diff --git a/ansible/inventory/group_vars/all.yaml b/ansible/inventory/group_vars/all.yaml index bcb06e0..d3908ed 100644 --- a/ansible/inventory/group_vars/all.yaml +++ b/ansible/inventory/group_vars/all.yaml @@ -37,30 +37,37 @@ services: domain: "postgresql" ports: tcp: "5432" # postgresql db connection port + subuid: "100998" ldap: domain: "ldap" ports: http: "17170" ldaps: "6360" + subuid: "100999" ca: domain: "ca" ports: https: "9000" + subuid: "100999" x509-exporter: ports: http: "9793" + subuid: "165533" prometheus: domain: "prometheus" ports: https: "9090" + subuid: "165533" loki: domain: "loki" ports: https: "3100" + subuid: "110000" grafana: domain: "grafana" ports: http: "3000" + subuid: "100471" caddy: ports: http: "2080" @@ -77,6 +84,8 @@ services: domain: "authelia" ports: http: "9091" + redis: + subuid: "100998" vaultwarden: domain: public: "vault" @@ -89,6 +98,7 @@ services: internal: "gitea.app" ports: http: "3000" + subuid: "100999" immich: domain: public: "immich" @@ -105,6 +115,7 @@ services: internal: "budget.app" ports: http: "5006" + subuid: "101000" paperless: domain: public: "paperless" @@ -112,12 +123,14 @@ services: ports: http: "8001" redis: "6380" + subuid: "100999" vikunja: domain: public: "vikunja" internal: "vikunja.app" ports: http: "3456" + subuid: "100999" version: packages: diff --git a/ansible/roles/app/tasks/services/set_actual-budget.yaml b/ansible/roles/app/tasks/services/set_actual-budget.yaml index fab40e3..5cbf9b6 100644 --- a/ansible/roles/app/tasks/services/set_actual-budget.yaml +++ b/ansible/roles/app/tasks/services/set_actual-budget.yaml @@ -1,13 +1,9 @@ --- -- name: Set actual budget container subuid - ansible.builtin.set_fact: - actualbudget_subuid: "101000" - - name: Create actual budget directory ansible.builtin.file: path: "{{ node['home_path'] }}/data/containers/actual-budget" state: "directory" - owner: "{{ actualbudget_subuid }}" + owner: "{{ services['actualbudget']['subuid'] }}" group: "svadmins" mode: "0770" become: true diff --git a/ansible/roles/app/tasks/services/set_gitea.yaml b/ansible/roles/app/tasks/services/set_gitea.yaml index 1bc7a7e..00ebe2b 100644 --- a/ansible/roles/app/tasks/services/set_gitea.yaml +++ b/ansible/roles/app/tasks/services/set_gitea.yaml @@ -1,13 +1,9 @@ --- -- name: Set gitea container subuid - ansible.builtin.set_fact: - gitea_subuid: "100999" - - name: Create gitea directory ansible.builtin.file: path: "{{ node['home_path'] }}/{{ item }}" state: "directory" - owner: "{{ gitea_subuid }}" + owner: "{{ services['gitea']['subuid'] }}" group: "svadmins" mode: "0770" loop: @@ -21,7 +17,7 @@ content: | {{ hostvars['console']['ca']['root']['crt'] }} dest: "{{ node['home_path'] }}/containers/gitea/ssl/{{ root_cert_filename }}" - owner: "{{ gitea_subuid }}" + owner: "{{ services['gitea']['subuid'] }}" group: "svadmins" mode: "0440" become: true diff --git a/ansible/roles/app/tasks/services/set_immich.yaml b/ansible/roles/app/tasks/services/set_immich.yaml index 7c4e881..c62607d 100644 --- a/ansible/roles/app/tasks/services/set_immich.yaml +++ b/ansible/roles/app/tasks/services/set_immich.yaml @@ -2,13 +2,12 @@ - name: Set redis service name ansible.builtin.set_fact: redis_service: "immich" - redis_subuid: "100998" - name: Create redis_immich directory ansible.builtin.file: path: "{{ node['home_path'] }}/{{ item }}" state: "directory" - owner: "{{ redis_subuid }}" + owner: "{{ services['redis']['subuid'] }}" group: "svadmins" mode: "0770" loop: diff --git a/ansible/roles/app/tasks/services/set_paperless.yaml b/ansible/roles/app/tasks/services/set_paperless.yaml index d9f1c6e..2fcd20d 100644 --- a/ansible/roles/app/tasks/services/set_paperless.yaml +++ b/ansible/roles/app/tasks/services/set_paperless.yaml @@ -2,13 +2,12 @@ - name: Set redis service name ansible.builtin.set_fact: redis_service: "paperless" - redis_subuid: "100998" - name: Create redis_paperless directory ansible.builtin.file: path: "{{ node['home_path'] }}/{{ item }}" state: "directory" - owner: "{{ redis_subuid }}" + owner: "{{ services['redis']['subuid'] }}" group: "svadmins" mode: "0770" loop: @@ -44,15 +43,11 @@ scope: "user" when: is_redis_conf.changed or is_redis_containerfile.changed # noqa: no-handler -- name: Set paperless subuid - ansible.builtin.set_fact: - paperless_subuid: "100999" - - name: Create paperless directory ansible.builtin.file: path: "{{ node['home_path'] }}/{{ item }}" state: "directory" - owner: "{{ paperless_subuid }}" + owner: "{{ services['paperless']['subuid'] }}" group: "svadmins" mode: "0770" loop: @@ -70,7 +65,7 @@ content: | {{ hostvars['console']['ca']['root']['crt'] }} dest: "{{ node['home_path'] }}/containers/paperless/ssl/{{ root_cert_filename }}" - owner: "{{ paperless_subuid }}" + owner: "{{ services['paperless']['subuid'] }}" group: "svadmins" mode: "0440" become: true diff --git a/ansible/roles/app/tasks/services/set_vikunja.yaml b/ansible/roles/app/tasks/services/set_vikunja.yaml index 45d9ca7..422cf1f 100644 --- a/ansible/roles/app/tasks/services/set_vikunja.yaml +++ b/ansible/roles/app/tasks/services/set_vikunja.yaml @@ -1,13 +1,9 @@ --- -- name: Set vikunja subuid - ansible.builtin.set_fact: - vikunja_subuid: "100999" - - name: Create vikunja directory ansible.builtin.file: path: "{{ node['home_path'] }}/{{ item }}" state: "directory" - owner: "{{ vikunja_subuid }}" + owner: "{{ services['vikunja']['subuid'] }}" group: "svadmins" mode: "0770" loop: @@ -21,7 +17,7 @@ content: | {{ hostvars['console']['ca']['root']['crt'] }} dest: "{{ node['home_path'] }}/containers/vikunja/ssl/{{ root_cert_filename }}" - owner: "{{ vikunja_subuid }}" + owner: "{{ services['vikunja']['subuid'] }}" group: "svadmins" mode: "0440" become: true diff --git a/ansible/roles/infra/tasks/services/set_ca_server.yaml b/ansible/roles/infra/tasks/services/set_ca_server.yaml index 5e3df71..6e20880 100644 --- a/ansible/roles/infra/tasks/services/set_ca_server.yaml +++ b/ansible/roles/infra/tasks/services/set_ca_server.yaml @@ -1,12 +1,8 @@ --- -- name: Set ca container subuid - ansible.builtin.set_fact: - ca_subuid: "100999" - - name: Create ca directory ansible.builtin.file: path: "{{ node['home_path'] }}/containers/{{ item }}" - owner: "{{ ca_subuid }}" + owner: "{{ services['ca']['subuid'] }}" group: "svadmins" state: "directory" mode: "0770" @@ -32,7 +28,7 @@ ansible.builtin.template: src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/ca/config/{{ item }}.j2" dest: "{{ node['home_path'] }}/containers/ca/config/{{ item }}" - owner: "{{ ca_subuid }}" + owner: "{{ services['ca']['subuid'] }}" group: "svadmins" mode: "0400" loop: @@ -46,7 +42,7 @@ content: | {{ item.value }} dest: "{{ item.path }}/{{ item.name }}" - owner: "{{ ca_subuid }}" + owner: "{{ services['ca']['subuid'] }}" group: "svadmins" mode: "{{ item.mode }}" loop: diff --git a/ansible/roles/infra/tasks/services/set_grafana.yaml b/ansible/roles/infra/tasks/services/set_grafana.yaml index a2ca8be..c833451 100644 --- a/ansible/roles/infra/tasks/services/set_grafana.yaml +++ b/ansible/roles/infra/tasks/services/set_grafana.yaml @@ -1,12 +1,8 @@ --- -- name: Set grafana container subuid - ansible.builtin.set_fact: - grafana_subuid: "100471" - - name: Create grafana directory ansible.builtin.file: path: "{{ node['home_path'] }}/containers/{{ item }}" - owner: "{{ grafana_subuid }}" + owner: "{{ services['grafana']['subuid'] }}" group: "svadmins" state: "directory" mode: "0770" @@ -24,7 +20,7 @@ content: | {{ hostvars['console']['ca']['root']['crt'] }} dest: "{{ node['home_path'] }}/containers/grafana/ssl/{{ root_cert_filename }}" - owner: "{{ grafana_subuid }}" + owner: "{{ services['grafana']['subuid'] }}" group: "svadmins" mode: "0400" become: true @@ -51,7 +47,7 @@ ansible.builtin.template: src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/grafana/etc/{{ item }}.j2" dest: "{{ node['home_path'] }}/containers/grafana/etc/{{ item }}" - owner: "{{ grafana_subuid }}" + owner: "{{ services['grafana']['subuid'] }}" group: "svadmins" mode: "0400" loop: @@ -65,7 +61,7 @@ ansible.builtin.template: src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/grafana/etc/provisioning/datasources/datasources.yaml.j2" dest: "{{ node['home_path'] }}/containers/grafana/etc/provisioning/datasources/datasources.yaml" - owner: "{{ grafana_subuid }}" + owner: "{{ services['grafana']['subuid'] }}" group: "svadmins" mode: "0400" become: true diff --git a/ansible/roles/infra/tasks/services/set_ldap.yaml b/ansible/roles/infra/tasks/services/set_ldap.yaml index 52b9929..d236f3d 100644 --- a/ansible/roles/infra/tasks/services/set_ldap.yaml +++ b/ansible/roles/infra/tasks/services/set_ldap.yaml @@ -1,12 +1,8 @@ --- -- name: Set ldap container subuid - ansible.builtin.set_fact: - ldap_subuid: "100999" - - name: Create ldap directory ansible.builtin.file: path: "{{ node['home_path'] }}/containers/{{ item }}" - owner: "{{ ldap_subuid }}" + owner: "{{ services['ldap']['subuid'] }}" group: "svadmins" state: "directory" mode: "0770" @@ -21,7 +17,7 @@ content: | {{ item.value }} dest: "{{ node['home_path'] }}/containers/ldap/ssl/{{ item.name }}" - owner: "{{ ldap_subuid }}" + owner: "{{ services['ldap']['subuid'] }}" group: "svadmins" mode: "{{ item.mode }}" loop: diff --git a/ansible/roles/infra/tasks/services/set_loki.yaml b/ansible/roles/infra/tasks/services/set_loki.yaml index 48a597c..8ba8346 100644 --- a/ansible/roles/infra/tasks/services/set_loki.yaml +++ b/ansible/roles/infra/tasks/services/set_loki.yaml @@ -1,13 +1,9 @@ --- -- name: Set loki container subuid - ansible.builtin.set_fact: - loki_subuid: "110000" # 10001 - - name: Create loki directory ansible.builtin.file: path: "{{ node['home_path'] }}/containers/{{ item }}" state: "directory" - owner: "{{ loki_subuid }}" + owner: "{{ services['loki']['subuid'] }}" group: "svadmins" mode: "0770" loop: @@ -21,7 +17,7 @@ ansible.builtin.template: src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/loki/etc/loki.yaml.j2" dest: "{{ node['home_path'] }}/containers/loki/etc/loki.yaml" - owner: "{{ loki_subuid }}" + owner: "{{ services['loki']['subuid'] }}" group: "svadmins" mode: "0600" become: true @@ -33,7 +29,7 @@ content: | {{ item.value }} dest: "{{ node['home_path'] }}/containers/loki/ssl/{{ item.name }}" - owner: "{{ loki_subuid }}" + owner: "{{ services['loki']['subuid'] }}" group: "svadmins" mode: "{{ item.mode }}" loop: diff --git a/ansible/roles/infra/tasks/services/set_postgresql.yaml b/ansible/roles/infra/tasks/services/set_postgresql.yaml index 8e3593d..541613c 100644 --- a/ansible/roles/infra/tasks/services/set_postgresql.yaml +++ b/ansible/roles/infra/tasks/services/set_postgresql.yaml @@ -1,8 +1,4 @@ --- -- name: Set postgresql container subuid - ansible.builtin.set_fact: - postgresql_subuid: "100998" - - name: Set connected services list ansible.builtin.set_fact: connected_services: @@ -19,7 +15,7 @@ ansible.builtin.file: path: "{{ node['home_path'] }}/containers/{{ item }}" state: "directory" - owner: "{{ postgresql_subuid }}" + owner: "{{ services['postgresql']['subuid'] }}" group: "svadmins" mode: "0770" loop: @@ -56,7 +52,7 @@ ansible.builtin.template: src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/postgresql/config/{{ item }}.j2" dest: "{{ node['home_path'] }}/containers/postgresql/config/{{ item }}" - owner: "{{ postgresql_subuid }}" + owner: "{{ services['postgresql']['subuid'] }}" group: "svadmins" mode: "0600" loop: @@ -71,7 +67,7 @@ content: | {{ item.value }} dest: "{{ node['home_path'] }}/containers/postgresql/ssl/{{ item.name }}" - owner: "{{ postgresql_subuid }}" + owner: "{{ services['postgresql']['subuid'] }}" group: "svadmins" mode: "{{ item.mode }}" loop: @@ -107,7 +103,7 @@ ansible.builtin.copy: src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/postgresql/init/pg_cluster.sql" dest: "{{ node['home_path'] }}/containers/postgresql/init/0_pg_cluster.sql" - owner: "{{ postgresql_subuid }}" + owner: "{{ services['postgresql']['subuid'] }}" group: "svadmins" mode: "0600" @@ -115,7 +111,7 @@ ansible.builtin.copy: src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/postgresql/init/pg_{{ item }}.sql" dest: "{{ node['home_path'] }}/containers/postgresql/init/{{ index_num + 1 }}_pg_{{ item }}.sql" - owner: "{{ postgresql_subuid }}" + owner: "{{ services['postgresql']['subuid'] }}" group: "svadmins" mode: "0600" loop: "{{ connected_services }}" diff --git a/ansible/roles/infra/tasks/services/set_prometheus.yaml b/ansible/roles/infra/tasks/services/set_prometheus.yaml index 74cbc11..67b03bf 100644 --- a/ansible/roles/infra/tasks/services/set_prometheus.yaml +++ b/ansible/roles/infra/tasks/services/set_prometheus.yaml @@ -1,13 +1,9 @@ --- -- name: Set prometheus container subuid - ansible.builtin.set_fact: - prometheus_subuid: "165533" # nobody - 65534 - - name: Create prometheus directory ansible.builtin.file: path: "{{ node['home_path'] }}/containers/{{ item }}" state: "directory" - owner: "{{ prometheus_subuid }}" + owner: "{{ services['prometheus']['subuid'] }}" group: "svadmins" mode: "0770" loop: @@ -21,7 +17,7 @@ ansible.builtin.template: src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/prometheus/etc/{{ item }}.j2" dest: "{{ node['home_path'] }}/containers/prometheus/etc/{{ item }}" - owner: "{{ prometheus_subuid }}" + owner: "{{ services['prometheus']['subuid'] }}" group: "svadmins" mode: "0600" loop: @@ -37,7 +33,7 @@ content: | {{ item.value }} dest: "{{ node['home_path'] }}/containers/prometheus/ssl/{{ item.name }}" - owner: "{{ prometheus_subuid }}" + owner: "{{ services['prometheus']['subuid'] }}" group: "svadmins" mode: "{{ item.mode }}" loop: diff --git a/ansible/roles/infra/tasks/services/set_x509-exporter.yaml b/ansible/roles/infra/tasks/services/set_x509-exporter.yaml index 7d1a1d8..c4db32b 100644 --- a/ansible/roles/infra/tasks/services/set_x509-exporter.yaml +++ b/ansible/roles/infra/tasks/services/set_x509-exporter.yaml @@ -1,13 +1,9 @@ --- -- name: Set x509-exporter container subuid - ansible.builtin.set_fact: - x509_exporter_subuid: "165533" # nobody - 65534 - - name: Create x509-exporter directory ansible.builtin.file: path: "{{ node['home_path'] }}/containers/{{ item }}" state: "directory" - owner: "{{ x509_exporter_subuid }}" + owner: "{{ services['x509-exporter']['subuid'] }}" group: "svadmins" mode: "0770" loop: @@ -20,7 +16,7 @@ content: | {{ item.value }} dest: "{{ node['home_path'] }}/containers/x509-exporter/certs/{{ item.name }}" - owner: "{{ x509_exporter_subuid }}" + owner: "{{ services['x509-exporter']['subuid'] }}" group: "svadmins" mode: "0440" loop: