Relocate Postgres, Traefik and Woodpecker CI roles to the MASH organization
This commit is contained in:
parent
0d2805857f
commit
3dd4b89716
13 changed files with 548 additions and 458 deletions
21
CHANGELOG.md
21
CHANGELOG.md
|
@ -1,3 +1,20 @@
|
||||||
|
# 2024-09-27
|
||||||
|
|
||||||
|
## (BC Break) Postgres, Traefik & Woodpecker CI roles have been relocated and variable names need adjustments
|
||||||
|
|
||||||
|
Various roles have been relocated from the [devture](https://github.com/devture) organization to the [mother-of-all-self-hosting](https://github.com/mother-of-all-self-hosting) organization.
|
||||||
|
|
||||||
|
Along with the relocation, the `devture_` prefix was dropped from their variable names, so you need to adjust your `vars.yml` configuration.
|
||||||
|
|
||||||
|
You need to do the following replacements:
|
||||||
|
|
||||||
|
- `devture_postgres_` -> `postgres_`
|
||||||
|
- `devture_traefik_` -> `traefik_`
|
||||||
|
- `devture_woodpecker_ci_` -> `woodpecker_ci_`
|
||||||
|
|
||||||
|
As always, the playbook would let you know about this and point out any variables you may have missed.
|
||||||
|
|
||||||
|
|
||||||
# 2024-07-06
|
# 2024-07-06
|
||||||
|
|
||||||
## Traefik v3 and HTTP/3 are here now
|
## Traefik v3 and HTTP/3 are here now
|
||||||
|
@ -18,7 +35,7 @@ If you're using the playbook's Traefik instance to reverse-proxy to some other s
|
||||||
|
|
||||||
If you've tweaked any of this playbook's `_path_prefix` variables and made them use a regular expression, you will now need to make additional adjustments. The playbook makes extensive use of `PathPrefix()` matchers in Traefik rules and `PathPrefix` does not support regular expressions anymore. To work around it, you may now need to override a whole `_traefik_rule` variable and switch it from [`PathPrefix` to `PathRegexp`](https://doc.traefik.io/traefik/routing/routers/#path-pathprefix-and-pathregexp).
|
If you've tweaked any of this playbook's `_path_prefix` variables and made them use a regular expression, you will now need to make additional adjustments. The playbook makes extensive use of `PathPrefix()` matchers in Traefik rules and `PathPrefix` does not support regular expressions anymore. To work around it, you may now need to override a whole `_traefik_rule` variable and switch it from [`PathPrefix` to `PathRegexp`](https://doc.traefik.io/traefik/routing/routers/#path-pathprefix-and-pathregexp).
|
||||||
|
|
||||||
You **may potentially downgrade to Traefik v2** (if necessary) by adding `devture_traefik_verison: v2.11.4` to your configuration.
|
You **may potentially downgrade to Traefik v2** (if necessary) by adding `traefik_verison: v2.11.4` to your configuration.
|
||||||
|
|
||||||
|
|
||||||
### HTTP/3 is enabled by default
|
### HTTP/3 is enabled by default
|
||||||
|
@ -35,7 +52,7 @@ Still, if HTTP/3 cannot function correctly in your setup, it's best to disable a
|
||||||
To **disable HTTP/3**, you can use the following configuration:
|
To **disable HTTP/3**, you can use the following configuration:
|
||||||
|
|
||||||
```yml
|
```yml
|
||||||
devture_traefik_config_entrypoint_web_secure_http3_enabled: false
|
traefik_config_entrypoint_web_secure_http3_enabled: false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -94,7 +94,7 @@ mash_playbook_devture_systemd_service_manager_services_list_auto_itemized:
|
||||||
########################################################################
|
########################################################################
|
||||||
[...]
|
[...]
|
||||||
|
|
||||||
mash_playbook_devture_postgres_managed_databases_auto_itemized:
|
mash_playbook_postgres_managed_databases_auto_itemized:
|
||||||
[...]
|
[...]
|
||||||
# role-specific:YOUR-SERVICE
|
# role-specific:YOUR-SERVICE
|
||||||
- |-
|
- |-
|
||||||
|
@ -127,15 +127,15 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized:
|
||||||
[...]
|
[...]
|
||||||
|
|
||||||
# role-specific:postgres
|
# role-specific:postgres
|
||||||
YOUR-SERVICE_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
|
YOUR-SERVICE_database_hostname: "{{ postgres_identifier if postgres_enabled else '' }}"
|
||||||
YOUR-SERVICE_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
|
YOUR-SERVICE_database_port: "{{ '5432' if postgres_enabled else '' }}"
|
||||||
YOUR-SERVICE_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.authentik', rounds=655555) | to_uuid }}"
|
YOUR-SERVICE_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.authentik', rounds=655555) | to_uuid }}"
|
||||||
YOUR-SERVICE_database_username: "{{ authentik_identifier }}"
|
YOUR-SERVICE_database_username: "{{ authentik_identifier }}"
|
||||||
# /role-specific:postgres
|
# /role-specific:postgres
|
||||||
|
|
||||||
YOUR-SERVICE_container_additional_networks_auto: |
|
YOUR-SERVICE_container_additional_networks_auto: |
|
||||||
{{
|
{{
|
||||||
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and YOUR-SERVICE_database_hostname == devture_postgres_identifier else [])
|
([postgres_identifier ~ '.service'] if postgres_enabled and YOUR-SERVICE_database_hostname == postgres_identifier else [])
|
||||||
}}
|
}}
|
||||||
|
|
||||||
########################################################################
|
########################################################################
|
||||||
|
|
|
@ -64,7 +64,7 @@ You may also wish to look into [Woodpecker CI](woodpecker-ci.md) and [Forgejo Ru
|
||||||
If you want to integrate Forgejo with [Woodpecker CI](woodpecker-ci.md), and if you plan to serve Woodpecker CI under a subpath on the same host as Forgejo (e.g., Forgejo lives at `https://mash.example.com` and Woodpecker CI lives at `https://mash.example.com/ci`), then you need to configure Forgejo to use the host's external IP when invoking webhooks from Woodpecker CI. You can do it by setting the following variables:
|
If you want to integrate Forgejo with [Woodpecker CI](woodpecker-ci.md), and if you plan to serve Woodpecker CI under a subpath on the same host as Forgejo (e.g., Forgejo lives at `https://mash.example.com` and Woodpecker CI lives at `https://mash.example.com/ci`), then you need to configure Forgejo to use the host's external IP when invoking webhooks from Woodpecker CI. You can do it by setting the following variables:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
forgejo_container_add_host_domain_name: "{{ devture_woodpecker_ci_server_hostname }}"
|
forgejo_container_add_host_domain_name: "{{ woodpecker_ci_server_hostname }}"
|
||||||
forgejo_container_add_host_domain_ip_address: "{{ ansible_host }}"
|
forgejo_container_add_host_domain_ip_address: "{{ ansible_host }}"
|
||||||
|
|
||||||
# If ansible_host points to an internal IP address, you may need to allow Forgejo to make requests to it.
|
# If ansible_host points to an internal IP address, you may need to allow Forgejo to make requests to it.
|
||||||
|
|
|
@ -12,15 +12,15 @@ To enable this service, add the following configuration to your `vars.yml` file
|
||||||
```yaml
|
```yaml
|
||||||
########################################################################
|
########################################################################
|
||||||
# #
|
# #
|
||||||
# devture-postgres-backup #
|
# postgres-backup #
|
||||||
# #
|
# #
|
||||||
########################################################################
|
########################################################################
|
||||||
|
|
||||||
devture_postgres_backup_enabled: true
|
postgres_backup_enabled: true
|
||||||
|
|
||||||
########################################################################
|
########################################################################
|
||||||
# #
|
# #
|
||||||
# /devture-postgres-backup #
|
# /postgres-backup #
|
||||||
# #
|
# #
|
||||||
########################################################################
|
########################################################################
|
||||||
```
|
```
|
||||||
|
@ -30,10 +30,10 @@ Refer to the table below for additional configuration variables and their defaul
|
||||||
|
|
||||||
| Name | Default value | Description |
|
| Name | Default value | Description |
|
||||||
| :-------------------------------- | :--------------------------- | :--------------------------------------------------------------- |
|
| :-------------------------------- | :--------------------------- | :--------------------------------------------------------------- |
|
||||||
|`devture_postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups|
|
|`postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups|
|
||||||
|`devture_postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.|
|
|`postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.|
|
||||||
|`devture_postgres_backup_keep_days`|`7`|Number of daily backups to keep|
|
|`postgres_backup_keep_days`|`7`|Number of daily backups to keep|
|
||||||
|`devture_postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep|
|
|`postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep|
|
||||||
|`devture_postgres_backup_keep_months`|`12`|Number of monthly backups to keep|
|
|`postgres_backup_keep_months`|`12`|Number of monthly backups to keep|
|
||||||
|`devture_postgres_backup_base_path` | `"{{ mash_playbook_base_path }}/postgres-backup"` | Base path for postgres-backup. Also see `devture_postgres_backup_data_path` |
|
|`postgres_backup_base_path` | `"{{ mash_playbook_base_path }}/postgres-backup"` | Base path for postgres-backup. Also see `postgres_backup_data_path` |
|
||||||
|`devture_postgres_backup_data_path` | `"{{ devture_postgres_backup_base_path }}/data"` | Storage path for postgres-backup database backups |
|
|`postgres_backup_data_path` | `"{{ postgres_backup_base_path }}/data"` | Storage path for postgres-backup database backups |
|
||||||
|
|
|
@ -14,18 +14,18 @@ To enable this service, add the following configuration to your `vars.yml` file
|
||||||
```yaml
|
```yaml
|
||||||
########################################################################
|
########################################################################
|
||||||
# #
|
# #
|
||||||
# devture-postgres #
|
# postgres #
|
||||||
# #
|
# #
|
||||||
########################################################################
|
########################################################################
|
||||||
|
|
||||||
devture_postgres_enabled: true
|
postgres_enabled: true
|
||||||
|
|
||||||
# Put a strong password below, generated with `pwgen -s 64 1` or in another way
|
# Put a strong password below, generated with `pwgen -s 64 1` or in another way
|
||||||
devture_postgres_connection_password: ''
|
postgres_connection_password: ''
|
||||||
|
|
||||||
########################################################################
|
########################################################################
|
||||||
# #
|
# #
|
||||||
# /devture-postgres #
|
# /postgres #
|
||||||
# #
|
# #
|
||||||
########################################################################
|
########################################################################
|
||||||
```
|
```
|
||||||
|
@ -165,15 +165,15 @@ Example: `--extra-vars="postgres_dump_name=mash-postgres-dump.sql"`
|
||||||
PostgreSQL can be [tuned](https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server) to make it run faster. This is done by passing extra arguments to the Postgres process.
|
PostgreSQL can be [tuned](https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server) to make it run faster. This is done by passing extra arguments to the Postgres process.
|
||||||
|
|
||||||
The [Postgres Ansible role](https://github.com/devture/com.devture.ansible.role.postgres) **already does some tuning by default**, which matches the [tuning logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) done by websites like https://pgtune.leopard.in.ua/.
|
The [Postgres Ansible role](https://github.com/devture/com.devture.ansible.role.postgres) **already does some tuning by default**, which matches the [tuning logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) done by websites like https://pgtune.leopard.in.ua/.
|
||||||
You can manually influence some of the tuning variables . These parameters (variables) are injected via the `devture_postgres_postgres_process_extra_arguments_auto` variable.
|
You can manually influence some of the tuning variables . These parameters (variables) are injected via the `postgres_postgres_process_extra_arguments_auto` variable.
|
||||||
|
|
||||||
Most users should be fine with the automatically-done tuning. However, you may wish to:
|
Most users should be fine with the automatically-done tuning. However, you may wish to:
|
||||||
|
|
||||||
- **adjust the automatically-deterimned tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) (see `devture_postgres_max_connections`, `devture_postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `devture_postgres_postgres_process_extra_arguments_auto` variable
|
- **adjust the automatically-deterimned tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) (see `postgres_max_connections`, `postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `postgres_postgres_process_extra_arguments_auto` variable
|
||||||
|
|
||||||
- **turn automatically-performed tuning off**: override it like this: `devture_postgres_postgres_process_extra_arguments_auto: []`
|
- **turn automatically-performed tuning off**: override it like this: `postgres_postgres_process_extra_arguments_auto: []`
|
||||||
|
|
||||||
- **add additional tuning parameters**: define your additional Postgres configuration parameters in `devture_postgres_postgres_process_extra_arguments_custom`. See `devture_postgres_postgres_process_extra_arguments_auto` defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) for inspiration
|
- **add additional tuning parameters**: define your additional Postgres configuration parameters in `postgres_postgres_process_extra_arguments_custom`. See `postgres_postgres_process_extra_arguments_auto` defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) for inspiration
|
||||||
|
|
||||||
|
|
||||||
## Recommended other services
|
## Recommended other services
|
||||||
|
|
|
@ -14,14 +14,14 @@ To enable this service, add the following configuration to your `vars.yml` file
|
||||||
```yaml
|
```yaml
|
||||||
########################################################################
|
########################################################################
|
||||||
# #
|
# #
|
||||||
# devture-traefik #
|
# traefik #
|
||||||
# #
|
# #
|
||||||
########################################################################
|
########################################################################
|
||||||
|
|
||||||
mash_playbook_reverse_proxy_type: playbook-managed-traefik
|
mash_playbook_reverse_proxy_type: playbook-managed-traefik
|
||||||
|
|
||||||
# The email address that Traefik will pass to Let's Encrypt when obtaining SSL certificates
|
# The email address that Traefik will pass to Let's Encrypt when obtaining SSL certificates
|
||||||
devture_traefik_config_certificatesResolvers_acme_email: your-email@example.com
|
traefik_config_certificatesResolvers_acme_email: your-email@example.com
|
||||||
|
|
||||||
# Or, if you'd like to install Traefik yourself:
|
# Or, if you'd like to install Traefik yourself:
|
||||||
#
|
#
|
||||||
|
@ -30,7 +30,7 @@ devture_traefik_config_certificatesResolvers_acme_email: your-email@example.com
|
||||||
|
|
||||||
########################################################################
|
########################################################################
|
||||||
# #
|
# #
|
||||||
# /devture-traefik #
|
# /traefik #
|
||||||
# #
|
# #
|
||||||
########################################################################
|
########################################################################
|
||||||
```
|
```
|
||||||
|
@ -61,7 +61,7 @@ mash_playbook_reverse_proxyable_services_additional_network: traefik
|
||||||
## Increase logging verbosity
|
## Increase logging verbosity
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
devture_traefik_config_log_level: DEBUG
|
traefik_config_log_level: DEBUG
|
||||||
```
|
```
|
||||||
|
|
||||||
## Disable access logs
|
## Disable access logs
|
||||||
|
@ -69,7 +69,7 @@ devture_traefik_config_log_level: DEBUG
|
||||||
This will disable access logging.
|
This will disable access logging.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
devture_traefik_config_accessLog_enabled: false
|
traefik_config_accessLog_enabled: false
|
||||||
```
|
```
|
||||||
|
|
||||||
## Enable Traefik Dashboard
|
## Enable Traefik Dashboard
|
||||||
|
@ -77,23 +77,23 @@ devture_traefik_config_accessLog_enabled: false
|
||||||
This will enable a Traefik [Dashboard](https://doc.traefik.io/traefik/operations/dashboard/) UI at `https://traefik.mash.example.com/dashboard/` (note the trailing `/`).
|
This will enable a Traefik [Dashboard](https://doc.traefik.io/traefik/operations/dashboard/) UI at `https://traefik.mash.example.com/dashboard/` (note the trailing `/`).
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
devture_traefik_dashboard_enabled: true
|
traefik_dashboard_enabled: true
|
||||||
devture_traefik_dashboard_hostname: traefik.mash.example.com
|
traefik_dashboard_hostname: traefik.mash.example.com
|
||||||
devture_traefik_dashboard_basicauth_enabled: true
|
traefik_dashboard_basicauth_enabled: true
|
||||||
devture_traefik_dashboard_basicauth_user: YOUR_USERNAME_HERE
|
traefik_dashboard_basicauth_user: YOUR_USERNAME_HERE
|
||||||
devture_traefik_dashboard_basicauth_password: YOUR_PASSWORD_HERE
|
traefik_dashboard_basicauth_password: YOUR_PASSWORD_HERE
|
||||||
```
|
```
|
||||||
|
|
||||||
**WARNING**: enabling the dashboard on a hostname you use for something else (like `mash.example.com` in the configuration above) may cause conflicts. Enabling the Traefik Dashboard makes Traefik capture all `/dashboard` and `/api` requests and forward them to itself. If any of the services hosted on the same hostname requires any of these 2 URL prefixes, you will experience problems.
|
**WARNING**: enabling the dashboard on a hostname you use for something else (like `mash.example.com` in the configuration above) may cause conflicts. Enabling the Traefik Dashboard makes Traefik capture all `/dashboard` and `/api` requests and forward them to itself. If any of the services hosted on the same hostname requires any of these 2 URL prefixes, you will experience problems.
|
||||||
|
|
||||||
## Additional configuration
|
## Additional configuration
|
||||||
|
|
||||||
Use the `devture_traefik_configuration_extension_yaml` variable provided by the Traefik Ansible role to override or inject additional settings, even when no dedicated variable exists.
|
Use the `traefik_configuration_extension_yaml` variable provided by the Traefik Ansible role to override or inject additional settings, even when no dedicated variable exists.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
# This is a contrived example.
|
# This is a contrived example.
|
||||||
# You can enable and secure the Dashboard using dedicated variables. See above.
|
# You can enable and secure the Dashboard using dedicated variables. See above.
|
||||||
devture_traefik_configuration_extension_yaml: |
|
traefik_configuration_extension_yaml: |
|
||||||
api:
|
api:
|
||||||
dashboard: true
|
dashboard: true
|
||||||
```
|
```
|
||||||
|
|
|
@ -34,11 +34,11 @@ To enable this service, add the following configuration to your `vars.yml` file
|
||||||
# #
|
# #
|
||||||
########################################################################
|
########################################################################
|
||||||
|
|
||||||
devture_woodpecker_ci_server_enabled: true
|
woodpecker_ci_server_enabled: true
|
||||||
|
|
||||||
devture_woodpecker_ci_server_hostname: mash.example.com
|
woodpecker_ci_server_hostname: mash.example.com
|
||||||
|
|
||||||
devture_woodpecker_ci_server_path_prefix: /ci
|
woodpecker_ci_server_path_prefix: /ci
|
||||||
|
|
||||||
# Generate this secret with `openssl rand -hex 32`
|
# Generate this secret with `openssl rand -hex 32`
|
||||||
#
|
#
|
||||||
|
@ -47,20 +47,20 @@ devture_woodpecker_ci_server_path_prefix: /ci
|
||||||
# server will register it as a non-persistent agent.
|
# server will register it as a non-persistent agent.
|
||||||
#
|
#
|
||||||
# See the definition of
|
# See the definition of
|
||||||
# devture_woodpecker_ci_agent_config_agent_secret below for more details.
|
# woodpecker_ci_agent_config_agent_secret below for more details.
|
||||||
devture_woodpecker_ci_server_config_agent_secret: ''
|
woodpecker_ci_server_config_agent_secret: ''
|
||||||
|
|
||||||
devture_woodpecker_ci_server_config_admins: [YOUR_USERNAME_HERE]
|
woodpecker_ci_server_config_admins: [YOUR_USERNAME_HERE]
|
||||||
|
|
||||||
# Add one or more usernames that match your version control system (e.g. Gitea) below.
|
# Add one or more usernames that match your version control system (e.g. Gitea) below.
|
||||||
# These users will have admin privileges upon signup.
|
# These users will have admin privileges upon signup.
|
||||||
devture_woodpecker_ci_server_config_admins:
|
woodpecker_ci_server_config_admins:
|
||||||
- YOUR_USERNAME_HERE
|
- YOUR_USERNAME_HERE
|
||||||
- ANOTHER_USERNAME_HERE
|
- ANOTHER_USERNAME_HERE
|
||||||
|
|
||||||
# Uncomment the line below if you'll be running Woodpecker CI agents on remote machines.
|
# Uncomment the line below if you'll be running Woodpecker CI agents on remote machines.
|
||||||
# If you'll only run agents on the same machine as the server, you can keep gRPC expose disabled.
|
# If you'll only run agents on the same machine as the server, you can keep gRPC expose disabled.
|
||||||
# devture_woodpecker_ci_server_container_labels_traefik_grpc_enabled: true
|
# woodpecker_ci_server_container_labels_traefik_grpc_enabled: true
|
||||||
|
|
||||||
########################################################################
|
########################################################################
|
||||||
# #
|
# #
|
||||||
|
@ -71,32 +71,32 @@ devture_woodpecker_ci_server_config_admins:
|
||||||
|
|
||||||
In the example configuration above, we configure the service to be hosted at `https://mash.example.com/ci`.
|
In the example configuration above, we configure the service to be hosted at `https://mash.example.com/ci`.
|
||||||
|
|
||||||
If you want to host the service at the root path, remove the `devture_woodpecker_ci_server_path_prefix` variable override.
|
If you want to host the service at the root path, remove the `woodpecker_ci_server_path_prefix` variable override.
|
||||||
|
|
||||||
#### Gitea Integration
|
#### Gitea Integration
|
||||||
|
|
||||||
The Woodpecker CI server can integrate with [Gitea](gitea.md) using the following **additional** `vars.yml` configuration:
|
The Woodpecker CI server can integrate with [Gitea](gitea.md) using the following **additional** `vars.yml` configuration:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
devture_woodpecker_ci_server_provider: gitea
|
woodpecker_ci_server_provider: gitea
|
||||||
|
|
||||||
# We must use the public URL here, because it's also used for login redirects
|
# We must use the public URL here, because it's also used for login redirects
|
||||||
devture_woodpecker_ci_server_config_gitea_url: "{{ gitea_config_root_url }}"
|
woodpecker_ci_server_config_gitea_url: "{{ gitea_config_root_url }}"
|
||||||
|
|
||||||
# Populate these with the OAuth 2 application information
|
# Populate these with the OAuth 2 application information
|
||||||
# (see the Gitea configuration section above)
|
# (see the Gitea configuration section above)
|
||||||
devture_woodpecker_ci_server_config_gitea_client: GITEA_OAUTH_CLIENT_ID_HERE
|
woodpecker_ci_server_config_gitea_client: GITEA_OAUTH_CLIENT_ID_HERE
|
||||||
devture_woodpecker_ci_server_config_gitea_secret: GITEA_OAUTH_CLIENT_SECRET_HERE
|
woodpecker_ci_server_config_gitea_secret: GITEA_OAUTH_CLIENT_SECRET_HERE
|
||||||
|
|
||||||
devture_woodpecker_ci_server_container_add_host_domain_name: "{{ gitea_hostname }}"
|
woodpecker_ci_server_container_add_host_domain_name: "{{ gitea_hostname }}"
|
||||||
devture_woodpecker_ci_server_container_add_host_ip_address: "{{ ansible_host }}"
|
woodpecker_ci_server_container_add_host_ip_address: "{{ ansible_host }}"
|
||||||
```
|
```
|
||||||
|
|
||||||
To integrate with version-control systems other than Gitea (e.g. [Forgejo](forgejo.md)), you'll need similar configuration.
|
To integrate with version-control systems other than Gitea (e.g. [Forgejo](forgejo.md)), you'll need similar configuration.
|
||||||
|
|
||||||
### Usage
|
### Usage
|
||||||
|
|
||||||
After installation, you should be able to access the Woodpecker CI server instance at `https://mash.DOMAIN/ci` (matching the `devture_woodpecker_ci_server_hostname` and `devture_woodpecker_ci_server_path_prefix` values configured in `vars.yml`).
|
After installation, you should be able to access the Woodpecker CI server instance at `https://mash.DOMAIN/ci` (matching the `woodpecker_ci_server_hostname` and `woodpecker_ci_server_path_prefix` values configured in `vars.yml`).
|
||||||
|
|
||||||
The **Log in** button should take you to Gitea, where you can authorize Woodpecker CI with the OAuth 2 application.
|
The **Log in** button should take you to Gitea, where you can authorize Woodpecker CI with the OAuth 2 application.
|
||||||
|
|
||||||
|
@ -122,7 +122,7 @@ This service requires the following other services:
|
||||||
# #
|
# #
|
||||||
########################################################################
|
########################################################################
|
||||||
|
|
||||||
devture_woodpecker_ci_agent_enabled: true
|
woodpecker_ci_agent_enabled: true
|
||||||
|
|
||||||
# If the agent runs on the same machine as the server, enabling the agent
|
# If the agent runs on the same machine as the server, enabling the agent
|
||||||
# is everything you need. The agent and server will be wired automatically.
|
# is everything you need. The agent and server will be wired automatically.
|
||||||
|
@ -132,7 +132,7 @@ devture_woodpecker_ci_agent_enabled: true
|
||||||
# This needs to point to the server's gRPC host:port.
|
# This needs to point to the server's gRPC host:port.
|
||||||
# If your Woodpecker CI Server is deployed using this playbook, its
|
# If your Woodpecker CI Server is deployed using this playbook, its
|
||||||
# gRPC port will likely be 443. E.g., ci.example.com:443.
|
# gRPC port will likely be 443. E.g., ci.example.com:443.
|
||||||
devture_woodpecker_ci_agent_config_server: ''
|
woodpecker_ci_agent_config_server: ''
|
||||||
|
|
||||||
# This playbook only supports agent-specific secrets, i.e., it is not recommended to use
|
# This playbook only supports agent-specific secrets, i.e., it is not recommended to use
|
||||||
# a shared secret between Woodpecker CI Server and all of its agents. Please refer to
|
# a shared secret between Woodpecker CI Server and all of its agents. Please refer to
|
||||||
|
@ -142,15 +142,15 @@ devture_woodpecker_ci_agent_config_server: ''
|
||||||
# https://woodpecker-ci.org/docs/administration/agent-config#using-agent-token
|
# https://woodpecker-ci.org/docs/administration/agent-config#using-agent-token
|
||||||
#
|
#
|
||||||
# then, when you have the agent secret, uncomment the following line.
|
# then, when you have the agent secret, uncomment the following line.
|
||||||
#devture_woodpecker_ci_agent_config_agent_secret: ''
|
#woodpecker_ci_agent_config_agent_secret: ''
|
||||||
|
|
||||||
# Uncomment the line below if you want the agent to connect to the
|
# Uncomment the line below if you want the agent to connect to the
|
||||||
# server over a secure gRPC channel (recommended).
|
# server over a secure gRPC channel (recommended).
|
||||||
#devture_woodpecker_ci_agent_config_grpc_secure: true
|
#woodpecker_ci_agent_config_grpc_secure: true
|
||||||
|
|
||||||
# Uncomment the line below if you want the agent to verify the
|
# Uncomment the line below if you want the agent to verify the
|
||||||
# server's TLS certificate when connecting over a secure gRPC channel.
|
# server's TLS certificate when connecting over a secure gRPC channel.
|
||||||
#devture_woodpecker_ci_agent_config_grpc_verify: true
|
#woodpecker_ci_agent_config_grpc_verify: true
|
||||||
|
|
||||||
########################################################################
|
########################################################################
|
||||||
# #
|
# #
|
||||||
|
|
|
@ -63,7 +63,7 @@ devture_timesync_installation_enabled: true
|
||||||
|
|
||||||
########################################################################
|
########################################################################
|
||||||
# #
|
# #
|
||||||
# devture-traefik #
|
# traefik #
|
||||||
# #
|
# #
|
||||||
########################################################################
|
########################################################################
|
||||||
|
|
||||||
|
@ -77,11 +77,11 @@ devture_timesync_installation_enabled: true
|
||||||
mash_playbook_reverse_proxy_type: playbook-managed-traefik
|
mash_playbook_reverse_proxy_type: playbook-managed-traefik
|
||||||
|
|
||||||
# The email address that Traefik will pass to Let's Encrypt when obtaining SSL certificates
|
# The email address that Traefik will pass to Let's Encrypt when obtaining SSL certificates
|
||||||
devture_traefik_config_certificatesResolvers_acme_email: your-email@example.com
|
traefik_config_certificatesResolvers_acme_email: your-email@example.com
|
||||||
|
|
||||||
########################################################################
|
########################################################################
|
||||||
# #
|
# #
|
||||||
# /devture-traefik #
|
# /traefik #
|
||||||
# #
|
# #
|
||||||
########################################################################
|
########################################################################
|
||||||
|
|
||||||
|
@ -89,7 +89,7 @@ devture_traefik_config_certificatesResolvers_acme_email: your-email@example.com
|
||||||
|
|
||||||
########################################################################
|
########################################################################
|
||||||
# #
|
# #
|
||||||
# devture-postgres #
|
# postgres #
|
||||||
# #
|
# #
|
||||||
########################################################################
|
########################################################################
|
||||||
|
|
||||||
|
@ -97,14 +97,14 @@ devture_traefik_config_certificatesResolvers_acme_email: your-email@example.com
|
||||||
#
|
#
|
||||||
# Learn more about the Postgres service in docs/services/postgres.md
|
# Learn more about the Postgres service in docs/services/postgres.md
|
||||||
|
|
||||||
devture_postgres_enabled: true
|
postgres_enabled: true
|
||||||
|
|
||||||
# Put a strong password below, generated with `pwgen -s 64 1` or in another way
|
# Put a strong password below, generated with `pwgen -s 64 1` or in another way
|
||||||
devture_postgres_connection_password: ''
|
postgres_connection_password: ''
|
||||||
|
|
||||||
########################################################################
|
########################################################################
|
||||||
# #
|
# #
|
||||||
# /devture-postgres #
|
# /postgres #
|
||||||
# #
|
# #
|
||||||
########################################################################
|
########################################################################
|
||||||
|
|
||||||
|
|
|
@ -46,8 +46,8 @@ mash_playbook_architecture: "{{ 'amd64' if ansible_architecture == 'x86_64' else
|
||||||
#
|
#
|
||||||
# - `playbook-managed-traefik`
|
# - `playbook-managed-traefik`
|
||||||
# - the playbook will run a managed Traefik instance (mash-traefik)
|
# - the playbook will run a managed Traefik instance (mash-traefik)
|
||||||
# - Traefik will do SSL termination, unless you disable it (e.g. `devture_traefik_config_entrypoint_web_secure_enabled: false`)
|
# - Traefik will do SSL termination, unless you disable it (e.g. `traefik_config_entrypoint_web_secure_enabled: false`)
|
||||||
# - if SSL termination is enabled (as it is by default), you need to populate: `devture_traefik_config_certificatesResolvers_acme_email`
|
# - if SSL termination is enabled (as it is by default), you need to populate: `traefik_config_certificatesResolvers_acme_email`
|
||||||
#
|
#
|
||||||
# - `other-traefik-container`
|
# - `other-traefik-container`
|
||||||
# - this playbook will not install Traefik
|
# - this playbook will not install Traefik
|
||||||
|
@ -74,12 +74,12 @@ mash_playbook_docker_installation_daemon_options_auto:
|
||||||
mash_playbook_docker_installation_daemon_options_custom: {}
|
mash_playbook_docker_installation_daemon_options_custom: {}
|
||||||
|
|
||||||
# Controls whether to attach Traefik labels to services.
|
# Controls whether to attach Traefik labels to services.
|
||||||
# This is separate from `devture_traefik_enabled`, because you may wish to disable Traefik installation by the playbook,
|
# This is separate from `traefik_enabled`, because you may wish to disable Traefik installation by the playbook,
|
||||||
# yet still use Traefik installed in another way.
|
# yet still use Traefik installed in another way.
|
||||||
mash_playbook_traefik_labels_enabled: "{{ mash_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
|
mash_playbook_traefik_labels_enabled: "{{ mash_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
|
||||||
|
|
||||||
# Controls the additional network that reverse-proxyable services will be connected to.
|
# Controls the additional network that reverse-proxyable services will be connected to.
|
||||||
mash_playbook_reverse_proxyable_services_additional_network: "{{ devture_traefik_container_network if devture_traefik_enabled | default(false) else '' }}"
|
mash_playbook_reverse_proxyable_services_additional_network: "{{ traefik_container_network if traefik_enabled | default(false) else '' }}"
|
||||||
|
|
||||||
# Controls whether various services should expose metrics publicly.
|
# Controls whether various services should expose metrics publicly.
|
||||||
# If Prometheus is operating on the same machine, exposing metrics publicly is not necessary.
|
# If Prometheus is operating on the same machine, exposing metrics publicly is not necessary.
|
||||||
|
|
|
@ -1,5 +1,11 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- tags:
|
||||||
|
- setup-all
|
||||||
|
- install-all
|
||||||
|
block:
|
||||||
|
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||||
|
|
||||||
- when: ansible_os_family == 'Debian' and mash_playbook_docker_installation_enabled | bool and mash_playbook_migration_docker_trusted_gpg_d_migration_enabled | bool
|
- when: ansible_os_family == 'Debian' and mash_playbook_docker_installation_enabled | bool and mash_playbook_migration_docker_trusted_gpg_d_migration_enabled | bool
|
||||||
tags:
|
tags:
|
||||||
- setup-all
|
- setup-all
|
||||||
|
|
67
roles/mash/playbook_migration/tasks/validate_config.yml
Normal file
67
roles/mash/playbook_migration/tasks/validate_config.yml
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: (Deprecation) Catch and report devture_postgres_backup variables
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: |-
|
||||||
|
The postgres-backup role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup).
|
||||||
|
The new role is pretty much the same, but uses differently named variables.
|
||||||
|
|
||||||
|
Please change your configuration (vars.yml) to rename all `devture_postgres_backup_`-prefixed variables (`devture_postgres_backup_*` -> `postgres_backup_*`).
|
||||||
|
|
||||||
|
The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_postgres_backup_.*') | map (attribute='key') | join(', ') }}
|
||||||
|
when: "vars | dict2items | selectattr('key', 'match', 'devture_postgres_backup_.*') | list | items2dict"
|
||||||
|
|
||||||
|
- name: (Deprecation) Catch and report devture_postgres variables
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: |-
|
||||||
|
The postgres role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-postgres).
|
||||||
|
The new role is pretty much the same, but uses differently named variables.
|
||||||
|
|
||||||
|
Please change your configuration (vars.yml) to rename all `devture_postgres_`-prefixed variables (`devture_postgres_*` -> `devture_postgres_*`).
|
||||||
|
|
||||||
|
The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_postgres_.*') | map (attribute='key') | join(', ') }}
|
||||||
|
when: "vars | dict2items | selectattr('key', 'match', 'devture_postgres_.*') | list | items2dict"
|
||||||
|
|
||||||
|
- name: (Deprecation) Catch and report traefik_certs_dumper variables
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: |-
|
||||||
|
The traefik-certs-dumper role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper).
|
||||||
|
The new role is pretty much the same, but uses differently named variables.
|
||||||
|
|
||||||
|
Please change your configuration (vars.yml) to rename all `devture_traefik_certs_dumper_`-prefixed variables (`devture_traefik_certs_dumper_*` -> `traefik_certs_dumper_*`).
|
||||||
|
|
||||||
|
The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_traefik_certs_dumper_.*') | map (attribute='key') | join(', ') }}
|
||||||
|
when: "vars | dict2items | selectattr('key', 'match', 'devture_traefik_certs_dumper_.*') | list | items2dict"
|
||||||
|
|
||||||
|
- name: (Deprecation) Catch and report devture_traefik variables
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: |-
|
||||||
|
The traefik role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-traefik).
|
||||||
|
The new role is pretty much the same, but uses differently named variables.
|
||||||
|
|
||||||
|
Please change your configuration (vars.yml) to rename all `devture_traefik_`-prefixed variables (`devture_traefik_*` -> `traefik_*`).
|
||||||
|
|
||||||
|
The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_traefik_.*') | map (attribute='key') | join(', ') }}
|
||||||
|
when: "vars | dict2items | selectattr('key', 'match', 'devture_traefik_.*') | list | items2dict"
|
||||||
|
|
||||||
|
- name: (Deprecation) Catch and report devture_woodpecker_server variables
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: |-
|
||||||
|
The woodpecker-ci-server role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-woodpecker-ci-server).
|
||||||
|
The new role is pretty much the same, but uses differently named variables.
|
||||||
|
|
||||||
|
Please change your configuration (vars.yml) to rename all `devture_woodpecker_ci_server_`-prefixed variables (`devture_woodpecker_ci_server_*` -> `woodpecker_ci_server_*`).
|
||||||
|
|
||||||
|
The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_woodpecker_ci_server_.*') | map (attribute='key') | join(', ') }}
|
||||||
|
when: "vars | dict2items | selectattr('key', 'match', 'devture_woodpecker_ci_server_.*') | list | items2dict"
|
||||||
|
|
||||||
|
- name: (Deprecation) Catch and report devture_woodpecker_agent variables
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: |-
|
||||||
|
The woodpecker-ci-agent role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-woodpecker-ci-agent).
|
||||||
|
The new role is pretty much the same, but uses differently named variables.
|
||||||
|
|
||||||
|
Please change your configuration (vars.yml) to rename all `devture_woodpecker_ci_agent_`-prefixed variables (`devture_woodpecker_ci_agent_*` -> `woodpecker_ci_agent_*`).
|
||||||
|
|
||||||
|
The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_woodpecker_ci_agent_.*') | map (attribute='key') | join(', ') }}
|
||||||
|
when: "vars | dict2items | selectattr('key', 'match', 'devture_woodpecker_ci_agent_.*') | list | items2dict"
|
File diff suppressed because it is too large
Load diff
|
@ -55,7 +55,7 @@
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
|
- src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
|
||||||
version: v0.2.0-0
|
version: v0.2.0-0
|
||||||
name: container_socket_proxy
|
name: container_socket_proxy
|
||||||
activation_prefix: devture_traefik_
|
activation_prefix: traefik_
|
||||||
- src: git+https://github.com/Bergruebe/ansible-role-couchdb.git
|
- src: git+https://github.com/Bergruebe/ansible-role-couchdb.git
|
||||||
version: v3.3.3-1
|
version: v3.3.3-1
|
||||||
name: couchdb
|
name: couchdb
|
||||||
|
@ -283,14 +283,14 @@
|
||||||
version: v15-3.3-0
|
version: v15-3.3-0
|
||||||
name: postgis
|
name: postgis
|
||||||
activation_prefix: postgis_
|
activation_prefix: postgis_
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
|
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git
|
||||||
version: v16.4-0
|
version: v17.0-0
|
||||||
name: postgres
|
name: postgres
|
||||||
activation_prefix: devture_postgres_
|
activation_prefix: postgres_
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
|
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git
|
||||||
version: ccfd8db07fd8725119f0e06ba5144b8f58a67890
|
version: v16-0
|
||||||
name: postgres_backup
|
name: postgres_backup
|
||||||
activation_prefix: devture_postgres_backup_
|
activation_prefix: postgres_backup_
|
||||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
|
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
|
||||||
version: v2.54.1-1
|
version: v2.54.1-1
|
||||||
name: prometheus
|
name: prometheus
|
||||||
|
@ -383,10 +383,10 @@
|
||||||
version: v1.0.0-0
|
version: v1.0.0-0
|
||||||
name: timesync
|
name: timesync
|
||||||
activation_prefix: devture_timesync_
|
activation_prefix: devture_timesync_
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
|
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
|
||||||
version: v3.1.3-1
|
version: v3.1.3-2
|
||||||
name: traefik
|
name: traefik
|
||||||
activation_prefix: devture_traefik_
|
activation_prefix: traefik_
|
||||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-uptime_kuma.git
|
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-uptime_kuma.git
|
||||||
version: v1.23.13-0
|
version: v1.23.13-0
|
||||||
name: uptime_kuma
|
name: uptime_kuma
|
||||||
|
@ -403,14 +403,14 @@
|
||||||
version: v14-1
|
version: v14-1
|
||||||
name: wg_easy
|
name: wg_easy
|
||||||
activation_prefix: wg_easy_
|
activation_prefix: wg_easy_
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.woodpecker_ci_agent.git
|
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-woodpecker-ci-agent.git
|
||||||
version: v2.7.1-0
|
version: v2.7.1-1
|
||||||
name: woodpecker_ci_agent
|
name: woodpecker_ci_agent
|
||||||
activation_prefix: devture_woodpecker_ci_agent_
|
activation_prefix: woodpecker_ci_agent_
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.woodpecker_ci_server.git
|
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-woodpecker-ci-server.git
|
||||||
version: v2.7.1-0
|
version: v2.7.1-1
|
||||||
name: woodpecker_ci_server
|
name: woodpecker_ci_server
|
||||||
activation_prefix: devture_woodpecker_ci_server_
|
activation_prefix: woodpecker_ci_server_
|
||||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-wordpress
|
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-wordpress
|
||||||
version: v6.5.5-2
|
version: v6.5.5-2
|
||||||
name: wordpress
|
name: wordpress
|
||||||
|
|
Loading…
Reference in a new issue