move apt-cacher-ng to docker (#507)

Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: #507

.drone.yml

@@ -12,7 +12,7 @@ steps:
   - name: lint
     image: pipelinecomponents/ansible-lint
     environment:
-      http_proxy: http://acng2.grote.lan:9999
+      http_proxy: http://docker10.grote.lan:9999
       DEBIAN_FRONTEND: noninteractive
     commands:
       - ansible-lint --show-relpath  .

docker-compose/acng/docker-compose.yml.j2

@@ -0,0 +1,20 @@
+version: '3'
+services:
+  apt-cacher-ng:
+    container_name: apt-cacher-ng
+    restart: always
+    image: quotengrote/apt-cacher-ng:master
+    ports:
+      - "9999:9999"
+    volumes:
+      - cache:/var/cache/apt-cacher-ng
+    environment:
+      USER: acng-admin
+      PASS: {{ lookup('keepass', 'acng_webinterface', 'password') }}
+      VERBOSE: 1 # 0/1
+      THRESHOLD: 60 # package housekeeping threshold
+    labels:
+      - com.centurylinklabs.watchtower.enable=true
+
+volumes:
+  cache:

docker-compose/blocky/docker-compose.yml.j2

@@ -12,5 +12,7 @@ services:
     volumes:
       # config file
       - ./config.yml:/app/config.yml
+    labels:
+      - com.centurylinklabs.watchtower.enable=true
 
 # kann mit dig @192.168.2.43 -p 54 alternate.de getestet werden

docker-compose/homer/assets/mgmt.yml

@@ -38,7 +38,7 @@ services:
     items:
       - name: "Apt-Cacher-NG"
         logo: "assets/icons/acng.jpg"
-        url: "http://acng2.grote.lan:9999/acng-report.html"
+        url: "http://docker10.grote.lan:9999/acng-report.html"
         target: "_blank"
         subtitle: "apt"
       - name: "gitea"

docker-compose/oxidized/docker-compose.yml.j2

@@ -14,7 +14,7 @@ services:
       - ./ssh:/ssh/
       - oxidized:/var/lib/oxidized
     labels:
-      - com.centurylinklabs.watchtower.enable=true
+      - com.centurylinklabs.watchtower.enable=false
 
 ######## Volumes ########
 volumes:

group_vars/acng.yml

@@ -1,60 +0,0 @@
----
-  ### PROXMOX
-  # acng2 ist ein LXC-Container; der Container ist "privileged" damit der Bind-Mount die richtigen Rechte bekommt
-
-  ### mgrote.apt_manage_sources
-  manage_sources_apt_proxy: "" # weil der Apt-Cacher-NG sich nicht selbst als Quelle nehmen kann
-
-  ### oefenweb.ufw
-  ufw_rules:
-    - rule: allow
-      to_port: 22
-      protocol: tcp
-      comment: 'ssh'
-      from_ip: 0.0.0.0/0
-    - rule: allow
-      to_port: 4949
-      protocol: tcp
-      comment: 'munin'
-      from_ip: 192.168.2.144/24
-    - rule: allow
-      to_port: "{{ acng_server_port }}"
-      comment: 'acng'
-      from_ip: 0.0.0.0/0
-  ### mgrote.acng
-  acng_server_port: 9999
-  acng_server_exthreshold: "60" #hebt Pakete 60 Tage auf
-  acng_server_auth_user: acngadmin
-  acng_server_auth_pass: "{{ lookup('keepass', 'acng_webinterface', 'password') }}"
-  ### mgrote.munin-node
-  munin_node_plugins:
-    - name: timesync
-      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
-    - name: systemd_status
-      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
-    - name: systemd_mem
-      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
-      config: |
-        [systemd_mem]
-        env.all_services true
-    - name: fail2ban
-      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
-      config: |
-        [fail2ban]
-        env.client /usr/bin/fail2ban-client
-        env.config_dir /etc/fail2ban
-        user root
-    - name: acng
-      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/apt/acng
-      config: |
-        env.logfile /var/log/apt-cacher-ng/apt-cacher.log
-    - name: http_response
-      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
-      config: |
-        [http_response]
-        env.sites http://acng2.grote.lan:9999/acng-report.html
-        env.max_time 20
-        env.short_label true
-        env.follow_redirect true
-  munin_node_disabled_plugins:
-    - name: lvm_

group_vars/all.yml

@@ -114,7 +114,7 @@
   postfix_smtp_server_port: 587
   postfix_smtp_use_tls: "yes"
   ### mgrote.apt_manage_sources
-  manage_sources_apt_proxy: "acng2.grote.lan:9999"
+  manage_sources_apt_proxy: "docker10.grote.lan:9999"
   ### mgrote.tmux
   tmux_conf_destination: "/home/mg/.tmux.conf"
   tmux_bashrc_destination: "/home/mg/.bashrc"

group_vars/fileserver.yml

@@ -54,7 +54,6 @@
     - https://github.com/rclone/rclone/releases/download/v1.59.2/rclone-v1.59.2-linux-amd64.deb
     - http://docker10.grote.lan:3344/bash-helper-scripts-mgrote-latest.deb
 
----
   ### mgrote.youtubedl
   ytdl_dl_url: "https://github.com/yt-dlp/yt-dlp/releases/latest/download/yt-dlp"
   ytdl_timer: "Tue,Sat 03:00"

host_vars/docker10.grote.lan.yml

@@ -53,7 +53,8 @@
       state: present
     - name: blocky
       state: present
-
+    - name: acng
+      state: present
   ### oefenweb.ufw
   ufw_rules:
     - rule: allow
@@ -131,7 +132,7 @@
       src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
       config: |
         [http_response]
-        env.sites http://docker10.grote.lan:333 http://docker10.grote.lan:8888/nodes http://docker10.grote.lan:1234 https://nextcloud.mgrote.net  http://docker10.grote.lan:2342 http://docker10.grote.lan:8000/login  http://docker10.grote.lan:3344  http://docker10.grote.lan:5000 https://miniflux.mgrote.net/ http://docker10.grote.lan:3001 http://docker10.grote.lan:8081
+        env.sites http://docker10.grote.lan:333 http://docker10.grote.lan:8888/nodes http://docker10.grote.lan:1234 https://nextcloud.mgrote.net  http://docker10.grote.lan:2342 http://docker10.grote.lan:8000/login  http://docker10.grote.lan:3344  http://docker10.grote.lan:5000 https://miniflux.mgrote.net/ http://docker10.grote.lan:3001 http://docker10.grote.lan:8081 http://docker10.grote.lan:9999/acng-report.html
         env.max_time 20
         env.short_label true
         env.follow_redirect true

inventory

@@ -6,9 +6,6 @@ all:
     fileserver:
       hosts:
         fileserver3.grote.lan:
-    acng:
-      hosts:
-        acng2.grote.lan:
     ansible:
       hosts:
         ansible2.grote.lan:
@@ -33,7 +30,6 @@ all:
       hosts:
         dokuwiki2.grote.lan:
         fileserver3.grote.lan:
-        acng2.grote.lan:
         ansible2.grote.lan:
         pve5.grote.lan:
         gitea.grote.lan:

playbooks/base/apt_sources.yml

@@ -3,4 +3,3 @@
     roles:
       - role: mgrote.apt_manage_sources
         tags: "apt_sources"
-        when: "not 'acng2.grote.lan' in inventory_hostname"

roles/mgrote.apt_manage_sources/defaults/main.yml

@@ -3,7 +3,7 @@
   manage_sources_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg # url zum key für no-subscription-repo
   manage_sources_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg # pfad lokal zum key für no-subscription-repo
   manage_sources_apt_repo_no_subscription: deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription # url zum für no-subscription-repo, manage_sources_apt_proxy_url wird aus der variable entnommen
-  manage_sources_apt_proxy: acng2.grote.lan:9999 # url+Port vom proxy
+  manage_sources_apt_proxy: docker10.grote.lan:9999 # url+Port vom proxy
 #  manage_sources_extra_repos: # Extra Repositories
 #    - name: vivaldi # optional
 #      url: deb [arch=amd64] https://repo.vivaldi.com/stable/deb/ stable main