Add compose app config for unif controller

Add plex compose application config
Add minecraft compose application
2020-12-08 23:15:56 -05:00 · 2020-12-08 23:07:25 -05:00 · 2020-12-08 22:58:15 -05:00 · 2020-12-08 22:47:22 -05:00 · 2020-12-08 22:47:22 -05:00 · 2020-12-08 22:47:22 -05:00
13 changed files with 759 additions and 22 deletions
--- a/en1.yml
+++ b/en1.yml
@@ -7,9 +7,6 @@ all:
    update: false
    clean: false
    omni_host_swarm_controller: jupiter
    omni_host_webproxy: jupiter
  children:
    servers:
@@ -59,6 +56,7 @@ all:
    virtualization:
      hosts:
        jupiter:
          omni_docker_configs: /etc/omni/compose
          omni_docker_swarm_iface: eno2
      children:
        virtualization_worker:
@@ -73,6 +71,7 @@ all:
        datastore_arbiter:
          hosts:
            jupiter:
              omni_datastore_mount: /mnt/datastore
              omni_gluster_brick:
                mount: /mnt/brick0
                fs: xfs
--- a/playbooks/configure-webproxy.yml
+++ b/playbooks/configure-webproxy.yml
@@ -10,14 +10,6 @@
  tasks:
    - import_tasks: tasks/nginx/install.yml
    - name: Install configuration
      become: true
      copy:
        src: nginx.conf
        dest: /etc/nginx/nginx.conf
      notify:
        - restart-nginx
    - name: Set required SELinux options
      become: true
      seboolean:
@@ -26,3 +18,37 @@
        state: true
      notify:
        - restart-nginx
 - name: Configure Nginx
  hosts: jupiter
  vars_files:
    - vars/applications.yml
  vars:
    _letsencrypt_cert_dir: /etc/letsencrypt/live
  handlers:
    - name: restart-nginx
      import_tasks: tasks/nginx/services.yml
  tasks:
    - name: Install server configuration
      become: true
      copy:
        src: nginx/nginx.conf
        dest: /etc/nginx/nginx.conf
      notify:
        - restart-nginx
    - name: Install application configurations
      when: item.value.published.host is defined
      become: true
      template:
        src: nginx/{{ item.key }}.nginx.conf.j2
        dest: /etc/nginx/conf.d/{{ item.key }}.conf
        owner: nginx
        group: "{{ ansible_user }}"
        mode: 0755
      loop: "{{ omni_compose_apps | dict2items }}"
      loop_control:
        label: "{{ item.key }} ({{ item.value.published.host | default('none') }})"
      notify:
        - restart-nginx
--- a/playbooks/deploy-compose.yml
+++ b/playbooks/deploy-compose.yml
@@ -0,0 +1,71 @@
 ---
 - name: Prompt for input
  hosts: all
  tags:
    - always
  gather_facts: false
  vars_prompt:
    - name: application
      prompt: Enter name of application stack to deploy
      private: false
  vars_files:
    - vars/applications.yml
  tasks:
    - name: Validate user input
      assert:
        that: application in omni_compose_apps.keys()
    - name: Set facts for usage later
      set_fact:
        _runtime_application: "{{ application }}"
 - import_playbook: initialize.yml
 - name: Configure datastore
  hosts: jupiter
  vars_files:
    - vars/applications.yml
    - vars/secrets/applications.yml
  tasks:
    - name: Create application datastore directory
      become: true
      file:
        path: "{{ omni_datastore_mount }}{{ omni_compose_apps[_runtime_application].datastore }}"
        state: directory
        owner: "{{ omni_compose_apps[_runtime_application].account.name }}"
        group: "{{ omni_compose_apps[_runtime_application].account.name }}"
        mode: 0750
 - name: Configure docker stack
  hosts: jupiter
  vars_files:
    - vars/applications.yml
    - vars/secrets/applications.yml
  tasks:
    - name: Create compose configuration directory
      become: true
      file:
        path: "{{ omni_docker_configs }}/{{ _runtime_application }}"
        state: directory
        owner: "{{ ansible_user }}"
        group: docker
        mode: 0750
    - name: Install docker-compose file
      become: true
      template:
        src: docker-compose/{{ _runtime_application }}.yaml.j2
        dest: "{{ omni_docker_configs }}/{{ _runtime_application }}/docker-compose.yaml"
        owner: "{{ ansible_user }}"
        group: docker
        mode: 0640
    - name: Deploy the stack
      docker_stack:
        name: "{{ _runtime_application }}"
        state: present
        compose:
          - "{{ omni_docker_configs }}/{{ _runtime_application }}/docker-compose.yaml"
--- a/poetry.lock
+++ b/poetry.lock
@@ -84,7 +84,7 @@ cffi = ">=1.1"
 six = ">=1.4.1"
 [package.extras]
-tests = ["pytest (>=3.2.1,<3.3.0 || >3.3.0)"]
+tests = ["pytest (>=3.2.1,!=3.3.0)"]
 typecheck = ["mypy"]
 [[package]]
@@ -209,7 +209,7 @@ optional = false
 python-versions = "*"
 [package.extras]
-test = ["flake8 (3.7.8)", "hypothesis (3.55.3)"]
+test = ["flake8 (==3.7.8)", "hypothesis (==3.55.3)"]
 [[package]]
 name = "crashtest"
@@ -232,11 +232,11 @@ cffi = ">=1.8,<1.11.3 || >1.11.3"
 six = ">=1.4.1"
 [package.extras]
-docs = ["sphinx (>=1.6.5,<1.8.0 || >1.8.0,<3.1.0 || >3.1.0,<3.1.1 || >3.1.1)", "sphinx-rtd-theme"]
+docs = ["sphinx (>=1.6.5,!=1.8.0,!=3.1.0,!=3.1.1)", "sphinx-rtd-theme"]
 docstest = ["doc8", "pyenchant (>=1.6.11)", "twine (>=1.12.0)", "sphinxcontrib-spelling (>=4.0.1)"]
 pep8test = ["black", "flake8", "flake8-import-order", "pep8-naming"]
 ssh = ["bcrypt (>=3.1.5)"]
-test = ["pytest (>=3.6.0,<3.9.0 || >3.9.0,<3.9.1 || >3.9.1,<3.9.2 || >3.9.2)", "pretend", "iso8601", "pytz", "hypothesis (>=1.11.4,<3.79.2 || >3.79.2)"]
+test = ["pytest (>=3.6.0,!=3.9.0,!=3.9.1,!=3.9.2)", "pretend", "iso8601", "pytz", "hypothesis (>=1.11.4,!=3.79.2)"]
 [[package]]
 name = "distlib"
@@ -296,7 +296,7 @@ texttable = ">=0.9.0,<2"
 websocket-client = ">=0.32.0,<1"
 [package.extras]
-socks = ["PySocks (>=1.5.6,<1.5.7 || >1.5.7,<2)"]
+socks = ["PySocks (>=1.5.6,!=1.5.7,<2)"]
 tests = ["ddt (>=1.2.2,<2)", "pytest (<6)"]
 [[package]]
@@ -419,6 +419,14 @@ MarkupSafe = ">=0.23"
 [package.extras]
 i18n = ["Babel (>=0.8)"]
 [[package]]
 name = "jsondiff"
 version = "1.2.0"
 description = "Diff JSON and JSON-like structures in Python"
 category = "main"
 optional = false
 python-versions = "*"
 [[package]]
 name = "jsonschema"
 version = "3.2.0"
@@ -453,7 +461,7 @@ SecretStorage = {version = ">=3.2", markers = "sys_platform == \"linux\""}
 [package.extras]
 docs = ["sphinx", "jaraco.packaging (>=3.2)", "rst.linker (>=1.9)"]
-testing = ["pytest (>=3.5,<3.7.3 || >3.7.3)", "pytest-checkdocs (>=1.2.3)", "pytest-flake8", "pytest-cov", "jaraco.test (>=3.2.0)", "pytest-black (>=0.3.7)", "pytest-mypy"]
+testing = ["pytest (>=3.5,!=3.7.3)", "pytest-checkdocs (>=1.2.3)", "pytest-flake8", "pytest-cov", "jaraco.test (>=3.2.0)", "pytest-black (>=0.3.7)", "pytest-mypy"]
 [[package]]
 name = "lockfile"
@@ -690,7 +698,7 @@ six = "*"
 [package.extras]
 docs = ["sphinx (>=1.6.5)", "sphinx-rtd-theme"]
-tests = ["pytest (>=3.2.1,<3.3.0 || >3.3.0)", "hypothesis (>=3.27.0)"]
+tests = ["pytest (>=3.2.1,!=3.3.0)", "hypothesis (>=3.27.0)"]
 [[package]]
 name = "pyparsing"
@@ -759,7 +767,7 @@ urllib3 = ">=1.21.1,<1.27"
 [package.extras]
 security = ["pyOpenSSL (>=0.14)", "cryptography (>=1.3.4)"]
-socks = ["PySocks (>=1.5.6,<1.5.7 || >1.5.7)", "win-inet-pton"]
+socks = ["PySocks (>=1.5.6,!=1.5.7)", "win-inet-pton"]
 [[package]]
 name = "requests-toolbelt"
@@ -933,7 +941,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4"
 [package.extras]
 brotli = ["brotlipy (>=0.6.0)"]
 secure = ["pyOpenSSL (>=0.14)", "cryptography (>=1.3.4)", "idna (>=2.0.0)", "certifi", "ipaddress"]
-socks = ["PySocks (>=1.5.6,<1.5.7 || >1.5.7,<2.0)"]
+socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"]
 [[package]]
 name = "virtualenv"
@@ -995,12 +1003,12 @@ python-versions = ">=3.6"
 [package.extras]
 docs = ["sphinx", "jaraco.packaging (>=3.2)", "rst.linker (>=1.9)"]
-testing = ["pytest (>=3.5,<3.7.3 || >3.7.3)", "pytest-checkdocs (>=1.2.3)", "pytest-flake8", "pytest-cov", "jaraco.test (>=3.2.0)", "jaraco.itertools", "func-timeout", "pytest-black (>=0.3.7)", "pytest-mypy"]
+testing = ["pytest (>=3.5,!=3.7.3)", "pytest-checkdocs (>=1.2.3)", "pytest-flake8", "pytest-cov", "jaraco.test (>=3.2.0)", "jaraco.itertools", "func-timeout", "pytest-black (>=0.3.7)", "pytest-mypy"]
 [metadata]
 lock-version = "1.1"
 python-versions = "^3.7"
-content-hash = "8b7b0693f9b950cdd1b324b3a949fee237711b6db378b291df158baf0c8c83d5"
+content-hash = "fab3171105b575ad1762097ee732aba6b81555636d32cb4d3cf6f48326149396"
 [metadata.files]
 ansible = [
@@ -1196,6 +1204,9 @@ jinja2 = [
    {file = "Jinja2-2.11.2-py2.py3-none-any.whl", hash = "sha256:f0a4641d3cf955324a89c04f3d94663aa4d638abe8f733ecd3582848e1c37035"},
    {file = "Jinja2-2.11.2.tar.gz", hash = "sha256:89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0"},
 ]
 jsondiff = [
    {file = "jsondiff-1.2.0.tar.gz", hash = "sha256:34941bc431d10aa15828afe1cbb644977a114e75eef6cc74fb58951312326303"},
 ]
 jsonschema = [
    {file = "jsonschema-3.2.0-py2.py3-none-any.whl", hash = "sha256:4e5b3cf8216f577bee9ce139cbe72eca3ea4f292ec60928ff24758ce626cd163"},
    {file = "jsonschema-3.2.0.tar.gz", hash = "sha256:c8a85b28d377cc7737e46e2d9f2b4f44ee3c0e1deac6bf46ddefc7187d30797a"},
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -11,6 +11,7 @@ ansible = "^2.9.4"
 docker = "^4.2.0"
 docker-compose = "^1.25.4"
 paramiko = "^2.7.1"
 jsondiff = "^1.2.0"
 [tool.poetry.dev-dependencies]
 ansible-lint = "^4.2.0"
--- a/resources/docker-compose/bitwarden.yaml.j2
+++ b/resources/docker-compose/bitwarden.yaml.j2
@@ -0,0 +1,257 @@
 ---
 version: "{{ omni_compose_version | string }}"
 x-global-env: &globalenv
  LOCAL_UID: "{{ omni_compose_apps.bitwarden.account.uid | string }}"
  LOCAL_GID: "{{ omni_compose_apps.bitwarden.account.uid | string}}"
  ASPNETCORE_ENVIRONMENT: Production
  globalSettings__selfHosted: "true"
  globalSettings__baseServiceUri__vault: https://{{ omni_compose_apps.bitwarden.published.host }}
  globalSettings__baseServiceUri__api: https://{{ omni_compose_apps.bitwarden.published.host }}/api
  globalSettings__baseServiceUri__identity: https://{{ omni_compose_apps.bitwarden.published.host }}/identity
  globalSettings__baseServiceUri__admin: https://{{ omni_compose_apps.bitwarden.published.host }}/admin
  globalSettings__baseServiceUri__notifications: https://{{ omni_compose_apps.bitwarden.published.host }}/notifications
  globalSettings__baseServiceUri__internalNotifications: http://bitwarden_notifications:5000
  globalSettings__baseServiceUri__internalAdmin: http://bitwarden_admin:5000
  globalSettings__baseServiceUri__internalIdentity: http://bitwarden_identity:5000
  globalSettings__baseServiceUri__internalApi: http://bitwarden_api:5000
  globalSettings__baseServiceUri__internalVault: http://bitwarden_web:5000
  globalSettings__pushRelayBaseUri: https://push.bitwarden.com
  globalSettings__installation__identityUri: https://identity.bitwarden.com
  globalSettings__sqlServer__connectionString: "Data Source=tcp:mssql,1433;Initial Catalog=vault;Persist Security Info=False;User ID=sa;Password=e934c0bb-3b5a-4e6b-b525-cd6d83004e1a;MultipleActiveResultSets=False;Connect Timeout=30;Encrypt=True;TrustServerCertificate=True"
  globalSettings__identityServer__certificatePassword: {{ omni_compose_app_secrets.bitwarden.identity_server_certificate_password }}
  globalSettings__attachment__baseDirectory: /etc/bitwarden/core/attachments
  globalSettings__attachment__baseUrl: https://{{ omni_compose_apps.bitwarden.published.host }}/attachments
  globalSettings__dataProtection__directory: /etc/bitwarden/core/aspnet-dataprotection
  globalSettings__logDirectory: /etc/bitwarden/logs
  globalSettings__licenseDirectory: /etc/bitwarden/core/licenses
  globalSettings__internalIdentityKey: {{ omni_compose_app_secrets.bitwarden.internal_identity_key }}
  globalSettings__duo__aKey: {{ omni_compose_app_secrets.bitwarden.duo_akey }}
  globalSettings__installation__id: {{ omni_compose_app_secrets.bitwarden.installation_id }}
  globalSettings__installation__key: {{ omni_compose_app_secrets.bitwarden.installation_key }}
  globalSettings__yubico__clientId: REPLACE
  globalSettings__yubico__key: REPLACE
  globalSettings__mail__replyToEmail: noreply@enp.one
  globalSettings__mail__smtp__host: REPLACE
  globalSettings__mail__smtp__port: "587"
  globalSettings__mail__smtp__ssl: "false"
  globalSettings__mail__smtp__username: REPLACE
  globalSettings__mail__smtp__password: REPLACE
  globalSettings__disableUserRegistration: "false"
  globalSettings__hibpApiKey: REPLACE
  adminSettings__admins: ""
 volumes:
  bitwarden-db-data:
    name: datastore{{ omni_compose_apps.bitwarden.datastore }}/mssql/data
    driver: glusterfs
  bitwarden-db-backup:
    name: datastore{{ omni_compose_apps.bitwarden.datastore }}/mssql/backup
  bitwarden-nginx-data:
    name: datastore{{ omni_compose_apps.bitwarden.datastore }}/nginx
    driver: glusterfs
  bitwarden-web:
    name: datastore{{ omni_compose_apps.bitwarden.datastore }}/web
    driver: glusterfs
  bitwarden-ssl:
    name: datastore{{ omni_compose_apps.bitwarden.datastore }}/ssl
    driver: glusterfs
  bitwarden-ca-certs:
    name: datastore{{ omni_compose_apps.bitwarden.datastore }}/ca-certificates
    driver: glusterfs
  bitwarden-core:
    name: datastore{{ omni_compose_apps.bitwarden.datastore }}/core
    driver: glusterfs
  bitwarden-identity:
    name: datastore{{ omni_compose_apps.bitwarden.datastore }}/identity
    driver: glusterfs
  bitwarden-logs-api:
    name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/api
    driver: glusterfs
  bitwarden-logs-db:
    name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/mssql
    driver: glusterfs
  bitwarden-logs-identity:
    name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/identity
    driver: glusterfs
  bitwarden-logs-nginx:
    name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/nginx
    driver: glusterfs
  bitwarden-logs-admin:
    name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/admin
    driver: glusterfs
  bitwarden-logs-icons:
    name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/icons
    driver: glusterfs
  bitwarden-logs-notifications:
    name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/notifications
    driver: glusterfs
  bitwarden-logs-events:
    name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/events
    driver: glusterfs
 networks:
  bitwarden_internal:
    internal: true
    name: bitwarden_internal
    driver: overlay
    ipam:
      driver: default
      config:
        - subnet: {{ omni_compose_apps.bitwarden.networks.internal }}
  bitwarden_external:
    internal: false
    name: bitwarden_external
    driver: overlay
    ipam:
      driver: default
      config:
        - subnet: {{ omni_compose_apps.bitwarden.networks.external }}
 services:
  mssql:
    image: bitwarden/mssql:{{ omni_compose_apps.bitwarden.versions.mssql | default(omni_compose_apps.bitwarden.versions.default) }}
    stop_grace_period: 60s
    networks:
      - bitwarden_internal
    volumes:
      - bitwarden-db-data:/var/opt/mssql/data
      - bitwarden-db-backup:/etc/bitwarden/mssql/backups
      - bitwarden-logs-db:/var/opt/mssql/log
    environment:
      LOCAL_UID: "{{ omni_compose_apps.bitwarden.account.uid | string }}"
      LOCAL_GID: "{{ omni_compose_apps.bitwarden.account.uid | string }}"
      ACCEPT_EULA: "Y"
      MSSQL_PID: Express
      SA_PASSWORD: {{ omni_compose_app_secrets.bitwarden.mssql_sa_password }}
    deploy:
      replicas: 1
  web:
    image: bitwarden/web:{{ omni_compose_apps.bitwarden.versions.web | default(omni_compose_apps.bitwarden.versions.default) }}
    networks:
      - bitwarden_internal
    volumes:
      - bitwarden-web:/etc/bitwarden/web
    environment: *globalenv
    deploy:
      replicas: 1
  attachments:
    image: bitwarden/attachments:{{ omni_compose_apps.bitwarden.versions.attachments | default(omni_compose_apps.bitwarden.versions.default) }}
    networks:
      - bitwarden_internal
    volumes:
      - bitwarden-core:/etc/bitwarden/core
    environment: *globalenv
    deploy:
      replicas: 1
  api:
    image: bitwarden/api:{{ omni_compose_apps.bitwarden.versions.api | default(omni_compose_apps.bitwarden.versions.default) }}
    volumes:
      - bitwarden-core:/etc/bitwarden/core
      - bitwarden-ca-certs:/etc/bitwarden/ca-certificates
      - bitwarden-logs-api:/etc/bitwarden/logs
    environment: *globalenv
    networks:
      - bitwarden_external
      - bitwarden_internal
    deploy:
      replicas: 1
  identity:
    image: bitwarden/identity:{{ omni_compose_apps.bitwarden.versions.identity | default(omni_compose_apps.bitwarden.versions.default) }}
    volumes:
      - bitwarden-identity:/etc/bitwarden/identity
      - bitwarden-core:/etc/bitwarden/core
      - bitwarden-ca-certs:/etc/bitwarden/ca-certificates
      - bitwarden-logs-identity:/etc/bitwarden/logs
    environment: *globalenv
    networks:
      - bitwarden_external
      - bitwarden_internal
    deploy:
      replicas: 1
  admin:
    image: bitwarden/admin:{{ omni_compose_apps.bitwarden.versions.admin | default(omni_compose_apps.bitwarden.versions.default) }}
    depends_on:
      - mssql
    volumes:
      - bitwarden-core:/etc/bitwarden/core
      - bitwarden-ca-certs:/etc/bitwarden/ca-certificates
      - bitwarden-logs-admin:/etc/bitwarden/logs
    environment: *globalenv
    networks:
      - bitwarden_external
      - bitwarden_internal
    deploy:
      replicas: 1
  icons:
    image: bitwarden/icons:{{ omni_compose_apps.bitwarden.versions.icons | default(omni_compose_apps.bitwarden.versions.default) }}
    volumes:
      - bitwarden-ca-certs:/etc/bitwarden/ca-certificates
      - bitwarden-logs-icons:/etc/bitwarden/logs
    environment: *globalenv
    networks:
      - bitwarden_external
      - bitwarden_internal
    deploy:
      replicas: 1
  notifications:
    image: bitwarden/notifications:{{ omni_compose_apps.bitwarden.versions.notifications | default(omni_compose_apps.bitwarden.versions.default) }}
    volumes:
      - bitwarden-ca-certs:/etc/bitwarden/ca-certificates
      - bitwarden-logs-notifications:/etc/bitwarden/logs
    environment: *globalenv
    networks:
      - bitwarden_external
      - bitwarden_internal
    deploy:
      replicas: 1
  events:
    image: bitwarden/events:{{ omni_compose_apps.bitwarden.versions.events | default(omni_compose_apps.bitwarden.versions.default) }}
    volumes:
      - bitwarden-ca-certs:/etc/bitwarden/ca-certificates
      - bitwarden-logs-events:/etc/bitwarden/logs
    environment: *globalenv
    networks:
      - bitwarden_external
      - bitwarden_internal
    deploy:
      replicas: 1
  nginx:
    image: bitwarden/nginx:{{ omni_compose_apps.bitwarden.versions.nginx | default(omni_compose_apps.bitwarden.versions.default) }}
    depends_on:
      - web
      - admin
      - api
      - identity
    ports:
      - published: {{ omni_compose_apps.bitwarden.published.ports.8080 }}
        target: 8080
        protocol: tcp
        mode: ingress
      - published: {{ omni_compose_apps.bitwarden.published.ports.8443 }}
        target: 8443
        protocol: tcp
        mode: ingress
    volumes:
      - bitwarden-nginx-data:/etc/bitwarden/nginx
      - bitwarden-ssl:/etc/ssl
      - bitwarden-logs-nginx:/var/log/nginx
    environment: *globalenv
    networks:
      - bitwarden_external
      - bitwarden_internal
    deploy:
      replicas: 1
--- a/resources/docker-compose/gitea.yaml.j2
+++ b/resources/docker-compose/gitea.yaml.j2
@@ -0,0 +1,51 @@
 ---
 version: "{{ omni_compose_version | string }}"
 networks:
  gitea:
    name: gitea
    driver: overlay
    ipam:
      driver: default
      config:
        - subnet: {{ omni_compose_apps.gitea.networks.main }}
 volumes:
  gitea-data:
    name: datastore{{ omni_compose_apps.gitea.datastore }}
    driver: glusterfs
 services:
  server:
    image: gitea/gitea:{{ omni_compose_apps.gitea.versions.gitea | default(omni_compose_apps.gitea.versions.default) }}
    hostname: gitea
    networks:
      - gitea
    ports:
      - published: {{ omni_compose_apps.gitea.published.ports.3000 }}
        target: 3000
        protocol: tcp
        mode: ingress
      - published: {{ omni_compose_apps.gitea.published.ports.22 }}
        target: 22
        protocol: tcp
        mode: ingress
    volumes:
      - type: volume
        source: gitea-data
        target: /data
        read_only: false
    environment:
      USER_UID: "{{ omni_compose_apps.gitea.account.uid | string }}"
      USER_GID: "{{ omni_compose_apps.gitea.account.uid | string }}"
      APP_NAME: ENP VCS
      RUN_MODE: prod
      DOMAIN: jupiter.net.enp.one
      ROOT_URL: https://{{ omni_compose_apps.gitea.published.host }}/
      DB_TYPE: sqlite3
      DISABLE_REGISTRATION: "true"
    deploy:
      replicas: 1
--- a/resources/docker-compose/minecraft.yaml.j2
+++ b/resources/docker-compose/minecraft.yaml.j2
@@ -0,0 +1,53 @@
 ---
 version: "{{ omni_compose_version | string }}"
 networks:
  minecraft:
    name: minecraft
    driver: overlay
    ipam:
      driver: default
      config:
        - subnet: {{ omni_compose_apps.minecraft.networks.main }}
 volumes:
  minecraft-data:
    name: datastore{{ omni_compose_apps.minecraft.datastore }}
    driver: glusterfs
 services:
  server:
    image: itzg/minecraft-server:{{ omni_compose_apps.minecraft.versions.main }}
    hostname: minecraft
    networks:
      - minecraft
    ports:
      - published: {{ omni_compose_apps.minecraft.published.ports.25565 }}
        target: 25565
        protocol: tcp
        mode: ingress
    volumes:
      - type: volume
        source: minecraft-data
        target: /data
        read_only: false
    environment:
      EULA: "TRUE"
      TZ: Americas/New_York
      VERSION: {{ omni_compose_apps.minecraft.versions.server }}
      MAX_MEMORY: "8G"
      MOTD: "A home for buttery companions"
      MODE: survival
      OPS: ScifiGeek42
      WHITELIST: "ScifiGeek42,fantasycat256,CoffeePug,Snowdude21325,KaiserSJR,glutenfreebean"
      MAX_BUILD_HEIGHT: "512"
      SNOOPER_ENABLED: "false"
      ICON: https://cdn.enp.one/img/logos/e-w-sm.png
      ENABLE_RCON: "false"
      UID: "{{ omni_compose_apps.minecraft.account.uid | string }}"
      GID: "{{ omni_compose_apps.minecraft.account.uid | string }}"
    deploy:
      replicas: 1
--- a/resources/docker-compose/plex.yaml.j2
+++ b/resources/docker-compose/plex.yaml.j2
@@ -0,0 +1,83 @@
 ---
 version: "{{ omni_compose_version | string }}"
 networks:
  plex:
    name: plex
    driver: overlay
    ipam:
      driver: default
      config:
        - subnet: {{ omni_compose_apps.plex.networks.main }}
 volumes:
  plex-config:
    name: datastore{{ omni_compose_apps.plex.datastore }}
    driver: glusterfs
  plex-data:
    name: plex-data
    driver: local
    driver_opts:
      type: nfs
      o: "addr=plexistore.tre2.local,ro"
      device: ":/nfs/plex"
 services:
  server:
    image: plexinc/pms-docker:{{ omni_compose_apps.plex.versions.default }}
    hostname: plex-media-server
    networks:
      - plex
    ports:
      - published: {{ omni_compose_apps.plex.published.ports.32400 }}
        target: 32400
        protocol: tcp
        mode: ingress
      - published: {{ omni_compose_apps.plex.published.ports.3005 }}
        target: 3005
        protocol: tcp
        mode: ingress
      - published: {{ omni_compose_apps.plex.published.ports.8324 }}
        target: 8324
        protocol: tcp
        mode: ingress
      - published: {{ omni_compose_apps.plex.published.ports.32469 }}
        target: 32469
        protocol: tcp
        mode: ingress
      - published: {{ omni_compose_apps.plex.published.ports.1900 }}
        target: 1900
        protocol: udp
        mode: ingress
      - published: {{ omni_compose_apps.plex.published.ports.32410 }}
        target: 32410
        protocol: udp
        mode: ingress
      - published: {{ omni_compose_apps.plex.published.ports.32413 }}
        target: 32413
        protocol: udp
        mode: ingress
      - published: {{ omni_compose_apps.plex.published.ports.32414 }}
        target: 32414
        protocol: udp
        mode: ingress
    volumes:
      - type: volume
        source: plex-config
        target: /config
        read_only: false
      - type: volume
        source: plex-data
        target: /data
        read_only: true
    environment:
      TZ: "Americas/New_York"
      ALLOWED_NETWORKS: 10.42.100.0/24,10.42.101.0/24
      PLEX_UID: "{{ omni_compose_apps.plex.account.uid }}"
      PLEX_GID: "{{ omni_compose_apps.plex.account.uid }}"
      ADVERTISE_IP: "http://10.42.101.10:32400/"
    deploy:
      replicas: 1
--- a/resources/docker-compose/unifi.yaml.j2
+++ b/resources/docker-compose/unifi.yaml.j2
@@ -0,0 +1,68 @@
 ---
 version: "3.7"
 networks:
  unifi:
    name: unifi
    driver: overlay
    ipam:
      driver: default
      config:
        - subnet: {{ omni_compose_apps.unifi.networks.main }}
 volumes:
  unifi-data:
    name: datastore{{ omni_compose_apps.unifi.datastore }}
    driver: glusterfs
 services:
  wlc:
    image: jacobalberty/unifi:{{ omni_compose_apps.unifi.versions.default }}
    hostname: en1-unifi-wlc
    init: true
    networks:
      - unifi
    ports:
      - published: {{ omni_compose_apps.unifi.published.ports.8080 }}
        target: 8080
        protocol: tcp
        mode: ingress
      - published: {{ omni_compose_apps.unifi.published.ports.8443 }}
        target: 8443
        protocol: tcp
        mode: ingress
      - published: {{ omni_compose_apps.unifi.published.ports.8843 }}
        target: 8843
        protocol: tcp
        mode: ingress
      - published: {{ omni_compose_apps.unifi.published.ports.8880 }}
        target: 8880
        protocol: tcp
        mode: ingress
      - published: {{ omni_compose_apps.unifi.published.ports.3478 }}
        target: 3478
        protocol: udp
        mode: ingress
      - published: {{ omni_compose_apps.unifi.published.ports.6789 }}
        target: 6789
        protocol: tcp
        mode: ingress
      - published: {{ omni_compose_apps.unifi.published.ports.10001 }}
        target: 10001
        protocol: udp
        mode: ingress
    volumes:
      - type: volume
        source: unifi-data
        target: /unifi
        read_only: false
    environment:
      RUNAS_UID0: "false"
      UNIFI_UID: "{{ omni_compose_apps.unifi.account.uid }}"
      UNIFI_GID: "{{ omni_compose_apps.unifi.account.uid }}"
      TZ: "Americas/New_York"
    deploy:
      replicas: 1
--- a/resources/nginx/bitwarden.nginx.conf.j2
+++ b/resources/nginx/bitwarden.nginx.conf.j2
@@ -0,0 +1,31 @@
 # Ansible managed file
 # DO NOT MANUALLY EDIT
 #
 server {
      server_name  {{ omni_compose_apps.bitwarden.published.host }};
      listen  443 ssl;
      root  /usr/share/nginx/html;
      location / {
          proxy_pass  http://localhost:{{ omni_compose_apps.bitwarden.published.8080 }}/;
          proxy_set_header  Host $host;
      }
      ssl_certificate  /etc/letsencrypt/live/{{ omni_compose_apps.bitwarden.published.host }}/fullchain.pem;
      ssl_certificate_key  /etc/letsencrypt/live/{{ omni_compose_apps.bitwarden.published.host }}/privkey.pem;
      include  /etc/letsencrypt/options-ssl-nginx.conf;
      ssl_dhparam  /etc/letsencrypt/ssl-dhparams.pem;
 }
 server {
      server_name  {{ omni_compose_apps.bitwarden.published.host }};
      listen  80;
      root  /usr/share/nginx/html;
      if ($host = {{ omni_compose_apps.bitwarden.published.host }}) {
            return  301 https://$host$request_uri;
      }
      return  404;
 }
 #
 # EOF
--- a/resources/nginx/nginx.conf
+++ b/resources/nginx/nginx.conf
--- a/vars/applications.yml
+++ b/vars/applications.yml
@@ -0,0 +1,86 @@
 ---
 omni_compose_version: 3.7
 omni_compose_apps:
  bitwarden:
    datastore: /appdata/bitwarden
    account:
      name: mech_bitwarden
      uid: 1294
    published:
      host: ssv.enp.one
      ports:
        8080: 8090
        8443: 8943
    networks:
      internal: 192.168.104.0/24
      external: 192.168.105.0/24
    versions:
      default: 1.36.1
      web: 2.15.1
      attachments: 1.34.0
  gitea:
    datastore: /appdata/gitea
    account:
      name: mech_gitea
      uid: 1295
    published:
      host: vcs.enp.one
      ports:
        3000: 3000
        22: 2222
    networks:
      main: 192.168.103.0/24
    versions:
      default: 1.11.5
  minecraft:
    datastore: /appdata/minecraft
    account:
      name: mech_minecraft
      uid: 1297
    published:
      ports:
        25565: 25565
    networks:
      main: 192.168.102.0/24
    versions:
      main: latest
      server: 1.15.2
  plex:
    datastore: /appdata/plex
    account:
      name: mech_plex
      uid: 1298
    published:
      host: pms.enp.one
      ports:
        32400: 32400
        3005: 3005
        8324: 8324
        32469: 32469
        1900: 1900
        32410: 32410
        32413: 32413
        32414: 32414
    networks:
      main: 192.168.101.0/24
    versions:
      default: latest
  unifi:
    datastore: /appdata/unifi
    account:
      name: mech_ubnt
      uid: 1296
    published:
      ports:
        8080: 8080
        8443: 8443
        8843: 8843
        8880: 8880
        3478: 3478
        6789: 6789
        10001: 10001
    networks:
      main: 192.168.100.0/24
    versions:
      default: "5.12"
Author	SHA1	Message	Date
Ethan Paul	e7ffb1b56c	Add compose app config for unif controller	2020-12-08 23:15:56 -05:00
Ethan Paul	e1aefa2527	Add plex compose application config	2020-12-08 23:07:25 -05:00
Ethan Paul	800c7f062c	Add minecraft compose application	2020-12-08 22:58:15 -05:00
Ethan Paul	43370eb837	Fix compose file permissions	2020-12-08 22:47:22 -05:00
Ethan Paul	fd056ba0fa	Add gitea compose application config	2020-12-08 22:47:22 -05:00
Ethan Paul	e0fc6ab1fa	Add missing jsondiff dependency	2020-12-08 22:47:22 -05:00
Ethan Paul	0016b318e2	Implement docker compose app deployment playbook	2020-12-08 22:47:22 -05:00