xNok · xNok · Mar 4, 2025 · Mar 4, 2025 · Mar 4, 2025 · Mar 4, 2025
diff --git a/.github/workflows/ansible.yml b/.github/workflows/ansible.yml
@@ -96,7 +96,7 @@ jobs:
 
       - name: run playbook
         run: |
-          ansible-playbook -i inventory ansible/docker-swarm-portainer-caddy.yml
+          ansible-playbook -i inventory ansible/docker-swarm-portainer-caddy-openziti.yml
         env:
           BRANCH_NAME: ${{ github.head_ref }}
           # This is used by caddy to authenticate users
@@ -105,3 +105,6 @@ jobs:
           CADDY_JWT_SHARED_KEY: ${{ secrets.CADDY_JWT_SHARED_KEY }}
           # This is used by caddy to configure dns records
           CADDY_DIGITALOCEAN_API_TOKEN: ${{ secrets.CADDY_DIGITALOCEAN_API_TOKEN }}
+          # This is used by rclone to create volumes sync with do space
+          RCLONE_DIGITALOCEAN_ACCESS_KEY_ID: ${{ secrets.RCLONE_DIGITALOCEAN_ACCESS_KEY_ID }}
+          RCLONE_DIGITALOCEAN_SECRET_ACCESS_KEY: ${{ secrets.RCLONE_DIGITALOCEAN_SECRET_ACCESS_KEY }}
diff --git a/ansible/docker-swarm-portainer-caddy-openziti.yml b/ansible/docker-swarm-portainer-caddy-openziti.yml
@@ -0,0 +1,59 @@
+- name: Determine affected roles
+  hosts: localhost
+  gather_facts: false
+
+  roles:
+  - utils-affected-roles
+
+# BASE
+- name: This is the base requirement for all nodes
+  hosts: all
+  become: true
+
+  roles:
+  - role: docker
+    when: "'docker' in hostvars['localhost']['roles_with_changes']"
+
+# SWARM
+- name: This setup the Docker Swarm Manager
+  hosts: managers
+  gather_facts: true
+  become: true
+
+  roles:
+  # NOTE: One node requires python and extra tools to setup the swarm, I call it the controller.
+  # I case we have an issue all master are setup as potential controller
+  # this role is for the host running ansible to manage the swarm
+  - role: docker-swarm-controller
+    when: "'docker-swarm-controller' in hostvars['localhost']['roles_with_changes']"
+  # this role is for creating the swarm and adding host as manager
+  - role: docker-swarm-manager
+    when: "'docker-swarm-manager' in hostvars['localhost']['roles_with_changes']"
+
+- name: This setup nodes to join the Swarm
+  hosts: nodes
+
+  roles:
+  - role: docker-swarm-node # this role is for host to join the swarm
+    when: "'docker-swarm-node' in hostvars['localhost']['roles_with_changes']"
+
+# PLUGINS
+- name: This installs docker plugins on all hosts
+  hosts: all
+  become: true
+
+  roles:
+  - role: docker-swarm-plugin-rclone
+    when: "'docker-swarm-plugin-rclone' in hostvars['localhost']['roles_with_changes']"
+
+# APPS
+- name: This install Caddy and Portainer in the Swarm
+  hosts: managers[0] # Only one manager need to be hit
+  become: true
+
+  roles:
+  - role: docker-swarm-app-caddy
+    when: "'docker-swarm-app-caddy' in hostvars['localhost']['roles_with_changes']"
+  - role: docker-swarm-app-portainer
+    caddy: true
+    when: "'docker-swarm-app-portainer' in hostvars['localhost']['roles_with_changes']"
diff --git a/ansible/roles/docker-swarm-plugin-rclone/defaults/main.yaml b/ansible/roles/docker-swarm-plugin-rclone/defaults/main.yaml
@@ -0,0 +1 @@
+s3_endpoint: lon1.digitaloceanspaces.com
diff --git a/ansible/roles/docker-swarm-plugin-rclone/meta/main.yaml b/ansible/roles/docker-swarm-plugin-rclone/meta/main.yaml
@@ -0,0 +1,4 @@
+dependencies: []
+  # - docker
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
diff --git a/ansible/roles/docker-swarm-plugin-rclone/tasks/main.yaml b/ansible/roles/docker-swarm-plugin-rclone/tasks/main.yaml
@@ -0,0 +1,45 @@
+#################################################
+# OR INFRA Role: Docker Swarm Plugins Rclone
+# Source:
+#    https://rclone.org/docker/
+#################################################
+
+###
+# GENERAL Setup
+###
+- name: Install required system packages
+  apt:
+    name: "{{ item }}"
+    state: present
+    update_cache: true
+  loop: ['fuse']
+
+- name: Install rclone plugin
+  community.docker.docker_plugin:
+    plugin_name: rclone/docker-volume-rclone
+    alias: rclone
+    state: enable
+
+- name: Creates directory rclone
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: '0644'
+  loop:
+  - '/var/lib/docker-plugins/rclone/config'
+  - '/var/lib/docker-plugins/rclone/cache'
+
+########
+# Testing Setup
+# Create a test volume
+########
+- name: Create a volume using rclone
+  community.docker.docker_volume:
+    name: first_rclone_volume
+    driver: rclone
+    driver_options:
+      type: s3
+      s3-provider: DigitalOcean
+      s3-endpoint: "{{s3_endpoint}}"
+      s3-access_key_id: "{{ lookup('env', 'RCLONE_DIGITALOCEAN_ACCESS_KEY_ID') }}"
+      s3-secret_access_key: "{{ lookup('env', 'RCLONE_DIGITALOCEAN_SECRET_ACCESS_KEY') }}"