PHiAX/Raspberry-Pi-IaC
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Raspberry-Pi-IaC/roles/actual/tasks/main.yml
Thomas Kleinendorst 462e202737 Register actual container as systemd service 
This service is scoped to the user only but ensures that the container
is started on system boot.
2024-04-16 17:04:45 +02:00

78 lines
2.5 KiB
YAML
Raw Blame History

---
- name: Create a new user
ansible.builtin.include_role:
name: user
vars:
user_username: "{{ actual_username }}"
user_password: "{{ actual_password }}"
- name: Create a directory for holding actual's (volume) data
become: true
become_user: "{{ actual_username }}"
ansible.builtin.file:
path: "/home/{{ actual_username }}/actual_data"
state: directory
mode: '0700'
- name: Start the podman-restart.service
become: true
become_user: "{{ actual_username }}"
ansible.builtin.systemd:
name: podman-restart.service
state: started
enabled: true
scope: user
- name: Gather facts on the actual container
become: true
become_user: "{{ actual_username }}"
containers.podman.podman_container_info:
name: actual-server
register: actual_server_container_info
- name: Start the actual container with correct systemd linking
when: "'no such container' in actual_server_container_info.stderr"
become: true
become_user: "{{ actual_username }}"
block:
- name: Start the Actual container
containers.podman.podman_container:
name: actual-server
image: docker.io/actualbudget/actual-server:24.4.0
restart_policy: always
publish:
- 127.0.0.1:5006:5006
volumes:
- "/home/{{ actual_username }}/actual_data:/data"
state: stopped
recreate: true
generate_systemd:
path: "/home/{{ actual_username }}/.config/systemd/user/"
restart_policy: always
notify: Reload systemd (daemon-reload)
- name: Flush handlers
ansible.builtin.meta: flush_handlers
- name: Enable the newly created systemd service for user
ansible.builtin.systemd:
name: container-actual-server.service
state: started
enabled: true
scope: user
- name: Install certificate for actual.kleinendorst.info
become: true
ansible.builtin.command:
cmd: register_certbot_domain.sh actual.kleinendorst.info
creates: /etc/letsencrypt/live/actual.kleinendorst.info # The certificate directory
- name: Set Nginx configuration
become: true
ansible.builtin.template:
src: actual.conf.j2
dest: /etc/nginx/conf.d/actual.conf
mode: '0644'
notify: Restart Nginx
# - name: Allow https through firewall
# become: true
# community.general.ufw:
# rule: allow
# port: https
# proto: tcp
# notify: Restart ufw
- name: Debug
ansible.builtin.debug:
msg: "Don't forget to manually add a DNS record for actual.kleinendorst.info pointing to: {{ ansible_facts['default_ipv4']['address'] }}."
Reference in a new issue View git blame Copy permalink