jack/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/roles/services/tasks/configs.yml
jack fde51352d7 feat: migrate monitoring to tools server, fix Outline S3 uploads 
Monitoring stack (Prometheus, AlertManager, Grafana, Loki, Uptime Kuma)
moved from main to tools server. Prometheus now scrapes main exporters
over network (ip_main:9100/8080). Promtail pushes logs to ip_tools:3100.
Traefik routes for dash/status.walava.io updated to ip_tools. discord-bot
PROMETHEUS_URL updated to http://ip_tools:9090.

Outline S3 fix: remove AWS_S3_ACL=private (Timeweb doesn't support
per-object ACLs — caused upload failures). Add CORS configuration task
for browser-side presigned uploads.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-27 04:10:28 +07:00

104 lines
3 KiB
YAML
Raw Blame History

---
- name: Deploy .env file
ansible.builtin.template:
src: env.j2
dest: "{{ services_root }}/.env"
owner: "{{ deploy_user }}"
group: "{{ deploy_group }}"
mode: "0600"
notify: Restart stack
- name: Deploy Outline .env file
ansible.builtin.template:
src: env.outline.j2
dest: "{{ services_root }}/.env.outline"
owner: "{{ deploy_user }}"
group: "{{ deploy_group }}"
mode: "0600"
notify: Restart stack
- name: Deploy docker-compose.yml
ansible.builtin.template:
src: docker-compose.yml.j2
dest: "{{ services_root }}/docker-compose.yml"
owner: "{{ deploy_user }}"
group: "{{ deploy_group }}"
mode: "0644"
notify: Restart stack
- name: Deploy Traefik static config
ansible.builtin.template:
src: traefik/traefik.yml.j2
dest: "{{ services_root }}/traefik/traefik.yml"
owner: "{{ deploy_user }}"
group: "{{ deploy_group }}"
mode: "0644"
notify: Restart stack
- name: Deploy Traefik dynamic routes
ansible.builtin.template:
src: traefik/dynamic/routes.yml.j2
dest: "{{ services_root }}/traefik/dynamic/routes.yml"
owner: "{{ deploy_user }}"
group: "{{ deploy_group }}"
mode: "0644"
notify: Restart stack
- name: Deploy act_runner config
ansible.builtin.template:
src: act_runner_config.yaml.j2
dest: "{{ services_root }}/act_runner/config.yaml"
owner: "{{ deploy_user }}"
group: "{{ deploy_group }}"
mode: "0644"
notify: Restart stack
- name: Configure CORS on walava-outline S3 bucket (required for browser uploads)
ansible.builtin.shell: |
docker run --rm \
-e AWS_ACCESS_KEY_ID={{ s3_access_key }} \
-e AWS_SECRET_ACCESS_KEY={{ s3_secret_key }} \
-e AWS_DEFAULT_REGION=ru-1 \
amazon/aws-cli:latest \
--endpoint-url https://s3.timeweb.cloud \
s3api put-bucket-cors \
--bucket walava-outline \
--cors-configuration '{"CORSRules":[{"AllowedOrigins":["https://{{ domain_wiki }}"],"AllowedMethods":["GET","PUT","POST","DELETE","HEAD"],"AllowedHeaders":["*"],"ExposeHeaders":["ETag"],"MaxAgeSeconds":3000}]}'
changed_when: false
ignore_errors: true
- name: Deploy Promtail config
ansible.builtin.template:
src: loki/promtail.yml.j2
dest: "{{ services_root }}/loki/promtail.yml"
owner: "{{ deploy_user }}"
group: "{{ deploy_group }}"
mode: "0644"
notify: Restart stack
- name: Deploy CrowdSec acquisition config
ansible.builtin.template:
src: crowdsec/acquis.yaml.j2
dest: "{{ services_root }}/crowdsec/acquis.yaml"
owner: "{{ deploy_user }}"
group: "{{ deploy_group }}"
mode: "0644"
notify: Restart stack
- name: Deploy Traefik logrotate config
ansible.builtin.template:
src: logrotate/traefik.j2
dest: /etc/logrotate.d/traefik
owner: root
group: root
mode: "0644"
- name: Create acme.json for Let's Encrypt certificates
ansible.builtin.file:
path: "{{ services_root }}/traefik/acme.json"
state: touch
owner: "{{ deploy_user }}"
group: "{{ deploy_group }}"
mode: "0600"
modification_time: preserve
access_time: preserve
Reference in a new issue View git blame Copy permalink