Compare commits
	
		
			1 Commits
		
	
	
		
			0.2.1
			...
			transcaffe
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 0328a48e22 | 
| @@ -29,8 +29,6 @@ concise area of concern. | ||||
| - [`openproject`](roles/openproject/README.md): Deploys an [openproject.org](https://www.openproject.org) | ||||
|   installation using the upstream provided docker-compose setup. | ||||
|  | ||||
| - [`pretix`](roles/pretix/README.md): Deploy [pretix](https://pretix.eu), the open source online ticketing solution. | ||||
|  | ||||
| - [`snipe_it`](roles/snipe_it/README.md): Deploys [Snipe-IT](https://snipeitapp.com/), | ||||
|   the free and open-source IT asset (and license) management with a powerful REST API | ||||
|  | ||||
|   | ||||
							
								
								
									
										10
									
								
								galaxy.yml
									
									
									
									
									
								
							
							
						
						
									
										10
									
								
								galaxy.yml
									
									
									
									
									
								
							| @@ -1,15 +1,13 @@ | ||||
| namespace: finallycoffee | ||||
| name: services | ||||
| version: "0.2.1" | ||||
| version: 0.1.10 | ||||
| readme: README.md | ||||
| authors: | ||||
| - transcaffeine <transcaffeine@finally.coffee> | ||||
| description: Various ansible roles useful for automating infrastructure | ||||
| dependencies: | ||||
|   "community.general": "^11.0.0" | ||||
|   "community.crypto": "^3.0.3" | ||||
|   "community.docker": "^4.7.0" | ||||
|   "containers.podman": "^1.16.0" | ||||
|   "community.crypto": "^2.0.0" | ||||
|   "community.docker": "^3.0.0" | ||||
| license_file: LICENSE.md | ||||
| build_ignore: | ||||
| - '*.tar.gz' | ||||
| @@ -23,5 +21,3 @@ tags: | ||||
|   - vaultwarden | ||||
|   - snipeit | ||||
|   - docker | ||||
|   - phpldapadmin | ||||
|   - pretix | ||||
|   | ||||
| @@ -1,7 +0,0 @@ | ||||
| --- | ||||
| - name: Configure and run phpldapadmin | ||||
|   hosts: "{{ phpldapadmin_hosts | default('phpldapadmin', true) }}" | ||||
|   become: "{{ phpldapadmin_become | default(false) }}" | ||||
|   gather_facts: "{{ phpldapadmin_gather_facts | default(false) }}" | ||||
|   roles: | ||||
|     - role: finallycoffee.services.phpldapadmin | ||||
| @@ -1,99 +0,0 @@ | ||||
| --- | ||||
| - import_playbook: finallycoffee.databases.postgresql_client | ||||
|   when: pretix_configure_postgresql | default(true) | ||||
|   vars: | ||||
|     postgresql_hosts: "{{ pretix_hosts | default('pretix') }}" | ||||
|     postgresql_become: >-2 | ||||
|       {{ pretix_postgresql_client_become | default(pretix_become | default(true)) }} | ||||
|     postgresql_client_database: "{{ pretix_postgresql_database | default('pretix') }}" | ||||
|     postgresql_client_username: "{{ pretix_postgresql_user | default('pretix') }}" | ||||
|     postgresql_client_password: >-2 | ||||
|       {{ pretix_postgresql_password | mandatory(msg='pretix postgresql password is required') }} | ||||
|  | ||||
| - import_playbook: finallycoffee.databases.valkey | ||||
|   when: pretix_configure_valkey | default(true) | ||||
|   vars: | ||||
|     valkey_hosts: "{{ pretix_hosts | default('pretix') }}" | ||||
|     valkey_instance: "pretix" | ||||
|     valkey_secret: "{{ pretix_redis_secret | mandatory(msg='pretix valkey secret is required') }}" | ||||
|     valkey_config_user: | ||||
|       - "default on +@all -DEBUG ~* &* >{{ pretix_redis_secret }}" | ||||
|     valkey_container_ports: | ||||
|       - "{{ pretix_redis_bind_addr | default('127.0.10.1:6739') }}:{{ valkey_config_port }}" | ||||
|     valkey_config_bind: | ||||
|       - "0.0.0.0" | ||||
|       - "-::" | ||||
|  | ||||
| - name: Install and configure pretix | ||||
|   hosts: "{{ pretix_hosts | default('pretix') }}" | ||||
|   become: "{{ pretix_become | default(true) }}" | ||||
|   gather_facts: "{{ pretix_gather_facts | default(false) }}" | ||||
|   roles: | ||||
|     - role: finallycoffee.services.pretix | ||||
|       vars: | ||||
|         pretix_config_url: "https://{{ pretix_domain }}" | ||||
|         pretix_config_database_name: "{{ pretix_postgresql_database | default('pretix') }}" | ||||
|         pretix_config_database_user: "{{ pretix_postgresql_user | default('pretix') }}" | ||||
|         pretix_config_database_password: "{{ pretix_postgresql_password }}" | ||||
|         pretix_config_redis_location: >-2 | ||||
|           redis://:{{ pretix_redis_secret }}@{{ pretix_redis_bind_addr }}/0 | ||||
|         pretix_config_celery_backend: >-2 | ||||
|           redis://:{{ pretix_redis_secret }}@{{ pretix_redis_bind_addr }}/1 | ||||
|         pretix_config_celery_broker: >-2 | ||||
|           redis://:{{ pretix_redis_secret }}@{{ pretix_redis_bind_addr }}/2 | ||||
|     - role: finallycoffee.base.nginx | ||||
|       when: pretix_configure_nginx | default(true) | ||||
|       vars: | ||||
|         nginx_container_name: "nginx-pretix" | ||||
|         nginx_container_labels: "{{ pretix_nginx_container_labels | default({}, true) }}" | ||||
|         nginx_config_file: "{{ nginx_base_path }}/nginx-pretix.conf" | ||||
|         nginx_config: |+ | ||||
|           server { | ||||
|               listen 80 default_server; | ||||
|               server_name {{ pretix_domain }}; | ||||
|               add_header Referrer-Policy same-origin; | ||||
|               add_header X-Content-Type-Options nosniff; | ||||
|               location / { | ||||
|                   proxy_pass http://{{ pretix_config_wsgi_bind_addr }}; | ||||
|                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||||
|                   proxy_set_header X-Forwarded-Proto https; | ||||
|                   proxy_set_header Host $http_host; | ||||
|               } | ||||
|               location /media/ { | ||||
|                   alias {{ pretix_media_dir }}/; | ||||
|                   expires 7d; | ||||
|                   access_log off; | ||||
|               } | ||||
|               location ^~ /media/cachedfiles { | ||||
|                   deny all; | ||||
|                   return 404; | ||||
|               } | ||||
|               location ^~ /media/invoices { | ||||
|                   deny all; | ||||
|                   return 404; | ||||
|               } | ||||
|               location /static/staticfiles.json { | ||||
|                   deny all; | ||||
|                   return 404; | ||||
|               } | ||||
|               location /static/CACHE/manifest.json { | ||||
|                   deny all; | ||||
|                   return 404; | ||||
|               } | ||||
|               location /static/ { | ||||
|                   alias {{ pretix_static_asset_dir }}; | ||||
|                   access_log off; | ||||
|                   expires 365d; | ||||
|                   add_header Cache-Control "public"; | ||||
|               } | ||||
|           } | ||||
|         pretix_python_version: >-2 | ||||
|           python{{ ansible_python.version.major }}.{{ ansible_python.version.minor }} | ||||
|         pretix_static_asset_dir: >-2 | ||||
|           {{ pretix_virtualenv_dir }}/lib/{{ pretix_python_version }}/site-packages/pretix/static.dist/ | ||||
|         nginx_container_volumes: | ||||
|           - "{{ nginx_config_file }}:/etc/nginx/conf.d/nginx.conf:ro" | ||||
|           - "{{ pretix_media_dir }}:{{ pretix_media_dir }}:ro" | ||||
|           - "{{ pretix_static_asset_dir }}:{{ pretix_static_asset_dir }}:ro" | ||||
|   vars: | ||||
|     pretix_redis_bind_addr: "127.0.10.1:6739" | ||||
| @@ -1,8 +1,9 @@ | ||||
| --- | ||||
| authelia_version: "4.39.13" | ||||
| authelia_version: "4.38.18" | ||||
| authelia_user: authelia | ||||
| authelia_base_dir: /opt/authelia | ||||
| authelia_domain: authelia.example.org | ||||
|  | ||||
| authelia_state: present | ||||
| authelia_deployment_method: docker | ||||
|  | ||||
| @@ -15,7 +16,7 @@ authelia_notification_storage_file: "{{ authelia_data_dir }}/notifications.txt" | ||||
| authelia_user_storage_file: "{{ authelia_data_dir }}/user_database.yml" | ||||
|  | ||||
| authelia_container_name: authelia | ||||
| authelia_container_image_server: ghcr.io | ||||
| authelia_container_image_server: docker.io | ||||
| authelia_container_image_namespace: authelia | ||||
| authelia_container_image_name: authelia | ||||
| authelia_container_image: >-2 | ||||
| @@ -44,7 +45,8 @@ authelia_container_ports: ~ | ||||
| authelia_container_networks: ~ | ||||
| authelia_container_purge_networks: ~ | ||||
| authelia_container_restart_policy: unless-stopped | ||||
| authelia_container_state: started | ||||
| authelia_container_state: >-2 | ||||
|   {{ (authelia_state == 'present' | ternary('started', 'absent') }} | ||||
|  | ||||
| authelia_container_listen_port: 9091 | ||||
| authelia_tls_minimum_version: TLS1.2 | ||||
| @@ -92,11 +94,7 @@ authelia_config_webauthn_disable: true | ||||
| authelia_config_webauthn_timeout: 60s | ||||
| authelia_config_webauthn_display_name: "Authelia ({{ authelia_domain }})" | ||||
| authelia_config_webauthn_attestation_conveyance_preference: indirect | ||||
| authelia_config_webauthn_user_verification: "preferred" | ||||
| authelia_config_webauthn_selection_criteria_user_verification: >-2 | ||||
|   {{ authelia_config_webauthn_user_verification }} | ||||
| authelia_config_webauthn_selection_criteria_discoverability: "preferred" | ||||
| authelia_config_webauthn_selection_criteria_attachment: "" | ||||
| authelia_config_webauthn_user_verification: preferred | ||||
| authelia_config_duo_api_hostname: ~ | ||||
| authelia_config_duo_api_integration_key: ~ | ||||
| authelia_config_duo_api_secret_key: ~ | ||||
| @@ -111,8 +109,6 @@ authelia_config_authentication_backend_password_reset_disable: false | ||||
| authelia_config_authentication_backend_password_reset_custom_url: ~ | ||||
| authelia_config_authentication_backend_ldap_implementation: custom | ||||
| authelia_config_authentication_backend_ldap_url: ldap://127.0.0.1:389 | ||||
| authelia_config_authentication_backend_ldap_address: >-2 | ||||
|   {{ authelia_config_authentication_backend_ldap_url }} | ||||
| authelia_config_authentication_backend_ldap_timeout: 5s | ||||
| authelia_config_authentication_backend_ldap_start_tls: false | ||||
| authelia_config_authentication_backend_ldap_tls_skip_verify: false | ||||
| @@ -163,19 +159,6 @@ authelia_config_session_inactivity: 5m | ||||
| authelia_config_session_remember_me_duration: 1M | ||||
| authelia_config_session_remember_me: >-2 | ||||
|   {{ authelia_config_session_remember_me_duration }} | ||||
| authelia_config_session_cookies: | ||||
|   - "{{ authelia_config_session_cookies_default }}" | ||||
| authelia_config_session_cookies_default_domain: >-2 | ||||
|   {{ authelia_config_session_domain }} | ||||
| authelia_config_session_cookies_default_authelia_url: >-2 | ||||
|   https://{{ authelia_config_session_cookies_default_domain }} | ||||
| authelia_config_session_cookies_default_default_redirection_url: >-2 | ||||
|   {{ authelia_config_default_redirection_url }} | ||||
| authelia_config_session_cookies_default: | ||||
|   domain: "{{ authelia_config_session_cookies_default_domain }}" | ||||
|   authelia_url: "{{ authelia_config_session_cookies_default_authelia_url }}" | ||||
|   default_redirection_url: >-2 | ||||
|     {{ authelia_config_session_cookies_default_default_redirection_url }} | ||||
| authelia_config_session_redis_host: "{{ authelia_redis_host }}" | ||||
| authelia_config_session_redis_port: "{{ authelia_redis_port }}" | ||||
| authelia_config_session_redis_username: "{{ authelia_redis_user }}" | ||||
| @@ -212,10 +195,7 @@ authelia_config_notifier_smtp_disable_require_tls: false | ||||
| authelia_config_notifier_smtp_disable_html_emails: false | ||||
| authelia_config_notifier_smtp_tls_skip_verify: false | ||||
| authelia_config_notifier_smtp_tls_minimum_version: "{{ authelia_tls_minimum_version }}" | ||||
| authelia_config_identity_validation_reset_password_jwt_secret: >-2 | ||||
|   {{ authelia_config_jwt_secret }} | ||||
| authelia_config_identity_validation_reset_password_jwt_lifespan: "5 minutes" | ||||
| authelia_config_identity_validation_reset_password_jwt_algorithm: "HS256" | ||||
| #authelia_config_identity_provider_ | ||||
|  | ||||
| authelia_database_type: ~ | ||||
| authelia_database_host: ~ | ||||
|   | ||||
| @@ -1,61 +0,0 @@ | ||||
| --- | ||||
| - name: Ensure container mounts are present | ||||
|   when: authelia_state == 'present' | ||||
|   block: | ||||
|     - name: Ensure sqlite database file exists before mounting it | ||||
|       ansible.builtin.file: | ||||
|         path: "{{ authelia_sqlite_storage_file }}" | ||||
|         state: touch | ||||
|         owner: "{{ authelia_run_user }}" | ||||
|         group: "{{ authelia_run_group }}" | ||||
|         mode: "0640" | ||||
|         access_time: preserve | ||||
|         modification_time: preserve | ||||
|       when: authelia_config_storage_local_path | default(false, true) | ||||
|  | ||||
|     - name: Ensure user database exists before mounting it | ||||
|       ansible.builtin.file: | ||||
|         path: "{{ authelia_user_storage_file }}" | ||||
|         state: touch | ||||
|         owner: "{{ authelia_run_user }}" | ||||
|         group: "{{ authelia_run_group }}" | ||||
|         mode: "0640" | ||||
|         access_time: preserve | ||||
|         modification_time: preserve | ||||
|       when: authelia_config_authentication_backend_file_path | default(false, true) | ||||
|  | ||||
|     - name: Ensure notification reports file exists before mounting it | ||||
|       ansible.builtin.file: | ||||
|         path: "{{ authelia_notification_storage_file }}" | ||||
|         state: touch | ||||
|         owner: "{{ authelia_run_user }}" | ||||
|         group: "{{ authelia_run_group }}" | ||||
|         mode: "0640" | ||||
|         access_time: preserve | ||||
|         modification_time: preserve | ||||
|       when: authelia_config_notifier_filesystem_filename | default(false, true) | ||||
|  | ||||
| - name: Ensure authelia container image is {{ authelia_state }} | ||||
|   community.docker.docker_image: | ||||
|     name: "{{ authelia_container_image_ref }}" | ||||
|     state: "{{ authelia_state }}" | ||||
|     source: pull | ||||
|     force_source: "{{ authelia_container_image_force_pull }}" | ||||
|   register: authelia_container_image_info | ||||
|  | ||||
| - name: Ensure authelia container is {{ authelia_container_state }} | ||||
|   community.docker.docker_container: | ||||
|     name: "{{ authelia_container_name }}" | ||||
|     image: "{{ authelia_container_image_ref }}" | ||||
|     env: "{{ authelia_container_env }}" | ||||
|     user: "{{ authelia_run_user }}:{{ authelia_run_group }}" | ||||
|     ports: "{{ authelia_container_ports | default(omit, true) }}" | ||||
|     labels: "{{ authelia_container_labels }}" | ||||
|     volumes: "{{ authelia_container_volumes }}" | ||||
|     networks: "{{ authelia_container_networks | default(omit, true) }}" | ||||
|     etc_hosts: "{{ authelia_container_etc_hosts | default(omit, true) }}" | ||||
|     purge_networks: "{{ authelia_container_purge_networks | default(omit, true)}}" | ||||
|     restart_policy: "{{ authelia_container_restart_policy }}" | ||||
|     recreate: "{{ authelia_container_recreate | default(omit, true) }}" | ||||
|     state: "{{ authelia_container_state }}" | ||||
|   register: authelia_container_info | ||||
| @@ -1,27 +1,17 @@ | ||||
| --- | ||||
| - name: Check for valid state | ||||
| - name: Ensure state is valid | ||||
|   ansible.builtin.fail: | ||||
|     msg: >-2 | ||||
|       Unsupported state '{{ authelia_state }}'. | ||||
|       Supported states are {{ authelia_states | join(', ') }}. | ||||
|     msg: "Invalid state '{{ authelia_state }}'! Valid states are {{ authelia_states | join(', ') }}" | ||||
|   when: authelia_state not in authelia_states | ||||
|  | ||||
| - name: Check for valid authelia deployment method | ||||
|   ansible.builtin.fail: | ||||
|     msg: >-2 | ||||
|       Unsupported deployment method '{{ authelia_deployment_method }}'. | ||||
|       Supported states are {{ authelia_deployment_methods | join(', ') }}. | ||||
|   when: authelia_deployment_method not in authelia_deployment_methods | ||||
|  | ||||
| - name: Ensure user {{ authelia_user }} is {{ authelia_state }} | ||||
|   ansible.builtin.user: | ||||
|     name: "{{ authelia_user }}" | ||||
|     state: "{{ authelia_state }}" | ||||
|     system: true | ||||
|     create_home: false | ||||
|   register: authelia_user_info | ||||
|  | ||||
| - name: Ensure host directories are {{ authelia_state }} | ||||
| - name: Ensure host directories are created with correct permissions | ||||
|   ansible.builtin.file: | ||||
|     path: "{{ item.path }}" | ||||
|     state: "{{ (authelia_state == 'present') | ternary('directory', 'absent') }}" | ||||
| @@ -39,16 +29,16 @@ | ||||
|     - path: "{{ authelia_asset_dir }}" | ||||
|       mode: "0750" | ||||
|  | ||||
| - name: Ensure config file is {{ authelia_state }} | ||||
| - name: Ensure config file is generated | ||||
|   ansible.builtin.copy: | ||||
|     content: "{{ authelia_config | to_nice_yaml(indent=2, width=10000) }}" | ||||
|     dest: "{{ authelia_config_file }}" | ||||
|     owner: "{{ authelia_run_user }}" | ||||
|     group: "{{ authelia_run_group }}" | ||||
|     mode: "0640" | ||||
|   notify: restart-authelia | ||||
|   when: authelia_state == 'present' | ||||
|   notify: restart-authelia | ||||
|  | ||||
| - name: Deploy authelia using {{ authelia_deployment_method }} | ||||
| - name: Deploy using {{ authelia_deployment_method }} | ||||
|   ansible.builtin.include_tasks: | ||||
|     file: "deploy-{{ authelia_deployment_method }}.yml" | ||||
|   | ||||
| @@ -1,9 +1,9 @@ | ||||
| --- | ||||
| authelia_states: | ||||
|   - "present" | ||||
|   - "absent" | ||||
|   - present | ||||
|   - absent | ||||
| authelia_deployment_methods: | ||||
|   - "docker" | ||||
|   - docker | ||||
|  | ||||
| authelia_run_user: "{{ (authelia_user_info.uid) if authelia_user_info is defined else authelia_user }}" | ||||
| authelia_run_group: "{{ (authelia_user_info.group) if authelia_user_info is defined else authelia_user }}" | ||||
| @@ -25,6 +25,7 @@ authelia_container_base_labels: | ||||
| authelia_config: "{{ authelia_base_config | combine(authelia_extra_config, recursive=True) }}" | ||||
| authelia_top_level_config: | ||||
|   theme: "{{ authelia_config_theme }}" | ||||
|   jwt_secret: "{{ authelia_config_jwt_secret }}" | ||||
|   log: "{{ authelia_config_log }}" | ||||
|   telemetry: "{{ authelia_config_telemetry }}" | ||||
|   totp: "{{ authelia_config_totp }}" | ||||
| @@ -38,11 +39,12 @@ authelia_top_level_config: | ||||
|   regulation: "{{ authelia_config_regulation }}" | ||||
|   storage: "{{ authelia_config_storage }}" | ||||
|   notifier: "{{ authelia_config_notifier }}" | ||||
|   identity_validation: "{{ authelia_config_identity_validation }}" | ||||
|  | ||||
| authelia_base_config: >-2 | ||||
|   {{ | ||||
|     authelia_top_level_config | ||||
|     | combine({"default_redirection_url": authelia_config_default_redirection_url} | ||||
|       if authelia_config_default_redirection_url | default(false, true) else {}) | ||||
|     | combine(({"server": authelia_config_server }) | ||||
|       | combine({"tls": authelia_config_server_tls} | ||||
|         if authelia_config_server_tls_key | default(false, true) else {})) | ||||
| @@ -97,10 +99,7 @@ authelia_config_webauthn: | ||||
|   timeout: "{{ authelia_config_webauthn_timeout }}" | ||||
|   display_name: "{{ authelia_config_webauthn_display_name }}" | ||||
|   attestation_conveyance_preference: "{{ authelia_config_webauthn_attestation_conveyance_preference }}" | ||||
|   selection_criteria: | ||||
|     attachment: "{{ authelia_config_webauthn_selection_criteria_attachment }}" | ||||
|     discoverability: "{{ authelia_config_webauthn_selection_criteria_discoverability }}" | ||||
|     user_verification: "{{ authelia_config_webauthn_selection_criteria_user_verification }}" | ||||
|   user_verification: "{{ authelia_config_webauthn_user_verification }}" | ||||
| authelia_config_duo_api: | ||||
|   hostname: "{{ authelia_config_duo_api_hostname }}" | ||||
|   integration_key: "{{ authelia_config_duo_api_integration_key }}" | ||||
| @@ -129,7 +128,7 @@ authelia_config_authentication_backend_password_reset: | ||||
|   disable: "{{ authelia_config_authentication_backend_password_reset_disable }}" | ||||
| authelia_config_authentication_backend_ldap: | ||||
|   implementation: "{{ authelia_config_authentication_backend_ldap_implementation }}" | ||||
|   address: "{{ authelia_config_authentication_backend_ldap_address }}" | ||||
|   url: "{{ authelia_config_authentication_backend_ldap_url }}" | ||||
|   timeout: "{{ authelia_config_authentication_backend_ldap_timeout }}" | ||||
|   start_tls: "{{ authelia_config_authentication_backend_ldap_start_tls }}" | ||||
|   tls: | ||||
| @@ -183,12 +182,12 @@ authelia_config_session: >-2 | ||||
|   }} | ||||
| authelia_config_session_base: | ||||
|   name: "{{ authelia_config_session_name }}" | ||||
|   domain: "{{ authelia_config_session_domain }}" | ||||
|   same_site: "{{ authelia_config_session_same_site }}" | ||||
|   secret: "{{ authelia_config_session_secret }}" | ||||
|   expiration: "{{ authelia_config_session_expiration }}"  | ||||
|   inactivity: "{{ authelia_config_session_inactivity }}" | ||||
|   remember_me: "{{ authelia_config_session_remember_me }}" | ||||
|   cookies: "{{ authelia_config_session_cookies }}" | ||||
| authelia_config_session_redis: >-2 | ||||
|   {{ | ||||
|     { | ||||
| @@ -275,9 +274,3 @@ authelia_config_notifier_smtp: | ||||
|   tls: | ||||
|     skip_verify: "{{ authelia_config_notifier_smtp_tls_skip_verify }}" | ||||
|     minimum_version: "{{ authelia_config_notifier_smtp_tls_minimum_version }}" | ||||
| authelia_config_identity_validation: | ||||
|   reset_password: "{{ authelia_config_identity_validation_reset_password }}" | ||||
| authelia_config_identity_validation_reset_password: | ||||
|   jwt_secret: "{{ authelia_config_identity_validation_reset_password_jwt_secret }}" | ||||
|   jwt_lifespan: "{{ authelia_config_identity_validation_reset_password_jwt_lifespan }}" | ||||
|   jwt_algorithm: "{{ authelia_config_identity_validation_reset_password_jwt_algorithm }}" | ||||
|   | ||||
| @@ -1,6 +1,6 @@ | ||||
| --- | ||||
| ghost_domain: ~ | ||||
| ghost_version: "6.5.1" | ||||
| ghost_version: "5.105.0" | ||||
| ghost_user: ghost | ||||
| ghost_user_group: ghost | ||||
| ghost_base_path: /opt/ghost | ||||
|   | ||||
| @@ -1,5 +1,5 @@ | ||||
| --- | ||||
| gitea_version: "1.24.6" | ||||
| gitea_version: "1.23.1" | ||||
| gitea_user: git | ||||
| gitea_run_user: "{{ gitea_user }}" | ||||
| gitea_base_path: "/opt/gitea" | ||||
| @@ -32,7 +32,6 @@ gitea_container_extra_labels: {} | ||||
| gitea_container_extra_ports: [] | ||||
| gitea_container_extra_volumes: [] | ||||
| gitea_container_state: started | ||||
| gitea_container_user: ~ | ||||
|  | ||||
| # container defaults | ||||
| gitea_container_base_volumes: | ||||
|   | ||||
| @@ -1,4 +1,5 @@ | ||||
| --- | ||||
|  | ||||
| - name: Ensure gitea user '{{ gitea_user }}' is present | ||||
|   ansible.builtin.user: | ||||
|     name: "{{ gitea_user }}" | ||||
| @@ -74,7 +75,6 @@ | ||||
|     published_ports: "{{ gitea_container_ports }}" | ||||
|     restart_policy: "{{ gitea_container_restart_policy }}" | ||||
|     state: "{{ gitea_container_state }}" | ||||
|     user: "{{ gitea_container_user | default(omit, true) }}" | ||||
|  | ||||
| - name: Ensure given configuration is set in the config file | ||||
|   ansible.builtin.ini_file: | ||||
|   | ||||
| @@ -1,6 +1,6 @@ | ||||
| --- | ||||
| hedgedoc_user: hedgedoc | ||||
| hedgedoc_version: "1.10.3" | ||||
| hedgedoc_version: "1.10.0" | ||||
|  | ||||
| hedgedoc_state: present | ||||
| hedgedoc_deployment_method: docker | ||||
|   | ||||
| @@ -1,31 +0,0 @@ | ||||
| --- | ||||
| - name: Ensure container image '{{ hedgedoc_container_image }}' is {{ hedgedoc_state }} | ||||
|   containers.podman.podman_image: | ||||
|     name: "{{ hedgedoc_container_image }}" | ||||
|     state: "{{ hedgedoc_state }}" | ||||
|     pull: "{{ (hedgedoc_container_image_source == 'pull') | bool }}" | ||||
|     force: >-2 | ||||
|       {{ hedgedoc_container_force_source | default( | ||||
|         hedgedoc_container_image_tag | default(false, true), true) }} | ||||
|   register: hedgedoc_container_image_info | ||||
|   until: hedgedoc_container_image_info is success | ||||
|   retries: 5 | ||||
|   delay: 3 | ||||
|  | ||||
| - name: Ensure container '{{ hedgedoc_container_name }}' is {{ hedgedoc_container_state }} | ||||
|   containers.podman.podman_container: | ||||
|     name: "{{ hedgedoc_container_name }}" | ||||
|     image: "{{ hedgedoc_container_image }}" | ||||
|     env: "{{ hedgedoc_container_env | default(omit, true) }}" | ||||
|     user: "{{ hedgedoc_container_user | default(omit, true) }}" | ||||
|     ports: "{{ hedgedoc_container_ports | default(omit, true) }}" | ||||
|     labels: "{{ hedgedoc_container_all_labels }}" | ||||
|     volumes: "{{ hedgedoc_container_all_volumes }}" | ||||
|     etc_hosts: "{{ hedgedoc_container_etc_hosts | default(omit, true) }}" | ||||
|     dns_servers: >-2 | ||||
|       {{ hedgedoc_container_dns_servers | default(omit, true) }} | ||||
|     network_mode: >-2 | ||||
|       {{ hedgedoc_container_network_mode | default(omit, true) }} | ||||
|     restart_policy: >-2 | ||||
|       {{ hedgedoc_container_restart_policy | default(omit, true) }} | ||||
|     state: "{{ hedgedoc_container_state }}" | ||||
| @@ -1,8 +1,7 @@ | ||||
| --- | ||||
| jellyfin_user: jellyfin | ||||
| jellyfin_version: "10.11.0" | ||||
| jellyfin_version: "10.10.3" | ||||
| jellyfin_state: present | ||||
| jellyfin_deployment_method: docker | ||||
|  | ||||
| jellyfin_base_path: /opt/jellyfin | ||||
| jellyfin_config_path: "{{ jellyfin_base_path }}/config" | ||||
|   | ||||
| @@ -1,25 +0,0 @@ | ||||
| --- | ||||
| - name: Ensure container image '{{ jellyfin_container_image_ref }}' is {{ jellyfin_state }} | ||||
|   community.docker.docker_image: | ||||
|     name: "{{ jellyfin_container_image_ref }}" | ||||
|     state: "{{ jellyfin_state }}" | ||||
|     source: "{{ jellyfin_container_image_source }}" | ||||
|     force_source: "{{ jellyfin_container_image_tag | default(false, true) }}" | ||||
|   register: jellyfin_container_image_pull_result | ||||
|   until: jellyfin_container_image_pull_result is succeeded | ||||
|   retries: 5 | ||||
|   delay: 3 | ||||
|  | ||||
| - name: Ensure container '{{ jellyfin_container_name }}' is {{ jellyfin_container_state }} | ||||
|   community.docker.docker_container: | ||||
|     name: "{{ jellyfin_container_name }}" | ||||
|     image: "{{ jellyfin_container_image_ref }}" | ||||
|     user: "{{ jellyfin_uid }}:{{ jellyfin_gid }}" | ||||
|     labels: "{{ jellyfin_container_labels }}" | ||||
|     volumes: "{{ jellyfin_container_volumes }}" | ||||
|     ports: "{{ jellyfin_container_ports | default(omit, true) }}" | ||||
|     networks: "{{ jellyfin_container_networks | default(omit, true) }}" | ||||
|     network_mode: "{{ jellyfin_container_network_mode }}" | ||||
|     etc_hosts: "{{ jellyfin_container_etc_hosts | default(omit, true) }}" | ||||
|     restart_policy: "{{ jellyfin_container_restart_policy }}" | ||||
|     state: "{{ jellyfin_container_state }}" | ||||
| @@ -1,22 +0,0 @@ | ||||
| --- | ||||
| - name: Ensure container image '{{ jellyfin_container_image_ref }}' is {{ jellyfin_state }} | ||||
|   containers.podman.podman_image: | ||||
|     name: "{{ jellyfin_container_image_ref }}" | ||||
|     state: "{{ jellyfin_state }}" | ||||
|     pull: "{{ (jellyfin_container_image_source == 'pull') | bool }}" | ||||
|     force: "{{ jellyfin_container_image_tag | default(false, true) }}" | ||||
|   register: jellyfin_container_image_pull_result | ||||
|   until: jellyfin_container_image_pull_result is succeeded | ||||
|   retries: 5 | ||||
|   delay: 3 | ||||
|  | ||||
| - name: Ensure container '{{ jellyfin_container_name }}' is {{ jellyfin_container_state }} | ||||
|   containers.podman.podman_container: | ||||
|     name: "{{ jellyfin_container_name }}" | ||||
|     image: "{{ jellyfin_container_image_ref }}" | ||||
|     user: "{{ jellyfin_uid }}:{{ jellyfin_gid }}" | ||||
|     labels: "{{ jellyfin_container_labels }}" | ||||
|     volumes: "{{ jellyfin_container_volumes }}" | ||||
|     network: "{{ jellyfin_container_networks | default(omit, True) }}" | ||||
|     restart_policy: "{{ jellyfin_container_restart_policy }}" | ||||
|     state: "{{ jellyfin_container_state }}" | ||||
| @@ -6,13 +6,6 @@ | ||||
|       states are {{ jellyfin_states | join(', ') }}. | ||||
|   when: jellyfin_state not in jellyfin_states | ||||
|  | ||||
| - name: Check if deployment method is valid | ||||
|   ansible.builtin.fail: | ||||
|     msg: >-2 | ||||
|       Unsupported state '{{ jellyfin_deployment_method }}'. Supported | ||||
|       states are {{ jellyfin_deployment_methods | join(', ') }}. | ||||
|   when: jellyfin_deployment_method not in jellyfin_deployment_methods | ||||
|  | ||||
| - name: Ensure jellyfin user '{{ jellyfin_user }}' is {{ jellyfin_state }} | ||||
|   ansible.builtin.user: | ||||
|     name: "{{ jellyfin_user }}" | ||||
| @@ -30,6 +23,25 @@ | ||||
|     mode: "{{ item.mode }}" | ||||
|   loop: "{{ jellyfin_host_directories }}" | ||||
|  | ||||
| - name: Ensure jellyfin is deployed using {{ jellyfin_deployment_method }} | ||||
|   ansible.builtin.include_tasks: | ||||
|     file: "deploy-{{ jellyfin_deployment_method }}.yml" | ||||
| - name: Ensure container image '{{ jellyfin_container_image_ref }}' is {{ jellyfin_state }} | ||||
|   community.docker.docker_image: | ||||
|     name: "{{ jellyfin_container_image_ref }}" | ||||
|     state: "{{ jellyfin_state }}" | ||||
|     source: "{{ jellyfin_container_image_source }}" | ||||
|     force_source: "{{ jellyfin_container_image_tag | default(false, true) }}" | ||||
|   register: jellyfin_container_image_pull_result | ||||
|   until: jellyfin_container_image_pull_result is succeeded | ||||
|   retries: 5 | ||||
|   delay: 3 | ||||
|  | ||||
| - name: Ensure container '{{ jellyfin_container_name }}' is {{ jellyfin_container_state }} | ||||
|   community.docker.docker_container: | ||||
|     name: "{{ jellyfin_container_name }}" | ||||
|     image: "{{ jellyfin_container_image_ref }}" | ||||
|     user: "{{ jellyfin_uid }}:{{ jellyfin_gid }}" | ||||
|     labels: "{{ jellyfin_container_labels }}" | ||||
|     volumes: "{{ jellyfin_container_volumes }}" | ||||
|     networks: "{{ jellyfin_container_networks | default(omit, True) }}" | ||||
|     network_mode: "{{ jellyfin_container_network_mode }}" | ||||
|     restart_policy: "{{ jellyfin_container_restart_policy }}" | ||||
|     state: "{{ jellyfin_container_state }}" | ||||
|   | ||||
| @@ -2,9 +2,6 @@ | ||||
| jellyfin_states: | ||||
|   - present | ||||
|   - absent | ||||
| jellyfin_deployment_methods: | ||||
|   - docker | ||||
|   - podman | ||||
|  | ||||
| jellyfin_container_base_volumes: | ||||
|   - "{{ jellyfin_config_path }}:/config:z" | ||||
|   | ||||
| @@ -1,5 +1,5 @@ | ||||
| --- | ||||
| keycloak_version: "26.4.2" | ||||
| keycloak_version: 26.0.7 | ||||
| keycloak_container_name: keycloak | ||||
|  | ||||
| keycloak_container_image_upstream_registry: quay.io | ||||
|   | ||||
| @@ -10,9 +10,7 @@ ENV KC_DB=$DB_VENDOR | ||||
|  | ||||
| WORKDIR {{ keycloak_container_working_directory }} | ||||
|  | ||||
| {% if keycloak_container_image_add_local_providers | default(true) %} | ||||
| ADD ./providers/* providers/ | ||||
| {% endif %} | ||||
| # Workaround to set correct mode on jar files | ||||
| USER root | ||||
| RUN chmod -R 0770 providers/* | ||||
|   | ||||
| @@ -1,3 +0,0 @@ | ||||
| # `finallycoffee.services.phpldapadmin` | ||||
|  | ||||
| Role to deploy and configure [phpldapadmin](https://github.com/leenooks/phpLDAPadmin). | ||||
| @@ -1,39 +0,0 @@ | ||||
| --- | ||||
| phpldapadmin_container_name: phpldapadmin | ||||
| phpldapadmin_container_image_registry: docker.io | ||||
| phpldapadmin_container_image_namespace: phpldapadmin | ||||
| phpldapadmin_container_image_name: phpldapadmin | ||||
| phpldapadmin_container_image_repository: >-2 | ||||
|   {{ | ||||
|     [ | ||||
|       phpldapadmin_container_image_registry | default([], true), | ||||
|       phpldapadmin_container_image_namespace | default([], true), | ||||
|       phpldapadmin_container_image_name | ||||
|     ] | flatten | join('/') | ||||
|   }} | ||||
| phpldapadmin_container_image: >-2 | ||||
|   {{ | ||||
|     [ | ||||
|       phpldapadmin_container_image_repository, | ||||
|       phpldapadmin_container_image_tag | default(phpldapadmin_version, true) | ||||
|     ] | join(':') | ||||
|   }} | ||||
| phpldapadmin_container_image_tag: ~ | ||||
| phpldapadmin_container_image_source: pull | ||||
| phpldapadmin_container_image_force_source: >-2 | ||||
|   {{ phpldapadmin_container_image_tag | default(false, true) }} | ||||
| phpldapadmin_container_env: ~ | ||||
| phpldapadmin_container_user: ~ | ||||
| phpldapadmin_container_ports: ~ | ||||
| phpldapadmin_container_labels: ~ | ||||
| phpldapadmin_container_volumes: ~ | ||||
| phpldapadmin_container_networks: ~ | ||||
| phpldapadmin_container_network_mode: ~ | ||||
| phpldapadmin_container_dns_servers: ~ | ||||
| phpldapadmin_container_etc_hosts: ~ | ||||
| phpldapadmin_container_memory: ~ | ||||
| phpldapadmin_container_memory_swap: ~ | ||||
| phpldapadmin_container_memory_reservation: ~ | ||||
| phpldapadmin_container_restart_policy: "on-failure" | ||||
| phpldapadmin_container_state: >-2 | ||||
|   {{ (phpldapadmin_state == 'present') | ternary('started', 'absent') }} | ||||
| @@ -1,5 +0,0 @@ | ||||
| --- | ||||
| phpldapadmin_version: "2.3.4" | ||||
|  | ||||
| phpldapadmin_state: present | ||||
| phpldapadmin_deployment_method: docker | ||||
| @@ -1,27 +0,0 @@ | ||||
| --- | ||||
| - name: Ensure phpldapadmin container image '{{ phpldapadmin_container_image }}' is {{ phpldapadmin_state }} | ||||
|   community.docker.docker_image: | ||||
|     name: "{{ phpldapadmin_container_image }}" | ||||
|     state: "{{ phpldapadmin_state }}" | ||||
|     source: "{{ phpldapadmin_container_image_source }}" | ||||
|     force_source: "{{ phpldapadmin_container_image_force_source }}" | ||||
|  | ||||
| - name: Ensure phpldapadmin container '{{ phpldapadmin_container_name }}' is {{ phpldapadmin_container_state }} | ||||
|   community.docker.docker_container: | ||||
|     name: "{{ phpldapadmin_container_name }}" | ||||
|     image: "{{ phpldapadmin_container_image }}" | ||||
|     env: "{{ phpldapadmin_container_env | default(omit, true) }}" | ||||
|     user: "{{ phpldapadmin_container_user | default(omit, true) }}" | ||||
|     ports: "{{ phpldapadmin_container_ports | default(omit, true) }}" | ||||
|     labels: "{{ phpldapadmin_container_labels | default(omit, true) }}" | ||||
|     volumes: "{{ phpldapadmin_container_volumes | default(omit, true) }}" | ||||
|     networks: "{{ phpldapadmin_container_networks | default(omit, true) }}" | ||||
|     network_mode: "{{ phpldapadmin_container_network_mode | default(omit, true) }}" | ||||
|     dns_servers: "{{ phpldapadmin_container_dns_servers | default(omit, true) }}" | ||||
|     etc_hosts: "{{ phpldapadmin_container_etc_hosts | default(omit, true) }}" | ||||
|     memory: "{{ phpldapadmin_container_memory | default(omit, true) }}" | ||||
|     memory_swap: "{{ phpldapadmin_container_memory_swap | default(omit, true) }}" | ||||
|     memory_reservation: >-2 | ||||
|       {{ phpldapadmin_container_memory_reservation | default(omit, true) }} | ||||
|     restart_policy: "{{ phpldapadmin_container_restart_policy | default(omit, true) }}" | ||||
|     state: "{{ phpldapadmin_container_state }}" | ||||
| @@ -1,18 +0,0 @@ | ||||
| --- | ||||
| - name: Ensure 'phpldapadmin_state' is valid | ||||
|   ansible.builtin.fail: | ||||
|     msg: >-2 | ||||
|       Unsupported state '{{ phpldapadmin_state }}'! | ||||
|       Supported states are {{ phpldapadmin_states | join(', ') }} | ||||
|   when: phpldapadmin_state not in phpldapadmin_states | ||||
|  | ||||
| - name: Ensure 'phpldapadmin_deployment_method' is valid | ||||
|   ansible.builtin.fail: | ||||
|     msg: >-2 | ||||
|       Unsupported deployment method '{{ phpldapadmin_deployment_method }}'! | ||||
|       Supported deployment methods are {{ phpldapadmin_deployment_methods | join(', ') }} | ||||
|   when: phpldapadmin_deployment_method not in phpldapadmin_deployment_methods | ||||
|  | ||||
| - name: Deploy using {{ phpldapadmin_deployment_method }} | ||||
|   ansible.builtin.import_tasks: | ||||
|     file: "deploy-{{ phpldapadmin_deployment_method }}.yml" | ||||
| @@ -1,6 +0,0 @@ | ||||
| --- | ||||
| phpldapadmin_states: | ||||
|   - "present" | ||||
|   - "absent" | ||||
| phpldapadmin_deployment_methods: | ||||
|   - "docker" | ||||
| @@ -1,54 +0,0 @@ | ||||
| # `finallycoffee.services.pretix` ansible role | ||||
|  | ||||
| Deploy [pretix](https://pretix.eu) using ansible. Note that this | ||||
| role does not configure pretix beyond its own configuration file, | ||||
| and requires changing a default admin password after a successful | ||||
| installation. | ||||
|  | ||||
| ## Configuration | ||||
|  | ||||
| For all available configuration options, see [`defaults/main/config.yml`](defaults/main/config.yml) | ||||
| and other supporting files in the [`defaults/main/`](defaults/main/) folder. | ||||
|  | ||||
| To add custom configuration to pretix, populate them in `pretix_config`, | ||||
| where they will be (recusively) merged into the default configuration. | ||||
|  | ||||
| ### Required | ||||
|  | ||||
| - `pretix_domain`: domain of the pretix instance | ||||
| - `pretix_postgresql_password`: password for the (default: postgresql) database | ||||
| - `pretix_config_redis_location`: connection string for the main pretix redis database | ||||
| - `pretix_config_celery_backend`: connection string for the celery backend, can be a (different!) redis database | ||||
| - `pretix_config_celery_broker`: connection string for the celery broker, can be a (yet another different) redis database | ||||
|  | ||||
| For examples on how a redis server (like valkey) can be configured | ||||
| for redis, see [`playbooks/pretix.yml`](../../playbooks/pretix.yml). | ||||
|  | ||||
| ### Mailing | ||||
|  | ||||
| Set up mails in pretix by populating the following variables: | ||||
| - `pretix_config_mail_host`: domain/IP and optional port of the SMTP server | ||||
| - `pretix_config_mail_user`: SMTP user to authenticate | ||||
| - `pretix_config_mail_password`: password for the SMTP user | ||||
|  | ||||
| ### Plugins | ||||
|  | ||||
| To install more plugins, list the wanted `pypi` packages as a list in | ||||
| `pretix_plugins`. They will be installed in the created virtualenv, and migrations and an asset rebuild will be automatically started. | ||||
|  | ||||
| If your plugin requires custom configuration (f.ex.: `pretix-oidc`), | ||||
| add the configuration into `pretix_config`. | ||||
|  | ||||
| ## Troubleshooting | ||||
|  | ||||
| ### virtualenv | ||||
|  | ||||
| By default, the virtualenv is located in `/var/lib/pretix/virtualenv`. | ||||
| This can be controlled by setting `pretix_virtualenv_dir`. | ||||
|  | ||||
| NOTE: To fix a broken virtualenv, try setting `pretix_virtualenv_state` to `forcereinstall` (see | ||||
| [`ansible.builtin.pip` on docs.ansible.com](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/pip_module.html)). | ||||
|  | ||||
| NOTE: To install pip packages or execute migrations in the virtualenv, ansible | ||||
| needs to become the unprivilated `pretix_user` (default: `pretix`). This might | ||||
| require having the `acl` system package installed. | ||||
| @@ -1,86 +0,0 @@ | ||||
| --- | ||||
| pretix_config_instance_name: "My pretix installation" | ||||
| pretix_config_url: "https://pretix.example.org" | ||||
| pretix_config_currency: "EUR" | ||||
| pretix_config_data_dir: "{{ pretix_data_dir }}" | ||||
| pretix_config_trust_x_forwarded_for: "on" | ||||
| pretix_config_trust_x_forwarded_proto: "on" | ||||
|  | ||||
| pretix_config_wsgi_name: "pretix" | ||||
| pretix_config_wsgi_workers: 4 | ||||
| pretix_config_wsgi_max_requests: 100 | ||||
| pretix_config_wsgi_log_level: "info" | ||||
| pretix_config_wsgi_bind_addr: "127.0.0.1:8345" | ||||
| pretix_config_worker_log_level: "{{ pretix_config_wsgi_log_level }}" | ||||
|  | ||||
| pretix_config_database_backend: postgresql | ||||
| pretix_config_database_name: pretix | ||||
| pretix_config_database_user: pretix | ||||
| pretix_config_database_password: ~ | ||||
| pretix_config_database_host: "" | ||||
|  | ||||
| pretix_config_mail_host: ~ | ||||
| pretix_config_mail_from: "tickets@example.org" | ||||
| pretix_config_mail_user: ~ | ||||
| pretix_config_mail_password: ~ | ||||
| pretix_config_mail_tls: true | ||||
| pretix_config_mail_ssl: false | ||||
|  | ||||
| pretix_config_redis_location: ~ | ||||
| pretix_config_redis_sessions: true | ||||
|  | ||||
| pretix_config_celery_backend: ~ | ||||
| pretix_config_celery_broker: ~ | ||||
|  | ||||
| pretix_app_config: | ||||
|   url: "{{ pretix_config_url }}" | ||||
|   instance_name: "{{ pretix_config_instance_name }}" | ||||
|   datadir: "{{ pretix_config_data_dir }}" | ||||
|   trust_x_forwarded_for: "{{ pretix_config_trust_x_forwarded_for }}" | ||||
|   trust_x_forwarded_proto: "{{ pretix_config_trust_x_forwarded_proto }}" | ||||
|   currency: "{{ pretix_config_currency }}" | ||||
|  | ||||
| pretix_database_config: | ||||
|   backend: "{{ pretix_config_database_backend }}" | ||||
|   name: "{{ pretix_config_database_name }}" | ||||
|   user: "{{ pretix_config_database_user }}" | ||||
|   password: "{{ pretix_config_database_password }}" | ||||
|   host: "{{ pretix_config_database_host }}" | ||||
|  | ||||
| pretix_mail_minimal_config: | ||||
|   host: "{{ pretix_config_mail_host }}" | ||||
|   from: "{{ pretix_config_mail_from }}" | ||||
| pretix_mail_config: >-2 | ||||
|   {{ pretix_mail_minimal_config | ||||
|     | combine({'user': pretix_config_mail_user} if pretix_config_mail_user else {}) | ||||
|     | combine({'password': pretix_config_mail_password} if pretix_config_mail_password else {}) | ||||
|     | combine({'ssl': pretix_config_mail_ssl | bool | ternary('on', 'off')} if pretix_config_mail_ssl else {}) | ||||
|     | combine({'tls': pretix_config_mail_tls | bool | ternary('on', 'off')} if pretix_config_mail_tls else {}) | ||||
|   }} | ||||
|  | ||||
| pretix_redis_config: | ||||
|   location: "{{ pretix_config_redis_location }}" | ||||
|   sessions: "{{ pretix_config_redis_sessions | bool | ternary('true', 'false') }}" | ||||
|  | ||||
| pretix_celery_config: | ||||
|   backend: "{{ pretix_config_celery_backend }}" | ||||
|   broker: "{{ pretix_config_celery_broker }}" | ||||
|  | ||||
| pretix_config: {} | ||||
| pretix_default_config: | ||||
|   pretix: "{{ pretix_app_config }}" | ||||
|   database: "{{ pretix_database_config }}" | ||||
|   mail: "{{ pretix_mail_config }}" | ||||
|   redis: "{{ pretix_redis_config }}" | ||||
|   celery: "{{ pretix_celery_config }}" | ||||
|  | ||||
| pretix_config_merged: >-2 | ||||
|   {{ pretix_default_config | combine(pretix_config | default({}), recursive=True) }} | ||||
|  | ||||
| pretix_config_file_content: |+2 | ||||
|   {% for kv in (pretix_config_merged | dict2items) %} | ||||
|   [{{ kv.key }}] | ||||
|   {% for entry in ((kv.value | default({}, true)) | dict2items) %} | ||||
|   {{ entry.key }}={{ entry.value }} | ||||
|   {% endfor %} | ||||
|   {% endfor %} | ||||
| @@ -1,16 +0,0 @@ | ||||
| --- | ||||
| pretix_version: "2025.8.0" | ||||
| pretix_state: "present" | ||||
| pretix_deployment_method: "systemd" | ||||
|  | ||||
| pretix_config_file: "/etc/pretix/pretix.cfg" | ||||
| pretix_config_file_owner: "{{ pretix_user_id }}" | ||||
| pretix_config_file_group: "{{ pretix_group_id }}" | ||||
| pretix_config_file_mode: "0640" | ||||
| pretix_config_dir: "{{ pretix_config_file | dirname }}" | ||||
| pretix_install_dir: "/var/lib/pretix" | ||||
| pretix_virtualenv_dir: "{{ pretix_install_dir }}/virtualenv" | ||||
| pretix_data_dir: "{{ pretix_install_dir }}/data" | ||||
| pretix_media_dir: "{{ pretix_data_dir }}/media" | ||||
|  | ||||
| pretix_plugins: [] | ||||
| @@ -1,22 +0,0 @@ | ||||
| --- | ||||
| pretix_debian_packages: | ||||
|   - "git" | ||||
|   - "build-essential" | ||||
|   - "python3-dev" | ||||
|   - "python3-venv" | ||||
|   - "python3" | ||||
|   - "python3-pip" | ||||
|   - "libxml2-dev" | ||||
|   - "libxslt1-dev" | ||||
|   - "libffi-dev" | ||||
|   - "zlib1g-dev" | ||||
|   - "libssl-dev" | ||||
|   - "gettext" | ||||
|   - "libpq-dev" | ||||
|   - "libjpeg-dev" | ||||
|   - "libopenjp2-7-dev" | ||||
|   - "nodejs" | ||||
|  | ||||
| pretix_packages: | ||||
|   "debian": | ||||
|     "12": "{{ pretix_debian_packages }}" | ||||
| @@ -1,50 +0,0 @@ | ||||
| --- | ||||
| pretix_systemd_unit_description: "pretix web service" | ||||
| pretix_systemd_unit_after: "network.target" | ||||
| pretix_systemd_unit_file_path: >-2 | ||||
|   /etc/systemd/system/{{ pretix_systemd_service_name }} | ||||
|  | ||||
| pretix_systemd_service_name: "pretix.service" | ||||
| pretix_systemd_service_user: "{{ pretix_user }}" | ||||
| pretix_systemd_service_group: "{{ pretix_user }}" | ||||
| pretix_systemd_service_environment: | ||||
|   VIRTUAL_ENV: "{{ pretix_virtualenv_dir }}" | ||||
|   PATH: "{{ pretix_virtualenv_dir }}/bin:/usr/local/bin:/usr/bin:/bin" | ||||
| pretix_systemd_service_working_directory: "{{ pretix_install_dir }}" | ||||
| pretix_systemd_service_exec_start: >-2 | ||||
|   {{ pretix_virtualenv_dir }}/bin/gunicorn pretix.wsgi | ||||
|   --name {{ pretix_config_wsgi_name }} | ||||
|   --workers {{ pretix_config_wsgi_workers }} | ||||
|   --max-requests {{ pretix_config_wsgi_max_requests }} | ||||
|   --log-level={{ pretix_config_wsgi_log_level }} | ||||
|   --bind={{ pretix_config_wsgi_bind_addr }} | ||||
| pretix_systemd_service_restart: "on-failure" | ||||
|  | ||||
| pretix_systemd_install_wanted_by: "multi-user.target" | ||||
|  | ||||
| # pretix worker | ||||
| pretix_worker_systemd_service_name: "pretix-worker.service" | ||||
| pretix_worker_systemd_service_description: "pretix worker service" | ||||
| pretix_worker_systemd_unit_file_path: >-2 | ||||
|   /etc/systemd/system/{{ pretix_worker_systemd_service_name }} | ||||
| pretix_worker_systemd_service_exec_start: >-2 | ||||
|   {{ pretix_virtualenv_dir }}/bin/celery | ||||
|   -A pretix.celery_app worker | ||||
|   -l  {{ pretix_config_worker_log_level }} | ||||
|  | ||||
| # pretix cron | ||||
| pretix_cron_systemd_service_name: "pretix-cron.service" | ||||
| pretix_cron_systemd_service_description: "pretix cron service" | ||||
| pretix_cron_systemd_unit_file_path: >-2 | ||||
|   /etc/systemd/system/{{ pretix_cron_systemd_service_name }} | ||||
| pretix_cron_systemd_service_exec_start: >-2 | ||||
|   python3 -m pretix runperiodic | ||||
|  | ||||
| pretix_cron_systemd_timer_name: "pretix-cron.timer" | ||||
| pretix_cron_systemd_timer_description: "pretix cron timer" | ||||
| pretix_cron_systemd_timer_file_path: >-2 | ||||
|   /etc/systemd/system/{{ pretix_cron_systemd_timer_name }} | ||||
| pretix_cron_systemd_timer_on_active_sec: 1800 | ||||
| pretix_cron_systemd_timer_on_startup_sec: >-2 | ||||
|   {{ pretix_cron_systemd_timer_on_active_sec }} | ||||
| pretix_cron_systemd_timer_accuracy_sec: 60 | ||||
| @@ -1,7 +0,0 @@ | ||||
| --- | ||||
| pretix_user: "pretix" | ||||
| pretix_user_system: true | ||||
| pretix_user_create_home: false | ||||
|  | ||||
| pretix_user_id: "{{ pretix_user_info.uid | default(pretix_user) }}" | ||||
| pretix_group_id: "{{ pretix_user_info.group | default(pretix_user) }}" | ||||
| @@ -1,11 +0,0 @@ | ||||
| --- | ||||
| pretix_virtualenv_state: "{{ pretix_state }}" | ||||
| pretix_virtualenv_packages: | ||||
|   - "pip" | ||||
|   - "setuptools" | ||||
|   - "wheel" | ||||
|   - "gunicorn" | ||||
|   - "pretix=={{ pretix_version }}" | ||||
|  | ||||
| pretix_virtualenv_site_packages: false | ||||
| pretix_virtualenv_command: "python3 -m venv" | ||||
| @@ -1,6 +0,0 @@ | ||||
| --- | ||||
| - name: Ensure pretix systemd service is restarted | ||||
|   listen: pretix_restart | ||||
|   ansible.builtin.systemd_service: | ||||
|     name: "{{ pretix_systemd_service_name }}" | ||||
|     state: "restarted" | ||||
| @@ -1,9 +0,0 @@ | ||||
| --- | ||||
| allow_duplicates: true | ||||
| dependencies: [] | ||||
| galaxy_info: | ||||
|   role_name: pretix | ||||
|   description: Ansible role to deploy pretix (https://pretix.eu) | ||||
|   galaxy_tags: | ||||
|     - pretix | ||||
|     - ticketing | ||||
| @@ -1,14 +0,0 @@ | ||||
| --- | ||||
| - name: Ensure 'pretix_state' is valid | ||||
|   ansible.builtin.fail: | ||||
|     msg: >-2 | ||||
|       Unsupported pretix_state '{{ pretix_state }}'. | ||||
|       Supported states are {{ pretix_states | join(', ') }} | ||||
|   when: pretix_state not in pretix_states | ||||
|  | ||||
| - name: Ensure 'pretix_deployment_method' is valid | ||||
|   ansible.builtin.fail: | ||||
|     msg: >-2 | ||||
|       Unsupported pretix_state '{{ pretix_deployment_method }}'. | ||||
|       Supported states are {{ pretix_deployment_methods | join(', ') }} | ||||
|   when: pretix_deployment_method not in pretix_deployment_methods | ||||
| @@ -1,10 +0,0 @@ | ||||
| --- | ||||
| - name: Ensure configuration file is written | ||||
|   ansible.builtin.copy: | ||||
|     dest: "{{ pretix_config_file }}" | ||||
|     content: "{{ pretix_config_file_content }}" | ||||
|     owner: "{{ pretix_config_file_owner }}" | ||||
|     group: "{{ pretix_config_file_group }}" | ||||
|     mode: "{{ pretix_config_file_mode }}" | ||||
|   when: pretix_state == 'present' | ||||
|   register: pretix_config_file_info | ||||
| @@ -1,64 +0,0 @@ | ||||
| --- | ||||
| - name: Ensure virtualenv in {{ pretix_virtualenv_dir }} is present | ||||
|   ansible.builtin.pip: | ||||
|     name: "{{ pretix_virtualenv_packages + pretix_plugins }}" | ||||
|     state: "{{ pretix_virtualenv_state }}" | ||||
|     chdir: "{{ pretix_install_dir }}" | ||||
|     virtualenv: "{{ pretix_virtualenv_dir }}" | ||||
|     virtualenv_command: "{{ pretix_virtualenv_command | default(omit, true) }}" | ||||
|     virtualenv_site_packages: "{{ pretix_virtualenv_site_packages }}" | ||||
|   become: true | ||||
|   become_user: "{{ pretix_user }}" | ||||
|   register: pretix_virtualenv_info | ||||
|  | ||||
| # TODO: determine to only do this on a) upgrades or b) initial deployis | ||||
| - name: Ensure pretix database migrations are run | ||||
|   ansible.builtin.command: | ||||
|     cmd: "{{ pretix_virtualenv_dir }}/bin/python -m pretix migrate" | ||||
|     chdir: "{{ pretix_install_dir }}" | ||||
|   environment: | ||||
|     VIRTUAL_ENV: "{{ pretix_virtualenv_dir }}" | ||||
|   become: true | ||||
|   become_user: "{{ pretix_user }}" | ||||
|   notify: pretix_restart | ||||
|   when: | ||||
|     - pretix_state == 'present' | ||||
|     - pretix_virtualenv_info.changed or pretix_config_file_info.changed | ||||
|  | ||||
| # TODO: determine to only do this on a) upgrades or b) initial deployis | ||||
| - name: Ensure pretix static assets are built | ||||
|   ansible.builtin.command: | ||||
|     cmd: "{{ pretix_virtualenv_dir }}/bin/python -m pretix rebuild" | ||||
|     chdir: "{{ pretix_install_dir }}" | ||||
|   environment: | ||||
|     VIRTUAL_ENV: "{{ pretix_virtualenv_dir }}" | ||||
|   become: true | ||||
|   become_user: "{{ pretix_user }}" | ||||
|   notify: pretix_restart | ||||
|   when: | ||||
|     - pretix_state == 'present' | ||||
|     - pretix_virtualenv_info.changed or pretix_config_file_info.changed | ||||
|  | ||||
| - name: Ensure pretix systemd service is enabled | ||||
|   ansible.builtin.systemd_service: | ||||
|     name: "{{ _service }}" | ||||
|     enabled: true | ||||
|   when: pretix_state == 'present' | ||||
|   loop: | ||||
|     - "{{ pretix_systemd_service_name }}" | ||||
|     - "{{ pretix_worker_systemd_service_name }}" | ||||
|     - "{{ pretix_cron_systemd_service_name }}" | ||||
|     - "{{ pretix_cron_systemd_timer_name }}" | ||||
|   loop_control: | ||||
|     loop_var: _service | ||||
|  | ||||
| - name: Ensure pretix systemd service is {{ pretix_state }} | ||||
|   ansible.builtin.systemd_service: | ||||
|     name: "{{ _service }}" | ||||
|     state: "{{ (pretix_state == 'present') | ternary('started', 'stopped') }}" | ||||
|   loop: | ||||
|     - "{{ pretix_systemd_service_name }}" | ||||
|     - "{{ pretix_worker_systemd_service_name }}" | ||||
|     - "{{ pretix_cron_systemd_timer_name }}" | ||||
|   loop_control: | ||||
|     loop_var: _service | ||||
| @@ -1,5 +0,0 @@ | ||||
| --- | ||||
| - name: Ensure pretix is deployed using {{ pretix_deployment_method }} | ||||
|   ansible.builtin.include_tasks: | ||||
|     file: "deploy-{{ pretix_deployment_method }}.yml" | ||||
|   when: pretix_state == 'present' | ||||
| @@ -1,16 +0,0 @@ | ||||
| --- | ||||
| - name: Ensure preconditions are met | ||||
|   ansible.builtin.include_tasks: | ||||
|     file: "check.yml" | ||||
|  | ||||
| - name: Ensure deployment preparations are done | ||||
|   ansible.builtin.include_tasks: | ||||
|     file: "prepare.yml" | ||||
|  | ||||
| - name: Ensure pretix is configured | ||||
|   ansible.builtin.include_tasks: | ||||
|     file: "configure.yml" | ||||
|  | ||||
| - name: Ensure pretix is deployed | ||||
|   ansible.builtin.include_tasks: | ||||
|     file: "deploy.yml" | ||||
| @@ -1,61 +0,0 @@ | ||||
| --- | ||||
| - name: Ensure ansible facts are collected | ||||
|   ansible.builtin.setup: | ||||
|     gather_subset: | ||||
|       - "!all" | ||||
|       - "pkg_mgr" | ||||
|       - "distribution" | ||||
|       - "distribution_release" | ||||
|       - "distribution_version" | ||||
|       - "distribution_major_version" | ||||
|  | ||||
| - name: Ensure system packages are present (apt) | ||||
|   ansible.builtin.apt: | ||||
|     name: "{{ package }}" | ||||
|     state: "{{ pretix_state }}" | ||||
|   loop: "{{ pretix_packages[ansible_distribution | lower][ansible_distribution_major_version] }}" | ||||
|   loop_control: | ||||
|     loop_var: "package" | ||||
|   when: ansible_facts['pkg_mgr'] == 'apt' | ||||
|  | ||||
| # TODO: add pretix worker and cron | ||||
| - name: Ensure systemd unit {{ pretix_systemd_unit_name }} is {{ pretix_state }} | ||||
|   ansible.builtin.template: | ||||
|     src: "pretix.service.j2" | ||||
|     dest: "{{ pretix_systemd_unit_file_path }}" | ||||
|   register: pretix_systemd_unit_info | ||||
|   notify: | ||||
|     - pretix_restart | ||||
|  | ||||
| - name: Ensure systemd unit {{ pretix_worker_systemd_unit_name }} is {{ pretix_state }} | ||||
|   ansible.builtin.template: | ||||
|     src: "pretix.service.j2" | ||||
|     dest: "{{ pretix_worker_systemd_unit_file_path }}" | ||||
|   register: pretix_worker_systemd_unit_info | ||||
|   vars: | ||||
|     pretix_systemd_service_exec_start: "{{ pretix_worker_systemd_service_exec_start }}" | ||||
|     pretix_systemd_service_description: "{{ pretix_worker_systemd_service_description }}" | ||||
|  | ||||
| - name: Ensure systemd unit {{ pretix_cron_systemd_service_name }} is {{ pretix_state }} | ||||
|   ansible.builtin.template: | ||||
|     src: "pretix.service.j2" | ||||
|     dest: "{{ pretix_cron_systemd_unit_file_path }}" | ||||
|   register: pretix_cron_systemd_unit_info | ||||
|   vars: | ||||
|     pretix_systemd_service_exec_start: "{{ pretix_cron_systemd_service_exec_start }}" | ||||
|     pretix_systemd_service_description: "{{ pretix_cron_systemd_service_description }}" | ||||
|  | ||||
| - name: Ensure systemd timer unit {{ pretix_cron_systemd_timer_name }} is {{ pretix_state }} | ||||
|   ansible.builtin.template: | ||||
|     src: "pretix-cron.timer.j2" | ||||
|     dest: "{{ pretix_cron_systemd_timer_file_path }}" | ||||
|   register: pretix_cron_systemd_timer_info | ||||
|  | ||||
| - name: Ensure systemd is reloaded | ||||
|   ansible.builtin.systemd_service: | ||||
|     daemon_reload: true | ||||
|   when: >-2 | ||||
|     pretix_systemd_unit_info.changed | ||||
|     or pretix_worker_systemd_unit_info.changed | ||||
|     or pretix_cron_systemd_unit_info.changed | ||||
|     or pretix_cron_systemd_timer_info.changed | ||||
| @@ -1,29 +0,0 @@ | ||||
| --- | ||||
| - name: Ensure pretix user '{{ pretix_user }}' is {{ pretix_state }} | ||||
|   ansible.builtin.user: | ||||
|     name: "{{ pretix_user }}" | ||||
|     state: "{{ pretix_state }}" | ||||
|     system: "{{ pretix_user_system }}" | ||||
|     create_home: "{{ pretix_user_create_home }}" | ||||
|   register: pretix_user_info | ||||
|  | ||||
| - name: Ensure host directories are {{ pretix_state }} | ||||
|   ansible.builtin.file: | ||||
|     path: "{{ item.path }}" | ||||
|     owner: "{{ item.owner | default(pretix_user_id) }}" | ||||
|     group: "{{ item.group | default(pretix_group_id) }}" | ||||
|     mode: "{{ item.mode | default('0750') }}" | ||||
|     state: "directory" | ||||
|   loop: | ||||
|     - path: "{{ pretix_config_dir }}" | ||||
|     - path: "{{ pretix_virtualenv_dir }}" | ||||
|     - path: "{{ pretix_data_dir }}" | ||||
|     - path: "{{ pretix_media_dir }}" | ||||
|   when: pretix_state == 'present' | ||||
|  | ||||
| - name: Ensure deployment-type specific preparations for '{{ pretix_deployment_method }}' are run | ||||
|   ansible.builtin.include_tasks: | ||||
|     file: "prepare-{{ pretix_deployment_method }}.yml" | ||||
|   when: | ||||
|     - pretix_state == 'present' | ||||
|     - pretix_deployment_method in ['systemd'] | ||||
| @@ -1,10 +0,0 @@ | ||||
| [Unit] | ||||
| Description={{ pretix_cron_systemd_timer_description }} | ||||
|  | ||||
| [Timer] | ||||
| OnActiveSec={{ pretix_cron_systemd_timer_on_active_sec }} | ||||
| OnStartupSec={{ pretix_cron_systemd_timer_on_startup_sec }} | ||||
| AccuracySec={{ pretix_cron_systemd_timer_accuracy_sec }} | ||||
|  | ||||
| [Install] | ||||
| WantedBy=timers.target | ||||
| @@ -1,16 +0,0 @@ | ||||
| [Unit] | ||||
| Description={{ pretix_systemd_unit_description }} | ||||
| After={{ pretix_systemd_unit_after }} | ||||
|  | ||||
| [Service] | ||||
| User={{ pretix_systemd_service_user }} | ||||
| Group={{ pretix_systemd_service_group }} | ||||
| {% for kv in pretix_systemd_service_environment | dict2items %} | ||||
| Environment="{{ kv.key }}={{ kv.value }}" | ||||
| {% endfor %} | ||||
| WorkingDirectory={{ pretix_systemd_service_working_directory }} | ||||
| ExecStart={{ pretix_systemd_service_exec_start }} | ||||
| Restart={{ pretix_systemd_service_restart }} | ||||
|  | ||||
| [Install] | ||||
| WantedBy={{ pretix_systemd_install_wanted_by }} | ||||
| @@ -1,7 +0,0 @@ | ||||
| --- | ||||
| pretix_states: | ||||
|   - "present" | ||||
|   - "absent" | ||||
|  | ||||
| pretix_deployment_methods: | ||||
|   - "systemd" | ||||
| @@ -1,6 +1,6 @@ | ||||
| --- | ||||
| snipe_it_container_image_registry: docker.io | ||||
| snipe_it_container_image_namespace: 'snipe' | ||||
| snipe_it_container_image_namespace: snipe | ||||
| snipe_it_container_image_name: 'snipe-it' | ||||
| snipe_it_container_image_tag: ~ | ||||
| snipe_it_container_image_flavour: alpine | ||||
|   | ||||
| @@ -1,6 +1,6 @@ | ||||
| --- | ||||
| snipe_it_user: snipeit | ||||
| snipe_it_version: "8.3.4" | ||||
| snipe_it_version: "7.1.15" | ||||
| snipe_it_domain: ~ | ||||
| snipe_it_state: present | ||||
| snipe_it_deployment_method: docker | ||||
|   | ||||
| @@ -1,6 +1,6 @@ | ||||
| --- | ||||
| vaultwarden_user: vaultwarden | ||||
| vaultwarden_version: "1.34.3" | ||||
| vaultwarden_version: "1.32.7" | ||||
|  | ||||
| vaultwarden_config_file: "/etc/vaultwarden/config.json" | ||||
| vaultwarden_config_directory: "{{ vaultwarden_config_file | dirname }}" | ||||
|   | ||||
| @@ -20,5 +20,3 @@ | ||||
|     dns_servers: "{{ vaultwarden_container_dns_servers | default(omit, true) }}" | ||||
|     restart_policy: "{{ vaultwarden_container_restart_policy | default(omit, true) }}" | ||||
|     state: "{{ vaultwarden_container_state | default(omit, true) }}" | ||||
|     comparisons: | ||||
|       'env': 'strict' | ||||
|   | ||||
| @@ -1,22 +0,0 @@ | ||||
| --- | ||||
| - name: Ensure container image '{{ vaultwarden_container_image }}' is {{ vaultwarden_state }} | ||||
|   containers.podman.podman_image: | ||||
|     name: "{{ vaultwarden_container_image }}" | ||||
|     state: "{{ vaultwarden_state }}" | ||||
|     pull: "{{ (vaultwarden_container_image_source == 'pull') | bool }}" | ||||
|     force: "{{ vaultwarden_container_image_force_source }}" | ||||
|  | ||||
| - name: Ensure container '{{ vaultwarden_container_name }}' is {{ vaultwarden_container_state }} | ||||
|   containers.podman.podman_container: | ||||
|     name: "{{ vaultwarden_container_name }}" | ||||
|     image: "{{ vaultwarden_container_image }}" | ||||
|     env: "{{ vaultwarden_container_env | default(omit, true) }}" | ||||
|     user: "{{ vaultwarden_container_user | default(omit, true) }}" | ||||
|     ports: "{{ vaultwarden_container_ports | default(omit, true) }}" | ||||
|     labels: "{{ vaultwarden_container_labels | default(omit, true) }}" | ||||
|     volumes: "{{ vaultwarden_container_volumes }}" | ||||
|     network: "{{ vaultwarden_container_networks | default(omit, true) }}" | ||||
|     etc_hosts: "{{ vaultwarden_container_etc_hosts | default(omit, true) }}" | ||||
|     dns_servers: "{{ vaultwarden_container_dns_servers | default(omit, true) }}" | ||||
|     restart_policy: "{{ vaultwarden_container_restart_policy | default(omit, true) }}" | ||||
|     state: "{{ vaultwarden_container_state | default(omit, true) }}" | ||||
| @@ -4,7 +4,6 @@ vaultwarden_states: | ||||
|   - absent | ||||
| vaultwarden_deployment_methods: | ||||
|   - docker | ||||
|   - podman | ||||
| vaultwarden_required_variables: | ||||
|   - vaultwarden_config_domain | ||||
| vaultwarden_conditionally_required_variables: | ||||
|   | ||||
| @@ -1,6 +1,7 @@ | ||||
| --- | ||||
|  | ||||
| vouch_proxy_user: vouch-proxy | ||||
| vouch_proxy_version: "0.45.1" | ||||
| vouch_proxy_version: 0.40.0 | ||||
| vouch_proxy_base_path: /opt/vouch-proxy | ||||
| vouch_proxy_config_path: "{{ vouch_proxy_base_path }}/config" | ||||
| vouch_proxy_config_file: "{{ vouch_proxy_config_path }}/config.yaml" | ||||
|   | ||||
		Reference in New Issue
	
	Block a user