feat(snipe_it): add ansible role for deployment

README.md

@@ -26,6 +26,9 @@ concise area of concern.
 - [`openproject`](roles/openproject/README.md): Deploys an [openproject.org](https://www.openproject.org)
   installation using the upstream provided docker-compose setup.
 
+- [`snipe_it`](roles/snipe_it/README.md): Deploys [Snipe-IT](https://snipeitapp.com/),
+  the free and open-source IT asset (and license) management with a powerful REST API
+
 - [`vaultwarden`](roles/vaultwarden/README.md): Deploy [vaultwarden](https://github.com/dani-garcia/vaultwarden/),
   an open-source implementation of the Bitwarden Server (formerly Bitwarden\_RS).
 

galaxy.yml

@@ -19,4 +19,5 @@ tags:
   - hedgedoc
   - jellyfin
   - vaultwarden
+  - snipe-it
   - docker

playbooks/snipe_it.yml

@@ -0,0 +1,6 @@
+---
+- name: Install and configure Snipe-IT
+  hosts: "{{ snipe_it_hosts | default('snipe_it') }}"
+  become: "{{ snipe_it_become | default(true, false) }}"
+  roles:
+    - role: finallycoffee.services.snipe_it

roles/snipe_it/README.md

@@ -11,6 +11,9 @@ for sending email. For installing and configuring MariaDB, see
 
 ## Configuration
 
+Required variables to set are:
+
+- `snipe_it_domain`
 - `snipe_it_config_app_url`
 - `snipe_it_config_app_key`
 

roles/snipe_it/defaults/main/config.yml

@@ -87,27 +87,27 @@ snipe_it_base_config:
   DB_DATABASE: "{{ snipe_it_config_db_database }}"
   DB_USERNAME: "{{ snipe_it_config_mail_username }}"
   DB_PASSWORD: "{{ snipe_it_config_db_password }}"
-  DB_PREFIX: "{{ snipe_it_config_db_prefix }}"
+  DB_PREFIX: "{{ snipe_it_config_db_prefix | default('null', true) }}"
   DB_DUMP_PATH: "{{ snipe_it_config_db_dump_path }}"
   DB_CHARSET: "{{ snipe_it_config_db_charset }}"
   DB_COLLATION: "{{ snipe_it_config_db_collation }}"
   DB_SSL: "{{ snipe_it_config_db_ssl }}"
   DB_SSL_IS_PAAS: "{{ snipe_it_config_db_ssl_is_paas }}"
-  DB_SSL_KEY_PATH: "{{ snipe_it_config_db_ssl_key_path }}"
-  DB_SSL_CERT_PATH: "{{ snipe_it_config_db_ssl_cert_path }}"
-  DB_SSL_CA_PATH: "{{ snipe_it_config_db_ssl_ca_path }}"
-  DB_SSL_CIPHER: "{{ snipe_it_config_db_ssl_cipher }}"
-  DB_SSL_VERIFY_SERVER: "{{ snipe_it_config_db_ssl_verify_server }}"
+  DB_SSL_KEY_PATH: "{{ snipe_it_config_db_ssl_key_path | default('null', true) }}"
+  DB_SSL_CERT_PATH: "{{ snipe_it_config_db_ssl_cert_path | default('null', true) }}"
+  DB_SSL_CA_PATH: "{{ snipe_it_config_db_ssl_ca_path | default('null', true) }}"
+  DB_SSL_CIPHER: "{{ snipe_it_config_db_ssl_cipher | default('null', true) }}"
+  DB_SSL_VERIFY_SERVER: "{{ snipe_it_config_db_ssl_verify_server | default('null', true) }}"
   MAIL_MAILER: "{{ snipe_it_config_mail_mailer }}"
   MAIL_HOST: "{{ snipe_it_config_mail_host }}"
   MAIL_PORT: "{{ snipe_it_config_mail_port }}"
   MAIL_USERNAME: "{{ snipe_it_config_mail_username }}"
   MAIL_PASSWORD: "{{ snipe_it_config_mail_password }}"
   MAIL_TLS_VERIFY_PEER: "{{ snipe_it_config_mail_tls_verify_peer }}"
-  MAIL_FROM_ADDR: "{{ snipe_it_config_mail_from_addr }}"
-  MAIL_FROM_NAME: "{{ snipe_it_config_mail_from_name }}"
-  MAIL_REPLYTO_ADDR: "{{ snipe_it_config_mail_replyto_addr }}"
-  MAIL_REPLYTO_NAME: "{{ snipe_it_config_mail_replyto_name }}"
+  MAIL_FROM_ADDR: "{{ snipe_it_config_mail_from_addr | default('null', true) }}"
+  MAIL_FROM_NAME: "{{ snipe_it_config_mail_from_name | default('null', true) }}"
+  MAIL_REPLYTO_ADDR: "{{ snipe_it_config_mail_replyto_addr | default('null', true) }}"
+  MAIL_REPLYTO_NAME: "{{ snipe_it_config_mail_replyto_name | default('null', true) }}"
   MAIL_AUTO_EMBED_METHOD: "{{ snipe_it_config_mail_auto_embed_method }}"
   MAIL_BACKUP_NOTIFICATION_DRIVER: "{{ snipe_it_config_mail_backup_notification_driver }}"
   MAIL_BACKUP_NOTIFICATION_ADDRESS: "{{ snipe_it_config_mail_backup_notification_address }}"
@@ -129,5 +129,5 @@ snipe_it_base_config:
 
 snipe_it_config: ~
 snipe_it_merged_config: >-2
-  {{ snipe_it_base_config | default({}, true)
-    | combine(snipe_it_config | default({}, true), recursive=True) }}
+  {{ (snipe_it_base_config | default({}, true))
+    | combine((snipe_it_config | default({}, true)), recursive=True) }}

roles/snipe_it/defaults/main/container.yml

@@ -1,26 +1,26 @@
 ---
-snipe_it_container_container_image_registry: docker.io
-snipe_it_container_container_image_namespace: snipe
-snipe_it_container_container_image_name: 'snipe-it'
-snipe_it_container_container_image_tag: ~
-snipe_it_container_container_image_flavour: alpine
-snipe_it_container_container_image_source: pull
-snipe_it_container_container_image_force_source: >-2
-  {{ snipe_it_container_container_image_tag | default(false, true) | bool }}
-snipe_it_container_container_image: >-2
+snipe_it_container_image_registry: docker.io
+snipe_it_container_image_namespace: snipe
+snipe_it_container_image_name: 'snipe-it'
+snipe_it_container_image_tag: ~
+snipe_it_container_image_flavour: alpine
+snipe_it_container_image_source: pull
+snipe_it_container_image_force_source: >-2
+  {{ snipe_it_container_image_tag | default(false, true) | bool }}
+snipe_it_container_image: >-2
   {{
     ([
-      snipe_it_container_container_image_registry | default([], true),
-      snipe_it_container_container_image_namespace | default([], true),
-      snipe_it_container_container_image_name,
+      snipe_it_container_image_registry | default([], true),
+      snipe_it_container_image_namespace | default([], true),
+      snipe_it_container_image_name,
     ] | flatten | join('/'))
     + ':'
-    + (vaultwarden_container_image_tag | default(
-        'v' + vaultwarden_version + (
-          ((snipe_it_container_container_image_flavour is string)
-            and (snipe_it_container_container_image_flavour | length > 0))
+    + (snipe_it_container_image_tag | default(
+        'v' + snipe_it_version + (
+          ((snipe_it_container_image_flavour is string)
+            and (snipe_it_container_image_flavour | length > 0))
           | ternary(
-            '-' + snipe_it_container_container_image_flavour | default('', true),
+            '-' + snipe_it_container_image_flavour | default('', true),
             ''
           )
         ),
@@ -28,6 +28,22 @@ snipe_it_container_container_image: >-2
     ))
   }}
 
-snipe_it_container_env_file: "{{ snipe_it_env_file }}"
+snipe_it_container_env_file: "/var/www/html/.env"
+snipe_it_container_data_directory: "/var/lib/snipeit"
+snipe_it_container_volumes:
+  - "{{ snipe_it_env_file }}:{{ snipe_it_container_env_file }}:ro"
+  - "{{ snipe_it_data_directory }}:{{ snipe_it_container_data_directory }}:z"
+
+snipe_it_container_name: 'snipe-it'
+snipe_it_container_state: >-2
+  {{ (snipe_it_state == 'present') | ternary('started', 'absent') }}
+snipe_it_container_env: ~
 snipe_it_container_user: ~
-snipe_it_container_ #TODO
+snipe_it_container_ports: ~
+snipe_it_container_labels: ~
+snipe_it_container_recreate: ~
+snipe_it_container_networks: ~
+snipe_it_container_etc_hosts: ~
+snipe_it_container_dns_servers: ~
+snipe_it_container_network_mode: ~
+snipe_it_container_restart_policy: 'unless-stopped'

roles/snipe_it/defaults/main/main.yml

@@ -1,6 +1,7 @@
 ---
 snipe_it_user: snipeit
 snipe_it_version: "7.0.13"
+snipe_it_domain: ~
 snipe_it_state: present
 snipe_it_deployment_method: docker
 

roles/snipe_it/tasks/deploy-docker.yml

@@ -14,5 +14,17 @@
   community.docker.docker_container:
     name: "{{ snipe_it_container_name }}"
     image: "{{ snipe_it_container_image }}"
-    # more args
+    env_file: "{{ snipe_it_env_file }}"
+    env: "{{ snipe_it_container_env | default(omit, true) }}"
+    user: "{{ snipe_it_container_user | default(omit, true) }}"
+    ports: "{{ snipe_it_container_ports | default(omit, true) }}"
+    labels: "{{ snipe_it_container_labels | default(omit, true) }}"
+    volumes: "{{ snipe_it_container_volumes | default(omit, true) }}"
+    networks: "{{ snipe_it_container_networks | default(omit, true) }}"
+    etc_hosts: "{{ snipe_it_container_etc_hosts | default(omit, true) }}"
+    dns_servers: "{{ snipe_it_container_dns_servers | default(omit, true) }}"
+    network_mode: "{{ snipe_it_container_network_mode | default(omit, true) }}"
+    restart_policy: >-2
+      {{ snipe_it_container_restart_policy | default(omit, true) }}
+    recreate: "{{ snipe_it_container_recreate | default(omit, true) }}"
     state: "{{ snipe_it_container_state }}"

roles/snipe_it/tasks/main.yml

@@ -21,13 +21,13 @@
 
 - name: Ensure snipe-it environment file is {{ snipe_it_state }}
   ansible.builtin.file:
-    path: "{{ snipe_it_config_file }}"
+    path: "{{ snipe_it_env_file }}"
     state: "{{ snipe_it_state }}"
   when: snipe_it_state == 'absent'
 
 - name: Ensure snipe-it config directory is {{ snipe_it_state }}
   ansible.builtin.file:
-    path: "{{ snipe_it_config_file | dirname }}"
+    path: "{{ snipe_it_env_file | dirname }}"
     state: "{{ (snipe_it_state == 'present') | ternary('directory', 'absent') }}"
     owner: "{{ snipe_it_run_user_id }}"
     group: "{{ snipe_it_run_group_id }}"
@@ -41,14 +41,15 @@
     owner: "{{ snipe_it_run_user_id }}"
     group: "{{ snipe_it_run_group_id }}"
     mode: "0755"
-
+- debug:
+    msg: "{{ snipe_it_base_config }}"
 - name: Ensure snipe-it environment file is templated
   ansible.builtin.copy:
     content: |+2
       {% for entry in snipe_it_merged_config | dict2items %}
       {{ entry.key }}={{ entry.value }}
       {% endfor %}
-    path: "{{ snipe_it_config_file }}"
+    dest: "{{ snipe_it_env_file }}"
     owner: "{{ snipe_it_run_user_id }}"
     group: "{{ snipe_it_run_group_id }}"
     mode: "0640"