Initial commit

Signed-off-by: Julien Riou <julien@riou.xyz>

roles/coller/tasks/main.yml

@@ -0,0 +1,55 @@
+---
+- name: Check variables
+  ansible.builtin.assert:
+    that:
+      - coller_db_password is defined
+
+- name: Download source code
+  ansible.builtin.git:
+    repo: https://git.riou.xyz/jriou/coller.git
+    dest: /opt/coller
+    version: "{{ coller_version }}"
+
+- name: Create directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: root
+    group: root
+    mode: "0755"
+  loop:
+    - "{{ coller_config_dir }}"
+
+- name: Create docker-compose files
+  ansible.builtin.template:
+    src: "{{ item.src }}.j2"
+    dest: "{{ coller_config_dir }}/{{ item.src }}"
+    owner: root
+    group: root
+    mode: "{{ item.mode }}"
+  loop:
+    - src: docker-compose.yml
+      mode: "0644"
+    - src: db.env
+      mode: "0600"
+
+- name: Create configuration file
+  ansible.builtin.copy:
+    content:
+      database_type: postgres
+      database_dsn: "host=db dbname={{ coller_db_name }} user={{ coller_db_user }} password={{ coller_db_password }}"
+    dest: "{{ coller_config_dir }}/collerd.json"
+    owner: root
+    group: root
+    mode: "0640"
+  no_log: true
+
+- name: Start service
+  community.docker.docker_compose_v2:
+    project_src: "{{ coller_config_dir }}"
+    files:
+      - docker-compose.yml
+
+- name: Manage iptables
+  when: coller_manage_iptables is truthy
+  ansible.builtin.include_tasks: manage-iptables.yml

roles/coller/tasks/manage-iptables.yml

@@ -0,0 +1,16 @@
+---
+- name: Install packages
+  ansible.builtin.package:
+    name: netfilter-persistent
+
+- name: Allow with iptables
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    source: "{{ item }}"
+    destination_ports:
+      - "{{ coller_port }}"
+    jump: ACCEPT
+    comment: coller
+  loop: "{{ coller_allowed_sources }}"
+  notify: Save iptables