feat: add Hoarder service deployment with Docker Compose and 1Password integration

2025-03-11 20:16:36 +01:00 · 2025-03-11 20:16:36 +01:00 · 18ef12d9b3
commit 18ef12d9b3
parent db5e18f453
3 changed files with 101 additions and 2 deletions
--- a/config/ansible/plugins/lookup/onepassword.py
+++ b/config/ansible/plugins/lookup/onepassword.py
@ -11,7 +11,7 @@ DOCUMENTATION = """
    options:
        item:
            description: the item to fetch
-            required: true
+            required: false
        field:
            description: the field to fetch from the item
            required: false
@ -23,6 +23,9 @@ DOCUMENTATION = """
            description: whether to reveal concealed fields
            required: false
            default: true
+        ref:
+            description: full 1Password reference (op://vault/item/field)
+            required: false
 """

 EXAMPLES = """
@ -33,6 +36,10 @@ EXAMPLES = """
 - name: fetch password from specific vault
  debug:
    msg: "{{ lookup('onepassword', 'xxxx', field='password', vault='xxxx') }}"
+    
+- name: fetch using full reference
+  debug:
+    msg: "{{ lookup('onepassword', ref='op://vault/item/field') }}"
 """

 RETURN = """
@ -49,8 +56,34 @@ display = Display()

 class LookupModule(LookupBase):
    def run(self, terms, variables=None, **kwargs):
+        ref = kwargs.get('ref')
+        
+        if ref:
+            # If ref is provided, use op read command
+            cmd = ['op', 'read', ref]
+            display.vvv(f"Executing command with reference: {' '.join(cmd)}")
+            
+            try:
+                result = subprocess.run(
+                    cmd,
+                    capture_output=True,
+                    text=True,
+                    check=True
+                )
+                return [result.stdout.strip()]
+            except subprocess.CalledProcessError as e:
+                error_msg = e.stderr.strip()
+                display.warning(f"Error executing 1Password CLI: {error_msg}")
+                display.warning(f"Command used: {' '.join(cmd)}")
+                
+                if "not found" in error_msg:
+                    return [f"Secret referenced by '{ref}' not found in 1Password"]
+                
+                raise AnsibleError(f"Error fetching from 1Password: {error_msg}")
+        
+        # If no ref is provided, fall back to the original behavior
        if len(terms) != 1:
-            raise AnsibleError("onepassword lookup expects exactly one argument")
+            raise AnsibleError("onepassword lookup expects exactly one argument when not using ref parameter")
        
        item = terms[0]
        field = kwargs.get('field', 'password')
--- a/config/ansible/tasks/servers/services/hoarder/docker-compose.yml.j2
+++ b/config/ansible/tasks/servers/services/hoarder/docker-compose.yml.j2
@ -0,0 +1,37 @@
+services:
+  web:
+    image: ghcr.io/hoarder-app/hoarder:${HOARDER_VERSION:-release}
+    restart: unless-stopped
+    volumes:
+      - {{ hoarder_data_dir }}/hoarder:/data
+    ports:
+      - 3500:3000
+    env_file:
+      - .env
+    environment:
+      MEILI_ADDR: http://meilisearch:7700
+      BROWSER_WEB_URL: http://chrome:9222
+      OPENAI_API_KEY: {{ lookup('onepassword', ref="op://j7nmhqlsjmp2r6umly5t75hzb4/Hoarder/OPENAI_API_KEY") }}
+      DATA_DIR: /data
+
+  chrome:
+    image: zenika/alpine-chrome:124
+    restart: unless-stopped
+    command:
+      - --no-sandbox
+      - --disable-gpu
+      - --disable-dev-shm-usage
+      - --remote-debugging-address=0.0.0.0
+      - --remote-debugging-port=9222
+      - --hide-scrollbars
+
+  meilisearch:
+    image: getmeili/meilisearch:v1.11.1
+    restart: unless-stopped
+    env_file:
+      - .env
+    environment:
+      MEILI_NO_ANALYTICS: "true"
+    volumes:
+      - {{ hoarder_data_dir }}/meilisearch:/meili_data
+
--- a/config/ansible/tasks/servers/services/hoarder/hoarder.yml
+++ b/config/ansible/tasks/servers/services/hoarder/hoarder.yml
@ -0,0 +1,29 @@
+- name: Deploy Hoarder service
+  block:
+    - name: Set Hoarder data directory
+      ansible.builtin.set_fact:
+        hoarder_data_dir: "/mnt/storage-box/services/hoarder"
+
+    - name: Set Hoarder service directory
+      ansible.builtin.set_fact:
+        hoarder_service_dir: "{{ ansible_env.HOME }}/services/hoarder"
+
+    - name: Create Hoarder directories
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        mode: "0755"
+      loop:
+        - "{{ hoarder_data_dir }}"
+        - "{{ hoarder_service_dir }}"
+
+    - name: Deploy Hoarder docker-compose.yml
+      ansible.builtin.template:
+        src: docker-compose.yml.j2
+        dest: "{{ hoarder_service_dir }}/docker-compose.yml"
+        mode: "0644"
+      register: hoarder_compose
+
+    - name: Start Hoarder service
+      ansible.builtin.command: docker compose -f "{{ hoarder_service_dir }}/docker-compose.yml" up -d
+      when: hoarder_compose.changed