diff --git a/docs/services/semaphore.md b/docs/services/semaphore.md new file mode 100644 index 0000000..3ddd588 --- /dev/null +++ b/docs/services/semaphore.md @@ -0,0 +1,48 @@ +# Semaphore + +[Semaphore](https://www.ansible-semaphore.com/) is a responsive web UI for running Ansible playbooks. Installing it is powered by the [mother-of-all-self-hosting/ansible-role-semaphore](https://github.com/mother-of-all-self-hosting/ansible-role-semaphore) Ansible role. + +## Dependencies + +This service requires the following other services: + +- a [Postgres](postgres.md) database +- a [Traefik](traefik.md) reverse-proxy server + + +## Configuration + +To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process: + +```yaml +######################################################################## +# # +# semaphore # +# # +######################################################################## + +semaphore_enabled: true + +semaphore_hostname: semaphore.example.com + +# Despite the confusing naming, semaphore_admin_name needs to hold a username, not a name! +semaphore_admin_name: '' +semaphore_admin_email: '' +# You can generate a strong password with a command like: `pwgen -s 64 1` +semaphore_admin_password: '' + +# Key for encrypting access keys in database. +# It must be generated by using the following command: head -c32 /dev/urandom | base64 +semaphore_access_key_encryption: '' + +######################################################################## +# # +# /semaphore # +# # +######################################################################## +``` + + +## Usage + +After [installing](../installing.md), you can log into you admin account by visiting the URL specified in `semaphore_hostname`. diff --git a/docs/supported-services.md b/docs/supported-services.md index 7c28809..35aa295 100644 --- a/docs/supported-services.md +++ b/docs/supported-services.md @@ -59,6 +59,7 @@ | [Redis](https://redis.io/) | An in-memory data store used by millions of developers as a database, cache, streaming engine, and message broker. | [Link](services/redis.md) | | [Roundcube](https://roundcube.net/) | A browser-based multilingual IMAP client with an application-like user interface | [Link](services/roundcube.md) | | [rumqttd](https://github.com/bytebeamio/rumqtt) | A high performance, embeddable [MQTT](https://en.wikipedia.org/wiki/MQTT) broker | [Link](services/rumqttd.md) | +| [Ansible Semaphore](https://www.ansible-semaphore.com/) | A responsive web UI for running Ansible playbooks | [Link](services/semaphore.md) | | [Soft Serve](https://github.com/charmbracelet/soft-serve) | A tasty, self-hostable [Git](https://git-scm.com/) server for the command line | [Link](services/soft-serve.md) | | [Syncthing](https://syncthing.net/) | A continuous file synchronization program which synchronizes files between two or more computers in real time | [Link](services/syncthing.md) | | [Telegraf](https://www.influxdata.com/time-series-platform/telegraf/) | An open source server agent to help you collect metrics from your stacks, sensors, and systems. | [Link](services/telegraf.md) | diff --git a/templates/group_vars_mash_servers b/templates/group_vars_mash_servers index 7105b2a..392ea35 100644 --- a/templates/group_vars_mash_servers +++ b/templates/group_vars_mash_servers @@ -482,6 +482,11 @@ mash_playbook_devture_systemd_service_manager_services_list_auto_itemized: {{ ({'name': (rumqttd_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'rumqttd']} if rumqttd_enabled else omit) }} # /role-specific:rumqttd + # role-specific:semaphore + - |- + {{ ({'name': (semaphore_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'semaphore']} if semaphore_enabled else omit) }} + # /role-specific:semaphore + # role-specific:soft_serve - |- {{ ({'name': (soft_serve_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'soft-serve']} if soft_serve_enabled else omit) }} @@ -840,6 +845,17 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized: }} # /role-specific:roundcube + # role-specific:semaphore + - |- + {{ + ({ + 'name': semaphore_database_name, + 'username': semaphore_database_username, + 'password': semaphore_database_password, + } if semaphore_enabled and semaphore_database_host == devture_postgres_identifier else omit) + }} + # /role-specific:semaphore + devture_postgres_managed_databases_auto: "{{ mash_playbook_devture_postgres_managed_databases_auto_itemized | reject('equalto', omit) }}" ######################################################################## @@ -3892,6 +3908,55 @@ rumqttd_gid: "{{ mash_playbook_gid }}" +# role-specific:semaphore +######################################################################## +# # +# semaphore # +# # +######################################################################## + +semaphore_enabled: false + +semaphore_identifier: "{{ mash_playbook_service_identifier_prefix }}semaphore" + +semaphore_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}semaphore" + +semaphore_uid: "{{ mash_playbook_uid }}" +semaphore_gid: "{{ mash_playbook_gid }}" + +semaphore_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" +semaphore_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +semaphore_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.semaphore', rounds=655555) | to_uuid }}" +semaphore_database_username: "{{ semaphore_identifier }}" + +semaphore_systemd_required_services_list: | + {{ + (['docker.service']) + + + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and semaphore_database_host == devture_postgres_identifier else []) + }} + +semaphore_container_additional_networks: | + {{ + ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + + + ([devture_postgres_container_network] if devture_postgres_enabled and semaphore_database_host == devture_postgres_identifier and semaphore_container_network != devture_postgres_container_network else []) + }} + +semaphore_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" +semaphore_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" +semaphore_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +semaphore_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + +######################################################################## +# # +# /semaphore # +# # +######################################################################## +# /role-specific:semaphore + + + # role-specific:soft_serve ######################################################################## # # diff --git a/templates/requirements.yml b/templates/requirements.yml index d9751c2..0d3b0f4 100644 --- a/templates/requirements.yml +++ b/templates/requirements.yml @@ -256,6 +256,10 @@ version: v0.21.0-0 name: rumqttd activation_prefix: rumqttd_ +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-semaphore.git + version: v2.9.36-0 + name: semaphore + activation_prefix: semaphore_ - src: git+https://gitlab.com/etke.cc/roles/soft_serve.git version: v0.4.7-0 name: soft_serve diff --git a/templates/setup.yml b/templates/setup.yml index b9f104d..85676a7 100644 --- a/templates/setup.yml +++ b/templates/setup.yml @@ -288,6 +288,10 @@ - role: galaxy/rumqttd # /role-specific:rumqttd + # role-specific:semaphore + - role: galaxy/semaphore + # /role-specific:semaphore + # role-specific:soft_serve - role: galaxy/soft_serve # /role-specific:soft_serve