Update to 2022-08-01 12:00

roles/gitea/defaults/main.yml

@@ -1,11 +1,11 @@
 ---
 
 # Version to install
-gitea_version: 1.16.9
+gitea_version: 1.17.0
 # URL to the binary
 gitea_bin_url: https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64
 # sha256 of the binary
-gitea_bin_sha256: 821dd30afed9ae42b18e727174b078ea9118a6ccc5106d8246bebf8180fcbef3
+gitea_bin_sha256: bc4a8e1f5d5f64d4be2e50c387de08d07c062aecdba2f742c2f61c20accfcc46
 # Handle updates. If set to false, ansible will only install
 # Gitea and then won't touch an existing installation
 gitea_manage_upgrade: True
@@ -31,6 +31,9 @@ gitea_web_src_ip: []
 # Enable user registration
 gitea_registration: False
 
+# Default branch name
+gitea_default_branch: master
+
 # Database settings
 gitea_db_server: "{{ mysql_server | default('localhost') }}"
 gitea_db_name: gitea

roles/gitea/templates/app.ini.j2

@@ -52,6 +52,7 @@ LOG_SQL  = false
 
 [repository]
 ROOT = {{ gitea_root_dir }}/data/repositories
+DEFAULT_BRANCH = {{ gitea_default_branch }}
 
 [mailer]
 ENABLED = true

roles/nomad/defaults/main.yml

@@ -12,43 +12,51 @@ nomad_root_dir: /opt/nomad
 
 # user under which nomad will run.
 # Servers can run under an unprivileged user, while clients should run as root (or with equivalent privileges)
-nomad_user: "{{ nomad_client_enabled | ternary('root', 'nomad') }}"
+nomad_user: "{{ nomad_conf.client.enabled | ternary('root', 'nomad') }}"
 
 # List of nomad servers (not clients !)
 nomad_servers: []
 
-# Client related settings
+# Nomad configuration
-nomad_client:
+nomad_base_conf:
-  # Should client be enabled
+  log_level: INFO
-  enabled: "{{ (inventory_hostname in nomad_servers) | ternary(False, True) }}"
+  # Client related settings
-  # hostçvolumes:
+  # The default is to act as a client if the hostname is not listed in nomad servers
-  #   - name: mysql
+  client:
-  #     path: /data/mysql
+    # Should client be enabled
-  #     read_only: False
+    enabled: "{{ (inventory_hostname in nomad_servers) | ternary(False, True) }}"
-  host_volumes: []
+    # host_volumes:
+    #   - name: mysql
+    #     path: /data/mysql
+    #     read_only: False
+    host_volumes: []
 
-# Server related settings
+  # Server related settings
-nomad_server:
+  server:
-  # Should server be enabled
+    # Should server be enabled
-  enabled: "{{ (inventory_hostname in nomad_servers) | ternary(True, False) }}"
+    # The default is to act as a server if the hostname is listed in nomad_servers
-  # Expected number of servers to bootstrap the cluster. The default is to wait for all the servers
+    enabled: "{{ (inventory_hostname in nomad_servers) | ternary(True, False) }}"
-  # listed in nomad_servers to be ready, and then to do the bootstrap
+    # Expected number of servers to bootstrap the cluster. The default is to wait for all the servers
-  bootstrap_expect: "{{ nomad_servers | length }}"
+    # listed in nomad_servers to be ready, and then to do the bootstrap
-  # Encryption key to use to encrypt inter-server communications
+    bootstrap_expect: "{{ nomad_servers | length }}"
-  # You can generate one with nomad operator keygen command. It must be the same
+    # Encryption key to use to encrypt inter-server communications
-  # on all the servers of the cluster. If not defined (the default), the trafic will
+    # You can generate one with nomad operator keygen command. It must be the same
-  # not be encrypted
+    # on all the servers of the cluster. If not defined (the default), the trafic will
-  # encrypt: NVlG6VKgsTbMim041S5nbWmmaQKS7YchV+9G3XxcZDs=
+    # not be encrypted
+    # encrypt: NVlG6VKgsTbMim041S5nbWmmaQKS7YchV+9G3XxcZDs=
 
-# ui related settings
+  # UI related settings
-nomad_ui:
+  ui:
-  enabled: True
+    # Default is to enable the UI on server only
-  # Consul and vault optional URL. This is just to add a shortcut in Nomad's UI
+    enabled: "{{ (inventory_hostname in nomad_servers) | ternary(True, False) }}"
-  # consul_ui: https://consul.example.org
+    # Consul and vault optional URL. This is just to add a shortcut in Nomad's UI
-  # vault_ui: https://vault.example.org
+    # consul_ui: https://consul.example.org
-
+    # vault_ui: https://vault.example.org
-# Log level of the daemon
+# You can override part of the default config without rewriting everything else
-nomad_log_level: INFO
+# the dict will get merged
+nomad_extra_conf: {}
+nomad_host_conf: {}
+nomad_conf: "{{ nomad_base_conf | combine(nomad_extra_conf, recursive=True) | combine(nomad_host_conf, recursive=True) }}"
 
 # Ports used by Nomad, the protocols, and the list of IP/CIDR for which the ports will be opened in the firewall
 # You can also specify which address/port to advertise (not needed most of the time)
@@ -62,12 +70,12 @@ nomad_base_services:
     port: 4647
     proto: [tcp]
     src_ip: []
-    # advertise: 
+    # advertise: y.y.y.y
   serf:
     port: 4648
     proto: [tcp,udp]
     src_ip: []
     # advertise: x.x.x.x
 nomad_extra_services: {}
-nomad_services: "{{ nomad_base_services | combine(nomad_extra_services, recursive=True) }}"
+nomad_host_services: {}
-
+nomad_services: "{{ nomad_base_services | combine(nomad_extra_services, recursive=True) | combine(nomad_host_services, recursive=True) }}"

roles/nomad/tasks/facts.yml

@@ -1,12 +1,25 @@
 ---
 
-- name: Detect installed version
+- set_fact: nomad_install_mode='none'
-  block:
-    - import_tasks: ../includes/webapps_set_install_mode.yml
-      vars:
-        - root_dir: "{{ nomad_root_dir }}"
-        - version: "{{ nomad_version }}"
-    - set_fact: nomad_install_mode={{ install_mode | default('none') }}
-    - set_fact: nomad_current_version={{ current_version | default('') }}
   tags: nomad
 
+- name: Detect if nomad is installed
+  stat: path=/usr/local/bin/nomad
+  register: nomad_bin
+  tags: nomad
+
+- when: not nomad_bin.stat.exists
+  set_fact: nomad_install_mode='install'
+  tags: nomad
+
+- when: nomad_bin.stat.exists
+  block:
+    - name: Detect installed version
+      shell: /usr/local/bin/nomad version | perl -pe 's/Nomad v(\d+(\.\d+)*)\s.*/$1/'
+      changed_when: False
+      register: nomad_current_version
+    - set_fact: nomad_current_version={{ nomad_current_version.stdout }}
+  tags: nomad
+
+- when: nomad_bin.stat.exists and nomad_current_version != nomad_version
+  set_fact: nomad_install_mode='upgrade'

roles/nomad/tasks/iptables.yml

@@ -6,10 +6,10 @@
     state: "{{ (('tcp' in nomad_services[item].proto or 'udp' in nomad_services[item].proto) and nomad_services[item].src_ip | length > 0) | ternary('present', 'absent') }}"
     rules: |
       {% if 'tcp' in nomad_services[item].proto %}
-      -A INPUT -m state --state NEW -p tcp --dport {{ nomad_services[item].port }} -j ACCEPT
+      -A INPUT -m state --state NEW -p tcp --dport {{ nomad_services[item].port }} -s {{  nomad_services[item].src_ip | join(',') }} -j ACCEPT
       {% endif %}
       {% if 'udp' in nomad_services[item].proto %}
-      -A INPUT -m state --state NEW -p udp --dport {{ nomad_services[item].port }} -j ACCEPT
+      -A INPUT -m state --state NEW -p udp --dport {{ nomad_services[item].port }} -s {{  nomad_services[item].src_ip | join(',') }} -j ACCEPT
       {% endif %}
   loop: "{{ nomad_services.keys() | list }}"
   tags: firewall,nomad

roles/nomad/tasks/main.yml

@@ -27,9 +27,6 @@
 - include_tasks: services.yml
   tags: always
 
-- include_tasks: write_version.yml
-  tags: always
-
 - include_tasks: archive_post.yml
   when: nomad_install_mode | default('none') == 'upgrade'
   tags: always

roles/nomad/tasks/write_version.yml

@@ -1,5 +0,0 @@
----
-
-- name: Write installed version
-  copy: content={{ nomad_version }} dest={{ nomad_root_dir }}/meta/ansible_version
-  tags: nomad

roles/nomad/templates/nomad.hcl.j2

@@ -1,5 +1,5 @@
 data_dir = "{{ nomad_root_dir }}/data"
-log_level = "{{ nomad_log_level }}"
+log_level = "{{ nomad_conf.log_level }}"
 bind_addr = "0.0.0.0"
 
 advertise {
@@ -16,12 +16,11 @@ ports {
 {% endfor %}
 }
 
-{% if nomad_server.enabled %}
 server {
-  enabled = true
+  enabled = {{ nomad_conf.server.enabled | ternary('true', 'false') }}
-  bootstrap_expect = {{ nomad_server.bootstrap_expect }}
+  bootstrap_expect = {{ nomad_conf.server.bootstrap_expect }}
-{% if nomad_server.encrypt is defined %}
+{% if nomad_conf.server.encrypt is defined %}
-  encrypt = "{{ nomad_server.encrypt }}"
+  encrypt = "{{ nomad_conf.server.encrypt }}"
 {% endif %}
   server_join {
     retry_join = [
@@ -32,37 +31,33 @@ server {
   }
 }
 
-{% if nomad_client.enabled %}
 client {
-  enabled = true
+  enabled = {{ nomad_conf.client.enabled | ternary('true', 'false') }}
   servers = [
 {% for server in nomad_servers %}
     "{{ server }}",
 {% endfor %}
   ]
-{% for volume in nomad_client.host_volumes %}
+{% for volume in nomad_conf.client.host_volumes %}
   host_volume "{{ volume.name }}" {
     path = "{{ volume.path }}"
 {% if volume.read_only is defined %}
-    read_only = "{{ volume.read_only | ternary('true', 'false') }}
+    read_only = "{{ volume.read_only | ternary('true', 'false') }}"
 {% endif %}
   }
 {% endfor %}
 }
-{% endif %}
 
-{% if nomad_ui.enabled %}
 ui {
-  enabled = true
+  enabled = {{ nomad_conf.ui.enabled | ternary('true', 'false') }}
-{% if nomad_ui.consul_ui is defined %}
+{% if nomad_conf.ui.consul_ui is defined %}
   consul {
-    ui_url = "{{ nomad_ui.consul_ui }}"
+    ui_url = "{{ nomad_conf.ui.consul_ui }}"
   }
 {% endif %}
-{% if nomad_ui.vault_ui is defined %}
+{% if nomad_conf.ui.vault_ui is defined %}
   vault {
-    ui_url = "{{ nomad_ui.vault_ui }}"
+    ui_url = "{{ nomad_conf.ui.vault_ui }}"
   }
 {% endif %}
 }
-{% endif %}