Skull-IT/iac_stack
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: Skull-IT:66bd76cf48c3eb7a49bb4b9e5407b0dc534bf458
Branches Tags
Skull-IT:main
..
compare: Skull-IT:04a4dc15350102a3eaac8a44466506963dd020d0
Branches Tags
Skull-IT:main

No commits in common. "66bd76cf48c3eb7a49bb4b9e5407b0dc534bf458" and "04a4dc15350102a3eaac8a44466506963dd020d0" have entirely different histories.
66bd76cf48 ... 04a4dc1535

22 changed files with 22 additions and 181 deletions
Show stats Expand all files Collapse all files

17
.gitignore vendored
View file

@ -1,17 +1,2 @@
# General Files
.vscode
cache/
# Ansible Files
ansible/inventory/
*.secret
ansible/.vault-*
ansible/.ansible
# Packer Files
packer/credentials.pkr.hcl
# OpenTofu Files
opentofu/.terraform/
opentofu/.terraform.lock.hcl
opentofu/terraform.tfstate
cache/

16
ansible/.gitignore vendored Normal file
View file

@ -0,0 +1,16 @@
# Ignore inventory file. This are Submodules
inventory/
# Ignore .secret files.... you know, there secret...
*.secret
.vault-*
# Ignore Caching
cache/
# Ignore Testplaybook
playbooks/global/testserver.yml
# Ignore unneccessary Files
.vscode
.ansible

4
ansible.cfg → ansible/ansible.cfg
View file

@ -1,5 +1,5 @@
[defaults]
inventory = ./ansible/inventory/
inventory = ./inventory/
host_key_checking = False
retry_files_enabled = False
private_key_file = ~/.ssh/ansible_key
@ -11,7 +11,7 @@ fact_caching_connection = ./cache
fact_caching_timeout = 86400
# Rollen-Pfade
roles_path = ./ansible/roles/
roles_path = ./roles/
# Vault-Einstellungen
vault_password_file = ./vault.secret

10
ansible/playbooks/heyer.systems/docker1.yml
View file

@ -51,13 +51,3 @@
tags:
- booklore
- docker-container
- role: deploy_container_grafana
tags:
- grafana
- docker-container
- role: deploy_container_loki
tags:
- loki
- docker-container

3
ansible/roles/deploy_container_grafana/defaults/main.yml
View file

@ -1,3 +0,0 @@
---
container_grafana_version: latest
container_grafana_domain: grafana.example.com

0
ansible/roles/deploy_container_grafana/files/.gitkeep
View file

0
ansible/roles/deploy_container_grafana/handlers/main.yml
View file

0
ansible/roles/deploy_container_grafana/meta/main.yml
View file

24
ansible/roles/deploy_container_grafana/tasks/main.yml
View file

@ -1,24 +0,0 @@
---
- name: Ensure data directories exist
ansible.builtin.file:
path: "{{ container_base_dir }}/"
state: directory
mode: '0755'
become: false
- name: Deploy Docker Compose and .env files
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ container_base_dir }}/{{ item.dest }}"
mode: '0644'
loop:
- { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
- { src: '.env.j2', dest: '.env' }
become: false
- name: Start Container
community.docker.docker_compose_v2:
project_src: "{{ container_base_dir }}"
pull: always
docker_host: "unix:///run/user/1000/docker.sock"
become: false

2
ansible/roles/deploy_container_grafana/templates/.env.j2
View file

@ -1,2 +0,0 @@
GRAFANA_VERSION={{ container_grafana_version }}
GRAFANA_DOMAIN={{ container_grafana_domain }}

32
ansible/roles/deploy_container_grafana/templates/docker-compose.yml.j2
View file

@ -1,32 +0,0 @@
---
services:
grafana:
image: grafana/grafana:${GRAFANA_VERSION}
container_name: grafana
restart: unless-stopped
networks:
traefik:
volumes:
- 'grafana_storage:/var/lib/grafana'
environment:
- GF_SERVER_ROOT_URL=https://${GRAFANA_DOMAIN}/
- GF_PLUGINS_PREINSTALL=grafana-clock-panel
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.grafana.entrypoints=http"
- "traefik.http.routers.grafana.rule=Host(`${GRAFANA_DOMAIN}`)"
- "traefik.http.middlewares.grafana-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.grafana.middlewares=grafana-https-redirect"
- "traefik.http.routers.grafana-secure.entrypoints=https"
- "traefik.http.routers.grafana-secure.rule=Host(`${GRAFANA_DOMAIN}`)"
- "traefik.http.routers.grafana-secure.tls=true"
- "traefik.http.routers.grafana-secure.service=grafana"
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
volumes:
grafana_storage: {}
networks:
traefik:
external: true

1
ansible/roles/deploy_container_grafana/vars/main.yml
View file

@ -1 +0,0 @@
container_base_dir: /opt/docker/grafana

3
ansible/roles/deploy_container_loki/defaults/main.yml
View file

@ -1,3 +0,0 @@
---
container_loki_version: latest
container_loki_domain: loki.example.com

0
ansible/roles/deploy_container_loki/files/.gitkeep
View file

0
ansible/roles/deploy_container_loki/handlers/main.yml
View file

0
ansible/roles/deploy_container_loki/meta/main.yml
View file

27
ansible/roles/deploy_container_loki/tasks/main.yml
View file

@ -1,27 +0,0 @@
---
- name: Ensure data directories exist
ansible.builtin.file:
path: "{{ container_base_dir }}/{{ item.dir }}"
state: directory
mode: '0755'
become: false
loop:
- {dir: "data"}
- name: Deploy Docker Compose and .env files
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ container_base_dir }}/{{ item.dest }}"
mode: '0644'
loop:
- { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
- { src: '.env.j2', dest: '.env' }
- { src: 'local-config.yaml.j2', dest: 'data/local-config.yaml' }
become: false
- name: Start Container
community.docker.docker_compose_v2:
project_src: "{{ container_base_dir }}"
pull: always
docker_host: "unix:///run/user/1000/docker.sock"
become: false

2
ansible/roles/deploy_container_loki/templates/.env.j2
View file

@ -1,2 +0,0 @@
LOKI_VERSION={{ container_loki_version }}
LOKI_DOMAIN={{ container_loki_domain }}

26
ansible/roles/deploy_container_loki/templates/docker-compose.yml.j2
View file

@ -1,26 +0,0 @@
---
services:
loki:
image: grafana/loki:${LOKI_VERSION}
container_name: loki
networks:
traefik:
volumes:
- ./data/local-config.yaml:/etc/loki/local-config.yaml
command: -config.file=/etc/loki/local-config.yaml
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.loki.entrypoints=http"
- "traefik.http.routers.loki.rule=Host(`${LOKI_DOMAIN}`)"
- "traefik.http.middlewares.loki-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.loki.middlewares=loki-https-redirect"
- "traefik.http.routers.loki-secure.entrypoints=https"
- "traefik.http.routers.loki-secure.rule=Host(`${LOKI_DOMAIN}`)"
- "traefik.http.routers.loki-secure.tls=true"
- "traefik.http.routers.loki-secure.service=loki"
- "traefik.http.services.loki.loadbalancer.server.port=3100"
networks:
traefik:
external: true

32
ansible/roles/deploy_container_loki/templates/local-config.yaml.j2
View file

@ -1,32 +0,0 @@
auth_enabled: false
server:
http_listen_port: 3100
common:
instance_addr: 0.0.0.0
path_prefix: /loki
storage:
filesystem:
chunks_directory: /loki/chunks
rules_directory: /loki/rules
replication_factor: 1
ring:
kvstore:
store: inmemory
schema_config:
configs:
- from: 2020-10-24
store: tsdb
object_store: filesystem
schema: v13
index:
prefix: index_
period: 24h
ruler:
alertmanager_url: http://localhost:9093
analytics:
reporting_enabled: false

1
ansible/roles/deploy_container_loki/vars/main.yml
View file

@ -1 +0,0 @@
container_base_dir: /opt/docker/loki

3
opentofu/.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
.terraform/
.terraform.lock.hcl
terraform.tfstate