A roles/containers/alpine-mirror/README.org => roles/containers/alpine-mirror/README.org +13 -0
@@ 0,0 1,13 @@
+* container/alpine-mirror
+Ansible role used to setup a rsyncd+nginx static file server
+which can be used to publish assets and download them.
+
+#+begin_src yaml
+alpine_mirror_domain: "mirror.ccw.icu"
+alpine_mirror_user: "deploy"
+alpine_mirror_token: "changeme"
+alpine_mirror_bucket: "aports"
+alpine_mirror_project_dir: "mirror"
+alpine_mirror_backend_port: "29027"
+alpine_mirror_frontend_port: "9027"
+#+end_src
A roles/containers/alpine-mirror/defaults/main.yml => roles/containers/alpine-mirror/defaults/main.yml +8 -0
@@ 0,0 1,8 @@
+---
+alpine_mirror_domain: "mirror.ccw.icu"
+alpine_mirror_user: "deploy"
+alpine_mirror_token: "changeme"
+alpine_mirror_bucket: "aports"
+alpine_mirror_project_dir: "mirror"
+alpine_mirror_backend_port: "29027"
+alpine_mirror_frontend_port: "9027"
A roles/containers/alpine-mirror/handlers/main.yml => roles/containers/alpine-mirror/handlers/main.yml +6 -0
@@ 0,0 1,6 @@
+---
+- name: Restart nftables
+ become: true
+ ansible.builtin.service:
+ name: nftables
+ state: restarted
A roles/containers/alpine-mirror/tasks/caddy.yml => roles/containers/alpine-mirror/tasks/caddy.yml +29 -0
@@ 0,0 1,29 @@
+---
+- name: Make sure alpine-mirror caddy reverse proxy config exists
+ become: true
+ vars:
+ project_domain: "{{ alpine_mirror_domain }}"
+ project_port: "{{ alpine_mirror_frontend_port }}"
+ ansible.builtin.template:
+ src: ../../../network/caddy/templates/reverse-proxy.template
+ dest: /etc/caddy/alpine-mirror
+ mode: "0644"
+ validate: caddy validate --adapter caddyfile --config %s
+ register: projectconfig
+
+- name: Make sure caddy links to the alpine-mirror config
+ become: true
+ ansible.builtin.lineinfile:
+ path: /etc/caddy/Caddyfile
+ mode: "0644"
+ search_string: ^import /etc/caddy/alpine-mirror
+ line: import /etc/caddy/alpine-mirror
+ validate: caddy validate --adapter caddyfile --config %s
+ register: caddyconfig
+
+- name: Restart caddy
+ become: true
+ ansible.builtin.service:
+ name: caddy
+ state: restarted
+ when: caddyconfig.changed or projectconfig.changed
A roles/containers/alpine-mirror/tasks/main.yml => roles/containers/alpine-mirror/tasks/main.yml +7 -0
@@ 0,0 1,7 @@
+---
+- name: Setup alpine mirror docker images
+ ansible.builtin.include_tasks: setup.yml
+- name: Setup alpine mirror reverse proxy
+ ansible.builtin.include_tasks: caddy.yml
+- name: Ensure the alpine mirror backend can be accessed by the CI
+ ansible.builtin.include_tasks: nftables.yml
A roles/containers/alpine-mirror/tasks/nftables.yml => roles/containers/alpine-mirror/tasks/nftables.yml +8 -0
@@ 0,0 1,8 @@
+---
+- name: Make sure the nftables vpn rule exists
+ become: true
+ ansible.builtin.template:
+ mode: "0644"
+ src: 53_rsync.nft
+ dest: /etc/nftables.d/53_alpine_mirror.nft
+ notify: Restart nftables
A roles/containers/alpine-mirror/tasks/setup.yml => roles/containers/alpine-mirror/tasks/setup.yml +39 -0
@@ 0,0 1,39 @@
+---
+- name: Ensure alpine-mirror-project-dir exists
+ ansible.builtin.file:
+ path: "{{ container_dir }}/{{ alpine_mirror_project_dir }}"
+ state: directory
+ recurse: true
+
+- name: Create rsync file server docker container
+ community.docker.docker_container:
+ name: alpine-mirror-backend
+ image: codeberg.org/comcloudway/docker-rsyncd:latest
+ restart_policy: unless-stopped
+ env:
+ RSYNC_USER: "{{ alpine_mirror_user }}"
+ RSYNC_PASS: "{{ alpine_mirror_token }}"
+ BUCKET_NAME: "{{ alpine_mirror_bucket }}"
+ volumes:
+ - "{{ container_dir }}/{{ alpine_mirror_project_dir }}/files:/storage"
+ ports:
+ - "{{ alpine_mirror_backend_port }}:873"
+
+- name: Make sure nginx static file server config is installed
+ ansible.builtin.template:
+ src: "nginx.conf"
+ dest: "{{ container_dir }}/{{ alpine_mirror_project_dir }}/nginx.conf"
+ mode: "0644"
+
+- name: Create nginx file server docker container
+ community.docker.docker_container:
+ name: alpine-mirror-frontend
+ image: nginx:mainline-alpine
+ restart_policy: unless-stopped
+ volumes:
+ - "{{ container_dir }}/{{ alpine_mirror_project_dir }}/files:\
+ /usr/share/nginx/html/:ro"
+ - "{{ container_dir }}/{{ alpine_mirror_project_dir }}/nginx.conf:\
+ /etc/nginx/conf.d/default.conf/:ro"
+ ports:
+ - "{{ alpine_mirror_frontend_port }}:80"
A roles/containers/alpine-mirror/templates/53_rsync.nft => roles/containers/alpine-mirror/templates/53_rsync.nft +8 -0
@@ 0,0 1,8 @@
+#!/usr/sbin/nft -f
+
+table inet filter {
+ chain input {
+ # allow alpine mirror rsync access
+ tcp dport {{ alpine_mirror_backend_port }} accept comment "Allow Alpine Mirror"
+ }
+}
A roles/containers/alpine-mirror/templates/nginx.conf => roles/containers/alpine-mirror/templates/nginx.conf +8 -0
@@ 0,0 1,8 @@
+server {
+ listen 80;
+ server_name default;
+ location / {
+ root /usr/share/nginx/html;
+ autoindex on;
+ }
+}
M run.yml => run.yml +6 -0
@@ 63,3 63,9 @@
roles:
- role: containers/wireguard
tags: vpn
+# Rsyncd based file servers
+- name: Setup custom Alpine Mirror
+ hosts: all
+ roles:
+ - role: containers/alpine-mirror
+ tags: aports