il/ilnmors-homelab
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

inventory, roles: update group_vars/all.yaml and set service files to centralize subuid for containers

Browse Source
This commit is contained in:
Il Lee
2026-04-01 22:22:40 +09:00
parent b52a6f6f0d
commit 017de863d9
13 changed files with 44 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
ansible/inventory/group_vars/all.yaml
View File

@@ -37,30 +37,37 @@ services:
domain: "postgresql"
ports:
tcp: "5432" # postgresql db connection port
subuid: "100998"
ldap:
domain: "ldap"
ports:
http: "17170"
ldaps: "6360"
subuid: "100999"
ca:
domain: "ca"
ports:
https: "9000"
subuid: "100999"
x509-exporter:
ports:
http: "9793"
subuid: "165533"
prometheus:
domain: "prometheus"
ports:
https: "9090"
subuid: "165533"
loki:
domain: "loki"
ports:
https: "3100"
subuid: "110000"
grafana:
domain: "grafana"
ports:
http: "3000"
subuid: "100471"
caddy:
ports:
http: "2080"
@@ -77,6 +84,8 @@ services:
domain: "authelia"
ports:
http: "9091"
redis:
subuid: "100998"
vaultwarden:
domain:
public: "vault"
@@ -89,6 +98,7 @@ services:
internal: "gitea.app"
ports:
http: "3000"
subuid: "100999"
immich:
domain:
public: "immich"
@@ -105,6 +115,7 @@ services:
internal: "budget.app"
ports:
http: "5006"
subuid: "101000"
paperless:
domain:
public: "paperless"
@@ -112,12 +123,14 @@ services:
ports:
http: "8001"
redis: "6380"
subuid: "100999"
vikunja:
domain:
public: "vikunja"
internal: "vikunja.app"
ports:
http: "3456"
subuid: "100999"
version:
packages:

6
ansible/roles/app/tasks/services/set_actual-budget.yaml
View File

@@ -1,13 +1,9 @@
---
- name: Set actual budget container subuid
ansible.builtin.set_fact:
actualbudget_subuid: "101000"
- name: Create actual budget directory
ansible.builtin.file:
path: "{{ node['home_path'] }}/data/containers/actual-budget"
state: "directory"
owner: "{{ actualbudget_subuid }}"
owner: "{{ services['actualbudget']['subuid'] }}"
group: "svadmins"
mode: "0770"
become: true

8
ansible/roles/app/tasks/services/set_gitea.yaml
View File

@@ -1,13 +1,9 @@
---
- name: Set gitea container subuid
ansible.builtin.set_fact:
gitea_subuid: "100999"
- name: Create gitea directory
ansible.builtin.file:
path: "{{ node['home_path'] }}/{{ item }}"
state: "directory"
owner: "{{ gitea_subuid }}"
owner: "{{ services['gitea']['subuid'] }}"
group: "svadmins"
mode: "0770"
loop:
@@ -21,7 +17,7 @@
content: |
{{ hostvars['console']['ca']['root']['crt'] }}
dest: "{{ node['home_path'] }}/containers/gitea/ssl/{{ root_cert_filename }}"
owner: "{{ gitea_subuid }}"
owner: "{{ services['gitea']['subuid'] }}"
group: "svadmins"
mode: "0440"
become: true

3
ansible/roles/app/tasks/services/set_immich.yaml
View File

@@ -2,13 +2,12 @@
- name: Set redis service name
ansible.builtin.set_fact:
redis_service: "immich"
redis_subuid: "100998"
- name: Create redis_immich directory
ansible.builtin.file:
path: "{{ node['home_path'] }}/{{ item }}"
state: "directory"
owner: "{{ redis_subuid }}"
owner: "{{ services['redis']['subuid'] }}"
group: "svadmins"
mode: "0770"
loop:

11
ansible/roles/app/tasks/services/set_paperless.yaml
View File

@@ -2,13 +2,12 @@
- name: Set redis service name
ansible.builtin.set_fact:
redis_service: "paperless"
redis_subuid: "100998"
- name: Create redis_paperless directory
ansible.builtin.file:
path: "{{ node['home_path'] }}/{{ item }}"
state: "directory"
owner: "{{ redis_subuid }}"
owner: "{{ services['redis']['subuid'] }}"
group: "svadmins"
mode: "0770"
loop:
@@ -44,15 +43,11 @@
scope: "user"
when: is_redis_conf.changed or is_redis_containerfile.changed # noqa: no-handler
- name: Set paperless subuid
ansible.builtin.set_fact:
paperless_subuid: "100999"
- name: Create paperless directory
ansible.builtin.file:
path: "{{ node['home_path'] }}/{{ item }}"
state: "directory"
owner: "{{ paperless_subuid }}"
owner: "{{ services['paperless']['subuid'] }}"
group: "svadmins"
mode: "0770"
loop:
@@ -70,7 +65,7 @@
content: |
{{ hostvars['console']['ca']['root']['crt'] }}
dest: "{{ node['home_path'] }}/containers/paperless/ssl/{{ root_cert_filename }}"
owner: "{{ paperless_subuid }}"
owner: "{{ services['paperless']['subuid'] }}"
group: "svadmins"
mode: "0440"
become: true

8
ansible/roles/app/tasks/services/set_vikunja.yaml
View File

@@ -1,13 +1,9 @@
---
- name: Set vikunja subuid
ansible.builtin.set_fact:
vikunja_subuid: "100999"
- name: Create vikunja directory
ansible.builtin.file:
path: "{{ node['home_path'] }}/{{ item }}"
state: "directory"
owner: "{{ vikunja_subuid }}"
owner: "{{ services['vikunja']['subuid'] }}"
group: "svadmins"
mode: "0770"
loop:
@@ -21,7 +17,7 @@
content: |
{{ hostvars['console']['ca']['root']['crt'] }}
dest: "{{ node['home_path'] }}/containers/vikunja/ssl/{{ root_cert_filename }}"
owner: "{{ vikunja_subuid }}"
owner: "{{ services['vikunja']['subuid'] }}"
group: "svadmins"
mode: "0440"
become: true

10
ansible/roles/infra/tasks/services/set_ca_server.yaml
View File

@@ -1,12 +1,8 @@
---
- name: Set ca container subuid
ansible.builtin.set_fact:
ca_subuid: "100999"
- name: Create ca directory
ansible.builtin.file:
path: "{{ node['home_path'] }}/containers/{{ item }}"
owner: "{{ ca_subuid }}"
owner: "{{ services['ca']['subuid'] }}"
group: "svadmins"
state: "directory"
mode: "0770"
@@ -32,7 +28,7 @@
ansible.builtin.template:
src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/ca/config/{{ item }}.j2"
dest: "{{ node['home_path'] }}/containers/ca/config/{{ item }}"
owner: "{{ ca_subuid }}"
owner: "{{ services['ca']['subuid'] }}"
group: "svadmins"
mode: "0400"
loop:
@@ -46,7 +42,7 @@
content: |
{{ item.value }}
dest: "{{ item.path }}/{{ item.name }}"
owner: "{{ ca_subuid }}"
owner: "{{ services['ca']['subuid'] }}"
group: "svadmins"
mode: "{{ item.mode }}"
loop:

12
ansible/roles/infra/tasks/services/set_grafana.yaml
View File

@@ -1,12 +1,8 @@
---
- name: Set grafana container subuid
ansible.builtin.set_fact:
grafana_subuid: "100471"
- name: Create grafana directory
ansible.builtin.file:
path: "{{ node['home_path'] }}/containers/{{ item }}"
owner: "{{ grafana_subuid }}"
owner: "{{ services['grafana']['subuid'] }}"
group: "svadmins"
state: "directory"
mode: "0770"
@@ -24,7 +20,7 @@
content: |
{{ hostvars['console']['ca']['root']['crt'] }}
dest: "{{ node['home_path'] }}/containers/grafana/ssl/{{ root_cert_filename }}"
owner: "{{ grafana_subuid }}"
owner: "{{ services['grafana']['subuid'] }}"
group: "svadmins"
mode: "0400"
become: true
@@ -51,7 +47,7 @@
ansible.builtin.template:
src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/grafana/etc/{{ item }}.j2"
dest: "{{ node['home_path'] }}/containers/grafana/etc/{{ item }}"
owner: "{{ grafana_subuid }}"
owner: "{{ services['grafana']['subuid'] }}"
group: "svadmins"
mode: "0400"
loop:
@@ -65,7 +61,7 @@
ansible.builtin.template:
src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/grafana/etc/provisioning/datasources/datasources.yaml.j2"
dest: "{{ node['home_path'] }}/containers/grafana/etc/provisioning/datasources/datasources.yaml"
owner: "{{ grafana_subuid }}"
owner: "{{ services['grafana']['subuid'] }}"
group: "svadmins"
mode: "0400"
become: true

8
ansible/roles/infra/tasks/services/set_ldap.yaml
View File

@@ -1,12 +1,8 @@
---
- name: Set ldap container subuid
ansible.builtin.set_fact:
ldap_subuid: "100999"
- name: Create ldap directory
ansible.builtin.file:
path: "{{ node['home_path'] }}/containers/{{ item }}"
owner: "{{ ldap_subuid }}"
owner: "{{ services['ldap']['subuid'] }}"
group: "svadmins"
state: "directory"
mode: "0770"
@@ -21,7 +17,7 @@
content: |
{{ item.value }}
dest: "{{ node['home_path'] }}/containers/ldap/ssl/{{ item.name }}"
owner: "{{ ldap_subuid }}"
owner: "{{ services['ldap']['subuid'] }}"
group: "svadmins"
mode: "{{ item.mode }}"
loop:

10
ansible/roles/infra/tasks/services/set_loki.yaml
View File

@@ -1,13 +1,9 @@
---
- name: Set loki container subuid
ansible.builtin.set_fact:
loki_subuid: "110000" # 10001
- name: Create loki directory
ansible.builtin.file:
path: "{{ node['home_path'] }}/containers/{{ item }}"
state: "directory"
owner: "{{ loki_subuid }}"
owner: "{{ services['loki']['subuid'] }}"
group: "svadmins"
mode: "0770"
loop:
@@ -21,7 +17,7 @@
ansible.builtin.template:
src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/loki/etc/loki.yaml.j2"
dest: "{{ node['home_path'] }}/containers/loki/etc/loki.yaml"
owner: "{{ loki_subuid }}"
owner: "{{ services['loki']['subuid'] }}"
group: "svadmins"
mode: "0600"
become: true
@@ -33,7 +29,7 @@
content: |
{{ item.value }}
dest: "{{ node['home_path'] }}/containers/loki/ssl/{{ item.name }}"
owner: "{{ loki_subuid }}"
owner: "{{ services['loki']['subuid'] }}"
group: "svadmins"
mode: "{{ item.mode }}"
loop:

14
ansible/roles/infra/tasks/services/set_postgresql.yaml
View File

@@ -1,8 +1,4 @@
---
- name: Set postgresql container subuid
ansible.builtin.set_fact:
postgresql_subuid: "100998"
- name: Set connected services list
ansible.builtin.set_fact:
connected_services:
@@ -19,7 +15,7 @@
ansible.builtin.file:
path: "{{ node['home_path'] }}/containers/{{ item }}"
state: "directory"
owner: "{{ postgresql_subuid }}"
owner: "{{ services['postgresql']['subuid'] }}"
group: "svadmins"
mode: "0770"
loop:
@@ -56,7 +52,7 @@
ansible.builtin.template:
src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/postgresql/config/{{ item }}.j2"
dest: "{{ node['home_path'] }}/containers/postgresql/config/{{ item }}"
owner: "{{ postgresql_subuid }}"
owner: "{{ services['postgresql']['subuid'] }}"
group: "svadmins"
mode: "0600"
loop:
@@ -71,7 +67,7 @@
content: |
{{ item.value }}
dest: "{{ node['home_path'] }}/containers/postgresql/ssl/{{ item.name }}"
owner: "{{ postgresql_subuid }}"
owner: "{{ services['postgresql']['subuid'] }}"
group: "svadmins"
mode: "{{ item.mode }}"
loop:
@@ -107,7 +103,7 @@
ansible.builtin.copy:
src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/postgresql/init/pg_cluster.sql"
dest: "{{ node['home_path'] }}/containers/postgresql/init/0_pg_cluster.sql"
owner: "{{ postgresql_subuid }}"
owner: "{{ services['postgresql']['subuid'] }}"
group: "svadmins"
mode: "0600"
@@ -115,7 +111,7 @@
ansible.builtin.copy:
src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/postgresql/init/pg_{{ item }}.sql"
dest: "{{ node['home_path'] }}/containers/postgresql/init/{{ index_num + 1 }}_pg_{{ item }}.sql"
owner: "{{ postgresql_subuid }}"
owner: "{{ services['postgresql']['subuid'] }}"
group: "svadmins"
mode: "0600"
loop: "{{ connected_services }}"

10
ansible/roles/infra/tasks/services/set_prometheus.yaml
View File

@@ -1,13 +1,9 @@
---
- name: Set prometheus container subuid
ansible.builtin.set_fact:
prometheus_subuid: "165533" # nobody - 65534
- name: Create prometheus directory
ansible.builtin.file:
path: "{{ node['home_path'] }}/containers/{{ item }}"
state: "directory"
owner: "{{ prometheus_subuid }}"
owner: "{{ services['prometheus']['subuid'] }}"
group: "svadmins"
mode: "0770"
loop:
@@ -21,7 +17,7 @@
ansible.builtin.template:
src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/prometheus/etc/{{ item }}.j2"
dest: "{{ node['home_path'] }}/containers/prometheus/etc/{{ item }}"
owner: "{{ prometheus_subuid }}"
owner: "{{ services['prometheus']['subuid'] }}"
group: "svadmins"
mode: "0600"
loop:
@@ -37,7 +33,7 @@
content: |
{{ item.value }}
dest: "{{ node['home_path'] }}/containers/prometheus/ssl/{{ item.name }}"
owner: "{{ prometheus_subuid }}"
owner: "{{ services['prometheus']['subuid'] }}"
group: "svadmins"
mode: "{{ item.mode }}"
loop:

8
ansible/roles/infra/tasks/services/set_x509-exporter.yaml
View File

@@ -1,13 +1,9 @@
---
- name: Set x509-exporter container subuid
ansible.builtin.set_fact:
x509_exporter_subuid: "165533" # nobody - 65534
- name: Create x509-exporter directory
ansible.builtin.file:
path: "{{ node['home_path'] }}/containers/{{ item }}"
state: "directory"
owner: "{{ x509_exporter_subuid }}"
owner: "{{ services['x509-exporter']['subuid'] }}"
group: "svadmins"
mode: "0770"
loop:
@@ -20,7 +16,7 @@
content: |
{{ item.value }}
dest: "{{ node['home_path'] }}/containers/x509-exporter/certs/{{ item.name }}"
owner: "{{ x509_exporter_subuid }}"
owner: "{{ services['x509-exporter']['subuid'] }}"
group: "svadmins"
mode: "0440"
loop: