Compare commits
1 Commits
Author | SHA1 | Date |
---|---|---|
Michael Grote | 0168eed7b8 |
|
@ -8,11 +8,11 @@ steps:
|
|||
commands:
|
||||
- ansible-lint --version
|
||||
- echo $${VAULTPASS} > ./vault-pass.yml # nach des Secret in Großschreibung
|
||||
- ansible-galaxy install -r requirements.yaml
|
||||
- ansible-galaxy install -r requirements.yml
|
||||
- ansible-lint --force-color --format pep8
|
||||
# https://woodpecker-ci.org/docs/usage/secrets#use-secrets-in-commands
|
||||
secrets: [vaultpass]
|
||||
secrets:
|
||||
- source: vault-pass # name des Secrets in Woodpecker/GUI
|
||||
target: vaultpass # lower-case Name der Variable zur Verwendung in dem CI-File, wird dann so genutzt $${VAULTPASS}
|
||||
when:
|
||||
- event: [push, pull_request, cron]
|
||||
evaluate: 'CI_COMMIT_AUTHOR_EMAIL != "renovate@mgrote.net"'
|
||||
- evaluate: 'CI_COMMIT_AUTHOR_EMAIL != "renovate@mgrote.net"'
|
||||
...
|
||||
|
|
|
@ -5,6 +5,5 @@ steps:
|
|||
commands:
|
||||
- gitleaks detect --no-git --verbose --source $CI_WORKSPACE
|
||||
when:
|
||||
- event: [push, pull_request, cron]
|
||||
evaluate: 'CI_COMMIT_AUTHOR_EMAIL != "renovate@mgrote.net"'
|
||||
- evaluate: 'CI_COMMIT_AUTHOR_EMAIL != "renovate@mgrote.net"'
|
||||
...
|
||||
|
|
|
@ -2,7 +2,7 @@ version: '3'
|
|||
services:
|
||||
httpd-registry:
|
||||
container_name: "httpd-registry"
|
||||
image: "registry.mgrote.net/httpd:latest"
|
||||
image: "registry.mgrote.net/httpd:v1.1.43"
|
||||
restart: always
|
||||
volumes:
|
||||
- uploads:/usr/local/apache2/htdocs/
|
||||
|
@ -17,7 +17,7 @@ services:
|
|||
|
||||
python-api-server:
|
||||
container_name: httpd-api
|
||||
image: "registry.mgrote.net/python-api-server:latest"
|
||||
image: "registry.mgrote.net/python-api-server:v1.1.148"
|
||||
restart: always
|
||||
ports:
|
||||
- "5040:5000"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
version: '3.3'
|
||||
services:
|
||||
postfix:
|
||||
image: "registry.mgrote.net/postfix:latest"
|
||||
image: "registry.mgrote.net/postfix:v1.1.196"
|
||||
container_name: mail-relay
|
||||
restart: always
|
||||
ports:
|
||||
|
|
|
@ -3,7 +3,7 @@ services:
|
|||
######## Miniflux ########
|
||||
miniflux:
|
||||
container_name: "mf-frontend"
|
||||
image: "ghcr.io/miniflux/miniflux:2.1.3"
|
||||
image: "ghcr.io/miniflux/miniflux:2.1.2"
|
||||
restart: always
|
||||
depends_on:
|
||||
- mf-db16
|
||||
|
@ -34,7 +34,7 @@ services:
|
|||
######## Postgres ########
|
||||
mf-db16:
|
||||
container_name: "mf-db16"
|
||||
image: "postgres:16.3"
|
||||
image: "postgres:16.2"
|
||||
restart: always
|
||||
environment:
|
||||
POSTGRES_USER: miniflux
|
||||
|
@ -62,7 +62,7 @@ services:
|
|||
MF_API_URL: https://miniflux.mgrote.net/v1
|
||||
MF_SLEEP: 600
|
||||
#MF_DEBUG: 1
|
||||
image: "registry.mgrote.net/miniflux-filter:latest"
|
||||
image: "registry.mgrote.net/miniflux-filter:v1.1.101"
|
||||
volumes:
|
||||
- ./filter.txt:/data/filter.txt
|
||||
networks:
|
||||
|
|
|
@ -286,4 +286,3 @@ www.army-technology.com::who are the leaders
|
|||
www.army-technology.com::files patent
|
||||
www.army-technology.com::sees highest patent filings
|
||||
www.army-technology.com::theme innovation strategy
|
||||
www.army-technology.com::gets grant
|
||||
|
|
|
@ -2,7 +2,7 @@ version: '3'
|
|||
services:
|
||||
munin:
|
||||
container_name: "munin-master"
|
||||
image: registry.mgrote.net/munin-server:latest
|
||||
image: registry.mgrote.net/munin-server:v1.1.80
|
||||
restart: always
|
||||
environment:
|
||||
MAILCONTACT: michael.grote@posteo.de
|
||||
|
|
|
@ -3,7 +3,7 @@ services:
|
|||
######## navidrome-mg ########
|
||||
navidrome-mg:
|
||||
container_name: "navidrome-mg"
|
||||
image: "deluan/navidrome:0.52.5"
|
||||
image: "deluan/navidrome:0.51.1"
|
||||
restart: always
|
||||
environment:
|
||||
ND_LOGLEVEL: info
|
||||
|
|
|
@ -25,8 +25,7 @@ services:
|
|||
[
|
||||
"CMD",
|
||||
"healthcheck.sh",
|
||||
"--su-mysql",
|
||||
"--connect"
|
||||
"--connect",
|
||||
]
|
||||
timeout: 30s
|
||||
|
||||
|
@ -55,7 +54,7 @@ services:
|
|||
######## cron ########
|
||||
nextcloud-cron:
|
||||
container_name: nextcloud-cron
|
||||
image: "registry.mgrote.net/nextcloud-cronjob:latest"
|
||||
image: "registry.mgrote.net/nextcloud-cronjob:v1.1.89"
|
||||
restart: unless-stopped
|
||||
network_mode: none
|
||||
volumes:
|
||||
|
@ -67,7 +66,7 @@ services:
|
|||
|
||||
######## Nextcloud ########
|
||||
nextcloud-app:
|
||||
image: "nextcloud:29.0.0"
|
||||
image: "nextcloud:28.0.4"
|
||||
container_name: nextcloud-app
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
|
@ -93,9 +92,6 @@ services:
|
|||
PHP_UPLOAD_LIMIT: 10G
|
||||
APACHE_DISABLE_REWRITE_IP: 1
|
||||
TRUSTED_PROXIES: "192.168.48.0/24" # Subnetz in dem sich traefik befindet
|
||||
NEXTCLOUD_UPLOAD_LIMIT: 10G
|
||||
NEXTCLOUD_MAX_TIME: 3600
|
||||
APACHE_BODY_LIMIT: 0 # unlimited, https://github.com/nextcloud/docker/issues/1796
|
||||
volumes:
|
||||
- app:/var/www/html
|
||||
- data:/var/www/html/data
|
||||
|
|
|
@ -84,7 +84,7 @@ services:
|
|||
- traefik
|
||||
- intern
|
||||
healthcheck:
|
||||
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://127.0.0.1"]
|
||||
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
|
|
|
@ -3,7 +3,7 @@ services:
|
|||
routeros-config-export:
|
||||
container_name: routeros-config-export
|
||||
restart: always
|
||||
image: "registry.mgrote.net/routeros-config-export:latest"
|
||||
image: "registry.mgrote.net/routeros-config-export:v1.1.138"
|
||||
volumes:
|
||||
- ./key_rb5009:/key_rb5009:ro
|
||||
- ./key_hex:/key_hex:ro
|
||||
|
@ -15,7 +15,7 @@ services:
|
|||
hex.mgrote.net,routeros-config-backup,/key_hex
|
||||
crs305.mgrote.net,routeros-config-backup,/key_crs305
|
||||
GIT_REPO_BRANCH: "master"
|
||||
GIT_REPO_URL: "ssh://gitea@forgejo.mgrote.net:2222/mg/routeros-configs.git"
|
||||
GIT_REPO_URL: "gitea@forgejo.mgrote.net:mg/routeros-configs.git"
|
||||
GIT_REPO_DEPLOY_KEY: "/deploy_token"
|
||||
GIT_USERNAME: oxidized-selfmade
|
||||
GIT_USER_MAIL: michael.grote@posteo.de
|
||||
|
|
|
@ -3,7 +3,7 @@ services:
|
|||
######## traefik ########
|
||||
traefik:
|
||||
container_name: traefik
|
||||
image: "traefik:v3.0.0"
|
||||
image: "traefik:v3.0"
|
||||
restart: always
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
|
@ -47,11 +47,6 @@ services:
|
|||
- "./passwd:/passwd:ro" # Mount local passwd file at /passwd as read only
|
||||
networks:
|
||||
- traefik
|
||||
healthcheck:
|
||||
test: ["CMD", "wget", "--quiet", "--spider", "--tries=1", "http://127.0.0.1:3000/login"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
|
||||
######## Networks ########
|
||||
networks:
|
||||
|
|
|
@ -39,8 +39,8 @@ api:
|
|||
|
||||
ping: {} # für healthcheck
|
||||
|
||||
#experimental:
|
||||
# plugins:
|
||||
# ldapAuth:
|
||||
# moduleName: "github.com/wiltonsr/ldapAuth"
|
||||
# version: "v0.1.4"
|
||||
experimental:
|
||||
plugins:
|
||||
ldapAuth:
|
||||
moduleName: "github.com/wiltonsr/ldapAuth"
|
||||
version: "v0.1.8"
|
||||
|
|
|
@ -45,7 +45,7 @@ services:
|
|||
# 1. mongosh
|
||||
# 2. db.getSiblingDB("unifidb").createUser({user: "unifiuser", pwd: "GEHEIM", roles: [{role: "dbOwner", db: "unifidb"}, {role: "dbOwner", db: "unifidb_stat"}]});
|
||||
# https://discourse.linuxserver.io/t/cant-connect-to-mongodb-for-unifi-network-application/8166
|
||||
image: "docker.io/mongo:7.0.9"
|
||||
image: "docker.io/mongo:7.0.8"
|
||||
container_name: unifi-db
|
||||
volumes:
|
||||
- db-data:/data/db
|
||||
|
|
|
@ -2,7 +2,7 @@ version: '3'
|
|||
services:
|
||||
wiki-webserver:
|
||||
container_name: wiki-webserver
|
||||
image: "registry.mgrote.net/httpd:latest"
|
||||
image: "registry.mgrote.net/httpd:v1.1.43"
|
||||
restart: always
|
||||
networks:
|
||||
- traefik
|
||||
|
@ -26,8 +26,14 @@ services:
|
|||
traefik.http.routers.wiki.entrypoints: entry_https
|
||||
traefik.http.services.wiki.loadbalancer.server.port: 80
|
||||
|
||||
traefik.http.routers.wiki.middlewares: nforwardauth
|
||||
traefik.http.routers.wiki.middlewares: ldap_auth
|
||||
|
||||
traefik.http.middlewares.ldap_auth.plugin.ldapAuth.enabled: true
|
||||
traefik.http.middlewares.ldap_auth.plugin.ldapAuth.logLevel: "DEBUG"
|
||||
traefik.http.middlewares.ldap_auth.plugin.ldapAuth.url: "ldap://ldap.mgrote.net"
|
||||
traefik.http.middlewares.ldap_auth.plugin.ldapAuth.port: 3890
|
||||
traefik.http.middlewares.ldap_auth.plugin.ldapAuth.baseDN: "dc=mgrote,dc=net"
|
||||
traefik.http.middlewares.ldap_auth.plugin.ldapAuth.attribute: uid
|
||||
######## Networks ########
|
||||
networks:
|
||||
traefik:
|
||||
|
|
|
@ -178,7 +178,7 @@ sanoid_templates:
|
|||
autoprune: 'yes'
|
||||
|
||||
### mgrote_zfs_sanoid
|
||||
sanoid_deb_url: http://docker10.mgrote.net:3344/sanoid_v2.2.0.deb
|
||||
sanoid_deb_url: http://docker10.mgrote.net:3344/sanoid_3.0.4.deb
|
||||
|
||||
### mgrote_munin_node
|
||||
munin_node_bind_host: "0.0.0.0"
|
||||
|
|
|
@ -80,7 +80,7 @@ blocky_custom_lookups: # optional
|
|||
ip: 192.168.3.239
|
||||
- name: pve5-test.mgrote.net
|
||||
ip: 192.168.2.17
|
||||
- name: pve5.mgrote.net # bleibt im Router auch angelegt, weil wenn pve aus auch kein blocky mehr ;-)
|
||||
- name: pve5.mgrote.net # bleibt im Router auch angelegt, weil wenn pve aus auch kein blocky ;-)
|
||||
ip: 192.168.2.16
|
||||
- name: rb5009.mgrote.net
|
||||
ip: 192.168.2.1
|
||||
|
@ -89,6 +89,7 @@ blocky_custom_lookups: # optional
|
|||
- name: ldap.mgrote.net
|
||||
ip: 192.168.2.47
|
||||
|
||||
|
||||
### mgrote_munin_node
|
||||
# kann git.mgrote.net nicht auflösen, deshalb hiermit IP
|
||||
munin_node_plugins:
|
||||
|
|
|
@ -43,11 +43,6 @@ ufw_rules:
|
|||
protocol: tcp
|
||||
comment: 'gitea'
|
||||
from_ip: 0.0.0.0/0
|
||||
- rule: allow
|
||||
to_port: "{{ gitea_ssh_port }}"
|
||||
protocol: tcp
|
||||
comment: 'gitea'
|
||||
from_ip: 0.0.0.0/0
|
||||
|
||||
### ansible_role_gitea
|
||||
# https://git.mgrote.net/ansible-roles-mirrors/ansible_role_gitea
|
||||
|
@ -66,9 +61,9 @@ gitea_configuration_path: "/etc/gitea" # anpassen
|
|||
gitea_app_name: "forgejo"
|
||||
gitea_fqdn: "git.mgrote.net"
|
||||
# ssh
|
||||
gitea_ssh_port: 2222
|
||||
gitea_start_ssh: true
|
||||
gitea_shell: "/bin/false"
|
||||
gitea_ssh_port: 22 # assuming the host SSH server is running on port 22
|
||||
gitea_start_ssh: false # to not start the built-in SSH server
|
||||
gitea_shell: "/bin/bash"
|
||||
# Repository
|
||||
gitea_default_branch: "master"
|
||||
gitea_default_private: "public"
|
||||
|
|
|
@ -28,13 +28,6 @@ users:
|
|||
allow_sudo: true
|
||||
allow_passwordless_sudo: true
|
||||
|
||||
### mgrote_cv4pve_autosnap
|
||||
cv4pve_api_user: root@pam!cv4pve-autosnap
|
||||
cv4pve_api_token: "{{ lookup('keepass', 'cv4pve_api_token', 'password') }}"
|
||||
cv4pve_vmid: all,-115
|
||||
cv4pve_keep_snapshots: 5
|
||||
cv4pve_version: "v1.14.8"
|
||||
|
||||
### mgrote_apt_manage_packages
|
||||
apt_packages_extra:
|
||||
- ifupdown2
|
||||
|
|
|
@ -153,6 +153,13 @@ sanoid_datasets:
|
|||
snapshots: true
|
||||
template: '3tage'
|
||||
|
||||
### mgrote_cv4pve-autosnap
|
||||
cv4pve_api_user: root@pam!cv4pve-autosnap
|
||||
cv4pve_api_token: "{{ lookup('keepass', 'cv4pve_api_token', 'password') }}"
|
||||
cv4pve_vmid: all
|
||||
cv4pve_keep_snapshots: 5
|
||||
cv4pve_dl_link: "https://github.com/Corsinvest/cv4pve-autosnap/releases/download/v1.10.0/cv4pve-autosnap-linux-x64.zip"
|
||||
|
||||
### mgrote_proxmox_bind_mounts
|
||||
pve_bind_mounts:
|
||||
- vmid: 100
|
||||
|
|
|
@ -170,6 +170,13 @@ sanoid_datasets:
|
|||
snapshots: true
|
||||
template: 'pve3tage'
|
||||
|
||||
### mgrote_cv4pve-autosnap
|
||||
cv4pve_api_user: root@pam!cv4pve-autosnap
|
||||
cv4pve_api_token: "{{ lookup('keepass', 'cv4pve_api_token', 'password') }}"
|
||||
cv4pve_vmid: all,-115
|
||||
cv4pve_keep_snapshots: 5
|
||||
cv4pve_dl_link: "https://github.com/Corsinvest/cv4pve-autosnap/releases/download/v1.14.7/cv4pve-autosnap-linux-x64.zip"
|
||||
|
||||
### mgrote_proxmox_bind_mounts
|
||||
pve_bind_mounts:
|
||||
### fileserver3
|
||||
|
|
|
@ -16,8 +16,7 @@
|
|||
- role: mgrote_smart
|
||||
tags: "smart"
|
||||
- role: mgrote_cv4pve_autosnap
|
||||
tags: cv4pve
|
||||
become: true
|
||||
tags: "cv4pve"
|
||||
- role: mgrote_proxmox_bind_mounts
|
||||
tags: "bindmounts"
|
||||
- role: mgrote_proxmox_lxc_profiles
|
||||
|
|
|
@ -1,30 +1,26 @@
|
|||
collections:
|
||||
- name: community.general
|
||||
version: "8.6.0"
|
||||
- name: community.crypto
|
||||
version: "2.19.1"
|
||||
- name: ansible.posix
|
||||
version: "1.5.4"
|
||||
- name: community.docker
|
||||
version: "3.9.0"
|
||||
- git+https://git.mgrote.net/ansible-collection-mirrors/community.general
|
||||
- git+https://git.mgrote.net/ansible-collection-mirrors/community.crypto
|
||||
- git+https://git.mgrote.net/ansible-collection-mirrors/ansible.posix
|
||||
- git+https://git.mgrote.net/ansible-collection-mirrors/community.docker
|
||||
roles:
|
||||
- src: https://git.mgrote.net/ansible-role-mirrors/ansible-role-bootstrap
|
||||
version: "6.2.5"
|
||||
scm: git
|
||||
- src: https://git.mgrote.net/ansible-role-mirrors/ansible-ufw
|
||||
version: "v4.1.13"
|
||||
scm: git
|
||||
- src: https://git.mgrote.net/ansible-role-mirrors/ansible-manage-lvm
|
||||
version: "v0.2.11"
|
||||
scm: git
|
||||
- src: https://git.mgrote.net/ansible-role-mirrors/ansible-role-unattended-upgrades
|
||||
version: "v4.1.0"
|
||||
scm: git
|
||||
- src: https://git.mgrote.net/ansible-role-mirrors/ansible-role-pip
|
||||
version: "3.0.3"
|
||||
scm: git
|
||||
- src: https://git.mgrote.net/ansible-role-mirrors/ansible-role-nfs
|
||||
version: "2.0.0"
|
||||
scm: git
|
||||
- src: https://git.mgrote.net/ansible-role-mirrors/ansible-role-docker
|
||||
version: "7.1.0"
|
||||
scm: git
|
||||
- src: https://git.mgrote.net/ansible-role-mirrors/ansible_role_ctop
|
||||
version: "1.1.6"
|
||||
scm: git
|
||||
- src: https://git.mgrote.net/ansible-role-mirrors/ansible_role_gitea
|
||||
version: "v3.4.2"
|
||||
scm: git
|
||||
- src: https://git.mgrote.net/ansible-role-mirrors/ansible-role-postgresql
|
||||
version: "3.5.1"
|
||||
scm: git
|
|
@ -0,0 +1,11 @@
|
|||
## mgrote.cv4pve
|
||||
|
||||
### Beschreibung
|
||||
Installiert [cv4pve-autosnap](https://github.com/Corsinvest/cv4pve-autosnap).
|
||||
Legt einen systemd-timer.
|
||||
|
||||
### getestet auf
|
||||
- [x] ProxMox 7*
|
||||
|
||||
### Variablen + Defaults
|
||||
- see [defaults](./defaults/main.yml)
|
|
@ -3,7 +3,7 @@
|
|||
cv4pve_cron_minute: "39"
|
||||
cv4pve_cron_hour: "5"
|
||||
# proxmox api-token and user
|
||||
cv4pve_api_token: "supersecret"
|
||||
cv4pve_api_token: "XXXXXXXXXXXXXXXXXXXXXX"
|
||||
cv4pve_api_user: "root@pam!test2"
|
||||
# which vm to snapshot
|
||||
cv4pve_vmid: all
|
||||
|
@ -12,7 +12,3 @@ cv4pve_keep_snapshots: 3
|
|||
# under which user the script is run
|
||||
cv4pve_user_group: cv4pve
|
||||
cv4pve_user: cv4pve
|
||||
# url
|
||||
cv4pve_dl_link: https://github.com/Corsinvest/cv4pve-autosnap/releases/download/{{ cv4pve_version }}/cv4pve-autosnap-linux-x64.zip
|
||||
cv4pve_version: "v1.14.8"
|
||||
cv4pve_base_path: /usr/local/bin/cv4pve
|
||||
|
|
|
@ -1,42 +0,0 @@
|
|||
---
|
||||
- name: Ensure needed directories exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ cv4pve_base_path }}"
|
||||
state: directory
|
||||
owner: "{{ cv4pve_user }}"
|
||||
group: "{{ cv4pve_user_group }}"
|
||||
mode: "0644"
|
||||
|
||||
- name: Download specified version
|
||||
ansible.builtin.unarchive:
|
||||
src: "{{ cv4pve_dl_link }}"
|
||||
dest: "{{ cv4pve_base_path }}"
|
||||
mode: '0755'
|
||||
owner: "{{ cv4pve_user }}"
|
||||
group: "{{ cv4pve_user_group }}"
|
||||
remote_src: true
|
||||
creates: "{{ cv4pve_base_path }}/cv4pve-autosnap-{{ cv4pve_version }}"
|
||||
list_files: true
|
||||
register: download
|
||||
|
||||
- name: Rename binary # noqa no-changed-when no-handler
|
||||
ansible.builtin.command: |
|
||||
mv "{{ cv4pve_base_path }}/cv4pve-autosnap" "{{ cv4pve_base_path }}/cv4pve-autosnap-{{ cv4pve_version }}"
|
||||
when: download.changed
|
||||
|
||||
# https://stackoverflow.com/questions/20252057/using-ansible-how-would-i-delete-all-items-except-for-a-specified-set-in-a-dire
|
||||
- name: Find old versions
|
||||
ansible.builtin.find:
|
||||
paths: "{{ cv4pve_base_path }}"
|
||||
file_type: file
|
||||
use_regex: false
|
||||
excludes:
|
||||
- "cv4pve-autosnap-{{ cv4pve_version }}"
|
||||
register: found_files
|
||||
|
||||
- name: Ensure old versions are absent
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.path }}"
|
||||
state: absent
|
||||
with_items: "{{ found_files['files'] }}"
|
||||
...
|
|
@ -2,9 +2,74 @@
|
|||
- name: include user tasks
|
||||
ansible.builtin.include_tasks: user.yml
|
||||
|
||||
- name: include install tasks
|
||||
ansible.builtin.include_tasks: install.yml
|
||||
|
||||
- name: include systemd tasks
|
||||
ansible.builtin.include_tasks: systemd.yml
|
||||
...
|
||||
- name: create directories
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ cv4pve_user }}"
|
||||
group: "{{ cv4pve_user_group }}"
|
||||
mode: "0644"
|
||||
loop:
|
||||
- '/tmp/cv4pve'
|
||||
- '/usr/local/bin/cv4pve'
|
||||
|
||||
- name: download archives
|
||||
become: true
|
||||
ansible.builtin.get_url:
|
||||
url: "{{ cv4pve_dl_link }}"
|
||||
dest: /tmp/cv4pve/cv4pve-autosnap-linux-x64.zip
|
||||
mode: '0775'
|
||||
owner: "{{ cv4pve_user }}"
|
||||
group: "{{ cv4pve_user_group }}"
|
||||
|
||||
- name: extract archives
|
||||
become: true
|
||||
ansible.builtin.unarchive:
|
||||
src: /tmp/cv4pve/cv4pve-autosnap-linux-x64.zip
|
||||
dest: /usr/local/bin/cv4pve
|
||||
remote_src: true
|
||||
mode: a+x
|
||||
owner: "{{ cv4pve_user }}"
|
||||
group: "{{ cv4pve_user_group }}"
|
||||
|
||||
- name: template cv4pve.service
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: cv4pve.service.j2
|
||||
dest: /etc/systemd/system/cv4pve.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
notify:
|
||||
- systemctl daemon-reload
|
||||
|
||||
- name: template cv4pve_mail.service
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: cv4pve_mail.service.j2
|
||||
dest: /etc/systemd/system/cv4pve_mail.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
notify:
|
||||
- systemctl daemon-reload
|
||||
|
||||
- name: template cv4pve.timer
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: cv4pve.timer.j2
|
||||
dest: /etc/systemd/system/cv4pve.timer
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
notify:
|
||||
- systemctl daemon-reload
|
||||
|
||||
- name: systemctl start cv4pve.timer
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
name: cv4pve.timer
|
||||
state: started
|
||||
enabled: true
|
||||
|
|
|
@ -1,38 +0,0 @@
|
|||
---
|
||||
- name: Ensure service-unit (cv4pve) is templated
|
||||
ansible.builtin.template:
|
||||
src: cv4pve.service.j2
|
||||
dest: /etc/systemd/system/cv4pve.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
no_log: true
|
||||
notify:
|
||||
- systemctl daemon-reload
|
||||
|
||||
- name: Ensure service-unit (mail) is templated
|
||||
ansible.builtin.template:
|
||||
src: cv4pve_mail.service.j2
|
||||
dest: /etc/systemd/system/cv4pve_mail.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
notify:
|
||||
- systemctl daemon-reload
|
||||
|
||||
- name: Ensure service-unit (timer) is templated
|
||||
ansible.builtin.template:
|
||||
src: cv4pve.timer.j2
|
||||
dest: /etc/systemd/system/cv4pve.timer
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
notify:
|
||||
- systemctl daemon-reload
|
||||
|
||||
- name: Ensure timer is started is templated
|
||||
ansible.builtin.systemd:
|
||||
name: cv4pve.timer
|
||||
state: started
|
||||
enabled: true
|
||||
...
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
- name: Ensure group exists
|
||||
- name: ensure group exists
|
||||
become: true
|
||||
ansible.builtin.group:
|
||||
name: "{{ cv4pve_user_group }}"
|
||||
|
@ -7,7 +7,7 @@
|
|||
when:
|
||||
- cv4pve_user_group is defined
|
||||
|
||||
- name: Ensure user exists
|
||||
- name: ensure user exists
|
||||
become: true
|
||||
ansible.builtin.user:
|
||||
name: "{{ cv4pve_user }}"
|
||||
|
@ -17,4 +17,3 @@
|
|||
when:
|
||||
- cv4pve_user_group is defined
|
||||
- cv4pve_user is defined
|
||||
...
|
||||
|
|
|
@ -6,4 +6,4 @@ OnFailure=cv4pve_mail.service
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart={{ cv4pve_base_path }}/cv4pve-autosnap-{{ cv4pve_version }} --host=127.0.0.1 --api-token {{ cv4pve_api_user }}={{ cv4pve_api_token }} --vmid="{{ cv4pve_vmid }}" snap --label='daily' --keep="{{ cv4pve_keep_snapshots }}" --state
|
||||
ExecStart=/usr/local/bin/cv4pve/cv4pve-autosnap --host=127.0.0.1 --api-token {{ cv4pve_api_user }}={{ cv4pve_api_token }} --vmid="{{ cv4pve_vmid }}" snap --label='daily' --keep="{{ cv4pve_keep_snapshots }}" --state
|
||||
|
|
|
@ -6,5 +6,6 @@ Description=Timer: Trigger VM-Snapshots in PVE with cv4pve.
|
|||
OnCalendar=*-*-* {{ cv4pve_cron_hour }}:{{ cv4pve_cron_minute }}:00
|
||||
RandomizedDelaySec=10 min
|
||||
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target multi-user.target
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
{{ file_header | default () }}
|
||||
|
||||
[Unit]
|
||||
Description=Send a Mail in case of an error in cv4pve.service.
|
||||
|
||||
|
|
|
@ -4,31 +4,19 @@
|
|||
# - https://github.com/lldap/lldap/blob/main/example_configs/gitea.md
|
||||
# und
|
||||
# den jeweiligen group/host-Vars!
|
||||
|
||||
- name: Check if Admin-User exists
|
||||
- name: Ensure Admin-User exists
|
||||
no_log: true
|
||||
become_user: gitea
|
||||
become: true
|
||||
ansible.builtin.command: |
|
||||
forgejo admin user list \
|
||||
--config "{{ gitea_configuration_path }}/gitea.ini"
|
||||
register: check
|
||||
changed_when: false
|
||||
|
||||
- name: Ensure Admin-User exists
|
||||
#no_log: true
|
||||
become_user: gitea
|
||||
become: true
|
||||
ansible.builtin.command: |
|
||||
forgejo admin user create \
|
||||
--config "{{ gitea_configuration_path }}/gitea.ini" \
|
||||
--config /etc/gitea/gitea.ini
|
||||
--username "{{ gitea_admin_user }}" \
|
||||
--password "{{ gitea_admin_user_pass }}" \
|
||||
--email "{{ gitea_admin_user }}@mgrote.net" \
|
||||
--admin
|
||||
when: 'not "{{ gitea_admin_user }}@mgrote.net" in check.stdout'
|
||||
|
||||
- name: Show existing users
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ check.stdout_lines }}"
|
||||
register: setup_admin
|
||||
ignore_errors: true
|
||||
failed_when: 'not "Command error: CreateUser: user already exists [name: mg]" in setup_admin.stderr' # fail Task wenn LDAP schon konfiguriert ist
|
||||
changed_when: "setup_admin.rc == 0" # chnaged nur wenn Task rc 0 hat, sollte nur beim ersten lauf vorkommen; ungetestet
|
||||
...
|
||||
|
|
|
@ -10,7 +10,6 @@
|
|||
- lzop
|
||||
- libcapture-tiny-perl
|
||||
- pv
|
||||
- libconfig-ini-perl
|
||||
state: present
|
||||
|
||||
- name: install packages from self-build
|
||||
|
|
|
@ -5,4 +5,4 @@ Description=Send a Mail for sanoid service after error or success sanoid.service
|
|||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/bin/bash -c '/usr/bin/journalctl -u syncoid.service -n 30 | mail -s "syncoid - %H" {{ my_mail }}'
|
||||
ExecStart=/bin/bash -c '/usr/bin/journalctl -u syncoid.service -n 20| mail -s "syncoid - %H" {{ my_mail }}'
|
||||
|
|
Loading…
Reference in New Issue