chore: various improvements (#17)

* chore: increase default timeout * chore: inherit from 'parent service' by default * chore: remove deprecated var * chore: ensure consistent 'port' var names * chore: remove obsolete var * fix(compose-template): set hostname for services * fix: set appropriate file permissions on templated files * feat(unifi): use vars for ports * chore: use new role dir name
netr0m · Aug 2, 2024 · 0a94388 · 0a94388
1 parent 8d9086c
commit 0a94388
Show file tree

Hide file tree

Showing 27 changed files with 83 additions and 46 deletions.
diff --git a/defaults/main/authentik.yml b/defaults/main/authentik.yml
@@ -56,6 +56,8 @@ infra_authentik_directory_group: "{{ infra_directory_group }}"
 infra_authentik_directory_mode: "{{ infra_directory_mode }}"
 
 ## File paths
+# File mode
+infra_authentik_file_mode: "{{ infra_file_mode }}"
 # authentik compose file path
 infra_authentik_compose_path: "{{ infra_authentik_directory_path }}/compose.yml"
 # authentik env file path

diff --git a/defaults/main/godns.yml b/defaults/main/godns.yml
@@ -50,6 +50,8 @@ infra_godns_directory_group: "{{ infra_directory_group }}"
 infra_godns_directory_mode: "{{ infra_directory_mode }}"
 
 ## File paths
+# File mode
+infra_godns_file_mode: "{{ infra_file_mode }}"
 # godns compose file path
 infra_godns_compose_path: "{{ infra_godns_directory_path }}/compose.yml"
 # godns env file path

diff --git a/defaults/main/graylog.yml b/defaults/main/graylog.yml
@@ -47,6 +47,8 @@ infra_graylog_directory_group: "{{ infra_directory_group }}"
 infra_graylog_directory_mode: "{{ infra_directory_mode }}"
 
 ## File paths
+# File mode
+infra_graylog_file_mode: "{{ infra_file_mode }}"
 # graylog compose file path
 infra_graylog_compose_path: "{{ infra_graylog_directory_path }}/compose.yml"
 # graylog env file path

diff --git a/defaults/main/main.yml b/defaults/main/main.yml
@@ -20,37 +20,36 @@ infra_domain_ext: ~
 # Manage directories
 infra_manage_directories: true
 # Directory to store service data
-infra_directory_path: '/opt/infra'
+infra_directory_path: '/opt/netr0m.infra'
 # Default permissions
 infra_directory_owner: "{{ infra_user_name }}"
 infra_directory_group: "{{ infra_group_name }}"
 infra_directory_mode: 740
+infra_file_mode: 640
 
 ### Docker ###
 # Default restart policy
 infra_restart_policy: always
 # Max. wait time for compose deployment
-infra_compose_wait_timeout: 60
+infra_compose_wait_timeout: 120
 
 ### Services ###
-# Whether to force pull container images
-infra_force_pull: false
 # Configure Graylog
 infra_use_graylog: true
 # Configure MongoDB for the Graylog server
-infra_use_graylog_db: true
+infra_use_graylog_db: "{{ infra_use_graylog }}"
 # Configure PiHole
 infra_use_pihole: true
 # Configure unbound as a recursive DNS resolver for pihole
-infra_use_unbound: true
+infra_use_unbound: "{{ infra_use_pihole }}"
 # Configure Unifi Controller
 infra_use_unifi: false
 # Configure MongoDB for the Unifi Controller
 infra_use_unifi_db: "{{ infra_use_unifi }}"
 # Configure wireguard
 infra_use_wireguard: false
 # Configure wireguard-ui
-infra_use_wireguard_ui: false
+infra_use_wireguard_ui: "{{ infra_use_wireguard }}"
 # Configure Vaultwarden
 infra_use_vaultwarden: true
 # Configure Authentik

diff --git a/defaults/main/pihole.yml b/defaults/main/pihole.yml
@@ -61,9 +61,9 @@ infra_pihole_restart_policy: "{{ infra_restart_policy }}"
 # Memory limit for the pihole container
 infra_pihole_container_memory: 2g
 # Host port for the web UI
-infra_pihole_container_port_web: 8053
+infra_pihole_port_web: 8053
 # Host port for the DNS service
-infra_pihole_container_port_dns: 53
+infra_pihole_port_dns: 53
 # Max. wait time for pihole compose deployment
 infra_pihole_compose_wait_timeout: 300
 

diff --git a/defaults/main/unifi.yml b/defaults/main/unifi.yml
@@ -34,6 +34,8 @@ infra_unifi_directory_group: "{{ infra_directory_group }}"
 infra_unifi_directory_mode: "{{ infra_directory_mode }}"
 
 ## File paths
+# File mode
+infra_unifi_file_mode: "{{ infra_file_mode }}"
 # unifi compose file path
 infra_unifi_compose_path: "{{ infra_unifi_directory_path }}/compose.yml"
 # unifi env file path
@@ -70,6 +72,24 @@ infra_unifi_restart_policy: "{{ infra_restart_policy }}"
 infra_unifi_container_memory: 4g
 # Memory limit for the unifi MongoDB container
 infra_unifi_db_container_memory: 1g
+# Admin UI port for the unifi server
+infra_unifi_port_admin: 8443
+# Device communications port for the unifi server
+infra_unifi_port_device_comms: 8080
+# Guest portal (https) port for the unifi server
+infra_unifi_port_guest_portal_https: 8843
+# Guest portal (http) port for the unifi server
+infra_unifi_port_guest_portal_http: 8880
+# Mobile throughput test port for the unifi server
+infra_unifi_port_throughput: 6789
+# STUN port for the unifi server
+infra_unifi_port_stun: 3478
+# AP Discovery port for the unifi server
+infra_unifi_port_discovery: 10001
+# Layer 2 discovery port for the unifi server
+infra_unifi_port_l2_discovery: 1900
+# Syslog port for the unifi server
+infra_unifi_port_syslog: 5514
 
 ## Docker volume configs
 # Name of the config Docker volume

diff --git a/defaults/main/uptimekuma.yml b/defaults/main/uptimekuma.yml
@@ -17,6 +17,8 @@ infra_uptimekuma_directory_group: "{{ infra_directory_group }}"
 infra_uptimekuma_directory_mode: "{{ infra_directory_mode }}"
 
 ## File paths
+# File mode
+infra_uptimekuma_file_mode: "{{ infra_file_mode }}"
 # uptime-kuma compose file path
 infra_uptimekuma_compose_path: "{{ infra_uptimekuma_directory_path }}/compose.yml"
 # uptime-kuma env file path

diff --git a/defaults/main/vaultwarden.yml b/defaults/main/vaultwarden.yml
@@ -26,6 +26,8 @@ infra_vaultwarden_directory_group: "{{ infra_directory_group }}"
 infra_vaultwarden_directory_mode: "{{ infra_directory_mode }}"
 
 ## File paths
+# File mode
+infra_vaultwarden_file_mode: "{{ infra_file_mode }}"
 # vaultwarden compose file path
 infra_vaultwarden_compose_path: "{{ infra_vaultwarden_directory_path }}/compose.yml"
 # vaultwarden env file path

diff --git a/defaults/main/wireguard.yml b/defaults/main/wireguard.yml
@@ -26,7 +26,7 @@ infra_wireguard_allowed_ips: '0.0.0.0/0, ::0/0'
 # Internal subnet for wireguard
 infra_wireguard_internal_subnet: 10.13.13.0
 # Host port to use for the wireguard VPN
-infra_wireguard_container_port_vpn: 51820
+infra_wireguard_port_vpn: 51820
 # Username for wireguard-ui
 infra_wireguard_ui_username: admin
 # Whether wireguard-ui should start/restart the wireguard service
@@ -47,6 +47,8 @@ infra_wireguard_directory_group: "{{ infra_directory_group }}"
 infra_wireguard_directory_mode: "{{ infra_directory_mode }}"
 
 ## File paths
+# File mode
+infra_wireguard_file_mode: "{{ infra_file_mode }}"
 # wireguard compose file path
 infra_wireguard_compose_path: "{{ infra_wireguard_directory_path }}/compose.yml"
 # wireguard env file path

diff --git a/tasks/deploy_authentik.yml b/tasks/deploy_authentik.yml
@@ -51,7 +51,7 @@
         dest: "{{ infra_authentik_compose_path }}"
         owner: "{{ infra_authentik_directory_owner }}"
         group: "{{ infra_authentik_directory_group }}"
-        mode: "{{ infra_authentik_directory_mode }}"
+        mode: "{{ infra_authentik_file_mode }}"
         backup: true
         validate: docker compose -f %s config -q
       register: compose_file_output

diff --git a/tasks/deploy_godns.yml b/tasks/deploy_godns.yml
@@ -15,7 +15,7 @@
         dest: "{{ infra_godns_config_file_path }}"
         owner: "{{ infra_godns_directory_owner }}"
         group: "{{ infra_godns_directory_group }}"
-        mode: "{{ infra_godns_directory_mode }}"
+        mode: "{{ infra_godns_file_mode }}"
         backup: true
       register: godns_config_file_output
 
@@ -37,7 +37,7 @@
         dest: "{{ infra_godns_compose_path }}"
         owner: "{{ infra_godns_directory_owner }}"
         group: "{{ infra_godns_directory_group }}"
-        mode: "{{ infra_godns_directory_mode }}"
+        mode: "{{ infra_godns_file_mode }}"
         backup: true
         validate: docker compose -f %s config -q
       register: compose_file_output

diff --git a/tasks/deploy_graylog.yml b/tasks/deploy_graylog.yml
@@ -99,7 +99,7 @@
         dest: "{{ infra_graylog_compose_path }}"
         owner: "{{ infra_graylog_directory_owner }}"
         group: "{{ infra_graylog_directory_group }}"
-        mode: "{{ infra_graylog_directory_mode }}"
+        mode: "{{ infra_graylog_file_mode }}"
         backup: true
         validate: docker compose -f %s config -q
       register: compose_file_output

diff --git a/tasks/deploy_pihole.yml b/tasks/deploy_pihole.yml
@@ -139,8 +139,8 @@
       ansible.builtin.template:
         src: etc/dnsmasq.d/99-edns.conf.j2
         dest: "{{ infra_pihole_dnsmasq_edns_conf_file_path }}"
-        owner: "{{ infra_pihole_directory_owner }}"
-        group: "{{ infra_pihole_directory_group }}"
+        owner: "{{ infra_pihole_dnsmasq_edns_conf_file_owner }}"
+        group: "{{ infra_pihole_dnsmasq_edns_conf_file_group }}"
         mode: "{{ infra_pihole_dnsmasq_edns_conf_file_mode }}"
         backup: true
       register: pihole_dnsmasq_edns_config_file_output

diff --git a/tasks/deploy_unifi.yml b/tasks/deploy_unifi.yml
@@ -49,7 +49,7 @@
         dest: "{{ infra_unifi_compose_path }}"
         owner: "{{ infra_unifi_directory_owner }}"
         group: "{{ infra_unifi_directory_group }}"
-        mode: "{{ infra_unifi_directory_mode }}"
+        mode: "{{ infra_unifi_file_mode }}"
         backup: true
         validate: docker compose -f %s config -q
       register: compose_file_output

diff --git a/tasks/deploy_uptimekuma.yml b/tasks/deploy_uptimekuma.yml
@@ -27,7 +27,7 @@
         dest: "{{ infra_uptimekuma_compose_path }}"
         owner: "{{ infra_uptimekuma_directory_owner }}"
         group: "{{ infra_uptimekuma_directory_group }}"
-        mode: "{{ infra_uptimekuma_directory_mode }}"
+        mode: "{{ infra_uptimekuma_file_mode }}"
         backup: true
         validate: docker compose -f %s config -q
       register: compose_file_output

diff --git a/tasks/deploy_vaultwarden.yml b/tasks/deploy_vaultwarden.yml
@@ -27,7 +27,7 @@
         dest: "{{ infra_vaultwarden_compose_path }}"
         owner: "{{ infra_vaultwarden_directory_owner }}"
         group: "{{ infra_vaultwarden_directory_group }}"
-        mode: "{{ infra_vaultwarden_directory_mode }}"
+        mode: "{{ infra_vaultwarden_file_mode }}"
         backup: true
         validate: docker compose -f %s config -q
       register: compose_file_output

diff --git a/tasks/deploy_wireguard.yml b/tasks/deploy_wireguard.yml
@@ -59,7 +59,7 @@
         dest: "{{ infra_wireguard_compose_path }}"
         owner: "{{ infra_wireguard_directory_owner }}"
         group: "{{ infra_wireguard_directory_group }}"
-        mode: "{{ infra_wireguard_directory_mode }}"
+        mode: "{{ infra_wireguard_file_mode }}"
         backup: true
         validate: docker compose -f %s config -q
       register: compose_file_output

diff --git a/templates/compose/authentik.yml.j2 b/templates/compose/authentik.yml.j2
@@ -3,6 +3,7 @@ services:
   {{ infra_authentik_redis_service_name }}:
     image: {{ infra_authentik_redis_container_image }}
     container_name: {{ infra_authentik_redis_container_hostname }}
+    hostname: {{ infra_authentik_redis_container_hostname }}
     restart: {{ infra_authentik_restart_policy | default(infra_restart_policy) }}
     logging:
       driver: {{ svc_log_driver }}
@@ -23,6 +24,7 @@ services:
   {{ infra_authentik_db_service_name }}:
     image: {{ infra_authentik_db_container_image }}
     container_name: {{ infra_authentik_db_container_hostname }}
+    hostname: {{ infra_authentik_db_container_hostname }}
     restart: {{ infra_authentik_restart_policy | default(infra_restart_policy) }}
     logging:
       driver: {{ svc_log_driver }}
@@ -45,6 +47,7 @@ services:
   {{ infra_authentik_service_name }}:
     image: {{ infra_authentik_container_image }}
     container_name: {{ infra_authentik_container_hostname }}
+    hostname: {{ infra_authentik_container_hostname }}
     restart: {{ infra_authentik_restart_policy | default(infra_restart_policy) }}
     logging:
       driver: {{ svc_log_driver }}
@@ -76,6 +79,7 @@ services:
   {{ infra_authentik_worker_service_name }}:
     image: {{ infra_authentik_container_image }}
     container_name: {{ infra_authentik_worker_container_hostname }}
+    hostname: {{ infra_authentik_worker_container_hostname }}
     restart: {{ infra_authentik_restart_policy | default(infra_restart_policy) }}
     logging:
       driver: {{ svc_log_driver }}

diff --git a/templates/compose/godns.yml.j2 b/templates/compose/godns.yml.j2
@@ -3,6 +3,7 @@ services:
   {{ infra_godns_service_name }}:
     image: {{ infra_godns_container_image }}
     container_name: {{ infra_godns_container_hostname }}
+    hostname: {{ infra_godns_container_hostname }}
     restart: {{ infra_godns_restart_policy | default(infra_restart_policy) }}
     logging:
       driver: {{ svc_log_driver }}

diff --git a/templates/compose/graylog.yml.j2 b/templates/compose/graylog.yml.j2
@@ -4,6 +4,7 @@ services:
   {{ infra_graylog_db_service_name }}:
     image: {{ infra_graylog_db_container_image }}
     container_name: {{ infra_graylog_db_container_hostname }}
+    hostname: {{ infra_graylog_db_container_hostname }}
     restart: {{ infra_graylog_restart_policy | default(infra_restart_policy) }}
     logging:
       driver: {{ infra_graylog_log_driver }}
@@ -23,6 +24,7 @@ services:
   {{ infra_graylog_opensearch_service_name }}:
     image: {{ infra_graylog_opensearch_container_image }}
     container_name: {{ infra_graylog_opensearch_container_hostname }}
+    hostname: {{ infra_graylog_opensearch_container_hostname }}
     restart: {{ infra_graylog_restart_policy | default(infra_restart_policy) }}
     logging:
       driver: {{ infra_graylog_log_driver }}
@@ -44,6 +46,7 @@ services:
   {{ infra_graylog_service_name }}:
     image: {{ infra_graylog_container_image }}
     container_name: {{ infra_graylog_container_hostname }}
+    hostname: {{ infra_graylog_container_hostname }}
     restart: {{ infra_graylog_restart_policy | default(infra_restart_policy) }}
     logging:
       driver: {{ infra_graylog_log_driver }}

diff --git a/templates/compose/pihole.yml.j2 b/templates/compose/pihole.yml.j2
@@ -4,6 +4,7 @@ services:
   {{ infra_unbound_service_name }}:
     image: {{ infra_unbound_container_image }}
     container_name: {{ infra_unbound_container_hostname }}
+    hostname: {{ infra_unbound_container_hostname }}
     restart: {{ infra_unbound_restart_policy | default(infra_restart_policy) }}
     logging:
       driver: {{ svc_log_driver }}
@@ -23,6 +24,7 @@ services:
   {{ infra_pihole_service_name }}:
     image: {{ infra_pihole_container_image }}
     container_name: {{ infra_pihole_container_hostname }}
+    hostname: {{ infra_pihole_container_hostname }}
     restart: {{ infra_pihole_restart_policy | default(infra_restart_policy) }}
     logging:
       driver: {{ svc_log_driver }}
@@ -65,10 +67,12 @@ services:
 {% endif %}
       - {{ svc_docker_network_name }}
     ports:
-      - {{ infra_pihole_container_port_dns }}:53/tcp
-      - {{ infra_pihole_container_port_dns }}:53/udp
-      - {{ infra_pihole_container_port_web }}:80/tcp
+      - {{ infra_pihole_port_dns }}:53/tcp
+      - {{ infra_pihole_port_dns }}:53/udp
+      - {{ infra_pihole_port_web }}:80/tcp
     extra_hosts: {{ infra_pihole_extra_hosts }}
+    group_add:
+      - {{ infra_group_gid }}
 {% if infra_use_unbound %}
     depends_on:
       - {{ infra_unbound_service_name }}

diff --git a/templates/compose/unifi.yml.j2 b/templates/compose/unifi.yml.j2
@@ -4,6 +4,7 @@ services:
   {{ infra_unifi_db_service_name }}:
     image: {{ infra_unifi_db_container_image }}
     container_name: {{ infra_unifi_db_container_hostname }}
+    hostname: {{ infra_unifi_db_container_hostname }}
     restart: {{ infra_unifi_restart_policy | default(infra_restart_policy) }}
     logging:
       driver: {{ svc_log_driver }}
@@ -19,6 +20,7 @@ services:
   {{ infra_unifi_service_name }}:
     image: {{ infra_unifi_container_image }}
     container_name: {{ infra_unifi_container_hostname }}
+    hostname: {{ infra_unifi_container_hostname }}
     restart: {{ infra_unifi_restart_policy | default(infra_restart_policy) }}
     logging:
       driver: {{ svc_log_driver }}
@@ -46,15 +48,15 @@ services:
       - default
       - {{ svc_docker_network_name }}
     ports:
-      - 8443:8443
-      - 3478:3478/udp
-      - 10001:10001/udp
-      - 8080:8080
-      - 1900:1900/udp
-      - 8843:8843
-      - 8880:8880
-      - 6789:6789
-      - 5514:5514/udp
+      - {{ infra_unifi_port_admin }}:8443
+      - {{ infra_unifi_port_stun }}:3478/udp
+      - {{ infra_unifi_port_discovery }}:10001/udp
+      - {{ infra_unifi_port_device_comms }}:8080
+      - {{ infra_unifi_port_l2_discovery }}:1900/udp
+      - {{ infra_unifi_port_guest_portal_https }}:8843
+      - {{ infra_unifi_port_guest_portal_http }}:8880
+      - {{ infra_unifi_port_throughput }}:6789
+      - {{ infra_unifi_port_syslog }}:5514/udp
 {% if infra_use_unifi_db %}
     depends_on:
       - {{ infra_unifi_db_service_name }}

diff --git a/templates/compose/uptimekuma.yml.j2 b/templates/compose/uptimekuma.yml.j2
@@ -3,6 +3,7 @@ services:
   {{ infra_uptimekuma_service_name }}:
     image: {{ infra_uptimekuma_container_image }}
     container_name: {{ infra_uptimekuma_container_hostname }}
+    hostname: {{ infra_uptimekuma_container_hostname }}
     restart: {{ infra_uptimekuma_restart_policy | default(infra_restart_policy) }}
     logging:
       driver: {{ svc_log_driver }}

diff --git a/templates/compose/vaultwarden.yml.j2 b/templates/compose/vaultwarden.yml.j2
@@ -3,6 +3,7 @@ services:
   {{ infra_vaultwarden_service_name }}:
     image: {{ infra_vaultwarden_container_image }}
     container_name: {{ infra_vaultwarden_container_hostname }}
+    hostname: {{ infra_vaultwarden_container_hostname }}
     restart: {{ infra_vaultwarden_restart_policy | default(infra_restart_policy) }}
     logging:
       driver: {{ svc_log_driver }}