Compare commits

..

30 Commits

Author SHA1 Message Date
25be7155e0
update(vaultwarden): bump version to 1.32.7 2024-12-21 23:04:35 +01:00
950d017889
update(authelia): bump version to 4.38.17 2024-12-14 22:33:27 +01:00
31639291f1
meta: update collection to 0.1.10 2024-12-08 13:54:25 +01:00
127a128a73
update(gitea): bump version to 1.22.4 2024-12-08 13:52:42 +01:00
6bf38f8273
update(ghost): bump version to 5.103.0 2024-12-05 23:18:32 +01:00
266057d11c
update(keycloak): bump version to 26.0.7 2024-12-03 16:14:52 +01:00
afa91a622b
update(keycloak): bump version to 26.0.6 2024-11-29 22:50:54 +01:00
d92262798a
update(snipe_it): bump version to 7.1.15 2024-11-28 22:05:40 +01:00
4b13c448d0
update(ghost): bump version to 5.101.4 2024-11-27 20:04:01 +01:00
a9a988ec69
update(ghost): bump version to 5.101.3 2024-11-23 21:54:14 +01:00
d9de07c8f8
update(jellyfin): bump version to 10.10.3 2024-11-19 14:08:00 +01:00
c51dd4c142
meta: update collection to 0.1.9 2024-11-18 14:01:46 +01:00
bfd6449a71
update(vaultwarden): bump version to 1.32.5 2024-11-18 14:00:42 +01:00
7ebde915db
update(ghost): bump version to 5.101.1 2024-11-15 21:07:30 +01:00
a18c8c3355
meta: bump collection version to 0.1.8 2024-11-11 08:34:17 +01:00
5a6ffc6991
update(vaultwarden): bump version to 1.32.4 2024-11-11 08:32:26 +01:00
e7ea03c00e
update(jellyfin): bump version to 10.10.1 2024-11-10 19:52:04 +01:00
c7040c96f8
chore(keycloak): set keycloak hostname and header mode for proxy 2024-11-09 12:21:56 +01:00
d8d0b5c9e5
chore(keycloak): use fully-qualified module names 2024-11-08 18:30:18 +01:00
1d1f519e3a
chore(keycloak): split upstream container image coordinates 2024-11-08 18:29:35 +01:00
11d5c81c60
update(keycloak): bump version to 26.0.5 2024-11-08 18:24:12 +01:00
f7eeb59288
update(keycloak): bump version to 25.0.6 2024-11-08 18:11:25 +01:00
72d8ac9644
feat(keycloak): add ansible role
Migrate role from `entropia.sso` collection
2024-11-08 18:05:19 +01:00
d3d6f89949
fix(authelia): correctly template session.redis config section, fix container restarts recreating the container 2024-11-02 10:48:05 +01:00
43d0dc171a
update(openproject)!: bump version to release/14 2024-11-01 21:32:08 +01:00
d8dfb24df0
update(vaultwarden): bump version to 1.32.3 2024-10-31 09:53:41 +01:00
57c8dae0c4
meta: bump version to 0.1.7 2024-10-27 19:26:55 +01:00
6385b6f7a8
update(jellyfin): bump version to 10.10.0 2024-10-27 19:23:09 +01:00
7d09c9a88d
feat(snipe_it): add ansible role for deployment 2024-10-27 18:35:22 +01:00
98c60a73c6
meta: bump version to 0.1.6 2024-10-22 20:42:24 +02:00
28 changed files with 589 additions and 14 deletions

View File

@ -23,9 +23,15 @@ concise area of concern.
- [`jellyfin`](roles/jellyfin/README.md): Deploy [jellyfin.org](https://jellyfin.org),
the free software media system for streaming stored media to any device.
- [`keycloak`](roles/keycloak/README.md): Deploy [keycloak](https://www.keycloak.org/),
the open source identity and access management solution.
- [`openproject`](roles/openproject/README.md): Deploys an [openproject.org](https://www.openproject.org)
installation using the upstream provided docker-compose setup.
- [`snipe_it`](roles/snipe_it/README.md): Deploys [Snipe-IT](https://snipeitapp.com/),
the free and open-source IT asset (and license) management with a powerful REST API
- [`vaultwarden`](roles/vaultwarden/README.md): Deploy [vaultwarden](https://github.com/dani-garcia/vaultwarden/),
an open-source implementation of the Bitwarden Server (formerly Bitwarden\_RS).

View File

@ -1,6 +1,6 @@
namespace: finallycoffee
name: services
version: 0.1.5
version: 0.1.10
readme: README.md
authors:
- transcaffeine <transcaffeine@finally.coffee>
@ -19,4 +19,5 @@ tags:
- hedgedoc
- jellyfin
- vaultwarden
- snipeit
- docker

6
playbooks/snipe_it.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: Install and configure Snipe-IT
hosts: "{{ snipe_it_hosts | default('snipe_it') }}"
become: "{{ snipe_it_become | default(true, false) }}"
roles:
- role: finallycoffee.services.snipe_it

View File

@ -1,5 +1,5 @@
---
authelia_version: "4.38.16"
authelia_version: "4.38.17"
authelia_user: authelia
authelia_base_dir: /opt/authelia
authelia_domain: authelia.example.org

View File

@ -4,5 +4,7 @@
docker_container:
name: "{{ authelia_container_name }}"
state: started
restart: yes
restart: true
comparisons:
'*': ignore
listen: restart-authelia

View File

@ -170,7 +170,12 @@ authelia_config_access_control:
default_policy: "{{ authelia_config_access_control_default_policy }}"
networks: "{{ authelia_config_access_control_networks }}"
rules: "{{ authelia_config_access_control_rules }}"
authelia_config_session:
authelia_config_session: >-2
{{ authelia_config_session_base
| combine(({'redis': authelia_config_session_redis}
if authelia_config_session_redis_host else {}), recursive=true)
}}
authelia_config_session_base:
name: "{{ authelia_config_session_name }}"
domain: "{{ authelia_config_session_domain }}"
same_site: "{{ authelia_config_session_same_site }}"

View File

@ -1,6 +1,6 @@
---
ghost_domain: ~
ghost_version: "5.96.0"
ghost_version: "5.103.0"
ghost_user: ghost
ghost_user_group: ghost
ghost_base_path: /opt/ghost

View File

@ -1,5 +1,5 @@
---
gitea_version: "1.22.3"
gitea_version: "1.22.4"
gitea_user: git
gitea_run_user: "{{ gitea_user }}"
gitea_base_path: "/opt/gitea"

View File

@ -1,6 +1,6 @@
---
jellyfin_user: jellyfin
jellyfin_version: 10.9.11
jellyfin_version: "10.10.3"
jellyfin_state: present
jellyfin_base_path: /opt/jellyfin

16
roles/keycloak/README.md Normal file
View File

@ -0,0 +1,16 @@
# `finallycoffee.services.keycloak` ansible role
Ansible role for deploying keycloak, currently only supports docker.
Migrated from `entropia.sso.keycloak`.
## Required variables
- `keycloak_database_password` - password for the database user
- `keycloak_config_hostname` - public domain of the keycloak server
## Database configuration
- `keycloak_database_hostname` - hostname of the database server, defaults to `localhost`
- `keycloak_database_username` - username to use when connecting to the database server, defaults to `keycloak`
- `keycloak_database_database` - name of the database to use, defaults to `keycloak`

View File

@ -0,0 +1,51 @@
---
keycloak_version: 26.0.7
keycloak_container_name: keycloak
keycloak_container_image_upstream_registry: quay.io
keycloak_container_image_upstream_namespace: keycloak
keycloak_container_image_upstream_name: keycloak
keycloak_container_image_upstream: >-2
{{
([
keycloak_container_image_upstream_registry | default([]),
keycloak_container_image_upstream_namespace | default([]),
keycloak_container_image_upstream_name,
] | flatten | join('/'))
}}
keycloak_container_image_name: "keycloak:{{ keycloak_version }}-custom"
keycloak_container_database_vendor: postgres
keycloak_base_path: /opt/keycloak
keycloak_container_build_directory: "{{ keycloak_base_path }}/build"
keycloak_container_build_jar_directory: providers
keycloak_container_build_flags: {}
keycloak_provider_jars_directory: "{{ keycloak_base_path }}/providers"
keycloak_build_provider_jars_directory: "{{ keycloak_container_build_directory }}/{{ keycloak_container_build_jar_directory }}"
keycloak_database_hostname: localhost
keycloak_database_port: 5432
keycloak_database_username: keycloak
keycloak_database_password: ~
keycloak_database_database: keycloak
keycloak_container_env: {}
keycloak_container_labels: ~
keycloak_container_volumes: ~
keycloak_container_restart_policy: unless-stopped
keycloak_container_command: >-2
start
--db-username {{ keycloak_database_username }}
--db-password {{ keycloak_database_password }}
--db-url jdbc:postgresql://{{ keycloak_database_hostname }}{{ keycloak_database_port | ternary(':' ~ keycloak_database_port, '') }}/{{ keycloak_database_database }}
{{ keycloak_container_extra_start_flags | default([]) | join(' ') }}
--proxy-headers=xforwarded
--hostname {{ keycloak_config_hostname }}
--optimized
keycloak_config_health_enabled: true
keycloak_config_metrics_enabled: true
keycloak_config_hostname: localhost
keycloak_config_admin_username: admin
keycloak_config_admin_password: ~

View File

@ -0,0 +1,13 @@
---
allow_duplicates: true
dependencies: []
galaxy_info:
role_name: keycloak
description: Deploy keycloak, the opensource identity and access management solution
galaxy_tags:
- keycloak
- sso
- oidc
- oauth2
- iam
- docker

View File

@ -0,0 +1,72 @@
---
- name: Ensure build directory exists
ansible.builtin.file:
name: "{{ keycloak_container_build_directory }}"
state: directory
recurse: yes
mode: 0700
tags:
- keycloak-build-container
- name: Ensure provider jars directory exists
ansible.builtin.file:
name: "{{ keycloak_provider_jars_directory }}"
state: directory
mode: 0775
tags:
- keycloak-build-container
- name: Ensure Dockerfile is templated
ansible.builtin.template:
src: Dockerfile.j2
dest: "{{ keycloak_container_build_directory }}/Dockerfile"
mode: 0700
register: keycloak_buildfile_info
tags:
- keycloak-container
- keycloak-build-container
- name: Ensure upstream Keycloak container image '{{ keycloak_container_image_upstream }}:{{ keycloak_version }}' is present
community.docker.docker_image:
name: "{{ keycloak_container_image_upstream }}:{{ keycloak_version }}"
source: pull
state: present
register: keycloak_container_image_upstream_status
tags:
- keycloak-container
- keycloak-build-container
- name: Ensure custom keycloak container image '{{ keycloak_container_image_name }}' is built
community.docker.docker_image:
name: "{{ keycloak_container_image_name }}"
build:
args:
DB_VENDOR: "{{ keycloak_container_database_vendor }}"
KC_ADMIN_PASSWORD: "{{ keycloak_config_admin_password }}"
dockerfile: "{{ keycloak_container_build_directory }}/Dockerfile"
path: "{{ keycloak_container_build_directory }}"
source: build
state: present
force_source: "{{ keycloak_buildfile_info.changed or keycloak_container_image_upstream_status.changed or (keycloak_force_rebuild_container | default(false))}}"
register: keycloak_container_image_status
tags:
- keycloak-container
- keycloak-build-container
- name: Ensure keycloak container is running
community.docker.docker_container:
name: "{{ keycloak_container_name }}"
image: "{{ keycloak_container_image_name }}"
env: "{{ keycloak_container_env | default(omit, true) }}"
ports: "{{ keycloak_container_ports | default(omit, true) }}"
hostname: "{{ keycloak_container_hostname | default(omit) }}"
labels: "{{ keycloak_container_labels | default(omit, true) }}"
volumes: "{{ keycloak_container_volumes | default(omit, true) }}"
restart_policy: "{{ keycloak_container_restart_policy }}"
recreate: "{{ keycloak_container_force_recreate | default(false) or (keycloak_container_image_status.changed if keycloak_container_image_status is defined else false) }}"
etc_hosts: "{{ keycloak_container_etc_hosts | default(omit) }}"
state: started
command: "{{ keycloak_container_command }}"
tags:
- keycloak-container

View File

@ -0,0 +1,41 @@
FROM {{ keycloak_container_image_upstream }}:{{ keycloak_version }} as builder
# Enable health and metrics support
ENV KC_HEALTH_ENABLED={{ keycloak_config_health_enabled | ternary('true', 'false') }}
ENV KC_METRICS_ENABLED={{ keycloak_config_metrics_enabled | ternary('true', 'false') }}
# Configure a database vendor
ARG DB_VENDOR
ENV KC_DB=$DB_VENDOR
WORKDIR {{ keycloak_container_working_directory }}
ADD ./providers/* providers/
# Workaround to set correct mode on jar files
USER root
RUN chmod -R 0770 providers/*
USER keycloak
RUN {{ keycloak_container_working_directory }}/bin/kc.sh --verbose \
{% for argument in keycloak_container_build_flags | dict2items(key_name='flag', value_name='value') %}
--{{- argument['flag'] -}}{{- argument['value'] | default(false, true) | ternary('=' + argument['value'], '') }} \
{% endfor%}
build{% if keycloak_container_build_features | default([]) | length > 0 %} \
{% endif %}
{% if keycloak_container_build_features | default([]) | length > 0 %}
--features="{{ keycloak_container_build_features | join(',') }}"
{% endif %}
FROM {{ keycloak_container_image_upstream }}:{{ keycloak_version }}
COPY --from=builder {{ keycloak_container_working_directory }}/ {{ keycloak_container_working_directory }}/
ENV KC_HOSTNAME={{ keycloak_config_hostname }}
ENV KEYCLOAK_ADMIN={{ keycloak_config_admin_username }}
ARG KC_ADMIN_PASSWORD
{% if keycloak_version | split('.') | first | int > 21 %}
ENV KEYCLOAK_ADMIN_PASSWORD=$KC_ADMIN_PASSWORD
{% else %}
ENV KEYCLOAK_PASSWORD=$KC_ADMIN_PASSWORD
{% endif %}
ENTRYPOINT ["{{ keycloak_container_working_directory }}/bin/kc.sh"]

View File

@ -0,0 +1,3 @@
---
keycloak_container_working_directory: /opt/keycloak

View File

@ -2,9 +2,9 @@
openproject_base_path: "/opt/openproject"
openproject_upstream_git_url: "https://github.com/opf/openproject-deploy.git"
openproject_upstream_git_branch: "stable/13"
openproject_upstream_git_branch: "stable/14"
openproject_compose_project_path: "{{ openproject_base_path }}/compose"
openproject_compose_project_path: "{{ openproject_base_path }}"
openproject_compose_project_name: "openproject"
openproject_compose_project_env_file: "{{ openproject_compose_project_path }}/.env"
openproject_compose_project_override_file: "{{ openproject_compose_project_path }}/docker-compose.override.yml"

View File

@ -26,14 +26,13 @@
content: "{{ openproject_compose_overrides | default({}) | to_nice_yaml }}"
- name: Ensure containers are pulled
community.docker.docker_compose:
community.docker.docker_compose_v2:
project_src: "{{ openproject_compose_project_path }}"
project_name: "{{ openproject_compose_project_name }}"
pull: true
pull: "missing"
- name: Ensure services are running
community.docker.docker_compose:
community.docker.docker_compose_v2:
project_src: "{{ openproject_compose_project_path }}"
project_name: "{{ openproject_compose_project_name }}"
state: "present"
build: false

46
roles/snipe_it/README.md Normal file
View File

@ -0,0 +1,46 @@
# `finallycoffee.services.snipe_it` ansible role
[Snipe-IT](https://snipeitapp.com/) is an open-source asset management with
a powerful JSON-REST API. This ansible role deploys and configures Snipe-IT.
## Requirements
Snipe-IT requires a MySQL-Database like MariaDB and a working email service
for sending email. For installing and configuring MariaDB, see
[`finallycoffee.base.mariadb`](https://galaxy.ansible.com/ui/repo/published/finallycoffee/base/content/role/mariadb/).
## Configuration
Required variables to set are:
- `snipe_it_domain` - domain name of the snipe-it instance
- `snipe_it_config_app_url` - URL where snipe-it will be reachable including protocol and port
- `snipe_it_config_app_key` - Laravel application key
### Database configuration
All (database) options from the upstream laravel `.env` file are available
under the `snipe_it_config_db_*` prefix. Configure a database as follows:
```
snipe_it_config_db_host: localhost # defaults to localhost
snipe_it_config_db_port: "3306" # defaults to 3306
snipe_it_config_db_database: my_snipe_db_name # defaults to 'snipeit'
snipe_it_config_db_username: my_snipe_db_user # defaults to 'snipeit'
snipe_it_config_db_password: my_snipe_db_password
# Set this if the database is shared with
# other applications. defaults to not set
snipe_it_config_db_prefix: snipe_
```
### Email configuration
Configuring an email server is mandatory. An example is provided below:
```yaml
snipe_it_config_mail_host: smtp.example.com
snipe_it_config_mail_username: snipe_user@snipe.example.com
snipe_it_config_mail_password: i_want_to_be_strong_and_long
snipe_it_config_mail_from_addr: "noreply@snipe.example.com"
snipe_it_config_mail_from_name: "Example.com SnipeIT instance"
```
The default smtp port is `587` and can be set in `snipe_it_config_mail_port`.

View File

@ -0,0 +1,131 @@
---
snipe_it_config_app_version: "v{{ snipe_it_version }}"
snipe_it_config_app_port: 8000
snipe_it_config_app_env: "production"
snipe_it_config_app_debug: false
snipe_it_config_app_key: ~
snipe_it_config_app_url: "http://localhost:{{ snipe_it_config_app_port }}"
snipe_it_config_app_timezone: UTC
snipe_it_config_app_locale: en-US
snipe_it_config_app_locked: false
snipe_it_config_app_cipher: "AES-256-GCM"
snipe_it_config_app_force_tls: false
snipe_it_config_app_trusted_proxies:
- '192.168.0.0/16'
- '172.16.0.0/12'
- '10.0.0.0/8'
snipe_it_config_db_connection: mysql
snipe_it_config_db_host: localhost
snipe_it_config_db_port: "3306"
snipe_it_config_db_database: snipeit
snipe_it_config_db_username: snipeit
snipe_it_config_db_password: ~
snipe_it_config_db_prefix: ~
snipe_it_config_db_dump_path: /usr/bin/
snipe_it_config_db_charset: utf8mb4
snipe_it_config_db_collation: utf8mb4_unicode_ci
snipe_it_config_db_ssl: false
snipe_it_config_db_ssl_is_paas: false
snipe_it_config_db_ssl_key_path: ~
snipe_it_config_db_ssl_cert_path: ~
snipe_it_config_db_ssl_ca_path: ~
snipe_it_config_db_ssl_cipher: ~
snipe_it_config_db_ssl_verify_server: ~
snipe_it_config_mail_mailer: smtp
snipe_it_config_mail_host: ~
snipe_it_config_mail_port: 587
snipe_it_config_mail_username: ~
snipe_it_config_mail_password: ~
snipe_it_config_mail_tls_verify_peer: true
snipe_it_config_mail_from_addr: ~
snipe_it_config_mail_from_name: ~
snipe_it_config_mail_replyto_addr: "{{ snipe_it_config_mail_from_addr }}"
snipe_it_config_mail_replyto_name: "{{ snipe_it_config_mail_from_name }}"
snipe_it_config_mail_auto_embed_method: attachment
snipe_it_config_mail_backup_notification_driver: ~
snipe_it_config_mail_backup_notification_address: ~
snipe_it_config_private_filesystem_disk: "local"
snipe_it_config_public_filesystem_disk: "local_public"
snipe_it_config_allow_backup_delete: false
snipe_it_config_allow_data_purge: false
snipe_it_config_image_lib: 'gd'
snipe_it_config_log_channel: 'stderr'
snipe_it_config_log_max_days: 10
snipe_it_config_cookie_name: "_snipe_session"
snipe_it_config_cookie_domain: "{{ snipe_it_domain }}"
snipe_it_config_secure_cookies: true
snipe_it_config_session_driver: file
snipe_it_config_session_lifetime: 12000
snipe_it_config_cache_driver: file
snipe_it_config_cache_prefix: snipeit
snipe_it_config_queue_driver: file
snipe_it_base_config:
APP_VERSION: "{{ snipe_it_config_app_version }}"
APP_PORT: "{{ snipe_it_config_app_port }}"
APP_ENV: "{{ snipe_it_config_app_env }}"
APP_DEBUG: "{{ snipe_it_config_app_debug }}"
APP_KEY: "{{ snipe_it_config_app_key }}"
APP_URL: "{{ snipe_it_config_app_url }}"
APP_TIMEZONE: "{{ snipe_it_config_app_timezone }}"
APP_LOCALE: "{{ snipe_it_config_app_locale }}"
APP_LOCKED: "{{ snipe_it_config_app_locked }}"
APP_CIPHER: "{{ snipe_it_config_app_cipher }}"
APP_FORCE_TLS: "{{ snipe_it_config_app_force_tls }}"
APP_TRUSTED_PROXIES: "{{ snipe_it_config_app_trusted_proxies | join(',') }}"
DB_CONNECTION: "{{ snipe_it_config_db_connection }}"
DB_HOST: "{{ snipe_it_config_db_host }}"
DB_PORT: "{{ snipe_it_config_db_port }}"
DB_DATABASE: "{{ snipe_it_config_db_database }}"
DB_USERNAME: "{{ snipe_it_config_db_username }}"
DB_PASSWORD: "{{ snipe_it_config_db_password }}"
DB_PREFIX: "{{ snipe_it_config_db_prefix | default('null', true) }}"
DB_DUMP_PATH: "{{ snipe_it_config_db_dump_path }}"
DB_CHARSET: "{{ snipe_it_config_db_charset }}"
DB_COLLATION: "{{ snipe_it_config_db_collation }}"
DB_SSL: "{{ snipe_it_config_db_ssl }}"
DB_SSL_IS_PAAS: "{{ snipe_it_config_db_ssl_is_paas }}"
DB_SSL_KEY_PATH: "{{ snipe_it_config_db_ssl_key_path | default('null', true) }}"
DB_SSL_CERT_PATH: "{{ snipe_it_config_db_ssl_cert_path | default('null', true) }}"
DB_SSL_CA_PATH: "{{ snipe_it_config_db_ssl_ca_path | default('null', true) }}"
DB_SSL_CIPHER: "{{ snipe_it_config_db_ssl_cipher | default('null', true) }}"
DB_SSL_VERIFY_SERVER: "{{ snipe_it_config_db_ssl_verify_server | default('null', true) }}"
MAIL_MAILER: "{{ snipe_it_config_mail_mailer }}"
MAIL_HOST: "{{ snipe_it_config_mail_host }}"
MAIL_PORT: "{{ snipe_it_config_mail_port }}"
MAIL_USERNAME: "{{ snipe_it_config_mail_username }}"
MAIL_PASSWORD: "{{ snipe_it_config_mail_password }}"
MAIL_TLS_VERIFY_PEER: "{{ snipe_it_config_mail_tls_verify_peer }}"
MAIL_FROM_ADDR: "{{ snipe_it_config_mail_from_addr | default('null', true) }}"
MAIL_FROM_NAME: "{{ snipe_it_config_mail_from_name | default('null', true) }}"
MAIL_REPLYTO_ADDR: "{{ snipe_it_config_mail_replyto_addr | default('null', true) }}"
MAIL_REPLYTO_NAME: "{{ snipe_it_config_mail_replyto_name | default('null', true) }}"
MAIL_AUTO_EMBED_METHOD: "{{ snipe_it_config_mail_auto_embed_method }}"
MAIL_BACKUP_NOTIFICATION_DRIVER: "{{ snipe_it_config_mail_backup_notification_driver }}"
MAIL_BACKUP_NOTIFICATION_ADDRESS: "{{ snipe_it_config_mail_backup_notification_address }}"
SESSION_DRIVER: "{{ snipe_it_config_session_driver }}"
SESSION_LIFETIME: "{{ snipe_it_config_session_lifetime }}"
CACHE_DRIVER: "{{ snipe_it_config_cache_driver }}"
CACHE_PREFIX: "{{ snipe_it_config_cache_prefix }}"
QUEUE_DRIVER: "{{ snipe_it_config_queue_driver }}"
PRIVATE_FILESYSTEM_DISK: "{{ snipe_it_config_private_filesystem_disk }}"
PUBLIC_FILESYSTEM_DISK: "{{ snipe_it_config_public_filesystem_disk }}"
ALLOW_BACKUP_DELETE: "{{ snipe_it_config_allow_backup_delete }}"
ALLOW_DATA_PURGE: "{{ snipe_it_config_allow_data_purge }}"
IMAGE_LIB: "{{ snipe_it_config_image_lib }}"
LOG_CHANNEL: "{{ snipe_it_config_log_channel }}"
LOG_MAX_DAYS: "{{ snipe_it_config_log_max_days }}"
COOKIE_NAME: "{{ snipe_it_config_cookie_name }}"
COOKIE_DOMAIN: "{{ snipe_it_config_cookie_domain }}"
SECURE_COOKIES: "{{ snipe_it_config_secure_cookies }}"
snipe_it_config: ~
snipe_it_merged_config: >-2
{{ (snipe_it_base_config | default({}, true))
| combine((snipe_it_config | default({}, true)), recursive=True) }}

View File

@ -0,0 +1,48 @@
---
snipe_it_container_image_registry: docker.io
snipe_it_container_image_namespace: snipe
snipe_it_container_image_name: 'snipe-it'
snipe_it_container_image_tag: ~
snipe_it_container_image_flavour: alpine
snipe_it_container_image_source: pull
snipe_it_container_image_force_source: >-2
{{ snipe_it_container_image_tag | default(false, true) | bool }}
snipe_it_container_image: >-2
{{
([
snipe_it_container_image_registry | default([], true),
snipe_it_container_image_namespace | default([], true),
snipe_it_container_image_name,
] | flatten | join('/'))
+ ':'
+ (snipe_it_container_image_tag | default(
'v' + snipe_it_version + (
((snipe_it_container_image_flavour is string)
and (snipe_it_container_image_flavour | length > 0))
| ternary(
'-' + snipe_it_container_image_flavour | default('', true),
''
)
),
true
))
}}
snipe_it_container_env_file: "/var/www/html/.env"
snipe_it_container_data_directory: "/var/lib/snipeit/"
snipe_it_container_volumes:
- "{{ snipe_it_data_directory }}:{{ snipe_it_container_data_directory }}:z"
snipe_it_container_name: 'snipe-it'
snipe_it_container_state: >-2
{{ (snipe_it_state == 'present') | ternary('started', 'absent') }}
snipe_it_container_env: ~
snipe_it_container_user: ~
snipe_it_container_ports: ~
snipe_it_container_labels: ~
snipe_it_container_recreate: ~
snipe_it_container_networks: ~
snipe_it_container_etc_hosts: ~
snipe_it_container_dns_servers: ~
snipe_it_container_network_mode: ~
snipe_it_container_restart_policy: 'unless-stopped'

View File

@ -0,0 +1,9 @@
---
snipe_it_user: snipeit
snipe_it_version: "7.1.15"
snipe_it_domain: ~
snipe_it_state: present
snipe_it_deployment_method: docker
snipe_it_env_file: /etc/snipeit/env
snipe_it_data_directory: /var/lib/snipeit

View File

@ -0,0 +1,5 @@
---
snipe_it_run_user_id: >-2
{{ snipe_it_user_info.uid | default(snipe_it_user) }}
snipe_it_run_group_id: >-2
{{ snipe_it_user_info.group | default(snipe_it_user) }}

View File

@ -0,0 +1,12 @@
---
allow_duplicates: true
dependencies: []
galaxy_info:
role_name: snipe_it
description: >-2
Deploy Snipe-IT, an open-source asset / license management system with
powerful JSON REST API
galaxy_tags:
- snipeit
- asset-management
- docker

View File

@ -0,0 +1,14 @@
---
- name: Ensure state is valid
ansible.builtin.fail:
msg: >-2
Unsupported state '{{ snipe_it_state }}'!
Supported states are {{ snipe_it_states | join(', ') }}.
when: snipe_it_state is not in snipe_it_states
- name: Ensure deployment method is valid
ansible.builtin.fail:
msg: >-2
Unsupported deployment_method '{{ snipe_it_deployment_method }}'!
Supported values are {{ snipe_it_deployment_methods | join(', ') }}.
when: snipe_it_deployment_method is not in snipe_it_deployment_methods

View File

@ -0,0 +1,30 @@
---
- name: Ensure container image '{{ snipe_it_container_image }}' is {{ snipe_it_state }}
community.docker.docker_image:
name: "{{ snipe_it_container_image }}"
state: "{{ snipe_it_state }}"
source: "{{ snipe_it_container_image_source }}"
force_source: "{{ snipe_it_container_image_force_source }}"
register: snipe_it_container_image_info
until: snipe_it_container_image_info is success
retries: 5
delay: 3
- name: Ensure container '{{ snipe_it_container_name }}' is {{ snipe_it_container_state }}
community.docker.docker_container:
name: "{{ snipe_it_container_name }}"
image: "{{ snipe_it_container_image }}"
env_file: "{{ snipe_it_env_file }}"
env: "{{ snipe_it_container_env | default(omit, true) }}"
user: "{{ snipe_it_container_user | default(omit, true) }}"
ports: "{{ snipe_it_container_ports | default(omit, true) }}"
labels: "{{ snipe_it_container_labels | default(omit, true) }}"
volumes: "{{ snipe_it_container_volumes | default(omit, true) }}"
networks: "{{ snipe_it_container_networks | default(omit, true) }}"
etc_hosts: "{{ snipe_it_container_etc_hosts | default(omit, true) }}"
dns_servers: "{{ snipe_it_container_dns_servers | default(omit, true) }}"
network_mode: "{{ snipe_it_container_network_mode | default(omit, true) }}"
restart_policy: >-2
{{ snipe_it_container_restart_policy | default(omit, true) }}
recreate: "{{ snipe_it_container_recreate | default(omit, true) }}"
state: "{{ snipe_it_container_state }}"

View File

@ -0,0 +1,59 @@
---
- name: Check preconditions
ansible.builtin.include_tasks:
file: "check.yml"
- name: Ensure snipe-it user '{{ snipe_it_user }}' is {{ snipe_it_state }}
ansible.builtin.user:
name: "{{ snipe_it_user }}"
state: "{{ snipe_it_state }}"
system: "{{ snipe_it_user_system | default(true, true) }}"
create_home: "{{ snipe_it_user_create_home | default(false, true) }}"
groups: "{{ snipe_it_user_groups | default(omit, true) }}"
append: >-2
{{
snipe_it_user_groups_append | default(
snipe_it_user_groups | default([], true) | length > 0,
true,
)
}}
register: snipe_it_user_info
- name: Ensure snipe-it environment file is {{ snipe_it_state }}
ansible.builtin.file:
path: "{{ snipe_it_env_file }}"
state: "{{ snipe_it_state }}"
when: snipe_it_state == 'absent'
- name: Ensure snipe-it config directory is {{ snipe_it_state }}
ansible.builtin.file:
path: "{{ snipe_it_env_file | dirname }}"
state: "{{ (snipe_it_state == 'present') | ternary('directory', 'absent') }}"
owner: "{{ snipe_it_run_user_id }}"
group: "{{ snipe_it_run_group_id }}"
mode: "0755"
when: snipe_it_state == 'present'
- name: Ensure snipe-it data directory '{{ snipe_it_data_directory }}' is {{ snipe_it_state }}
ansible.builtin.file:
path: "{{ snipe_it_data_directory }}"
state: "{{ (snipe_it_state == 'present') | ternary('directory', 'absent') }}"
owner: "{{ snipe_it_run_user_id }}"
group: "{{ snipe_it_run_group_id }}"
mode: "0755"
- name: Ensure snipe-it environment file is templated
ansible.builtin.copy:
content: |+2
{% for entry in snipe_it_merged_config | dict2items %}
{{ entry.key }}={{ entry.value }}
{% endfor %}
dest: "{{ snipe_it_env_file }}"
owner: "{{ snipe_it_run_user_id }}"
group: "{{ snipe_it_run_group_id }}"
mode: "0640"
when: snipe_it_state == 'present'
- name: Deploy using {{ snipe_it_deployment_method }}
ansible.builtin.include_tasks:
file: "deploy-{{ snipe_it_deployment_method }}.yml"

View File

@ -0,0 +1,6 @@
---
snipe_it_states:
- present
- absent
snipe_it_deployment_methods:
- docker

View File

@ -1,6 +1,6 @@
---
vaultwarden_user: vaultwarden
vaultwarden_version: "1.32.2"
vaultwarden_version: "1.32.7"
vaultwarden_config_file: "/etc/vaultwarden/config.json"
vaultwarden_config_directory: "{{ vaultwarden_config_file | dirname }}"