updates: prepare for upgrade to debian 12

2024-06-27 15:19:52 -07:00 · 2024-06-27 15:19:52 -07:00 · f3c6c61130
commit f3c6c61130
parent ef40b1ba7d
14 changed files with 32 additions and 85 deletions
--- a/group_vars/docker_hosts.yml
+++ b/group_vars/docker_hosts.yml
@ -3,4 +3,4 @@ my_svc_path: ~/alpina
 base_volume_path: /mnt/dock
 media_volume_path: /mnt/media

-traefik_ip: 172.16.122.254
+traefik_subnet: 172.16.122.0
--- a/roles/alpina/collections/apps/arrstack/templates/docker-compose.yml.j2
+++ b/roles/alpina/collections/apps/arrstack/templates/docker-compose.yml.j2
@ -1,6 +1,4 @@
 {% import 'contrib/compose_helpers.j2' as helpers with context %}
-{##}
-version: "3.9"

 networks:
  {{ helpers.default_network(249) | indent(2) }}
--- a/roles/alpina/collections/apps/gitea/templates/docker-compose.yml.j2
+++ b/roles/alpina/collections/apps/gitea/templates/docker-compose.yml.j2
@ -1,6 +1,4 @@
 {% import 'contrib/compose_helpers.j2' as helpers with context %}
-{##}
-version: "3.9"

 networks:
  {{ helpers.default_network(199) | indent(2) }}
--- a/roles/alpina/collections/apps/jellyfin/templates/docker-compose.yml.j2
+++ b/roles/alpina/collections/apps/jellyfin/templates/docker-compose.yml.j2
@ -1,6 +1,4 @@
 {% import 'contrib/compose_helpers.j2' as helpers with context %}
-{##}
-version: "3.9"

 networks:
  {{ helpers.default_network(197) | indent(2) }}
--- a/roles/alpina/collections/apps/nextcloud/templates/.env.nextcloud.j2
+++ b/roles/alpina/collections/apps/nextcloud/templates/.env.nextcloud.j2
@ -17,7 +17,7 @@ SMTP_PASSWORD={{ sendgrid_api_key }}
 MAIL_FROM_ADDRESS=nc
 MAIL_DOMAIN=cazzzer.com

-TRUSTED_PROXIES={{ traefik_ip }}
+TRUSTED_PROXIES={{ traefik_subnet }}
 OVERWRITEHOST=nc.{{ domain }}
 OVERWRITEPROTOCOL=https
 OVERWRITECLIURL=https://nc.{{ domain }}
--- a/roles/alpina/collections/apps/nextcloud/templates/docker-compose.yml.j2
+++ b/roles/alpina/collections/apps/nextcloud/templates/docker-compose.yml.j2
@ -1,6 +1,4 @@
 {% import 'contrib/compose_helpers.j2' as helpers with context %}
-{##}
-version: "3.9"

 networks:
  {{ helpers.default_network(198) | indent(2) }}
--- a/roles/alpina/collections/services/authentik/templates/docker-compose.yml.j2
+++ b/roles/alpina/collections/services/authentik/templates/docker-compose.yml.j2
@ -1,6 +1,4 @@
 {% import 'contrib/compose_helpers.j2' as helpers with context %}
-{##}
-version: "3.9"

 networks:
  {{ helpers.default_network(253) | indent(2) }}
--- a/roles/alpina/collections/services/minio/templates/docker-compose.yml.j2
+++ b/roles/alpina/collections/services/minio/templates/docker-compose.yml.j2
@ -1,6 +1,4 @@
 {% import 'contrib/compose_helpers.j2' as helpers with context %}
-{##}
-version: "3.9"

 networks:
  {{ helpers.default_network(252) | indent(2) }}
--- a/roles/alpina/collections/services/monitoring/templates/docker-compose.yml.j2
+++ b/roles/alpina/collections/services/monitoring/templates/docker-compose.yml.j2
@ -1,6 +1,4 @@
 {% import 'contrib/compose_helpers.j2' as helpers with context %}
-{##}
-version: "3.9"

 networks:
  {{ helpers.default_network(251) | indent(2) }}
@ -68,6 +66,25 @@ services:
      - {{ base_volume_path }}/monitoring/prometheus_configs:/etc/prometheus/extra:ro
      - {{ base_volume_path }}/monitoring/prometheus:/prometheus

+  node-exporter:
+    image: prom/node-exporter:latest
+    container_name: node-exporter
+    restart: unless-stopped
+    network_mode: host
+    pid: host
+    volumes:
+      - /:/host:ro,rslave
+
+  cadvisor:
+    image: gcr.io/cadvisor/cadvisor:latest
+    container_name: cadvisor
+    restart: unless-stopped
+    volumes:
+      - /:/rootfs:ro
+      - /var/run:/var/run:rw
+      - /sys:/sys:ro
+      - /var/lib/docker/:/var/lib/docker:ro
+
  influxdb:
    image: influxdb:2.7-alpine
    container_name: influxdb
--- a/roles/alpina/collections/services/monitoring/templates/prometheus_config/prometheus.yml.j2
+++ b/roles/alpina/collections/services/monitoring/templates/prometheus_config/prometheus.yml.j2
@ -16,7 +16,7 @@ scrape_configs:

  - job_name: "cadvisor"
    static_configs:
-      - targets: ["{{ ansible_host }}:9110"]
+      - targets: ["cadvisor:8080"]

  - job_name: "traefik"
    static_configs:
--- a/roles/alpina/collections/services/traefik/templates/docker-compose.yml.j2
+++ b/roles/alpina/collections/services/traefik/templates/docker-compose.yml.j2
@ -1,6 +1,4 @@
 {% import 'contrib/compose_helpers.j2' as helpers with context %}
-{##}
-version: "3.9"

 networks:
  traefik:
@ -8,7 +6,8 @@ networks:
    enable_ipv6: true
    ipam:
      config:
-        - subnet: {{ traefik_ip }}/24
+        # TODO: Consider removing traefik network, it shouldn't be needed with host networking
+        - subnet: {{ traefik_subnet }}/24
        - subnet: {{ docker_ipv6_subnet | ansible.utils.ipsubnet(80, 255) }}

 services:
--- a/roles/alpina/tasks/deploy_compose_stack.yml
+++ b/roles/alpina/tasks/deploy_compose_stack.yml
@ -29,7 +29,7 @@
  when: item.state == "file"

 - name: Deploy docker-compose for {{ current_stack_name }}
-  command: docker compose -f "{{ current_stack_dest }}/docker-compose.yml" up -d --pull --remove-orphans
+  command: docker compose -f "{{ current_stack_dest }}/docker-compose.yml" up -d --pull always --remove-orphans
  register: docker_compose_output
  # Not perfect idempotency, but the built-in docker_compose module doesn't support docker-compose v2
  # And of course there's an IPv6 bug in docker-compose v1, smh
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -1,12 +1,3 @@
- name: Configure cadvisor
-  become: yes
-  template:
-    src: default/cadvisor.j2
-    dest: /etc/default/cadvisor
-    owner: root
-    group: root
-    mode: 0644
-
 - name: Install Debian packages
  become: yes
  ansible.builtin.apt:
@ -14,8 +5,6 @@
     - docker-ce
     - docker-compose-plugin
     - firewalld
-     - prometheus-node-exporter
-     - cadvisor
    state: latest

 - name: Upgrade Debian packages
@ -28,6 +17,13 @@
    state: latest
  register: apt_upgrades

+- name: Ensure firewalld is running
+  become: yes
+  service:
+    name: firewalld
+    state: started
+    enabled: yes
+
 - name: Allow SSH
  become: yes
  firewalld:
@ -68,12 +64,6 @@
    state: enabled
    immediate: yes

- name: Enable Firewall
-  become: yes
-  firewalld:
-    state: enabled
-    immediate: yes
-
 - name: Reboot if needed
  become: yes
  ansible.builtin.reboot:
--- a/roles/common/templates/default/cadvisor.j2
+++ b/roles/common/templates/default/cadvisor.j2
@ -1,47 +0,0 @@
-# config options for cadvisor(1)
-#
-
-# Docker endpoint to connect to
-# Default: unix:///var/run/docker.sock
-CADVISOR_DOCKER_ENDPOINT="unix:///var/run/docker.sock"
-
-# Port to listen on
-# Default: 8080
-CADVISOR_PORT="9110"
-
-# Storage driver
-# Default: none/blank
-#
-# Available Options:
-#  - <empty>
-#  - bigquery
-#  - elasticsearch
-#  - kafka
-#  - redis
-#  - statsd
-#  - stdout
-CADVISOR_STORAGE_DRIVER=""
-
-# Storage driver host
-# Default: localhost:8086"
-CADVISOR_STORAGE_DRIVER_HOST="localhost:8086"
-
-# Storage driver password
-# Default: root
-CADVISOR_STORAGE_DRIVER_PASSWORD="root"
-
-# Storage driver secure connection
-# Default: false
-CADVISOR_STORAGE_DRIVER_SECURE="false"
-
-# Storage driver user
-# Default: root
-CADVISOR_STORAGE_DRIVER_USER="root"
-
-# Log to stderr ("true" logs to journal on systemd
-# and "false" to "/var/log/cadvisor.log" on SysV)
-# Default: true
-CADVISOR_LOG_TO_STDERR="true"
-
-# Other options:
-#DAEMON_ARGS=""