Merge pull request #125 from mother-of-all-self-hosting/semaphore2

feat: Add ansible-semaphore
2023-12-06 17:36:54 +02:00 · 2023-12-06 17:36:54 +02:00 · c5e4ddb776
commit c5e4ddb776
parent ecb15eb729 f4a2aa4b9b
5 changed files with 122 additions and 0 deletions
--- a/docs/services/semaphore.md
+++ b/docs/services/semaphore.md
@ -0,0 +1,48 @@
+# Semaphore
+
+[Semaphore](https://www.ansible-semaphore.com/) is a responsive web UI for running Ansible playbooks. Installing it is powered by the [mother-of-all-self-hosting/ansible-role-semaphore](https://github.com/mother-of-all-self-hosting/ansible-role-semaphore) Ansible role.
+
+## Dependencies
+
+This service requires the following other services:
+
+- a [Postgres](postgres.md) database
+- a [Traefik](traefik.md) reverse-proxy server
+
+
+## Configuration
+
+To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
+
+```yaml
+########################################################################
+#                                                                      #
+# semaphore                                                            #
+#                                                                      #
+########################################################################
+
+semaphore_enabled: true
+
+semaphore_hostname: semaphore.example.com
+
+# Despite the confusing naming, semaphore_admin_name needs to hold a username, not a name!
+semaphore_admin_name: ''
+semaphore_admin_email: ''
+# You can generate a strong password with a command like: `pwgen -s 64 1`
+semaphore_admin_password: ''
+
+# Key for encrypting access keys in database.
+# It must be generated by using the following command: head -c32 /dev/urandom | base64
+semaphore_access_key_encryption: ''
+
+########################################################################
+#                                                                      #
+# /semaphore                                                           #
+#                                                                      #
+########################################################################
+```
+
+
+## Usage
+
+After [installing](../installing.md), you can log into you admin account by visiting the URL specified in `semaphore_hostname`.
--- a/docs/supported-services.md
+++ b/docs/supported-services.md
@ -59,6 +59,7 @@
 | [Redis](https://redis.io/) | An in-memory data store used by millions of developers as a database, cache, streaming engine, and message broker. | [Link](services/redis.md) |
 | [Roundcube](https://roundcube.net/) | A browser-based multilingual IMAP client with an application-like user interface | [Link](services/roundcube.md) |
 | [rumqttd](https://github.com/bytebeamio/rumqtt) | A high performance, embeddable [MQTT](https://en.wikipedia.org/wiki/MQTT) broker | [Link](services/rumqttd.md) |
+| [Ansible Semaphore](https://www.ansible-semaphore.com/) | A responsive web UI for running Ansible playbooks  | [Link](services/semaphore.md) |
 | [Soft Serve](https://github.com/charmbracelet/soft-serve) | A tasty, self-hostable [Git](https://git-scm.com/) server for the command line | [Link](services/soft-serve.md) |
 | [Syncthing](https://syncthing.net/) | A continuous file synchronization program which synchronizes files between two or more computers in real time | [Link](services/syncthing.md) |
 | [Telegraf](https://www.influxdata.com/time-series-platform/telegraf/) | An open source server agent to help you collect metrics from your stacks, sensors, and systems. | [Link](services/telegraf.md) |
--- a/templates/group_vars_mash_servers
+++ b/templates/group_vars_mash_servers
@ -482,6 +482,11 @@ mash_playbook_devture_systemd_service_manager_services_list_auto_itemized:
    {{ ({'name': (rumqttd_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'rumqttd']} if rumqttd_enabled else omit) }}
  # /role-specific:rumqttd

+  # role-specific:semaphore
+  - |-
+    {{ ({'name': (semaphore_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'semaphore']} if semaphore_enabled else omit) }}
+  # /role-specific:semaphore
+
  # role-specific:soft_serve
  - |-
    {{ ({'name': (soft_serve_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'soft-serve']} if soft_serve_enabled else omit) }}
@ -840,6 +845,17 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized:
    }}
  # /role-specific:roundcube

+  # role-specific:semaphore
+  - |-
+    {{
+      ({
+        'name': semaphore_database_name,
+        'username': semaphore_database_username,
+        'password': semaphore_database_password,
+      } if semaphore_enabled and semaphore_database_host == devture_postgres_identifier else omit)
+    }}
+  # /role-specific:semaphore
+
 devture_postgres_managed_databases_auto: "{{ mash_playbook_devture_postgres_managed_databases_auto_itemized | reject('equalto', omit) }}"

 ########################################################################
@ -3892,6 +3908,55 @@ rumqttd_gid: "{{ mash_playbook_gid }}"



+# role-specific:semaphore
+########################################################################
+#                                                                      #
+# semaphore                                                            #
+#                                                                      #
+########################################################################
+
+semaphore_enabled: false
+
+semaphore_identifier: "{{ mash_playbook_service_identifier_prefix }}semaphore"
+
+semaphore_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}semaphore"
+
+semaphore_uid: "{{ mash_playbook_uid }}"
+semaphore_gid: "{{ mash_playbook_gid }}"
+
+semaphore_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
+semaphore_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
+semaphore_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.semaphore', rounds=655555) | to_uuid }}"
+semaphore_database_username: "{{ semaphore_identifier }}"
+
+semaphore_systemd_required_services_list: |
+  {{
+    (['docker.service'])
+    +
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and semaphore_database_host == devture_postgres_identifier else [])
+  }}
+
+semaphore_container_additional_networks: |
+  {{
+    ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+    +
+    ([devture_postgres_container_network] if devture_postgres_enabled and semaphore_database_host == devture_postgres_identifier and semaphore_container_network != devture_postgres_container_network else [])
+  }}
+
+semaphore_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
+semaphore_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
+semaphore_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
+semaphore_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
+
+########################################################################
+#                                                                      #
+# /semaphore                                                           #
+#                                                                      #
+########################################################################
+# /role-specific:semaphore
+
+
+
 # role-specific:soft_serve
 ########################################################################
 #                                                                      #
--- a/templates/requirements.yml
+++ b/templates/requirements.yml
@ -256,6 +256,10 @@
  version: v0.21.0-0
  name: rumqttd
  activation_prefix: rumqttd_
+- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-semaphore.git
+  version: v2.9.36-0
+  name: semaphore
+  activation_prefix: semaphore_
 - src: git+https://gitlab.com/etke.cc/roles/soft_serve.git
  version: v0.4.7-0
  name: soft_serve
--- a/templates/setup.yml
+++ b/templates/setup.yml
@ -288,6 +288,10 @@
    - role: galaxy/rumqttd
    # /role-specific:rumqttd

+    # role-specific:semaphore
+    - role: galaxy/semaphore
+    # /role-specific:semaphore
+
    # role-specific:soft_serve
    - role: galaxy/soft_serve
    # /role-specific:soft_serve