phil/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: phil:ff896830384cf2db689bcf78dc2fc98722b3dbec
Branches Tags
phil:main phil:add-auto-update-labels
..
compare: phil:2cc05a19e6e35d10b1be21d6aff8e478b61994af
Branches Tags
phil:add-auto-update-labels phil:main

4 Commits
ff89683038 ... 2cc05a19e6

Author SHA1 Message Date
Phil
2cc05a19e6 fix: add Gotify hairpin to changedetection services 
- Add extra_hosts entry for changedetection service to reach Gotify
- Add extra_hosts entry for sockpuppetbrowser service to reach Gotify
- Resolves internal routing issues for Gotify notifications

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-06-19 17:18:30 -06:00
Phil
d54d04bcc9 feat: add dockcheck cron job for container update notifications 
- Install dockcheck.sh script in user's .local/bin directory
- Create notification templates directory with notify_v2.sh and notify_gotify.sh
- Configure Gotify notifications for container update alerts
- Add minimal config with DontUpdate=true (notification only)
- Exclude authentik-postgresql-1 and dawarich_redis from checks
- Schedule daily cron job at 8:00 AM as phil user
- Add dockcheck Gotify token to vault secrets

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-06-19 16:54:32 -06:00
Phil
5f76f69d8b fix: complete Dawarich architecture with Redis and Sidekiq services 
- Add Redis service for caching and background job processing
- Add Sidekiq worker service for background tasks
- Update to tagged version 0.28.1 for stability
- Fix Redis URL format to resolve parsing errors
- Remove incorrect volume mounts and SQLite paths
- Add proper service dependencies and health checks
- Use vault variable for SECRET_KEY_BASE security

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-06-19 16:04:46 -06:00
Phil
ef5309363c Update Dawarich to latest (0.28.1) and Glance to latest (v0.8.4) 2025-06-19 15:09:35 -06:00
7 changed files with 173 additions and 13 deletions
Expand all files Collapse all files

72
roles/cron/tasks/main.yml
View File

@@ -16,3 +16,75 @@
hour: "9" hour: "9"
user: root user: root
job: "/usr/local/bin/update_warhammer_feed.sh" job: "/usr/local/bin/update_warhammer_feed.sh"
# Create .local/bin directory for phil user
- name: Ensure .local/bin directory exists for phil
file:
path: /home/phil/.local/bin
state: directory
mode: '0755'
owner: phil
group: phil
# Install dockcheck script in phil's .local/bin
- name: Download dockcheck.sh script
get_url:
url: https://raw.githubusercontent.com/mag37/dockcheck/main/dockcheck.sh
dest: /home/phil/.local/bin/dockcheck.sh
mode: '0755'
owner: phil
group: phil
# Create .config directory for phil user
- name: Ensure .config directory exists for phil
file:
path: /home/phil/.config
state: directory
mode: '0755'
owner: phil
group: phil
# Create notify_templates directory alongside dockcheck.sh
- name: Ensure notify_templates directory exists in .local/bin
file:
path: /home/phil/.local/bin/notify_templates
state: directory
mode: '0755'
owner: phil
group: phil
# Download notify_v2.sh script for dockcheck notifications
- name: Download notify_v2.sh script
get_url:
url: https://raw.githubusercontent.com/mag37/dockcheck/main/notify_templates/notify_v2.sh
dest: /home/phil/.local/bin/notify_templates/notify_v2.sh
mode: '0755'
owner: phil
group: phil
# Download notify_gotify.sh script for dockcheck notifications
- name: Download notify_gotify.sh script
get_url:
url: https://raw.githubusercontent.com/mag37/dockcheck/main/notify_templates/notify_gotify.sh
dest: /home/phil/.local/bin/notify_templates/notify_gotify.sh
mode: '0755'
owner: phil
group: phil
# Template dockcheck configuration file
- name: Template dockcheck configuration
template:
src: dockcheck.config.j2
dest: /home/phil/.config/dockcheck.config
mode: '0644'
owner: phil
group: phil
# Create cron job for dockcheck as phil user
- name: Create cron job for dockcheck container updates
cron:
name: "Check Docker container updates"
minute: "0"
hour: "8"
user: phil
job: "/home/phil/.local/bin/dockcheck.sh"

16
roles/cron/templates/dockcheck.config.j2 Normal file
View File

@@ -0,0 +1,16 @@
# Dockcheck Configuration - Check only, no updates
# Don't update, just check for updates
DontUpdate=true
# Enable notifications
Notify=true
# Exclude containers from checking
Exclude="authentik-postgresql-1,dawarich_redis"
# Notification channels
NOTIFY_CHANNELS="gotify"
# Gotify notification configuration
GOTIFY_DOMAIN="https://{{ subdomains.gotify }}"
GOTIFY_TOKEN="{{ vault_dockcheck.gotify_token }}"

4
roles/docker/templates/authentik-compose.yml.j2
View File

@@ -37,7 +37,7 @@ services:
glance.parent: authentik glance.parent: authentik
glance.name: Redis glance.name: Redis
server: server:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.1} image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.2}
restart: unless-stopped restart: unless-stopped
command: server command: server
environment: environment:
@@ -64,7 +64,7 @@ services:
glance.description: Authentication server glance.description: Authentication server
glance.id: authentik glance.id: authentik
worker: worker:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.1} image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.2}
restart: unless-stopped restart: unless-stopped
command: worker command: worker
environment: environment:

6
roles/docker/templates/changedetection-compose.yml.j2
View File

@@ -4,8 +4,6 @@ services:
image: ghcr.io/dgtlmoon/changedetection.io image: ghcr.io/dgtlmoon/changedetection.io
container_name: changedetection container_name: changedetection
hostname: changedetection hostname: changedetection
extra_hosts:
- '{{ subdomains.chat }}:172.20.0.5'
labels: labels:
glance.name: Changedetection glance.name: Changedetection
glance.icon: si:watchtower glance.icon: si:watchtower
@@ -77,6 +75,8 @@ services:
# ports: # ports:
# - 5000:5000 # - 5000:5000
restart: unless-stopped restart: unless-stopped
extra_hosts:
- "{{ subdomains.gotify }}:{{ docker.hairpin_ip }}"
# Used for fetching pages via WebDriver+Chrome where you need Javascript support. # Used for fetching pages via WebDriver+Chrome where you need Javascript support.
# Now working on arm64 (needs testing on rPi - tested on Oracle ARM instance) # Now working on arm64 (needs testing on rPi - tested on Oracle ARM instance)
@@ -106,6 +106,8 @@ services:
- SCREEN_HEIGHT=1024 - SCREEN_HEIGHT=1024
- SCREEN_DEPTH=16 - SCREEN_DEPTH=16
- MAX_CONCURRENT_CHROME_PROCESSES=10 - MAX_CONCURRENT_CHROME_PROCESSES=10
extra_hosts:
- "{{ subdomains.gotify }}:{{ docker.hairpin_ip }}"
# Used for fetching pages via Playwright+Chrome where you need Javascript support. # Used for fetching pages via Playwright+Chrome where you need Javascript support.
# Note: Works well but is deprecated, does not fetch full page screenshots (doesnt work with Visual Selector) # Note: Works well but is deprecated, does not fetch full page screenshots (doesnt work with Visual Selector)

84
roles/docker/templates/dawarich-compose.yml.j2
View File

@@ -1,4 +1,19 @@
services: services:
dawarich_redis:
image: redis:7.4-alpine
container_name: dawarich_redis
labels:
glance.parent: dawarich
glance.name: Redis
volumes:
- dawarich_redis_data:/data
restart: always
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
retries: 5
start_period: 30s
timeout: 10s
dawarich_db: dawarich_db:
image: postgis/postgis:17-3.5-alpine image: postgis/postgis:17-3.5-alpine
shm_size: 1G shm_size: 1G
@@ -19,8 +34,9 @@ services:
retries: 5 retries: 5
start_period: 30s start_period: 30s
timeout: 10s timeout: 10s
dawarich_app: dawarich_app:
image: freikin/dawarich:0.27.3 image: freikin/dawarich:0.28.1
container_name: dawarich_app container_name: dawarich_app
labels: labels:
glance.name: Dawarich glance.name: Dawarich
@@ -32,7 +48,6 @@ services:
- dawarich_public:/var/app/public - dawarich_public:/var/app/public
- dawarich_watched:/var/app/tmp/imports/watched - dawarich_watched:/var/app/tmp/imports/watched
- dawarich_storage:/var/app/storage - dawarich_storage:/var/app/storage
- dawarich_db_data:/dawarich_db_data
stdin_open: true stdin_open: true
tty: true tty: true
entrypoint: web-entrypoint.sh entrypoint: web-entrypoint.sh
@@ -40,13 +55,12 @@ services:
restart: on-failure restart: on-failure
environment: environment:
RAILS_ENV: production RAILS_ENV: production
QUEUE_DATABASE_PATH: /dawarich_db_data/dawarich_production_queue.sqlite3
CACHE_DATABASE_PATH: /dawarich_db_data/dawarich_production_cache.sqlite3
DATABASE_HOST: dawarich_db DATABASE_HOST: dawarich_db
DATABASE_PORT: 5432 DATABASE_PORT: 5432
DATABASE_USERNAME: postgres DATABASE_USERNAME: postgres
DATABASE_PASSWORD: {{ vault_dawarich.postgres_password }} DATABASE_PASSWORD: {{ vault_dawarich.postgres_password }}
DATABASE_NAME: dawarich_production DATABASE_NAME: dawarich_production
REDIS_URL: redis://dawarich_redis:6379
MIN_MINUTES_SPENT_IN_CITY: 60 MIN_MINUTES_SPENT_IN_CITY: 60
APPLICATION_HOSTS: {{ subdomains.loclog }},localhost,::1,127.0.0.1 APPLICATION_HOSTS: {{ subdomains.loclog }},localhost,::1,127.0.0.1
TIME_ZONE: America/Denver TIME_ZONE: America/Denver
@@ -55,7 +69,7 @@ services:
PROMETHEUS_EXPORTER_ENABLED: false PROMETHEUS_EXPORTER_ENABLED: false
PROMETHEUS_EXPORTER_HOST: 0.0.0.0 PROMETHEUS_EXPORTER_HOST: 0.0.0.0
PROMETHEUS_EXPORTER_PORT: 9394 PROMETHEUS_EXPORTER_PORT: 9394
SECRET_KEY_BASE: 1234567890 SECRET_KEY_BASE: {{ vault_dawarich.secret_key_base }}
RAILS_LOG_TO_STDOUT: "true" RAILS_LOG_TO_STDOUT: "true"
logging: logging:
driver: "json-file" driver: "json-file"
@@ -72,13 +86,69 @@ services:
dawarich_db: dawarich_db:
condition: service_healthy condition: service_healthy
restart: true restart: true
dawarich_redis:
condition: service_healthy
restart: true
deploy: deploy:
resources: resources:
limits: limits:
cpus: '0.50' # Limit CPU usage to 50% of one core cpus: '0.50'
memory: '2G' # Limit memory usage to 2GB memory: '2G'
dawarich_sidekiq:
image: freikin/dawarich:0.28.1
container_name: dawarich_sidekiq
labels:
glance.parent: dawarich
glance.name: Sidekiq
volumes:
- dawarich_public:/var/app/public
- dawarich_watched:/var/app/tmp/imports/watched
- dawarich_storage:/var/app/storage
stdin_open: true
tty: true
entrypoint: sidekiq-entrypoint.sh
command: ['sidekiq']
restart: on-failure
environment:
RAILS_ENV: production
DATABASE_HOST: dawarich_db
DATABASE_PORT: 5432
DATABASE_USERNAME: postgres
DATABASE_PASSWORD: {{ vault_dawarich.postgres_password }}
DATABASE_NAME: dawarich_production
REDIS_URL: redis://dawarich_redis:6379
MIN_MINUTES_SPENT_IN_CITY: 60
APPLICATION_HOSTS: {{ subdomains.loclog }},localhost,::1,127.0.0.1
TIME_ZONE: America/Denver
APPLICATION_PROTOCOL: http
DISTANCE_UNIT: mi
PROMETHEUS_EXPORTER_ENABLED: false
SECRET_KEY_BASE: {{ vault_dawarich.secret_key_base }}
RAILS_LOG_TO_STDOUT: "true"
logging:
driver: "json-file"
options:
max-size: "100m"
max-file: "5"
healthcheck:
test: ["CMD-SHELL", "ps aux | grep '[s]idekiq' || exit 1"]
interval: 10s
retries: 30
start_period: 30s
timeout: 10s
depends_on:
dawarich_app:
condition: service_healthy
restart: true
dawarich_db:
condition: service_healthy
restart: true
dawarich_redis:
condition: service_healthy
restart: true
volumes: volumes:
dawarich_db_data: dawarich_db_data:
dawarich_redis_data:
dawarich_public: dawarich_public:
dawarich_watched: dawarich_watched:
dawarich_storage: dawarich_storage:

2
roles/docker/templates/glance-compose.yml.j2
View File

@@ -1,6 +1,6 @@
services: services:
glance: glance:
image: glanceapp/glance:v0.8.3 image: glanceapp/glance:latest
volumes: volumes:
- ./config:/app/config - ./config:/app/config
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro

2
roles/docker/templates/postiz-compose.yml.j2
View File

@@ -1,6 +1,6 @@
services: services:
postiz: postiz:
image: ghcr.io/gitroomhq/postiz-app:v1.48.4 image: ghcr.io/gitroomhq/postiz-app:latest
container_name: postiz container_name: postiz
restart: always restart: always
environment: environment: