Initial commit

Signed-off-by: Julien Riou <julien@riou.xyz>

roles/coller/README.md

@@ -0,0 +1,159 @@
+# Ansible Role Coller
+
+Ansible role to manage a [coller](https://git.riou.xyz/jriou/coller) instance.
+
+## Configuration
+
+See [Variable
+precedence](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html#ansible-variable-precedence)
+to find where you should put your own variables.
+
+Then define at least `coller_db_password` with a strong and secure password,
+encrypted using
+[ansible-vault](https://docs.ansible.com/ansible/latest/cli/ansible-vault.html).
+
+## Table of content
+
+<!-- ANSIBLE DOCSMITH TOC START -->
+* [Role variables](#variables)
+  * [`coller_version`](#variable-coller_version)
+  * [`coller_config_dir`](#variable-coller_config_dir)
+  * [`coller_port`](#variable-coller_port)
+  * [`coller_manage_iptables`](#variable-coller_manage_iptables)
+  * [`coller_allowed_sources`](#variable-coller_allowed_sources)
+  * [`coller_db_name`](#variable-coller_db_name)
+  * [`coller_db_user`](#variable-coller_db_user)
+  * [`coller_db_password`](#variable-coller_db_password)
+<!-- ANSIBLE DOCSMITH TOC END -->
+
+<!-- ANSIBLE DOCSMITH MAIN START -->
+
+## Role variables<a id="variables"></a>
+
+The following variables can be configured for this role:
+
+| Variable | Type | Required | Default | Description (abstract) |
+|----------|------|----------|---------|------------------------|
+| `coller_version` | `str` | No | `"1.3.1"` | Version of the binary. |
+| `coller_config_dir` | `path` | No | `"/etc/coller"` | Directory of the configuration files. |
+| `coller_port` | `int` | No | `8080` | Port to listen. |
+| `coller_manage_iptables` | `bool` | No | `false` | Create iptables rule to allow the service. |
+| `coller_allowed_sources` | `list` | No | N/A | List of allowed networks to allow.<br><br>Enabled when `coller_manage_iptables` is enabled. |
+| `coller_db_name` | `str` | No | `"coller"` | Name of the database to connect. |
+| `coller_db_user` | `str` | No | `"coller"` | User to connect to the database. |
+| `coller_db_password` | `str` | Yes | N/A | Password to connect to the database. |
+
+### `coller_version`<a id="variable-coller_version"></a>
+
+[*⇑ Back to ToC ⇑*](#toc)
+
+Version of the binary.
+
+- **Type**: `str`
+- **Required**: No
+- **Default**: `"1.3.1"`
+
+
+
+### `coller_config_dir`<a id="variable-coller_config_dir"></a>
+
+[*⇑ Back to ToC ⇑*](#toc)
+
+Directory of the configuration files.
+
+- **Type**: `path`
+- **Required**: No
+- **Default**: `"/etc/coller"`
+
+
+
+### `coller_port`<a id="variable-coller_port"></a>
+
+[*⇑ Back to ToC ⇑*](#toc)
+
+Port to listen.
+
+- **Type**: `int`
+- **Required**: No
+- **Default**: `8080`
+
+
+
+### `coller_manage_iptables`<a id="variable-coller_manage_iptables"></a>
+
+[*⇑ Back to ToC ⇑*](#toc)
+
+Create iptables rule to allow the service.
+
+- **Type**: `bool`
+- **Required**: No
+- **Default**: `false`
+
+
+
+### `coller_allowed_sources`<a id="variable-coller_allowed_sources"></a>
+
+[*⇑ Back to ToC ⇑*](#toc)
+
+List of allowed networks to allow.
+
+Enabled when `coller_manage_iptables` is enabled.
+
+- **Type**: `list`
+- **Required**: No
+
+
+
+### `coller_db_name`<a id="variable-coller_db_name"></a>
+
+[*⇑ Back to ToC ⇑*](#toc)
+
+Name of the database to connect.
+
+- **Type**: `str`
+- **Required**: No
+- **Default**: `"coller"`
+
+
+
+### `coller_db_user`<a id="variable-coller_db_user"></a>
+
+[*⇑ Back to ToC ⇑*](#toc)
+
+User to connect to the database.
+
+- **Type**: `str`
+- **Required**: No
+- **Default**: `"coller"`
+
+
+
+### `coller_db_password`<a id="variable-coller_db_password"></a>
+
+[*⇑ Back to ToC ⇑*](#toc)
+
+Password to connect to the database.
+
+- **Type**: `str`
+- **Required**: Yes
+
+
+
+
+<!-- ANSIBLE DOCSMITH MAIN END -->
+
+## Usage
+
+Playbook example:
+
+```yaml
+- hosts: all
+  roles:
+    - jriou.general.coller
+```
+
+Then run the playbook:
+
+```
+ansible-playbook play.yml
+```

roles/coller/defaults/main.yml

@@ -0,0 +1,51 @@
+---
+
+# Version of the binary.
+#
+# - Type: str
+# - Required: No
+# - Default: 1.3.1
+coller_version: 1.3.1
+
+# Directory of the configuration files.
+#
+# - Type: path
+# - Required: No
+# - Default: /etc/coller
+coller_config_dir: /etc/coller
+
+# Port to listen.
+#
+# - Type: int
+# - Required: No
+# - Default: 8080
+coller_port: 8080
+
+# Create iptables rule to allow the service.
+#
+# - Type: bool
+# - Required: No
+# - Default: false
+coller_manage_iptables: false
+
+# List of allowed networks to allow.
+#
+# Enabled when `coller_manage_iptables` is enabled.
+#
+# - Type: list
+# - Required: No
+coller_allowed_sources: []
+
+# Name of the database to connect.
+#
+# - Type: str
+# - Required: No
+# - Default: coller
+coller_db_name: coller
+
+# User to connect to the database.
+#
+# - Type: str
+# - Required: No
+# - Default: coller
+coller_db_user: coller

roles/coller/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+- name: Save iptables
+  ansible.builtin.shell:
+    cmd: netfilter-persistent save

roles/coller/meta/argument_specs.yml

@@ -0,0 +1,52 @@
+---
+argument_specs:
+  main:
+    short_description: Install and configure a coller instance
+    description:
+      - Install and configure a [coller](https://git.riou.xyz/jriou/coller) instance.
+    author:
+      - jriou
+    options:
+      coller_version:
+        description:
+          - Version of the binary.
+        default: "1.3.1"
+
+      coller_config_dir:
+        description:
+          - Directory of the configuration files.
+        type: path
+        default: /etc/coller
+
+      coller_port:
+        description:
+          - Port to listen.
+        type: int
+        default: 8080
+
+      coller_manage_iptables:
+        description:
+          - Create iptables rule to allow the service.
+        type: bool
+        default: false
+
+      coller_allowed_sources:
+        description:
+          - List of allowed networks to allow.
+          - Enabled when `coller_manage_iptables` is enabled.
+        type: list
+
+      coller_db_name:
+        description:
+          - Name of the database to connect.
+        default: coller
+
+      coller_db_user:
+        description:
+          - User to connect to the database.
+        default: coller
+
+      coller_db_password:
+        description:
+          - Password to connect to the database.
+        required: true

roles/coller/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+- role: geerlingguy.docker

roles/coller/tasks/main.yml

@@ -0,0 +1,55 @@
+---
+- name: Check variables
+  ansible.builtin.assert:
+    that:
+      - coller_db_password is defined
+
+- name: Download source code
+  ansible.builtin.git:
+    repo: https://git.riou.xyz/jriou/coller.git
+    dest: /opt/coller
+    version: "{{ coller_version }}"
+
+- name: Create directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: root
+    group: root
+    mode: "0755"
+  loop:
+    - "{{ coller_config_dir }}"
+
+- name: Create docker-compose files
+  ansible.builtin.template:
+    src: "{{ item.src }}.j2"
+    dest: "{{ coller_config_dir }}/{{ item.src }}"
+    owner: root
+    group: root
+    mode: "{{ item.mode }}"
+  loop:
+    - src: docker-compose.yml
+      mode: "0644"
+    - src: db.env
+      mode: "0600"
+
+- name: Create configuration file
+  ansible.builtin.copy:
+    content:
+      database_type: postgres
+      database_dsn: "host=db dbname={{ coller_db_name }} user={{ coller_db_user }} password={{ coller_db_password }}"
+    dest: "{{ coller_config_dir }}/collerd.json"
+    owner: root
+    group: root
+    mode: "0640"
+  no_log: true
+
+- name: Start service
+  community.docker.docker_compose_v2:
+    project_src: "{{ coller_config_dir }}"
+    files:
+      - docker-compose.yml
+
+- name: Manage iptables
+  when: coller_manage_iptables is truthy
+  ansible.builtin.include_tasks: manage-iptables.yml

roles/coller/tasks/manage-iptables.yml

@@ -0,0 +1,16 @@
+---
+- name: Install packages
+  ansible.builtin.package:
+    name: netfilter-persistent
+
+- name: Allow with iptables
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    source: "{{ item }}"
+    destination_ports:
+      - "{{ coller_port }}"
+    jump: ACCEPT
+    comment: coller
+  loop: "{{ coller_allowed_sources }}"
+  notify: Save iptables

roles/coller/templates/db.env.j2

@@ -0,0 +1,6 @@
+{{ ansible_managed | comment }}
+POSTGRES_USER={{ coller_db_user }}
+POSTGRES_PASSWORD={{ coller_db_password }}
+POSTGRES_DB={{ coller_db_name }}
+POSTGRES_INITDB_ARGS="--data-checksums"
+POSTGRES_HOST_AUTH_METHOD=scram-sha-256

roles/coller/templates/docker-compose.yml.j2

@@ -0,0 +1,32 @@
+---
+{{ ansible_managed | comment }}
+services:
+  server:
+    image: coller:{{ coller_version }}
+    build: /opt/coller
+    container_name: collerd
+    restart: always
+    networks:
+        - coller
+    ports:
+      - "{{ coller_port }}:8080"
+    volumes:
+      - "{{ coller_config_dir }}/collerd.json:/etc/collerd.json:ro"
+    command: collerd -config /etc/collerd.json
+
+  db:
+    image: postgres:17
+    hostname: db
+    container_name: collerd_db
+    restart: always
+    env_file: {{ coller_config_dir }}/db.env
+    networks:
+      - coller
+    volumes:
+      - coller:/var/lib/postgresql/data
+
+networks:
+  coller:
+
+volumes:
+  coller: