diff --git a/config/ansible/tasks/global/global.yml b/config/ansible/tasks/global/global.yml index a54b843..66acc7d 100644 --- a/config/ansible/tasks/global/global.yml +++ b/config/ansible/tasks/global/global.yml @@ -49,6 +49,28 @@ state: present become: true +# --- PBinCLI via pipx --- +- name: Ensure pbincli is installed with pipx + ansible.builtin.command: pipx install pbincli + args: + creates: ~/.local/bin/pbincli + environment: + PIPX_DEFAULT_PYTHON: /usr/bin/python3 + become: false + +- name: Ensure ~/.config/pbincli directory exists + ansible.builtin.file: + path: "{{ ansible_env.HOME }}/.config/pbincli" + state: directory + mode: "0755" + +- name: Configure pbincli to use custom server + ansible.builtin.copy: + dest: "{{ ansible_env.HOME }}/.config/pbincli/pbincli.conf" + content: | + server=https://bin.mvl.sh + mode: "0644" + - name: Include WSL2 tasks ansible.builtin.import_tasks: tasks/global/wsl.yml when: "'microsoft-standard-WSL2' in ansible_kernel" diff --git a/config/ansible/tasks/servers/server.yml b/config/ansible/tasks/servers/server.yml index a91194e..a172f6f 100644 --- a/config/ansible/tasks/servers/server.yml +++ b/config/ansible/tasks/servers/server.yml @@ -13,6 +13,9 @@ tags: - juicefs + # Note: Per-service tags should be set in each service's task file (e.g., privatebin.yml). + # The tags here are static and allow selection by service name. + # To target a specific service, use '--tags services,privatebin' so the include is processed and the inner tag matches. - name: Include service tasks ansible.builtin.include_tasks: "services/{{ item.name }}/{{ item.name }}.yml" loop: "{{ services }}" @@ -21,6 +24,7 @@ label: "{{ item.name }}" tags: - services + vars: services: - name: caddy diff --git a/config/ansible/tasks/servers/services/echoip/echoip.yml b/config/ansible/tasks/servers/services/echoip/echoip.yml index f129a5d..2045fe8 100644 --- a/config/ansible/tasks/servers/services/echoip/echoip.yml +++ b/config/ansible/tasks/servers/services/echoip/echoip.yml @@ -10,6 +10,16 @@ maxmind_license_key: "{{ lookup('community.general.onepassword', 'MaxMind', vault='Dotfiles', field='license_key') | regex_replace('\\s+', '') }}" + # Requires: gather_facts: true in playbook + - name: Check last update marker file + ansible.builtin.stat: + path: "{{ echoip_data_dir }}/.last_update" + register: echoip_update_marker + + - name: Determine if update is needed (older than 24h or missing) + ansible.builtin.set_fact: + update_needed: "{{ (not echoip_update_marker.stat.exists) or ((ansible_date_time.epoch | int) - (echoip_update_marker.stat.mtime | default(0) | int) > 86400) }}" + - name: Create EchoIP directory ansible.builtin.file: path: "{{ echoip_service_dir }}" @@ -22,109 +32,120 @@ state: directory mode: "0755" - # Create directories for extracted databases - - name: Create directory for ASN database extraction - ansible.builtin.file: - path: "{{ echoip_data_dir }}/GeoLite2-ASN" - state: directory - mode: "0755" + # Only update databases if needed (max once per 24h) + - block: + # Touch the marker file BEFORE attempting download to prevent repeated attempts on failure + - name: Update last update marker file (pre-download) + ansible.builtin.file: + path: "{{ echoip_data_dir }}/.last_update" + state: touch - - name: Create directory for City database extraction - ansible.builtin.file: - path: "{{ echoip_data_dir }}/GeoLite2-City" - state: directory - mode: "0755" + # Create directories for extracted databases + - name: Create directory for ASN database extraction + ansible.builtin.file: + path: "{{ echoip_data_dir }}/GeoLite2-ASN" + state: directory + mode: "0755" - - name: Create directory for Country database extraction - ansible.builtin.file: - path: "{{ echoip_data_dir }}/GeoLite2-Country" - state: directory - mode: "0755" + - name: Create directory for City database extraction + ansible.builtin.file: + path: "{{ echoip_data_dir }}/GeoLite2-City" + state: directory + mode: "0755" - # Download all databases - - name: Download GeoLite2 ASN database - ansible.builtin.get_url: - url: "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key={{ maxmind_license_key }}&suffix=tar.gz" - dest: "{{ echoip_data_dir }}/GeoLite2-ASN.tar.gz" - mode: "0644" + - name: Create directory for Country database extraction + ansible.builtin.file: + path: "{{ echoip_data_dir }}/GeoLite2-Country" + state: directory + mode: "0755" - - name: Download GeoLite2 City database - ansible.builtin.get_url: - url: "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key={{ maxmind_license_key }}&suffix=tar.gz" - dest: "{{ echoip_data_dir }}/GeoLite2-City.tar.gz" - mode: "0644" + # Download all databases + - name: Download GeoLite2 ASN database + ansible.builtin.get_url: + url: "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key={{ maxmind_license_key }}&suffix=tar.gz" + dest: "{{ echoip_data_dir }}/GeoLite2-ASN.tar.gz" + mode: "0644" - - name: Download GeoLite2 Country database - ansible.builtin.get_url: - url: "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key={{ maxmind_license_key }}&suffix=tar.gz" - dest: "{{ echoip_data_dir }}/GeoLite2-Country.tar.gz" - mode: "0644" + - name: Download GeoLite2 City database + ansible.builtin.get_url: + url: "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key={{ maxmind_license_key }}&suffix=tar.gz" + dest: "{{ echoip_data_dir }}/GeoLite2-City.tar.gz" + mode: "0644" - # Extract all databases - - name: Extract GeoLite2 ASN database - ansible.builtin.unarchive: - src: "{{ echoip_data_dir }}/GeoLite2-ASN.tar.gz" - dest: "{{ echoip_data_dir }}/GeoLite2-ASN" - remote_src: true - register: asn_extracted + - name: Download GeoLite2 Country database + ansible.builtin.get_url: + url: "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key={{ maxmind_license_key }}&suffix=tar.gz" + dest: "{{ echoip_data_dir }}/GeoLite2-Country.tar.gz" + mode: "0644" - - name: Extract GeoLite2 City database - ansible.builtin.unarchive: - src: "{{ echoip_data_dir }}/GeoLite2-City.tar.gz" - dest: "{{ echoip_data_dir }}/GeoLite2-City" - remote_src: true - register: city_extracted + # Extract all databases + - name: Extract GeoLite2 ASN database + ansible.builtin.unarchive: + src: "{{ echoip_data_dir }}/GeoLite2-ASN.tar.gz" + dest: "{{ echoip_data_dir }}/GeoLite2-ASN" + remote_src: true + register: asn_extracted - - name: Extract GeoLite2 Country database - ansible.builtin.unarchive: - src: "{{ echoip_data_dir }}/GeoLite2-Country.tar.gz" - dest: "{{ echoip_data_dir }}/GeoLite2-Country" - remote_src: true - register: country_extracted + - name: Extract GeoLite2 City database + ansible.builtin.unarchive: + src: "{{ echoip_data_dir }}/GeoLite2-City.tar.gz" + dest: "{{ echoip_data_dir }}/GeoLite2-City" + remote_src: true + register: city_extracted - # Move all databases to the correct locations - - name: Move ASN database to correct location - ansible.builtin.command: - cmd: "find {{ echoip_data_dir }}/GeoLite2-ASN -name GeoLite2-ASN.mmdb -exec mv {} {{ echoip_data_dir }}/GeoLite2-ASN.mmdb \\;" - when: asn_extracted.changed + - name: Extract GeoLite2 Country database + ansible.builtin.unarchive: + src: "{{ echoip_data_dir }}/GeoLite2-Country.tar.gz" + dest: "{{ echoip_data_dir }}/GeoLite2-Country" + remote_src: true + register: country_extracted - - name: Move City database to correct location - ansible.builtin.command: - cmd: "find {{ echoip_data_dir }}/GeoLite2-City -name GeoLite2-City.mmdb -exec mv {} {{ echoip_data_dir }}/GeoLite2-City.mmdb \\;" - when: city_extracted.changed + # Move all databases to the correct locations + - name: Move ASN database to correct location + ansible.builtin.command: + cmd: "find {{ echoip_data_dir }}/GeoLite2-ASN -name GeoLite2-ASN.mmdb -exec mv {} {{ echoip_data_dir }}/GeoLite2-ASN.mmdb \\;" + when: asn_extracted.changed - - name: Move Country database to correct location - ansible.builtin.command: - cmd: "find {{ echoip_data_dir }}/GeoLite2-Country -name GeoLite2-Country.mmdb -exec mv {} {{ echoip_data_dir }}/GeoLite2-Country.mmdb \\;" - when: country_extracted.changed + - name: Move City database to correct location + ansible.builtin.command: + cmd: "find {{ echoip_data_dir }}/GeoLite2-City -name GeoLite2-City.mmdb -exec mv {} {{ echoip_data_dir }}/GeoLite2-City.mmdb \\;" + when: city_extracted.changed - # Clean up unnecessary files - - name: Remove downloaded tar.gz files - ansible.builtin.file: - path: "{{ echoip_data_dir }}/GeoLite2-ASN.tar.gz" - state: absent + - name: Move Country database to correct location + ansible.builtin.command: + cmd: "find {{ echoip_data_dir }}/GeoLite2-Country -name GeoLite2-Country.mmdb -exec mv {} {{ echoip_data_dir }}/GeoLite2-Country.mmdb \\;" + when: country_extracted.changed - - name: Remove extracted ASN folder - ansible.builtin.command: - cmd: "rm -rf {{ echoip_data_dir }}/GeoLite2-ASN" + # Clean up unnecessary files + - name: Remove downloaded tar.gz files + ansible.builtin.file: + path: "{{ echoip_data_dir }}/GeoLite2-ASN.tar.gz" + state: absent - - name: Remove downloaded City tar.gz file - ansible.builtin.file: - path: "{{ echoip_data_dir }}/GeoLite2-City.tar.gz" - state: absent + - name: Remove extracted ASN folder + ansible.builtin.command: + cmd: "rm -rf {{ echoip_data_dir }}/GeoLite2-ASN" - - name: Remove extracted City folder - ansible.builtin.command: - cmd: "rm -rf {{ echoip_data_dir }}/GeoLite2-City" + - name: Remove downloaded City tar.gz file + ansible.builtin.file: + path: "{{ echoip_data_dir }}/GeoLite2-City.tar.gz" + state: absent - - name: Remove downloaded Country tar.gz file - ansible.builtin.file: - path: "{{ echoip_data_dir }}/GeoLite2-Country.tar.gz" - state: absent + - name: Remove extracted City folder + ansible.builtin.command: + cmd: "rm -rf {{ echoip_data_dir }}/GeoLite2-City" - - name: Remove extracted Country folder - ansible.builtin.command: - cmd: "rm -rf {{ echoip_data_dir }}/GeoLite2-Country" + - name: Remove downloaded Country tar.gz file + ansible.builtin.file: + path: "{{ echoip_data_dir }}/GeoLite2-Country.tar.gz" + state: absent + + - name: Remove extracted Country folder + ansible.builtin.command: + cmd: "rm -rf {{ echoip_data_dir }}/GeoLite2-Country" + + # Update the marker file (no longer needed here, already touched before download) + when: update_needed # Deploy and restart the EchoIP service - name: Deploy EchoIP docker-compose.yml diff --git a/config/ansible/tasks/servers/services/privatebin/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/privatebin/docker-compose.yml.j2 index 3908c5b..8fc7f20 100644 --- a/config/ansible/tasks/servers/services/privatebin/docker-compose.yml.j2 +++ b/config/ansible/tasks/servers/services/privatebin/docker-compose.yml.j2 @@ -5,6 +5,8 @@ services: restart: always read_only: true user: "1000:1000" + ports: + - "8585:8080" environment: - PUID=1000 - PGID=1000