meta: update galaxy collection version to 0.1.0

README.md

@@ -8,15 +8,24 @@ concise area of concern.
 
 ## Roles
 
-- [`roles/authelia`](roles/authelia/README.md): Deploys an [authelia.com](https://www.authelia.com)
+- [`authelia`](roles/authelia/README.md): Deploys an [authelia.com](https://www.authelia.com)
   instance, an authentication provider with beta OIDC provider support.
 
-- [`roles/gitea`](roles/gitea/README.md): Deploy [gitea.io](https://gitea.io), a
+- [`ghost`](roles/ghost/README.md): Deploys [ghost.org](https://ghost.org/), a simple to use
+  blogging and publishing platform.
+
+- [`gitea`](roles/gitea/README.md): Deploy [gitea.io](https://gitea.io), a
   lightweight, self-hosted git service.
 
-- [`roles/jellyfin`](roles/jellyfin/README.md): Deploy [jellyfin.org](https://jellyfin.org),
+- [`jellyfin`](roles/jellyfin/README.md): Deploy [jellyfin.org](https://jellyfin.org),
   the free software media system for streaming stored media to any device.
 
+- [`openproject`](roles/openproject/README.md): Deploys an [openproject.org](https://www.openproject.org)
+  installation using the upstream provided docker-compose setup.
+
+- [`vouch_proxy`](roles/vouch_proxy/README.md): Deploys [vouch-proxy](https://github.com/vouch/vouch-proxy),
+  an authorization proxy for arbitrary webapps working with `nginx`s' `auth_request` module.
+
 ## License
 
 [CNPLv7+](LICENSE.md): Cooperative Nonviolent Public License

galaxy.yml

@@ -1,6 +1,6 @@
 namespace: finallycoffee
 name: services
-version: 0.0.3
+version: 0.1.0
 readme: README.md
 authors:
 - transcaffeine <transcaffeine@finally.coffee>

playbooks/openproject.yml

@@ -0,0 +1,6 @@
+---
+- name: Install openproject
+  hosts: "{{ openproject_hosts | default('openproject') }}"
+  become: "{{ openproject_become | default(true, false) }}"
+  roles:
+    - role: finallycoffee.services.openproject

roles/ghost/defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 
 ghost_domain: ~
-ghost_version: "5.58.0"
+ghost_version: "5.78.0"
 ghost_user: ghost
 ghost_user_group: ghost
 ghost_base_path: /opt/ghost
@@ -36,3 +36,4 @@ ghost_container_restart_policy: "unless-stopped"
 ghost_container_networks: ~
 ghost_container_purge_networks: ~
 ghost_container_etc_hosts: ~
+ghost_container_state: started

roles/ghost/tasks/main.yml

@@ -16,15 +16,16 @@
 
 - name: Ensure host paths for docker volumes exist for ghost
   ansible.builtin.file:
-    path: "{{ item }}"
+    path: "{{ item.path }}"
     state: directory
     mode: "0750"
-    owner: "{{ ghost_user }}"
+    owner: "{{ item.owner | default(ghost_user) }}"
-    group: "{{ ghost_user_group }}"
+    group: "{{ item.group | default(ghost_user_group) }}"
   loop:
-    - "{{ ghost_base_path }}"
+    - path: "{{ ghost_base_path }}"
-    - "{{ ghost_data_path }}"
+    - path: "{{ ghost_data_path }}"
-    - "{{ ghost_config_path }}"
+      owner: "1000"
+    - path: "{{ ghost_config_path }}"
 
 - name: Ensure ghost configuration file is templated
   ansible.builtin.template:
@@ -41,7 +42,7 @@
     source: pull
     force_source: "{{ ghost_container_image_tag is defined }}"
 
-- name: Ensure ghost container is running
+- name: Ensure ghost container '{{ ghost_container_name }}' is {{ ghost_container_state }}
   community.docker.docker_container:
     name: "{{ ghost_container_name }}"
     image: "{{ ghost_container_image }}"
@@ -53,4 +54,4 @@
     networks: "{{ ghost_container_networks | default(omit, true) }}"
     purge_networks: "{{ ghost_container_purge_networks | default(omit, true) }}"
     restart_policy: "{{ ghost_container_restart_policy }}"
-    state: started
+    state: "{{ ghost_container_state }}"

roles/gitea/defaults/main.yml

@@ -1,7 +1,8 @@
 ---
 
-gitea_version: "1.20.2"
+gitea_version: "1.22.2"
 gitea_user: git
+gitea_run_user: "{{ gitea_user }}"
 gitea_base_path: "/opt/gitea"
 gitea_data_path: "{{ gitea_base_path }}/data"
 
@@ -9,7 +10,7 @@ gitea_data_path: "{{ gitea_base_path }}/data"
 gitea_domain: ~
 
 # container config
-gitea_container_name: "git"
+gitea_container_name: "{{ gitea_user }}"
 gitea_container_image_name: "docker.io/gitea/gitea"
 gitea_container_image_tag: "{{ gitea_version }}"
 gitea_container_image: "{{ gitea_container_image_name }}:{{ gitea_container_image_tag }}"
@@ -17,9 +18,10 @@ gitea_container_networks: []
 gitea_container_purge_networks: ~
 gitea_container_restart_policy: "unless-stopped"
 gitea_container_extra_env: {}
-gitea_contianer_extra_labels: {}
+gitea_container_extra_labels: {}
 gitea_container_extra_ports: []
 gitea_container_extra_volumes: []
+gitea_container_state: started
 
 # container defaults
 gitea_container_base_volumes:
@@ -40,10 +42,10 @@ gitea_container_base_labels:
 gitea_config_mailer_enabled: false
 gitea_config_mailer_type: ~
 gitea_config_mailer_from_addr: ~
-gitea_config_mailer_host: ~
+gitea_config_mailer_smtp_addr: ~
 gitea_config_mailer_user: ~
 gitea_config_mailer_passwd: ~
-gitea_config_mailer_tls: ~
+gitea_config_mailer_protocol: ~
 gitea_config_mailer_sendmail_path: ~
 gitea_config_metrics_enabled: false
 

roles/gitea/tasks/main.yml

@@ -1,10 +1,11 @@
 ---
 
-- name: Create gitea user
+- name: Ensure gitea user '{{ gitea_user }}' is present
   user:
     name: "{{ gitea_user }}"
-    state: present
+    state: "present"
-    system: no
+    system: false
+    create_home: true
   register: gitea_user_res
 
 - name: Ensure host directories exist
@@ -43,7 +44,7 @@
     group: "{{ gitea_user_res.group }}"
     mode: 0700
     content: |
-      ssh -p {{ gitea_public_ssh_server_port }} -o StrictHostKeyChecking=no {{ gitea_user }}@127.0.0.1 -i /home/{{ gitea_user }}/.ssh/id_ssh_ed25519 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
+      ssh -p {{ gitea_public_ssh_server_port }} -o StrictHostKeyChecking=no {{ gitea_run_user }}@127.0.0.1 -i /home/{{ gitea_user }}/.ssh/id_ssh_ed25519 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
 
 - name: Add host pubkey to git users authorized_keys file
   lineinfile:
@@ -56,23 +57,24 @@
     mode: 0600
 
 - name: Ensure gitea container image is present
-  docker_image:
+  community.docker.docker_image:
     name: "{{ gitea_container_image }}"
     state: present
     source: pull
     force_source: "{{ gitea_container_image.endswith(':latest') }}"
 
-- name: Ensure container '{{ gitea_container_name }}' with gitea is running
+- name: Ensure container '{{ gitea_container_name }}' with gitea is {{ gitea_container_state }}
-  docker_container:
+  community.docker.docker_container:
     name: "{{ gitea_container_name }}"
     image: "{{ gitea_container_image }}"
     env: "{{ gitea_container_env }}"
+    labels: "{{ gitea_container_labels }}"
     volumes: "{{ gitea_container_volumes }}"
     networks: "{{ gitea_container_networks | default(omit, True) }}"
     purge_networks: "{{ gitea_container_purge_networks | default(omit, True) }}"
     published_ports: "{{ gitea_container_ports }}"
     restart_policy: "{{ gitea_container_restart_policy }}"
-    state: started
+    state: "{{ gitea_container_state }}"
 
 - name: Ensure given configuration is set in the config file
   ini_file:

roles/gitea/vars/main.yml

@@ -14,7 +14,7 @@ gitea_container_port_ssh: 22
 
 gitea_config_base:
   RUN_MODE: prod
-  RUN_USER: "{{ gitea_user }}"
+  RUN_USER: "{{ gitea_run_user }}"
   server:
     SSH_DOMAIN: "{{ gitea_domain }}"
     DOMAIN: "{{ gitea_domain }}"
@@ -24,11 +24,11 @@ gitea_config_base:
   mailer:
     ENABLED: "{{ gitea_config_mailer_enabled }}"
     MAILER_TYP: "{{ gitea_config_mailer_type }}"
-    HOST: "{{ gitea_config_mailer_host }}"
+    SMTP_ADDR: "{{ gitea_config_mailer_smtp_addr }}"
     USER: "{{ gitea_config_mailer_user }}"
     PASSWD: "{{ gitea_config_mailer_passwd }}"
-    IS_TLS_ENABLED: "{{ gitea_config_mailer_tls }}"
+    PROTOCOL: "{{ gitea_config_mailer_protocol }}"
-    FROM: "{{ gitea_config_mailer_from_addr }}"
+    FROM: "{{ gitea_config_mailer_from }}"
     SENDMAIL_PATH: "{{ gitea_config_mailer_sendmail_path }}"
   metrics:
     ENABLED: "{{ gitea_config_metrics_enabled }}"

roles/jellyfin/defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 
 jellyfin_user: jellyfin
-jellyfin_version: 10.8.10
+jellyfin_version: 10.9.8
 
 jellyfin_base_path: /opt/jellyfin
 jellyfin_config_path: "{{ jellyfin_base_path }}/config"

roles/openproject/README.md

@@ -0,0 +1,21 @@
+# `finallycoffee.services.openproject` ansible role
+
+Deploys [openproject](https://www.openproject.org/) using docker-compose.
+
+## Configuration
+
+To set configuration variables for OpenProject, set them in `openproject_compose_overrides`:
+```yaml
+openproject_compose_overrides:
+  version: "3.7"
+  services:
+    proxy:
+       [...]
+  volumes:
+    pgdata:
+      driver: local
+      driver_opts:
+        o: bind
+        type: none
+        device: /var/lib/postgresql
+```

roles/openproject/defaults/main.yml

@@ -0,0 +1,11 @@
+---
+openproject_base_path: "/opt/openproject"
+
+openproject_upstream_git_url: "https://github.com/opf/openproject-deploy.git"
+openproject_upstream_git_branch: "stable/13"
+
+openproject_compose_project_path: "{{ openproject_base_path }}/compose"
+openproject_compose_project_name: "openproject"
+openproject_compose_project_env_file: "{{ openproject_compose_project_path }}/.env"
+openproject_compose_project_override_file: "{{ openproject_compose_project_path }}/docker-compose.override.yml"
+openproject_compose_project_env: {}

roles/openproject/tasks/main.yml

@@ -0,0 +1,39 @@
+---
+- name: Ensure base directory '{{ openproject_base_path }}' is present
+  ansible.builtin.file:
+    path: "{{ openproject_base_path }}"
+    state: directory
+
+- name: Ensure upstream repository is cloned
+  ansible.builtin.git:
+    dest: "{{ openproject_base_path }}"
+    repo: "{{ openproject_upstream_git_url }}"
+    version: "{{ openproject_upstream_git_branch }}"
+    clone: true
+    depth: 1
+
+- name: Ensure environment is configured
+  ansible.builtin.lineinfile:
+    line: "{{ item.key}}={{ item.value}}"
+    path: "{{ openproject_compose_project_env_file }}"
+    state: present
+    create: true
+  loop: "{{ openproject_compose_project_env | dict2items(key_name='key', value_name='value') }}"
+
+- name: Ensure docker compose overrides are set
+  ansible.builtin.copy:
+    dest: "{{ openproject_compose_project_override_file }}"
+    content: "{{ openproject_compose_overrides | default({}) | to_nice_yaml }}"
+
+- name: Ensure containers are pulled
+  community.docker.docker_compose:
+    project_src: "{{ openproject_compose_project_path }}"
+    project_name: "{{ openproject_compose_project_name }}"
+    pull: true
+
+- name: Ensure services are running
+  community.docker.docker_compose:
+    project_src: "{{ openproject_compose_project_path }}"
+    project_name: "{{ openproject_compose_project_name }}"
+    state: "present"
+    build: false