docker: add housekeeping #105
4 changed files with 25 additions and 90 deletions
|
@ -1,34 +0,0 @@
|
||||||
---
|
|
||||||
# die Variablen kommen aus
|
|
||||||
# - https://docs.gitea.com/administration/command-line
|
|
||||||
# - https://github.com/lldap/lldap/blob/main/example_configs/gitea.md
|
|
||||||
# und
|
|
||||||
# den jeweiligen group/host-Vars!
|
|
||||||
|
|
||||||
- name: Check if Admin-User exists
|
|
||||||
no_log: true
|
|
||||||
become_user: gitea
|
|
||||||
become: true
|
|
||||||
ansible.builtin.command: |
|
|
||||||
forgejo admin user list \
|
|
||||||
--config "{{ gitea_configuration_path }}/gitea.ini"
|
|
||||||
register: check
|
|
||||||
changed_when: false
|
|
||||||
|
|
||||||
- name: Ensure Admin-User exists # noqa no-changed-when no-jinja-when
|
|
||||||
#no_log: true
|
|
||||||
become_user: gitea
|
|
||||||
become: true
|
|
||||||
ansible.builtin.command: |
|
|
||||||
forgejo admin user create \
|
|
||||||
--config "{{ gitea_configuration_path }}/gitea.ini" \
|
|
||||||
--username "{{ gitea_admin_user }}" \
|
|
||||||
--password "{{ gitea_admin_user_pass }}" \
|
|
||||||
--email "{{ gitea_admin_user }}@mgrote.net" \
|
|
||||||
--admin
|
|
||||||
when: 'not "{{ gitea_admin_user }}@mgrote.net" in check.stdout'
|
|
||||||
|
|
||||||
- name: Show existing users
|
|
||||||
ansible.builtin.debug:
|
|
||||||
msg: "{{ check.stdout_lines }}"
|
|
||||||
...
|
|
|
@ -1,56 +0,0 @@
|
||||||
---
|
|
||||||
# die Variablen kommen aus
|
|
||||||
# - https://docs.gitea.com/administration/command-line
|
|
||||||
# - https://github.com/lldap/lldap/blob/main/example_configs/gitea.md
|
|
||||||
# und
|
|
||||||
# den jeweiligen group/host-Vars!
|
|
||||||
- name: Ensure LDAP config is set up
|
|
||||||
no_log: true
|
|
||||||
become_user: gitea
|
|
||||||
become: true
|
|
||||||
ansible.builtin.command: |
|
|
||||||
forgejo admin auth add-ldap \
|
|
||||||
--config "{{ gitea_configuration_path }}/gitea.ini" \
|
|
||||||
--name "lldap" \
|
|
||||||
--security-protocol "unencrypted" \
|
|
||||||
--host "{{ gitea_ldap_host }}" \
|
|
||||||
--port "3890" \
|
|
||||||
--bind-dn "uid={{ gitea_ldap_bind_user }},ou=people,{{ gitea_ldap_base_path }}" \
|
|
||||||
--bind-password "{{ gitea_ldap_bind_pass }}" \
|
|
||||||
--user-search-base "ou=people,{{ gitea_ldap_base_path }}" \
|
|
||||||
--user-filter "(&(memberof=cn=gitea,ou=groups,{{ gitea_ldap_base_path }})(|(uid=%[1]s)(mail=%[1]s)))" \
|
|
||||||
--username-attribute "uid" \
|
|
||||||
--email-attribute "mail" \
|
|
||||||
--firstname-attribute "givenName" \
|
|
||||||
--surname-attribute "sn" \
|
|
||||||
--avatar-attribute "jpegPhoto" \
|
|
||||||
--synchronize-users
|
|
||||||
register: setup
|
|
||||||
ignore_errors: true
|
|
||||||
failed_when: 'not "Command error: login source already exists [name: lldap]" in setup.stderr' # fail Task wenn LDAP schon konfiguriert ist
|
|
||||||
changed_when: "setup.rc == 0" # chnaged nur wenn Task rc 0 hat, sollte nur beim ersten lauf vorkommen; ungetestet
|
|
||||||
|
|
||||||
- name: Modify LDAP config
|
|
||||||
no_log: true
|
|
||||||
become_user: gitea
|
|
||||||
become: true
|
|
||||||
ansible.builtin.command: |
|
|
||||||
forgejo admin auth update-ldap \
|
|
||||||
--config "{{ gitea_configuration_path }}/gitea.ini" \
|
|
||||||
--id "1" \
|
|
||||||
--security-protocol "unencrypted" \
|
|
||||||
--host "{{ gitea_ldap_host }}" \
|
|
||||||
--port "3890" \
|
|
||||||
--bind-dn "uid={{ gitea_ldap_bind_user }},ou=people,{{ gitea_ldap_base_path }}" \
|
|
||||||
--bind-password "{{ gitea_ldap_bind_pass }}" \
|
|
||||||
--user-search-base "ou=people,{{ gitea_ldap_base_path }}" \
|
|
||||||
--user-filter "(&(memberof=cn=gitea,ou=groups,{{ gitea_ldap_base_path }})(|(uid=%[1]s)(mail=%[1]s)))" \
|
|
||||||
--username-attribute "uid" \
|
|
||||||
--email-attribute "mail" \
|
|
||||||
--firstname-attribute "givenName" \
|
|
||||||
--surname-attribute "sn" \
|
|
||||||
--avatar-attribute "jpegPhoto" \
|
|
||||||
--synchronize-users
|
|
||||||
when: '"Command error: login source already exists [name: lldap]" in setup.stderr' # führe nur aus wenn erster Task fehlgeschlagen ist
|
|
||||||
changed_when: false # keine idee wie ich changed feststellen kann
|
|
||||||
...
|
|
15
roles/mgrote_docker_housekeeping/templates/restic.service.j2
Normal file
15
roles/mgrote_docker_housekeeping/templates/restic.service.j2
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{{ file_header | default () }}
|
||||||
|
[Unit]
|
||||||
|
Description=Backup with restic
|
||||||
|
Requires=media-restic.mount
|
||||||
|
After=media-restic.mount
|
||||||
|
OnFailure=restic_mail.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
EnvironmentFile={{ restic_conf_dir }}/restic.env
|
||||||
|
ExecStart=/usr/bin/restic backup --one-file-system --no-cache --exclude-file {{ restic_conf_dir }}/excludes {{ restic_folders_to_backup }}
|
||||||
|
{# -iexclude-file Same as exclude-file but ignores cases like in --iexclude; https://restic.readthedocs.io/en/latest/040_backup.html #}
|
||||||
|
User={{ restic_user }}
|
||||||
|
Group={{ restic_group }}
|
||||||
|
RestartSec={{ restic_failure_delay }}
|
10
roles/mgrote_docker_housekeeping/templates/restic.timer.j2
Normal file
10
roles/mgrote_docker_housekeeping/templates/restic.timer.j2
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{{ file_header | default () }}
|
||||||
|
[Unit]
|
||||||
|
Description=Timer for restic backups.
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
OnCalendar={{ restic_schedule }}
|
||||||
|
RandomizedDelaySec=30 min
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target multi-user.target
|
Loading…
Reference in a new issue