From 12a8b63bbd2fa84b4bb4bc420c8c46e761e50ed6 Mon Sep 17 00:00:00 2001
From: moanos <julian-samuel@gebuehr.net>
Date: Wed, 6 Dec 2023 16:18:42 +0100
Subject: [PATCH] feat: Add ansible-semaphore playbook files

---
 templates/group_vars_mash_servers | 65 +++++++++++++++++++++++++++++++
 templates/requirements.yml        |  4 ++
 templates/setup.yml               |  4 ++
 3 files changed, 73 insertions(+)

diff --git a/templates/group_vars_mash_servers b/templates/group_vars_mash_servers
index 7105b2a..4fa8147 100644
--- a/templates/group_vars_mash_servers
+++ b/templates/group_vars_mash_servers
@@ -482,6 +482,11 @@ mash_playbook_devture_systemd_service_manager_services_list_auto_itemized:
     {{ ({'name': (rumqttd_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'rumqttd']} if rumqttd_enabled else omit) }}
   # /role-specific:rumqttd
 
+  # role-specific:semaphore
+  - |-
+    {{ ({'name': (semaphore_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'soft-serve']} if semaphore_enabled else omit) }}
+  # /role-specific:semaphore
+
   # role-specific:soft_serve
   - |-
     {{ ({'name': (soft_serve_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'soft-serve']} if soft_serve_enabled else omit) }}
@@ -840,6 +845,17 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized:
     }}
   # /role-specific:roundcube
 
+  # role-specific:semaphore
+  - |-
+    {{
+      ({
+        'name': semaphore_database_name,
+        'username': semaphore_database_username,
+        'password': semaphore_database_password,
+      } if semaphore_enabled and semaphore_database_hostname == devture_postgres_identifier else omit)
+    }}
+  # /role-specific:semaphore
+
 devture_postgres_managed_databases_auto: "{{ mash_playbook_devture_postgres_managed_databases_auto_itemized | reject('equalto', omit) }}"
 
 ########################################################################
@@ -3892,6 +3908,55 @@ rumqttd_gid: "{{ mash_playbook_gid }}"
 
 
 
+# role-specific:semaphore
+########################################################################
+#                                                                      #
+# semaphore                                                            #
+#                                                                      #
+########################################################################
+
+semaphore_enabled: false
+
+semaphore_identifier: "{{ mash_playbook_service_identifier_prefix }}semaphore"
+
+semaphore_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}semaphore"
+
+semaphore_uid: "{{ mash_playbook_uid }}"
+semaphore_gid: "{{ mash_playbook_gid }}"
+
+semaphore_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
+semaphore_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
+semaphore_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.semaphore', rounds=655555) | to_uuid }}"
+semaphore_database_username: "{{ semaphore_identifier }}"
+
+semaphore_systemd_required_services_list: |
+  {{
+    (['docker.service'])
+    +
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and semaphore_database_host == devture_postgres_identifier else [])
+  }}
+
+semaphore_container_additional_networks: |
+  {{
+    ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+    +
+    ([devture_postgres_container_network] if devture_postgres_enabled and semaphore_database_host == devture_postgres_identifier and semaphore_container_network != devture_postgres_container_network else [])
+  }}
+
+semaphore_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
+semaphore_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
+semaphore_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
+semaphore_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
+
+########################################################################
+#                                                                      #
+# /semaphore                                                           #
+#                                                                      #
+########################################################################
+# /role-specific:semaphore
+
+
+
 # role-specific:soft_serve
 ########################################################################
 #                                                                      #
diff --git a/templates/requirements.yml b/templates/requirements.yml
index d9751c2..0d3b0f4 100644
--- a/templates/requirements.yml
+++ b/templates/requirements.yml
@@ -256,6 +256,10 @@
   version: v0.21.0-0
   name: rumqttd
   activation_prefix: rumqttd_
+- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-semaphore.git
+  version: v2.9.36-0
+  name: semaphore
+  activation_prefix: semaphore_
 - src: git+https://gitlab.com/etke.cc/roles/soft_serve.git
   version: v0.4.7-0
   name: soft_serve
diff --git a/templates/setup.yml b/templates/setup.yml
index b9f104d..85676a7 100644
--- a/templates/setup.yml
+++ b/templates/setup.yml
@@ -288,6 +288,10 @@
     - role: galaxy/rumqttd
     # /role-specific:rumqttd
 
+    # role-specific:semaphore
+    - role: galaxy/semaphore
+    # /role-specific:semaphore
+
     # role-specific:soft_serve
     - role: galaxy/soft_serve
     # /role-specific:soft_serve