-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcontainer.yaml
211 lines (197 loc) · 6.65 KB
/
container.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
---
- name: Manage containers
hosts: containerhost
gather_facts: yes
pre_tasks:
- name: Create data directories
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: root
group: root
loop:
- /opt/wakapi/data
- /opt/ocap/records
- /opt/ocap/maps
- /opt/ocap/database
- /opt/reforger/configs
- /opt/reforger/profile
- /opt/reforger/addons
- /opt/reforger/installation
- /opt/reforger/installation/Configs
- name: Create wiki-js directory
ansible.builtin.file:
path: /opt/wiki-js
state: directory
owner: 1000
group: 1000
- name: Create arma-notifier env file
ansible.builtin.template:
src: files/containers/arma-notifier-env.j2
dest: "/etc/arma-notifier-env"
mode: "0400"
vars:
token: "{{ secrets['arma-notifier'] }}"
- name: Create reforger config file
ansible.builtin.template:
src: files/containers/reforger-config.json.j2
dest: "/opt/reforger/installation/Configs/config.json"
mode: "0400"
roles:
- chasinglogic.podman
vars:
ufw_apps:
- { file: reforger, app: ArmaReforger }
operationbot_workdir: /srv/operationbot/operationbot
reforger:
server_public_address: "{{ ansible_enp41s0.ipv4.address }}"
game_name: "Zeusops Reforger"
mods: "606B100247F5C709,5B3ED33ADA805340,5F2944B7474F043F,5965550F24A0C152,595F2BF2F44836FB,5964E0B3BB7410CE,5AB890B71D748750,5AB301290317994A,5ABD0CB57F7E9EB1,612C75A42442AB1F"
rcon_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
31376632353863333039383965623832613363346132633730663337373761376164633436393661
6538343230316236663930613438626461316265393430300a636266383633323165646164613931
37643038383334636337663664663332666530353035393861653934373535613232643439356161
3465386339323738340a616233363335323030366561383336383132386435316437393439343133
38386539653865333331633633343763343164623838303363333031613963363762
game_password: zeusops
port: 2001
rcon_port: 19999
a2s_port: 17777
secrets:
ocap: !vault |
$ANSIBLE_VAULT;1.1;AES256
36313935633535373862303964376531356132613635646332353237636365373631643063393363
3166313962633130383761353534303664623836333230630a373633396262646333343564363663
61316336356261356539333635613535363966343836633966363861616466616336653730313237
3133396663656565310a373831646135393861663962393533643166326435616563383532366264
6166
arma-notifier: !vault |
$ANSIBLE_VAULT;1.1;AES256
38323232653661663530373530333531333639613261613630356166363134623135323337373561
3631376239313938623930333234646363653765633766310a376335316364616436663938313631
35643063316238363863666634303832663464643930356330636163613039623930653532383963
3663653230643232340a646635663566393436396538666635396331663465363539303237386164
62343835303531613964363761363733396161376430366335373632383030353437646434326239
31663065613361323665346139343964393963646265383032333839653535323963663730643465
38326433656662323265353263633830313435326439623135623839393036353233303862633362
61376632303765316633
podman_services:
- image_name: n1try/wakapi
description: Wakapi server
publish:
- 127.0.0.1:3100:3000
volumes:
- /opt/wakapi/data:/data
service_name: wakapi
install:
wanted_by:
- network.target
timeout_start_sec: 1m
- image_name: ghcr.io/ocap2/web
service_name: ocap
description: OCAP server
publish:
- 127.0.0.1:5000:5000
volumes:
- /opt/ocap/records:/var/lib/ocap/data
- /opt/ocap/maps:/var/lib/ocap/maps
- /opt/ocap/database:/var/lib/ocap/db
env_vars:
- "OCAP_SECRET={{ secrets['ocap'] }}"
install:
wanted_by:
- network.target
timeout_start_sec: 1m
- image_name: docker.io/gehock/arma-notifier
image_tag: v0.3.3
service_name: arma-notifier
description: Arma notifier
volumes:
- /etc/arma-notifier-env:/.env
install:
wanted_by:
- network.target
timeout_start_sec: 1m
state: stopped
enabled: false
restart: "no"
- image_name: docker.io/gehock/operationbot
image_tag: v0.50.1
service_name: operationbot
description: Operation Bot
volumes:
- "{{ operationbot_workdir }}/database:/app/database"
- "{{ operationbot_workdir }}/secret.py:/app/secret.py"
# Using the default config currently, no need to mount
# - "{{ operationbot_workdir }}/config.py:/app/config.py"
install:
wanted_by:
- network.target
timeout_start_sec: 1m
- image_name: ghcr.io/requarks/wiki
image_tag: 2.5.300
service_name: wiki-js
description: Wiki.js
volumes:
- "/opt/wiki-js:/data"
env_vars:
- DB_TYPE=sqlite
- DB_FILEPATH=/data/wiki-js.db
publish:
- 3101:3000
install:
wanted_by:
- network.target
timeout_start_sec: 1m
- image_name: ghcr.io/gehock/arma-reforger
image_tag: latest
service_name: reforger
description: Arma Reforger
volumes:
# TODO: make dynamic based on a dictionary in vars
#- /opt/reforger/configs:/reforger/Configs
- /opt/reforger/profile:/home/profile
- /opt/reforger/installation:/reforger
env_vars:
- "SKIP_INSTALL=true"
- "ARMA_CONFIG=config.json"
publish:
- "2001:2001/udp"
- "17777:17777/udp"
- "19999:19999/udp" # RCON
network: host
- image_name: ghcr.io/gehock/arma-reforger
image_tag: latest
service_name: reforger-update-server
description: Arma Reforger (download server update)
volumes:
# TODO: make dynamic based on a dictionary in vars
#- /opt/reforger/configs:/reforger/Configs
- /opt/reforger/profile:/home/profile
- /opt/reforger/installation:/reforger
env_vars:
- "SKIP_INSTALL=false"
- "ARMA_CONFIG=config.json"
publish:
- "2001:2001/udp"
- "17777:17777/udp"
- "19999:19999/udp" # RCON
network: host
state: stopped
enabled: false
restart: "no"
# Don't run `apt upgrade` every time something changes
podman_upgrade_system: no
tasks:
# TODO: move into a role
- name: Install UFW apps
ansible.builtin.copy:
src: "files/ufw/applications.d/{{ item.file }}"
dest: "/etc/ufw/applications.d/{{ item.file }}"
loop: "{{ ufw_apps }}"
- name: Enable UFW rules
community.general.ufw:
rule: allow
name: "{{ item.app }}"
loop: "{{ ufw_apps }}"