Add mountnfs role

README.md

@@ -143,7 +143,7 @@ A playbook can be:
 
 # Setup
 
-1. Clone this repo
+1. Clone this repo `git clone git@gitgud.foo:javif89/ansible-starter-kit.git [your project name]`
 2. Run `setup.sh` to set up the vault password and become password
 3. Set up your hosts in `hosts.yml`
 4. Start making your roles and playbooks

group_vars/all.yml

@@ -8,3 +8,11 @@ pg_host: 10.89.0.102
 pg_port: 5432
 pg_user: postgres
 pg_password: password
+
+# Local paths
+docker_stacks: "{{ project_root }}/docker"
+assets: "{{ project_root }}/assets"
+
+# Remote paths
+remote_stacks: "/home/javi/docker"
+remote_app_mounts: "/home/docker"

roles/app/database/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+- name: Create app database
+  ansible.builtin.include_role:
+    name: postgres/database
+  vars:
+    database: "{{ app_name }}"
+
+- name: Create app db user 
+  ansible.builtin.include_role:
+    name: postgres/user
+  vars:
+    user: "{{ app_name }}"
+    password: "password"
+
+- name: Give app user full priviledges on DB 
+  ansible.builtin.include_role:
+    name: postgres/priviledges
+  vars:
+    database: "{{ app_name }}"
+    user: "{{ app_name }}"

roles/docker/install/tasks/main.yml

@@ -0,0 +1,45 @@
+---
+- name: Update apt cache
+  ansible.builtin.apt:
+    update_cache: yes
+
+- name: Install prerequisite packages
+  ansible.builtin.apt:
+    name:
+    - ca-certificates
+    - curl
+    state: present
+
+- name: Create apt keyrings directory
+  ansible.builtin.file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: '0755'
+
+- name: Download Docker GPG key
+  ansible.builtin.get_url:
+    url: "https://download.docker.com/linux/ubuntu/gpg"
+    dest: /etc/apt/keyrings/docker.asc
+    mode: '0644'
+
+- name: Add Docker apt repository
+  ansible.builtin.apt_repository:
+    repo: "deb [arch={{ docker_arch }} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
+    filename: docker
+    state: present
+  vars:
+    docker_arch: "{{ ansible_architecture | regex_replace('x86_64', 'amd64') }}"
+
+- name: Update apt cache after adding Docker repository
+  ansible.builtin.apt:
+    update_cache: true
+
+- name: Install Docker packages
+  ansible.builtin.apt:
+    name:
+    - docker-ce
+    - docker-ce-cli
+    - containerd.io
+    - docker-buildx-plugin
+    - docker-compose-plugin
+    state: present

roles/docker/portainer/tasks/main.yml

@@ -0,0 +1,22 @@
+- name: Pull Portainer Agent image
+  become: true
+  community.docker.docker_image:
+    name: portainer/agent
+    tag: latest
+    source: pull
+
+- name: Deploy Portainer Agent container
+  become: true
+  community.docker.docker_container:
+    name: portainer_agent
+    image: portainer/agent
+    pull: false           # we already pulled above
+    state: started
+    restart_policy: always
+    ports:
+      - "9001:9001"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/lib/docker/volumes:/var/lib/docker/volumes
+      - /:/host
+    timeout: 120      # wait up to 2m for it to come up

roles/docker/stack/defaults/main.yml

@@ -0,0 +1,2 @@
+apps: []
+stack_name: "willneverexist"

roles/docker/stack/tasks/main.yml

@@ -0,0 +1,27 @@
+---
+- name: Create app mount directories
+  ansible.builtin.file:
+    path: "{{ remote_app_mounts }}/{{ item }}"
+    state: directory
+    mode: '0777'
+  loop: "{{ apps }}"
+
+- name: Create stack directory
+  ansible.builtin.file:
+    path: "{{ remote_stacks }}/{{ stack_name }}"
+    state: directory
+    mode: '0777'
+
+- name: Copy docker-compose.yml to server
+  ansible.builtin.copy:
+    src: '{{ docker_stacks }}/{{ stack_name }}/docker-compose.yml'
+    dest: '{{ remote_stacks }}/{{ stack_name }}/docker-compose.yml'
+    owner: javi
+    group: javi
+    mode: '0777'
+
+- name: Start up the containers
+  ansible.builtin.command: docker compose up -d
+  become: true
+  args:
+    chdir: "{{ remote_stacks }}/{{ stack_name }}" 

roles/postgres/database/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+- name: Create database
+  delegate_to: localhost
+  community.postgresql.postgresql_db:
+    name: "{{ database }}"
+    state: present
+    login_host: "{{ pg_host }}"
+    login_port: "{{ pg_port }}"
+    login_user: "{{ pg_user }}"
+    login_password: "{{ pg_password }}"

roles/postgres/priviledges/defaults/main.yml

@@ -0,0 +1 @@
+priviledges: ALL

roles/postgres/priviledges/tasks/main.yml

@@ -0,0 +1,28 @@
+---
+- name: Grant database-level privileges on "{{ database }}"
+  delegate_to: localhost
+  community.postgresql.postgresql_privs:
+    db: "{{ database }}"
+    type: database
+    objs: "{{ database }}"
+    privs: "CREATE"
+    role: "{{ user }}"
+    state: present
+    login_host: "{{ pg_host }}"
+    login_port: "{{ pg_port }}"
+    login_user: "{{ pg_user }}"
+    login_password: "{{ pg_password }}"
+
+- name: Give user full priviledges on database
+  delegate_to: localhost
+  community.postgresql.postgresql_privs:
+    db: "{{ database }}"
+    type: schema
+    objs: public
+    privs: "{{ priviledges }}"
+    role: "{{ user }}"
+    state: present
+    login_host: "{{ pg_host }}"
+    login_port: "{{ pg_port }}"
+    login_user: "{{ pg_user }}"
+    login_password: "{{ pg_password }}"

roles/postgres/user/defaults/main.yml

@@ -0,0 +1 @@
+password: "password"

roles/postgres/user/tasks/main.yml

@@ -0,0 +1,11 @@
+---
+- name: Create postgres user
+  delegate_to: localhost
+  community.postgresql.postgresql_user:
+    name: "{{ user }}"
+    password: "{{ password }}"
+    state: present
+    login_host: "{{ pg_host }}"
+    login_port: "{{ pg_port }}"
+    login_user: "{{ pg_user }}"
+    login_password: "{{ pg_password }}"

roles/services/postgres/defaults/main.yml

@@ -0,0 +1,5 @@
+data_dir_mount: "/home/docker/postgres-data/"
+default_user: "postgres"
+default_password: "password"
+port: "5432"
+container_name: "postgres"

roles/services/postgres/tasks/main.yml

@@ -0,0 +1,20 @@
+- name: Create data folder
+  ansible.builtin.file:
+    dest: "{{data_dir_mount}}"
+    state: directory
+    mode: '0777'
+
+- name: Put up the postgres container
+  community.docker.docker_container:
+    name: "{{postgres_container_name}}"
+    image: postgres:17.4
+    restart: always
+    state: started
+    pull: true
+    ports:
+      - "{{ port }}:5432"
+    env:
+      POSTGRES_USER: "{{ default_user }}" 
+      POSTGRES_PASSWORD: "{{ default_password }}"
+    volumes:
+      - "{{ data_dir_mount }}:/var/lib/postgresql/data/"

roles/util/mount_nfs/defaults/main.yml

@@ -0,0 +1,3 @@
+mount_host: "{{ hostvars['nas'].ansible_host }}"
+share: "/mnt/main/media"
+mount_path: "/mnt/unspecifiedshare"

roles/util/mount_nfs/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+- name: Ensure NFS client is installed
+  ansible.builtin.package:
+    name: nfs-common
+    state: present
+  become: true
+
+- name: Create mount point directory
+  ansible.builtin.file:
+    path: "{{ mount_path }}"
+    state: directory
+    mode: '0777'
+  become: true
+
+- name: Mount share
+  ansible.posix.mount:
+    src: "{{ mount_host }}:{{ share }}"
+    path: "{{ mount_path }}"
+    fstype: nfs
+    state: mounted
+  become: true