Ansible private key fix (hopefully).

Removing Grafana stack; adding Jinja templates for Vector and Gitea Runner.
2025-02-15 20:58:42 -05:00 · 2025-02-15 19:49:26 -05:00
4 changed files with 137 additions and 261 deletions
@@ -74,7 +74,7 @@ jobs:
        with:
          directory: ansible/
          playbook: docker_config_deploy.yml
-          key: ${{secrets.RINOA_GITEA_PRIVATE_SSH_KEY}}
+          key: ${{secrets.RINOA_ANSIBLE_PRIVATE_SSH_KEY}}
          options: |
            --inventory inventory/hosts.yml
            --check
@@ -0,0 +1,101 @@
+# Example configuration file, it's safe to copy this as the default config file without any modification.
+
+# You don't have to copy this file to your instance,
+# just run `./act_runner generate-config > config.yaml` to generate a config file.
+
+log:
+  # The level of logging, can be trace, debug, info, warn, error, fatal
+  level: info
+
+runner:
+  # Where to store the registration result.
+  file: .runner
+  # Execute how many tasks concurrently at the same time.
+  capacity: 2
+  # Extra environment variables to run jobs.
+  envs:
+    A_TEST_ENV_NAME_1: a_test_env_value_1
+    A_TEST_ENV_NAME_2: a_test_env_value_2
+  # Extra environment variables to run jobs from a file.
+  # It will be ignored if it's empty or the file doesn't exist.
+  env_file: .env
+  # The timeout for a job to be finished.
+  # Please note that the Gitea instance also has a timeout (3h by default) for the job.
+  # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
+  timeout: 3h
+  # The timeout for the runner to wait for running jobs to finish when shutting down.
+  # Any running jobs that haven't finished after this timeout will be cancelled.
+  shutdown_timeout: 0s
+  # Whether skip verifying the TLS certificate of the Gitea instance.
+  insecure: false
+  # The timeout for fetching the job from the Gitea instance.
+  fetch_timeout: 5s
+  # The interval for fetching the job from the Gitea instance.
+  fetch_interval: 2s
+  # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
+  # Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+  # Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
+  # If it's empty when registering, it will ask for inputting labels.
+  # If it's empty when execute `daemon`, will use labels in `.runner` file.
+  labels:
+    - "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+    - "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
+    - "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
+
+cache:
+  # Enable cache server to use actions/cache.
+  enabled: true
+  # The directory to store the cache data.
+  # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
+  dir: ""
+  # The host of the cache server.
+  # It's not for the address to listen, but the address to connect from job containers.
+  # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
+  host: "192.168.1.254"
+  # The port of the cache server.
+  # 0 means to use a random available port.
+  port: 63604
+  # The external cache server URL. Valid only when enable is true.
+  # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
+  # The URL should generally end with "/".
+  external_server: ""
+
+container:
+  # Specifies the network to which the container will connect.
+  # Could be host, bridge or the name of a custom network.
+  # If it's empty, act_runner will create a network automatically.
+  network: "compose_default"
+  # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
+  privileged: false
+  # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
+  options:
+  # The parent directory of a job's working directory.
+  # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. 
+  # If the path starts with '/', the '/' will be trimmed.
+  # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
+  # If it's empty, /workspace will be used.
+  workdir_parent:
+  # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
+  # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
+  # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
+  # valid_volumes:
+  #   - data
+  #   - /src/*.json
+  # If you want to allow any volume, please use the following configuration:
+  # valid_volumes:
+  #   - '**'
+  valid_volumes: []
+  # overrides the docker client host with the specified one.
+  # If it's empty, act_runner will find an available docker host automatically.
+  # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
+  # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
+  docker_host: ""
+  # Pull docker image(s) even if already present
+  force_pull: false
+  # Rebuild docker image(s) even if already present
+  force_rebuild: false
+
+host:
+  # The parent directory of a job's working directory.
+  # If it's empty, $HOME/.cache/act/ will be used.
+  workdir_parent:
@@ -0,0 +1,32 @@
+  sources:
+    rinoa_docker_logs:
+      type: docker_logs
+      exclude_containers:
+        - zammad-init
+        - vector
+
+  sinks:
+    parseable:
+      type: http
+      method: post
+      batch:
+        max_bytes: 10485760
+        max_events: 1000
+        timeout_secs: 10
+      compression: gzip
+      inputs:
+        - rinoa_docker_logs
+      encoding:
+        codec: json
+      uri: http://parseable:8000/api/v1/ingest'
+      auth:
+        strategy: basic
+        user: admin
+        password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['PARSEABLE_PASSWORD'] }}
+      request:
+        headers:
+          X-P-Stream: vectordemo
+      healthcheck:
+        enabled: true
+        path: 'http://parseable:8000/api/v1/liveness'
+        port: 80
@@ -1469,266 +1469,6 @@ services:
        type: bind
        bind:
          create_host_path: true
-#  grafana:
-#    container_name: grafana
-#    depends_on:
-#      grafana-alloy:
-#        condition: service_started
-#        required: true
-#    environment:
-#      GF_INSTALL_PLUGINS: grafana-piechart-panel
-#      TZ: America/New_York
-#    hostname: Rinoa
-#    image: grafana/grafana-enterprise:latest
-#    labels:
-#      homepage.group: Infrastructure/App Performance Monitoring
-#      homepage.name: Grafana (LGTM)
-#      homepage.href: https://mon.${MY_TLD}
-#      homepage.description: Monitoring Dashboard for metrics, logs, traces, & profiles
-#      homepage.icon: grafana.png
-#      homepage.widget.type: grafana
-#      homepage.widget.url: http://grafana:3000
-#      homepage.widget.username: admin
-#      homepage.widget.password: ${GRAFANA_ADMIN_PASSWORD}
-#      swag: enable
-#      swag_proto: http
-#      swag_url: mon.${MY_TLD}
-#      swag.uptime-kuma.enabled: true
-#      swag.uptime-kuma.monitor.url: https://mon.${MY_TLD}
-#    networks:
-#      default: null
-#    ports:
-#      - mode: ingress
-#        protocol: tcp
-#        published: "3006"
-#        target: 3000
-#    restart: unless-stopped
-#    user: 1000:1000
-#    volumes:
-#      - bind:
-#          create_host_path: true
-#        read_only: true
-#        source: /etc/localtime
-#        target: /etc/localtime
-#        type: bind
-#      - source: ${DOCKER_VOLUME_CONFIG}/grafana/data
-#        target: /var/lib/grafana
-#        type: bind
-#        bind:
-#          create_host_path: true
-#      - bind:
-#          create_host_path: true
-#        source: /rinoa-storage
-#        target: /storage
-#        type: bind
-#  grafana-alloy:
-#    cap_add:
-#      - SYS_ADMIN
-#      - SYS_TIME
-#      - BPF
-#      - SYSLOG
-#    command: run --disable-reporting=true --stability.level=public-preview --server.http.listen-addr=0.0.0.0:12345 /etc/alloy/config.alloy
-#    container_name: grafana-alloy
-#    environment:
-#      DOCKER_HOST: tcp://dockerproxy:2375
-#    image: grafana/alloy:latest
-#    labels:
-#      homepage.group: Infrastructure/App Performance Monitoring
-#      homepage.name: Grafana Alloy
-#      homepage.description: Agent for metric/log/trace/profile collection and writing
-#      homepage.href: http://192.168.1.254:12345
-#      homepage.icon: sh-grafana-alloy.svg
-#    networks:
-#      default: null
-#    ports:
-#      - mode: ingress
-#        protocol: tcp
-#        published: "12345"
-#        target: 12345
-#    privileged: true
-#    restart: always
-#    volumes:
-#      - source: ${DOCKER_VOLUME_CONFIG}/grafana/alloy/config.alloy
-#        target: /etc/alloy/config.alloy
-#        type: bind
-#        bind:
-#          create_host_path: true
-#      - source: ${DOCKER_VOLUME_CONFIG}/grafana/alloy/endpoints.json
-#        target: /etc/alloy/endpoints.json
-#        type: bind
-#        bind:
-#          create_host_path: true
-#      - bind:
-#          create_host_path: true
-#        read_only: true
-#        source: /proc
-#        target: /host/proc
-#        type: bind
-#      - bind:
-#          create_host_path: true
-#        read_only: true
-#        source: /sys
-#        target: /host/sys
-#        type: bind
-#      - bind:
-#          create_host_path: true
-#        read_only: true
-#        source: /
-#        target: /rootfs
-#        type: bind
-#  grafana-loki:
-#    command: -config.file=/etc/loki/loki-config.yaml
-#    container_name: grafana-loki
-#    depends_on:
-#      grafana-alloy:
-#        condition: service_started
-#        required: true
-#    image: grafana/loki:latest
-#    networks:
-#      default: null
-#    ports:
-#      - mode: ingress
-#        protocol: tcp
-#        published: "3100"
-#        target: 3100
-#    restart: unless-stopped
-#    volumes:
-#      - source: ${DOCKER_VOLUME_CONFIG}/grafana/loki/loki-config.yaml
-#        target: /etc/loki/loki-config.yaml
-#        type: bind
-#        bind:
-#          create_host_path: true
-#  grafana-mimir:
-#    command:
-#      - -ingester.native-histograms-ingestion-enabled=true
-#      - -config.file=/etc/mimir.yaml
-#    container_name: grafana-mimir
-#    depends_on:
-#      grafana-alloy:
-#        condition: service_started
-#        required: true
-#    image: grafana/mimir:latest
-#    labels:
-#      homepage.group: Infrastructure/App Performance Monitoring
-#      homepage.name: Grafana Mimir
-#      homepage.href: http://192.168.1.254:9009
-#      homepage.description: Long-term metrics storage
-#      homepage.icon: /icons/grafana-mimir.png
-#    networks:
-#      default: null
-#    ports:
-#      - mode: ingress
-#        protocol: tcp
-#        published: "9009"
-#        target: 9009
-#    restart: unless-stopped
-#    volumes:
-#      - source: grafana-mimir-data
-#        target: /data
-#        type: volume
-#        volume: {}
-#      - source: ${DOCKER_VOLUME_CONFIG}/grafana/mimir/mimir.yaml
-#        target: /etc/mimir.yaml
-#        type: bind
-#        bind:
-#          create_host_path: true
-#  grafana-mimir-memcached:
-#    container_name: grafana-mimir-memcached
-#    depends_on:
-#      grafana-alloy:
-#        condition: service_started
-#        required: true
-#    environment:
-#      MEMCACHED_MEMORY_LIMIT: 1g
-#      MEMCACHED_THREADS: 4
-#      MEMCACHED_MAX_CONNECTIONS: 2048
-#      MEMCACHED_TCP_PORT: 11211
-#      MEMCACHED_UDP_PORT: 11211
-#    image: memcached
-#    networks:
-#      default: null
-#    ports:
-#      - mode: ingress
-#        protocol: tcp
-#        published: "11211"
-#        target: 11211
-#    restart: unless-stopped
-#  grafana-pyroscope:
-#    command:
-#      - -config.file=/etc/pyroscope.yml
-#    container_name: grafana-pyroscope
-#    depends_on:
-#      grafana-alloy:
-#        condition: service_started
-#        required: true
-#    image: grafana/pyroscope:latest
-#    labels:
-#      homepage.group: Infrastructure/App Performance Monitoring
-#      homepage.name: Grafana Pyroscope
-#      homepage.description: Profiling for applications
-#      homepage.href: http://192.168.1.254:4040
-#      homepage.icon: /icons/grafana-pyroscope.svg
-#    networks:
-#      default: null
-#    ports:
-#      - mode: ingress
-#        protocol: tcp
-#        published: "4040"
-#        target: 4040
-#    restart: unless-stopped
-#    volumes:
-#      - source: ${DOCKER_VOLUME_CONFIG}/grafana/pyroscope/config.yaml
-#        target: /etc/pyroscope.yml
-#        type: bind
-#        bind:
-#          create_host_path: true
-#  grafana-tempo:
-#    command:
-#      - -config.file=/etc/tempo.yaml
-#    container_name: grafana-tempo
-#    depends_on:
-#      grafana-alloy:
-#        condition: service_started
-#        required: true
-#    image: grafana/tempo:latest
-#    networks:
-#      default: null
-#    ports:
-#      - mode: ingress
-#        protocol: tcp
-#        published: "14268"
-#        target: 14268
-#      - mode: ingress
-#        protocol: tcp
-#        published: "3200"
-#        target: 3200
-#      - mode: ingress
-#        protocol: tcp
-#        published: "9095"
-#        target: 9095
-#      - mode: ingress
-#        protocol: tcp
-#        published: "4317"
-#        target: 4317
-#      - mode: ingress
-#        protocol: tcp
-#        published: "4318"
-#        target: 4318
-#      - mode: ingress
-#        protocol: tcp
-#        published: "9411"
-#        target: 9411
-#    restart: unless-stopped
-#    volumes:
-#      - source: grafana-tempo-data
-#        target: /var/tempo
-#        type: volume
-#        volume: {}
-#      - source: ${DOCKER_VOLUME_CONFIG}/grafana/tempo/tempo.yaml
-#        target: /etc/tempo.yaml
-#        type: bind
-#        bind:
-#          create_host_path: true
  guacamole:
    container_name: guacamole
    environment:
@@ -3559,6 +3299,9 @@ services:
      homepage.href: https://cloud.${MY_TLD}
      homepage.icon: nextcloud.svg
      homepage.description: Private Cloud
+      homepage.widget.type: nextcloud
+      homepage.widget.url: https://cloud.trez.wtf
+      homepage.widget.token: ${NEXTCLOUD_HOMEPAGE_TOKEN}
      swag: enable
      swag_port: 11000
      swag_proto: http
Author	SHA1	Message	Date
Trez.One	401f6b68aa	Ansible private key fix (hopefully). Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Check and Create PR (push) Successful in 1m45s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Docker Compose & Ansible Lints (push) Failing after 11m39s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Deploy via Ansible & Docker Compose (push) Has been skipped Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Update README & Generate List of Modified Services (push) Has been skipped Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / PR Merge (push) Has been skipped Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Cloudflare DNS Setup (push) Has been skipped Details	2025-02-15 20:58:42 -05:00
Trez.One	e9d1814784	Removing Grafana stack; adding Jinja templates for Vector and Gitea Runner. Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Check and Create PR (push) Failing after 5m6s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Docker Compose & Ansible Lints (push) Has been skipped Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Cloudflare DNS Setup (push) Has been skipped Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Update README & Generate List of Modified Services (push) Has been skipped Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / PR Merge (push) Has been skipped Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Deploy via Ansible & Docker Compose (push) Has been skipped Details	2025-02-15 19:49:26 -05:00