too much stuff

2025-12-01 11:16:47 +01:00 · 2025-12-01 11:16:47 +01:00 · 6a43132bc8
commit 6a43132bc8
parent fbbeb59c0e
25 changed files with 167 additions and 69 deletions
--- a/ansible/services/caddy_playbook.yml
+++ b/ansible/services/caddy_playbook.yml
@ -1,5 +1,5 @@
 - name: Install and configure Caddy on Debian 12
-  hosts: vipy,watchtower,spacey
+  hosts: vps
  become: yes

  tasks:
--- a/ansible/services/forgejo/forgejo_vars.yml
+++ b/ansible/services/forgejo/forgejo_vars.yml
@ -12,9 +12,11 @@ forgejo_user: "git"
 # (caddy_sites_dir and subdomain now in services_config.yml)

 # Remote access
-remote_host: "{{ groups['vipy'][0] }}"
-remote_user: "{{ hostvars[remote_host]['ansible_user'] }}"
-remote_key_file: "{{ hostvars[remote_host]['ansible_ssh_private_key_file'] | default('') }}"
+remote_host_name: "vipy"
+remote_host: "{{ hostvars.get(remote_host_name, {}).get('ansible_host', remote_host_name) }}"
+remote_user: "{{ hostvars.get(remote_host_name, {}).get('ansible_user', 'counterweight') }}"
+remote_key_file: "{{ hostvars.get(remote_host_name, {}).get('ansible_ssh_private_key_file', '') }}"
+remote_port: "{{ hostvars.get(remote_host_name, {}).get('ansible_port', 22) }}"

 # Local backup
 local_backup_dir: "{{ lookup('env', 'HOME') }}/forgejo-backups"
--- a/ansible/services/forgejo/setup_backup_forgejo_to_lapy.yml
+++ b/ansible/services/forgejo/setup_backup_forgejo_to_lapy.yml
@ -53,9 +53,9 @@
          ENCRYPTED_BACKUP="{{ local_backup_dir }}/forgejo-backup-$TIMESTAMP.tar.gz.gpg"

          {% if remote_key_file %}
-          SSH_CMD="ssh -i {{ remote_key_file }} -p {{ hostvars[remote_host]['ansible_port'] | default(22) }}"
+          SSH_CMD="ssh -i {{ remote_key_file }} -p {{ remote_port }}"
          {% else %}
-          SSH_CMD="ssh -p {{ hostvars[remote_host]['ansible_port'] | default(22) }}"
+          SSH_CMD="ssh -p {{ remote_port }}"
          {% endif %}

          echo "Stopping Forgejo service..."
--- a/ansible/services/headscale/headscale_vars.yml
+++ b/ansible/services/headscale/headscale_vars.yml
@ -13,9 +13,11 @@ headscale_data_dir: /var/lib/headscale
 # Namespace now configured in services_config.yml under service_settings.headscale.namespace

 # Remote access
-remote_host: "{{ groups['spacey'][0] }}"
-remote_user: "{{ hostvars[remote_host]['ansible_user'] }}"
-remote_key_file: "{{ hostvars[remote_host]['ansible_ssh_private_key_file'] | default('') }}"
+remote_host_name: "spacey"
+remote_host: "{{ hostvars.get(remote_host_name, {}).get('ansible_host', remote_host_name) }}"
+remote_user: "{{ hostvars.get(remote_host_name, {}).get('ansible_user', 'counterweight') }}"
+remote_key_file: "{{ hostvars.get(remote_host_name, {}).get('ansible_ssh_private_key_file', '') }}"
+remote_port: "{{ hostvars.get(remote_host_name, {}).get('ansible_port', 22) }}"

 # Local backup
 local_backup_dir: "{{ lookup('env', 'HOME') }}/headscale-backups"
--- a/ansible/services/headscale/setup_backup_headscale_to_lapy.yml
+++ b/ansible/services/headscale/setup_backup_headscale_to_lapy.yml
@ -43,9 +43,9 @@
          mkdir -p "$BACKUP_DIR"

          {% if remote_key_file %}
-          SSH_CMD="ssh -i {{ remote_key_file }} -p {{ hostvars[remote_host]['ansible_port'] | default(22) }}"
+          SSH_CMD="ssh -i {{ remote_key_file }} -p {{ remote_port }}"
          {% else %}
-          SSH_CMD="ssh -p {{ hostvars[remote_host]['ansible_port'] | default(22) }}"
+          SSH_CMD="ssh -p {{ remote_port }}"
          {% endif %}

          # Stop headscale service for consistent backup
--- a/ansible/services/lnbits/lnbits_vars.yml
+++ b/ansible/services/lnbits/lnbits_vars.yml
@ -6,9 +6,11 @@ lnbits_port: 8765
 # (caddy_sites_dir and subdomain now in services_config.yml)

 # Remote access
-remote_host: "{{ groups['vipy'][0] }}"
-remote_user: "{{ hostvars[remote_host]['ansible_user'] }}"
-remote_key_file: "{{ hostvars[remote_host]['ansible_ssh_private_key_file'] | default('') }}"
+remote_host_name: "vipy"
+remote_host: "{{ hostvars.get(remote_host_name, {}).get('ansible_host', remote_host_name) }}"
+remote_user: "{{ hostvars.get(remote_host_name, {}).get('ansible_user', 'counterweight') }}"
+remote_key_file: "{{ hostvars.get(remote_host_name, {}).get('ansible_ssh_private_key_file', '') }}"
+remote_port: "{{ hostvars.get(remote_host_name, {}).get('ansible_port', 22) }}"

 # Local backup
 local_backup_dir: "{{ lookup('env', 'HOME') }}/lnbits-backups"
--- a/ansible/services/lnbits/setup_backup_lnbits_to_lapy.yml
+++ b/ansible/services/lnbits/setup_backup_lnbits_to_lapy.yml
@ -45,9 +45,9 @@
          ENCRYPTED_BACKUP="{{ local_backup_dir }}/lnbits-backup-$TIMESTAMP.tar.gz.gpg"

          {% if remote_key_file %}
-          SSH_CMD="ssh -i {{ remote_key_file }} -p {{ hostvars[remote_host]['ansible_port'] | default(22) }}"
+          SSH_CMD="ssh -i {{ remote_key_file }} -p {{ remote_port }}"
          {% else %}
-          SSH_CMD="ssh -p {{ hostvars[remote_host]['ansible_port'] | default(22) }}"
+          SSH_CMD="ssh -p {{ remote_port }}"
          {% endif %}

          # Stop LNBits service before backup
--- a/ansible/services/memos/memos_vars.yml
+++ b/ansible/services/memos/memos_vars.yml
@ -5,9 +5,11 @@ memos_port: 5230
 # (caddy_sites_dir and subdomain now in services_config.yml)

 # Remote access
-remote_host: "{{ groups['memos_box'][0] }}"
-remote_user: "{{ hostvars[remote_host]['ansible_user'] }}"
-remote_key_file: "{{ hostvars[remote_host]['ansible_ssh_private_key_file'] | default('') }}"
+remote_host_name: "memos-box"
+remote_host: "{{ hostvars.get(remote_host_name, {}).get('ansible_host', remote_host_name) }}"
+remote_user: "{{ hostvars.get(remote_host_name, {}).get('ansible_user', 'counterweight') }}"
+remote_key_file: "{{ hostvars.get(remote_host_name, {}).get('ansible_ssh_private_key_file', '') }}"
+remote_port: "{{ hostvars.get(remote_host_name, {}).get('ansible_port', 22) }}"

 # Local backup
 local_backup_dir: "{{ lookup('env', 'HOME') }}/memos-backups"
--- a/ansible/services/ntfy-emergency-app/ntfy_emergency_app_vars.yml
+++ b/ansible/services/ntfy-emergency-app/ntfy_emergency_app_vars.yml
@ -9,6 +9,8 @@ ntfy_emergency_app_topic: "emergencia"
 ntfy_emergency_app_ui_message: "Leave Pablo a message, he will respond as soon as possible"

 # Remote access
-remote_host: "{{ groups['vipy'][0] }}"
-remote_user: "{{ hostvars[remote_host]['ansible_user'] }}"
-remote_key_file: "{{ hostvars[remote_host]['ansible_ssh_private_key_file'] | default('') }}"
+remote_host_name: "vipy"
+remote_host: "{{ hostvars.get(remote_host_name, {}).get('ansible_host', remote_host_name) }}"
+remote_user: "{{ hostvars.get(remote_host_name, {}).get('ansible_user', 'counterweight') }}"
+remote_key_file: "{{ hostvars.get(remote_host_name, {}).get('ansible_ssh_private_key_file', '') }}"
+remote_port: "{{ hostvars.get(remote_host_name, {}).get('ansible_port', 22) }}"
--- a/ansible/services/ntfy/deploy_ntfy_playbook.yml
+++ b/ansible/services/ntfy/deploy_ntfy_playbook.yml
@ -3,6 +3,7 @@
  become: yes
  vars_files:
    - ../../infra_vars.yml
+    - ../../infra_secrets.yml
    - ../../services_config.yml
    - ./ntfy_vars.yml
  vars:
@ -73,7 +74,7 @@
    
    - name: Create ntfy admin user
      shell: |
-        (echo "{{ lookup('env', 'NTFY_PASSWORD') }}"; echo "{{ lookup('env', 'NTFY_PASSWORD') }}") | ntfy user add --role=admin "{{ lookup('env', 'NTFY_USER') }}"
+        (echo "{{ ntfy_password }}"; echo "{{ ntfy_password }}") | ntfy user add --role=admin "{{ ntfy_username }}"

    - name: Ensure Caddy sites-enabled directory exists
      file:
--- a/ansible/services/uptime_kuma/setup_backup_uptime_kuma_to_lapy.yml
+++ b/ansible/services/uptime_kuma/setup_backup_uptime_kuma_to_lapy.yml
@ -43,15 +43,24 @@
          mkdir -p "$BACKUP_DIR"

          {% if remote_key_file %}
-          SSH_CMD="ssh -i {{ remote_key_file }} -p {{ hostvars[remote_host]['ansible_port'] | default(22) }}"
+          SSH_CMD="ssh -i {{ remote_key_file }} -p {{ remote_port }}"
          {% else %}
-          SSH_CMD="ssh -p {{ hostvars[remote_host]['ansible_port'] | default(22) }}"
+          SSH_CMD="ssh -p {{ remote_port }}"
          {% endif %}

          rsync -az -e "$SSH_CMD" --delete {{ remote_user }}@{{ remote_host }}:{{ remote_data_path }}/ "$BACKUP_DIR/"

          # Rotate old backups (keep 14 days)
-          find "{{ local_backup_dir }}" -maxdepth 1 -type d -name '20*' -mtime +13 -exec rm -rf {} \;
+          # Calculate cutoff date (14 days ago) and delete backups older than that
+          CUTOFF_DATE=$(date -d '14 days ago' +'%Y-%m-%d')
+          for dir in "{{ local_backup_dir }}"/20*; do
+            if [ -d "$dir" ]; then
+              dir_date=$(basename "$dir")
+              if [ "$dir_date" != "$TIMESTAMP" ] && [ "$dir_date" \< "$CUTOFF_DATE" ]; then
+                rm -rf "$dir"
+              fi
+            fi
+          done

    - name: Ensure cronjob for backup exists
      cron:
@ -63,3 +72,36 @@

    - name: Run the backup script to make the first backup
      command: "{{ backup_script_path }}"
+
+    - name: Verify backup was created
+      block:
+        - name: Get today's date
+          command: date +'%Y-%m-%d'
+          register: today_date
+          changed_when: false
+
+        - name: Check backup directory exists and contains files
+          stat:
+            path: "{{ local_backup_dir }}/{{ today_date.stdout }}"
+          register: backup_dir_stat
+
+        - name: Verify backup directory exists
+          assert:
+            that:
+              - backup_dir_stat.stat.exists
+              - backup_dir_stat.stat.isdir
+            fail_msg: "Backup directory {{ local_backup_dir }}/{{ today_date.stdout }} was not created"
+            success_msg: "Backup directory {{ local_backup_dir }}/{{ today_date.stdout }} exists"
+
+        - name: Check if backup directory contains files
+          find:
+            paths: "{{ local_backup_dir }}/{{ today_date.stdout }}"
+            recurse: yes
+          register: backup_files
+
+        - name: Verify backup directory is not empty
+          assert:
+            that:
+              - backup_files.files | length > 0
+            fail_msg: "Backup directory {{ local_backup_dir }}/{{ today_date.stdout }} exists but is empty"
+            success_msg: "Backup directory contains {{ backup_files.files | length }} file(s)"
--- a/ansible/services/uptime_kuma/uptime_kuma_vars.yml
+++ b/ansible/services/uptime_kuma/uptime_kuma_vars.yml
@ -3,12 +3,12 @@ uptime_kuma_dir: /opt/uptime-kuma
 uptime_kuma_data_dir: "{{ uptime_kuma_dir }}/data"
 uptime_kuma_port: 3001

-# (caddy_sites_dir and subdomain now in services_config.yml)
-
 # Remote access
-remote_host: "{{ groups['watchtower'][0] }}"
-remote_user: "{{ hostvars[remote_host]['ansible_user'] }}"
-remote_key_file: "{{ hostvars[remote_host]['ansible_ssh_private_key_file'] | default('') }}"
+remote_host_name: "watchtower"
+remote_host: "{{ hostvars.get(remote_host_name, {}).get('ansible_host', remote_host_name) }}"
+remote_user: "{{ hostvars.get(remote_host_name, {}).get('ansible_user', 'counterweight') }}"
+remote_key_file: "{{ hostvars.get(remote_host_name, {}).get('ansible_ssh_private_key_file', '') }}"
+remote_port: "{{ hostvars.get(remote_host_name, {}).get('ansible_port', 22) }}"

 # Local backup
 local_backup_dir: "{{ lookup('env', 'HOME') }}/uptime-kuma-backups"
--- a/ansible/services/vaultwarden/deploy_vaultwarden_playbook.yml
+++ b/ansible/services/vaultwarden/deploy_vaultwarden_playbook.yml
@ -119,6 +119,7 @@
        content: |
          #!/usr/bin/env python3
          import sys
+          import traceback
          import yaml
          from uptime_kuma_api import UptimeKumaApi, MonitorType
          
@ -183,7 +184,9 @@
              print("SUCCESS")
              
          except Exception as e:
-              print(f"ERROR: {str(e)}", file=sys.stderr)
+              error_msg = str(e) if str(e) else repr(e)
+              print(f"ERROR: {error_msg}", file=sys.stderr)
+              traceback.print_exc(file=sys.stderr)
              sys.exit(1)
        mode: '0755'

--- a/ansible/services/vaultwarden/setup_backup_vaultwarden_to_lapy.yml
+++ b/ansible/services/vaultwarden/setup_backup_vaultwarden_to_lapy.yml
@ -41,15 +41,24 @@
          mkdir -p "$BACKUP_DIR"

          {% if remote_key_file %}
-          SSH_CMD="ssh -i {{ remote_key_file }} -p {{ hostvars[remote_host]['ansible_port'] | default(22) }}"
+          SSH_CMD="ssh -i {{ remote_key_file }} -p {{ remote_port }}"
          {% else %}
-          SSH_CMD="ssh -p {{ hostvars[remote_host]['ansible_port'] | default(22) }}"
+          SSH_CMD="ssh -p {{ remote_port }}"
          {% endif %}

          rsync -az -e "$SSH_CMD" --delete {{ remote_user }}@{{ remote_host }}:{{ remote_data_path }}/ "$BACKUP_DIR/"

          # Rotate old backups (keep 14 days)
-          find "{{ local_backup_dir }}" -maxdepth 1 -type d -name '20*' -mtime +13 -exec rm -rf {} \;
+          # Calculate cutoff date (14 days ago) and delete backups older than that
+          CUTOFF_DATE=$(date -d '14 days ago' +'%Y-%m-%d')
+          for dir in "{{ local_backup_dir }}"/20*; do
+            if [ -d "$dir" ]; then
+              dir_date=$(basename "$dir")
+              if [ "$dir_date" != "$TIMESTAMP" ] && [ "$dir_date" \< "$CUTOFF_DATE" ]; then
+                rm -rf "$dir"
+              fi
+            fi
+          done

    - name: Ensure cronjob for backup exists
      cron:
@ -61,3 +70,36 @@

    - name: Run the backup script to make the first backup
      command: "{{ backup_script_path }}"
+
+    - name: Verify backup was created
+      block:
+        - name: Get today's date
+          command: date +'%Y-%m-%d'
+          register: today_date
+          changed_when: false
+
+        - name: Check backup directory exists and contains files
+          stat:
+            path: "{{ local_backup_dir }}/{{ today_date.stdout }}"
+          register: backup_dir_stat
+
+        - name: Verify backup directory exists
+          assert:
+            that:
+              - backup_dir_stat.stat.exists
+              - backup_dir_stat.stat.isdir
+            fail_msg: "Backup directory {{ local_backup_dir }}/{{ today_date.stdout }} was not created"
+            success_msg: "Backup directory {{ local_backup_dir }}/{{ today_date.stdout }} exists"
+
+        - name: Check if backup directory contains files
+          find:
+            paths: "{{ local_backup_dir }}/{{ today_date.stdout }}"
+            recurse: yes
+          register: backup_files
+
+        - name: Verify backup directory is not empty
+          assert:
+            that:
+              - backup_files.files | length > 0
+            fail_msg: "Backup directory {{ local_backup_dir }}/{{ today_date.stdout }} exists but is empty"
+            success_msg: "Backup directory contains {{ backup_files.files | length }} file(s)"
--- a/ansible/services/vaultwarden/vaultwarden_vars.yml
+++ b/ansible/services/vaultwarden/vaultwarden_vars.yml
@ -6,9 +6,11 @@ vaultwarden_port: 8222
 # (caddy_sites_dir and subdomain now in services_config.yml)

 # Remote access
-remote_host: "{{ groups['vipy'][0] }}"
-remote_user: "{{ hostvars[remote_host]['ansible_user'] }}"
-remote_key_file: "{{ hostvars[remote_host]['ansible_ssh_private_key_file'] | default('') }}"
+remote_host_name: "vipy"
+remote_host: "{{ hostvars.get(remote_host_name, {}).get('ansible_host', remote_host_name) }}"
+remote_user: "{{ hostvars.get(remote_host_name, {}).get('ansible_user', 'counterweight') }}"
+remote_key_file: "{{ hostvars.get(remote_host_name, {}).get('ansible_ssh_private_key_file', '') }}"
+remote_port: "{{ hostvars.get(remote_host_name, {}).get('ansible_port', 22) }}"

 # Local backup
 local_backup_dir: "{{ lookup('env', 'HOME') }}/vaultwarden-backups"