feat: add tools role (Outline wiki) + 3-server architecture

Services: - Outline wiki at wiki.csrx.ru → visual-tools:3000 - Outline uses Timeweb S3 (visual-outline bucket) for files Structure: - roles/tools/ — docker-compose + env templates for tools server - playbooks/tools.yml — deploys base+docker+tools to visual-tools Config changes: - domain_dashboard: dashboard → dash.csrx.ru - domain_wiki: wiki.csrx.ru (new) - domain_mon: mon.csrx.ru (new, for Grafana) - ip_main/tools/mon vars for cross-server Traefik routing - outline_* secrets added to vault + main.yml aliases Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-22 05:36:04 +07:00 · 2026-03-22 05:36:04 +07:00 · 05bcbab858
commit 05bcbab858
parent 85a5857a5f
7 changed files with 282 additions and 86 deletions
--- a/inventory/group_vars/all/main.yml
+++ b/inventory/group_vars/all/main.yml
@ -8,9 +8,11 @@ domain_git:      "git.{{ domain_base }}"
 domain_plane:    "plane.{{ domain_base }}"
 domain_sync:     "sync.{{ domain_base }}"
 domain_traefik:    "traefik.{{ domain_base }}"
-domain_dashboard:  "dashboard.{{ domain_base }}"
+domain_dashboard:  "dash.{{ domain_base }}"
 domain_auth:       "auth.{{ domain_base }}"
 domain_status:     "status.{{ domain_base }}"
 domain_wiki:       "wiki.{{ domain_base }}"
 domain_mon:        "mon.{{ domain_base }}"
 # Service paths
 services_root: /opt/services
@ -39,6 +41,13 @@ s3_access_key:                    "{{ vault_s3_access_key }}"
 s3_secret_key:                    "{{ vault_s3_secret_key }}"
 cloudflare_dns_api_token:         "{{ vault_cloudflare_dns_api_token }}"
 cloudflare_zone_id:               "0935215d596a24a10866a81409ed8332"
 outline_secret_key:               "{{ vault_outline_secret_key }}"
 outline_utils_secret:             "{{ vault_outline_utils_secret }}"
 outline_db_password:              "{{ vault_outline_db_password }}"
 # Server IPs (used for cross-server Traefik routing)
 ip_main:  "87.249.49.32"
 ip_tools: "85.193.83.9"
 ip_mon:   "188.225.79.34"
 # CI/CD deploy key (public key — not a secret)
 ci_deploy_pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHdr9mRSSUqt7Ym4wA5RpVyz76wEXSOtVfh2/yCSMIbg ci-deploy@forgejo-runner"
--- a/inventory/group_vars/all/vault.yml
+++ b/inventory/group_vars/all/vault.yml
@ -1,86 +1,97 @@
 $ANSIBLE_VAULT;1.1;AES256
-36336237313133376536613238666161303538323761613032376338396133373936393430353335
+63363435626336383432346332393565356632663561623435303461623337623538383765336663
-3565366234643663626665363530636165326438373339360a643734316461323633393034623065
+6532306464653361333766353164343936323530366234380a373733323161353231656235353463
-32336433303133623334313964623661646433326331653463353837373063373466306234333063
+61646565346263633836313962363933663862373435376364366265303736626339386233396537
-6337656163363263330a356565643137346632363635386639366537343833373530366432646135
+3365323338333736330a636535356635333235393436666535633562313938353831666335366630
-30343134346135303065373265353763323931333464326636656261633734643330366331353765
+30613031613237343565643637333664663536353762626666663862633032633938626632613039
-33626334373364663761356530303037333531643235373737343539653832346464663462383765
+61346133343665383762303365623731303363396533643434633539636532306130366435653834
-39326533376239623834323930383965613735393564666236313733623663653166366466333165
+31646363353833633261666138323836316335373538646161376363653764636335373765336432
-39383131386238323966363564636130346230333637373739303636656563623136663361323535
+31633438306266326638643534313665313830326334663431383461306161336165613133383832
-65646137653333303137656461303235353836663634633266356533623835646533343133373465
+33663463646131363938366132343535663732666461353631626161623562666530663536306662
-30653334626336313663376230623833633736373731633233363365633863313333326431373662
+37323063316133373732303435383563333736316661343266343231383731306666626335626438
-31393437393261323136643735306532386361626436383439616663393166643832623461666536
+64363133666230653136363237376631653038623836366238346461383761356232376433386165
-30303637383137393363663066313365386331623632386430303630346363643561363762303761
+37323733663036326534386137343766353464343938393737346534333764333539636139653639
-34653534323664346639653334343632623135366132623166343032386665333162393036643763
+62353539326463303366396231656135643634393730633863343133363162616665366630316663
-34396139306263336135373935366635396265636333666333313031343665386463316365383861
+64353239326138323661343939633938633030366364393431366230626463656464653633633464
-30636561366131316362646132653831346562353335326535666336633733333462383931653961
+35346439343031373832333262373830376237306661623636633439353537333833623638396330
-34333064626536376263646466646463653462373537356366343864643736386431346465326564
+36633437333562323330386230616136336466396239663430643738623637656236316638313062
-65666263376636616365346562313034613363393337646234623064663032666563323634383430
+35666166373965616661386339323865326664623836383138353664666538643433346565623138
-30396133643063353437373863636639306163326439313565373738393034623130383862336565
+33613233393833623832343763623634343332353261353865356530366362333962623538393838
-63373430363662656238303631303765373362353635626462386434656666306531633736633237
+32663934653565393961303566313536643661313862326632633830363235393064363037333162
-35363035643739336331303034326533373538333463653330633434353732313564643838393038
+38323237633066343536653161343761373763383861616531373935326335306130386637313664
-39643132373735346237393664623837383361663033363661306531303939663132343663376463
+66393062623433333364373863393665393838633863656430643833316331623363653539663839
-64343065383736613238663066383731333833316531383063613736303731656533363961306235
+32356564616665363961396132623033303337363035323838343133633861396334313564346564
-35333130613861396563626130663332346661303131633761353562303531616238646363393631
+37353231656464306233393935396562366261336161356263323463346634366438366235356466
-37356438636435373733373761346337626533376436636533656465346566363762636438353838
+36333464336666383739663765636130663332383635346361386435616561356235313061343133
-33623239653332653836363461626239633064353261656461643937353866326664393762366261
+33623335656566613466303832623963613861656361316235353562653365626666366230393639
-34303464346434323464313636663165636133356664316136366235306363646661316263306334
+64356265656432363635666238363235303965663266633833613063623832356262623638653265
-63353866633539653336363364333831326663316565396331626635333333323364633035383833
+64303530636662626137356130643033666362663663323165363632353031373866393233373365
-33376462646637616666343832396664613666626334613461636636383438323064333561306666
+32363432613035643266323631326535366232356132303664633739373536356338353032633564
-32646539663539343839633235333736313530666631613639646637643434623461343531636662
+39656131663532393165303536613134333261333931643738336133323866383830633430376665
-35386664333332326538313437623636383065373032386631653465623136633332323566396266
+31383266343838643332373664383835323264623034636434336263383964646334613633353437
-62313435636562636439333264393530666662373363623039373432383133636365343135633533
+30393962633232333133653234656163326633643634353937653431623737363161643732613130
-32646366323665376466613332313836613761616538626136613735333436653366613737343561
+61376665373466663434616166303866366565366166323436353564326363373665316331303432
-61326635656634616536336136663739356238343437336166373636633239613939303531326130
+32633038386665623465393633373735333864646439613139626630383637363763383364383831
-38636566323936636338313961393435316635373164356538316162643935396562303334643230
+61636231383434373330383530613138663832316437373731313065333136666264386532373639
-34656436626166343633636335343663353336376263353737653966396564356530643439666436
+33366162656634643637343637336233646638373834376564653664633536353963323238646264
-61663630366534363139393934346661393064323662383263633166333963643765303934326665
+61353065663161323937383238616661656239363963333166323032323732326336343437313564
-35393762633231306365653638333531363638333638666334653230646265333064336262613033
+32633639616236356633393237363165333965373266343736633437363534306239313430353236
-37306337303561336536633861646133303738366163626234643066626166653065333134653534
+34363166383866336262623661386132333031366435646230393465363931623039363736633533
-62663830646138306436646535356462643638393935383264346661363765633066633737643131
+39333235666531333936636163393863333862623437333362363935633937383164633463616163
-31376633303162653032356137663465393736313237343532373861636665663933623931326531
+61393930306139633434633330623334393633363736666664303433666536316632323564383438
-63303636303033313431363136613238613136343030393735316263343966323761646434663030
+66316338663866303061323236363061636339623130363639326266356531353366626336303164
-63363239333565316430666635336635346465613433616536353832346637313530656563633839
+39633861653262313165306562653939353637323133663566663164303638663033656636396636
-38366431313566333364663734343561316534636666613764376532336435316162653031306130
+66323232313839376136656632306335313231376466373238346131383062643337376238336232
-64336637643064346432353138666361343865333462333038323965373266366365383062366234
+66333764646162383466613935303434626435316131383130323431653961326634366437313030
-63666266393939316634373039303632303363313932666661326235386434626330656561306133
+31316238346566663037616263333834336335616537373935336165323564386166653232373534
-37323836353433373465666336346430326566613663346261383533303735313033373761343137
+64313634616332333231313962356236313236393336653334626630343263373863373266613864
-61656634653434303462396362376337323036363661653266353262306135396430383030373734
+35396662656563396633313563626661306262383461326435346536666661343562336334313535
-37663464656532643466353437313061656636336666663330373565323062343430646634633034
+36303433646466333132646535303933343237636131336665396661393039363861393236656133
-38646465326366663834363331656433306132623635663930313862366639646236386361613563
+62313539663663343263656564356438336431653565623766613033306664633638393739326461
-38636264393937303066643263656266646161323265663264333936623035333131666636643133
+32633636663764393662373836313738653632653730386133396162633138643663313565343533
-65363166336162636433653565373837646133633332383635353835656633323261653964613437
+34323066303663653732363333343532636434356430393532666134396263373638313533346161
-63616662656530316635323135353135636337356235386663396631326132343264313434666138
+31373935316662366565326139303766383161396638366436356537626336396466626339343536
-30633463643537313934326530326165623539373561306361353165616338653537633366306433
+37396562656339646365653336396636376163653536666463616365626136326530313634333031
-30623332306639626463383566613030363932623666316434383165613238633737336339356337
+35393237656664343133353134383762623330336266376461313731646436346530376133656532
-30373762613730313064363838633338343231313132396239363838303239316337616430363837
+61323931653136663265306531343930316561353034613264623166333664363136643132626163
-37643334326639653531666338653037613038613030633639323435663737663739393338346536
+66333663356562643132303034643735346166326335613637303735626162633261623734313531
-39663136343031306435346665656161353934643731353435306134336632346264623934626163
+38636531643637356635346435303763613034313065306466306261363939616136633562316231
-36656462356563373666656365633164366664623033383138353533656466643537353631656562
+62633239653931623562353936656361663934303464656665366333323062666264336436383834
-65303939313430313730393265326338303631303261623861613765653635663430363530313161
+37353537333364626336353733303766636463313536313331343639636366393966336361373039
-62356464383139363561376233393234303763633331343862396234343263343831393532346339
+62333431366536353236623161633833656664666334313833346433343565613336303538623366
-33326437386162313038333465626235666363303436666362356362643563363164366432396665
+37613930316135363331656635326330653239636336626334353337353665656331356364333734
-62643165376661336361326230356666333033623465656132353435303566363466303861626361
+37376534623739313838383664613639356535353731626164623465666330386136373262663664
-66323134303965646231366131393131666463313062343534663834626432376636633165663533
+39626362623936616563333234343062386466323738316236313630313566643739323131376339
-62386630646331303965663639333233373662353338363133616334646434356533333839663861
+38346365336264613032373966636561626238633735663266376665316161636166363366656563
-63356565383839306632643261666633656332303131333962376634646533383535363538383939
+61396662666463376434633733333265333534656466623932353836616561616536353334653236
-35356262313838386335383161316234306234376432303636353365626337366166363661356230
+35313465393438313835373563323538613961303231616435393131373737333738376637663763
-62623539633836323763363036313365363435303738336634396463633830363737653763373931
+31373230326265386636383065343536393363326539383437313264313463633462353964633764
-62306437653664336433376538396137323238613763616261316233343037316238633034396161
+30306436643039623230626237323535306538363831373063373861663139646661636132383263
-66373663373433353165366535323564663261323762383331353736343065373863633134383636
+63353834663530656564386435376237356332303438343332316434636339363037616264356464
-66316665636332336133363932653333323864323636326137303863636439396564646662633632
+66616630343734346533393563393337613537376636396632343930396130643937316139653034
-30373264306261626530653531356163666438373961653830623361333332383139663939343366
+38653463343065363231626365633330313463633535353431623938646534303161346238346536
-63306331393162366463393665653535396133396163646137616262613865653433326533643263
+30353032333834383735376163396537646132623635346138386132656561333437313161326336
-37316431666561333066393138376534323764383663653732393832383165333863656161366536
+36393564323430623030313736646131313864346566343937613561303964333161616566633764
-35633966326166616161303865333966613764366336663836356633386165643761346632393666
+66623333366634306563303566383930663965666133353865646438303961313635306535366635
-39623066643135353763643233663235353864353266346433313137633562626366653234643439
+31663339343564343266303961616439613039616263303931663234666537326638353038613331
-37373632313261623431323534666439386631613833633732666233333039383261653835663635
+36396633646137353132333362323634613062353237616666333835396330633863306233333565
-39343330383239363938346432373932633330363161623433343433666632643164383130636361
+38343634666536326361316531643231356539323834346139363139613561306330363438623561
-65633132646536356563653162336339623533626263313733613032633536333364636636303563
+39633432653930373731313739353637636537623536306135313733386639363566363463333132
-36643261373764393830626534323462663635646534376365366665653531633563663364336637
+31636261333435663966653066336362653232626635663663326434386437333732383530373132
-37303039316235386664366230643738633963346434343937636437373361373035333964303865
+62323063656131396534633335363537393431373935366233643932666331653662373762323966
-36666532656430653761373138356561646466663735316233363362306161396264636231653364
+34323131613861613936623230316162653434646565643432386161646231356432613837646634
-33373766326636393631333231643465396433666233303832316365306438333037323261643437
+66643561353034393435306239333032356535373238636534343666383432653866306566326661
-61636235666232623931653436303332363832613734333235303036396335323433623836663035
+37356432363561646564613362353537636132316363323735613332353334316330373732366230
-33306362666164646639626435316232386261383134363438343062633832393338316562306462
+38643339386164356666363565623333376136626533363630333562613331323937623939363238
-6366
+34663030323665333034656332313663336336373937316564313966313034366163616337613133
 39323338626137373930626436383433366233393136653862636539306333356538303235346633
 32656134333333623766323232616633616636306138653666663661333561303966343764623139
 66333164616536326461396632353665633731393263313037386464623430386130353039353264
 31343333613530343634363132346332646331653635333665323033396437656536646431663862
 37376363653165346433633038396132656339373438646536326534663434366361326637663466
 34666565623730323334346330396166626462386637613538303065333036623366333036633739
 37383066306462303334333063653161386330373661626162373836353834653966613938666237
 61353565363533376666316234333933383437393730633235306362373133323532653337626534
 30363434333463616637386131663962396130353133353266326332343631356337626635353532
 66393031363238333735633563343231366562653162346637303833386138313037643862663362
 37346636663033663361
--- a/playbooks/tools.yml
+++ b/playbooks/tools.yml
@ -0,0 +1,14 @@
 ---
 # Deploy tools stack (Outline wiki) on visual-tools server
 # ansible-playbook playbooks/tools.yml
 - name: Deploy tools stack
  hosts: tools
  become: true
  roles:
    - role: base
      tags: base
    - role: docker
      tags: docker
    - role: tools
      tags: tools
--- a/roles/tools/defaults/main.yml
+++ b/roles/tools/defaults/main.yml
@ -0,0 +1,5 @@
 ---
 tools_root: /opt/tools
 outline_image: "outlinewiki/outline:0.80.2"
 outline_db_image: "postgres:15-alpine"
 outline_redis_image: "redis:7-alpine"
--- a/roles/tools/tasks/main.yml
+++ b/roles/tools/tasks/main.yml
@ -0,0 +1,39 @@
 ---
 - name: Create tools root directory
  ansible.builtin.file:
    path: "{{ tools_root }}"
    state: directory
    owner: "{{ deploy_user }}"
    group: "{{ deploy_group }}"
    mode: "0750"
 - name: Deploy docker-compose.yml
  ansible.builtin.template:
    src: docker-compose.yml.j2
    dest: "{{ tools_root }}/docker-compose.yml"
    owner: "{{ deploy_user }}"
    group: "{{ deploy_group }}"
    mode: "0640"
 - name: Deploy .env
  ansible.builtin.template:
    src: env.j2
    dest: "{{ tools_root }}/.env"
    owner: "{{ deploy_user }}"
    group: "{{ deploy_group }}"
    mode: "0600"
 - name: Pull images
  community.docker.docker_image:
    name: "{{ item }}"
    source: pull
  loop:
    - "{{ outline_image }}"
    - "{{ outline_db_image }}"
    - "{{ outline_redis_image }}"
 - name: Start tools stack
  community.docker.docker_compose_v2:
    project_src: "{{ tools_root }}"
    state: present
    pull: missing
--- a/roles/tools/templates/docker-compose.yml.j2
+++ b/roles/tools/templates/docker-compose.yml.j2
@ -0,0 +1,82 @@
 # Tools stack — generated by Ansible
 # Do not edit manually; re-run ansible-playbook playbooks/tools.yml
 networks:
  outline-internal:
    driver: bridge
    internal: true
 volumes:
  outline_db_data:
  outline_redis_data:
 services:
  # ── Outline wiki ────────────────────────────────────────────────────────────
  outline:
    image: {{ outline_image }}
    container_name: outline
    restart: unless-stopped
    env_file: .env
    networks:
      - outline-internal
    ports:
      # Exposed only to main Traefik (access controlled by UFW)
      - "{{ ip_tools }}:3000:3000"
    depends_on:
      outline-db:
        condition: service_healthy
      outline-redis:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "wget", "-qO-", "http://localhost:3000/_health"]
      interval: 30s
      timeout: 5s
      retries: 3
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
  outline-db:
    image: {{ outline_db_image }}
    container_name: outline-db
    restart: unless-stopped
    environment:
      POSTGRES_DB: outline
      POSTGRES_USER: outline
      POSTGRES_PASSWORD: ${OUTLINE_DB_PASSWORD}
    networks:
      - outline-internal
    volumes:
      - outline_db_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U outline"]
      interval: 10s
      timeout: 5s
      retries: 5
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
  outline-redis:
    image: {{ outline_redis_image }}
    container_name: outline-redis
    restart: unless-stopped
    networks:
      - outline-internal
    volumes:
      - outline_redis_data:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
--- a/roles/tools/templates/env.j2
+++ b/roles/tools/templates/env.j2
@ -0,0 +1,36 @@
 # Outline env — generated by Ansible
 NODE_ENV=production
 SECRET_KEY={{ outline_secret_key }}
 UTILS_SECRET={{ outline_utils_secret }}
 # Database
 DATABASE_URL=postgres://outline:{{ outline_db_password }}@outline-db:5432/outline
 PGSSLMODE=disable
 # Redis
 REDIS_URL=redis://outline-redis:6379
 # App URL
 URL=https://{{ domain_wiki }}
 PORT=3000
 # S3 file storage (Timeweb Object Storage)
 AWS_ACCESS_KEY_ID={{ s3_access_key }}
 AWS_SECRET_ACCESS_KEY={{ s3_secret_key }}
 AWS_REGION=ru-1
 AWS_S3_UPLOAD_BUCKET_NAME=visual-outline
 AWS_S3_UPLOAD_BUCKET_URL=https://s3.timeweb.cloud
 AWS_S3_FORCE_PATH_STYLE=true
 AWS_S3_ACL=private
 FILE_STORAGE=s3
 # Auth — local accounts (can add OIDC/Authelia later)
 AUTH_PROVIDERS=email
 # Outline DB password (used in docker-compose)
 OUTLINE_DB_PASSWORD={{ outline_db_password }}
 # Optional
 DEFAULT_LANGUAGE=ru_RU
 RATE_LIMITER_ENABLED=true
 ENABLE_UPDATES=false