initial commit

2022-08-05 20:59:55 +02:00
commit da764e602e
19 changed files with 587 additions and 0 deletions
--- a/tasks/base.yml
+++ b/tasks/base.yml
@ -0,0 +1,37 @@
+---
+#- name: debug
+#  debug:
+#    msg: "Service: {{ service }}"
+
+- name: "{{ service }} | create docker-compose directory"
+  file:
+    path: /opt/docker-compose/{{ service }}
+    state: directory
+    mode: '0755'
+  tags: [ 'docker_{{ service }}' ]
+
+- name: "{{ service }} | copy docker-compose file"
+  template:
+    src: compose/{{ service }}.yml.j2
+    dest: /opt/docker-compose/{{ service }}/docker-compose.yml
+    owner: root
+    group: root
+    mode: 0644
+  notify: "{{ service }}-restart"
+  tags: [ 'docker_{{ service }}' ]
+
+- name: "{{ service }} | install unit file to systemd"
+  template:
+    src: systemd/docker-compose.service.j2
+    dest: /etc/systemd/system/docker-compose@{{ service }}.service
+    owner: root
+    group: root
+    mode: 0600
+  tags: [ 'docker_{{ service }}' ]
+
+- name: "{{ service }} | enable service"
+  systemd:
+    daemon_reload: yes
+    name: docker-compose@{{ service }}
+    enabled: true
+  tags: [ 'docker_{{ service }}' ]
--- a/tasks/docker.yml
+++ b/tasks/docker.yml
@ -0,0 +1,56 @@
+---
+- name: add official GPG key
+  apt_key:
+    url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
+    state: present
+  tags: ['docker']
+
+- name: add repository
+  apt_repository:
+    repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
+    state: present
+  tags: ['docker']
+
+- name: install packages
+  apt:
+    name:
+      - docker-ce
+      - docker-ce-cli
+      - docker-compose
+    state: present
+  tags: ['docker']
+
+- name: create docker-compose directory 
+  file:
+    path: /opt/docker-compose
+    state: directory
+    mode: '0755'
+  tags: ['docker']
+
+- name: install Python module
+  pip:
+    name:
+      - docker
+      - docker-compose
+  tags: ['docker']
+
+- name: ensure Docker is started and enabled at boot
+  service:
+    name: docker
+    state: started
+    enabled: true
+  tags: ['docker']
+
+- name: copy rsyslog config
+  copy:
+    src: traefik/rsyslog
+    dest: /etc/rsyslog.d/10-docker.conf
+    mode: '0644'
+    force: yes
+
+- name: copy logrotate config
+  copy:
+    src: traefik/logrotate
+    dest: /etc/logrotate.d/docker
+    mode: '0644'
+    force: yes
--- a/tasks/grafana.yml
+++ b/tasks/grafana.yml
@ -0,0 +1,67 @@
+---
+- name: grafana | check vars are defined
+  assert:
+    that:
+      - grafana_admin_password is defined
+      - grafana_auth_anonymous_org_role is defined
+      - grafana_auth_anonymous_org_name is defined
+      - grafana_domain is defined
+  tags: ['docker_grafana']
+
+- include_tasks: base.yml
+  tags: ['docker_grafana']
+
+- name: grafana | create docker volume data
+  docker_volume:
+    name: grafana__var_lib_grafana
+  tags: ['docker_grafana']
+
+- name: grafana | create provisioning dashboards docker volume
+  docker_volume:
+    name: grafana__etc_grafana_provisioning_dashboards
+  tags: ['docker_grafana']
+
+- name: grafana | create provisioning datasources docker volume
+  docker_volume:
+    name: grafana__etc_grafana_provisioning_datasources
+  tags: ['docker_grafana']
+
+#- name: grafana | ensure data perms
+#  file:
+#    path: '{{ item }}'
+#    owner: '472'
+#    group: '472'
+#    state: directory
+#  with_items:
+#  - '{{ register_docker_volume_grafana__var_lib_grafana.ansible_facts.docker_volume.Mountpoint }}'
+#  - '{{ register_docker_volume_grafana__var_lib_grafana.ansible_facts.docker_volume.Mountpoint }}/dashboards'
+#  - '{{ register_docker_volume_grafana__etc_grafana_provisioning_dashboards.ansible_facts.docker_volume.Mountpoint }}'
+#  - '{{ register_docker_volume_grafana__etc_grafana_provisioning_datasources.ansible_facts.docker_volume.Mountpoint }}'
+#  notify: 'docker restart grafana'
+#  tags: ['grafana']
+#
+#- name: grafana | configure provisionning dashboards
+#  copy:
+#    dest: '{{ register_docker_volume_grafana__etc_grafana_provisioning_dashboards.ansible_facts.docker_volume.Mountpoint }}/local.yml'
+#    content: |
+#      {{ grafana_provisionning_dashboards|to_nice_yaml }}
+#  notify: 'docker restart grafana'
+#  tags: ['grafana']
+#
+#- name: grafana | configure provisionning datasources
+#  copy:
+#    dest: '{{ register_docker_volume_grafana__etc_grafana_provisioning_datasources.ansible_facts.docker_volume.Mountpoint }}/datasources.yml'
+#    content: |
+#      {{ grafana_provisionning_datasources|to_nice_yaml }}
+#  notify: 'docker restart grafana'
+#  tags: ['grafana']
+#
+#- name: grafana | download dashboard
+#  get_url:
+#    url: '{{ item.url }}'
+#    dest: '{{ register_docker_volume_grafana__var_lib_grafana.ansible_facts.docker_volume.Mountpoint + "/dashboards/" + item.name }}.json'
+#    force: '{{ item.force|default(grafana_dashboards_force|default("no")) }}'
+#  with_items: '{{ grafana_dashboards|default([]) }}'
+#  loop_control:
+#    label: '{{ item.name }}'
+#  tags: ['grafana']
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,17 @@
+---
+- name: requirements
+  include_tasks: requirements.yml
+
+- name: docker
+  include_tasks: docker.yml
+
+- name: services
+  vars:
+   service: "{{ item }}"
+  include_tasks: "{{ item }}.yml"
+  tags:
+    - docker_traefik
+    - docker_watchtower
+    - docker_grafana
+  with_items: 
+    - "{{ docker_services }}"
--- a/tasks/requirements.yml
+++ b/tasks/requirements.yml
@ -0,0 +1,19 @@
+---
+- name: update APT Cache
+  apt:
+    update_cache: yes
+    cache_valid_time: 3600
+
+- name: pre-requirements install
+  apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+      - curl
+      - gnupg-agent
+      - software-properties-common
+      - python3-pip
+      - virtualenv
+      - python3-setuptools
+      - gnupg2
+    state: present
--- a/tasks/traefik.yml
+++ b/tasks/traefik.yml
@ -0,0 +1,37 @@
+---
+- name: traefik | check vars are defined
+  assert:
+    that:
+      - traefik_domain is defined
+      - traefik_letsencrypt_email is defined
+  tags: ['docker_traefik']
+
+- include_tasks: base.yml
+  tags: ['docker_traefik']
+
+- name: traefik | create docker network
+  docker_network:
+    name: 'traefik'
+  tags: ['docker_traefik']
+
+- name: traefik | create letsencrypt docker volume
+  docker_volume:
+    name: traefik__letsencrypt
+  register: register_docker_volume_traefik__letsencrypt
+  tags: ['docker_traefik']
+
+- name: traefik | create config docker volume
+  docker_volume:
+    name: traefik__etc_traefik
+  register: register_docker_volume_traefik__etc_traefik
+  tags: ['docker_traefik']
+
+- name: traefik | copy configuration file
+  template:
+    src: config/traefik/traefik.yml.j2
+    dest: /var/lib/docker/volumes/traefik__etc_traefik/_data/traefik.yml
+    owner: root
+    group: root
+    mode: 0644
+  notify: traefik-restart
+  tags: ['docker_traefik']
--- a/tasks/watchtower.yml
+++ b/tasks/watchtower.yml
@ -0,0 +1,3 @@
+---
+- include_tasks: base.yml
+  tags: ['docker_watchtower']