From e99d5d98c04b4ebf9c4e375160ceb2ed8cba3a49 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Wed, 5 Jun 2024 18:44:57 +0200 Subject: [PATCH 01/12] add role --- .../tasks/admin.yml | 34 +++++++++++ .../mgrote_docker_housekeeping/tasks/ldap.yml | 56 +++++++++++++++++++ .../mgrote_docker_housekeeping/tasks/main.yml | 7 +++ 3 files changed, 97 insertions(+) create mode 100644 roles/mgrote_docker_housekeeping/tasks/admin.yml create mode 100644 roles/mgrote_docker_housekeeping/tasks/ldap.yml create mode 100644 roles/mgrote_docker_housekeeping/tasks/main.yml diff --git a/roles/mgrote_docker_housekeeping/tasks/admin.yml b/roles/mgrote_docker_housekeeping/tasks/admin.yml new file mode 100644 index 00000000..789e9fc1 --- /dev/null +++ b/roles/mgrote_docker_housekeeping/tasks/admin.yml @@ -0,0 +1,34 @@ +--- +# die Variablen kommen aus +# - https://docs.gitea.com/administration/command-line +# - https://github.com/lldap/lldap/blob/main/example_configs/gitea.md +# und +# den jeweiligen group/host-Vars! + +- name: Check if Admin-User exists + no_log: true + become_user: gitea + become: true + ansible.builtin.command: | + forgejo admin user list \ + --config "{{ gitea_configuration_path }}/gitea.ini" + register: check + changed_when: false + +- name: Ensure Admin-User exists # noqa no-changed-when no-jinja-when + #no_log: true + become_user: gitea + become: true + ansible.builtin.command: | + forgejo admin user create \ + --config "{{ gitea_configuration_path }}/gitea.ini" \ + --username "{{ gitea_admin_user }}" \ + --password "{{ gitea_admin_user_pass }}" \ + --email "{{ gitea_admin_user }}@mgrote.net" \ + --admin + when: 'not "{{ gitea_admin_user }}@mgrote.net" in check.stdout' + +- name: Show existing users + ansible.builtin.debug: + msg: "{{ check.stdout_lines }}" +... diff --git a/roles/mgrote_docker_housekeeping/tasks/ldap.yml b/roles/mgrote_docker_housekeeping/tasks/ldap.yml new file mode 100644 index 00000000..7fbb7436 --- /dev/null +++ b/roles/mgrote_docker_housekeeping/tasks/ldap.yml @@ -0,0 +1,56 @@ +--- +# die Variablen kommen aus +# - https://docs.gitea.com/administration/command-line +# - https://github.com/lldap/lldap/blob/main/example_configs/gitea.md +# und +# den jeweiligen group/host-Vars! +- name: Ensure LDAP config is set up + no_log: true + become_user: gitea + become: true + ansible.builtin.command: | + forgejo admin auth add-ldap \ + --config "{{ gitea_configuration_path }}/gitea.ini" \ + --name "lldap" \ + --security-protocol "unencrypted" \ + --host "{{ gitea_ldap_host }}" \ + --port "3890" \ + --bind-dn "uid={{ gitea_ldap_bind_user }},ou=people,{{ gitea_ldap_base_path }}" \ + --bind-password "{{ gitea_ldap_bind_pass }}" \ + --user-search-base "ou=people,{{ gitea_ldap_base_path }}" \ + --user-filter "(&(memberof=cn=gitea,ou=groups,{{ gitea_ldap_base_path }})(|(uid=%[1]s)(mail=%[1]s)))" \ + --username-attribute "uid" \ + --email-attribute "mail" \ + --firstname-attribute "givenName" \ + --surname-attribute "sn" \ + --avatar-attribute "jpegPhoto" \ + --synchronize-users + register: setup + ignore_errors: true + failed_when: 'not "Command error: login source already exists [name: lldap]" in setup.stderr' # fail Task wenn LDAP schon konfiguriert ist + changed_when: "setup.rc == 0" # chnaged nur wenn Task rc 0 hat, sollte nur beim ersten lauf vorkommen; ungetestet + +- name: Modify LDAP config + no_log: true + become_user: gitea + become: true + ansible.builtin.command: | + forgejo admin auth update-ldap \ + --config "{{ gitea_configuration_path }}/gitea.ini" \ + --id "1" \ + --security-protocol "unencrypted" \ + --host "{{ gitea_ldap_host }}" \ + --port "3890" \ + --bind-dn "uid={{ gitea_ldap_bind_user }},ou=people,{{ gitea_ldap_base_path }}" \ + --bind-password "{{ gitea_ldap_bind_pass }}" \ + --user-search-base "ou=people,{{ gitea_ldap_base_path }}" \ + --user-filter "(&(memberof=cn=gitea,ou=groups,{{ gitea_ldap_base_path }})(|(uid=%[1]s)(mail=%[1]s)))" \ + --username-attribute "uid" \ + --email-attribute "mail" \ + --firstname-attribute "givenName" \ + --surname-attribute "sn" \ + --avatar-attribute "jpegPhoto" \ + --synchronize-users + when: '"Command error: login source already exists [name: lldap]" in setup.stderr' # führe nur aus wenn erster Task fehlgeschlagen ist + changed_when: false # keine idee wie ich changed feststellen kann +... diff --git a/roles/mgrote_docker_housekeeping/tasks/main.yml b/roles/mgrote_docker_housekeeping/tasks/main.yml new file mode 100644 index 00000000..1da6b7d9 --- /dev/null +++ b/roles/mgrote_docker_housekeeping/tasks/main.yml @@ -0,0 +1,7 @@ +--- +- name: Include LDAP tasks + ansible.builtin.include_tasks: ldap.yml + +- name: Include User tasks + ansible.builtin.include_tasks: admin.yml +... -- 2.34.1 From c3012c032b47cd8002c9ffb125c5bb94e3bce0d7 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Wed, 5 Jun 2024 18:45:30 +0200 Subject: [PATCH 02/12] add unots --- .../tasks/admin.yml | 34 ----------- .../mgrote_docker_housekeeping/tasks/ldap.yml | 56 ------------------- .../templates/restic.service.j2 | 15 +++++ .../templates/restic.timer.j2 | 10 ++++ 4 files changed, 25 insertions(+), 90 deletions(-) delete mode 100644 roles/mgrote_docker_housekeeping/tasks/admin.yml delete mode 100644 roles/mgrote_docker_housekeeping/tasks/ldap.yml create mode 100644 roles/mgrote_docker_housekeeping/templates/restic.service.j2 create mode 100644 roles/mgrote_docker_housekeeping/templates/restic.timer.j2 diff --git a/roles/mgrote_docker_housekeeping/tasks/admin.yml b/roles/mgrote_docker_housekeeping/tasks/admin.yml deleted file mode 100644 index 789e9fc1..00000000 --- a/roles/mgrote_docker_housekeeping/tasks/admin.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -# die Variablen kommen aus -# - https://docs.gitea.com/administration/command-line -# - https://github.com/lldap/lldap/blob/main/example_configs/gitea.md -# und -# den jeweiligen group/host-Vars! - -- name: Check if Admin-User exists - no_log: true - become_user: gitea - become: true - ansible.builtin.command: | - forgejo admin user list \ - --config "{{ gitea_configuration_path }}/gitea.ini" - register: check - changed_when: false - -- name: Ensure Admin-User exists # noqa no-changed-when no-jinja-when - #no_log: true - become_user: gitea - become: true - ansible.builtin.command: | - forgejo admin user create \ - --config "{{ gitea_configuration_path }}/gitea.ini" \ - --username "{{ gitea_admin_user }}" \ - --password "{{ gitea_admin_user_pass }}" \ - --email "{{ gitea_admin_user }}@mgrote.net" \ - --admin - when: 'not "{{ gitea_admin_user }}@mgrote.net" in check.stdout' - -- name: Show existing users - ansible.builtin.debug: - msg: "{{ check.stdout_lines }}" -... diff --git a/roles/mgrote_docker_housekeeping/tasks/ldap.yml b/roles/mgrote_docker_housekeeping/tasks/ldap.yml deleted file mode 100644 index 7fbb7436..00000000 --- a/roles/mgrote_docker_housekeeping/tasks/ldap.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -# die Variablen kommen aus -# - https://docs.gitea.com/administration/command-line -# - https://github.com/lldap/lldap/blob/main/example_configs/gitea.md -# und -# den jeweiligen group/host-Vars! -- name: Ensure LDAP config is set up - no_log: true - become_user: gitea - become: true - ansible.builtin.command: | - forgejo admin auth add-ldap \ - --config "{{ gitea_configuration_path }}/gitea.ini" \ - --name "lldap" \ - --security-protocol "unencrypted" \ - --host "{{ gitea_ldap_host }}" \ - --port "3890" \ - --bind-dn "uid={{ gitea_ldap_bind_user }},ou=people,{{ gitea_ldap_base_path }}" \ - --bind-password "{{ gitea_ldap_bind_pass }}" \ - --user-search-base "ou=people,{{ gitea_ldap_base_path }}" \ - --user-filter "(&(memberof=cn=gitea,ou=groups,{{ gitea_ldap_base_path }})(|(uid=%[1]s)(mail=%[1]s)))" \ - --username-attribute "uid" \ - --email-attribute "mail" \ - --firstname-attribute "givenName" \ - --surname-attribute "sn" \ - --avatar-attribute "jpegPhoto" \ - --synchronize-users - register: setup - ignore_errors: true - failed_when: 'not "Command error: login source already exists [name: lldap]" in setup.stderr' # fail Task wenn LDAP schon konfiguriert ist - changed_when: "setup.rc == 0" # chnaged nur wenn Task rc 0 hat, sollte nur beim ersten lauf vorkommen; ungetestet - -- name: Modify LDAP config - no_log: true - become_user: gitea - become: true - ansible.builtin.command: | - forgejo admin auth update-ldap \ - --config "{{ gitea_configuration_path }}/gitea.ini" \ - --id "1" \ - --security-protocol "unencrypted" \ - --host "{{ gitea_ldap_host }}" \ - --port "3890" \ - --bind-dn "uid={{ gitea_ldap_bind_user }},ou=people,{{ gitea_ldap_base_path }}" \ - --bind-password "{{ gitea_ldap_bind_pass }}" \ - --user-search-base "ou=people,{{ gitea_ldap_base_path }}" \ - --user-filter "(&(memberof=cn=gitea,ou=groups,{{ gitea_ldap_base_path }})(|(uid=%[1]s)(mail=%[1]s)))" \ - --username-attribute "uid" \ - --email-attribute "mail" \ - --firstname-attribute "givenName" \ - --surname-attribute "sn" \ - --avatar-attribute "jpegPhoto" \ - --synchronize-users - when: '"Command error: login source already exists [name: lldap]" in setup.stderr' # führe nur aus wenn erster Task fehlgeschlagen ist - changed_when: false # keine idee wie ich changed feststellen kann -... diff --git a/roles/mgrote_docker_housekeeping/templates/restic.service.j2 b/roles/mgrote_docker_housekeeping/templates/restic.service.j2 new file mode 100644 index 00000000..bf498f75 --- /dev/null +++ b/roles/mgrote_docker_housekeeping/templates/restic.service.j2 @@ -0,0 +1,15 @@ +{{ file_header | default () }} +[Unit] +Description=Backup with restic +Requires=media-restic.mount +After=media-restic.mount +OnFailure=restic_mail.service + +[Service] +Type=simple +EnvironmentFile={{ restic_conf_dir }}/restic.env +ExecStart=/usr/bin/restic backup --one-file-system --no-cache --exclude-file {{ restic_conf_dir }}/excludes {{ restic_folders_to_backup }} +{# -iexclude-file Same as exclude-file but ignores cases like in --iexclude; https://restic.readthedocs.io/en/latest/040_backup.html #} +User={{ restic_user }} +Group={{ restic_group }} +RestartSec={{ restic_failure_delay }} diff --git a/roles/mgrote_docker_housekeeping/templates/restic.timer.j2 b/roles/mgrote_docker_housekeeping/templates/restic.timer.j2 new file mode 100644 index 00000000..c40f99da --- /dev/null +++ b/roles/mgrote_docker_housekeeping/templates/restic.timer.j2 @@ -0,0 +1,10 @@ +{{ file_header | default () }} +[Unit] +Description=Timer for restic backups. + +[Timer] +OnCalendar={{ restic_schedule }} +RandomizedDelaySec=30 min + +[Install] +WantedBy=timers.target multi-user.target -- 2.34.1 From d7b52fb8dec7e64de41f3c6036241df1b732b4aa Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Wed, 5 Jun 2024 18:46:52 +0200 Subject: [PATCH 03/12] rename --- .../handlers/main.yml | 28 +++++++++++++++++++ .../mgrote_docker_housekeeping/tasks/main.yml | 24 +++++++++++++--- .../templates/docker_housekeeping.service.j2 | 15 ++++++++++ ....timer.j2 => docker_housekeeping.timer.j2} | 4 +-- .../templates/restic.service.j2 | 15 ---------- 5 files changed, 65 insertions(+), 21 deletions(-) create mode 100644 roles/mgrote_docker_housekeeping/handlers/main.yml create mode 100644 roles/mgrote_docker_housekeeping/templates/docker_housekeeping.service.j2 rename roles/mgrote_docker_housekeeping/templates/{restic.timer.j2 => docker_housekeeping.timer.j2} (56%) delete mode 100644 roles/mgrote_docker_housekeeping/templates/restic.service.j2 diff --git a/roles/mgrote_docker_housekeeping/handlers/main.yml b/roles/mgrote_docker_housekeeping/handlers/main.yml new file mode 100644 index 00000000..7a0fa1e2 --- /dev/null +++ b/roles/mgrote_docker_housekeeping/handlers/main.yml @@ -0,0 +1,28 @@ +--- +- name: systemctl daemon-reload + become: true + ansible.builtin.systemd: + daemon_reload: true + +- name: systemctl enable units + become: true + ansible.builtin.systemd: + name: "{{ item }}" + enabled: true + masked: false + with_items: + - media-docker_housekeeping.automount + - media-docker_housekeeping.mount + - docker_housekeeping.service + - docker_housekeeping.timer + - docker_housekeeping_mail.service + +- name: systemctl start units + become: true + ansible.builtin.systemd: + name: "{{ item }}" + state: restarted + enabled: true + with_items: + - docker_housekeeping.timer + notify: systemctl daemon-reload diff --git a/roles/mgrote_docker_housekeeping/tasks/main.yml b/roles/mgrote_docker_housekeeping/tasks/main.yml index 1da6b7d9..e5828573 100644 --- a/roles/mgrote_docker_housekeeping/tasks/main.yml +++ b/roles/mgrote_docker_housekeeping/tasks/main.yml @@ -1,7 +1,23 @@ --- -- name: Include LDAP tasks - ansible.builtin.include_tasks: ldap.yml +- name: template docker_housekeeping.service + become: true + ansible.builtin.template: + src: docker_housekeeping.service.j2 + dest: /etc/systemd/system/docker_housekeeping.service + owner: root + group: root + mode: "0644" + notify: + - systemctl daemon-reload -- name: Include User tasks - ansible.builtin.include_tasks: admin.yml +- name: template docker_housekeeping.timer + become: true + ansible.builtin.template: + src: docker_housekeeping.timer.j2 + dest: /etc/systemd/system/docker_housekeeping.timer + owner: root + group: root + mode: "0644" + notify: + - systemctl daemon-reload ... diff --git a/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.service.j2 b/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.service.j2 new file mode 100644 index 00000000..0f808bb7 --- /dev/null +++ b/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.service.j2 @@ -0,0 +1,15 @@ +{{ file_header | default () }} +[Unit] +Description=Backup with docker_housekeeping +Requires=media-docker_housekeeping.mount +After=media-docker_housekeeping.mount +OnFailure=docker_housekeeping_mail.service + +[Service] +Type=simple +EnvironmentFile={{ docker_housekeeping_conf_dir }}/docker_housekeeping.env +ExecStart=/usr/bin/docker_housekeeping backup --one-file-system --no-cache --exclude-file {{ docker_housekeeping_conf_dir }}/excludes {{ docker_housekeeping_folders_to_backup }} +{# -iexclude-file Same as exclude-file but ignores cases like in --iexclude; https://docker_housekeeping.readthedocs.io/en/latest/040_backup.html #} +User={{ docker_housekeeping_user }} +Group={{ docker_housekeeping_group }} +RestartSec={{ docker_housekeeping_failure_delay }} diff --git a/roles/mgrote_docker_housekeeping/templates/restic.timer.j2 b/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.timer.j2 similarity index 56% rename from roles/mgrote_docker_housekeeping/templates/restic.timer.j2 rename to roles/mgrote_docker_housekeeping/templates/docker_housekeeping.timer.j2 index c40f99da..3626a930 100644 --- a/roles/mgrote_docker_housekeeping/templates/restic.timer.j2 +++ b/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.timer.j2 @@ -1,9 +1,9 @@ {{ file_header | default () }} [Unit] -Description=Timer for restic backups. +Description=Timer for docker_housekeeping backups. [Timer] -OnCalendar={{ restic_schedule }} +OnCalendar={{ docker_housekeeping_schedule }} RandomizedDelaySec=30 min [Install] diff --git a/roles/mgrote_docker_housekeeping/templates/restic.service.j2 b/roles/mgrote_docker_housekeeping/templates/restic.service.j2 deleted file mode 100644 index bf498f75..00000000 --- a/roles/mgrote_docker_housekeeping/templates/restic.service.j2 +++ /dev/null @@ -1,15 +0,0 @@ -{{ file_header | default () }} -[Unit] -Description=Backup with restic -Requires=media-restic.mount -After=media-restic.mount -OnFailure=restic_mail.service - -[Service] -Type=simple -EnvironmentFile={{ restic_conf_dir }}/restic.env -ExecStart=/usr/bin/restic backup --one-file-system --no-cache --exclude-file {{ restic_conf_dir }}/excludes {{ restic_folders_to_backup }} -{# -iexclude-file Same as exclude-file but ignores cases like in --iexclude; https://restic.readthedocs.io/en/latest/040_backup.html #} -User={{ restic_user }} -Group={{ restic_group }} -RestartSec={{ restic_failure_delay }} -- 2.34.1 From d8aa02e25c4929ebf9673678ea4ff57fa98a7da3 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Wed, 5 Jun 2024 18:51:11 +0200 Subject: [PATCH 04/12] f --- roles/mgrote_docker_housekeeping/defaults/main.yml | 3 +++ roles/mgrote_docker_housekeeping/handlers/main.yml | 7 +------ roles/mgrote_docker_housekeeping/tasks/main.yml | 4 ++-- .../templates/docker_housekeeping.service.j2 | 12 ++---------- 4 files changed, 8 insertions(+), 18 deletions(-) create mode 100644 roles/mgrote_docker_housekeeping/defaults/main.yml diff --git a/roles/mgrote_docker_housekeeping/defaults/main.yml b/roles/mgrote_docker_housekeeping/defaults/main.yml new file mode 100644 index 00000000..71d52afc --- /dev/null +++ b/roles/mgrote_docker_housekeeping/defaults/main.yml @@ -0,0 +1,3 @@ +--- +docker_housekeeping_schedule: +... diff --git a/roles/mgrote_docker_housekeeping/handlers/main.yml b/roles/mgrote_docker_housekeeping/handlers/main.yml index 7a0fa1e2..bcd37069 100644 --- a/roles/mgrote_docker_housekeeping/handlers/main.yml +++ b/roles/mgrote_docker_housekeeping/handlers/main.yml @@ -11,18 +11,13 @@ enabled: true masked: false with_items: - - media-docker_housekeeping.automount - - media-docker_housekeeping.mount - docker_housekeeping.service - docker_housekeeping.timer - - docker_housekeeping_mail.service - name: systemctl start units become: true ansible.builtin.systemd: - name: "{{ item }}" + name: docker_housekeeping.timer state: restarted enabled: true - with_items: - - docker_housekeeping.timer notify: systemctl daemon-reload diff --git a/roles/mgrote_docker_housekeeping/tasks/main.yml b/roles/mgrote_docker_housekeeping/tasks/main.yml index e5828573..6111ced7 100644 --- a/roles/mgrote_docker_housekeeping/tasks/main.yml +++ b/roles/mgrote_docker_housekeeping/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: template docker_housekeeping.service +- name: Setup docker housekeeping tasks become: true ansible.builtin.template: src: docker_housekeeping.service.j2 @@ -10,7 +10,7 @@ notify: - systemctl daemon-reload -- name: template docker_housekeeping.timer +- name: Setup timer become: true ansible.builtin.template: src: docker_housekeeping.timer.j2 diff --git a/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.service.j2 b/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.service.j2 index 0f808bb7..16aa32a3 100644 --- a/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.service.j2 +++ b/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.service.j2 @@ -1,15 +1,7 @@ {{ file_header | default () }} [Unit] -Description=Backup with docker_housekeeping -Requires=media-docker_housekeeping.mount -After=media-docker_housekeeping.mount -OnFailure=docker_housekeeping_mail.service +Description=Docker housekeeping tasks [Service] Type=simple -EnvironmentFile={{ docker_housekeeping_conf_dir }}/docker_housekeeping.env -ExecStart=/usr/bin/docker_housekeeping backup --one-file-system --no-cache --exclude-file {{ docker_housekeeping_conf_dir }}/excludes {{ docker_housekeeping_folders_to_backup }} -{# -iexclude-file Same as exclude-file but ignores cases like in --iexclude; https://docker_housekeeping.readthedocs.io/en/latest/040_backup.html #} -User={{ docker_housekeeping_user }} -Group={{ docker_housekeeping_group }} -RestartSec={{ docker_housekeeping_failure_delay }} +ExecStart=/usr/bin/docker system prune --force -- 2.34.1 From 11a0845bfacd4ecb6e95c537d04ff234af278da1 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Wed, 5 Jun 2024 18:51:32 +0200 Subject: [PATCH 05/12] playbook --- playbooks/3_service/docker.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/playbooks/3_service/docker.yml b/playbooks/3_service/docker.yml index 568953f4..696a38fe 100644 --- a/playbooks/3_service/docker.yml +++ b/playbooks/3_service/docker.yml @@ -19,3 +19,6 @@ - role: mgrote_docker_compose_inline tags: "compose" become: true + - role: mgrote_docker_housekeeping + tags: "housekeeping" + become: true -- 2.34.1 From 5ea40b6d46e014ae310f6890b7d327739ca064b4 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Wed, 5 Jun 2024 18:54:03 +0200 Subject: [PATCH 06/12] d --- roles/mgrote_docker_housekeeping/defaults/main.yml | 2 +- roles/mgrote_docker_housekeeping/handlers/main.yml | 12 +----------- roles/mgrote_docker_housekeeping/tasks/main.yml | 12 ++++++++++++ 3 files changed, 14 insertions(+), 12 deletions(-) diff --git a/roles/mgrote_docker_housekeeping/defaults/main.yml b/roles/mgrote_docker_housekeeping/defaults/main.yml index 71d52afc..2766b870 100644 --- a/roles/mgrote_docker_housekeeping/defaults/main.yml +++ b/roles/mgrote_docker_housekeeping/defaults/main.yml @@ -1,3 +1,3 @@ --- -docker_housekeeping_schedule: +docker_housekeeping_schedule: "weekly" ... diff --git a/roles/mgrote_docker_housekeeping/handlers/main.yml b/roles/mgrote_docker_housekeeping/handlers/main.yml index bcd37069..72a0bd48 100644 --- a/roles/mgrote_docker_housekeeping/handlers/main.yml +++ b/roles/mgrote_docker_housekeeping/handlers/main.yml @@ -4,17 +4,7 @@ ansible.builtin.systemd: daemon_reload: true -- name: systemctl enable units - become: true - ansible.builtin.systemd: - name: "{{ item }}" - enabled: true - masked: false - with_items: - - docker_housekeeping.service - - docker_housekeeping.timer - -- name: systemctl start units +- name: Start timer become: true ansible.builtin.systemd: name: docker_housekeeping.timer diff --git a/roles/mgrote_docker_housekeeping/tasks/main.yml b/roles/mgrote_docker_housekeeping/tasks/main.yml index 6111ced7..b5ba549e 100644 --- a/roles/mgrote_docker_housekeeping/tasks/main.yml +++ b/roles/mgrote_docker_housekeeping/tasks/main.yml @@ -20,4 +20,16 @@ mode: "0644" notify: - systemctl daemon-reload + +- name: Enable Units + become: true + ansible.builtin.systemd: + name: "{{ item }}" + enabled: true + masked: false + with_items: + - docker_housekeeping.service + - docker_housekeeping.timer + notify: + - Start timer ... -- 2.34.1 From fcba5f4bfd5058af4f22f0682b2782887b47e5d1 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Wed, 5 Jun 2024 18:55:38 +0200 Subject: [PATCH 07/12] d --- .../templates/docker_housekeeping.service.j2 | 3 ++- .../templates/docker_housekeeping.timer.j2 | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.service.j2 b/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.service.j2 index 16aa32a3..ae40c6d4 100644 --- a/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.service.j2 +++ b/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.service.j2 @@ -4,4 +4,5 @@ Description=Docker housekeeping tasks [Service] Type=simple -ExecStart=/usr/bin/docker system prune --force +ExecStart=/usr/bin/docker system prune --force --filter "until=24h" +# https://docs.docker.com/config/pruning diff --git a/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.timer.j2 b/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.timer.j2 index 3626a930..62caca39 100644 --- a/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.timer.j2 +++ b/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.timer.j2 @@ -3,6 +3,7 @@ Description=Timer for docker_housekeeping backups. [Timer] +# https://wiki.archlinux.org/title/systemd/Timers OnCalendar={{ docker_housekeeping_schedule }} RandomizedDelaySec=30 min -- 2.34.1 From 92c83c40fdb656a2e26ab8ff22822a0a286f0a4a Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Wed, 5 Jun 2024 18:56:12 +0200 Subject: [PATCH 08/12] d --- roles/mgrote_docker_housekeeping/handlers/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/mgrote_docker_housekeeping/handlers/main.yml b/roles/mgrote_docker_housekeeping/handlers/main.yml index 72a0bd48..8b790b7f 100644 --- a/roles/mgrote_docker_housekeeping/handlers/main.yml +++ b/roles/mgrote_docker_housekeeping/handlers/main.yml @@ -3,6 +3,7 @@ become: true ansible.builtin.systemd: daemon_reload: true + notify: Start timer - name: Start timer become: true -- 2.34.1 From 5e3af0cc43f040971233ccaaceae0b2317c0e585 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Wed, 5 Jun 2024 18:56:21 +0200 Subject: [PATCH 09/12] d --- .../templates/docker_housekeeping.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.service.j2 b/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.service.j2 index ae40c6d4..899b1e75 100644 --- a/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.service.j2 +++ b/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.service.j2 @@ -5,4 +5,4 @@ Description=Docker housekeeping tasks [Service] Type=simple ExecStart=/usr/bin/docker system prune --force --filter "until=24h" -# https://docs.docker.com/config/pruning +# https://docs.docker.com/config/pruning d -- 2.34.1 From 5a660a8b02d97a790e7bb1b59dc87328a43ce7bf Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Wed, 5 Jun 2024 18:56:32 +0200 Subject: [PATCH 10/12] ff --- .../templates/docker_housekeeping.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.service.j2 b/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.service.j2 index 899b1e75..ae40c6d4 100644 --- a/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.service.j2 +++ b/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.service.j2 @@ -5,4 +5,4 @@ Description=Docker housekeeping tasks [Service] Type=simple ExecStart=/usr/bin/docker system prune --force --filter "until=24h" -# https://docs.docker.com/config/pruning d +# https://docs.docker.com/config/pruning -- 2.34.1 From 2332546cf0197828d51117b12c8c628471a849f1 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Wed, 5 Jun 2024 18:57:13 +0200 Subject: [PATCH 11/12] f --- roles/mgrote_docker_housekeeping/tasks/main.yml | 1 + .../templates/docker_housekeeping.timer.j2 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/mgrote_docker_housekeeping/tasks/main.yml b/roles/mgrote_docker_housekeeping/tasks/main.yml index b5ba549e..7037f603 100644 --- a/roles/mgrote_docker_housekeeping/tasks/main.yml +++ b/roles/mgrote_docker_housekeeping/tasks/main.yml @@ -20,6 +20,7 @@ mode: "0644" notify: - systemctl daemon-reload + - Start timer - name: Enable Units become: true diff --git a/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.timer.j2 b/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.timer.j2 index 62caca39..5d9e0fa0 100644 --- a/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.timer.j2 +++ b/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.timer.j2 @@ -3,7 +3,7 @@ Description=Timer for docker_housekeeping backups. [Timer] -# https://wiki.archlinux.org/title/systemd/Timers +# https://wiki.archlinux.org/title/systemd/Timers ff OnCalendar={{ docker_housekeeping_schedule }} RandomizedDelaySec=30 min -- 2.34.1 From 10f0822be3bd18948cf42a8654cce6efb9886bca Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Wed, 5 Jun 2024 18:57:24 +0200 Subject: [PATCH 12/12] ff --- .../templates/docker_housekeeping.timer.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.timer.j2 b/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.timer.j2 index 5d9e0fa0..62caca39 100644 --- a/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.timer.j2 +++ b/roles/mgrote_docker_housekeeping/templates/docker_housekeeping.timer.j2 @@ -3,7 +3,7 @@ Description=Timer for docker_housekeeping backups. [Timer] -# https://wiki.archlinux.org/title/systemd/Timers ff +# https://wiki.archlinux.org/title/systemd/Timers OnCalendar={{ docker_housekeeping_schedule }} RandomizedDelaySec=30 min -- 2.34.1