infrastructure/playbook.yaml

---

- name: Render compose files
  hosts: localhost
  tags: template
  vars:
    render_path: "./render/compose"
    render_blacklist:
      - EMPTY
  tasks:
    - name: Read Variables
      include_vars:
        dir: vars
        extensions:
          - 'yml'
          - 'yaml'
    - file:
        state: directory
        dest: '{{ render_path }}/{{ item.path }}'
      with_filetree: './compose'
      when: item.state == 'directory'
    - name: Template Compose structure
      ansible.builtin.template:
        src: "{{ item.src }}"
        dest: "{{ render_path }}/{{ item.path }}"
        force: true
      with_filetree: './compose'
      when: item.state == 'file' and item.path not in render_blacklist
    - name: Copy blacklisted files
      copy:
        src: "{{ item.src }}"
        dest: "{{ render_path }}/{{ item.path }}"
        force: true
      with_filetree: './compose'
      when: item.state == 'file' and item.path in render_blacklist

- name: Provision Volumes from Snapshots
  hosts: unprovisioned
  # hosts: all
  gather_facts: true
  tasks:
    - block:
        - name: Gather file names
          delegate_to: 127.0.0.1
          find:
            paths: ./backups
            file_type: file
          register: snapshot_files
        - name: Filter names
          set_fact:
            volumes_to_provision: "{{ snapshot_files.files | selectattr('path', 'regex', '^.*-latest.tar.gz') | map(attribute='path') | map('regex_replace', '^backups/([a-zA-Z0-9_]+)-.*$', '\\1') }}"
        - name: Print
          ansible.builtin.debug:
            var: volumes_to_provision
            verbosity: 0
        - ansible.builtin.file:
            path: /home/core/backups
            owner: core
            state: directory
            mode: '0755'
        - name: Copy backups to host
          copy:
            src: "./backups/{{ item }}-latest.tar.gz"
            dest: "/home/core/backups/{{ item }}-latest.tar.gz"
          with_items: "{{ volumes_to_provision }}"
        - name: Initialize Volumes
          community.docker.docker_volume:
            name: "{{ item }}"
            state: present
          with_items: "{{ volumes_to_provision }}"

        - name: Provision Volume using alpine
          community.docker.docker_container:
            name: "restore-{{ item }}"
            image: "alpine:latest"
            state: started
            volumes:
              - "{{ item }}:/backup/{{ item }}"
              - "/home/core/backups/{{ item }}-latest.tar.gz:/restore.tar.gz:ro,z"
            auto_remove: true
            entrypoint:
              - tar
              - -C
              - /
              - -xvf
              - /restore.tar.gz
          with_items: "{{ volumes_to_provision }}"

        - set_fact:
            provisioned: true
            cacheable: true
      when: ansible_facts['provisioned'] is undefined

- name: Backup
  hosts: all
  tasks:
    - name: Read Variables
      include_vars:
        dir: vars
        extensions:
          - 'yml'
          - 'yaml'
    - name: Install backup script
      become: true
      ansible.builtin.template:
        src: backup.sh
        dest: /root/backup.sh
        mode: '0750'
        owner: root

- name: Setup Registry credentials
  hosts: all
  tasks:
    - ansible.builtin.file:
        path: /home/core/.docker
        owner: core
        state: directory
        mode: '0700'
    - ansible.builtin.copy:
        src: docker-config.json
        dest: /home/core/.docker/config.json
        mode: '0600'
        owner: core

- name: Docker-Compose
  hosts: all
  tasks:
    - name: Gather local Config
      delegate_to: 127.0.0.1
      find:
        paths: ./render/compose
        recurse: true
        file_type: file
      register: local_compose_files
    - name: Gather Remote Config
      find:
        paths: /home/core/compose
        recurse: true
        file_type: file
      register: remote_compose_files
    - ansible.builtin.debug:
        var: local_compose_files
        verbosity: 2
    - ansible.builtin.debug:
        var: remote_compose_files
        verbosity: 2

    - ansible.builtin.set_fact:
        compose_dirs_tainted: "{{ remote_compose_files.files | map(attribute='path') | difference(local_compose_files.files | map(attribute='path') | map('regex_replace', '^render/', '/home/core/')) | map('dirname') }}"
    - ansible.builtin.debug:
        var: compose_dirs_tainted
        verbosity: 2

    - name: Stop tainted Compose Services
      community.docker.docker_compose:
        project_src: "{{ item }}"
        state: absent
      loop: "{{ compose_dirs_tainted }}"

    - name: Copy Compose files
      ansible.posix.synchronize:
        src: ./render/compose
        dest: /home/core/
        archive: false
        checksum: true
        delete: true
        recursive: true
        mode: push
        # directory_mode: "0750"
        # mode: "0640"
        # owner: core
      register: compose_files

    - ansible.builtin.debug:
        var: compose_files
        verbosity: 2

    - name: Restart Compose projects
      vars:
        docker_restart: "{{ lookup('env', 'DOCKER_RESTART') | default('false', true) | bool }}"
      block:
        - find:
            paths: /home/core/compose
            recurse: false
            file_type: directory
          register: compose_directories
        - ansible.builtin.debug:
            var: compose_directories
            verbosity: 2
        - name: Restart Compose Projects
          community.docker.docker_compose:
            project_src: "{{ item }}"
            state: present
            restarted: true
            recreate: smart
            build: true
            remove_orphans: true
          loop: "{{ compose_directories.files | map(attribute='path') | sort }}"
      when: compose_files.changed or docker_restart


...
Initial Signed-off-by: Tobias Manske <tobias.manske@mailbox.org> 2022-06-18 14:12:12 +02:00			`---`

			`- name: Render compose files`
			`hosts: localhost`
			`tags: template`
			`vars:`
			`render_path: "./render/compose"`
			`render_blacklist:`
			`- EMPTY`
			`tasks:`
			`- name: Read Variables`
			`include_vars:`
			`dir: vars`
			`extensions:`
			`- 'yml'`
			`- 'yaml'`
			`- file:`
			`state: directory`
			`dest: '{{ render_path }}/{{ item.path }}'`
			`with_filetree: './compose'`
			`when: item.state == 'directory'`
			`- name: Template Compose structure`
			`ansible.builtin.template:`
			`src: "{{ item.src }}"`
			`dest: "{{ render_path }}/{{ item.path }}"`
			`force: true`
			`with_filetree: './compose'`
			`when: item.state == 'file' and item.path not in render_blacklist`
			`- name: Copy blacklisted files`
			`copy:`
			`src: "{{ item.src }}"`
			`dest: "{{ render_path }}/{{ item.path }}"`
			`force: true`
			`with_filetree: './compose'`
			`when: item.state == 'file' and item.path in render_blacklist`

			`- name: Provision Volumes from Snapshots`
			`hosts: unprovisioned`
			`# hosts: all`
			`gather_facts: true`
			`tasks:`
			`- block:`
			`- name: Gather file names`
			`delegate_to: 127.0.0.1`
			`find:`
			`paths: ./backups`
			`file_type: file`
			`register: snapshot_files`
			`- name: Filter names`
			`set_fact:`
			`volumes_to_provision: "{{ snapshot_files.files \| selectattr('path', 'regex', '^.-latest.tar.gz') \| map(attribute='path') \| map('regex_replace', '^backups/([a-zA-Z0-9_]+)-.$', '\\1') }}"`
			`- name: Print`
			`ansible.builtin.debug:`
			`var: volumes_to_provision`
			`verbosity: 0`
			`- ansible.builtin.file:`
			`path: /home/core/backups`
			`owner: core`
			`state: directory`
			`mode: '0755'`
			`- name: Copy backups to host`
			`copy:`
			`src: "./backups/{{ item }}-latest.tar.gz"`
			`dest: "/home/core/backups/{{ item }}-latest.tar.gz"`
			`with_items: "{{ volumes_to_provision }}"`
			`- name: Initialize Volumes`
			`community.docker.docker_volume:`
			`name: "{{ item }}"`
			`state: present`
			`with_items: "{{ volumes_to_provision }}"`

			`- name: Provision Volume using alpine`
			`community.docker.docker_container:`
			`name: "restore-{{ item }}"`
			`image: "alpine:latest"`
			`state: started`
			`volumes:`
			`- "{{ item }}:/backup/{{ item }}"`
			`- "/home/core/backups/{{ item }}-latest.tar.gz:/restore.tar.gz:ro,z"`
			`auto_remove: true`
			`entrypoint:`
			`- tar`
			`- -C`
			`- /`
			`- -xvf`
			`- /restore.tar.gz`
			`with_items: "{{ volumes_to_provision }}"`

			`- set_fact:`
			`provisioned: true`
			`cacheable: true`
			`when: ansible_facts['provisioned'] is undefined`

			`- name: Backup`
			`hosts: all`
			`tasks:`
			`- name: Read Variables`
			`include_vars:`
			`dir: vars`
			`extensions:`
			`- 'yml'`
			`- 'yaml'`
			`- name: Install backup script`
			`become: true`
			`ansible.builtin.template:`
			`src: backup.sh`
			`dest: /root/backup.sh`
			`mode: '0750'`
			`owner: root`

			`- name: Setup Registry credentials`
			`hosts: all`
			`tasks:`
			`- ansible.builtin.file:`
			`path: /home/core/.docker`
			`owner: core`
			`state: directory`
			`mode: '0700'`
			`- ansible.builtin.copy:`
			`src: docker-config.json`
			`dest: /home/core/.docker/config.json`
			`mode: '0600'`
			`owner: core`

			`- name: Docker-Compose`
			`hosts: all`
			`tasks:`
			`- name: Gather local Config`
			`delegate_to: 127.0.0.1`
			`find:`
			`paths: ./render/compose`
			`recurse: true`
			`file_type: file`
			`register: local_compose_files`
			`- name: Gather Remote Config`
			`find:`
			`paths: /home/core/compose`
			`recurse: true`
			`file_type: file`
			`register: remote_compose_files`
			`- ansible.builtin.debug:`
			`var: local_compose_files`
			`verbosity: 2`
			`- ansible.builtin.debug:`
			`var: remote_compose_files`
			`verbosity: 2`

			`- ansible.builtin.set_fact:`
			`compose_dirs_tainted: "{{ remote_compose_files.files \| map(attribute='path') \| difference(local_compose_files.files \| map(attribute='path') \| map('regex_replace', '^render/', '/home/core/')) \| map('dirname') }}"`
			`- ansible.builtin.debug:`
			`var: compose_dirs_tainted`
			`verbosity: 2`

			`- name: Stop tainted Compose Services`
			`community.docker.docker_compose:`
			`project_src: "{{ item }}"`
			`state: absent`
			`loop: "{{ compose_dirs_tainted }}"`

			`- name: Copy Compose files`
			`ansible.posix.synchronize:`
			`src: ./render/compose`
			`dest: /home/core/`
			`archive: false`
			`checksum: true`
			`delete: true`
			`recursive: true`
			`mode: push`
			`# directory_mode: "0750"`
			`# mode: "0640"`
			`# owner: core`
			`register: compose_files`

			`- ansible.builtin.debug:`
			`var: compose_files`
			`verbosity: 2`

			`- name: Restart Compose projects`
			`vars:`
			`docker_restart: "{{ lookup('env', 'DOCKER_RESTART') \| default('false', true) \| bool }}"`
			`block:`
			`- find:`
			`paths: /home/core/compose`
			`recurse: false`
			`file_type: directory`
			`register: compose_directories`
			`- ansible.builtin.debug:`
			`var: compose_directories`
			`verbosity: 2`
			`- name: Restart Compose Projects`
			`community.docker.docker_compose:`
			`project_src: "{{ item }}"`
			`state: present`
			`restarted: true`
			`recreate: smart`
			`build: true`
			`remove_orphans: true`
			`loop: "{{ compose_directories.files \| map(attribute='path') \| sort }}"`
			`when: compose_files.changed or docker_restart`


			`...`