Add changedetection as a hosted service

2024-04-28 15:50:14 +02:00 · 2024-04-28 15:50:14 +02:00 · 2014745501
commit 2014745501
parent 743af73974
11 changed files with 80 additions and 11 deletions
--- a/playbook.yml
+++ b/playbook.yml
@ -17,6 +17,7 @@
    - role: cloudflare-ddns
    - role: nginx
    - role: actual
+    - role: changedetection
    - role: pi-hole
  vars:
    # devsec.hardening.ssh_hardening vars:
--- a/roles/actual/handlers/main.yml
+++ b/roles/actual/handlers/main.yml
@ -1,9 +1,4 @@
 ---
- name: Restart ufw
-  become: true
-  ansible.builtin.systemd:
-    name: ufw.service
-    state: restarted
 - name: Reload systemd (daemon-reload)
  become: true
  become_user: "{{ actual_username }}"
--- a/roles/actual/tasks/main.yml
+++ b/roles/actual/tasks/main.yml
@ -1,11 +1,11 @@
 ---
- name: Create a new user
+- name: Include user role
  ansible.builtin.include_role:
    name: user
  vars:
    user_username: "{{ actual_username }}"
    user_password: "{{ actual_password }}"
-    user_use_podman_restart: true
+    user_start_podman_restart: true
 - name: Create a directory for holding actual's (volume) data
  become: true
  become_user: "{{ actual_username }}"
--- a/roles/changedetection/handlers/main.yml
+++ b/roles/changedetection/handlers/main.yml
@ -0,0 +1,7 @@
+---
+- name: Reload systemd (daemon-reload)
+  become: true
+  become_user: "{{ actual_username }}"
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+    scope: user
--- a/roles/changedetection/tasks/main.yml
+++ b/roles/changedetection/tasks/main.yml
@ -0,0 +1,55 @@
+---
+- name: Include user role
+  ansible.builtin.include_role:
+    name: user
+  vars:
+    user_username: "{{ changedetection_username }}"
+    user_password: "{{ changedetection_password }}"
+    user_start_podman_restart: true
+- name: Create a directory for holding changedetection's (volume) data
+  become: true
+  become_user: "{{ changedetection_username }}"
+  ansible.builtin.file:
+    path: "/home/{{ changedetection_username }}/changedetection_data"
+    state: directory
+    mode: '0700'
+- name: Gather facts on the changedetection container
+  become: true
+  become_user: "{{ changedetection_username }}"
+  containers.podman.podman_container_info:
+    name: changedetection-server
+  register: changedetection_server_container_info
+- name: Start the changedetection container with correct systemd linking
+  when: "'no such container' in changedetection_server_container_info.stderr"
+  become: true
+  become_user: "{{ changedetection_username }}"
+  block:
+    - name: Start the changedetection container
+      containers.podman.podman_container:
+        name: changedetection-server
+        image: docker.io/dgtlmoon/changedetection.io:0.45.21
+        restart_policy: always
+        publish:
+          - 127.0.0.1:5000:5000
+        volumes:
+          - "/home/{{ changedetection_username }}/changedetection_data:/datastore"
+        state: stopped
+        # For more information on the systemd startup service, see: https://linuxhandbook.com/autostart-podman-containers/
+        generate_systemd:
+          path: "/home/{{ changedetection_username }}/.config/systemd/user/"
+          restart_policy: always
+      notify: Reload systemd (daemon-reload)
+    - name: Flush handlers
+      ansible.builtin.meta: flush_handlers
+    - name: Enable the newly created systemd service for user
+      ansible.builtin.systemd:
+        name: container-changedetection-server.service
+        state: started
+        enabled: true
+        scope: user
+- name: Include simple-reverse-proxy role
+  ansible.builtin.include_role:
+    name: simple-reverse-proxy
+  vars:
+    simple_reverse_proxy_internal_port: 5000
+    simple_reverse_proxy_internal_subdomain: changedetection
--- a/roles/changedetection/vars/main/defaults.yml
+++ b/roles/changedetection/vars/main/defaults.yml
@ -0,0 +1,2 @@
+---
+changedetection_username: changedetection
--- a/roles/changedetection/vars/main/vault.yml
+++ b/roles/changedetection/vars/main/vault.yml
@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+65363334626534616562376362316134623034396333646361646230313864323562316666623065
+6464353838306530333366653932646163313963346265310a626664653234323765646338613666
+30363762326431656635623839623561346332326363646465343263663931303638623239623439
+6532353332613032390a616464306336313237396163353732363566303761393165643161633165
+35663362623034396638313738643937353765306262653136313438636239663333336636323765
+37313635386333323666303164333030616366316439653235353732616637613564623137316635
+65323965656665633738336632643463653862623836613265663335633336616264333364383438
+37383038393930656339
--- a/roles/cloudflare-ddns/tasks/main.yml
+++ b/roles/cloudflare-ddns/tasks/main.yml
@ -1,5 +1,5 @@
 ---
- name: Create a new user
+- name: Include user role
  ansible.builtin.include_role:
    name: user
  vars:
--- a/roles/pi-hole/tasks/main.yml
+++ b/roles/pi-hole/tasks/main.yml
@ -5,7 +5,7 @@
  vars:
    user_username: "{{ pi_hole_username }}"
    user_password: "{{ pi_hole_password }}"
-    user_use_podman_restart: true
+    user_start_podman_restart: true
 - name: Create the /etc-pihole directory in the home directory (will be mounted to the container)
  become: true
  become_user: "{{ pi_hole_username }}"
--- a/roles/user/tasks/main.yml
+++ b/roles/user/tasks/main.yml
@ -123,4 +123,4 @@
    state: started
    enabled: true
    scope: user
-  when: user_use_podman_restart
+  when: user_start_podman_restart
--- a/roles/user/vars/main/defaults.yml
+++ b/roles/user/vars/main/defaults.yml
@ -1,2 +1,2 @@
 ---
-user_use_podman_restart: false
+user_start_podman_restart: false