diff --git a/README.md b/README.md index e863bfb..36cfb40 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,8 @@ | Prop | Value | | --- | --- | -| Hostname | `shamash` | -| Domains | `{,pad.,codi.,ci.,git.,jupyter.,plantuml.}pbrinkmeier.de`, `tichy.click`, `beany.club`, `vmd98928.contaboserver.net` | +| Hostname | `nanna` | +| Domains | `{,pad.,codi.,git.,plantuml.}pbrinkmeier.de`, `tichy.click`, `{utoy,vrnp}.beany.club` | ## Linting @@ -20,4 +20,4 @@ to avoid checking for a new version every single run. ## TODO -- [ ] Migrate to `community.docker.docker_compose_v2` (`v1` is deprecated) +- [x] Migrate to `community.docker.docker_compose_v2` (`v1` is deprecated) diff --git a/ansible/README.md b/ansible/README.md index f94a2f6..231061c 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -12,11 +12,11 @@ nix develop ## `misc.yaml` Server for miscellaneous stuff, e.g. the website. -Expects to have a user `andi` who can `sudo`. +Expects to have a user `paul who can `sudo`. Sets up: - Some basic packages -- Docker and `docker-compose` (the latter via `pip`) +- Docker and `docker-compose` - Nix multi-user installation ## `misc-docker.yaml` diff --git a/ansible/group_vars/misc/vars.yaml b/ansible/group_vars/misc/vars.yaml deleted file mode 100644 index 3f64ecc..0000000 --- a/ansible/group_vars/misc/vars.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# Has pw-less sudo -ansible_user: paul -ansible_python_interpreter: /usr/bin/python3 diff --git a/ansible/inventory b/ansible/inventory index 49e927a..4149031 100644 --- a/ansible/inventory +++ b/ansible/inventory @@ -1,5 +1,2 @@ -[misc] -vmd98928.contaboserver.net ansible_port=2309 - [gods] nanna diff --git a/ansible/playbooks/misc-all.yaml b/ansible/playbooks/misc-all.yaml deleted file mode 100644 index 8f7b45b..0000000 --- a/ansible/playbooks/misc-all.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# All tasks for misc, use this to check whether everything is deployed. ---- -- name: Set up basic packages, Docker, Nix, sshd - import_playbook: misc-setup.yaml -- name: Deploy Docker configuration - import_playbook: misc-docker.yaml -- name: Check out static websites from git - import_playbook: misc-sites.yaml diff --git a/ansible/playbooks/misc-docker.yaml b/ansible/playbooks/misc-docker.yaml deleted file mode 100644 index b007942..0000000 --- a/ansible/playbooks/misc-docker.yaml +++ /dev/null @@ -1,160 +0,0 @@ ---- -- name: Update Docker configuration on shamash - hosts: misc - tasks: - - name: Add users for running containers - become: true - ansible.builtin.user: - name: "{{ item.name }}" - uid: "{{ item.uid }}" - state: "{{ item.state }}" - create_home: false - system: true - loop: - - name: jupyter - uid: 42000 - state: present - - name: gitea - uid: 42001 - state: present - - name: factorio - uid: 845 - state: present - - name: hackmd - uid: 1500 - state: present - - - name: hedgedoc - uid: 10000 - state: absent - - name: bsa - uid: 42002 - state: absent - - name: score - uid: 42003 - state: absent - # All services that are behind Caddy need to be in this network - - name: Create Caddy network - become: true - community.docker.docker_network: - name: caddy-network - state: present - - name: Upload docker configuration - become: true - ansible.builtin.copy: - src: ../../docker/docker - dest: /etc/pbri - # Files should inaccessible to non-root users. - mode: u=rw,g=,o= - # Directories should be listable - directory_mode: u=rwx,g=rx,o=rx - - name: Upload and decrypt docker environment vars - become: true - ansible.builtin.copy: - src: "../../docker/envs/{{ item.name }}/.env" - dest: /etc/pbri/docker/{{ item.name }}/.env - # Files should inaccessible to non-root users. - mode: u=rw,g=,o= - # This is true by default but I put it here anyways - # to emphasize what's happening - decrypt: true - # Not quite happy with all the seperate loops yet. - loop: - - name: codi - state: present - - name: drone - state: present - - name: factorio - state: present - - name: gitea - state: present - - name: vrnp - state: present - - name: Create directory for docker volumes - become: true - ansible.builtin.file: - path: /var/lib/pbri/docker - state: directory - # Hide contents from non-root users - mode: u=rwx,g=,o= - - name: Create jupyter folders - become: true - ansible.builtin.file: - path: "/var/lib/pbri/docker/{{ item.name }}" - owner: "{{ item.user }}" - group: "{{ item.user }}" - state: directory - mode: u=rwx,g=,o= - loop: - - name: jupyter_data - user: jupyter - - name: jupyter_notebooks - user: jupyter - - name: Create Factorio data folder - become: true - ansible.builtin.file: - path: /var/lib/pbri/docker/factorio - state: directory - owner: factorio - group: factorio - mode: u=rwx,g=,o= - - name: Delete score data folder - become: true - ansible.builtin.file: - path: /var/lib/pbri/docker/score - state: absent - owner: score - group: score - mode: u=rwx,g=,o= - # Since some docker-compose configuration might want to pull - # images from the Gitea package repository, we need to ensure - # that Gitea is reachable before those configurations are deployed. - - name: Set up caddy and gitea containers - become: true - community.docker.docker_compose_v2: - project_src: "/etc/pbri/docker/{{ item.name }}" - state: "{{ item.state }}" - build: "always" - pull: "always" - loop: - - name: caddy - state: present - - name: gitea - state: present - # Before deploying the remaining configs below, we check that - # Gitea is reachable at git.pbrinkmeier.de - - name: Wait for gitea to be reachable - check_mode: false - ansible.builtin.uri: - method: GET - url: https://git.pbrinkmeier.de/api/v1/version - register: gitea_version_response - until: gitea_version_response.status == 200 - retries: 10 - delay: 5 # Retry every 5 seconds - - name: Set up other containers - become: true - community.docker.docker_compose_v2: - project_src: "/etc/pbri/docker/{{ item.name }}" - state: "{{ item.state }}" - build: "always" - pull: "always" - loop: - - name: drone - state: present - - name: codi - state: present - - name: jupyter - state: present - - name: utoy - state: present - - name: vrnp - state: present - - # Keep these to ensure they're down - - name: factorio - state: absent - - name: glebby - state: absent - - name: score - state: absent diff --git a/ansible/playbooks/misc-setup.yaml b/ansible/playbooks/misc-setup.yaml deleted file mode 100644 index 4545a33..0000000 --- a/ansible/playbooks/misc-setup.yaml +++ /dev/null @@ -1,74 +0,0 @@ ---- -- name: Basic setup for shamash (packages, Docker, Nix, sshd) - hosts: misc - tasks: - - name: Create /etc/pbri - become: true - ansible.builtin.file: - path: /etc/pbri - state: directory - mode: u=rwx,g=rx,o=rx - - name: Create /home/paul/{Sites,Source} - become: true - ansible.builtin.file: - path: "/home/paul/{{ item }}" - state: directory - owner: paul - group: paul - mode: u=rwx,g=rx,o=rx - loop: - - Sites - - Source - - name: Install basic packages - become: true - ansible.builtin.apt: - name: - - vim - - git - - htop - - tmux - update_cache: true - tags: - - apt - - name: Install and set up Docker and docker-compose - ansible.builtin.include_role: - name: docker - - name: Install and set up Nix - ansible.builtin.include_role: - name: install_nix - - name: Install pip prerequisites - become: true - ansible.builtin.apt: - name: - - python3-pip - - python3-setuptools - - python3-virtualenv - - name: Install global python docker package - become: true - ansible.builtin.pip: - name: - - docker - - docker-compose - - requests - - name: Configure sshd - become: true - ansible.builtin.copy: - dest: /etc/ssh/sshd_config.d/00_pbri.conf - mode: u=rw,g=r,o=r - # Included by /etc/ssh/sshd_config before other configuration - content: | - Port 2309 - PermitRootLogin no - PubkeyAuthentication yes - AuthorizedKeysFile .ssh/authorized_keys - PasswordAuthentication no - validate: /usr/sbin/sshd -T -f %s - notify: - - Restart sshd - - handlers: - - name: Restart sshd - become: true - ansible.builtin.service: - name: sshd - state: restarted diff --git a/ansible/playbooks/misc-sites.yaml b/ansible/playbooks/misc-sites.yaml deleted file mode 100644 index 8fdc003..0000000 --- a/ansible/playbooks/misc-sites.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: Check out static sites hosted on shamash - hosts: misc - tasks: - - name: Check out static sites - ansible.builtin.include_role: - name: checkout_static_sites - vars: - checkout_static_sites_config: - checkouts: - - path: /home/paul/Sites/pbrinkmeier.de - url: https://git.pbrinkmeier.de/paul/pbrinkmeier.de - commit: bab3208e61972851a5e609930a05e0d4322f8a06 - owner: paul - - path: /home/paul/Sites/tichy.click - url: https://github.com/pbrinkmeier/tichy-clicker - commit: 7dfb14183c765e3661fda84a7e89c2f73ca86f26 - owner: paul diff --git a/docker/docker/drone/README.md b/docker/docker/drone/README.md deleted file mode 100644 index 74da3b4..0000000 --- a/docker/docker/drone/README.md +++ /dev/null @@ -1,9 +0,0 @@ -Add a `.env` file like this: - -``` -DRONE_GITEA_CLIENT_ID=... -DRONE_GITEA_CLIENT_SECRET=... -DRONE_RPC_SECRET=... -``` - -See also: https://docs.drone.io/server/provider/gitea/. diff --git a/docker/docker/drone/docker-compose.yaml b/docker/docker/drone/docker-compose.yaml deleted file mode 100644 index 53a2c65..0000000 --- a/docker/docker/drone/docker-compose.yaml +++ /dev/null @@ -1,30 +0,0 @@ -services: - drone: - image: drone/drone:2 - environment: - DRONE_GITEA_SERVER: https://git.pbrinkmeier.de - DRONE_GITEA_CLIENT_ID: "${DRONE_GITEA_CLIENT_ID}" - DRONE_GITEA_CLIENT_SECRET: "${DRONE_GITEA_CLIENT_SECRET}" - DRONE_RPC_SECRET: "${DRONE_RPC_SECRET}" - DRONE_SERVER_HOST: ci.pbrinkmeier.de - DRONE_SERVER_PROTO: https - volumes: - - /var/lib/pbri/docker/drone:/data - restart: unless-stopped - - drone_runner: - image: drone/drone-runner-docker:1 - environment: - DRONE_RPC_PROTO: https - DRONE_RPC_HOST: ci.pbrinkmeier.de - DRONE_RPC_SECRET: "${DRONE_RPC_SECRET}" - DRONE_RUNNER_CAPACITY: 1 - DRONE_RUNNER_NAME: shamash - volumes: - - /var/run/docker.sock:/var/run/docker.sock - restart: unless-stopped - -networks: - default: - name: caddy-network - external: true diff --git a/docker/docker/factorio/Dockerfile b/docker/docker/factorio/Dockerfile deleted file mode 100644 index 5bdd659..0000000 --- a/docker/docker/factorio/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM factoriotools/factorio:1.1.87 - -COPY server-settings.json /server-settings.json -ENTRYPOINT [ "/bin/sh", "-c", "mkdir -p /factorio/config && envsubst < /server-settings.json > /factorio/config/server-settings.json && exec /docker-entrypoint.sh" ] diff --git a/docker/docker/factorio/README.md b/docker/docker/factorio/README.md deleted file mode 100644 index 6a49520..0000000 --- a/docker/docker/factorio/README.md +++ /dev/null @@ -1,10 +0,0 @@ -# factorio - -Add a `.env` file like this: - -``` -GAME_PASSWORD=... -``` - -Environment variables are put into `server-settings.json` during startup using `envsubst`. -See also: https://hub.docker.com/r/factoriotools/factorio. diff --git a/docker/docker/factorio/docker-compose.yaml b/docker/docker/factorio/docker-compose.yaml deleted file mode 100644 index 6d45005..0000000 --- a/docker/docker/factorio/docker-compose.yaml +++ /dev/null @@ -1,12 +0,0 @@ -services: - gitea: - image: pbrinkmeier/factorio - build: . - restart: always - environment: - GAME_PASSWORD: "${GAME_PASSWORD}" - volumes: - - /var/lib/pbri/docker/factorio:/factorio - ports: - - "34197:34197/udp" - - "27015:27015/tcp" diff --git a/docker/docker/factorio/server-settings.json b/docker/docker/factorio/server-settings.json deleted file mode 100644 index 90fe206..0000000 --- a/docker/docker/factorio/server-settings.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "name": "le epic factorio server", - "description": "Description of the game that will appear in the listing", - "tags": ["game", "tags"], - - "_comment_max_players": "Maximum number of players allowed, admins can join even a full server. 0 means unlimited.", - "max_players": 0, - - "_comment_visibility": ["public: Game will be published on the official Factorio matching server", - "lan: Game will be broadcast on LAN"], - "visibility": - { - "public": false, - "lan": false - }, - - "_comment_credentials": "Your factorio.com login credentials. Required for games with visibility public", - "username": "", - "password": "", - - "_comment_token": "Authentication token. May be used instead of 'password' above.", - "token": "", - - "game_password": "", - - "_comment_require_user_verification": "When set to true, the server will only allow clients that have a valid Factorio.com account", - "require_user_verification": false, - - "_comment_max_upload_in_kilobytes_per_second" : "optional, default value is 0. 0 means unlimited.", - "max_upload_in_kilobytes_per_second": 0, - - "_comment_max_upload_slots" : "optional, default value is 5. 0 means unlimited.", - "max_upload_slots": 5, - - "_comment_minimum_latency_in_ticks": "optional one tick is 16ms in default speed, default value is 0. 0 means no minimum.", - "minimum_latency_in_ticks": 0, - - "_comment_max_heartbeats_per_second": "Network tick rate. Maximum rate game updates packets are sent at before bundling them together. Minimum value is 6, maximum value is 240.", - "max_heartbeats_per_second": 60, - - "_comment_ignore_player_limit_for_returning_players": "Players that played on this map already can join even when the max player limit was reached.", - "ignore_player_limit_for_returning_players": false, - - "_comment_allow_commands": "possible values are, true, false and admins-only", - "allow_commands": "admins-only", - - "_comment_autosave_interval": "Autosave interval in minutes", - "autosave_interval": 10, - - "_comment_autosave_slots": "server autosave slots, it is cycled through when the server autosaves.", - "autosave_slots": 5, - - "_comment_afk_autokick_interval": "How many minutes until someone is kicked when doing nothing, 0 for never.", - "afk_autokick_interval": 5, - - "_comment_auto_pause": "Whether should the server be paused when no players are present.", - "auto_pause": true, - - "only_admins_can_pause_the_game": true, - - "_comment_autosave_only_on_server": "Whether autosaves should be saved only on server or also on all connected clients. Default is true.", - "autosave_only_on_server": true, - - "_comment_non_blocking_saving": "Highly experimental feature, enable only at your own risk of losing your saves. On UNIX systems, server will fork itself to create an autosave. Autosaving on connected Windows clients will be disabled regardless of autosave_only_on_server option.", - "non_blocking_saving": false, - - "_comment_segment_sizes": "Long network messages are split into segments that are sent over multiple ticks. Their size depends on the number of peers currently connected. Increasing the segment size will increase upload bandwidth requirement for the server and download bandwidth requirement for clients. This setting only affects server outbound messages. Changing these settings can have a negative impact on connection stability for some clients.", - "minimum_segment_size": 25, - "minimum_segment_size_peer_count": 20, - "maximum_segment_size": 100, - "maximum_segment_size_peer_count": 10 - } diff --git a/docker/docker/glebby/docker-compose.yaml b/docker/docker/glebby/docker-compose.yaml deleted file mode 100644 index 08ad17a..0000000 --- a/docker/docker/glebby/docker-compose.yaml +++ /dev/null @@ -1,9 +0,0 @@ -services: - glebby: - image: git.pbrinkmeier.de/paul/glebby:1.1-prod - restart: always - -networks: - default: - name: caddy-network - external: true diff --git a/docker/docker/jupyter/docker-compose.yaml b/docker/docker/jupyter/docker-compose.yaml deleted file mode 100644 index bd609e1..0000000 --- a/docker/docker/jupyter/docker-compose.yaml +++ /dev/null @@ -1,13 +0,0 @@ -services: - jupyter: - image: git.pbrinkmeier.de/paul/jup:1.5 - user: "42000" - volumes: - - /var/lib/pbri/docker/jupyter_data:/data - - /var/lib/pbri/docker/jupyter_notebooks:/notebooks - restart: always - -networks: - default: - name: caddy-network - external: true diff --git a/docker/docker/score/README.md b/docker/docker/score/README.md deleted file mode 100644 index 90521fa..0000000 --- a/docker/docker/score/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# score - -Seems to not be maintained anymore. diff --git a/docker/docker/score/docker-compose.yaml b/docker/docker/score/docker-compose.yaml deleted file mode 100644 index 1e05e43..0000000 --- a/docker/docker/score/docker-compose.yaml +++ /dev/null @@ -1,14 +0,0 @@ -services: - score: - image: ghcr.io/lbrocke/score:v1.0.2 - user: "42003:42003" - environment: - SCORE_LISTEN: 0.0.0.0:8080 - volumes: - - /var/lib/pbri/docker/score:/data - restart: unless-stopped - -networks: - default: - name: caddy-network - external: true diff --git a/docker/envs/drone/.env b/docker/envs/drone/.env deleted file mode 100644 index 19bbbd6..0000000 --- a/docker/envs/drone/.env +++ /dev/null @@ -1,14 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -31333834393366333930346366373931333930646233383664643463393965303238613430646638 -6461373434616433353337643131396462326537346434380a386562633335346436303662336362 -62333739626237323334333666633162616338313932393261303231353539623237383638643030 -3364393934653232310a383065386530373433393635313665353532666361303436613337316565 -32306233336134383531633232393862303466373331373764376462653736663861663366323762 -65666263366461396362386264613830336435346234386234333562616131653938386439336566 -34386461343433346363336161373038303434383563303564653533623939613937323030636362 -66636639643963613236366138646335393831366432333637333065326162646237643561336666 -61323833333337633861646462393930663733333266336233663630396532366566303835653431 -38363365383166393765343735363030363562313837643837313864373735643264663264643633 -66306261633666616363666562306632613032373231633730313638383033633761653661383738 -39623630643766663438656635653530626664313765633430646330356333306239653437373839 -3933 diff --git a/docker/envs/factorio/.env b/docker/envs/factorio/.env deleted file mode 100644 index cd898f0..0000000 --- a/docker/envs/factorio/.env +++ /dev/null @@ -1,7 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -32356463313330336636636363646138393236636233326132623165353962623565356364396530 -3636336532396665333637653432353332643434643962390a313162343836306435383536313937 -36656632356366303561366536373535383538303730386239386437323466346533353634306436 -3930633464353235360a653936333734353137313363316261366666353238366566613865366463 -32393431343439383733343766323831643561663938376264336331306139646337343633346536 -3236343538323032636666366639303539316236393535323661