From 680badad926deb011d2d5d1120299f9240a772b2 Mon Sep 17 00:00:00 2001 From: Kevin Heyer Date: Sun, 15 Jun 2025 20:22:55 +0200 Subject: [PATCH 01/13] add Container Koito --- .../deploy_container_koito/defaults/main.yml | 4 ++ .../deploy_container_koito/handlers/main.yml | 0 roles/deploy_container_koito/meta/main.yml | 0 roles/deploy_container_koito/tasks/main.yml | 27 +++++++++++ .../deploy_container_koito/templates/.env.j2 | 3 ++ .../templates/docker-compose.yml.j2 | 47 +++++++++++++++++++ roles/deploy_container_koito/vars/main.yml | 0 7 files changed, 81 insertions(+) create mode 100644 roles/deploy_container_koito/defaults/main.yml create mode 100644 roles/deploy_container_koito/handlers/main.yml create mode 100644 roles/deploy_container_koito/meta/main.yml create mode 100644 roles/deploy_container_koito/tasks/main.yml create mode 100644 roles/deploy_container_koito/templates/.env.j2 create mode 100644 roles/deploy_container_koito/templates/docker-compose.yml.j2 create mode 100644 roles/deploy_container_koito/vars/main.yml diff --git a/roles/deploy_container_koito/defaults/main.yml b/roles/deploy_container_koito/defaults/main.yml new file mode 100644 index 0000000..18796d0 --- /dev/null +++ b/roles/deploy_container_koito/defaults/main.yml @@ -0,0 +1,4 @@ +container_koito_version: latest +container_koito_domain: music.heyer.systems +container_koito_directory: /opt/docker/koito +container_koito_db_password: "super_secret_db_password" diff --git a/roles/deploy_container_koito/handlers/main.yml b/roles/deploy_container_koito/handlers/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/deploy_container_koito/meta/main.yml b/roles/deploy_container_koito/meta/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/deploy_container_koito/tasks/main.yml b/roles/deploy_container_koito/tasks/main.yml new file mode 100644 index 0000000..3e2c4aa --- /dev/null +++ b/roles/deploy_container_koito/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- name: Ensure data directories exist + ansible.builtin.file: + path: "{{ container_koito_directory }}/data/{{ item }}" + state: directory + mode: '0755' + loop: + - "db" + - "koito" + become: false + +- name: Deploy Docker Compose and .env files + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ container_koito_directory }}/{{ item.dest }}" + mode: '0644' + loop: + - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } + - { src: '.env.j2', dest: '.env' } + become: false + +- name: Start Container + community.docker.docker_compose_v2: + project_src: "{{ container_koito_directory }}" + pull: always + docker_host: "unix:///run/user/1000/docker.sock" + become: false diff --git a/roles/deploy_container_koito/templates/.env.j2 b/roles/deploy_container_koito/templates/.env.j2 new file mode 100644 index 0000000..406abf4 --- /dev/null +++ b/roles/deploy_container_koito/templates/.env.j2 @@ -0,0 +1,3 @@ +KOITO_VERSION={{ container_koito_version }} +KOITO_DOMAIN={{ container_koito_domain }} +KOITO_DB_PASSWORD={{ container_koito_db_password}} \ No newline at end of file diff --git a/roles/deploy_container_koito/templates/docker-compose.yml.j2 b/roles/deploy_container_koito/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..081e8c3 --- /dev/null +++ b/roles/deploy_container_koito/templates/docker-compose.yml.j2 @@ -0,0 +1,47 @@ +--- +services: + koito: + image: gabehf/koito:${KOITO_VERSION} + container_name: koito + depends_on: + - db + networks: + - traefik + - koito + environment: + - KOITO_DATABASE_URL=postgres://postgres:${KOITO_DB_PASSWORD}@db:5432/koitodb?sslmode=disable + - KOITO_ALLOWED_HOSTS=${KOITO_DOMAIN} + volumes: + - ./data/koito:/etc/koito + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik" + - "traefik.http.routers.koito.entrypoints=http" + - "traefik.http.routers.koito.rule=Host(`${KOITO_DOMAIN}`)" + - "traefik.http.middlewares.koito-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.koito.middlewares=koito-https-redirect" + - "traefik.http.routers.koito-secure.entrypoints=https" + - "traefik.http.routers.koito-secure.rule=Host(`${KOITO_DOMAIN}`)" + - "traefik.http.routers.koito-secure.tls=true" + - "traefik.http.routers.koito-secure.service=koito" + - "traefik.http.services.koito.loadbalancer.server.port=4110" + restart: unless-stopped + + db: + image: postgres:16 + container_name: koito-db + restart: unless-stopped + networks: + - koito + environment: + POSTGRES_DB: koitodb + POSTGRES_USER: postgres + POSTGRES_PASSWORD: ${KOITO_DB_PASSWORD} + volumes: + - ./data/db:/var/lib/postgresql/data + +networks: + traefik: + external: true + koito: + driver: bridge \ No newline at end of file diff --git a/roles/deploy_container_koito/vars/main.yml b/roles/deploy_container_koito/vars/main.yml new file mode 100644 index 0000000..e69de29 From 670bf4e36dfadb8f3a4474393a86921bea3b53b3 Mon Sep 17 00:00:00 2001 From: = <=> Date: Thu, 19 Jun 2025 08:51:10 +0200 Subject: [PATCH 02/13] add Container Wishlist --- .../defaults/main.yml | 41 ++++++++++++++++ .../handlers/main.yml | 0 roles/deploy_container_wishlist/meta/main.yml | 0 .../deploy_container_wishlist/tasks/main.yml | 24 +++++++++ .../templates/.env.j2 | 49 +++++++++++++++++++ .../templates/docker-compose.yml.j2 | 38 ++++++++++++++ 6 files changed, 152 insertions(+) create mode 100644 roles/deploy_container_wishlist/defaults/main.yml create mode 100644 roles/deploy_container_wishlist/handlers/main.yml create mode 100644 roles/deploy_container_wishlist/meta/main.yml create mode 100644 roles/deploy_container_wishlist/tasks/main.yml create mode 100644 roles/deploy_container_wishlist/templates/.env.j2 create mode 100644 roles/deploy_container_wishlist/templates/docker-compose.yml.j2 diff --git a/roles/deploy_container_wishlist/defaults/main.yml b/roles/deploy_container_wishlist/defaults/main.yml new file mode 100644 index 0000000..c846422 --- /dev/null +++ b/roles/deploy_container_wishlist/defaults/main.yml @@ -0,0 +1,41 @@ +container_wishlist_url: "wishlist.example.com" +container_wishlist_version: "latest" +container_wishlist_directory: "/opt/docker/wishlist" + +container_wishlist_db_prefix: "dbs/" +container_wishlist_db_log_file: "/dev/null" +container_wishlist_default_failure_redirect: "/login" +container_wishlist_port: 80 +container_wishlist_db_expose_port: "" +container_wishlist_proxy_server: "" +container_wishlist_secret: "" +container_wishlist_session_max_age: 604800000 +container_wishlist_site_title: "Christmas Community" +container_wishlist_short_title: "Christmas" +container_wishlist_root_url: "/" +container_wishlist_trust_proxy: "loopback" +container_wishlist_bulmaswatch: "default" +container_wishlist_update_check: "true" +container_wishlist_pfp: "true" +container_wishlist_language: "de-DE" + +container_wishlist_single_list: "false" +container_wishlist_lists_public: "false" +container_wishlist_table: "true" +container_wishlist_markdown: "false" + +container_wishlist_custom_html_login: "" +container_wishlist_custom_html_wishlists: "" +container_wishlist_custom_css: "" + +container_wishlist_google_client_id: "" +container_wishlist_google_client_secret: "" + +container_wishlist_oidc_client_id: "" +container_wishlist_oidc_client_secret: "" +container_wishlist_oidc_authorization_url: "https://accounts.google.com/o/oauth2/auth" +container_wishlist_oidc_token_url: "https://oauth2.googleapis.com/token" +container_wishlist_oidc_issuer: "https://accounts.google.com" +container_wishlist_oidc_provider_name: "Google" + +container_wishlist_upload_pfp_max_size: 5 diff --git a/roles/deploy_container_wishlist/handlers/main.yml b/roles/deploy_container_wishlist/handlers/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/deploy_container_wishlist/meta/main.yml b/roles/deploy_container_wishlist/meta/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/deploy_container_wishlist/tasks/main.yml b/roles/deploy_container_wishlist/tasks/main.yml new file mode 100644 index 0000000..c2836bb --- /dev/null +++ b/roles/deploy_container_wishlist/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: Ensure data directories exist + ansible.builtin.file: + path: "{{ container_wishlist_directory }}/data" + state: directory + mode: '0755' + become: false + +- name: Deploy Docker Compose and .env files + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ container_wishlist_directory }}/{{ item.dest }}" + mode: '0644' + loop: + - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } + - { src: '.env.j2', dest: '.env' } + become: false + +- name: Start Container + community.docker.docker_compose_v2: + project_src: "{{ container_wishlist_directory }}" + pull: always + docker_host: "unix:///run/user/1000/docker.sock" + become: false diff --git a/roles/deploy_container_wishlist/templates/.env.j2 b/roles/deploy_container_wishlist/templates/.env.j2 new file mode 100644 index 0000000..1ae041b --- /dev/null +++ b/roles/deploy_container_wishlist/templates/.env.j2 @@ -0,0 +1,49 @@ +## Traefik and Docker Options +WISHLIST_URL={{ container_wishlist_url }} +WISHLIST_VERSION={{ container_wishlist_version }} + +## Core Settings +DB_PREFIX={{ container_wishlist_db_prefix }} +DB_LOG_FILE={{ container_wishlist_db_log_file }} +DEFAULT_FAILURE_REDIRECT={{ container_wishlist_default_failure_redirect }} +PORT={{ container_wishlist_port }} +DB_EXPOSE_PORT={{ container_wishlist_db_expose_port }} +PROXY_SERVER={{ container_wishlist_proxy_server }} +SECRET={{ container_wishlist_secret }} +SESSION_MAX_AGE={{ container_wishlist_session_max_age }} +SITE_TITLE={{ container_wishlist_site_title }} +SHORT_TITLE={{ container_wishlist_short_title }} +ROOT_URL={{ container_wishlist_root_url }} +TRUST_PROXY={{ container_wishlist_trust_proxy }} +BULMASWATCH={{ container_wishlist_bulmaswatch }} +UPDATE_CHECK={{ container_wishlist_update_check }} +PFP={{ container_wishlist_pfp }} +LANGUAGE={{ container_wishlist_language }} + +## Wishlist Settings +SINGLE_LIST={{ container_wishlist_single_list }} +LISTS_PUBLIC={{ container_wishlist_lists_public }} +TABLE={{ container_wishlist_table }} +MARKDOWN={{ container_wishlist_markdown }} + +## Custom HTML Snippets +CUSTOM_HTML_LOGIN={{ container_wishlist_custom_html_login | default('') }} +CUSTOM_HTML_WISHLISTS={{ container_wishlist_custom_html_wishlists | default('') }} + +## Custom CSS +CUSTOM_CSS={{ container_wishlist_custom_css | default('') }} + +## Google Client Details +GOOGLE_CLIENT_ID={{ container_wishlist_google_client_id | default('') }} +GOOGLE_CLIENT_SECRET={{ container_wishlist_google_client_secret | default('') }} + +## OIDC Provider Details +OIDC_CLIENT_ID={{ container_wishlist_oidc_client_id | default('') }} +OIDC_CLIENT_SECRET={{ container_wishlist_oidc_client_secret | default('') }} +OIDC_AUTHORIZATION_URL={{ container_wishlist_oidc_authorization_url | default('') }} +OIDC_TOKEN_URL={{ container_wishlist_oidc_token_url | default('') }} +OIDC_ISSUER={{ container_wishlist_oidc_issuer | default('') }} +OIDC_PROVIDER_NAME={{ container_wishlist_oidc_provider_name | default('') }} + +## Profile picture upload max size in MB +UPLOAD_PFP_MAX_SIZE={{ container_wishlist_upload_pfp_max_size }} diff --git a/roles/deploy_container_wishlist/templates/docker-compose.yml.j2 b/roles/deploy_container_wishlist/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..2cf4a9a --- /dev/null +++ b/roles/deploy_container_wishlist/templates/docker-compose.yml.j2 @@ -0,0 +1,38 @@ +--- +services: + christmas-community: + image: wingysam/christmas-community:latest + container_name: wishlist + restart: always + volumes: + - ./data:/data + networks: + - traefik + environment: + SMILE: 'true' + # Table mode, set to 'false' to revert to box mode + TABLE: 'true' + # Single list mode + # (for weddings, birthdays, etc. only the admin account's list is accessible) + # Set to 'true' to enable + SINGLE_LIST: 'false' + # Some websites (like walmart) send headers that are larger than 8MB in + # length. If issues are encountered, set the node.js limit to a higher + # number than 8192 + #NODE_OPTIONS: "--max-http-header-size=32768" + labels: + - "traefik.enable=true" + - "traefik.http.routers.wishlist.entrypoints=http" + - "traefik.http.routers.wishlist.rule=Host(`${WISHLIST_URL}`)" + - "traefik.http.middlewares.wishlist-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.wishlist.middlewares=wishlist-https-redirect" + - "traefik.http.routers.wishlist-secure.entrypoints=https" + - "traefik.http.routers.wishlist-secure.rule=Host(`${WISHLIST_URL}`)" + - "traefik.http.routers.wishlist-secure.tls=true" + - "traefik.http.routers.wishlist-secure.service=wishlist" + - "traefik.http.services.wishlist.loadbalancer.server.port=80" + - "traefik.docker.network=traefik" + +networks: + traefik: + external: true \ No newline at end of file From 00cd858a1707a8d20229641a65b60df439c5dd5c Mon Sep 17 00:00:00 2001 From: = <=> Date: Thu, 19 Jun 2025 08:51:18 +0200 Subject: [PATCH 03/13] Add Container Wishlist --- roles/deploy_container_wishlist/vars/main.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 roles/deploy_container_wishlist/vars/main.yml diff --git a/roles/deploy_container_wishlist/vars/main.yml b/roles/deploy_container_wishlist/vars/main.yml new file mode 100644 index 0000000..e69de29 From e88394803a141004b8fc9f39d33e95a83b681a39 Mon Sep 17 00:00:00 2001 From: = <=> Date: Thu, 19 Jun 2025 08:51:41 +0200 Subject: [PATCH 04/13] add Cronjobs role --- .../server_install_cronjobs/defaults/main.yml | 4 ++++ roles/server_install_cronjobs/files/.gitkeep | 0 .../server_install_cronjobs/handlers/main.yml | 0 roles/server_install_cronjobs/meta/main.yml | 0 roles/server_install_cronjobs/tasks/main.yml | 24 +++++++++++++++++++ .../templates/.gitkeep | 0 roles/server_install_cronjobs/vars/main.yml | 0 7 files changed, 28 insertions(+) create mode 100644 roles/server_install_cronjobs/defaults/main.yml create mode 100644 roles/server_install_cronjobs/files/.gitkeep create mode 100644 roles/server_install_cronjobs/handlers/main.yml create mode 100644 roles/server_install_cronjobs/meta/main.yml create mode 100644 roles/server_install_cronjobs/tasks/main.yml create mode 100644 roles/server_install_cronjobs/templates/.gitkeep create mode 100644 roles/server_install_cronjobs/vars/main.yml diff --git a/roles/server_install_cronjobs/defaults/main.yml b/roles/server_install_cronjobs/defaults/main.yml new file mode 100644 index 0000000..baed72a --- /dev/null +++ b/roles/server_install_cronjobs/defaults/main.yml @@ -0,0 +1,4 @@ +server_install_cronjobs_directory: /etc/cron.d +server_install_cronjobs_files: + - src: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/server_install_cronjobs_files/your_cronjob" + dest: "your_cronjob" \ No newline at end of file diff --git a/roles/server_install_cronjobs/files/.gitkeep b/roles/server_install_cronjobs/files/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/roles/server_install_cronjobs/handlers/main.yml b/roles/server_install_cronjobs/handlers/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/server_install_cronjobs/meta/main.yml b/roles/server_install_cronjobs/meta/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/server_install_cronjobs/tasks/main.yml b/roles/server_install_cronjobs/tasks/main.yml new file mode 100644 index 0000000..0475461 --- /dev/null +++ b/roles/server_install_cronjobs/tasks/main.yml @@ -0,0 +1,24 @@ +- name: Update cache + ansible.builtin.apt: + update_cache: true + cache_valid_time: 3600 + +- name: Install Cron + ansible.builtin.apt: + name: cron + state: present + +- name: Activate Cron + ansible.builtin.service: + name: cron + enabled: true + state: started + +- name: Copy Cronjob-Files to Host + ansible.builtin.copy: + src: "{{ item.src }}" + dest: "{{ server_install_cronjobs_directory }}/{{ item.dest }}" + owner: root + group: root + mode: '0644' + loop: "{{ server_install_cronjobs_files }}" \ No newline at end of file diff --git a/roles/server_install_cronjobs/templates/.gitkeep b/roles/server_install_cronjobs/templates/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/roles/server_install_cronjobs/vars/main.yml b/roles/server_install_cronjobs/vars/main.yml new file mode 100644 index 0000000..e69de29 From 0549ced53b5c6a26518a52b71c6519563c81de6a Mon Sep 17 00:00:00 2001 From: = <=> Date: Thu, 19 Jun 2025 08:52:19 +0200 Subject: [PATCH 05/13] Add container wishlist and cronjobs role --- playbooks/heyer.systems/docker1.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/playbooks/heyer.systems/docker1.yml b/playbooks/heyer.systems/docker1.yml index 7db4be9..2ddf874 100644 --- a/playbooks/heyer.systems/docker1.yml +++ b/playbooks/heyer.systems/docker1.yml @@ -17,6 +17,11 @@ - syslog - system + - role: server_install_cronjobs + tags: + - cronjobs + - system + - role: deploy_container_traefik tags: - traefik @@ -26,3 +31,8 @@ tags: - homepage - docker-container + + - role: deploy_container_wishlist + tags: + - wishlist + - docker-container \ No newline at end of file From 928e83e8f9883e5b3b205622dee211d4b0e3af5b Mon Sep 17 00:00:00 2001 From: = <=> Date: Fri, 20 Jun 2025 23:39:12 +0200 Subject: [PATCH 06/13] add Excalidraw Container --- playbooks/heyer.systems/docker1.yml | 5 +++ .../defaults/main.yml | 3 ++ .../handlers/main.yml | 0 .../deploy_container_excalidraw/meta/main.yml | 0 .../tasks/main.yml | 39 +++++++++++++++++++ .../templates/.env.j2 | 5 +++ .../templates/docker-compose.yml.j2 | 34 ++++++++++++++++ .../deploy_container_excalidraw/vars/main.yml | 0 8 files changed, 86 insertions(+) create mode 100644 roles/deploy_container_excalidraw/defaults/main.yml create mode 100644 roles/deploy_container_excalidraw/handlers/main.yml create mode 100644 roles/deploy_container_excalidraw/meta/main.yml create mode 100644 roles/deploy_container_excalidraw/tasks/main.yml create mode 100644 roles/deploy_container_excalidraw/templates/.env.j2 create mode 100644 roles/deploy_container_excalidraw/templates/docker-compose.yml.j2 create mode 100644 roles/deploy_container_excalidraw/vars/main.yml diff --git a/playbooks/heyer.systems/docker1.yml b/playbooks/heyer.systems/docker1.yml index 2ddf874..214b89f 100644 --- a/playbooks/heyer.systems/docker1.yml +++ b/playbooks/heyer.systems/docker1.yml @@ -35,4 +35,9 @@ - role: deploy_container_wishlist tags: - wishlist + - docker-container + + - role: deploy_container_excalidraw + tags: + - excalidraw - docker-container \ No newline at end of file diff --git a/roles/deploy_container_excalidraw/defaults/main.yml b/roles/deploy_container_excalidraw/defaults/main.yml new file mode 100644 index 0000000..676cfd8 --- /dev/null +++ b/roles/deploy_container_excalidraw/defaults/main.yml @@ -0,0 +1,3 @@ +container_excalidraw_version: latest +container_excalidraw_domain: excalidraw.example.com +container_excalidraw_directory: /opt/docker/excalidraw diff --git a/roles/deploy_container_excalidraw/handlers/main.yml b/roles/deploy_container_excalidraw/handlers/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/deploy_container_excalidraw/meta/main.yml b/roles/deploy_container_excalidraw/meta/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/deploy_container_excalidraw/tasks/main.yml b/roles/deploy_container_excalidraw/tasks/main.yml new file mode 100644 index 0000000..e7ee337 --- /dev/null +++ b/roles/deploy_container_excalidraw/tasks/main.yml @@ -0,0 +1,39 @@ +--- +- name: Ensure data directories exist + ansible.builtin.file: + path: "{{ container_excalidraw_directory }}/data/{{ item }}" + state: directory + mode: '0755' + loop: + - "app" + - "node_modules" + - "app" + - "app" + become: false + +- name: Create neccessary Files + ansible.builtin.file: + path: "{{ traefik_container_dir }}/data/{{ item }}" + state: touch + mode: '0644' + loop: + - "package.json" + - "yarn.lock" + become: false + +- name: Deploy Docker Compose and .env files + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ container_excalidraw_directory }}/{{ item.dest }}" + mode: '0644' + loop: + - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } + - { src: '.env.j2', dest: '.env' } + become: false + +- name: Start Container + community.docker.docker_compose_v2: + project_src: "{{ container_excalidraw_directory }}" + pull: always + docker_host: "unix:///run/user/1000/docker.sock" + become: false diff --git a/roles/deploy_container_excalidraw/templates/.env.j2 b/roles/deploy_container_excalidraw/templates/.env.j2 new file mode 100644 index 0000000..31a59e6 --- /dev/null +++ b/roles/deploy_container_excalidraw/templates/.env.j2 @@ -0,0 +1,5 @@ +# Excalidraw Version (Standard: latest) # Excalidraw Version (Standard: latest) +EXCALIDRAW_VERSION={{ container_excalidraw_version }} + +# Excalidraw Domain +EXCALIDRAW_DOMAIN={{ container_excalidraw_domain }} \ No newline at end of file diff --git a/roles/deploy_container_excalidraw/templates/docker-compose.yml.j2 b/roles/deploy_container_excalidraw/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..839a172 --- /dev/null +++ b/roles/deploy_container_excalidraw/templates/docker-compose.yml.j2 @@ -0,0 +1,34 @@ +--- +services: + excalidraw: + image: excalidraw/excalidraw:${EXCALIDRAW_VERSION:-latest} + container_name: excalidraw + restart: on-failure + stdin_open: true + healthcheck: + disable: true + environment: + - NODE_ENV=development + networks: + - traefik + volumes: + - ./data/app:/opt/node_app/app:delegated + - ./data/package.json:/opt/node_app/package.json + - ./data/yarn.lock:/opt/node_app/yarn.lock + - ./data/node_modules:/opt/node_app/app/node_modules + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik" + - "traefik.http.routers.excalidraw.entrypoints=http" + - "traefik.http.routers.excalidraw.rule=Host(`${EXCALIDRAW_DOMAIN:?error}`)" + - "traefik.http.middlewares.excalidraw-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.excalidraw.middlewares=excalidraw-https-redirect" + - "traefik.http.routers.excalidraw-secure.entrypoints=https" + - "traefik.http.routers.excalidraw-secure.rule=Host(`${EXCALIDRAW_DOMAIN:?error}`)" + - "traefik.http.routers.excalidraw-secure.tls=true" + - "traefik.http.routers.excalidraw-secure.service=excalidraw" + - "traefik.http.services.excalidraw.loadbalancer.server.port=80" + +networks: + traefik: + external: true diff --git a/roles/deploy_container_excalidraw/vars/main.yml b/roles/deploy_container_excalidraw/vars/main.yml new file mode 100644 index 0000000..e69de29 From 9789cdd3459b972bedc40ddd0246311cddd0bdd5 Mon Sep 17 00:00:00 2001 From: = <=> Date: Fri, 20 Jun 2025 23:52:43 +0200 Subject: [PATCH 07/13] remove doubled direcotrys in creation tasks --- roles/deploy_container_excalidraw/tasks/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/deploy_container_excalidraw/tasks/main.yml b/roles/deploy_container_excalidraw/tasks/main.yml index e7ee337..1b1cbe9 100644 --- a/roles/deploy_container_excalidraw/tasks/main.yml +++ b/roles/deploy_container_excalidraw/tasks/main.yml @@ -7,8 +7,6 @@ loop: - "app" - "node_modules" - - "app" - - "app" become: false - name: Create neccessary Files From c9fff1a0c2b6262f0212a6f919d158f1ed75bb6f Mon Sep 17 00:00:00 2001 From: = <=> Date: Sat, 21 Jun 2025 09:07:11 +0200 Subject: [PATCH 08/13] add community.general --- requirements.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index d764e63..8bf3e31 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,3 +1,6 @@ --- collections: - - name: community.docker \ No newline at end of file + - name: community.general + version: ">=6.0.0" + - name: community.docker + version: ">=3.0.0" \ No newline at end of file From 39f64cc408fe1c795b57936a972655ef83585f9d Mon Sep 17 00:00:00 2001 From: = <=> Date: Sat, 21 Jun 2025 09:07:25 +0200 Subject: [PATCH 09/13] add lldap Container --- playbooks/heyer.systems/docker1.yml | 5 ++ .../deploy_container_lldap/defaults/main.yml | 15 ++++ .../deploy_container_lldap/handlers/main.yml | 0 roles/deploy_container_lldap/meta/main.yml | 4 ++ roles/deploy_container_lldap/tasks/main.yml | 71 +++++++++++++++++++ .../deploy_container_lldap/templates/.env.j2 | 4 ++ .../templates/docker-compose.yml.j2 | 36 ++++++++++ roles/deploy_container_lldap/vars/main.yml | 0 8 files changed, 135 insertions(+) create mode 100644 roles/deploy_container_lldap/defaults/main.yml create mode 100644 roles/deploy_container_lldap/handlers/main.yml create mode 100644 roles/deploy_container_lldap/meta/main.yml create mode 100644 roles/deploy_container_lldap/tasks/main.yml create mode 100644 roles/deploy_container_lldap/templates/.env.j2 create mode 100644 roles/deploy_container_lldap/templates/docker-compose.yml.j2 create mode 100644 roles/deploy_container_lldap/vars/main.yml diff --git a/playbooks/heyer.systems/docker1.yml b/playbooks/heyer.systems/docker1.yml index 214b89f..98ab198 100644 --- a/playbooks/heyer.systems/docker1.yml +++ b/playbooks/heyer.systems/docker1.yml @@ -40,4 +40,9 @@ - role: deploy_container_excalidraw tags: - excalidraw + - docker-container + + - role: deploy_container_lldap + tags: + - lldap - docker-container \ No newline at end of file diff --git a/roles/deploy_container_lldap/defaults/main.yml b/roles/deploy_container_lldap/defaults/main.yml new file mode 100644 index 0000000..908664e --- /dev/null +++ b/roles/deploy_container_lldap/defaults/main.yml @@ -0,0 +1,15 @@ +# Version of the LLDAP container image +container_lldap_version: "stable" # e.g., "latest" or a specific version + +# LDAP Base DN components +container_lldap_ldap_base_domain: "example" # First part of the LDAP Base DN (dc=example) +container_lldap_ldap_base_tld: "com" # Top-level domain part of the LDAP Base DN (dc=com) + +# Domain for Traefik / external access +container_lldap_domain: "ldap.example.com" # Fully qualified domain name for LLDAP service + +# LDAP admin user password +container_lldap_ldap_user_pass: "adminPas$word" # Admin password (can be replaced by secret file) + +# Base directory for container data (e.g., for volumes, secrets) +container_lldap_directory: "/opt/docker/lldap" # Base directory on the host for LLDAP data diff --git a/roles/deploy_container_lldap/handlers/main.yml b/roles/deploy_container_lldap/handlers/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/deploy_container_lldap/meta/main.yml b/roles/deploy_container_lldap/meta/main.yml new file mode 100644 index 0000000..d0ed71a --- /dev/null +++ b/roles/deploy_container_lldap/meta/main.yml @@ -0,0 +1,4 @@ +--- +collections: + - community.general + - community.docker \ No newline at end of file diff --git a/roles/deploy_container_lldap/tasks/main.yml b/roles/deploy_container_lldap/tasks/main.yml new file mode 100644 index 0000000..57b47f3 --- /dev/null +++ b/roles/deploy_container_lldap/tasks/main.yml @@ -0,0 +1,71 @@ +- name: Ensure data directories exist + ansible.builtin.file: + path: "{{ container_lldap_directory }}/{{ item }}" + state: directory + mode: '0755' + loop: + - "data" + - "secrets" + become: false + +- name: Check if jwt_secret file exists + ansible.builtin.stat: + path: "{{ container_lldap_directory }}/secrets/jwt_secret" + register: jwt_secret_stat + +- name: Check if key_seed file exists + ansible.builtin.stat: + path: "{{ container_lldap_directory }}/secrets/key_seed" + register: key_seed_stat + +- name: Generate JWT secret if not exists + set_fact: + jwt_secret: "{{ lookup('community.general.random_string', 'length=32 upper=true lower=true digits=true special=true override_special=!#%&()*+,-./:;<=>?@[]^_{|}~') }}" + when: not jwt_secret_stat.stat.exists + run_once: true + +- name: Generate Key Seed if not exists + set_fact: + key_seed: "{{ lookup('community.general.random_string', 'length=32 upper=true lower=true digits=true special=true override_special=!#%&()*+,-./:;<=>?@[]^_{|}~') }}" + when: not key_seed_stat.stat.exists + run_once: true + +- name: Copy JWT secret to host if generated + ansible.builtin.copy: + content: "{{ jwt_secret }}" + dest: "{{ container_lldap_directory }}/secrets/jwt_secret" + mode: '0644' + when: jwt_secret is defined + become: false + +- name: Copy Key Seed to host if generated + ansible.builtin.copy: + content: "{{ key_seed }}" + dest: "{{ container_lldap_directory }}/secrets/key_seed" + mode: '0644' + when: key_seed is defined + become: false + +- name: Write LDAP admin user password to file if not exists + ansible.builtin.copy: + content: "{{ container_lldap_ldap_user_pass }}" + dest: "{{ container_lldap_directory }}/secrets/ldap_user_pass" + mode: '0644' + become: false + +- name: Deploy Docker Compose and .env files + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ container_lldap_directory }}/{{ item.dest }}" + mode: '0644' + loop: + - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } + - { src: '.env.j2', dest: '.env' } + become: false + +- name: Start Container + community.docker.docker_compose_v2: + project_src: "{{ container_lldap_directory }}" + pull: always + docker_host: "unix:///run/user/1000/docker.sock" + become: false diff --git a/roles/deploy_container_lldap/templates/.env.j2 b/roles/deploy_container_lldap/templates/.env.j2 new file mode 100644 index 0000000..6311746 --- /dev/null +++ b/roles/deploy_container_lldap/templates/.env.j2 @@ -0,0 +1,4 @@ +LLDAP_VERSION={{ container_lldap_version }} +LDAP_BASE_DOMAIN={{ container_lldap_ldap_base_domain }} +LDAP_BASE_TLD={{ container_lldap_ldap_base_tld }} +LLDAP_DOMAIN={{ container_lldap_domain }} \ No newline at end of file diff --git a/roles/deploy_container_lldap/templates/docker-compose.yml.j2 b/roles/deploy_container_lldap/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..85b7f45 --- /dev/null +++ b/roles/deploy_container_lldap/templates/docker-compose.yml.j2 @@ -0,0 +1,36 @@ +--- +services: + lldap: + image: lldap/lldap:${LLDAP_VERSION:-stable} + container_name: lldap + volumes: + - "lldap_data:/data" + - "./secrets:/secrets:ro" + networks: + - traefik + environment: + - TZ=Europe/Berlin + - LLDAP_JWT_SECRET_FILE=/secrets/jwt_secret + - LLDAP_KEY_SEED_FILE=/secrets/key_seed + - LLDAP_LDAP_BASE_DN=dc=${LDAP_BASE_DOMAIN},dc=${LDAP_BASE_TLD} + - LLDAP_LDAP_USER_PASS_FILE=/secrets/ldap_user_pass + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik" + - "traefik.http.routers.lldap.entrypoints=http" + - "traefik.http.routers.lldap.rule=Host(`${LLDAP_DOMAIN}`)" + - "traefik.http.middlewares.lldap-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.lldap.middlewares=lldap-https-redirect" + - "traefik.http.routers.lldap-secure.entrypoints=https" + - "traefik.http.routers.lldap-secure.rule=Host(`${LLDAP_DOMAIN}`)" + - "traefik.http.routers.lldap-secure.tls=true" + - "traefik.http.routers.lldap-secure.service=lldap" + - "traefik.http.services.lldap.loadbalancer.server.port=17170" + +networks: + traefik: + external: true + +volumes: + lldap_data: + driver: local \ No newline at end of file diff --git a/roles/deploy_container_lldap/vars/main.yml b/roles/deploy_container_lldap/vars/main.yml new file mode 100644 index 0000000..e69de29 From 0b8c5754f33795e096be16457a999c90ee422620 Mon Sep 17 00:00:00 2001 From: = <=> Date: Wed, 25 Jun 2025 22:00:12 +0200 Subject: [PATCH 10/13] add sftp line for scp connection --- roles/server_install_ssh/templates/sshd_config.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/server_install_ssh/templates/sshd_config.j2 b/roles/server_install_ssh/templates/sshd_config.j2 index c4cded6..c262552 100644 --- a/roles/server_install_ssh/templates/sshd_config.j2 +++ b/roles/server_install_ssh/templates/sshd_config.j2 @@ -14,4 +14,5 @@ AllowTcpForwarding no PermitEmptyPasswords no PrintMotd no UseDNS no -Compression no \ No newline at end of file +Compression no +Subsystem sftp /usr/lib/openssh/sftp-server \ No newline at end of file From 8ff70bfaad50aab6d2e77c833c08fc3f08e7b299 Mon Sep 17 00:00:00 2001 From: = <=> Date: Wed, 25 Jun 2025 22:00:30 +0200 Subject: [PATCH 11/13] add Booklore Container --- playbooks/heyer.systems/docker1.yml | 7 ++- .../defaults/main.yml | 6 ++ .../handlers/main.yml | 0 roles/deploy_container_booklore/meta/main.yml | 0 .../deploy_container_booklore/tasks/main.yml | 28 +++++++++ .../templates/.env.j2 | 10 +++ .../templates/docker-compose.yml.j2 | 63 +++++++++++++++++++ roles/deploy_container_booklore/vars/main.yml | 0 8 files changed, 113 insertions(+), 1 deletion(-) create mode 100644 roles/deploy_container_booklore/defaults/main.yml create mode 100644 roles/deploy_container_booklore/handlers/main.yml create mode 100644 roles/deploy_container_booklore/meta/main.yml create mode 100644 roles/deploy_container_booklore/tasks/main.yml create mode 100644 roles/deploy_container_booklore/templates/.env.j2 create mode 100644 roles/deploy_container_booklore/templates/docker-compose.yml.j2 create mode 100644 roles/deploy_container_booklore/vars/main.yml diff --git a/playbooks/heyer.systems/docker1.yml b/playbooks/heyer.systems/docker1.yml index 98ab198..f88570b 100644 --- a/playbooks/heyer.systems/docker1.yml +++ b/playbooks/heyer.systems/docker1.yml @@ -45,4 +45,9 @@ - role: deploy_container_lldap tags: - lldap - - docker-container \ No newline at end of file + - docker-container + + - role: deploy_container_booklore + tags: + - booklore + - docker-container diff --git a/roles/deploy_container_booklore/defaults/main.yml b/roles/deploy_container_booklore/defaults/main.yml new file mode 100644 index 0000000..7fa2ebe --- /dev/null +++ b/roles/deploy_container_booklore/defaults/main.yml @@ -0,0 +1,6 @@ +container_booklore_version: latest +container_booklore_domain: booklore.example.com +container_booklore_directory: /opt/docker/booklore +container_booklore_db_root_password: super_duper_secret_root_password +container_booklore_db_user: db_user +container_booklore_db_password: super_secret_password \ No newline at end of file diff --git a/roles/deploy_container_booklore/handlers/main.yml b/roles/deploy_container_booklore/handlers/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/deploy_container_booklore/meta/main.yml b/roles/deploy_container_booklore/meta/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/deploy_container_booklore/tasks/main.yml b/roles/deploy_container_booklore/tasks/main.yml new file mode 100644 index 0000000..d013145 --- /dev/null +++ b/roles/deploy_container_booklore/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: Ensure data directories exist + ansible.builtin.file: + path: "{{ container_booklore_directory }}/data/{{ item }}" + state: directory + mode: '0755' + loop: + - "app" + - "books" + - "db" + become: false + +- name: Deploy Docker Compose and .env files + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ container_booklore_directory }}/{{ item.dest }}" + mode: '0644' + loop: + - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } + - { src: '.env.j2', dest: '.env' } + become: false + +- name: Start Container + community.docker.docker_compose_v2: + project_src: "{{ container_booklore_directory }}" + pull: always + docker_host: "unix:///run/user/1000/docker.sock" + become: false diff --git a/roles/deploy_container_booklore/templates/.env.j2 b/roles/deploy_container_booklore/templates/.env.j2 new file mode 100644 index 0000000..45333ad --- /dev/null +++ b/roles/deploy_container_booklore/templates/.env.j2 @@ -0,0 +1,10 @@ +# Booklore Version (Standard: latest) # Excalidraw Version (Standard: latest) +BOOKLORE_VERSION={{ container_booklore_version }} + +# Booklore Domain +BOOKLORE_DOMAIN={{ container_booklore_domain }} + +# Booklore DB +BOOKLORE_DB_ROOT_PASSWORD={{ container_booklore_db_root_password }} +BOOKLORE_DB_USER={{ container_booklore_db_user }} +BOOKLORE_DB_PASSWORD={{ container_booklore_db_password }} \ No newline at end of file diff --git a/roles/deploy_container_booklore/templates/docker-compose.yml.j2 b/roles/deploy_container_booklore/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..3a0c66d --- /dev/null +++ b/roles/deploy_container_booklore/templates/docker-compose.yml.j2 @@ -0,0 +1,63 @@ +--- +services: + booklore: + image: ghcr.io/adityachandelgit/booklore-app:${BOOKLORE_VERSION:-latest} + container_name: booklore + restart: unless-stopped + depends_on: + mariadb: + condition: service_healthy + networks: + - traefik + - booklore + volumes: + - ./data/app:/app/data + - ./data/books:/books + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - DATABASE_URL=jdbc:mariadb://mariadb:3306/booklore + - DATABASE_USERNAME=${BOOKLORE_DB_USER:-booklore} + - DATABASE_PASSWORD=${BOOKLORE_DB_PASSWORD} + - SWAGGER_ENABLED=false + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik" + - "traefik.http.routers.booklore.entrypoints=http" + - "traefik.http.routers.booklore.rule=Host(`${BOOKLORE_DOMAIN:?error}`)" + - "traefik.http.middlewares.booklore-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.booklore.middlewares=booklore-https-redirect" + - "traefik.http.routers.booklore-secure.entrypoints=https" + - "traefik.http.routers.booklore-secure.rule=Host(`${BOOKLORE_DOMAIN:?error}`)" + - "traefik.http.routers.booklore-secure.tls=true" + - "traefik.http.routers.booklore-secure.service=booklore" + - "traefik.http.services.booklore.loadbalancer.server.port=6060" + + mariadb: + image: lscr.io/linuxserver/mariadb:11.4.5 + container_name: mariadb + networks: + - booklore + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + - MYSQL_ROOT_PASSWORD=${BOOKLORE_DB_ROOT_PASSWORD} + - MYSQL_DATABASE=booklore + - MYSQL_USER=${BOOKLORE_DB_USER:-booklore} + - MYSQL_PASSWORD=${BOOKLORE_DB_PASSWORD} + volumes: + - ./data/db:/config + restart: unless-stopped + healthcheck: + test: ["CMD", "mariadb-admin", "ping", "-h", "localhost"] + interval: 5s + timeout: 5s + retries: 10 + +networks: + traefik: + external: true + booklore: + driver: bridge \ No newline at end of file diff --git a/roles/deploy_container_booklore/vars/main.yml b/roles/deploy_container_booklore/vars/main.yml new file mode 100644 index 0000000..e69de29 From 7ac8d9748fdf18b9f87b5c1b7d4cb8b84f1a8384 Mon Sep 17 00:00:00 2001 From: = <=> Date: Sat, 28 Jun 2025 15:27:33 +0200 Subject: [PATCH 12/13] add a proxmox condition to activate neccessary entries in sshd_config --- roles/server_install_ssh/tasks/main.yml | 7 +++++++ roles/server_install_ssh/templates/sshd_config.j2 | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/roles/server_install_ssh/tasks/main.yml b/roles/server_install_ssh/tasks/main.yml index cb293a1..88b52fc 100644 --- a/roles/server_install_ssh/tasks/main.yml +++ b/roles/server_install_ssh/tasks/main.yml @@ -4,6 +4,11 @@ update_cache: true cache_valid_time: 3600 +- name: Detect if system is Proxmox (by checking /etc/pve) + stat: + path: /etc/pve + register: pve_check + - name: OpenSSH Server installieren ansible.builtin.apt: name: openssh-server @@ -39,3 +44,5 @@ group: root mode: '0644' notify: Restart SSH + vars: + is_proxmox: "{{ pve_check.stat.exists }}" diff --git a/roles/server_install_ssh/templates/sshd_config.j2 b/roles/server_install_ssh/templates/sshd_config.j2 index c262552..6bee8e6 100644 --- a/roles/server_install_ssh/templates/sshd_config.j2 +++ b/roles/server_install_ssh/templates/sshd_config.j2 @@ -1,7 +1,14 @@ # OpenSSH server configuration (managed by Ansible) Port {{ ssh_port }} Protocol 2 + +{% if is_proxmox %} +PermitRootLogin prohibit-password +AcceptEnv LANG LC_* +{% else %} PermitRootLogin no +{% endif %} + PasswordAuthentication no ChallengeResponseAuthentication no UsePAM yes From e0da502c59df6c86bb152480b684ef40c2f13995 Mon Sep 17 00:00:00 2001 From: = <=> Date: Sat, 28 Jun 2025 15:28:03 +0200 Subject: [PATCH 13/13] add restart option --- roles/deploy_container_lldap/templates/docker-compose.yml.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/deploy_container_lldap/templates/docker-compose.yml.j2 b/roles/deploy_container_lldap/templates/docker-compose.yml.j2 index 85b7f45..69ace1d 100644 --- a/roles/deploy_container_lldap/templates/docker-compose.yml.j2 +++ b/roles/deploy_container_lldap/templates/docker-compose.yml.j2 @@ -3,6 +3,7 @@ services: lldap: image: lldap/lldap:${LLDAP_VERSION:-stable} container_name: lldap + restart: always volumes: - "lldap_data:/data" - "./secrets:/secrets:ro"