paul/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Delete unused stuff
All checks were successful
Check / Lint Ansible Files (push) Successful in 2m43s
Details

Browse Source
This commit is contained in:
Paul Brinkmeier 2025-01-24 22:58:34 +01:00
parent c3191eb3b8
commit a59982b463
20 changed files with 5 additions and 469 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -4,8 +4,8 @@
| Prop | Value | | Prop | Value |
| --- | --- | | --- | --- |
| Hostname | `shamash` | | Hostname | `nanna` |
| Domains | `{,pad.,codi.,ci.,git.,jupyter.,plantuml.}pbrinkmeier.de`, `tichy.click`, `beany.club`, `vmd98928.contaboserver.net` | | Domains | `{,pad.,codi.,git.,plantuml.}pbrinkmeier.de`, `tichy.click`, `{utoy,vrnp}.beany.club` |
## Linting ## Linting
@ -20,4 +20,4 @@ to avoid checking for a new version every single run.
## TODO ## TODO
- [ ] Migrate to `community.docker.docker_compose_v2` (`v1` is deprecated) - [x] Migrate to `community.docker.docker_compose_v2` (`v1` is deprecated)

4
ansible/README.md
View File

@ -12,11 +12,11 @@ nix develop
## `misc.yaml` ## `misc.yaml`
Server for miscellaneous stuff, e.g. the website. Server for miscellaneous stuff, e.g. the website.
Expects to have a user `andi` who can `sudo`. Expects to have a user `paul who can `sudo`.
Sets up: Sets up:
- Some basic packages - Some basic packages
- Docker and `docker-compose` (the latter via `pip`) - Docker and `docker-compose`
- Nix multi-user installation - Nix multi-user installation
## `misc-docker.yaml` ## `misc-docker.yaml`

4
ansible/group_vars/misc/vars.yaml
View File

@ -1,4 +0,0 @@
---
# Has pw-less sudo
ansible_user: paul
ansible_python_interpreter: /usr/bin/python3

3
ansible/inventory
View File

@ -1,5 +1,2 @@
[misc]
vmd98928.contaboserver.net ansible_port=2309
[gods] [gods]
nanna nanna

8
ansible/playbooks/misc-all.yaml
View File

@ -1,8 +0,0 @@
# All tasks for misc, use this to check whether everything is deployed.
---
- name: Set up basic packages, Docker, Nix, sshd
import_playbook: misc-setup.yaml
- name: Deploy Docker configuration
import_playbook: misc-docker.yaml
- name: Check out static websites from git
import_playbook: misc-sites.yaml

160
ansible/playbooks/misc-docker.yaml
View File

@ -1,160 +0,0 @@
---
- name: Update Docker configuration on shamash
hosts: misc
tasks:
- name: Add users for running containers
become: true
ansible.builtin.user:
name: "{{ item.name }}"
uid: "{{ item.uid }}"
state: "{{ item.state }}"
create_home: false
system: true
loop:
- name: jupyter
uid: 42000
state: present
- name: gitea
uid: 42001
state: present
- name: factorio
uid: 845
state: present
- name: hackmd
uid: 1500
state: present
- name: hedgedoc
uid: 10000
state: absent
- name: bsa
uid: 42002
state: absent
- name: score
uid: 42003
state: absent
# All services that are behind Caddy need to be in this network
- name: Create Caddy network
become: true
community.docker.docker_network:
name: caddy-network
state: present
- name: Upload docker configuration
become: true
ansible.builtin.copy:
src: ../../docker/docker
dest: /etc/pbri
# Files should inaccessible to non-root users.
mode: u=rw,g=,o=
# Directories should be listable
directory_mode: u=rwx,g=rx,o=rx
- name: Upload and decrypt docker environment vars
become: true
ansible.builtin.copy:
src: "../../docker/envs/{{ item.name }}/.env"
dest: /etc/pbri/docker/{{ item.name }}/.env
# Files should inaccessible to non-root users.
mode: u=rw,g=,o=
# This is true by default but I put it here anyways
# to emphasize what's happening
decrypt: true
# Not quite happy with all the seperate loops yet.
loop:
- name: codi
state: present
- name: drone
state: present
- name: factorio
state: present
- name: gitea
state: present
- name: vrnp
state: present
- name: Create directory for docker volumes
become: true
ansible.builtin.file:
path: /var/lib/pbri/docker
state: directory
# Hide contents from non-root users
mode: u=rwx,g=,o=
- name: Create jupyter folders
become: true
ansible.builtin.file:
path: "/var/lib/pbri/docker/{{ item.name }}"
owner: "{{ item.user }}"
group: "{{ item.user }}"
state: directory
mode: u=rwx,g=,o=
loop:
- name: jupyter_data
user: jupyter
- name: jupyter_notebooks
user: jupyter
- name: Create Factorio data folder
become: true
ansible.builtin.file:
path: /var/lib/pbri/docker/factorio
state: directory
owner: factorio
group: factorio
mode: u=rwx,g=,o=
- name: Delete score data folder
become: true
ansible.builtin.file:
path: /var/lib/pbri/docker/score
state: absent
owner: score
group: score
mode: u=rwx,g=,o=
# Since some docker-compose configuration might want to pull
# images from the Gitea package repository, we need to ensure
# that Gitea is reachable before those configurations are deployed.
- name: Set up caddy and gitea containers
become: true
community.docker.docker_compose_v2:
project_src: "/etc/pbri/docker/{{ item.name }}"
state: "{{ item.state }}"
build: "always"
pull: "always"
loop:
- name: caddy
state: present
- name: gitea
state: present
# Before deploying the remaining configs below, we check that
# Gitea is reachable at git.pbrinkmeier.de
- name: Wait for gitea to be reachable
check_mode: false
ansible.builtin.uri:
method: GET
url: https://git.pbrinkmeier.de/api/v1/version
register: gitea_version_response
until: gitea_version_response.status == 200
retries: 10
delay: 5 # Retry every 5 seconds
- name: Set up other containers
become: true
community.docker.docker_compose_v2:
project_src: "/etc/pbri/docker/{{ item.name }}"
state: "{{ item.state }}"
build: "always"
pull: "always"
loop:
- name: drone
state: present
- name: codi
state: present
- name: jupyter
state: present
- name: utoy
state: present
- name: vrnp
state: present
# Keep these to ensure they're down
- name: factorio
state: absent
- name: glebby
state: absent
- name: score
state: absent

74
ansible/playbooks/misc-setup.yaml
View File

@ -1,74 +0,0 @@
---
- name: Basic setup for shamash (packages, Docker, Nix, sshd)
hosts: misc
tasks:
- name: Create /etc/pbri
become: true
ansible.builtin.file:
path: /etc/pbri
state: directory
mode: u=rwx,g=rx,o=rx
- name: Create /home/paul/{Sites,Source}
become: true
ansible.builtin.file:
path: "/home/paul/{{ item }}"
state: directory
owner: paul
group: paul
mode: u=rwx,g=rx,o=rx
loop:
- Sites
- Source
- name: Install basic packages
become: true
ansible.builtin.apt:
name:
- vim
- git
- htop
- tmux
update_cache: true
tags:
- apt
- name: Install and set up Docker and docker-compose
ansible.builtin.include_role:
name: docker
- name: Install and set up Nix
ansible.builtin.include_role:
name: install_nix
- name: Install pip prerequisites
become: true
ansible.builtin.apt:
name:
- python3-pip
- python3-setuptools
- python3-virtualenv
- name: Install global python docker package
become: true
ansible.builtin.pip:
name:
- docker
- docker-compose
- requests
- name: Configure sshd
become: true
ansible.builtin.copy:
dest: /etc/ssh/sshd_config.d/00_pbri.conf
mode: u=rw,g=r,o=r
# Included by /etc/ssh/sshd_config before other configuration
content: |
Port 2309
PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
validate: /usr/sbin/sshd -T -f %s
notify:
- Restart sshd
handlers:
- name: Restart sshd
become: true
ansible.builtin.service:
name: sshd
state: restarted

18
ansible/playbooks/misc-sites.yaml
View File

@ -1,18 +0,0 @@
---
- name: Check out static sites hosted on shamash
hosts: misc
tasks:
- name: Check out static sites
ansible.builtin.include_role:
name: checkout_static_sites
vars:
checkout_static_sites_config:
checkouts:
- path: /home/paul/Sites/pbrinkmeier.de
url: https://git.pbrinkmeier.de/paul/pbrinkmeier.de
commit: bab3208e61972851a5e609930a05e0d4322f8a06
owner: paul
- path: /home/paul/Sites/tichy.click
url: https://github.com/pbrinkmeier/tichy-clicker
commit: 7dfb14183c765e3661fda84a7e89c2f73ca86f26
owner: paul

9
docker/docker/drone/README.md
View File

@ -1,9 +0,0 @@
Add a `.env` file like this:
```
DRONE_GITEA_CLIENT_ID=...
DRONE_GITEA_CLIENT_SECRET=...
DRONE_RPC_SECRET=...
```
See also: https://docs.drone.io/server/provider/gitea/.

30
docker/docker/drone/docker-compose.yaml
View File

@ -1,30 +0,0 @@
services:
drone:
image: drone/drone:2
environment:
DRONE_GITEA_SERVER: https://git.pbrinkmeier.de
DRONE_GITEA_CLIENT_ID: "${DRONE_GITEA_CLIENT_ID}"
DRONE_GITEA_CLIENT_SECRET: "${DRONE_GITEA_CLIENT_SECRET}"
DRONE_RPC_SECRET: "${DRONE_RPC_SECRET}"
DRONE_SERVER_HOST: ci.pbrinkmeier.de
DRONE_SERVER_PROTO: https
volumes:
- /var/lib/pbri/docker/drone:/data
restart: unless-stopped
drone_runner:
image: drone/drone-runner-docker:1
environment:
DRONE_RPC_PROTO: https
DRONE_RPC_HOST: ci.pbrinkmeier.de
DRONE_RPC_SECRET: "${DRONE_RPC_SECRET}"
DRONE_RUNNER_CAPACITY: 1
DRONE_RUNNER_NAME: shamash
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: unless-stopped
networks:
default:
name: caddy-network
external: true

4
docker/docker/factorio/Dockerfile
View File

@ -1,4 +0,0 @@
FROM factoriotools/factorio:1.1.87
COPY server-settings.json /server-settings.json
ENTRYPOINT [ "/bin/sh", "-c", "mkdir -p /factorio/config && envsubst < /server-settings.json > /factorio/config/server-settings.json && exec /docker-entrypoint.sh" ]

10
docker/docker/factorio/README.md
View File

@ -1,10 +0,0 @@
# factorio
Add a `.env` file like this:
```
GAME_PASSWORD=...
```
Environment variables are put into `server-settings.json` during startup using `envsubst`.
See also: https://hub.docker.com/r/factoriotools/factorio.

12
docker/docker/factorio/docker-compose.yaml
View File

@ -1,12 +0,0 @@
services:
gitea:
image: pbrinkmeier/factorio
build: .
restart: always
environment:
GAME_PASSWORD: "${GAME_PASSWORD}"
volumes:
- /var/lib/pbri/docker/factorio:/factorio
ports:
- "34197:34197/udp"
- "27015:27015/tcp"

72
docker/docker/factorio/server-settings.json
View File

@ -1,72 +0,0 @@
{
"name": "le epic factorio server",
"description": "Description of the game that will appear in the listing",
"tags": ["game", "tags"],
"_comment_max_players": "Maximum number of players allowed, admins can join even a full server. 0 means unlimited.",
"max_players": 0,
"_comment_visibility": ["public: Game will be published on the official Factorio matching server",
"lan: Game will be broadcast on LAN"],
"visibility":
{
"public": false,
"lan": false
},
"_comment_credentials": "Your factorio.com login credentials. Required for games with visibility public",
"username": "",
"password": "",
"_comment_token": "Authentication token. May be used instead of 'password' above.",
"token": "",
"game_password": "",
"_comment_require_user_verification": "When set to true, the server will only allow clients that have a valid Factorio.com account",
"require_user_verification": false,
"_comment_max_upload_in_kilobytes_per_second" : "optional, default value is 0. 0 means unlimited.",
"max_upload_in_kilobytes_per_second": 0,
"_comment_max_upload_slots" : "optional, default value is 5. 0 means unlimited.",
"max_upload_slots": 5,
"_comment_minimum_latency_in_ticks": "optional one tick is 16ms in default speed, default value is 0. 0 means no minimum.",
"minimum_latency_in_ticks": 0,
"_comment_max_heartbeats_per_second": "Network tick rate. Maximum rate game updates packets are sent at before bundling them together. Minimum value is 6, maximum value is 240.",
"max_heartbeats_per_second": 60,
"_comment_ignore_player_limit_for_returning_players": "Players that played on this map already can join even when the max player limit was reached.",
"ignore_player_limit_for_returning_players": false,
"_comment_allow_commands": "possible values are, true, false and admins-only",
"allow_commands": "admins-only",
"_comment_autosave_interval": "Autosave interval in minutes",
"autosave_interval": 10,
"_comment_autosave_slots": "server autosave slots, it is cycled through when the server autosaves.",
"autosave_slots": 5,
"_comment_afk_autokick_interval": "How many minutes until someone is kicked when doing nothing, 0 for never.",
"afk_autokick_interval": 5,
"_comment_auto_pause": "Whether should the server be paused when no players are present.",
"auto_pause": true,
"only_admins_can_pause_the_game": true,
"_comment_autosave_only_on_server": "Whether autosaves should be saved only on server or also on all connected clients. Default is true.",
"autosave_only_on_server": true,
"_comment_non_blocking_saving": "Highly experimental feature, enable only at your own risk of losing your saves. On UNIX systems, server will fork itself to create an autosave. Autosaving on connected Windows clients will be disabled regardless of autosave_only_on_server option.",
"non_blocking_saving": false,
"_comment_segment_sizes": "Long network messages are split into segments that are sent over multiple ticks. Their size depends on the number of peers currently connected. Increasing the segment size will increase upload bandwidth requirement for the server and download bandwidth requirement for clients. This setting only affects server outbound messages. Changing these settings can have a negative impact on connection stability for some clients.",
"minimum_segment_size": 25,
"minimum_segment_size_peer_count": 20,
"maximum_segment_size": 100,
"maximum_segment_size_peer_count": 10
}

9
docker/docker/glebby/docker-compose.yaml
View File

@ -1,9 +0,0 @@
services:
glebby:
image: git.pbrinkmeier.de/paul/glebby:1.1-prod
restart: always
networks:
default:
name: caddy-network
external: true

13
docker/docker/jupyter/docker-compose.yaml
View File

@ -1,13 +0,0 @@
services:
jupyter:
image: git.pbrinkmeier.de/paul/jup:1.5
user: "42000"
volumes:
- /var/lib/pbri/docker/jupyter_data:/data
- /var/lib/pbri/docker/jupyter_notebooks:/notebooks
restart: always
networks:
default:
name: caddy-network
external: true

3
docker/docker/score/README.md
View File

@ -1,3 +0,0 @@
# score
Seems to not be maintained anymore.

14
docker/docker/score/docker-compose.yaml
View File

@ -1,14 +0,0 @@
services:
score:
image: ghcr.io/lbrocke/score:v1.0.2
user: "42003:42003"
environment:
SCORE_LISTEN: 0.0.0.0:8080
volumes:
- /var/lib/pbri/docker/score:/data
restart: unless-stopped
networks:
default:
name: caddy-network
external: true

14
docker/envs/drone/.env
View File

@ -1,14 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
31333834393366333930346366373931333930646233383664643463393965303238613430646638
6461373434616433353337643131396462326537346434380a386562633335346436303662336362
62333739626237323334333666633162616338313932393261303231353539623237383638643030
3364393934653232310a383065386530373433393635313665353532666361303436613337316565
32306233336134383531633232393862303466373331373764376462653736663861663366323762
65666263366461396362386264613830336435346234386234333562616131653938386439336566
34386461343433346363336161373038303434383563303564653533623939613937323030636362
66636639643963613236366138646335393831366432333637333065326162646237643561336666
61323833333337633861646462393930663733333266336233663630396532366566303835653431
38363365383166393765343735363030363562313837643837313864373735643264663264643633
66306261633666616363666562306632613032373231633730313638383033633761653661383738
39623630643766663438656635653530626664313765633430646330356333306239653437373839
3933

7
docker/envs/factorio/.env
View File

@ -1,7 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
32356463313330336636636363646138393236636233326132623165353962623565356364396530
3636336532396665333637653432353332643434643962390a313162343836306435383536313937
36656632356366303561366536373535383538303730386239386437323466346533353634306436
3930633464353235360a653936333734353137313363316261366666353238366566613865366463
32393431343439383733343766323831643561663938376264336331306139646337343633346536
3236343538323032636666366639303539316236393535323661