refactor: upgrade ansible, remove clean_desired flag, add separate clean playbook

2025-01-05 00:23:23 -08:00
parent 73c370b360
commit c0103496a1
22 changed files with 73 additions and 75 deletions
--- a/roles/alpina/templates/apps/arrstack/docker-compose.yml.j2
+++ b/roles/alpina/templates/apps/arrstack/docker-compose.yml.j2
@@ -9,6 +9,8 @@ services:
    container_name: gluetun
    cap_add:
      - NET_ADMIN
+    devices:
+      - /dev/net/tun:/dev/net/tun
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
    env_file:
--- a/roles/alpina/templates/apps/gitea/docker-compose.yml.j2
+++ b/roles/alpina/templates/apps/gitea/docker-compose.yml.j2
--- a/roles/alpina/templates/apps/jellyfin/docker-compose.yml.j2
+++ b/roles/alpina/templates/apps/jellyfin/docker-compose.yml.j2
--- a/roles/alpina/templates/apps/nextcloud/docker-compose.yml.j2
+++ b/roles/alpina/templates/apps/nextcloud/docker-compose.yml.j2
--- a/roles/alpina/templates/apps/vpgen/docker-compose.yml.j2
+++ b/roles/alpina/templates/apps/vpgen/docker-compose.yml.j2
--- a/roles/alpina/templates/services/authentik/docker-compose.yml.j2
+++ b/roles/alpina/templates/services/authentik/docker-compose.yml.j2
@@ -15,7 +15,8 @@ services:
    restart: unless-stopped
    # Port forward is needed because traefik can't resolve the container name from the host network
    ports:
-      - "9000:9000"
+      - "127.0.0.1:9000:9000"
+      - "[::1]:9000:9000"
    command: server
    env_file:
      - .env.authentik
--- a/roles/alpina/templates/services/minio/docker-compose.yml.j2
+++ b/roles/alpina/templates/services/minio/docker-compose.yml.j2
--- a/roles/alpina/templates/services/monitoring/docker-compose.yml.j2
+++ b/roles/alpina/templates/services/monitoring/docker-compose.yml.j2
@@ -31,7 +31,8 @@ services:
      - -config.file=/etc/loki/loki-config.yaml
    # Port forward is needed because not possible to resolve the container name from the host network
    ports:
-      - 3100:3100
+      - "127.0.0.1:3100:3100"
+      - "[::1]:3100:3100"
    volumes:
      - {{ base_volume_path }}/monitoring/loki:/loki
      - ./loki_config:/etc/loki:ro
--- a/roles/alpina/templates/services/traefik/docker-compose.yml.j2
+++ b/roles/alpina/templates/services/traefik/docker-compose.yml.j2
--- a/roles/clean/tasks/main.yml
+++ b/roles/clean/tasks/main.yml
@@ -0,0 +1,22 @@
+- name: Get list of running Docker containers
+  docker_host_info:
+    containers: yes
+  register: docker_container_list
+
+- name: Stop all running Docker containers
+  docker_container:
+    name: "{{ item }}"
+    state: stopped
+  loop: "{{ docker_container_list.containers | map(attribute='Id') | list }}"
+  async: 300
+  poll: 0
+
+- name: Prune all Docker containers and networks
+  docker_prune:
+    containers: yes
+    networks: yes
+
+- name: Clean alpina directory
+  file:
+    path: "{{ alpina_svc_path }}"
+    state: absent
--- a/roles/docker_host/tasks/main.yml
+++ b/roles/docker_host/tasks/main.yml
@@ -1,12 +1,5 @@
- name: Get IPv6 subnet for Docker
-  set_fact:
-    docker_ipv6_subnet: "{{ \
-      ansible_default_ipv6.address \
-      | ansible.utils.ipsubnet(64) \
-      | ansible.utils.ipsubnet(72, docker_ipv6_index) \
-    }}"
-
- debug:
+- name: IPv6 subnet for Docker
+  debug:
    var: docker_ipv6_subnet

 - name: Configure Docker daemon
@@ -35,33 +28,6 @@
    state: disabled
  register: docker0_firewalld

- name: Get list of running Docker containers
-  docker_host_info:
-    containers: yes
-  register: docker_container_list
-  when: clean_desired is true
-
- name: Stop all running Docker containers
-  docker_container:
-    name: "{{ item }}"
-    state: stopped
-  loop: "{{ docker_container_list.containers | map(attribute='Id') | list }}"
-  async: 300
-  poll: 0
-  when: clean_desired is true and docker_container_list.containers | length > 0
-
- name: Prune all Docker containers and networks
-  docker_prune:
-    containers: yes
-    networks: yes
-  when: clean_desired is true
-
- name: Clean alpina directory
-  file:
-    path: "{{ alpina_svc_path }}"
-    state: absent
-  when: clean_desired is true
-
 - name: Restart Docker daemon
  become: yes
  service: