From 139f7b253427a04b575e28c19b9e13ecb4bc90d0 Mon Sep 17 00:00:00 2001 From: erebion Date: Mon, 4 Sep 2023 14:45:09 +0200 Subject: [PATCH] Full Rewrite / Re-Doing of Everything, Part 1 --- .gitignore | 2 +- ansible-checkmode-command-unhb2.sh | 2 + ansible-checkmode-command-unhb4.sh | 2 +- ansible-deploy-command-unhb2.sh | 2 + ansible-deploy-command-unhb4.sh | 2 +- host_vars/unhb2/unhb2.yml | 38 ++++++++++ host_vars/unhb2/unhb2_vault.yml | 18 +++++ host_vars/unhb4/authentik-vault.yml | 22 ------ host_vars/unhb4/unhb4_vault.yml | 22 ++++++ inventory.ini | 5 ++ inventory.yml | 7 -- roles/apt/tasks/apt.yml | 17 ----- roles/apt/tasks/main.yml | 19 +++-- roles/basic_common_settings/tasks/main.yml | 2 +- roles/docker_pretix/handlers/main.yml | 11 +++ roles/docker_pretix/tasks/main.yml | 70 +++++++++++++++++++ .../docker_pretix/templates/pretix-db.env.j2 | 4 ++ .../templates/pretix-db.service.j2 | 15 ++++ .../templates/pretix-redis.service.j2 | 14 ++++ roles/docker_pretix/templates/pretix.env.j2 | 3 + .../docker_pretix/templates/pretix.service.j2 | 20 ++++++ roles/docker_pretix/templates/pretix_.env | 5 ++ roles/docker_watchtower/handlers/main.yml | 10 +++ roles/docker_watchtower/tasks/main.yml | 56 +++++++++++++++ .../templates/watchtower.env.j2 | 9 +++ .../templates/watchtower.service.j2 | 14 ++++ roles/firewalld/tasks/main.yml | 6 +- site.yml | 8 +++ 28 files changed, 348 insertions(+), 57 deletions(-) create mode 100755 ansible-checkmode-command-unhb2.sh create mode 100755 ansible-deploy-command-unhb2.sh create mode 100644 host_vars/unhb2/unhb2.yml create mode 100644 host_vars/unhb2/unhb2_vault.yml delete mode 100644 host_vars/unhb4/authentik-vault.yml create mode 100644 host_vars/unhb4/unhb4_vault.yml create mode 100644 inventory.ini delete mode 100644 inventory.yml delete mode 100644 roles/apt/tasks/apt.yml create mode 100644 roles/docker_pretix/handlers/main.yml create mode 100644 roles/docker_pretix/tasks/main.yml create mode 100644 roles/docker_pretix/templates/pretix-db.env.j2 create mode 100644 roles/docker_pretix/templates/pretix-db.service.j2 create mode 100644 roles/docker_pretix/templates/pretix-redis.service.j2 create mode 100644 roles/docker_pretix/templates/pretix.env.j2 create mode 100644 roles/docker_pretix/templates/pretix.service.j2 create mode 100644 roles/docker_pretix/templates/pretix_.env create mode 100644 roles/docker_watchtower/handlers/main.yml create mode 100644 roles/docker_watchtower/tasks/main.yml create mode 100644 roles/docker_watchtower/templates/watchtower.env.j2 create mode 100644 roles/docker_watchtower/templates/watchtower.service.j2 diff --git a/.gitignore b/.gitignore index e994cc0..c3831ca 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,4 @@ vault-password .idea tmp/ .DS_store - +UNHB_INFRA_UMBAU diff --git a/ansible-checkmode-command-unhb2.sh b/ansible-checkmode-command-unhb2.sh new file mode 100755 index 0000000..bd350bc --- /dev/null +++ b/ansible-checkmode-command-unhb2.sh @@ -0,0 +1,2 @@ +#!/bin/bash +ansible-playbook site.yml -i inventory.ini --limit unhb2 --check --diff diff --git a/ansible-checkmode-command-unhb4.sh b/ansible-checkmode-command-unhb4.sh index 2f22dd0..69d653f 100755 --- a/ansible-checkmode-command-unhb4.sh +++ b/ansible-checkmode-command-unhb4.sh @@ -1,2 +1,2 @@ #!/bin/bash -ansible-playbook site.yml -i inventory.yml --limit unhb4 --check --diff +ansible-playbook site.yml -i inventory.ini --limit unhb4 --check --diff diff --git a/ansible-deploy-command-unhb2.sh b/ansible-deploy-command-unhb2.sh new file mode 100755 index 0000000..0f9ea57 --- /dev/null +++ b/ansible-deploy-command-unhb2.sh @@ -0,0 +1,2 @@ +#!/bin/bash +ansible-playbook site.yml -i inventory.ini --limit unhb2 --diff diff --git a/ansible-deploy-command-unhb4.sh b/ansible-deploy-command-unhb4.sh index b82923e..2038bb7 100755 --- a/ansible-deploy-command-unhb4.sh +++ b/ansible-deploy-command-unhb4.sh @@ -1,2 +1,2 @@ #!/bin/bash -ansible-playbook site.yml -i inventory.yml --limit unhb4 --diff +ansible-playbook site.yml -i inventory.ini --limit unhb4 --diff diff --git a/host_vars/unhb2/unhb2.yml b/host_vars/unhb2/unhb2.yml new file mode 100644 index 0000000..610b943 --- /dev/null +++ b/host_vars/unhb2/unhb2.yml @@ -0,0 +1,38 @@ +--- + +docker_volumes_dir: "/srv/docker-volumes" + +firewall_services: + - ssh + - http + - https + - smtp + - smtps + - imap + - imaps + - pop3 + - pop3s + +firewall_ports: + - "587/tcp" + +pretix_container_name: "pretix_app.server2" +pretix_db_container_name: "pretix_pg-sql.server2" +pretix_db_env_mysql_random_root_password: "true" +pretix_db_env_postgres_db_name: "pretix" +pretix_db_env_postgres_user: "prtxdb" +pretix_env_virtual_host: "pretix.unhb.de,pretix.un-hack-bar.de" +pretix_env_virtual_port: "80" +pretix_env_letsencrypt_host: "pretix.unhb.de,pretix.un-hack-bar.de" +pretix_redis_container_name: "pretix_redis.server2" + +watchtower_container_name: "watchtower.server2" +watchtower_domainname: "unhb.de" +watchtower_hostname: "neuromancer" +watchtower_poll_interval: "21600" +watchtower_notifications: "email" +watchtower_notification_email_to: "watchtower@lists.unhb.de" +watchtower_notification_email_server: "mail.un-hack-bar.de" +watchtower_notification_email_server_port: "587" +watchtower_warn_on_head_failure: "never" +watchtower_version: "latest" diff --git a/host_vars/unhb2/unhb2_vault.yml b/host_vars/unhb2/unhb2_vault.yml new file mode 100644 index 0000000..27d29d6 --- /dev/null +++ b/host_vars/unhb2/unhb2_vault.yml @@ -0,0 +1,18 @@ +$ANSIBLE_VAULT;1.1;AES256 +39666564363562383332393961383732613932393235656335376265366563663062353766666639 +6566663762623536643463313331326331373339373531360a623862346266663338363035653831 +33343035326230656531373437316332643930323033383033383836396538316461363634393232 +6262306463316565330a316537393533633565306363313964303763383363306630316438666561 +64343930326331346161326239353934646439383332653734653832373638616561666334336162 +39383036363733373231613331353835326136653831306163326536393339393464316162376563 +31623432656363393130366263623763333633363264343039666661333235393463396464306436 +33343665323338356531646233643939633762333963646637646230633739663130663533663135 +64666236386666376139323264316162626663353033633564663263666332373131326563353062 +64396232353062616335633164346365643664643463613439643561373834623431393731353431 +36663730363362633034633862383631313734626534633161383936383831663365353665393631 +35623737613961306335366235613363623136623131353737363537653766343431383139316230 +63633564353337393766393832316237636338643263313864336666383835356265363030376361 +62363930323831323064643965323465346132383761646633393639376661656262316133313135 +34393862376434353764303939396438306533663761353733653165366262303361326662383839 +66353137333137653738643830373765653639613730613332393133333935313065343632613264 +3131 diff --git a/host_vars/unhb4/authentik-vault.yml b/host_vars/unhb4/authentik-vault.yml deleted file mode 100644 index 38376b9..0000000 --- a/host_vars/unhb4/authentik-vault.yml +++ /dev/null @@ -1,22 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -31343963396633396632623766363862386661353265393166666536656530623938383233653464 -3034386666346435313062306463383864393233623363360a363464343263353337306634656630 -37623936636161363766386130663838633933393862386466383433326661663565353836663539 -3839303839336432330a613031613936613166313034346437373635346639313733666562333331 -62636632313339356363316436316238303338306538346564346431363730656466656265303134 -32393662666332313665373464656262646636336632306562616536633166303434346135623461 -62316339653533326430636361313931656366623330316638373139343835366535666639663630 -39313230613331613663643736326563323734353861613036623565303931653932376134643336 -62623965363034373939646165366461366134653538623262343462363736636365346133653034 -39633030376237326436316632393433333733333966323366313536393233343866353831393462 -39393132613534396534386539643864323966633363353934363838323830356463663936353336 -36346638663336616265656363636264383563336663313364646461306662323531303038373364 -33633536646331393738613534613430663330663462346432616230306338386131326566636331 -66663065393939393733646131663031313963353830316633376263383666333930613664366635 -64333563393639653364373636393134326362626131336232306439323634666462616534326439 -62616533643065623063303536303964366531313164366532316536643839363764316430323236 -31336333333031363661323935623739363263663461323266616338306139393265323332363462 -64616637346239366131663863326261373838626164613230383862313361633136396365636666 -39383035363236323036613365316565383232363631393839626436336665626566303964653163 -31646634323536343730366462393137656135646661383030346137373364613138386638316138 -3634 diff --git a/host_vars/unhb4/unhb4_vault.yml b/host_vars/unhb4/unhb4_vault.yml new file mode 100644 index 0000000..37565db --- /dev/null +++ b/host_vars/unhb4/unhb4_vault.yml @@ -0,0 +1,22 @@ +$ANSIBLE_VAULT;1.1;AES256 +64313764393735373863643066306663323136343837363765656131666335326163613634613834 +3863363562303665356364613533343631633136636136660a653436663566383063666661653739 +33343462363062623164303433316364623763653739373237666131373666633062396239626539 +6630363630616336330a326365613064623139386637393561376430333332636135643361383737 +62323637366365316430306437356639623938393633623338306134386564656538643933303636 +34363631303130646162653130376333373763306362323364333865346166333438303038646134 +65336230663336346636303265363631653038303230656530333061346163363931343565333233 +63613263353665376363336364306566313466643433306466316336346630643039663363643031 +31633531386566666662653766376563383731333032616365353438363564383163366436633865 +36336564346431653933333933646563633161366264326633366539396630636161303830343566 +62663337633062313033313561383261636539336530306361326462313135353464346636616132 +37636463346135646339316132336237363465366430336338356463633838356538636636326131 +39323063333361303363396165346164333265613461353761316436356137343061313338393030 +32353965346230356636396438613138313864363761376434346233613030313063336635663038 +32613638633037303263366436636435623732643266663363613234323034643937323139613138 +65316638336666623238383165343665666532356630353266643438613062333866643763656235 +35643536353237363931633564333639666230326165393263343339633732666566356436663930 +61313664383861353131343432623635623937636138383866303366646335666464633238316466 +64653865623732333065346166306638313238393139313866386338663931663539616134343764 +36663861356362313730383038383332306435653466393034636533313331333661666663643566 +6462 diff --git a/inventory.ini b/inventory.ini new file mode 100644 index 0000000..44c96d9 --- /dev/null +++ b/inventory.ini @@ -0,0 +1,5 @@ +[servers:children] +debianservers +[debianservers] +unhb2 +unhb4 diff --git a/inventory.yml b/inventory.yml deleted file mode 100644 index bce79b8..0000000 --- a/inventory.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -all: - children: - debianservers: - hosts: - unhb4 diff --git a/roles/apt/tasks/apt.yml b/roles/apt/tasks/apt.yml deleted file mode 100644 index e347896..0000000 --- a/roles/apt/tasks/apt.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- - -- name: Install packages if Debian based - apt: - name: unattended-upgrades - state: present - update_cache: true - become: true - -- name: Apt Config (/etc/apt.conf.d/10periodic) - ansible.builtin.template: - src: ../templates/10periodic.j2 - dest: /etc/apt/apt.conf.d/10periodic - owner: root - group: root - mode: '0644' - notify: restart-unattendedupgrades diff --git a/roles/apt/tasks/main.yml b/roles/apt/tasks/main.yml index 88727c0..e347896 100644 --- a/roles/apt/tasks/main.yml +++ b/roles/apt/tasks/main.yml @@ -1,6 +1,17 @@ --- -- name: Include other yaml files - include_tasks: "{{ item }}" - with_fileglob: - - apt.yml +- name: Install packages if Debian based + apt: + name: unattended-upgrades + state: present + update_cache: true + become: true + +- name: Apt Config (/etc/apt.conf.d/10periodic) + ansible.builtin.template: + src: ../templates/10periodic.j2 + dest: /etc/apt/apt.conf.d/10periodic + owner: root + group: root + mode: '0644' + notify: restart-unattendedupgrades diff --git a/roles/basic_common_settings/tasks/main.yml b/roles/basic_common_settings/tasks/main.yml index c714739..e4d4b16 100644 --- a/roles/basic_common_settings/tasks/main.yml +++ b/roles/basic_common_settings/tasks/main.yml @@ -7,7 +7,7 @@ include_tasks: "sudo.yml" - name: Set up earlyoom (Debian) - include_tasks: "sudo.yml" + include_tasks: "earlyoom.yml" - name: Deploy update script include_tasks: "update_script.yml" diff --git a/roles/docker_pretix/handlers/main.yml b/roles/docker_pretix/handlers/main.yml new file mode 100644 index 0000000..cba341d --- /dev/null +++ b/roles/docker_pretix/handlers/main.yml @@ -0,0 +1,11 @@ +--- + +- name: restart-pretix-docker + ansible.builtin.service: + state: restarted + name: "{{ item }}" + tags: molecule-notest + with_items: + - pretix.service + - pretix-db.service + - pretix-redis.service diff --git a/roles/docker_pretix/tasks/main.yml b/roles/docker_pretix/tasks/main.yml new file mode 100644 index 0000000..f60cd56 --- /dev/null +++ b/roles/docker_pretix/tasks/main.yml @@ -0,0 +1,70 @@ +--- + +- name: "Install dependencies" + ansible.builtin.apt: + pkg: + - docker.io + - apparmor # if not installed, Docker will complain + +- name: "Create directories for Pretix" + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: root + group: root + mode: '0750' + recurse: true + with_items: + - "{{ docker_volumes_dir }}/pretix/postgres-db" + - "{{ docker_volumes_dir }}/pretix/data" + - "{{ docker_volumes_dir }}/pretix/conf" + +- name: "Template .env files for Pretix" + ansible.builtin.template: + src: "{{ item }}.j2" + dest: "{{ docker_volumes_dir }}/pretix/{{ item }}" + force: true + owner: root + group: root + mode: '0660' + with_items: + - pretix.env + - pretix-db.env + notify: restart-pretix-docker + +- name: "Template systemd unit files for Pretix" + ansible.builtin.template: + src: "{{ item }}.j2" + dest: "/etc/systemd/system/{{ item }}" + force: true + owner: root + group: root + mode: '0644' + with_items: + - pretix.service + - pretix-db.service + - pretix-redis.service + register: unit + notify: restart-pretix-docker + +- name: "Reload systemd units" + ansible.builtin.systemd: + daemon_reload: yes + when: unit.changed + +- name: "Enable systemd units for Pretix" + ansible.builtin.systemd: + state: started + enabled: true + name: "{{ item }}" + with_items: + - pretix.service + - pretix-db.service + - pretix-redis.service + +- name: "Add Pretix to Docker network nginx_net" + docker_network: + name: nginx_net + connected: + - "{{ pretix_container_name }}" + appends: true diff --git a/roles/docker_pretix/templates/pretix-db.env.j2 b/roles/docker_pretix/templates/pretix-db.env.j2 new file mode 100644 index 0000000..cc9fc89 --- /dev/null +++ b/roles/docker_pretix/templates/pretix-db.env.j2 @@ -0,0 +1,4 @@ +MYSQL_RANDOM_ROOT_PASSWORD={{ pretix_db_env_mysql_random_root_password }} +POSTGRES_DB={{ pretix_db_env_postgres_db_name }} +POSTGRES_USER={{ pretix_db_env_postgres_user }} +POSTGRES_PASSWORD={{ pretix_db_env_postgres_password }} diff --git a/roles/docker_pretix/templates/pretix-db.service.j2 b/roles/docker_pretix/templates/pretix-db.service.j2 new file mode 100644 index 0000000..3a3619b --- /dev/null +++ b/roles/docker_pretix/templates/pretix-db.service.j2 @@ -0,0 +1,15 @@ +[Unit] +Description=Postgres DB for Pretix with Docker +After=docker.service +Requires=docker.service + +[Service] +ExecStartPre=-/usr/bin/docker rm --force {{ pretix_db_container_name }} +ExecStart=/usr/bin/docker run --name {{ pretix_db_container_name }} --network pretix --label com.centurylinklabs.watchtower.enable={WATCHTOWER_ENABLED} \ + -v {{ docker_volumes_dir }}/pretix/postgres-db:/var/lib/postgresql/data --env-file {{ docker_volumes_dir }}/pretix/pretix-db.env postgres:15 +ExecStop=/usr/bin/docker stop {{ pretix_db_container_name }} +Restart=always +RestartSec=15s + +[Install] +WantedBy=multi-user.target diff --git a/roles/docker_pretix/templates/pretix-redis.service.j2 b/roles/docker_pretix/templates/pretix-redis.service.j2 new file mode 100644 index 0000000..dc76406 --- /dev/null +++ b/roles/docker_pretix/templates/pretix-redis.service.j2 @@ -0,0 +1,14 @@ +[Unit] +Description=Redis for Pretix with Docker +After=docker.service +Requires=docker.service + +[Service] +ExecStartPre=-/usr/bin/docker rm --force {{ pretix_redis_container_name }} +ExecStart=/usr/bin/docker run --name {{ pretix_redis_container_name }} --network pretix --label com.centurylinklabs.watchtower.enable={WATCHTOWER_ENABLED} redis +ExecStop=/usr/bin/docker stop {{ pretix_redis_container_name }} +Restart=always +RestartSec=15s + +[Install] +WantedBy=multi-user.target diff --git a/roles/docker_pretix/templates/pretix.env.j2 b/roles/docker_pretix/templates/pretix.env.j2 new file mode 100644 index 0000000..b9765f1 --- /dev/null +++ b/roles/docker_pretix/templates/pretix.env.j2 @@ -0,0 +1,3 @@ +VIRTUAL_HOST={{ pretix_env_virtual_host }} +VIRTUAL_PORT={{ pretix_env_virtual_port }} +LETSENCRYPT_HOST={{ pretix_env_letsencrypt_host }} diff --git a/roles/docker_pretix/templates/pretix.service.j2 b/roles/docker_pretix/templates/pretix.service.j2 new file mode 100644 index 0000000..3987dd3 --- /dev/null +++ b/roles/docker_pretix/templates/pretix.service.j2 @@ -0,0 +1,20 @@ +[Unit] +Description=Pretix with Docker +After=docker.service +Requires=docker.service +Requires={{ pretix_db_container_name }} +Requires={{ pretix_redis_container_name }} + +[Service] +ExecStartPre=-/usr/bin/docker rm --force {{ pretix_container_name }} +ExecStart=/usr/bin/docker run --rm --name {{ pretix_container_name }} --network pretix \ + --label com.centurylinklabs.watchtower.enable={WATCHTOWER_ENABLED} --env-file {{ docker_volumes_dir }}/pretix/pretix.env \ + -v {{ docker_volumes_dir }}/pretix/data:/data \ + -v {{ docker_volumes_dir }}/pretix/conf:/etc/pretix \ + pretix/standalone:stable +ExecStop=/usr/bin/docker stop {{ watchtower_container_name }} +Restart=always +RestartSec=15s + +[Install] +WantedBy=multi-user.target diff --git a/roles/docker_pretix/templates/pretix_.env b/roles/docker_pretix/templates/pretix_.env new file mode 100644 index 0000000..6920754 --- /dev/null +++ b/roles/docker_pretix/templates/pretix_.env @@ -0,0 +1,5 @@ +# Change this enviroment variable to "false" to disable automatic updates +# Also keep in mind to re-run "docker-compose up -d" after changing this file + +WATCHTOWER_ENABLED=true +#WATCHTOWER_ENABLED=true \ No newline at end of file diff --git a/roles/docker_watchtower/handlers/main.yml b/roles/docker_watchtower/handlers/main.yml new file mode 100644 index 0000000..b8d3fcd --- /dev/null +++ b/roles/docker_watchtower/handlers/main.yml @@ -0,0 +1,10 @@ +--- + +- name: restart-watchtower-docker + ansible.builtin.service: + state: restarted + name: "{{ item }}" + tags: molecule-notest + with_items: + - watchtower.service + diff --git a/roles/docker_watchtower/tasks/main.yml b/roles/docker_watchtower/tasks/main.yml new file mode 100644 index 0000000..3879a72 --- /dev/null +++ b/roles/docker_watchtower/tasks/main.yml @@ -0,0 +1,56 @@ +--- + +- name: "Install dependencies" + ansible.builtin.apt: + pkg: + - docker.io + - apparmor # if not installed, Docker will complain + +- name: "Create directories for Watchtower" + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: root + group: root + mode: '0750' + recurse: true + with_items: + - "{{ docker_volumes_dir }}/watchtower" + +- name: "Template .env files for Watchtower" + ansible.builtin.template: + src: "{{ item }}.j2" + dest: "{{ docker_volumes_dir }}/watchtower/{{ item }}" + force: true + owner: root + group: root + mode: '0660' + with_items: + - watchtower.env + notify: restart-watchtower-docker + +- name: "Template systemd unit files for Watchtower" + ansible.builtin.template: + src: "{{ item }}.j2" + dest: "/etc/systemd/system/{{ item }}" + force: true + owner: root + group: root + mode: '0644' + with_items: + - watchtower.service + register: unit + notify: restart-watchtower-docker + +- name: "Reload systemd units" + ansible.builtin.systemd: + daemon_reload: yes + when: unit.changed + +- name: "Enable systemd units for Watchtower" + ansible.builtin.systemd: + state: started + enabled: true + name: "{{ item }}" + with_items: + - watchtower.service diff --git a/roles/docker_watchtower/templates/watchtower.env.j2 b/roles/docker_watchtower/templates/watchtower.env.j2 new file mode 100644 index 0000000..fad2c85 --- /dev/null +++ b/roles/docker_watchtower/templates/watchtower.env.j2 @@ -0,0 +1,9 @@ +WATCHTOWER_POLL_INTERVAL={{ watchtower_poll_interval }} +WATCHTOWER_NOTIFICATIONS="{{ watchtower_notifications }} +WATCHTOWER_NOTIFICATION_EMAIL_FROM="{{ watchtower_notification_email_from }}" +WATCHTOWER_NOTIFICATION_EMAIL_TO="{{ watchtower_notification_email_to }}" +WATCHTOWER_NOTIFICATION_EMAIL_SERVER="{{ watchtower_notification_email_server }}" +WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT="{{ watchtower_notification_email_server_port }}" +WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER="{{ watchtower_notification_email_server_user }}" +WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD="{{ watchtower_notification_email_server_password }}" +WATCHTOWER_WARN_ON_HEAD_FAILURE="{{ watchtower_warn_on_head_failure }}" \ No newline at end of file diff --git a/roles/docker_watchtower/templates/watchtower.service.j2 b/roles/docker_watchtower/templates/watchtower.service.j2 new file mode 100644 index 0000000..7503b35 --- /dev/null +++ b/roles/docker_watchtower/templates/watchtower.service.j2 @@ -0,0 +1,14 @@ +[Unit] +Description=Watchtower with Docker +After=docker.service +Requires=docker.service + +[Service] +ExecStartPre=-/usr/bin/docker rm --force {{ watchtower_container_name }} +ExecStart=/usr/bin/docker run --rm --name {{ watchtower_container_name }} --hostname {{ watchtower_hostname }} --domainname {{ watchtower_domainname }} --env-file {{ docker_volumes_dir }}/watchtower/watchtower.env -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower:{{ watchtower_version }} +ExecStop=/usr/bin/docker stop {{ watchtower_container_name }} +Restart=always +RestartSec=15s + +[Install] +WantedBy=multi-user.target diff --git a/roles/firewalld/tasks/main.yml b/roles/firewalld/tasks/main.yml index 714d917..b35d7a2 100644 --- a/roles/firewalld/tasks/main.yml +++ b/roles/firewalld/tasks/main.yml @@ -1,15 +1,15 @@ --- -- name: install firewalld +- name: Install firewalld package: name: firewalld state: present - name: "Make sure FirewallD is running" - ansible.builtin.service: + ansible.builtin.systemd: name: firewalld - enabled: yes state: started + enabled: true - name: Open SSH port in firewall ansible.posix.firewalld: diff --git a/site.yml b/site.yml index 32c0344..4b180f4 100644 --- a/site.yml +++ b/site.yml @@ -10,6 +10,14 @@ - apt_listchanges - basic_common_settings - firewalld + +- name: Set up roles on unhb4 + hosts: unhb2 + remote_user: root + + roles: + - docker_watchtower + - docker_pretix - name: Set up roles on unhb4 hosts: unhb4