diff --git a/README.md b/README.md index 03eb79a..65b1d7d 100755 --- a/README.md +++ b/README.md @@ -3,24 +3,5 @@ ansible-galaxy install -r requirements.yml # Install the playbook -ansible-playbook -i inventory frontend.yaml - -# Check the cron jobs -crontab -u matt -l -``` - -TODO: Update the pre/post scripts at /etc/letsencrypt/renewal-hooks to stop/start docker reverse_proxy -TODO: Update cron to run certbot as root - -If the above is done, I'm not sure the blow is needed... -TODO: Ensure /var/log/letsencrypt, /var/lib/letsencryprt and maybe /etc/letsencrypt are writable as the ansible user. -Something like - -```bash -chgrp adm /var/log/letsencrypt -chmod g+rwx /var/log/letsencrypt -chgrp -R adm /etc/letsencrypt/ -chmod -R g+rwx /etc/letsencrypt/ -chgrp adm /var/lib/letsencrypt -chmod g+rwx /var/lib/letsencrypt +ansible-playbook -i inventory -e @secrets.enc --ask-vault-pass frontend.yaml ``` diff --git a/frontend.yaml b/frontend.yaml index def1bb0..437cd82 100755 --- a/frontend.yaml +++ b/frontend.yaml @@ -81,8 +81,6 @@ username: "{{ secrets.GITHUB_ACTOR }}" password: "{{ secrets.GITHUB_TOKEN }}" - # NOTE: This will fail on the first run because the container has not been - # uploaded to the registry yet - name: Start website community.docker.docker_container: name: website @@ -91,3 +89,13 @@ ports: - "3000:3000" state: started + + - name: Start watchtower + community.docker.docker_container: + name: watchtower + image: containrrr/watchtower + restart_policy: always + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /home/matt/.docker/config.json:/config.json + state: started diff --git a/inventory b/inventory index e57ddd8..466473c 100755 --- a/inventory +++ b/inventory @@ -1,5 +1,2 @@ -[kiosk] -kiosk@kiosk.local - [frontend] -rpi4-2.localdomain +rpi4-2.localdomain \ No newline at end of file diff --git a/kiosk.yaml b/kiosk.yaml deleted file mode 100755 index 9a3c3ee..0000000 --- a/kiosk.yaml +++ /dev/null @@ -1,155 +0,0 @@ ---- -- name: Setup kiosk - hosts: kiosk - - vars: - username: kiosk - - docker_add_repo: true - docker_users: - - "{{ username }}" - - - roles: - - role: geerlingguy.docker - become: true - - - tasks: - # - name: Ensure raspi-config is up to date - # become: true - # shell: "raspi-config nonint do_update" - # changed_when: False - - - - - - name: Set autologin - become: true - shell: "raspi-config nonint do_boot_behaviour B2" - # There is no output from this command, so its difficult to see when the mode has changed - - - name: Enable overscan - become: true - shell: "raspi-config nonint do_overscan 1" - - - name: Update packages - become: true - ansible.builtin.apt: - upgrade: safe - update_cache: yes - - - name: Install desktop packages - become: true - ansible.builtin.apt: - install_recommends: false - state: present - pkg: - - xserver-xorg - - x11-xserver-utils - - xinit - - xdotool - - openbox - - - name: Install chromium - become: true - ansible.builtin.apt: - install_recommends: false - state: present - name: chromium-browser - - - name: Install userspace apps - become: true - ansible.builtin.apt: - install_recommends: false - state: present - name: jq - - - name: Configure openbox autostart - become: true - ansible.builtin.blockinfile: - path: /etc/xdg/openbox/autostart - block: | - # Read environment from ~kiosk/config.json - # WEBSITE=$(sed -ne 's/WEBSITE=\(.*\)$/\1/p' /home/kiosksettings) - WEBSITE=$(jq .website ~/kiosk/config.json | sed -e 's/^"//' -e 's/"$//') - # - # Disable screen saver / screen blanking / power management - xset s off - xset s noblank - xset -dpms - # - # Allow quitting X server with CTRL-ALT-Backspace - setxkbmap -option terminate:ctrl_alt_bksp - # Start commands script - cd /home/kiosk && ./control.sh & - # - # Start chromium in kiosk mode - sed -i 's/"exited_cleanly":false/"exited_cleanly":true/' ~/.config/chromium/'Local State' - sed -i 's/"exited_cleanly":false/"exited_cleanly":true/; s/"exit_type":"[^"]\+"/"exit_type":"Normal"/' ~/.config/chromium/Default/Preferences - chromium-browser --disable-infobars --kiosk ${WEBSITE:=https://bit.ly/shelford_kiosk} - - - name: Configure openbox-session - ansible.builtin.blockinfile: - path: /home/{{ username }}/.xinitrc - create: true - line: "exec openbox-session" - - - name: Start window manager - ansible.builtin.lineinfile: - path: /home/{{ username }}/.bash_profile - create: true - line: '[[ -z $DISPLAY && $XDG_VTNR -eq 1 ]] && startx -- -nocursor' - - - name: Setup cron job to reload website on a schedule - ansible.builtin.cron: - name: "Reload kiosk" - minute: "0" - hour: "0,2,4,6,8,10,12,14,16,18,20,22" - job: "DISPLAY=:0.0 xdotool key ctrl+r" - - - name: Create kiosk config directory - ansible.builtin.file: - path: /home/{{ username }}/kiosk - state: directory - mode: '0777' - - - name: Create named pipe for comms from container - command: - cmd: mkfifo -m 0666 /home/{{ username }}/commands - creates: /home/{{ username }}/commands - - - name: Create commands script to enable piping commands from containers - copy: - dest: /home/{{ username }}/control.sh - mode: 0755 - owner: "{{ username }}" - content: | - #!/bin/sh - while true - do - while read -r cmd; do - echo Command ${cmd} - case $cmd in - "restart") - sudo reboot - ;; - *) - echo "Unknown command '${cmd}'" - ;; - esac - done < commands - done - - - - name: Start admin console container - community.docker.docker_container: - name: website - image: hub.apptabulous.co.uk/apptabulous/kiosk:latest - restart_policy: always - ports: - - "80:3000" - volumes: - - "/home/{{ username }}/kiosk:/app/kiosk" - - "/home/{{ username }}/commands:/app/commands" - state: started