Relocate Postgres, Traefik and Woodpecker CI roles to the MASH organization

This commit is contained in:
Slavi Pantaleev 2024-09-27 11:13:10 +03:00
parent 0d2805857f
commit 3dd4b89716
13 changed files with 548 additions and 458 deletions

View file

@ -1,3 +1,20 @@
# 2024-09-27
## (BC Break) Postgres, Traefik & Woodpecker CI roles have been relocated and variable names need adjustments
Various roles have been relocated from the [devture](https://github.com/devture) organization to the [mother-of-all-self-hosting](https://github.com/mother-of-all-self-hosting) organization.
Along with the relocation, the `devture_` prefix was dropped from their variable names, so you need to adjust your `vars.yml` configuration.
You need to do the following replacements:
- `devture_postgres_` -> `postgres_`
- `devture_traefik_` -> `traefik_`
- `devture_woodpecker_ci_` -> `woodpecker_ci_`
As always, the playbook would let you know about this and point out any variables you may have missed.
# 2024-07-06 # 2024-07-06
## Traefik v3 and HTTP/3 are here now ## Traefik v3 and HTTP/3 are here now
@ -18,7 +35,7 @@ If you're using the playbook's Traefik instance to reverse-proxy to some other s
If you've tweaked any of this playbook's `_path_prefix` variables and made them use a regular expression, you will now need to make additional adjustments. The playbook makes extensive use of `PathPrefix()` matchers in Traefik rules and `PathPrefix` does not support regular expressions anymore. To work around it, you may now need to override a whole `_traefik_rule` variable and switch it from [`PathPrefix` to `PathRegexp`](https://doc.traefik.io/traefik/routing/routers/#path-pathprefix-and-pathregexp). If you've tweaked any of this playbook's `_path_prefix` variables and made them use a regular expression, you will now need to make additional adjustments. The playbook makes extensive use of `PathPrefix()` matchers in Traefik rules and `PathPrefix` does not support regular expressions anymore. To work around it, you may now need to override a whole `_traefik_rule` variable and switch it from [`PathPrefix` to `PathRegexp`](https://doc.traefik.io/traefik/routing/routers/#path-pathprefix-and-pathregexp).
You **may potentially downgrade to Traefik v2** (if necessary) by adding `devture_traefik_verison: v2.11.4` to your configuration. You **may potentially downgrade to Traefik v2** (if necessary) by adding `traefik_verison: v2.11.4` to your configuration.
### HTTP/3 is enabled by default ### HTTP/3 is enabled by default
@ -35,7 +52,7 @@ Still, if HTTP/3 cannot function correctly in your setup, it's best to disable a
To **disable HTTP/3**, you can use the following configuration: To **disable HTTP/3**, you can use the following configuration:
```yml ```yml
devture_traefik_config_entrypoint_web_secure_http3_enabled: false traefik_config_entrypoint_web_secure_http3_enabled: false
``` ```

View file

@ -94,7 +94,7 @@ mash_playbook_devture_systemd_service_manager_services_list_auto_itemized:
######################################################################## ########################################################################
[...] [...]
mash_playbook_devture_postgres_managed_databases_auto_itemized: mash_playbook_postgres_managed_databases_auto_itemized:
[...] [...]
# role-specific:YOUR-SERVICE # role-specific:YOUR-SERVICE
- |- - |-
@ -106,7 +106,7 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized:
} if gYOUR-SERVICE_enabled else omit) } if gYOUR-SERVICE_enabled else omit)
}} }}
# /role-specific:YOUR-SERVICE # /role-specific:YOUR-SERVICE
[...] [...]
######################################################################## ########################################################################
# # # #
@ -127,17 +127,17 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized:
[...] [...]
# role-specific:postgres # role-specific:postgres
YOUR-SERVICE_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" YOUR-SERVICE_database_hostname: "{{ postgres_identifier if postgres_enabled else '' }}"
YOUR-SERVICE_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" YOUR-SERVICE_database_port: "{{ '5432' if postgres_enabled else '' }}"
YOUR-SERVICE_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.authentik', rounds=655555) | to_uuid }}" YOUR-SERVICE_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.authentik', rounds=655555) | to_uuid }}"
YOUR-SERVICE_database_username: "{{ authentik_identifier }}" YOUR-SERVICE_database_username: "{{ authentik_identifier }}"
# /role-specific:postgres # /role-specific:postgres
YOUR-SERVICE_container_additional_networks_auto: | YOUR-SERVICE_container_additional_networks_auto: |
{{ {{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and YOUR-SERVICE_database_hostname == devture_postgres_identifier else []) ([postgres_identifier ~ '.service'] if postgres_enabled and YOUR-SERVICE_database_hostname == postgres_identifier else [])
}} }}
######################################################################## ########################################################################
# # # #
# /YOUR-SERVICE # # /YOUR-SERVICE #
@ -175,7 +175,7 @@ YOUR-SERVICE_config_mailer_smtp_port: 8025
YOUR-SERVICE_config_mailer_from: "{{ exim_relay_sender_address if exim_relay_enabled else '' }}" YOUR-SERVICE_config_mailer_from: "{{ exim_relay_sender_address if exim_relay_enabled else '' }}"
YOUR-SERVICE_config_mailer_protocol: "{{ 'smtp' if exim_relay_enabled else '' }}" YOUR-SERVICE_config_mailer_protocol: "{{ 'smtp' if exim_relay_enabled else '' }}"
# /role-specific:exim_relay # /role-specific:exim_relay
######################################################################## ########################################################################
# # # #
# /YOUR-SERVICE # # /YOUR-SERVICE #

View file

@ -64,7 +64,7 @@ You may also wish to look into [Woodpecker CI](woodpecker-ci.md) and [Forgejo Ru
If you want to integrate Forgejo with [Woodpecker CI](woodpecker-ci.md), and if you plan to serve Woodpecker CI under a subpath on the same host as Forgejo (e.g., Forgejo lives at `https://mash.example.com` and Woodpecker CI lives at `https://mash.example.com/ci`), then you need to configure Forgejo to use the host's external IP when invoking webhooks from Woodpecker CI. You can do it by setting the following variables: If you want to integrate Forgejo with [Woodpecker CI](woodpecker-ci.md), and if you plan to serve Woodpecker CI under a subpath on the same host as Forgejo (e.g., Forgejo lives at `https://mash.example.com` and Woodpecker CI lives at `https://mash.example.com/ci`), then you need to configure Forgejo to use the host's external IP when invoking webhooks from Woodpecker CI. You can do it by setting the following variables:
```yaml ```yaml
forgejo_container_add_host_domain_name: "{{ devture_woodpecker_ci_server_hostname }}" forgejo_container_add_host_domain_name: "{{ woodpecker_ci_server_hostname }}"
forgejo_container_add_host_domain_ip_address: "{{ ansible_host }}" forgejo_container_add_host_domain_ip_address: "{{ ansible_host }}"
# If ansible_host points to an internal IP address, you may need to allow Forgejo to make requests to it. # If ansible_host points to an internal IP address, you may need to allow Forgejo to make requests to it.

View file

@ -12,15 +12,15 @@ To enable this service, add the following configuration to your `vars.yml` file
```yaml ```yaml
######################################################################## ########################################################################
# # # #
# devture-postgres-backup # # postgres-backup #
# # # #
######################################################################## ########################################################################
devture_postgres_backup_enabled: true postgres_backup_enabled: true
######################################################################## ########################################################################
# # # #
# /devture-postgres-backup # # /postgres-backup #
# # # #
######################################################################## ########################################################################
``` ```
@ -30,10 +30,10 @@ Refer to the table below for additional configuration variables and their defaul
| Name | Default value | Description | | Name | Default value | Description |
| :-------------------------------- | :--------------------------- | :--------------------------------------------------------------- | | :-------------------------------- | :--------------------------- | :--------------------------------------------------------------- |
|`devture_postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups| |`postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups|
|`devture_postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.| |`postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.|
|`devture_postgres_backup_keep_days`|`7`|Number of daily backups to keep| |`postgres_backup_keep_days`|`7`|Number of daily backups to keep|
|`devture_postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep| |`postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep|
|`devture_postgres_backup_keep_months`|`12`|Number of monthly backups to keep| |`postgres_backup_keep_months`|`12`|Number of monthly backups to keep|
|`devture_postgres_backup_base_path` | `"{{ mash_playbook_base_path }}/postgres-backup"` | Base path for postgres-backup. Also see `devture_postgres_backup_data_path` | |`postgres_backup_base_path` | `"{{ mash_playbook_base_path }}/postgres-backup"` | Base path for postgres-backup. Also see `postgres_backup_data_path` |
|`devture_postgres_backup_data_path` | `"{{ devture_postgres_backup_base_path }}/data"` | Storage path for postgres-backup database backups | |`postgres_backup_data_path` | `"{{ postgres_backup_base_path }}/data"` | Storage path for postgres-backup database backups |

View file

@ -14,18 +14,18 @@ To enable this service, add the following configuration to your `vars.yml` file
```yaml ```yaml
######################################################################## ########################################################################
# # # #
# devture-postgres # # postgres #
# # # #
######################################################################## ########################################################################
devture_postgres_enabled: true postgres_enabled: true
# Put a strong password below, generated with `pwgen -s 64 1` or in another way # Put a strong password below, generated with `pwgen -s 64 1` or in another way
devture_postgres_connection_password: '' postgres_connection_password: ''
######################################################################## ########################################################################
# # # #
# /devture-postgres # # /postgres #
# # # #
######################################################################## ########################################################################
``` ```
@ -165,15 +165,15 @@ Example: `--extra-vars="postgres_dump_name=mash-postgres-dump.sql"`
PostgreSQL can be [tuned](https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server) to make it run faster. This is done by passing extra arguments to the Postgres process. PostgreSQL can be [tuned](https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server) to make it run faster. This is done by passing extra arguments to the Postgres process.
The [Postgres Ansible role](https://github.com/devture/com.devture.ansible.role.postgres) **already does some tuning by default**, which matches the [tuning logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) done by websites like https://pgtune.leopard.in.ua/. The [Postgres Ansible role](https://github.com/devture/com.devture.ansible.role.postgres) **already does some tuning by default**, which matches the [tuning logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) done by websites like https://pgtune.leopard.in.ua/.
You can manually influence some of the tuning variables . These parameters (variables) are injected via the `devture_postgres_postgres_process_extra_arguments_auto` variable. You can manually influence some of the tuning variables . These parameters (variables) are injected via the `postgres_postgres_process_extra_arguments_auto` variable.
Most users should be fine with the automatically-done tuning. However, you may wish to: Most users should be fine with the automatically-done tuning. However, you may wish to:
- **adjust the automatically-deterimned tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) (see `devture_postgres_max_connections`, `devture_postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `devture_postgres_postgres_process_extra_arguments_auto` variable - **adjust the automatically-deterimned tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) (see `postgres_max_connections`, `postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `postgres_postgres_process_extra_arguments_auto` variable
- **turn automatically-performed tuning off**: override it like this: `devture_postgres_postgres_process_extra_arguments_auto: []` - **turn automatically-performed tuning off**: override it like this: `postgres_postgres_process_extra_arguments_auto: []`
- **add additional tuning parameters**: define your additional Postgres configuration parameters in `devture_postgres_postgres_process_extra_arguments_custom`. See `devture_postgres_postgres_process_extra_arguments_auto` defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) for inspiration - **add additional tuning parameters**: define your additional Postgres configuration parameters in `postgres_postgres_process_extra_arguments_custom`. See `postgres_postgres_process_extra_arguments_auto` defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) for inspiration
## Recommended other services ## Recommended other services

View file

@ -14,14 +14,14 @@ To enable this service, add the following configuration to your `vars.yml` file
```yaml ```yaml
######################################################################## ########################################################################
# # # #
# devture-traefik # # traefik #
# # # #
######################################################################## ########################################################################
mash_playbook_reverse_proxy_type: playbook-managed-traefik mash_playbook_reverse_proxy_type: playbook-managed-traefik
# The email address that Traefik will pass to Let's Encrypt when obtaining SSL certificates # The email address that Traefik will pass to Let's Encrypt when obtaining SSL certificates
devture_traefik_config_certificatesResolvers_acme_email: your-email@example.com traefik_config_certificatesResolvers_acme_email: your-email@example.com
# Or, if you'd like to install Traefik yourself: # Or, if you'd like to install Traefik yourself:
# #
@ -30,7 +30,7 @@ devture_traefik_config_certificatesResolvers_acme_email: your-email@example.com
######################################################################## ########################################################################
# # # #
# /devture-traefik # # /traefik #
# # # #
######################################################################## ########################################################################
``` ```
@ -61,7 +61,7 @@ mash_playbook_reverse_proxyable_services_additional_network: traefik
## Increase logging verbosity ## Increase logging verbosity
```yaml ```yaml
devture_traefik_config_log_level: DEBUG traefik_config_log_level: DEBUG
``` ```
## Disable access logs ## Disable access logs
@ -69,7 +69,7 @@ devture_traefik_config_log_level: DEBUG
This will disable access logging. This will disable access logging.
```yaml ```yaml
devture_traefik_config_accessLog_enabled: false traefik_config_accessLog_enabled: false
``` ```
## Enable Traefik Dashboard ## Enable Traefik Dashboard
@ -77,23 +77,23 @@ devture_traefik_config_accessLog_enabled: false
This will enable a Traefik [Dashboard](https://doc.traefik.io/traefik/operations/dashboard/) UI at `https://traefik.mash.example.com/dashboard/` (note the trailing `/`). This will enable a Traefik [Dashboard](https://doc.traefik.io/traefik/operations/dashboard/) UI at `https://traefik.mash.example.com/dashboard/` (note the trailing `/`).
```yaml ```yaml
devture_traefik_dashboard_enabled: true traefik_dashboard_enabled: true
devture_traefik_dashboard_hostname: traefik.mash.example.com traefik_dashboard_hostname: traefik.mash.example.com
devture_traefik_dashboard_basicauth_enabled: true traefik_dashboard_basicauth_enabled: true
devture_traefik_dashboard_basicauth_user: YOUR_USERNAME_HERE traefik_dashboard_basicauth_user: YOUR_USERNAME_HERE
devture_traefik_dashboard_basicauth_password: YOUR_PASSWORD_HERE traefik_dashboard_basicauth_password: YOUR_PASSWORD_HERE
``` ```
**WARNING**: enabling the dashboard on a hostname you use for something else (like `mash.example.com` in the configuration above) may cause conflicts. Enabling the Traefik Dashboard makes Traefik capture all `/dashboard` and `/api` requests and forward them to itself. If any of the services hosted on the same hostname requires any of these 2 URL prefixes, you will experience problems. **WARNING**: enabling the dashboard on a hostname you use for something else (like `mash.example.com` in the configuration above) may cause conflicts. Enabling the Traefik Dashboard makes Traefik capture all `/dashboard` and `/api` requests and forward them to itself. If any of the services hosted on the same hostname requires any of these 2 URL prefixes, you will experience problems.
## Additional configuration ## Additional configuration
Use the `devture_traefik_configuration_extension_yaml` variable provided by the Traefik Ansible role to override or inject additional settings, even when no dedicated variable exists. Use the `traefik_configuration_extension_yaml` variable provided by the Traefik Ansible role to override or inject additional settings, even when no dedicated variable exists.
```yaml ```yaml
# This is a contrived example. # This is a contrived example.
# You can enable and secure the Dashboard using dedicated variables. See above. # You can enable and secure the Dashboard using dedicated variables. See above.
devture_traefik_configuration_extension_yaml: | traefik_configuration_extension_yaml: |
api: api:
dashboard: true dashboard: true
``` ```

View file

@ -34,11 +34,11 @@ To enable this service, add the following configuration to your `vars.yml` file
# # # #
######################################################################## ########################################################################
devture_woodpecker_ci_server_enabled: true woodpecker_ci_server_enabled: true
devture_woodpecker_ci_server_hostname: mash.example.com woodpecker_ci_server_hostname: mash.example.com
devture_woodpecker_ci_server_path_prefix: /ci woodpecker_ci_server_path_prefix: /ci
# Generate this secret with `openssl rand -hex 32` # Generate this secret with `openssl rand -hex 32`
# #
@ -47,20 +47,20 @@ devture_woodpecker_ci_server_path_prefix: /ci
# server will register it as a non-persistent agent. # server will register it as a non-persistent agent.
# #
# See the definition of # See the definition of
# devture_woodpecker_ci_agent_config_agent_secret below for more details. # woodpecker_ci_agent_config_agent_secret below for more details.
devture_woodpecker_ci_server_config_agent_secret: '' woodpecker_ci_server_config_agent_secret: ''
devture_woodpecker_ci_server_config_admins: [YOUR_USERNAME_HERE] woodpecker_ci_server_config_admins: [YOUR_USERNAME_HERE]
# Add one or more usernames that match your version control system (e.g. Gitea) below. # Add one or more usernames that match your version control system (e.g. Gitea) below.
# These users will have admin privileges upon signup. # These users will have admin privileges upon signup.
devture_woodpecker_ci_server_config_admins: woodpecker_ci_server_config_admins:
- YOUR_USERNAME_HERE - YOUR_USERNAME_HERE
- ANOTHER_USERNAME_HERE - ANOTHER_USERNAME_HERE
# Uncomment the line below if you'll be running Woodpecker CI agents on remote machines. # Uncomment the line below if you'll be running Woodpecker CI agents on remote machines.
# If you'll only run agents on the same machine as the server, you can keep gRPC expose disabled. # If you'll only run agents on the same machine as the server, you can keep gRPC expose disabled.
# devture_woodpecker_ci_server_container_labels_traefik_grpc_enabled: true # woodpecker_ci_server_container_labels_traefik_grpc_enabled: true
######################################################################## ########################################################################
# # # #
@ -71,32 +71,32 @@ devture_woodpecker_ci_server_config_admins:
In the example configuration above, we configure the service to be hosted at `https://mash.example.com/ci`. In the example configuration above, we configure the service to be hosted at `https://mash.example.com/ci`.
If you want to host the service at the root path, remove the `devture_woodpecker_ci_server_path_prefix` variable override. If you want to host the service at the root path, remove the `woodpecker_ci_server_path_prefix` variable override.
#### Gitea Integration #### Gitea Integration
The Woodpecker CI server can integrate with [Gitea](gitea.md) using the following **additional** `vars.yml` configuration: The Woodpecker CI server can integrate with [Gitea](gitea.md) using the following **additional** `vars.yml` configuration:
```yaml ```yaml
devture_woodpecker_ci_server_provider: gitea woodpecker_ci_server_provider: gitea
# We must use the public URL here, because it's also used for login redirects # We must use the public URL here, because it's also used for login redirects
devture_woodpecker_ci_server_config_gitea_url: "{{ gitea_config_root_url }}" woodpecker_ci_server_config_gitea_url: "{{ gitea_config_root_url }}"
# Populate these with the OAuth 2 application information # Populate these with the OAuth 2 application information
# (see the Gitea configuration section above) # (see the Gitea configuration section above)
devture_woodpecker_ci_server_config_gitea_client: GITEA_OAUTH_CLIENT_ID_HERE woodpecker_ci_server_config_gitea_client: GITEA_OAUTH_CLIENT_ID_HERE
devture_woodpecker_ci_server_config_gitea_secret: GITEA_OAUTH_CLIENT_SECRET_HERE woodpecker_ci_server_config_gitea_secret: GITEA_OAUTH_CLIENT_SECRET_HERE
devture_woodpecker_ci_server_container_add_host_domain_name: "{{ gitea_hostname }}" woodpecker_ci_server_container_add_host_domain_name: "{{ gitea_hostname }}"
devture_woodpecker_ci_server_container_add_host_ip_address: "{{ ansible_host }}" woodpecker_ci_server_container_add_host_ip_address: "{{ ansible_host }}"
``` ```
To integrate with version-control systems other than Gitea (e.g. [Forgejo](forgejo.md)), you'll need similar configuration. To integrate with version-control systems other than Gitea (e.g. [Forgejo](forgejo.md)), you'll need similar configuration.
### Usage ### Usage
After installation, you should be able to access the Woodpecker CI server instance at `https://mash.DOMAIN/ci` (matching the `devture_woodpecker_ci_server_hostname` and `devture_woodpecker_ci_server_path_prefix` values configured in `vars.yml`). After installation, you should be able to access the Woodpecker CI server instance at `https://mash.DOMAIN/ci` (matching the `woodpecker_ci_server_hostname` and `woodpecker_ci_server_path_prefix` values configured in `vars.yml`).
The **Log in** button should take you to Gitea, where you can authorize Woodpecker CI with the OAuth 2 application. The **Log in** button should take you to Gitea, where you can authorize Woodpecker CI with the OAuth 2 application.
@ -122,7 +122,7 @@ This service requires the following other services:
# # # #
######################################################################## ########################################################################
devture_woodpecker_ci_agent_enabled: true woodpecker_ci_agent_enabled: true
# If the agent runs on the same machine as the server, enabling the agent # If the agent runs on the same machine as the server, enabling the agent
# is everything you need. The agent and server will be wired automatically. # is everything you need. The agent and server will be wired automatically.
@ -132,7 +132,7 @@ devture_woodpecker_ci_agent_enabled: true
# This needs to point to the server's gRPC host:port. # This needs to point to the server's gRPC host:port.
# If your Woodpecker CI Server is deployed using this playbook, its # If your Woodpecker CI Server is deployed using this playbook, its
# gRPC port will likely be 443. E.g., ci.example.com:443. # gRPC port will likely be 443. E.g., ci.example.com:443.
devture_woodpecker_ci_agent_config_server: '' woodpecker_ci_agent_config_server: ''
# This playbook only supports agent-specific secrets, i.e., it is not recommended to use # This playbook only supports agent-specific secrets, i.e., it is not recommended to use
# a shared secret between Woodpecker CI Server and all of its agents. Please refer to # a shared secret between Woodpecker CI Server and all of its agents. Please refer to
@ -142,15 +142,15 @@ devture_woodpecker_ci_agent_config_server: ''
# https://woodpecker-ci.org/docs/administration/agent-config#using-agent-token # https://woodpecker-ci.org/docs/administration/agent-config#using-agent-token
# #
# then, when you have the agent secret, uncomment the following line. # then, when you have the agent secret, uncomment the following line.
#devture_woodpecker_ci_agent_config_agent_secret: '' #woodpecker_ci_agent_config_agent_secret: ''
# Uncomment the line below if you want the agent to connect to the # Uncomment the line below if you want the agent to connect to the
# server over a secure gRPC channel (recommended). # server over a secure gRPC channel (recommended).
#devture_woodpecker_ci_agent_config_grpc_secure: true #woodpecker_ci_agent_config_grpc_secure: true
# Uncomment the line below if you want the agent to verify the # Uncomment the line below if you want the agent to verify the
# server's TLS certificate when connecting over a secure gRPC channel. # server's TLS certificate when connecting over a secure gRPC channel.
#devture_woodpecker_ci_agent_config_grpc_verify: true #woodpecker_ci_agent_config_grpc_verify: true
######################################################################## ########################################################################
# # # #

View file

@ -63,7 +63,7 @@ devture_timesync_installation_enabled: true
######################################################################## ########################################################################
# # # #
# devture-traefik # # traefik #
# # # #
######################################################################## ########################################################################
@ -77,11 +77,11 @@ devture_timesync_installation_enabled: true
mash_playbook_reverse_proxy_type: playbook-managed-traefik mash_playbook_reverse_proxy_type: playbook-managed-traefik
# The email address that Traefik will pass to Let's Encrypt when obtaining SSL certificates # The email address that Traefik will pass to Let's Encrypt when obtaining SSL certificates
devture_traefik_config_certificatesResolvers_acme_email: your-email@example.com traefik_config_certificatesResolvers_acme_email: your-email@example.com
######################################################################## ########################################################################
# # # #
# /devture-traefik # # /traefik #
# # # #
######################################################################## ########################################################################
@ -89,7 +89,7 @@ devture_traefik_config_certificatesResolvers_acme_email: your-email@example.com
######################################################################## ########################################################################
# # # #
# devture-postgres # # postgres #
# # # #
######################################################################## ########################################################################
@ -97,14 +97,14 @@ devture_traefik_config_certificatesResolvers_acme_email: your-email@example.com
# #
# Learn more about the Postgres service in docs/services/postgres.md # Learn more about the Postgres service in docs/services/postgres.md
devture_postgres_enabled: true postgres_enabled: true
# Put a strong password below, generated with `pwgen -s 64 1` or in another way # Put a strong password below, generated with `pwgen -s 64 1` or in another way
devture_postgres_connection_password: '' postgres_connection_password: ''
######################################################################## ########################################################################
# # # #
# /devture-postgres # # /postgres #
# # # #
######################################################################## ########################################################################

View file

@ -46,8 +46,8 @@ mash_playbook_architecture: "{{ 'amd64' if ansible_architecture == 'x86_64' else
# #
# - `playbook-managed-traefik` # - `playbook-managed-traefik`
# - the playbook will run a managed Traefik instance (mash-traefik) # - the playbook will run a managed Traefik instance (mash-traefik)
# - Traefik will do SSL termination, unless you disable it (e.g. `devture_traefik_config_entrypoint_web_secure_enabled: false`) # - Traefik will do SSL termination, unless you disable it (e.g. `traefik_config_entrypoint_web_secure_enabled: false`)
# - if SSL termination is enabled (as it is by default), you need to populate: `devture_traefik_config_certificatesResolvers_acme_email` # - if SSL termination is enabled (as it is by default), you need to populate: `traefik_config_certificatesResolvers_acme_email`
# #
# - `other-traefik-container` # - `other-traefik-container`
# - this playbook will not install Traefik # - this playbook will not install Traefik
@ -74,12 +74,12 @@ mash_playbook_docker_installation_daemon_options_auto:
mash_playbook_docker_installation_daemon_options_custom: {} mash_playbook_docker_installation_daemon_options_custom: {}
# Controls whether to attach Traefik labels to services. # Controls whether to attach Traefik labels to services.
# This is separate from `devture_traefik_enabled`, because you may wish to disable Traefik installation by the playbook, # This is separate from `traefik_enabled`, because you may wish to disable Traefik installation by the playbook,
# yet still use Traefik installed in another way. # yet still use Traefik installed in another way.
mash_playbook_traefik_labels_enabled: "{{ mash_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" mash_playbook_traefik_labels_enabled: "{{ mash_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
# Controls the additional network that reverse-proxyable services will be connected to. # Controls the additional network that reverse-proxyable services will be connected to.
mash_playbook_reverse_proxyable_services_additional_network: "{{ devture_traefik_container_network if devture_traefik_enabled | default(false) else '' }}" mash_playbook_reverse_proxyable_services_additional_network: "{{ traefik_container_network if traefik_enabled | default(false) else '' }}"
# Controls whether various services should expose metrics publicly. # Controls whether various services should expose metrics publicly.
# If Prometheus is operating on the same machine, exposing metrics publicly is not necessary. # If Prometheus is operating on the same machine, exposing metrics publicly is not necessary.

View file

@ -1,5 +1,11 @@
--- ---
- tags:
- setup-all
- install-all
block:
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: ansible_os_family == 'Debian' and mash_playbook_docker_installation_enabled | bool and mash_playbook_migration_docker_trusted_gpg_d_migration_enabled | bool - when: ansible_os_family == 'Debian' and mash_playbook_docker_installation_enabled | bool and mash_playbook_migration_docker_trusted_gpg_d_migration_enabled | bool
tags: tags:
- setup-all - setup-all

View file

@ -0,0 +1,67 @@
---
- name: (Deprecation) Catch and report devture_postgres_backup variables
ansible.builtin.fail:
msg: |-
The postgres-backup role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup).
The new role is pretty much the same, but uses differently named variables.
Please change your configuration (vars.yml) to rename all `devture_postgres_backup_`-prefixed variables (`devture_postgres_backup_*` -> `postgres_backup_*`).
The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_postgres_backup_.*') | map (attribute='key') | join(', ') }}
when: "vars | dict2items | selectattr('key', 'match', 'devture_postgres_backup_.*') | list | items2dict"
- name: (Deprecation) Catch and report devture_postgres variables
ansible.builtin.fail:
msg: |-
The postgres role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-postgres).
The new role is pretty much the same, but uses differently named variables.
Please change your configuration (vars.yml) to rename all `devture_postgres_`-prefixed variables (`devture_postgres_*` -> `devture_postgres_*`).
The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_postgres_.*') | map (attribute='key') | join(', ') }}
when: "vars | dict2items | selectattr('key', 'match', 'devture_postgres_.*') | list | items2dict"
- name: (Deprecation) Catch and report traefik_certs_dumper variables
ansible.builtin.fail:
msg: |-
The traefik-certs-dumper role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper).
The new role is pretty much the same, but uses differently named variables.
Please change your configuration (vars.yml) to rename all `devture_traefik_certs_dumper_`-prefixed variables (`devture_traefik_certs_dumper_*` -> `traefik_certs_dumper_*`).
The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_traefik_certs_dumper_.*') | map (attribute='key') | join(', ') }}
when: "vars | dict2items | selectattr('key', 'match', 'devture_traefik_certs_dumper_.*') | list | items2dict"
- name: (Deprecation) Catch and report devture_traefik variables
ansible.builtin.fail:
msg: |-
The traefik role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-traefik).
The new role is pretty much the same, but uses differently named variables.
Please change your configuration (vars.yml) to rename all `devture_traefik_`-prefixed variables (`devture_traefik_*` -> `traefik_*`).
The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_traefik_.*') | map (attribute='key') | join(', ') }}
when: "vars | dict2items | selectattr('key', 'match', 'devture_traefik_.*') | list | items2dict"
- name: (Deprecation) Catch and report devture_woodpecker_server variables
ansible.builtin.fail:
msg: |-
The woodpecker-ci-server role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-woodpecker-ci-server).
The new role is pretty much the same, but uses differently named variables.
Please change your configuration (vars.yml) to rename all `devture_woodpecker_ci_server_`-prefixed variables (`devture_woodpecker_ci_server_*` -> `woodpecker_ci_server_*`).
The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_woodpecker_ci_server_.*') | map (attribute='key') | join(', ') }}
when: "vars | dict2items | selectattr('key', 'match', 'devture_woodpecker_ci_server_.*') | list | items2dict"
- name: (Deprecation) Catch and report devture_woodpecker_agent variables
ansible.builtin.fail:
msg: |-
The woodpecker-ci-agent role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-woodpecker-ci-agent).
The new role is pretty much the same, but uses differently named variables.
Please change your configuration (vars.yml) to rename all `devture_woodpecker_ci_agent_`-prefixed variables (`devture_woodpecker_ci_agent_*` -> `woodpecker_ci_agent_*`).
The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_woodpecker_ci_agent_.*') | map (attribute='key') | join(', ') }}
when: "vars | dict2items | selectattr('key', 'match', 'devture_woodpecker_ci_agent_.*') | list | items2dict"

File diff suppressed because it is too large Load diff

View file

@ -55,7 +55,7 @@
- src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
version: v0.2.0-0 version: v0.2.0-0
name: container_socket_proxy name: container_socket_proxy
activation_prefix: devture_traefik_ activation_prefix: traefik_
- src: git+https://github.com/Bergruebe/ansible-role-couchdb.git - src: git+https://github.com/Bergruebe/ansible-role-couchdb.git
version: v3.3.3-1 version: v3.3.3-1
name: couchdb name: couchdb
@ -283,14 +283,14 @@
version: v15-3.3-0 version: v15-3.3-0
name: postgis name: postgis
activation_prefix: postgis_ activation_prefix: postgis_
- src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git
version: v16.4-0 version: v17.0-0
name: postgres name: postgres
activation_prefix: devture_postgres_ activation_prefix: postgres_
- src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git
version: ccfd8db07fd8725119f0e06ba5144b8f58a67890 version: v16-0
name: postgres_backup name: postgres_backup
activation_prefix: devture_postgres_backup_ activation_prefix: postgres_backup_
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
version: v2.54.1-1 version: v2.54.1-1
name: prometheus name: prometheus
@ -383,10 +383,10 @@
version: v1.0.0-0 version: v1.0.0-0
name: timesync name: timesync
activation_prefix: devture_timesync_ activation_prefix: devture_timesync_
- src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
version: v3.1.3-1 version: v3.1.3-2
name: traefik name: traefik
activation_prefix: devture_traefik_ activation_prefix: traefik_
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-uptime_kuma.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-uptime_kuma.git
version: v1.23.13-0 version: v1.23.13-0
name: uptime_kuma name: uptime_kuma
@ -403,14 +403,14 @@
version: v14-1 version: v14-1
name: wg_easy name: wg_easy
activation_prefix: wg_easy_ activation_prefix: wg_easy_
- src: git+https://github.com/devture/com.devture.ansible.role.woodpecker_ci_agent.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-woodpecker-ci-agent.git
version: v2.7.1-0 version: v2.7.1-1
name: woodpecker_ci_agent name: woodpecker_ci_agent
activation_prefix: devture_woodpecker_ci_agent_ activation_prefix: woodpecker_ci_agent_
- src: git+https://github.com/devture/com.devture.ansible.role.woodpecker_ci_server.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-woodpecker-ci-server.git
version: v2.7.1-0 version: v2.7.1-1
name: woodpecker_ci_server name: woodpecker_ci_server
activation_prefix: devture_woodpecker_ci_server_ activation_prefix: woodpecker_ci_server_
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-wordpress - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-wordpress
version: v6.5.5-2 version: v6.5.5-2
name: wordpress name: wordpress