chore: update ansible version to 2.17

Also, check Docker build
ferrarimarco · Sep 7, 2024 · 9010b94 · 9010b94
1 parent eae0391
commit 9010b94
Show file tree

Hide file tree

Showing 11 changed files with 72 additions and 45 deletions.
diff --git a/.github/workflows/build-container-images.yaml b/.github/workflows/build-container-images.yaml
@@ -31,6 +31,20 @@ jobs:
       - uses: actions/checkout@v4
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
+      - name: Validate Docker build configuration
+        shell: bash
+        run: |
+          DOCKER_BUILD_COMMAND=(docker buildx build --check)
+
+          if [[ -n "${{ matrix.container-images.build-contexts }}" ]]; then
+            # TODO: add more parsing logic if there's more than one build context
+            # xargs trims the string
+            DOCKER_BUILD_COMMAND+=(--build-context="$(xargs echo "${{ matrix.container-images.build-contexts }}")")
+          fi
+
+          DOCKER_BUILD_COMMAND+=("${{ matrix.container-images.context-directory }}")
+          echo "Running: ${DOCKER_BUILD_COMMAND[*]}"
+          "${DOCKER_BUILD_COMMAND[@]}"
       - name: Extract metadata (tags, labels) for Docker
         id: meta
         uses: docker/[email protected]

diff --git a/config/ansible/roles/ferrarimarco_home_lab_boot_bare_metal/meta/main.yaml b/config/ansible/roles/ferrarimarco_home_lab_boot_bare_metal/meta/main.yaml
@@ -4,7 +4,7 @@ galaxy_info:
   description: |
     Role to boot bare metal nodes in my home lab.
   license: MIT
-  min_ansible_version: "2.13"
+  min_ansible_version: "2.17.3"
   platforms:
     - name: Debian
       versions:

diff --git a/config/ansible/roles/ferrarimarco_home_lab_bootstrap/meta/main.yaml b/config/ansible/roles/ferrarimarco_home_lab_bootstrap/meta/main.yaml
@@ -7,7 +7,7 @@ galaxy_info:
     processes so that hosts that are part of the lab can automatically
     configure themselves.
   license: MIT
-  min_ansible_version: "2.13"
+  min_ansible_version: "2.17.3"
   platforms:
     - name: Debian
       versions:

diff --git a/config/ansible/roles/ferrarimarco_home_lab_coral/meta/main.yaml b/config/ansible/roles/ferrarimarco_home_lab_coral/meta/main.yaml
@@ -4,7 +4,7 @@ galaxy_info:
   description: |
     Role to configure Coral Edge TPUs.
   license: MIT
-  min_ansible_version: "2.13"
+  min_ansible_version: "2.17.3"
   platforms:
     - name: Debian
       versions:

diff --git a/...nsible/roles/ferrarimarco_home_lab_node/files/config/dependency-updates-helper/Dockerfile b/...nsible/roles/ferrarimarco_home_lab_node/files/config/dependency-updates-helper/Dockerfile
@@ -3,47 +3,47 @@
 # We then fetch these identifiers for use in templates.
 
 # backup
-FROM ngosang/restic-exporter:1.5.0 as restic-exporter
+FROM ngosang/restic-exporter:1.5.0 AS restic-exporter
 
 # frigate
-FROM ghcr.io/blakeblackshear/frigate:0.13.2 as frigate
+FROM ghcr.io/blakeblackshear/frigate:0.13.2 AS frigate
 
 # home-assistant
-FROM ghcr.io/home-assistant/home-assistant:2024.6.4 as home-assistant
+FROM ghcr.io/home-assistant/home-assistant:2024.6.4 AS home-assistant
 
 # media-stack
-FROM jellyfin/jellyfin:10.9.9.20240805-020219 as jellyfin
-FROM fallenbagel/jellyseerr:1.9.2 as jellyseerr
-FROM ghcr.io/flaresolverr/flaresolverr:v3.3.21 as flaresolverr
-FROM lscr.io/linuxserver/lidarr:2.3.3 as lidarr
-FROM lscr.io/linuxserver/prowlarr:1.18.0 as prowlarr
-FROM lscr.io/linuxserver/radarr:5.8.3 as radarr
-FROM lscr.io/linuxserver/readarr:0.3.32-nightly as readarr
-FROM lscr.io/linuxserver/sonarr:4.0.8 as sonarr
+FROM jellyfin/jellyfin:10.9.9.20240805-020219 AS jellyfin
+FROM fallenbagel/jellyseerr:1.9.2 AS jellyseerr
+FROM ghcr.io/flaresolverr/flaresolverr:v3.3.21 AS flaresolverr
+FROM lscr.io/linuxserver/lidarr:2.3.3 AS lidarr
+FROM lscr.io/linuxserver/prowlarr:1.18.0 AS prowlarr
+FROM lscr.io/linuxserver/radarr:5.8.3 AS radarr
+FROM lscr.io/linuxserver/readarr:0.3.32-nightly AS readarr
+FROM lscr.io/linuxserver/sonarr:4.0.8 AS sonarr
 
 # monitoring
-FROM gcr.io/cadvisor/cadvisor:v0.49.1 as cadvisor
-FROM ghcr.io/druggeri/nut_exporter:3.1.1 as nut-exporter
-FROM prom/blackbox-exporter:v0.25.0 as prometheus-blackbox-exporter
-FROM prom/prometheus:v2.52.0 as prometheus
-FROM quay.io/prometheus/node-exporter:v1.8.2 as prometheus-node-exporter
+FROM gcr.io/cadvisor/cadvisor:v0.49.1 AS cadvisor
+FROM ghcr.io/druggeri/nut_exporter:3.1.1 AS nut-exporter
+FROM prom/blackbox-exporter:v0.25.0 AS prometheus-blackbox-exporter
+FROM prom/prometheus:v2.52.0 AS prometheus
+FROM quay.io/prometheus/node-exporter:v1.8.2 AS prometheus-node-exporter
 
 # monitoring-backend
-FROM grafana/grafana-oss:10.4.3 as grafana
+FROM grafana/grafana-oss:10.4.3 AS grafana
 
 # mosquitto
-FROM eclipse-mosquitto:2.0.18-openssl as mosquitto
+FROM eclipse-mosquitto:2.0.18-openssl AS mosquitto
 
 # network-stack
-FROM klutchell/unbound:1.20.0 as unbound
-FROM coredns/coredns:1.11.3 as coredns
-FROM traefik:3.0.4 as traefik
+FROM klutchell/unbound:1.20.0 AS unbound
+FROM coredns/coredns:1.11.3 AS coredns
+FROM traefik:3.0.4 AS traefik
 
 # syncthing
-FROM syncthing/syncthing:1.27.10 as syncthing
+FROM syncthing/syncthing:1.27.10 AS syncthing
 
 # torrent
-FROM linuxserver/qbittorrent:4.6.6 as qbittorrent
+FROM linuxserver/qbittorrent:4.6.6 AS qbittorrent
 
 # zigbee2mqtt
-FROM koenkk/zigbee2mqtt:1.37.1 as zigbee2mqtt
+FROM koenkk/zigbee2mqtt:1.37.1 AS zigbee2mqtt
diff --git a/config/ansible/roles/ferrarimarco_home_lab_node/meta/main.yaml b/config/ansible/roles/ferrarimarco_home_lab_node/meta/main.yaml
@@ -3,7 +3,7 @@ galaxy_info:
   author: https://github.com/ferrarimarco
   description: Role to configure Home Lab nodes
   license: MIT
-  min_ansible_version: "2.13"
+  min_ansible_version: "2.17.3"
   platforms:
     - name: Debian
       versions:

diff --git a/config/ansible/roles/ferrarimarco_home_lab_node/vars/restic-stack.yaml b/config/ansible/roles/ferrarimarco_home_lab_node/vars/restic-stack.yaml
@@ -14,15 +14,7 @@ restic_default_backup_jobs:
         container_mount_destination_directory: "{{ home_lab_runtime_directory_path }}"
     job_name: "{{ restic_backup_workloads_job_name }}"
     job_schedule: "01:00:00"
-    restic_forget_policy:
-      # Keep daily snapshots for the last week
-      - --keep-within-daily 7d
-      # Keep weekly snapshots for the last month
-      - --keep-within-weekly 1m
-      # Keep monthly snapshots for the last year
-      - --keep-within-monthly 1y
-      # Keep yearly snapshots for the last 10 years
-      - --keep-within-yearly 10y
+    restic_forget_policy: "{{ restic_forget_policies.daily_7_days }}"
     # In seconds
     restic_monitoring_refresh_interval: 43200
     restic_prometheus_exporter_port: 9300
@@ -57,3 +49,17 @@ restic_templates_to_render:
     # This file may contain secrets, so we want to restrict access to the owner and group only
     # (defaults to root:root)
     mode: "0640"
+
+restic_forget_policies:
+  daily_7_days:
+    # Keep daily snapshots for the last week
+    - --keep-within-daily 7d
+  default:
+    # Keep daily snapshots for the last week
+    - --keep-within-daily 7d
+    # Keep weekly snapshots for the last month
+    - --keep-within-weekly 1m
+    # Keep monthly snapshots for the last year
+    - --keep-within-monthly 1y
+    # Keep yearly snapshots for the last 10 years
+    - --keep-within-yearly 10y
diff --git a/config/ansible/roles/ferrarimarco_home_lab_proxmox/meta/main.yaml b/config/ansible/roles/ferrarimarco_home_lab_proxmox/meta/main.yaml
@@ -4,7 +4,7 @@ galaxy_info:
   description: |
     Role to configure Proxmox nodes in my lab.
   license: MIT
-  min_ansible_version: "2.13"
+  min_ansible_version: "2.17.3"
   platforms:
     - name: Debian
       versions:

diff --git a/docker/ansible/Dockerfile b/docker/ansible/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.13.0rc1-bookworm as ansible
+FROM python:3.13.0rc1-bookworm AS ansible
 
 ENV PYTHONFAULTHANDLER=1 \
   PYTHONHASHSEED=random \
@@ -29,7 +29,7 @@ COPY --from=ansible-configuration requirements.yml /etc/ansible/requirements.yml
 RUN ansible-galaxy install -r /etc/ansible/requirements.yml \
   && rm /etc/ansible/requirements.yml
 
-FROM ansible as molecule
+FROM ansible AS molecule
 
 SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
 

diff --git a/docker/release-please-commitlint/Dockerfile b/docker/release-please-commitlint/Dockerfile
@@ -18,15 +18,14 @@ RUN npm ci \
 ENV NODE_PATH="${APP_DIR}/node_modules"
 ENV PATH="${NODE_PATH}/.bin:${PATH}"
 
-# Split this from the previous RUN instruction so we can cache the costly installation step
-# hadolint ignore=DL3059
 RUN commitlint --version \
-  && release-please --version \
-  && git config --global --add safe.directory /source-repository
+  && release-please --version
 
 ARG USERNAME=home-lab-dev
 ARG UID=1000
 ARG GID=1000
 RUN groupadd -g ${GID} -o "${USERNAME}" \
   && useradd -m -u ${UID} -g ${GID} -o -s /bin/bash -l "${USERNAME}"
-USER $UNAME
+USER $USERNAME
+
+RUN git config --global --add safe.directory /source-repository
diff --git a/docs/guides/useful-linux-admin-commands.md b/docs/guides/useful-linux-admin-commands.md
@@ -12,3 +12,11 @@
 
 - Get the list of open ports on a system (with superuser privileges, it also
   returns process information): `sudo netstat -nlp`
+
+## Restic
+
+- Open a shell in the Restic container:
+
+  ```sh
+  sudo docker compose --file /etc/ferrarimarco-home-lab/restic/compose.yaml run --build --interactive --rm --entrypoint /bin/bash restic-backup-workloads
+  ```