Add some more role-specific annotations to templates/group_vars_mash_servers

There's a lot more that can be added, especially to decouple from
some default components like Postgres and Traefik.
This commit is contained in:
Slavi Pantaleev 2023-11-20 17:20:17 +02:00
parent 3b6912d275
commit 803c623bab

View file

@ -60,15 +60,19 @@ authelia_config_session_secret: "{{ '%s' | format(mash_playbook_generic_secret_k
authelia_config_identity_providers_oidc_hmac_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'hm.authelia', rounds=655555) | to_uuid }}"
# role-specific:postgres
authelia_config_storage_postgres_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
authelia_config_storage_postgres_port: "{{ '5432' if devture_postgres_enabled else '' }}"
authelia_config_storage_postgres_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.authelia', rounds=655555) | to_uuid }}"
# /role-specific:postgres
# role-specific:mariadb
# If Postgres and MariaDB are not enabled, we favor Postgres.
# We only enable MySQL if it's the only enabled component (that is, if Postgres is not enabled at the same time).
authelia_config_storage_mysql_host: "{{ mariadb_identifier if mariadb_enabled and not devture_postgres_enabled else '' }}"
authelia_config_storage_mysql_host: "{{ mariadb_identifier if mariadb_enabled and not devture_postgres_enabled | default(false) else '' }}"
authelia_config_storage_mysql_port: "{{ '3306' if mariadb_enabled else '' }}"
authelia_config_storage_mysql_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.authelia', rounds=655555) | to_uuid }}"
# /role-specific:mariadb
########################################################################
# #
@ -875,6 +879,7 @@ devture_postgres_backup_container_network: "{{ devture_postgres_container_networ
devture_postgres_backup_uid: "{{ mash_playbook_uid }}"
devture_postgres_backup_gid: "{{ mash_playbook_gid }}"
# role-specific:postgres
devture_postgres_backup_connection_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
devture_postgres_backup_connection_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}"
devture_postgres_backup_connection_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}"
@ -883,6 +888,7 @@ devture_postgres_backup_connection_password: "{{ devture_postgres_connection_pas
devture_postgres_backup_postgres_data_path: "{{ devture_postgres_data_path if devture_postgres_enabled else '' }}"
devture_postgres_backup_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}"
# /role-specific:postgres
########################################################################
# #
@ -961,18 +967,20 @@ devture_traefik_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_servi
devture_traefik_uid: "{{ mash_playbook_uid }}"
devture_traefik_gid: "{{ mash_playbook_gid }}"
# role-specific:container_socket_proxy
devture_traefik_config_providers_docker_endpoint: "{{ devture_container_socket_proxy_endpoint if devture_container_socket_proxy_enabled else 'unix:///var/run/docker.sock' }}"
# /role-specific:container_socket_proxy
devture_traefik_container_additional_networks: |
{{
([devture_container_socket_proxy_container_network] if devture_container_socket_proxy_enabled else [])
([devture_container_socket_proxy_container_network] if devture_container_socket_proxy_enabled | default(false) else [])
}}
devture_traefik_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_container_socket_proxy_identifier + '.service'] if devture_container_socket_proxy_enabled else [])
([devture_container_socket_proxy_identifier + '.service'] if devture_container_socket_proxy_enabled | default(false) else [])
}}
########################################################################
@ -1043,10 +1051,12 @@ adguard_home_container_additional_networks: |
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# role-specific:traefik
adguard_home_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
adguard_home_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
adguard_home_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
adguard_home_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# /role-specific:traefik
########################################################################
# #
@ -1078,10 +1088,12 @@ appsmith_container_additional_networks_auto: |
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# role-specific:traefik
appsmith_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
appsmith_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
appsmith_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
appsmith_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# /role-specific:traefik
########################################################################
# #
@ -1108,10 +1120,12 @@ authentik_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_bas
authentik_uid: "{{ mash_playbook_uid }}"
authentik_gid: "{{ mash_playbook_gid }}"
# role-specific:postgres
authentik_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
authentik_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
authentik_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.authentik', rounds=655555) | to_uuid }}"
authentik_database_username: "{{ authentik_identifier }}"
# /role-specific:postgres
authentik_server_systemd_required_services_list_auto: |
{{
@ -1125,10 +1139,12 @@ authentik_container_additional_networks_auto: |
([devture_postgres_container_network] if devture_postgres_enabled and authentik_database_hostname == devture_postgres_identifier and authentik_container_network != devture_postgres_container_network else [])
}}
# role-specific:traefik
authentik_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
authentik_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
authentik_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
authentik_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# /role-specific:traefik
########################################################################
# #
@ -1162,37 +1178,41 @@ backup_borg_storage_archive_name_format: "{{ mash_playbook_service_identifier_pr
backup_borg_container_image_self_build: "{{ mash_playbook_architecture not in ['amd64', 'arm32', 'arm64'] }}"
# role-specific:postgres
backup_borg_postgresql_enabled: "{{ devture_postgres_enabled }}"
backup_borg_postgresql_databases_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
backup_borg_postgresql_databases_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}"
backup_borg_postgresql_databases_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}"
backup_borg_postgresql_databases_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}"
backup_borg_postgresql_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}"
# /role-specific:postgres
# role-specific:mariadb
backup_borg_mysql_enabled: "{{ mariadb_enabled }}"
backup_borg_mysql_databases_hostname: "{{ mariadb_identifier if mariadb_enabled else '' }}"
backup_borg_mysql_databases_username: "root"
backup_borg_mysql_databases_password: "{{ mariadb_root_passsword if mariadb_enabled else '' }}"
backup_borg_mysql_databases_port: 3306
backup_borg_mysql_databases: "{{ mariadb_managed_databases | map(attribute='name') if mariadb_enabled else [] }}"
# /role-specific:mariadb
backup_borg_location_source_directories:
- "{{ mash_playbook_base_path }}"
backup_borg_location_exclude_patterns: |
{{
([devture_postgres_data_path] if devture_postgres_enabled else [])
([devture_postgres_data_path] if devture_postgres_enabled | default(false) else [])
+
([mariadb_data_path] if mariadb_enabled else [])
([mariadb_data_path] if mariadb_enabled | default(false) else [])
}}
backup_borg_systemd_required_services_list: |
{{
['docker.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled | default(false) else [])
+
([mariadb_identifier ~ '.service'] if mariadb_enabled else [])
([mariadb_identifier ~ '.service'] if mariadb_enabled | default(false) else [])
}}
########################################################################
@ -1225,10 +1245,12 @@ changedetection_container_additional_networks_auto: |
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# role-specific:traefik
changedetection_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
changedetection_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
changedetection_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
changedetection_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# /role-specific:traefik
########################################################################
# #
@ -1290,10 +1312,12 @@ collabora_online_container_additional_networks: |
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# role-specific:traefik
collabora_online_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
collabora_online_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
collabora_online_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
collabora_online_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# /role-specific:traefik
########################################################################
# #
@ -1325,10 +1349,12 @@ docker_registry_container_additional_networks: |
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# role-specific:traefik
docker_registry_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
docker_registry_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
docker_registry_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
docker_registry_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# /role-specific:traefik
########################################################################
# #
@ -1360,10 +1386,12 @@ docker_registry_browser_container_additional_networks: |
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# role-specific:traefik
docker_registry_browser_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
docker_registry_browser_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
docker_registry_browser_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
docker_registry_browser_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# /role-specific:traefik
########################################################################
# #
@ -1423,10 +1451,12 @@ echoip_container_additional_networks: |
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# role-specific:traefik
echoip_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
echoip_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
echoip_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
echoip_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# /role-specific:traefik
########################################################################
# #
@ -1454,29 +1484,33 @@ firezone_uid: "{{ mash_playbook_uid }}"
firezone_gid: "{{ mash_playbook_gid }}"
firezone_generic_secret: "{{ mash_playbook_generic_secret_key }}"
# role-specific:postgres
firezone_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
firezone_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
firezone_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'fz.db.user', rounds=655555) | to_uuid }}"
firezone_database_user: "{{ firezone_identifier }}"
# /role-specific:postgres
firezone_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and firezone_database_host == devture_postgres_identifier else [])
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled | default(false) and firezone_database_host == devture_postgres_identifier else [])
}}
firezone_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and firezone_database_host == devture_postgres_identifier and firezone_container_network != devture_postgres_container_network else [])
([devture_postgres_container_network] if devture_postgres_enabled | default(false) and firezone_database_host == devture_postgres_identifier and firezone_container_network != devture_postgres_container_network else [])
}}
# role-specific:traefik
firezone_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
firezone_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
firezone_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
firezone_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# /role-specific:traefik
########################################################################
# #
@ -1508,22 +1542,26 @@ focalboard_systemd_required_systemd_services_list_auto: |
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and focalboard_database_hostname == devture_postgres_identifier else [])
}}
# role-specific:postgres
focalboard_database_type: "{{ 'postgres' if devture_postgres_enabled else '' }}"
focalboard_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
focalboard_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
focalboard_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.focalboard', rounds=655555) | to_uuid }}"
# /role-specific:postgres
focalboard_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and focalboard_database_hostname == devture_postgres_identifier else [])
([devture_postgres_container_network] if devture_postgres_enabled | default(false) and focalboard_database_hostname == devture_postgres_identifier else [])
}}
# role-specific:traefik
focalboard_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
focalboard_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
focalboard_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
focalboard_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# /role-specific:traefik
########################################################################
# #