move apt-cacher-ng to docker (#507)

Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: #507
2023-04-18 14:57:21 +02:00 · 2023-04-18 14:57:21 +02:00 · 60a954a705
commit 60a954a705
parent 817a40564b
12 changed files with 30 additions and 73 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -12,7 +12,7 @@ steps:
  - name: lint
    image: pipelinecomponents/ansible-lint
    environment:
-      http_proxy: http://acng2.grote.lan:9999
+      http_proxy: http://docker10.grote.lan:9999
      DEBIAN_FRONTEND: noninteractive
    commands:
      - ansible-lint --show-relpath  .
--- a/docker-compose/acng/docker-compose.yml.j2
+++ b/docker-compose/acng/docker-compose.yml.j2
@ -0,0 +1,20 @@
+version: '3'
+services:
+  apt-cacher-ng:
+    container_name: apt-cacher-ng
+    restart: always
+    image: quotengrote/apt-cacher-ng:master
+    ports:
+      - "9999:9999"
+    volumes:
+      - cache:/var/cache/apt-cacher-ng
+    environment:
+      USER: acng-admin
+      PASS: {{ lookup('keepass', 'acng_webinterface', 'password') }}
+      VERBOSE: 1 # 0/1
+      THRESHOLD: 60 # package housekeeping threshold
+    labels:
+      - com.centurylinklabs.watchtower.enable=true
+
+volumes:
+  cache:
--- a/docker-compose/blocky/docker-compose.yml.j2
+++ b/docker-compose/blocky/docker-compose.yml.j2
@ -12,5 +12,7 @@ services:
    volumes:
      # config file
      - ./config.yml:/app/config.yml
+    labels:
+      - com.centurylinklabs.watchtower.enable=true

 # kann mit dig @192.168.2.43 -p 54 alternate.de getestet werden
--- a/docker-compose/homer/assets/mgmt.yml
+++ b/docker-compose/homer/assets/mgmt.yml
@ -38,7 +38,7 @@ services:
    items:
      - name: "Apt-Cacher-NG"
        logo: "assets/icons/acng.jpg"
-        url: "http://acng2.grote.lan:9999/acng-report.html"
+        url: "http://docker10.grote.lan:9999/acng-report.html"
        target: "_blank"
        subtitle: "apt"
      - name: "gitea"
--- a/docker-compose/oxidized/docker-compose.yml.j2
+++ b/docker-compose/oxidized/docker-compose.yml.j2
@ -14,7 +14,7 @@ services:
      - ./ssh:/ssh/
      - oxidized:/var/lib/oxidized
    labels:
-      - com.centurylinklabs.watchtower.enable=true
+      - com.centurylinklabs.watchtower.enable=false

 ######## Volumes ########
 volumes:
--- a/group_vars/acng.yml
+++ b/group_vars/acng.yml
@ -1,60 +0,0 @@
---
-  ### PROXMOX
-  # acng2 ist ein LXC-Container; der Container ist "privileged" damit der Bind-Mount die richtigen Rechte bekommt
-
-  ### mgrote.apt_manage_sources
-  manage_sources_apt_proxy: "" # weil der Apt-Cacher-NG sich nicht selbst als Quelle nehmen kann
-
-  ### oefenweb.ufw
-  ufw_rules:
-    - rule: allow
-      to_port: 22
-      protocol: tcp
-      comment: 'ssh'
-      from_ip: 0.0.0.0/0
-    - rule: allow
-      to_port: 4949
-      protocol: tcp
-      comment: 'munin'
-      from_ip: 192.168.2.144/24
-    - rule: allow
-      to_port: "{{ acng_server_port }}"
-      comment: 'acng'
-      from_ip: 0.0.0.0/0
-  ### mgrote.acng
-  acng_server_port: 9999
-  acng_server_exthreshold: "60" #hebt Pakete 60 Tage auf
-  acng_server_auth_user: acngadmin
-  acng_server_auth_pass: "{{ lookup('keepass', 'acng_webinterface', 'password') }}"
-  ### mgrote.munin-node
-  munin_node_plugins:
-    - name: timesync
-      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
-    - name: systemd_status
-      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
-    - name: systemd_mem
-      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
-      config: |
-        [systemd_mem]
-        env.all_services true
-    - name: fail2ban
-      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
-      config: |
-        [fail2ban]
-        env.client /usr/bin/fail2ban-client
-        env.config_dir /etc/fail2ban
-        user root
-    - name: acng
-      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/apt/acng
-      config: |
-        env.logfile /var/log/apt-cacher-ng/apt-cacher.log
-    - name: http_response
-      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
-      config: |
-        [http_response]
-        env.sites http://acng2.grote.lan:9999/acng-report.html
-        env.max_time 20
-        env.short_label true
-        env.follow_redirect true
-  munin_node_disabled_plugins:
-    - name: lvm_
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -114,7 +114,7 @@
  postfix_smtp_server_port: 587
  postfix_smtp_use_tls: "yes"
  ### mgrote.apt_manage_sources
-  manage_sources_apt_proxy: "acng2.grote.lan:9999"
+  manage_sources_apt_proxy: "docker10.grote.lan:9999"
  ### mgrote.tmux
  tmux_conf_destination: "/home/mg/.tmux.conf"
  tmux_bashrc_destination: "/home/mg/.bashrc"
--- a/group_vars/fileserver.yml
+++ b/group_vars/fileserver.yml
@ -54,7 +54,6 @@
    - https://github.com/rclone/rclone/releases/download/v1.59.2/rclone-v1.59.2-linux-amd64.deb
    - http://docker10.grote.lan:3344/bash-helper-scripts-mgrote-latest.deb

---
  ### mgrote.youtubedl
  ytdl_dl_url: "https://github.com/yt-dlp/yt-dlp/releases/latest/download/yt-dlp"
  ytdl_timer: "Tue,Sat 03:00"
--- a/host_vars/docker10.grote.lan.yml
+++ b/host_vars/docker10.grote.lan.yml
@ -53,7 +53,8 @@
      state: present
    - name: blocky
      state: present
-
+    - name: acng
+      state: present
  ### oefenweb.ufw
  ufw_rules:
    - rule: allow
@ -131,7 +132,7 @@
      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
      config: |
        [http_response]
-        env.sites http://docker10.grote.lan:333 http://docker10.grote.lan:8888/nodes http://docker10.grote.lan:1234 https://nextcloud.mgrote.net  http://docker10.grote.lan:2342 http://docker10.grote.lan:8000/login  http://docker10.grote.lan:3344  http://docker10.grote.lan:5000 https://miniflux.mgrote.net/ http://docker10.grote.lan:3001 http://docker10.grote.lan:8081
+        env.sites http://docker10.grote.lan:333 http://docker10.grote.lan:8888/nodes http://docker10.grote.lan:1234 https://nextcloud.mgrote.net  http://docker10.grote.lan:2342 http://docker10.grote.lan:8000/login  http://docker10.grote.lan:3344  http://docker10.grote.lan:5000 https://miniflux.mgrote.net/ http://docker10.grote.lan:3001 http://docker10.grote.lan:8081 http://docker10.grote.lan:9999/acng-report.html
        env.max_time 20
        env.short_label true
        env.follow_redirect true
--- a/4
+++ b/4
@ -6,9 +6,6 @@ all:
    fileserver:
      hosts:
        fileserver3.grote.lan:
-    acng:
-      hosts:
-        acng2.grote.lan:
    ansible:
      hosts:
        ansible2.grote.lan:
@ -33,7 +30,6 @@ all:
      hosts:
        dokuwiki2.grote.lan:
        fileserver3.grote.lan:
-        acng2.grote.lan:
        ansible2.grote.lan:
        pve5.grote.lan:
        gitea.grote.lan:
--- a/playbooks/base/apt_sources.yml
+++ b/playbooks/base/apt_sources.yml
@ -3,4 +3,3 @@
    roles:
      - role: mgrote.apt_manage_sources
        tags: "apt_sources"
-        when: "not 'acng2.grote.lan' in inventory_hostname"
--- a/roles/mgrote.apt_manage_sources/defaults/main.yml
+++ b/roles/mgrote.apt_manage_sources/defaults/main.yml
@ -3,7 +3,7 @@
  manage_sources_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg # url zum key für no-subscription-repo
  manage_sources_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg # pfad lokal zum key für no-subscription-repo
  manage_sources_apt_repo_no_subscription: deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription # url zum für no-subscription-repo, manage_sources_apt_proxy_url wird aus der variable entnommen
-  manage_sources_apt_proxy: acng2.grote.lan:9999 # url+Port vom proxy
+  manage_sources_apt_proxy: docker10.grote.lan:9999 # url+Port vom proxy
 #  manage_sources_extra_repos: # Extra Repositories
 #    - name: vivaldi # optional
 #      url: deb [arch=amd64] https://repo.vivaldi.com/stable/deb/ stable main