RWejlgaard/pez-infra
1
0
Fork 0
mirror of https://github.com/RWejlgaard/pez-infra.git synced 2026-05-06 04:14:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
pez-infra/ansible/services
History
Rasmus "Pez" Wejlgaard 431c65065a
Add Docker official apt repo to docker role (#24) 
* Add Docker official apt repo to docker role

The docker role was installing docker-compose-plugin which is only
available from Docker's official apt repository. helsinki-a had it
configured manually, but london-b and copenhagen-a did not, causing
deploy failures.

Now the role:
- Adds Docker's GPG key and apt repo (handles both Debian and Ubuntu)
- Installs docker-ce, docker-ce-cli, containerd.io, docker-compose-plugin
- Removes conflicting stock packages (docker.io, docker-compose)

* fix: resolve yamllint violations in docker role

- Remove standalone comment blocks that caused indentation errors
- Collapse multiline repo string to single line
- Ensure document start marker is present

* fix: keep all lines under 160 chars for yamllint

Use set_fact to build the Docker repo line in parts instead of
one long inline string.

* fix: resolve yamllint errors in london-b host_vars and promtail config

- Remove trailing blank line in inventory/host_vars/london-b.yml
- Add missing document start marker to promtail config
- Fix indentation in promtail scrape_configs (indent list items under key)

* Remove ansible-lint on push, keep PR-only

Lint already runs on pull_request — no need to double up on push to main.
2026-03-29 21:11:33 +01:00
..
authelia Add Authelia config and SOPS-encrypted secrets 2026-03-28 17:42:07 +00:00
bitwarden fix remaining yaml lint nitpicks 2026-03-28 13:13:37 +00:00
caddy Fix Alertmanager Caddyfile route pointing to Grafana port (#13) 2026-03-29 11:07:41 +01:00
forgejo fix remaining yaml lint nitpicks 2026-03-28 13:13:37 +00:00
grafana fix last 3 yaml lint failures 2026-03-28 13:17:42 +00:00
jellyseerr fix more yaml document-start and comment indentation 2026-03-28 13:15:46 +00:00
lidarr Capture london-b media stack and systemd services (#19) 2026-03-29 19:13:48 +01:00
mangos-realmd initial commit 2026-03-28 12:39:41 +00:00
mangos-world add mangos zero config and fix world service 2026-03-28 13:03:09 +00:00
mangos-zero add mangos zero config and fix world service 2026-03-28 13:03:09 +00:00
minecraft fix more yaml document-start and comment indentation 2026-03-28 13:15:46 +00:00
miniflux fix more yaml document-start and comment indentation 2026-03-28 13:15:46 +00:00
navidrome fix more yaml document-start and comment indentation 2026-03-28 13:15:46 +00:00
nextcloud-aio fix more yaml document-start and comment indentation 2026-03-28 13:15:46 +00:00
ollama Capture london-b media stack and systemd services (#19) 2026-03-29 19:13:48 +01:00
plex-exporter fix more yaml document-start and comment indentation 2026-03-28 13:15:46 +00:00
poste-io fix more yaml document-start and comment indentation 2026-03-28 13:15:46 +00:00
prometheus Add ZFS management role: scrub scheduling and pool monitoring (#18) 2026-03-29 19:12:42 +01:00
promtail Add Docker official apt repo to docker role (#24) 2026-03-29 21:11:33 +01:00
prowlarr Capture london-b media stack and systemd services (#19) 2026-03-29 19:13:48 +01:00
radarr Capture london-b media stack and systemd services (#19) 2026-03-29 19:13:48 +01:00
rc.d/london-a initial commit 2026-03-28 12:39:41 +00:00
readarr Capture london-b media stack and systemd services (#19) 2026-03-29 19:13:48 +01:00
samba/config Capture london-b media stack and systemd services (#19) 2026-03-29 19:13:48 +01:00
slskd fix more yaml document-start and comment indentation 2026-03-28 13:15:46 +00:00
smartctl-exporter fix more yaml document-start and comment indentation 2026-03-28 13:15:46 +00:00
status-page capture helsinki-a status page cron in repo (#17) 2026-03-29 15:39:35 +01:00
systemd Capture london-b media stack and systemd services (#19) 2026-03-29 19:13:48 +01:00
transmission/config Capture london-b media stack and systemd services (#19) 2026-03-29 19:13:48 +01:00
vsftpd/config Capture london-b media stack and systemd services (#19) 2026-03-29 19:13:48 +01:00
whisparr Capture london-b media stack and systemd services (#19) 2026-03-29 19:13:48 +01:00
README.md initial commit 2026-03-28 12:39:41 +00:00

README.md

Services

Version-controlled service definitions across the fleet.

Directory Structure

services/
├── systemd/              # systemd unit files (Linux hosts)
│   ├── copenhagen-a/
│   │   ├── mangos-realmd.service   # MaNGOS Zero realm server
│   │   ├── mangos-world.service    # MaNGOS Zero world server
│   │   └── cloudflared.service     # Cloudflare tunnel (token redacted)
│   └── helsinki-a/
│       ├── caddy.service                    # Caddy reverse proxy (stock unit)
│       └── thiswebsitedoesnotexist.service  # Node.js app on port 3721
└── rc.d/                 # FreeBSD rc.conf and rc.d scripts
    └── london-a/
        └── rc.conf       # /etc/rc.conf — all enabled services

Notes

copenhagen-a (Linux)

Service Unit Status Notes
MaNGOS realmd mangos-realmd.service enabled, custom Realm server for WoW private server. Depends on MariaDB.
MaNGOS world mangos-world.service enabled, custom World server. Depends on MariaDB and realmd.
cloudflared cloudflared.service enabled, custom Cloudflare tunnel. Token redacted — replace ${CLOUDFLARED_TOKEN} with the real token on deploy.

helsinki-a (Linux)

Service Unit Status Notes
Caddy caddy.service enabled, stock Installed via package manager. Config at /etc/caddy/Caddyfile.
thiswebsitedoesnotexist thiswebsitedoesnotexist.service enabled, custom Node.js app. Env vars in /opt/thiswebsitedoesnotexist/.env.

london-a (FreeBSD)

No custom rc.d scripts — all services installed via pkg. The rc.conf captures all enabled services:

Service rc.conf variable Notes
Grafana grafana_enable="YES" Monitoring dashboards
Prometheus prometheus_enable="YES" Metrics collection
node_exporter node_exporter_enable="YES" Host metrics exporter
Tailscale tailscaled_enable="YES" Mesh VPN
cloudflared cloudflared_enable="YES" Cloudflare tunnel (tunnel ID in rc.conf)
InfluxDB influxd_enable="YES" Time-series database
libvirtd libvirtd_enable="YES" Virtualisation daemon
Redis redis_enable="YES" In-memory data store
PostgreSQL postgresql_enable="YES" Relational database

Security

  • The cloudflared token on copenhagen-a has been redacted in the committed unit file. The live service uses the real token.
  • The cloudflare tunnel ID on london-a is committed as-is (it's not a secret — the tunnel token is separate).