From 3ce6ff35e23e998a5e5c06b7dc43f63b51e2efbe Mon Sep 17 00:00:00 2001 From: moanos Date: Wed, 6 Dec 2023 16:00:48 +0100 Subject: [PATCH 1/5] feat: Add ansible-semaphore --- docs/services/semaphore.md | 43 ++++++++++++++++++++++++++++++++++++++ docs/supported-services.md | 1 + 2 files changed, 44 insertions(+) create mode 100644 docs/services/semaphore.md diff --git a/docs/services/semaphore.md b/docs/services/semaphore.md new file mode 100644 index 0000000..fde6c08 --- /dev/null +++ b/docs/services/semaphore.md @@ -0,0 +1,43 @@ +# Semaphore + +[Semaphore](https://www.ansible-semaphore.com/) is a responsive web UI for running Ansible playbooks. Installing it is powered by the [mother-of-all-self-hosting/ansible-role-semaphore](https://github.com/mother-of-all-self-hosting/ansible-role-semaphore) Ansible role. + +## Dependencies + +This service requires the following other services: + +- a [Postgres](postgres.md) database +- a [Traefik](traefik.md) reverse-proxy server + + +## Configuration + +To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process: + +```yaml +######################################################################## +# # +# semaphore # +# # +######################################################################## + +semaphore_enabled: true +semaphore_hostname: semaphore.example.com +semaphore_admin_password: STRONG_PASSWORD +semaphore_admin_name: USERNAME +semaphore_admin_email: user@example.org +# Key for encrypting access keys in database. +# It must be generated by using the following command: head -c32 /dev/urandom | base64 +semaphore_access_key_encryption: "PJOfV/7Q+ZDUxo2bgW8dgVbGJ6nNIJgEOyB3hcnVVz4=" + +######################################################################## +# # +# /semaphore # +# # +######################################################################## +``` + + +## Usage + +After [installing](../installing.md), you can log into you admin account by visiting the URL specified in `semaphore_hostname`. diff --git a/docs/supported-services.md b/docs/supported-services.md index 7c28809..35aa295 100644 --- a/docs/supported-services.md +++ b/docs/supported-services.md @@ -59,6 +59,7 @@ | [Redis](https://redis.io/) | An in-memory data store used by millions of developers as a database, cache, streaming engine, and message broker. | [Link](services/redis.md) | | [Roundcube](https://roundcube.net/) | A browser-based multilingual IMAP client with an application-like user interface | [Link](services/roundcube.md) | | [rumqttd](https://github.com/bytebeamio/rumqtt) | A high performance, embeddable [MQTT](https://en.wikipedia.org/wiki/MQTT) broker | [Link](services/rumqttd.md) | +| [Ansible Semaphore](https://www.ansible-semaphore.com/) | A responsive web UI for running Ansible playbooks | [Link](services/semaphore.md) | | [Soft Serve](https://github.com/charmbracelet/soft-serve) | A tasty, self-hostable [Git](https://git-scm.com/) server for the command line | [Link](services/soft-serve.md) | | [Syncthing](https://syncthing.net/) | A continuous file synchronization program which synchronizes files between two or more computers in real time | [Link](services/syncthing.md) | | [Telegraf](https://www.influxdata.com/time-series-platform/telegraf/) | An open source server agent to help you collect metrics from your stacks, sensors, and systems. | [Link](services/telegraf.md) | From 12a8b63bbd2fa84b4bb4bc420c8c46e761e50ed6 Mon Sep 17 00:00:00 2001 From: moanos Date: Wed, 6 Dec 2023 16:18:42 +0100 Subject: [PATCH 2/5] feat: Add ansible-semaphore playbook files --- templates/group_vars_mash_servers | 65 +++++++++++++++++++++++++++++++ templates/requirements.yml | 4 ++ templates/setup.yml | 4 ++ 3 files changed, 73 insertions(+) diff --git a/templates/group_vars_mash_servers b/templates/group_vars_mash_servers index 7105b2a..4fa8147 100644 --- a/templates/group_vars_mash_servers +++ b/templates/group_vars_mash_servers @@ -482,6 +482,11 @@ mash_playbook_devture_systemd_service_manager_services_list_auto_itemized: {{ ({'name': (rumqttd_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'rumqttd']} if rumqttd_enabled else omit) }} # /role-specific:rumqttd + # role-specific:semaphore + - |- + {{ ({'name': (semaphore_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'soft-serve']} if semaphore_enabled else omit) }} + # /role-specific:semaphore + # role-specific:soft_serve - |- {{ ({'name': (soft_serve_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'soft-serve']} if soft_serve_enabled else omit) }} @@ -840,6 +845,17 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized: }} # /role-specific:roundcube + # role-specific:semaphore + - |- + {{ + ({ + 'name': semaphore_database_name, + 'username': semaphore_database_username, + 'password': semaphore_database_password, + } if semaphore_enabled and semaphore_database_hostname == devture_postgres_identifier else omit) + }} + # /role-specific:semaphore + devture_postgres_managed_databases_auto: "{{ mash_playbook_devture_postgres_managed_databases_auto_itemized | reject('equalto', omit) }}" ######################################################################## @@ -3892,6 +3908,55 @@ rumqttd_gid: "{{ mash_playbook_gid }}" +# role-specific:semaphore +######################################################################## +# # +# semaphore # +# # +######################################################################## + +semaphore_enabled: false + +semaphore_identifier: "{{ mash_playbook_service_identifier_prefix }}semaphore" + +semaphore_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}semaphore" + +semaphore_uid: "{{ mash_playbook_uid }}" +semaphore_gid: "{{ mash_playbook_gid }}" + +semaphore_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" +semaphore_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +semaphore_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.semaphore', rounds=655555) | to_uuid }}" +semaphore_database_username: "{{ semaphore_identifier }}" + +semaphore_systemd_required_services_list: | + {{ + (['docker.service']) + + + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and semaphore_database_host == devture_postgres_identifier else []) + }} + +semaphore_container_additional_networks: | + {{ + ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + + + ([devture_postgres_container_network] if devture_postgres_enabled and semaphore_database_host == devture_postgres_identifier and semaphore_container_network != devture_postgres_container_network else []) + }} + +semaphore_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" +semaphore_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" +semaphore_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +semaphore_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + +######################################################################## +# # +# /semaphore # +# # +######################################################################## +# /role-specific:semaphore + + + # role-specific:soft_serve ######################################################################## # # diff --git a/templates/requirements.yml b/templates/requirements.yml index d9751c2..0d3b0f4 100644 --- a/templates/requirements.yml +++ b/templates/requirements.yml @@ -256,6 +256,10 @@ version: v0.21.0-0 name: rumqttd activation_prefix: rumqttd_ +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-semaphore.git + version: v2.9.36-0 + name: semaphore + activation_prefix: semaphore_ - src: git+https://gitlab.com/etke.cc/roles/soft_serve.git version: v0.4.7-0 name: soft_serve diff --git a/templates/setup.yml b/templates/setup.yml index b9f104d..85676a7 100644 --- a/templates/setup.yml +++ b/templates/setup.yml @@ -288,6 +288,10 @@ - role: galaxy/rumqttd # /role-specific:rumqttd + # role-specific:semaphore + - role: galaxy/semaphore + # /role-specific:semaphore + # role-specific:soft_serve - role: galaxy/soft_serve # /role-specific:soft_serve From ff5dbde71f1a4ea62f757dc2e6a8d7e3cf255e2d Mon Sep 17 00:00:00 2001 From: moanos Date: Wed, 6 Dec 2023 16:21:13 +0100 Subject: [PATCH 3/5] docs: Make variables more clear, don't use defaults --- docs/services/semaphore.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/docs/services/semaphore.md b/docs/services/semaphore.md index fde6c08..3ddd588 100644 --- a/docs/services/semaphore.md +++ b/docs/services/semaphore.md @@ -22,13 +22,18 @@ To enable this service, add the following configuration to your `vars.yml` file ######################################################################## semaphore_enabled: true + semaphore_hostname: semaphore.example.com -semaphore_admin_password: STRONG_PASSWORD -semaphore_admin_name: USERNAME -semaphore_admin_email: user@example.org + +# Despite the confusing naming, semaphore_admin_name needs to hold a username, not a name! +semaphore_admin_name: '' +semaphore_admin_email: '' +# You can generate a strong password with a command like: `pwgen -s 64 1` +semaphore_admin_password: '' + # Key for encrypting access keys in database. # It must be generated by using the following command: head -c32 /dev/urandom | base64 -semaphore_access_key_encryption: "PJOfV/7Q+ZDUxo2bgW8dgVbGJ6nNIJgEOyB3hcnVVz4=" +semaphore_access_key_encryption: '' ######################################################################## # # From f7e1ff5fbaec04a7923bf194e02d1ea3576f2763 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 6 Dec 2023 17:25:48 +0200 Subject: [PATCH 4/5] Fix groups for semaphore --- templates/group_vars_mash_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/group_vars_mash_servers b/templates/group_vars_mash_servers index 4fa8147..f96f462 100644 --- a/templates/group_vars_mash_servers +++ b/templates/group_vars_mash_servers @@ -484,7 +484,7 @@ mash_playbook_devture_systemd_service_manager_services_list_auto_itemized: # role-specific:semaphore - |- - {{ ({'name': (semaphore_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'soft-serve']} if semaphore_enabled else omit) }} + {{ ({'name': (semaphore_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'semaphore']} if semaphore_enabled else omit) }} # /role-specific:semaphore # role-specific:soft_serve From f4a2aa4b9b0280bc248fdd168d5c854ff745e838 Mon Sep 17 00:00:00 2001 From: moanos Date: Wed, 6 Dec 2023 16:31:24 +0100 Subject: [PATCH 5/5] fix: Typo --- templates/group_vars_mash_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/group_vars_mash_servers b/templates/group_vars_mash_servers index f96f462..392ea35 100644 --- a/templates/group_vars_mash_servers +++ b/templates/group_vars_mash_servers @@ -852,7 +852,7 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized: 'name': semaphore_database_name, 'username': semaphore_database_username, 'password': semaphore_database_password, - } if semaphore_enabled and semaphore_database_hostname == devture_postgres_identifier else omit) + } if semaphore_enabled and semaphore_database_host == devture_postgres_identifier else omit) }} # /role-specific:semaphore