From dbcb70571a283b464b1914a1c039b3a33cf530a4 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Wed, 8 Oct 2025 09:55:37 -0400 Subject: [PATCH 1/9] Fixing Prometheus in OTEL config. --- .../rinoa/signoz/common/otel/otel-collector-config.yaml.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/app-configs/rinoa/signoz/common/otel/otel-collector-config.yaml.j2 b/app-configs/rinoa/signoz/common/otel/otel-collector-config.yaml.j2 index 9fc0416..2505ac0 100644 --- a/app-configs/rinoa/signoz/common/otel/otel-collector-config.yaml.j2 +++ b/app-configs/rinoa/signoz/common/otel/otel-collector-config.yaml.j2 @@ -101,6 +101,7 @@ receivers: - job_name: "rinoa-containers" docker_sd_configs: - host: unix:///var/run/docker.sock + refresh_interval: "30s" - job_name: "apprise-api" static_configs: - targets: ["apprise:8000"] From c2941441aaa1eaa6e8859097dfe2d8028de4ed3f Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Wed, 8 Oct 2025 10:01:53 -0400 Subject: [PATCH 2/9] Playbook fix. --- tar-valon_config_deploy.yml | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/tar-valon_config_deploy.yml b/tar-valon_config_deploy.yml index ee809e7..36b7c1e 100644 --- a/tar-valon_config_deploy.yml +++ b/tar-valon_config_deploy.yml @@ -10,12 +10,6 @@ default_owner: "1000" default_group: "1000" default_mode: "0644" - # file_metadata should be defined in host_vars/.yml: - # file_metadata: - # "configs/serviceA/config.yaml": - # owner: "999" - # group: "999" - # mode: "0640" pre_tasks: - name: Get remote user's UID and GID @@ -90,9 +84,9 @@ - name: Log computed deployment metadata ansible.builtin.debug: - msg: | + msg: >- Deployment plan: - {%- for f in deploy_files -%} + {% for f in deploy_files %} - src: {{ f.src }} dest: {{ f.dest }} owner: {{ f.owner }} @@ -100,18 +94,21 @@ mode: {{ f.mode }} become: {{ f.become }} template: {{ f.is_template }} - {%- endfor -%} + {% endfor %} run_once: true - - name: Print concise become: true list + - name: Print concise become true list ansible.builtin.debug: - msg: | + msg: >- Files requiring become=true: - {%- for f in deploy_files if f.become -%} + {% set found = false %} + {% for f in deploy_files if f.become %} + {% set found = true %} - {{ f.dest }} -> owner:{{ f.owner }}:{{ f.group }} mode:{{ f.mode }} - {%- else -%} + {% endfor %} + {% if not found %} (none) - {%- endfor -%} + {% endif %} run_once: true tasks: @@ -119,7 +116,7 @@ ansible.builtin.file: path: "{{ item }}" state: directory - mode: '0755' + mode: "0755" loop: "{{ dest_dirs }}" loop_control: label: "{{ item }}" From 46ab58a69b09959ddd8ae8e11c72c4b1edebf977 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Wed, 8 Oct 2025 10:04:29 -0400 Subject: [PATCH 3/9] Removing unneeded standalone Prometheus config. --- .../rinoa/signoz/common/prometheus.yml.j2 | 25 ------------------- 1 file changed, 25 deletions(-) delete mode 100644 app-configs/rinoa/signoz/common/prometheus.yml.j2 diff --git a/app-configs/rinoa/signoz/common/prometheus.yml.j2 b/app-configs/rinoa/signoz/common/prometheus.yml.j2 deleted file mode 100644 index 683e5e1..0000000 --- a/app-configs/rinoa/signoz/common/prometheus.yml.j2 +++ /dev/null @@ -1,25 +0,0 @@ -# my global config -global: - scrape_interval: 5s # Set the scrape interval to every 15 seconds. Default is every 1 minute. - evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute. - # scrape_timeout is set to the global default (10s). - -# Alertmanager configuration -alerting: - alertmanagers: - - static_configs: - - targets: - - alertmanager:9093 - -# Load rules once and periodically evaluate them according to the global 'evaluation_interval'. -rule_files: [] - # - "first_rules.yml" - # - "second_rules.yml" - # - 'alerts.yml' - -# A scrape configuration containing exactly one endpoint to scrape: -# Here it's Prometheus itself. -scrape_configs: [] - -remote_read: - - url: tcp://clickhouse:9000/signoz_metrics From 6edff85e3f0782a4a744310aa5da2798200a4c2c Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Wed, 8 Oct 2025 10:14:20 -0400 Subject: [PATCH 4/9] File permission tasks. --- app-configs/rinoa/argus/config.yml.j2 | 337 ------------------ app-configs/rinoa/librechat/librechat.yaml.j2 | 33 -- tar-valon_config_deploy.yml | 13 +- 3 files changed, 10 insertions(+), 373 deletions(-) delete mode 100644 app-configs/rinoa/argus/config.yml.j2 delete mode 100644 app-configs/rinoa/librechat/librechat.yaml.j2 diff --git a/app-configs/rinoa/argus/config.yml.j2 b/app-configs/rinoa/argus/config.yml.j2 deleted file mode 100644 index 5fd260c..0000000 --- a/app-configs/rinoa/argus/config.yml.j2 +++ /dev/null @@ -1,337 +0,0 @@ -settings: - log: - level: INFO - timestamps: true - data: - database_file: data/argus.db - web: - listen_host: 0.0.0.0 - listen_port: 8080 - route_prefix: / - basic_auth: - username: 'admin' - password: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['ARGUS_WEB_PASSWORD'] }}" - disabled_routes: [] - favicon: - png: '' - svg: '' -notify: - rinoa-gotify: - type: gotify - url_fields: - Host: gotify - Token: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['ARGUS_WEB_PASSWORD'] }} - params: - Title: Argus @ Rinoa -service: - AdguardTeam/AdGuardHome: - latest_version: - type: github - url: AdguardTeam/AdGuardHome - url_commands: - - type: regex - regex: v([0-9.]+)$ - deployed_version: - url: "https://adguard.trez.wtf/control/status" - basic_auth: - username: admin - password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['ADGUARD_PASSWORD'] }} - json: version - regex: v([0-9.]+) - dashboard: - web_url: "https://github.com/AdguardTeam/AdGuardHome/releases/v{% raw %}{{ version }}{% endraw %}" - icon: "https://avatars.githubusercontent.com/u/8361145?s=200&v=4" - advplyr/audiobookshelf: - latest_version: - type: github - url: advplyr/audiobookshelf - url_commands: - - type: regex - regex: v([0-9.]+)$ - deployed_version: - method: GET - url: "https://abs.trez.wtf/status" - json: serverVersion - dashboard: - icon: "https://raw.githubusercontent.com/advplyr/audiobookshelf/master/client/static/icon.svg" - web_url: "https://github.com/advplyr/audiobookshelf/releases/tag/v{% raw %}{{ version }}{% endraw %}" - dani-garcia/vaultwarden: - latest_version: - type: github - url: dani-garcia/vaultwarden - deployed_version: - url: "https://bitwarden.trez.wtf/api/version" - regex: ([0-9.]+) - dashboard: - web_url: "https://github.com/dani-garcia/vaultwarden/releases/{% raw %}{{ version }}{% endraw %}" - icon: "https://raw.githubusercontent.com/dani-garcia/vaultwarden/main/src/static/images/vaultwarden-icon.png" - ellite/Wallos: - latest_version: - type: github - url: ellite/Wallos - deployed_version: - method: GET - url: http://wallos.com/api/status/version.php?api_key=xxx - json: version_number - dashboard: - icon: "https://github.com/ellite/Wallos/raw/main/images/siteicons/wallos.png" - web_url: "https://github.com/ellite/Wallos/releases" - FlareSolverr/FlareSolverr: - latest_version: - type: github - url: FlareSolverr/FlareSolverr - url_commands: - - type: regex - regex: v([0-9.]+)$ - deployed_version: - method: GET - url: "https://flaresolverr.trez.wtf" - json: version - dashboard: - icon: "https://raw.githubusercontent.com/FlareSolverr/FlareSolverr/master/resources/flaresolverr_logo.png" - web_url: "https://github.com/FlareSolverr/FlareSolverr/releases/tag/v{% raw %}{{ version }}{% endraw %}" - go-gitea/gitea: - latest_version: - type: github - url: go-gitea/gitea - url_commands: - - type: regex - regex: v([0-9.]+)$ - require: - regex_content: gitea-{% raw %}{{ version }}{% endraw %}-linux-amd64 - regex_version: ^[0-9.]+[0-9]$ - deployed_version: - url: "https://git.trez.wtf" - regex: 'Powered by Gitea\s+Version:\s+([0-9.]+) ' - dashboard: - web_url: "https://github.com/go-gitea/gitea/releases/v{% raw %}{{ version }}{% endraw %}" - icon: "https://raw.githubusercontent.com/go-gitea/gitea/main/public/img/logo.png" - gohugoio/hugo: - latest_version: - type: github - url: gohugoio/hugo - url_commands: - - type: regex - regex: v([0-9.]+)$ - require: - regex_content: hugo_{% raw %}{{ version }}{% endraw %}_Linux-64bit\.deb - dashboard: - web_url: "https://github.com/gohugoio/hugo/releases/v{% raw %}{{ version }}{% endraw %}" - icon: "https://raw.githubusercontent.com/gohugoio/hugo/master/docs/static/img/hugo.png" - gotify/server: - latest_version: - type: github - url: gotify/server - url_commands: - - type: regex - regex: v([0-9.]+)$ - deployed_version: - url: "https://gotify.trez.wtf/version" - json: version - dashboard: - web_url: "https://github.com/gotify/server/releases/v{% raw %}{{ version }}{% endraw %}" - icon: "https://github.com/gotify/logo/raw/master/gotify-logo.png" - hashicorp/vault: - latest_version: - type: github - url: hashicorp/vault - url_commands: - - type: regex - regex: v([0-9.]+)$ - deployed_version: - url: "https://vault.trez.wtf/v1/sys/health" - json: version - dashboard: - web_url: "https://github.com/hashicorp/vault/releases/v{% raw %}{{ version }}{% endraw %}" - icon: "https://raw.githubusercontent.com/hashicorp/vault/main/ui/public/vault-logo.svg" - immich-app/immich: - latest_version: - type: github - url: immich-app/immich - deployed_version: - url: "https://pics.trez.wtf/api/server/about" - json: version - regex: ^v([0-9.]+)$ - headers: - - key: x-api-key - value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['IMMICH_POWER_TOOLS_KEY'] }} - dashboard: - icon: "https://raw.githubusercontent.com/immich-app/immich/main/web/static/immich-logo.svg" - web_url: "https://github.com/immich-app/immich/releases/tag/v{% raw %}{{ version }}{% endraw %}" - influxdata/influxdb: - latest_version: - type: github - url: influxdata/influxdb - url_commands: - - type: regex - regex: v([0-9.]+)$ - deployed_version: - url: "https://influxdb.trez.wtf/health" - json: version - dashboard: - web_url: "https://github.com/influxdata/influxdb/releases/tag/v{% raw %}{{ version }}{% endraw %}" - icon: "https://github.com/influxdata/ui/raw/master/src/writeData/graphics/influxdb.svg" - jellyfin/jellyfin: - latest_version: - type: github - url: jellyfin/jellyfin - url_commands: - - type: regex - regex: v([0-9.]+)$ - deployed_version: - url: "https://jellyfin.trez.wtf/System/Info/Public" - json: Version - dashboard: - web_url: "https://github.com/jellyfin/jellyfin/releases/v{% raw %}{{ version }}{% endraw %}" - icon: "https://avatars.githubusercontent.com/u/45698031?s=200&v=4" - Lidarr/Lidarr: - options: - semantic_versioning: false - latest_version: - type: github - url: Lidarr/Lidarr - url_commands: - - type: regex - regex: v([0-9.]+)$ - deployed_version: - method: GET - url: "https://lidarr.trez.wtf/api/v1/system/status" - headers: - - key: X-Api-Key - value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LIDARR_API_KEY'] }} - json: version - dashboard: - icon: "https://raw.githubusercontent.com/Lidarr/Lidarr/develop/Logo/1024.png" - web_url: "https://github.com/Lidarr/Lidarr/releases/v{% raw %}{{ version }}{% endraw %}" - louislam/uptime-kuma: - latest_version: - type: github - url: louislam/uptime-kuma - deployed_version: - url: "https://status.trez.wtf/metrics" - regex: app_version{version=\"([0-9.]+)\",major=\"[0-9]+\",minor=\"[0-9]+\",patch=\"[0-9]+\"} - dashboard: - web_url: "https://github.com/louislam/uptime-kuma/releases/{% raw %}{{ version }}{% endraw %}" - icon: "https://raw.githubusercontent.com/louislam/uptime-kuma/master/public/icon.png" - morpheus65535/bazarr: - latest_version: - type: github - url: morpheus65535/bazarr - url_commands: - - type: regex - regex: v([0-9.]+)$ - deployed_version: - url: "https://bazarr.trez.wtf/api/system/status" - headers: - - key: X-API-KEY - value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['BAZARR_API_KEY'] }} - json: data.bazarr_version - dashboard: - web_url: "https://github.com/morpheus65535/bazarr/releases/v{% raw %}{{ version }}{% endraw %}" - icon: "https://raw.githubusercontent.com/morpheus65535/bazarr/master/frontend/public/images/logo128.png" - n8n-io/n8n: - latest_version: - type: url - url: "https://github.com/n8n-io/n8n/tags" - url_commands: - - type: regex - regex: n8n\%40([0-9.]+) - dashboard: - web_url: "https://github.com/n8n-io/n8n/blob/master/CHANGELOG.md" - icon: "https://raw.githubusercontent.com/n8n-io/n8n-docs/main/docs/_images/n8n-docs-icon.svg" - nextcloud/server: - latest_version: - type: github - url: nextcloud/server - url_commands: - - type: regex - regex: v([0-9.]+)$ - deployed_version: - url: "https://cloud.trez.wtf/status.php" - json: versionstring - dashboard: - web_url: "https://nextcloud.com/changelog/" - icon: "https://github.com/nextcloud/server/raw/master/core/img/favicon.png" - Prowlarr/Prowlarr: - options: - semantic_versioning: false - latest_version: - type: github - url: Prowlarr/Prowlarr - url_commands: - - type: regex - regex: v([0-9.]+)$ - use_prerelease: true - deployed_version: - url: "https://prowlarr.trez.wtf/api/v1/system/status" - headers: - - key: X-Api-Key - value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['PROWLARR_API_KEY'] }} - json: version - dashboard: - web_url: "https://github.com/Prowlarr/Prowlarr/releases/v{% raw %}{{ version }}{% endraw %}" - icon: "https://avatars.githubusercontent.com/u/73049443?s=200&v=4" - Radarr/Radarr: - options: - semantic_versioning: false - latest_version: - type: github - url: Radarr/Radarr - url_commands: - - type: regex - regex: v([0-9.]+)$ - deployed_version: - url: "https://radarr.trez.wtf/api/v3/system/status" - headers: - - key: X-Api-Key - value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['RADARR_API_KEY'] }} - json: version - dashboard: - web_url: "https://github.com/Radarr/Radarr/releases/v{% raw %}{{ version }}{% endraw %}" - icon: "https://avatars.githubusercontent.com/u/25025331?s=200&v=4" - Readarr/Readarr: - options: - semantic_versioning: false - latest_version: - type: github - url: Readarr/Readarr - use_prerelease: true - url_commands: - - type: regex - regex: v([0-9.]+)$ - deployed_version: - method: GET - url: "https://readarr.trez.wtf/api/v1/system/status" - headers: - - key: X-Api-Key - value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['READARR_API_KEY'] }} - json: version - dashboard: - icon: "https://raw.githubusercontent.com/Readarr/Readarr/develop/Logo/1024.png" - web_url: "https://github.com/Readarr/Readarr/releases/v{% raw %}{{ version }}{% endraw %}" - Sonarr/Sonarr: - options: - semantic_versioning: false - latest_version: - type: url - url: "https://github.com/Sonarr/Sonarr/tags" - url_commands: - - type: regex - regex: \/releases\/tag\/v?([0-9.]+)\" - deployed_version: - url: "https://sonarr.trez.wtf/api/v3/system/status" - headers: - - key: X-Api-Key - value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SONARR_API_KEY'] }} - json: version - dashboard: - web_url: "https://sonarr.trez.wtf/system/updates" - icon: "https://raw.githubusercontent.com/Sonarr/Sonarr/develop/Logo/256.png" - release-argus/argus: - latest_version: - type: github - url: release-argus/argus - dashboard: - icon: "https://raw.githubusercontent.com/release-argus/Argus/master/web/ui/react-app/public/favicon.svg" - icon_link-to: "https://release-argus.io" - web_url: "https://github.com/release-argus/Argus/blob/master/CHANGELOG.md" diff --git a/app-configs/rinoa/librechat/librechat.yaml.j2 b/app-configs/rinoa/librechat/librechat.yaml.j2 deleted file mode 100644 index 64f00cb..0000000 --- a/app-configs/rinoa/librechat/librechat.yaml.j2 +++ /dev/null @@ -1,33 +0,0 @@ -version: 1.2.8 -endpoints: - custom: - - name: "rinoa-ollama" - apiKey: "ollama" - baseURL: "http://ollama:11434/v1/chat/completions" - models: - default: [ - "codellama:7b", - "deepseek-coder-v2:16b", - "deepseek-r1:1.5b", - "deepseek-v3:671b", - "dolphin-mistral:7b", - "llama2:7b", - "llama3.3:70b", - "mistral-openorca:7b", - "mistral:7b", - "orca-mini:3b", - "phi4:14b", - "qwen2.5", - "smollm2:1.7b", - "starcoder2:3b", - "tinyllama:1.1b", - ] -# fetching list of models is supported but the `name` field must start -# with `ollama` (case-insensitive), as it does in this example. - fetch: true - titleConvo: true - titleModel: "current_model" - summarize: false - summaryModel: "current_model" - forcePrompt: false - modelDisplayLabel: "Ollama" \ No newline at end of file diff --git a/tar-valon_config_deploy.yml b/tar-valon_config_deploy.yml index 36b7c1e..70b4aaf 100644 --- a/tar-valon_config_deploy.yml +++ b/tar-valon_config_deploy.yml @@ -10,17 +10,24 @@ default_owner: "1000" default_group: "1000" default_mode: "0644" + # file_metadata should be defined in host_vars/.yml: + # file_metadata: + # "configs/serviceA/config.yaml": + # owner: "999" + # group: "999" + # mode: "0640" pre_tasks: - name: Get remote user's UID and GID ansible.builtin.command: "id -u && id -g" register: remote_user_info changed_when: false + ignore_errors: true - name: Set remote user's UID and GID facts ansible.builtin.set_fact: - remote_uid: "{{ remote_user_info.stdout_lines[0] | int }}" - remote_gid: "{{ remote_user_info.stdout_lines[1] | int }}" + remote_uid: "{{ remote_user_info.stdout_lines[0] | default(default_owner) | int }}" + remote_gid: "{{ remote_user_info.stdout_lines[1] | default(default_group) | int }}" - name: Annotate file metadata with become requirement ansible.builtin.set_fact: @@ -97,7 +104,7 @@ {% endfor %} run_once: true - - name: Print concise become true list + - name: Print concise become: true list ansible.builtin.debug: msg: >- Files requiring become=true: From 3d7919c1ec9d9d24717a3e8286830757f58ee30c Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Wed, 8 Oct 2025 10:19:31 -0400 Subject: [PATCH 5/9] .... --- app-configs/rinoa/cloudflared/config.yml.j2 | 16 ---------------- tar-valon_config_deploy.yml | 2 +- 2 files changed, 1 insertion(+), 17 deletions(-) delete mode 100644 app-configs/rinoa/cloudflared/config.yml.j2 diff --git a/app-configs/rinoa/cloudflared/config.yml.j2 b/app-configs/rinoa/cloudflared/config.yml.j2 deleted file mode 100644 index a02e510..0000000 --- a/app-configs/rinoa/cloudflared/config.yml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -{% set vault_addr = 'https://vault.trez.wtf' %} -{% set secrets_path = 'rinoa-docker/env' %} - -tunnel: 52bdee6e-8ccb-47be-ba9e-f8010b905e41 -credentials-file: /etc/cloudflared/52bdee6e-8ccb-47be-ba9e-f8010b905e41.json -warp-routing: - enabled: true - -ingress: - - hostname: git-ssh.trez.wtf - service: ssh://gitea:22 - - hostname: gist-ssh.trez.wtf - service: ssh://gitea-opengist:2222 - - hostname: ssh.trez.wtf - service: ssh://192.168.1.254:22 - - service: http_status:404 # Default for unmatched requests diff --git a/tar-valon_config_deploy.yml b/tar-valon_config_deploy.yml index 70b4aaf..629fe35 100644 --- a/tar-valon_config_deploy.yml +++ b/tar-valon_config_deploy.yml @@ -104,7 +104,7 @@ {% endfor %} run_once: true - - name: Print concise become: true list + - name: Print concise become true list ansible.builtin.debug: msg: >- Files requiring become=true: From cc3dc6ea508af4aa308189e6bda27e116bc5bb2b Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Wed, 8 Oct 2025 10:25:59 -0400 Subject: [PATCH 6/9] ... --- app-configs/rinoa/apprise/conf/apprise.yml.j2 | 1 - tar-valon_config_deploy.yml | 35 +++++++++++-------- 2 files changed, 20 insertions(+), 16 deletions(-) diff --git a/app-configs/rinoa/apprise/conf/apprise.yml.j2 b/app-configs/rinoa/apprise/conf/apprise.yml.j2 index 948c0f0..ac83b1a 100644 --- a/app-configs/rinoa/apprise/conf/apprise.yml.j2 +++ b/app-configs/rinoa/apprise/conf/apprise.yml.j2 @@ -1,6 +1,5 @@ {% set vault_addr = 'https://vault.trez.wtf' %} {% set secrets_path = 'rinoa-docker/env' %} - urls: - gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['APPRISE_GOTIFY_TOKEN'] }} - hassio://192.168.1.252/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['APPRISE_HA_TOKEN'] }} diff --git a/tar-valon_config_deploy.yml b/tar-valon_config_deploy.yml index 629fe35..d3291da 100644 --- a/tar-valon_config_deploy.yml +++ b/tar-valon_config_deploy.yml @@ -29,24 +29,29 @@ remote_uid: "{{ remote_user_info.stdout_lines[0] | default(default_owner) | int }}" remote_gid: "{{ remote_user_info.stdout_lines[1] | default(default_group) | int }}" + - name: Initialize file metadata with become info + ansible.builtin.set_fact: + file_metadata_with_become: {} + - name: Annotate file metadata with become requirement ansible.builtin.set_fact: file_metadata_with_become: >- {{ - (file_metadata | default({})) | dict2items - | map('combine', { - 'value': item.value | combine({ - 'owner': (item.value.owner | default(default_owner) | string), - 'group': (item.value.group | default(default_group) | string), - 'mode': (item.value.mode | default(default_mode) | string), - 'become': ( - ((item.value.owner | default(default_owner) | int) != remote_uid) or - ((item.value.group | default(default_group) | int) != remote_gid) - ) - }) + file_metadata_with_become | combine({ + item.key: item.value | combine({ + 'owner': (item.value.owner | default(default_owner) | string), + 'group': (item.value.group | default(default_group) | string), + 'mode': (item.value.mode | default(default_mode) | string), + 'become': ( + ((item.value.owner | default(default_owner) | int) != remote_uid) or + ((item.value.group | default(default_group) | int) != remote_gid) + ) }) - | items2dict + }) }} + loop: "{{ file_metadata | dict2items }}" + loop_control: + label: "{{ item.key }}" - name: Find all files for this host (control node) ansible.builtin.find: @@ -76,7 +81,7 @@ deploy_files: >- {{ host_files.files - | map('extract', attribute='path') + | map(attribute='path') | map('community.general.dict_kv', item => { 'src': item, 'dest': appdata_base_path ~ '/' ~ (item | relpath(template_base_path ~ '/' ~ inventory_hostname) | regex_replace('\.j2$', '')), @@ -104,10 +109,10 @@ {% endfor %} run_once: true - - name: Print concise become true list + - name: Print concise become list ansible.builtin.debug: msg: >- - Files requiring become=true: + Files requiring become: {% set found = false %} {% for f in deploy_files if f.become %} {% set found = true %} From 0ab3138140e9a08cec65a89505c8e37937d883cd Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Wed, 8 Oct 2025 10:30:20 -0400 Subject: [PATCH 7/9] .... --- app-configs/rinoa/readarr/config.xml.j2 | 21 --------------------- tar-valon_config_deploy.yml | 2 +- 2 files changed, 1 insertion(+), 22 deletions(-) delete mode 100644 app-configs/rinoa/readarr/config.xml.j2 diff --git a/app-configs/rinoa/readarr/config.xml.j2 b/app-configs/rinoa/readarr/config.xml.j2 deleted file mode 100644 index 9affe18..0000000 --- a/app-configs/rinoa/readarr/config.xml.j2 +++ /dev/null @@ -1,21 +0,0 @@ -{% set vault_addr = 'https://vault.trez.wtf' %} -{% set secrets_path = 'rinoa-docker/env' %} - - - * - 8787 - 6868 - False - True - {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['READARR_API_KEY'] }} - Forms - develop - info - - - - Readarr - Docker - auto - Enabled - \ No newline at end of file diff --git a/tar-valon_config_deploy.yml b/tar-valon_config_deploy.yml index d3291da..0bbc380 100644 --- a/tar-valon_config_deploy.yml +++ b/tar-valon_config_deploy.yml @@ -49,7 +49,7 @@ }) }) }} - loop: "{{ file_metadata | dict2items }}" + loop: "{{ (file_metadata | default({})) | dict2items }}" loop_control: label: "{{ item.key }}" From 6d1cb4ed505dd97123aa72ed2481a99bb03238f4 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Wed, 8 Oct 2025 10:41:28 -0400 Subject: [PATCH 8/9] .... --- tar-valon_config_deploy.yml | 36 +++++++++++++++--------------------- 1 file changed, 15 insertions(+), 21 deletions(-) diff --git a/tar-valon_config_deploy.yml b/tar-valon_config_deploy.yml index 0bbc380..90c7800 100644 --- a/tar-valon_config_deploy.yml +++ b/tar-valon_config_deploy.yml @@ -10,12 +10,6 @@ default_owner: "1000" default_group: "1000" default_mode: "0644" - # file_metadata should be defined in host_vars/.yml: - # file_metadata: - # "configs/serviceA/config.yaml": - # owner: "999" - # group: "999" - # mode: "0640" pre_tasks: - name: Get remote user's UID and GID @@ -76,23 +70,23 @@ }} changed_when: false + - name: Initialize deploy files list + ansible.builtin.set_fact: + deploy_files: [] + - name: Build flat file deployment spec list ansible.builtin.set_fact: - deploy_files: >- - {{ - host_files.files - | map(attribute='path') - | map('community.general.dict_kv', item => { - 'src': item, - 'dest': appdata_base_path ~ '/' ~ (item | relpath(template_base_path ~ '/' ~ inventory_hostname) | regex_replace('\.j2$', '')), - 'owner': file_metadata_with_become[item | relpath(template_base_path ~ '/' ~ inventory_hostname)]?.owner | default(default_owner), - 'group': file_metadata_with_become[item | relpath(template_base_path ~ '/' ~ inventory_hostname)]?.group | default(default_group), - 'mode': file_metadata_with_become[item | relpath(template_base_path ~ '/' ~ inventory_hostname)]?.mode | default(default_mode), - 'become': file_metadata_with_become[item | relpath(template_base_path ~ '/' ~ inventory_hostname)]?.become | default(false), - 'is_template': item.endswith('.j2') - }) - | list - }} + deploy_files: "{{ deploy_files + [ { + 'src': item.path, + 'dest': appdata_base_path ~ '/' ~ (item.path | relpath(template_base_path ~ '/' ~ inventory_hostname) | regex_replace('\\.j2$', '')), + 'owner': (file_metadata_with_become.get(item.path | relpath(template_base_path ~ '/' ~ inventory_hostname), {}).get('owner', default_owner)) | string, + 'group': (file_metadata_with_become.get(item.path | relpath(template_base_path ~ '/' ~ inventory_hostname), {}).get('group', default_group)) | string, + 'mode': (file_metadata_with_become.get(item.path | relpath(template_base_path ~ '/' ~ inventory_hostname), {}).get('mode', default_mode)) | string, + 'become': (file_metadata_with_become.get(item.path | relpath(template_base_path ~ '/' ~ inventory_hostname), {}).get('become', false)) | bool, + 'is_template': item.path.endswith('.j2') } ] }}" + loop: "{{ host_files.files }}" + loop_control: + label: "{{ item.path }}" - name: Log computed deployment metadata ansible.builtin.debug: From c660c140a1ce4511bb7e1126537d08b7b94f2342 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Wed, 8 Oct 2025 10:41:41 -0400 Subject: [PATCH 9/9] .... --- app-configs/benedikta/{requirements.foo => skills.foo} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename app-configs/benedikta/{requirements.foo => skills.foo} (100%) diff --git a/app-configs/benedikta/requirements.foo b/app-configs/benedikta/skills.foo similarity index 100% rename from app-configs/benedikta/requirements.foo rename to app-configs/benedikta/skills.foo