- name: Base setup for lotus-land-story hosts: lotus-land-story vars_files: - vars.yml tasks: - name: Always mount the lotus-land-story volume ansible.builtin.lineinfile: dest: /etc/fstab line: "{{ linode_volume }} /mnt/lotus-land-story ext4 defaults,noatime,nofail 0 2" state: present - name: Set hostname ansible.builtin.hostname: name: lotus-land-story - name: Install ansible requirements ansible.builtin.apt: pkg: - docker-compose - libpq-dev - python3-docker - python3-psycopg2 state: present - import_playbook: ../playbooks/tailscale.yml # noqa: name[play] - import_playbook: docker.yml # noqa: name[play] - import_playbook: postgres.yml # noqa: name[play] - import_playbook: redis.yml # noqa: name[play] - name: Listen on the docker interface hosts: lotus-land-story tasks: - name: Set up postgres to listen on docker0 interface ansible.builtin.lineinfile: dest: /etc/postgresql/13/main/conf.d/listen.conf regexp: '^#?listen_addresses=' line: "listen_addresses='localhost,{{ docker_ip.address }}'" state: present create: true mode: "0644" notify: Restart postgres handlers: - name: Import restarts ansible.builtin.import_tasks: restarts.yml - import_playbook: prometheus.yml # noqa: name[play] # Maybe this should be in the prometheus playbook? - name: Set up prometheus user in postgres hosts: lotus-land-story become: true become_user: postgres tasks: - name: Get postgres roles community.postgresql.postgresql_info: filter: roles register: postgres_info - name: Add postgres permissions for postgres-exporter community.postgresql.postgresql_query: query: | CREATE USER prometheus; ALTER USER prometheus SET SEARCH_PATH TO prometheus,pg_catalog; CREATE SCHEMA prometheus AUTHORIZATION prometheus; CREATE FUNCTION prometheus.f_select_pg_stat_activity() RETURNS setof pg_catalog.pg_stat_activity LANGUAGE sql SECURITY DEFINER AS $$ SELECT * from pg_catalog.pg_stat_activity; $$; CREATE FUNCTION prometheus.f_select_pg_stat_replication() RETURNS setof pg_catalog.pg_stat_replication LANGUAGE sql SECURITY DEFINER AS $$ SELECT * from pg_catalog.pg_stat_replication; $$; CREATE VIEW prometheus.pg_stat_replication AS SELECT * FROM prometheus.f_select_pg_stat_replication(); CREATE VIEW prometheus.pg_stat_activity AS SELECT * FROM prometheus.f_select_pg_stat_activity(); GRANT SELECT ON prometheus.pg_stat_replication TO prometheus; GRANT SELECT ON prometheus.pg_stat_activity TO prometheus; when: "'prometheus' not in postgres_info.roles" - import_playbook: golink.yml # noqa: name[play] - import_playbook: grafana.yml # noqa: name[play] - import_playbook: loki.yml # noqa: name[play] - import_playbook: miniflux.yml # noqa: name[play] - import_playbook: gotosocial.yml # noqa: name[play] - import_playbook: caddy.yml # noqa: name[play] - name: Set up ufw hosts: lotus-land-story tasks: - name: Get docker network for ufw community.docker.docker_network: name: lotus_land_story register: docker_network - name: Allow access from docker network community.general.ufw: rule: allow from_ip: "{{ docker_network.network.IPAM.Config[0].Subnet }}" notify: Reload ufw handlers: - name: Import restarts ansible.builtin.import_tasks: restarts.yml # vim: ft=yaml.ansible