diff --git a/host_vars/docker-test.grote.lan.yml b/host_vars/docker-test.grote.lan.yml index e5f759ff..ca27f266 100644 --- a/host_vars/docker-test.grote.lan.yml +++ b/host_vars/docker-test.grote.lan.yml @@ -6,6 +6,7 @@ dir_name: docker-homer repository_url: git.mgrote.net/mg/docker-homer state: present + os_username: mg git_branch: test - name: watchtower dir_name: docker-watchtower @@ -13,14 +14,12 @@ repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" state: present - - name: lazydocker - dir_name: docker-lazydocker - repository_url: git.mgrote.net/mg/docker-lazydocker - state: absent # danach löschen + os_username: mg - name: munin-master-test dir_name: docker-munin-master-test repository_url: git.mgrote.net/mg/docker-munin-master_test state: present + os_username: mg ### geerlingguy.munin-node munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift munin_node_allowed_ips: # weil der munin-server aus einem anderen subnet zugreift diff --git a/host_vars/docker2.grote.lan.yml b/host_vars/docker2.grote.lan.yml index fc855ca0..ef2de946 100644 --- a/host_vars/docker2.grote.lan.yml +++ b/host_vars/docker2.grote.lan.yml @@ -5,20 +5,24 @@ dir_name: docker-munin-master repository_url: git.mgrote.net/mg/docker-munin-master_production state: present + os_username: mg - name: watchtower dir_name: docker-watchtower repository_url: git.mgrote.net/mg/docker-watchtower state: present + os_username: mg - name: homer dir_name: docker-homer repository_url: git.mgrote.net/mg/docker-homer state: present + os_username: mg - name: unifi-controller dir_name: docker-unifi-controller repository_url: git.mgrote.net/mg/docker-unifi-controller repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" state: present + os_username: mg ### geerlingguy.munin-node munin_node_allowed_cidrs: [0.0.0.0/0] # weil der munin-server aus einem anderen subnet zugreift munin_node_allowed_ips: # weil der munin-server aus einem anderen subnet zugreift diff --git a/host_vars/docker3.grote.lan.yml b/host_vars/docker3.grote.lan.yml index cfba08c1..23badf83 100644 --- a/host_vars/docker3.grote.lan.yml +++ b/host_vars/docker3.grote.lan.yml @@ -7,18 +7,21 @@ repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" state: present + os_username: mg - name: navidrome-mg dir_name: docker-navidrome-mg repository_url: git.mgrote.net/mg/docker-navidrome-mg repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" state: present + os_username: mg - name: nightscout dir_name: docker-nightscout repository_url: git.mgrote.net/mg/docker-nightscout repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" state: present + os_username: mg - name: traefik dir_name: docker-traefik repository_url: git.mgrote.net/mg/docker-traefik @@ -26,10 +29,12 @@ repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" network_name: nw_proxy_traefik state: present + os_username: mg - name: watchtower dir_name: docker-watchtower repository_url: git.mgrote.net/mg/docker-watchtower state: present + os_username: mg ### mgrote.restic restic_folders_to_backup: /usr/local /etc /root /home /var/lib/docker diff --git a/host_vars/docker4.grote.lan.yml b/host_vars/docker4.grote.lan.yml index be5cbd08..78889ef9 100644 --- a/host_vars/docker4.grote.lan.yml +++ b/host_vars/docker4.grote.lan.yml @@ -5,14 +5,17 @@ dir_name: docker-watchtower repository_url: git.mgrote.net/mg/docker-watchtower state: present + os_username: mg - name: ansible-ara dir_name: docker-ansible-ara repository_url: git.mgrote.net/mg/docker-ansible-ara state: present + os_username: mg - name: photoprism # wird der container woanders hin verschoben restic ausnahmen wieder eintrage, oder /var/lib/docker aus restic entfernen dir_name: docker-photoprism repository_url: git.mgrote.net/mg/docker-photoprism state: present + os_username: mg repository_user: mg repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" diff --git a/roles/mgrote.docker-compose-deploy/README.md b/roles/mgrote.docker-compose-deploy/README.md index 6bb5c0d2..b19daf08 100644 --- a/roles/mgrote.docker-compose-deploy/README.md +++ b/roles/mgrote.docker-compose-deploy/README.md @@ -22,6 +22,7 @@ docker_compose_projects: network_name: homer-network # docker-network to create; optional; just dont let it empty, remove it state: present|absent # should the project be present or absent? git_branch: master # branch to checkout; optional; just dont let it empty, remove it + os_username: mg # user who should get permissions on the directory ``` diff --git a/roles/mgrote.docker-compose-deploy/tasks/dockercompose-up.yml b/roles/mgrote.docker-compose-deploy/tasks/dockercompose-up.yml index c04c09e3..b3e27379 100644 --- a/roles/mgrote.docker-compose-deploy/tasks/dockercompose-up.yml +++ b/roles/mgrote.docker-compose-deploy/tasks/dockercompose-up.yml @@ -32,6 +32,14 @@ version: "{{ item.git_branch | default ('master') }}" register: repo + - name: set owner recursive for repo + file: + path: "{{ project_dir }}" + owner: "{{ item.os_username }}" + group: "{{ item.os_username }}" + recurse: yes + when: repo is changed + - name: create networks - "{{ item.name }}" ansible.builtin.shell: "docker network create {{ item.network_name }}" # erstelle network when: "item.network_name is defined" # wenn network_name definiert ist