testing

README.md

@@ -26,28 +26,11 @@ and services operated by Free I.T. Athens (FRITA).
 4. Run `ansible-playbook` against the production servers, e.g.,
 
     ```
-    ansible-playbook -u root -i environments/production --vault-pass-file ./.ansible_vault webserver.yml --diff --check
+    ansible-playbook -u root -i environments/production --vault-pass-file ./.ansible_vault webserver.yml --check
     ```
 
 5. Delete the `.ansible_vault` file when you are done
 
-### Using Ansible Vault to add or rotate values
-Do not submit ciphertext into Ansible Vault with the indention formatting.<br />
-To submit, press `CTRL+d` twice.
-
-- Decrypt Ansible Vault values
-
-    ```
-    ansible-vault decrypt --vault-pass-file .ansible_vault
-    ```
-
-- Encrypt new Ansible Vault values
-
-    ```
-    ansible-vault encrypt --vault-pass-file .ansible_vault
-    ```
-    - e.g., `pwgen -s 100 1 | ansible-vault encrypt --vault-pass-file .ansible_vault`
-
 ## Authors
 * **Kris Lamoureux** - *Project Founder* - [@krislamo](https://github.com/krislamo)
 

roles/common/defaults/main.yml

@@ -1,4 +1,2 @@
 packages:
   - dnsutils
-  - ncdu
-  - tree

roles/webserver/files/docker-compose.yml

@@ -3,10 +3,13 @@ version: '3.5'
 volumes:
   wordpress:
   nextcloud:
+  postgres:
 
 networks:
   traefik:
     name: traefik
+  postgres:
+    name: postgres
 
 services:
   traefik:
@@ -108,3 +111,36 @@ services:
       - traefik
     extra_hosts:
       - host.docker.internal:host-gateway
+
+  timetrex:
+    image: freeitathens/timetrex:${TIMETREX_VERSION:-latest}
+    restart: always
+    environment:
+      POSTGRES_PASSWORD: password
+      POSTGRES_HOST: postgres
+    links:
+      - postgres
+    labels:
+      traefik.http.routers.timetrex.rule: "Host(`${TIMETREX_DOMAIN:-time.local.freeitathens.org}`)"
+      traefik.http.routers.timetrex.entrypoints: websecure
+      traefik.http.routers.timetrex.tls: true
+      traefik.http.routers.timetrex.tls.certresolver: letsencrypt
+      traefik.http.routers.timetrex.tls.domains[0].main: ${TRAEFIK_ACME_DOMAIN_MAIN:-local.freeitathens.org}
+      traefik.http.routers.timetrex.tls.domains[0].sans: "${TRAEFIK_ACME_DOMAIN_SANS:-*.local.freeitathens.org}"
+      traefik.http.services.timetrex.loadbalancer.server.port: 80
+      traefik.docker.network: traefik
+      traefik.enable: ${NEXTCLOUD_WEB_ENABLED:-true}
+    networks:
+      - postgres
+      - traefik
+
+  postgres:
+    image: postgres:13-bullseye
+    volumes:
+      - postgres:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: timetrex
+      POSTGRES_USER: timetrex
+      POSTGRES_PASSWORD: password
+    networks:
+      - postgres

roles/webserver/handlers/nextcloud.yml

@@ -24,15 +24,6 @@
   listen: composeup_webserver
   when: nextcloud_install.changed
 
-- name: Install Nextcloud background jobs cron
-  ansible.builtin.cron:
-    name: Nextcloud background job
-    minute: "*/5"
-    job: "/usr/bin/docker exec -u www-data webserver_nextcloud_1 /usr/local/bin/php -f /var/www/html/cron.php"
-    user: root
-  listen: composeup_webserver
-  when: nextcloud_install.changed
-
 - name: Preform Nextcloud database maintenance
   ansible.builtin.command: "docker exec --user www-data {{ webserver_root | basename }}_nextcloud_1 {{ item }}"
   loop:
@@ -41,4 +32,4 @@
     - "php occ db:convert-filecache-bigint"
     - "php occ maintenance:mode --off"
   listen: composeup_webserver
-  when: "'  - needsDbUpgrade: true' in nextcloud_status.stdout_lines or nextcloud_install.changed"
+  when: "'  - needsDbUpgrade: true' in nextcloud_status.stdout_lines"

roles/webserver/templates/compose-env.j2

@@ -1,4 +1,4 @@
 # {{ ansible_managed }}
 {% for key, value in webserver.items() %}
 {{ key }}={{ value }}
-{% endfor %}
+{% endfor %}