + - "traefik.http.routers.mailarchive-secure.tls=true" + - "traefik.http.routers.mailarchive-secure.service=mailarchive" + - "traefik.http.services.mailarchive.loadbalancer.server.port=5000" + depends_on: + postgres: + condition: service_healthy + + + postgres: + image: postgres:${POSTGRES_VERSION} + container_name: mailarchive-db + restart: always + environment: + POSTGRES_DB: MailArchiver + POSTGRES_USER: ${DB_USER} + POSTGRES_PASSWORD: ${DB_PASSWORD} + volumes: + - ./data/db:/var/lib/postgresql/data + networks: + - mailarchive + healthcheck: + test: ["CMD-SHELL", "pg_isready -U mailuser -d MailArchiver"] + interval: 10s + timeout: 5s + retries: 5 + start_period: 10s + +networks: + traefik: + external: true + postgres: \ No newline at end of file diff --git a/ansible/roles/deploy_container_mailarchive/vars/main.yml b/ansible/roles/deploy_container_mailarchive/vars/main.yml new file mode 100644 index 0000000..944d7f2 --- /dev/null +++ b/ansible/roles/deploy_container_mailarchive/vars/main.yml @@ -0,0 +1 @@ +container_base_dir: /opt/docker/mailarchive From 62ae1635fd9a829cf250da46fdbf5e5a6724aeaa Mon Sep 17 00:00:00 2001 From: Kevin Heyer Date: Sun, 24 Aug 2025 10:00:55 +0200 Subject: [PATCH 3/9] Fix wrong network --- .../templates/docker-compose.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/deploy_container_mailarchive/templates/docker-compose.yml.j2 b/ansible/roles/deploy_container_mailarchive/templates/docker-compose.yml.j2 index b970819..ea570d1 100644 --- a/ansible/roles/deploy_container_mailarchive/templates/docker-compose.yml.j2 +++ b/ansible/roles/deploy_container_mailarchive/templates/docker-compose.yml.j2 @@ -77,4 +77,4 @@ services: networks: traefik: external: true - postgres: \ No newline at end of file + mailarchive: \ No newline at end of file From d605c7f63ad518d2472bd8c7e2d7218941fb0455 Mon Sep 17 00:00:00 2001 From: Kevin Heyer Date: Sun, 24 Aug 2025 10:01:10 +0200 Subject: [PATCH 4/9] Add Comment --- ansible/roles/deploy_container_mailarchive/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/deploy_container_mailarchive/defaults/main.yml b/ansible/roles/deploy_container_mailarchive/defaults/main.yml index 5f6a527..7ac9aa7 100644 --- a/ansible/roles/deploy_container_mailarchive/defaults/main.yml +++ b/ansible/roles/deploy_container_mailarchive/defaults/main.yml @@ -1,4 +1,4 @@ -container_mailarchive_version: latest +container_mailarchive_version: latest # https://hub.docker.com/r/s1t5/mailarchiver/tags container_mailarchive_domain: mailarchive.example.com container_mailarchive_postgres_version: 17-alpine container_mailarchive_postgres_user: postgres_user From 3a5df6a91143f93700e30557a2101831c46e0d89 Mon Sep 17 00:00:00 2001 From: Kevin Heyer Date: Sun, 24 Aug 2025 10:01:20 +0200 Subject: [PATCH 5/9] Add Container Mailarchive --- ansible/playbooks/heyer.systems/docker1.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ansible/playbooks/heyer.systems/docker1.yml b/ansible/playbooks/heyer.systems/docker1.yml index 4cd076e..ea9eccb 100644 --- a/ansible/playbooks/heyer.systems/docker1.yml +++ b/ansible/playbooks/heyer.systems/docker1.yml @@ -72,4 +72,9 @@ - authelia - sso - auth - - docker-container \ No newline at end of file + - docker-container + + - role: deploy_container_mailarchive + tags: + - mailarchive + - docker-container From 33bf94b69c45cd42f8a5e05e87fe29659b8d4d97 Mon Sep 17 00:00:00 2001 From: = <=> Date: Sun, 24 Aug 2025 20:59:43 +0200 Subject: [PATCH 6/9] add comment --- ansible/roles/deploy_container_habitica/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/deploy_container_habitica/defaults/main.yml b/ansible/roles/deploy_container_habitica/defaults/main.yml index 6a0bb4e..e20be06 100644 --- a/ansible/roles/deploy_container_habitica/defaults/main.yml +++ b/ansible/roles/deploy_container_habitica/defaults/main.yml @@ -1,7 +1,7 @@ ############ # Habitica # ############ -container_habitica_version: "latest" +container_habitica_version: "latest" # https://hub.docker.com/r/awinterstein/habitica-server/tags container_habitica_mongo_version: "6.0" container_habitica_domain: "habitica.example.com" container_habitica_mail_server: "mail.example.com" From 0d344da6645782c4cdb26805d8ef344718dd82a4 Mon Sep 17 00:00:00 2001 From: = <=> Date: Sun, 24 Aug 2025 21:00:05 +0200 Subject: [PATCH 7/9] fix wrong file type --- .../templates/{docker-compose.yml => docker-compose.yml.j2} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename ansible/roles/deploy_container_habitica/templates/{docker-compose.yml => docker-compose.yml.j2} (100%) diff --git a/ansible/roles/deploy_container_habitica/templates/docker-compose.yml b/ansible/roles/deploy_container_habitica/templates/docker-compose.yml.j2 similarity index 100% rename from ansible/roles/deploy_container_habitica/templates/docker-compose.yml rename to ansible/roles/deploy_container_habitica/templates/docker-compose.yml.j2 From a4ad4f47cedc4b6e861a79b4ff079123ba2e3723 Mon Sep 17 00:00:00 2001 From: = <=> Date: Sun, 24 Aug 2025 21:00:39 +0200 Subject: [PATCH 8/9] fix tasks --- .../defaults/main.yml | 5 ++- .../tasks/main.yml | 34 +++++++++++++++++-- 2 files changed, 34 insertions(+), 5 deletions(-) diff --git a/ansible/roles/create_image_debian-minimal/defaults/main.yml b/ansible/roles/create_image_debian-minimal/defaults/main.yml index 866c1e1..4118eac 100644 --- a/ansible/roles/create_image_debian-minimal/defaults/main.yml +++ b/ansible/roles/create_image_debian-minimal/defaults/main.yml @@ -5,9 +5,8 @@ ssh_key_url: "https://skulldev.de/Skull-IT/trusted-ssh-keys/raw/branch/main/trus image_output_dir: "/tmp/packer_images" -debian_iso_url: "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.11.0-amd64-netinst.iso" -debian_iso_checksum_url: "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA256SUMS" -# https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA256SUMS +debian_iso_url: "https://cdimage.debian.org/mirror/cdimage/archive/12.11.0/amd64/iso-cd/debian-12.11.0-amd64-netinst.iso" +debian_iso_checksum_url: "https://cdimage.debian.org/mirror/cdimage/archive/12.11.0/amd64/iso-cd/SHA256SUMS" debian_iso_filename: "debian-12.11.0-amd64-netinst.iso" ssh_username: "localadmin" diff --git a/ansible/roles/create_image_debian-minimal/tasks/main.yml b/ansible/roles/create_image_debian-minimal/tasks/main.yml index ddf8c42..df3fe44 100644 --- a/ansible/roles/create_image_debian-minimal/tasks/main.yml +++ b/ansible/roles/create_image_debian-minimal/tasks/main.yml @@ -56,21 +56,51 @@ dest: "{{ image_output_dir }}/http/preseed.cfg" mode: '0644' +- name: Remove old Debian ISO checksums file if exists + ansible.builtin.file: + path: /tmp/debian_sha256sums.txt + state: absent + - name: Download Debian ISO checksums ansible.builtin.get_url: url: "{{ debian_iso_checksum_url }}" dest: /tmp/debian_sha256sums.txt mode: '0644' +- name: Download Debian ISO checksums + ansible.builtin.get_url: + url: "{{ debian_iso_checksum_url }}" + dest: /tmp/debian_sha256sums.txt + mode: '0644' + +- name: Debug - show checksum file content (with special chars visible) + ansible.builtin.shell: cat -A /tmp/debian_sha256sums.txt + register: checksum_file_content + changed_when: false + +- debug: + var: checksum_file_content.stdout_lines + +- name: Debug - show variable value + debug: + var: debian_iso_filename + - name: Extract checksum for ISO ansible.builtin.shell: | - grep "{{ debian_iso_filename }}" /tmp/debian_sha256sums.txt | awk '{ print $1 }' + awk '{gsub(/\r/, ""); if ($2 == "{{ debian_iso_filename }}") {print $1; exit}}' /tmp/debian_sha256sums.txt + args: + executable: /bin/bash register: debian_iso_checksum_result changed_when: false +- name: Fail if checksum not found + ansible.builtin.fail: + msg: "Could not find SHA256 for {{ debian_iso_filename }} in {{ debian_iso_checksum_url }}" + when: (debian_iso_checksum_result.stdout | trim) == "" + - name: Set fact with full checksum string ansible.builtin.set_fact: - debian_iso_checksum: "sha256:{{ debian_iso_checksum_result.stdout }}" + debian_iso_checksum: "sha256:{{ debian_iso_checksum_result.stdout | trim }}" - name: Template Packer HCL config ansible.builtin.template: From 776371cec88c52c3e092b070435b7da001dae2d9 Mon Sep 17 00:00:00 2001 From: = <=> Date: Sun, 24 Aug 2025 21:01:24 +0200 Subject: [PATCH 9/9] Add Container habitica --- ansible/playbooks/heyer.systems/docker1.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ansible/playbooks/heyer.systems/docker1.yml b/ansible/playbooks/heyer.systems/docker1.yml index 4cd076e..c98d6af 100644 --- a/ansible/playbooks/heyer.systems/docker1.yml +++ b/ansible/playbooks/heyer.systems/docker1.yml @@ -72,4 +72,9 @@ - authelia - sso - auth + - docker-container + + - role: deploy_container_habitica + tags: + - habitica - docker-container \ No newline at end of file