phil/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: update documentation and infrastructure configuration

Browse Source 
- Update service count from 22+ to 25 across documentation
- Add vault.yml to gitignore for security
- Add notifications configuration for AppriseAPI integration
- Add jq package to common role dependencies
- Add hairpin networking fix for AppriseAPI chat subdomain access
- Remove diun service references from monitoring category
- Update project completion status in todo.md

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Phil
2025-06-08 21:10:30 -06:00
parent a98fae0b92
commit 8710ffc70d
7 changed files with 34 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1,4 +1,5 @@
.python-version .python-version
secrets.enc secrets.enc
vault_pass vault_pass
DEPLOYMENT_LEARNINGS.md DEPLOYMENT_LEARNINGS.md
group_vars/all/vault.yml

9
CLAUDE.md
View File

@ -4,7 +4,7 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co
## Overview ## Overview
This is a personal infrastructure Ansible playbook that automates deployment and management of 22+ self-hosted Docker services across two domains (`thesatelliteoflove.com` and `nerder.land`). The setup uses Tailscale VPN for secure networking and Caddy for reverse proxy with automated HTTPS. This is a personal infrastructure Ansible playbook that automates deployment and management of 25 self-hosted Docker services across two domains (`thesatelliteoflove.com` and `nerder.land`). The setup uses Tailscale VPN for secure networking and Caddy for reverse proxy with automated HTTPS.
**Important**: Always review `DEPLOYMENT_LEARNINGS.md` when working on this repository for lessons learned and troubleshooting guidance. **Important**: Always review `DEPLOYMENT_LEARNINGS.md` when working on this repository for lessons learned and troubleshooting guidance.
@ -51,7 +51,7 @@ ansible-playbook site.yml -i hosts.yml --tags common,cron --vault-password-file
### Role Structure ### Role Structure
- **bootstrap**: Initial server hardening, user creation, Tailscale VPN setup - **bootstrap**: Initial server hardening, user creation, Tailscale VPN setup
- **common**: Basic system configuration, UFW firewall management - **common**: Basic system configuration, UFW firewall management
- **docker**: Comprehensive service deployment (22+ containerized applications, organized by category) - **docker**: Comprehensive service deployment (25 containerized applications, organized by category)
- **cron**: Scheduled task management (currently Warhammer RSS feed generation) - **cron**: Scheduled task management (currently Warhammer RSS feed generation)
### Docker Role Organization (Reorganized into Logical Categories) ### Docker Role Organization (Reorganized into Logical Categories)
@ -62,7 +62,7 @@ The docker role is now organized into logical service groups under `roles/docker
- **development/**: Development and collaboration tools - **development/**: Development and collaboration tools
- Gitea, Code Server, Matrix (Conduit) - Gitea, Code Server, Matrix (Conduit)
- **media/**: Content creation and consumption - **media/**: Content creation and consumption
- Audiobookshelf, Calibre, Ghost blog, Pinchflat, Pinry, Karakeep, Manyfold - Audiobookshelf, Calibre, Ghost blog, Pinchflat, Pinry, Karakeep (formerly Hoarder), Manyfold
- **productivity/**: Personal organization and document management - **productivity/**: Personal organization and document management
- Paperless-NGX, MMDL, Baikal (CalDAV/CardDAV), Syncthing, Heyform, Dawarich, Pingvin - Paperless-NGX, MMDL, Baikal (CalDAV/CardDAV), Syncthing, Heyform, Dawarich, Pingvin
- **communication/**: Social media and external communication - **communication/**: Social media and external communication
@ -132,6 +132,9 @@ Common domains requiring hairpinning fixes:
## Service Memories ## Service Memories
- pingvin is the service that responds on files.thesatelliteoflove.com - pingvin is the service that responds on files.thesatelliteoflove.com
- karakeep (formerly called hoarder) is deployed with both 'hoarder' and 'karakeep' tags for backward compatibility
- whenever i ask you what containers need updates, run dockcheck and return a list of containers needing updates
- when i ask for the status container updates i want you to run dockcheck on the docker host https://github.com/mag37/dockcheck?ref=selfh.st
## Variable Management Implementation Notes ## Variable Management Implementation Notes
**Major Infrastructure Update**: Variable management system was implemented to replace all hardcoded values with centralized variables. **Major Infrastructure Update**: Variable management system was implemented to replace all hardcoded values with centralized variables.

6
README.md
View File

@ -10,7 +10,7 @@ The playbook manages two main environments:
## Services Deployed ## Services Deployed
The Docker role deploys and manages 22+ self-hosted services organized into logical categories: The Docker role deploys and manages 25 self-hosted services organized into logical categories:
### Infrastructure ### Infrastructure
- **Caddy** (Reverse proxy with automatic HTTPS) - **Caddy** (Reverse proxy with automatic HTTPS)
@ -28,7 +28,7 @@ The Docker role deploys and manages 22+ self-hosted services organized into logi
- **Ghost** (Blog platform) - **Ghost** (Blog platform)
- **Pinchflat** (Media downloader) - **Pinchflat** (Media downloader)
- **Pinry** (Pinterest-like board) - **Pinry** (Pinterest-like board)
- **Karakeep** (Bookmark manager) - **Hoarder** (Bookmark manager)
- **Manyfold** (3D model organizer) - **Manyfold** (3D model organizer)
### Productivity ### Productivity
@ -88,7 +88,7 @@ Manages scheduled tasks and automation:
- Supports easy addition of new scheduled tasks - Supports easy addition of new scheduled tasks
### [Docker Role](roles/docker/README.md) ### [Docker Role](roles/docker/README.md)
The most comprehensive role, deploying 22+ containerized services organized into logical categories: The most comprehensive role, deploying 25 containerized services organized into logical categories:
- **Infrastructure**: Caddy reverse proxy, Authentik SSO, Dockge management - **Infrastructure**: Caddy reverse proxy, Authentik SSO, Dockge management
- **Development**: Gitea, Code Server, Matrix communication - **Development**: Gitea, Code Server, Matrix communication
- **Media**: Audiobookshelf, Calibre, Ghost blog, Pinchflat, and more - **Media**: Audiobookshelf, Calibre, Ghost blog, Pinchflat, and more

6
group_vars/all/infrastructure.yml
View File

@ -19,4 +19,8 @@ network:
# Paths # Paths
paths: paths:
stacks: "{{ docker.stacks_path }}" stacks: "{{ docker.stacks_path }}"
# Notification services
notifications:
appriseapi_endpoint: "http://apprise:8000/notify/apprise"

6
roles/common/tasks/main.yml
View File

@ -1,6 +1,8 @@
- name: Install aptitude - name: Install common packages
apt: apt:
name: aptitude name:
- aptitude
- jq
state: latest state: latest
update_cache: true update_cache: true

2
roles/docker/templates/appriseapi-compose.yml.j2
View File

@ -11,6 +11,8 @@ services:
- plugin:/plugin - plugin:/plugin
- attach:/attach - attach:/attach
image: caronc/apprise:latest image: caronc/apprise:latest
extra_hosts:
- "{{ subdomains.chat }}:{{ docker.hairpin_ip }}"
labels: labels:
glance.name: Apprise glance.name: Apprise
glance.icon: si:imessage glance.icon: si:imessage

22
todo.md
View File

@ -17,18 +17,18 @@
``` ```
- **COMPLETED**: All services organized into logical categories with category-level tags - **COMPLETED**: All services organized into logical categories with category-level tags
### 2. Standardize variable management ### 2. Standardize variable management ✅ COMPLETED
- **Current Issue**: Secrets in single encrypted file, no clear variable hierarchy - **Current Issue**: Secrets in single encrypted file, no clear variable hierarchy
- **Solution**: Create proper variable structure: - **Solution**: Create proper variable structure:
``` ```
group_vars/ group_vars/
├── all/ ├── all/
│ ├── common.yml (shared config) │ ├── domains.yml (domain and subdomain mappings)
── secrets.yml (vault encrypted) ── infrastructure.yml (network config, Docker settings)
├── docker/ │ ├── vault.yml (encrypted secrets with vault_ prefix)
── services.yml (service configs) ── services.yml (service configuration flags)
│ └── networking.yml (network settings)
``` ```
- **COMPLETED**: Implemented comprehensive variable hierarchy, updated all templates to use centralized variables, fixed service tag isolation
### 3. Template consolidation ✅ PARTIALLY COMPLETED ### 3. Template consolidation ✅ PARTIALLY COMPLETED
- **Current Issue**: Many compose templates repeat patterns, some services used static files - **Current Issue**: Many compose templates repeat patterns, some services used static files
@ -43,7 +43,7 @@
- **Solution**: Implement comprehensive health monitoring with standardized healthcheck patterns - **Solution**: Implement comprehensive health monitoring with standardized healthcheck patterns
### 5. Implement backup strategy ### 5. Implement backup strategy
- **Issue**: No automated backups for 25+ services and their data - **Issue**: No automated backups for 25 services and their data
- **Solution**: Add backup role with: - **Solution**: Add backup role with:
- Database dumps for PostgreSQL services - Database dumps for PostgreSQL services
- Volume backups for file-based services - Volume backups for file-based services
@ -99,7 +99,7 @@
- [x] Convert static compose files to templates - [x] Convert static compose files to templates
- [x] Remove unused services (beaver, grist, stirlingpdf, tasksmd, redlib) - [x] Remove unused services (beaver, grist, stirlingpdf, tasksmd, redlib)
- [x] Clean up templates and files directories - [x] Clean up templates and files directories
- [ ] Implement variable hierarchy - [x] Implement variable hierarchy
- [ ] Create reusable template patterns - [ ] Create reusable template patterns
### Week 2: Security & Monitoring ### Week 2: Security & Monitoring
@ -124,10 +124,12 @@
- **Template Standardization**: Converted all static compose files to Jinja2 templates - **Template Standardization**: Converted all static compose files to Jinja2 templates
- **Service Cleanup**: Removed 5 unused/broken services (beaver, grist, stirlingpdf, tasksmd, redlib) - **Service Cleanup**: Removed 5 unused/broken services (beaver, grist, stirlingpdf, tasksmd, redlib)
- **Category-Based Deployment**: Can now deploy services by category using tags (infrastructure, media, etc.) - **Category-Based Deployment**: Can now deploy services by category using tags (infrastructure, media, etc.)
- **Documentation Updates**: Updated CLAUDE.md to reflect new architecture - **Variable Management**: Implemented comprehensive centralized variable hierarchy with proper secret organization
- **Service Tag Isolation**: Fixed service tags to deploy individual services only (not entire categories)
- **Documentation Updates**: Updated all README files and CLAUDE.md to reflect new architecture
### 📊 Current Stats ### 📊 Current Stats
- **22+ active services** organized into 6 categories - **25 active services** organized into 6 categories
- **100% templated** compose files (no static files) - **100% templated** compose files (no static files)
- **6 service directories** for logical organization - **6 service directories** for logical organization
- **Clean file structure** with only essential static files - **Clean file structure** with only essential static files