From e0d155b74586a36574fab324d06140cdf29472b4 Mon Sep 17 00:00:00 2001 From: Mathieu Garcia Date: Sat, 22 Nov 2025 14:47:47 +0100 Subject: [PATCH 01/10] refactor(docker): use nested docker_private_registry config --- .../paas/roles/ansible-docker/defaults/main.yml | 11 ++++------- .../paas/roles/ansible-docker/tasks/install.yml | 7 ++----- .../roles/ansible-docker/templates/config.json.j2 | 4 ++-- 3 files changed, 8 insertions(+), 14 deletions(-) diff --git a/ansible/playbooks/paas/roles/ansible-docker/defaults/main.yml b/ansible/playbooks/paas/roles/ansible-docker/defaults/main.yml index 5123c51c..db376765 100644 --- a/ansible/playbooks/paas/roles/ansible-docker/defaults/main.yml +++ b/ansible/playbooks/paas/roles/ansible-docker/defaults/main.yml @@ -9,13 +9,10 @@ docker_tls_configuration: false docker_tcp_listen_address: "127.0.0.1" docker_tcp_listen_port: 2376 -docker_private_registry_state: false -docker_private_registry_url: "" -docker_private_registry_username: "" -docker_private_registry_password: "" -docker_private_registry_config: - - /etc/docker/config.json - - /root/.docker/config.json +docker_private_registry: + url: "" + username: "" + password: "" # DNS docker_dns_configuration: true diff --git a/ansible/playbooks/paas/roles/ansible-docker/tasks/install.yml b/ansible/playbooks/paas/roles/ansible-docker/tasks/install.yml index dd13b02f..2f406869 100644 --- a/ansible/playbooks/paas/roles/ansible-docker/tasks/install.yml +++ b/ansible/playbooks/paas/roles/ansible-docker/tasks/install.yml @@ -63,21 +63,18 @@ - name: Create home docker directory ansible.builtin.file: path: "{{ item }}" - recurse: true state: directory mode: '0755' loop: - /root/.docker -- name: Copy config.json +- name: Copy config.json to root directory ansible.builtin.template: src: config.json.j2 - dest: "{{ item }}" + dest: /root/.docker/config.json owner: root group: root mode: '0600' - when: docker_private_registry_state - loop: "{{ docker_private_registry_config }}" notify: Docker_restart - name: Copy daemon.json for DNS resolution diff --git a/ansible/playbooks/paas/roles/ansible-docker/templates/config.json.j2 b/ansible/playbooks/paas/roles/ansible-docker/templates/config.json.j2 index 595fe403..753a6ec5 100644 --- a/ansible/playbooks/paas/roles/ansible-docker/templates/config.json.j2 +++ b/ansible/playbooks/paas/roles/ansible-docker/templates/config.json.j2 @@ -1,7 +1,7 @@ { "auths": { - "{{ docker_private_registry_url }}": { - "auth": "{{ (docker_private_registry_username + ':' + docker_private_registry_password) | b64encode }}" + "{{ docker_private_registry.url }}": { + "auth": "{{ (docker_private_registry.username + ':' + docker_private_registry.password) | b64encode }}" } } } From be505178176c2eee4a90140c25d4256885d206e3 Mon Sep 17 00:00:00 2001 From: Mathieu Garcia Date: Sat, 22 Nov 2025 14:48:16 +0100 Subject: [PATCH 02/10] feat(traefik): support multiple domain aliases in router rule --- ansible/playbooks/saas/roles/traefik/templates/traefik_tag.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/playbooks/saas/roles/traefik/templates/traefik_tag.j2 b/ansible/playbooks/saas/roles/traefik/templates/traefik_tag.j2 index 5b57eca5..6807b530 100644 --- a/ansible/playbooks/saas/roles/traefik/templates/traefik_tag.j2 +++ b/ansible/playbooks/saas/roles/traefik/templates/traefik_tag.j2 @@ -5,7 +5,7 @@ "traefik.http.routers.{{ service_name }}.tls.certresolver=myresolver", "traefik.http.routers.{{ service_name }}.tls.options=mintls12@file", "traefik.http.routers.{{ service_name }}.entrypoints=https", -"traefik.http.routers.{{ service_name }}.rule=Host(`{{ domain }}`){% if software.domain_alias is defined and software.domain_alias != "" %} || Host(`{{ software.domain_alias }}`){% endif %}", +"traefik.http.routers.{{ service_name }}.rule=Host(`{{ domain }}`){% if software.domain_alias is defined and software.domain_alias != "" %}{% for alias in (software.domain_alias | split(',')) %} || Host(`{{ alias }}`){% endfor %}{% endif %}", "traefik.http.middlewares.{{ service_name }}.redirectscheme.scheme=https", "traefik.http.middlewares.{{ service_name }}.redirectscheme.permanent=true", "traefik.http.middlewares.{{ service_name }}-headers.headers.customResponseHeaders.Strict-Transport-Security=max-age=63072000", From 6aecd7c29a407b7bc73192e754b623178d4757c6 Mon Sep 17 00:00:00 2001 From: Mathieu Garcia Date: Sat, 22 Nov 2025 14:48:42 +0100 Subject: [PATCH 03/10] refactor(wordpress): consolidate image variables into single definition --- ansible/playbooks/saas/roles/wordpress/tasks/build.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ansible/playbooks/saas/roles/wordpress/tasks/build.yml b/ansible/playbooks/saas/roles/wordpress/tasks/build.yml index 89be0979..eb4be163 100644 --- a/ansible/playbooks/saas/roles/wordpress/tasks/build.yml +++ b/ansible/playbooks/saas/roles/wordpress/tasks/build.yml @@ -7,9 +7,7 @@ - name: Set custom variables ansible.builtin.set_fact: image_version: "{{ (latest_version | split('-'))[0] }}" - image_name: "{{ image.name }}" - image_labels: "{{ image.labels }}" - image_build: "{{ image.build }}" + image_definition: "{{ image }}" - name: End playbook if no new version ansible.builtin.meta: end_host From c01f0996d0af4fa02f7924cc5c614e78e1df3aa0 Mon Sep 17 00:00:00 2001 From: Mathieu Garcia Date: Sat, 22 Nov 2025 14:48:57 +0100 Subject: [PATCH 04/10] build(wordpress): use private registry for wordpress image --- ansible/playbooks/saas/roles/wordpress/vars/actions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/playbooks/saas/roles/wordpress/vars/actions.yml b/ansible/playbooks/saas/roles/wordpress/vars/actions.yml index c73939b1..c4caf77b 100644 --- a/ansible/playbooks/saas/roles/wordpress/vars/actions.yml +++ b/ansible/playbooks/saas/roles/wordpress/vars/actions.yml @@ -7,4 +7,4 @@ wordpress_actions: - "{{ software_path }}/var/backup:/var/backup:rw" - "/usr/local/bin/wordpress-backup:/usr/local/bin/wordpress-backup:ro" - "/usr/local/bin/wordpress-restore:/usr/local/bin/wordpress-restore:ro" - image: "wordpress:{{ softwares.wordpress.version }}" + image: "{{ docker_private_registry.url }}/wordpress:{{ softwares.wordpress.version }}" From 3f4d6b34450066b901b24a4e9a80042bc0a99e54 Mon Sep 17 00:00:00 2001 From: Mathieu Garcia Date: Sat, 22 Nov 2025 14:49:20 +0100 Subject: [PATCH 05/10] refactor(ui): simplify exposition options in softwares schema Removed unused exposition IDs and renamed for clarity. Updated the EXPOSITIONS array to include only `public`, `local`, and `none` with simplified display names. --- ui/schemas/softwares.js | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/ui/schemas/softwares.js b/ui/schemas/softwares.js index 13328cf4..cee25da7 100644 --- a/ui/schemas/softwares.js +++ b/ui/schemas/softwares.js @@ -9,10 +9,9 @@ NEWSCHEMA('Softwares', function (schema) { ]; const EXPOSITIONS = [ - { id: 'public', name: 'Public domain managed' }, - { id: 'public-unmanaged',name: 'Public domain created manually' }, - { id: 'private', name: 'Local domain' }, - { id: 'none', name: 'None' } + { id: 'public', name: 'Public' }, + { id: 'local', name: 'Local' }, + { id: 'none', name: 'None' } ]; // Helper to validate model fields against the predefined regexes From 2f1f8be9458f1550950030af2dd1e613cd2b00ec Mon Sep 17 00:00:00 2001 From: Mathieu Garcia Date: Fri, 28 Nov 2025 13:41:40 +0100 Subject: [PATCH 06/10] refactor(ui/settings): Reinitialize id during import --- ui/index.js.map | 5 ++--- ui/schemas/infrastructures.js | 14 ++++++-------- ui/schemas/settings.js | 10 +++++----- ui/schemas/softwares.js | 15 ++++++++------- ui/schemas/variables.js | 14 ++++++++------ 5 files changed, 29 insertions(+), 29 deletions(-) diff --git a/ui/index.js.map b/ui/index.js.map index d634edcc..9ed838f4 100644 --- a/ui/index.js.map +++ b/ui/index.js.map @@ -488,7 +488,6 @@ }, { "name": "Infrastructures/import", - "params": "*id:UID", "input": "*color:Color, *description:String, *dtcreated:String, *icon:Icon, isarchived:Boolean, *name:String, *tfstate:Json" }, { @@ -541,7 +540,7 @@ }, { "name": "Softwares/import", - "params": "*id:UID", + "params": "*iid:UID", "input": "*domain:String,domain_alias:String,*exposition:String,*instance:String,*size:String,*software:String,*version:String" }, { @@ -621,7 +620,7 @@ }, { "name": "Variables/import", - "params": "*id:UID", + "params": "*iid:UID", "input": "*key:String, *key2:String, *type:String, *value:Json" } ] diff --git a/ui/schemas/infrastructures.js b/ui/schemas/infrastructures.js index d994072f..1e4433b5 100644 --- a/ui/schemas/infrastructures.js +++ b/ui/schemas/infrastructures.js @@ -194,18 +194,16 @@ NEWSCHEMA('Infrastructures', function (schema) { schema.action('import', { name: 'Import an infrastructure', - params: '*id:UID', input: '*color:Color, *description:String, *dtcreated:String, *icon:Icon, isarchived:Boolean, *name:String, *tfstate:Json', action: async function ($, model) { - const { id } = $.params; + model.id = UID(); + model.uid = $.user.id; model.tfstate = JSON.parse(model.tfstate); + model.dtupdated = NOW; - DATA.modify('nosql/infrastructures', model, true).where('id', id).insert(function(doc) { - doc.uid = $.user.id; - doc.id = id; - doc.dtupdated = NOW; - }); - $.success(); + await DATA.insert('nosql/infrastructures', model).error('@(Error)').promise($); + + $.callback(model.id); } }); }); \ No newline at end of file diff --git a/ui/schemas/settings.js b/ui/schemas/settings.js index 2a0d3061..5acf451e 100644 --- a/ui/schemas/settings.js +++ b/ui/schemas/settings.js @@ -17,8 +17,7 @@ NEWSCHEMA('Settings', function (schema) { // Infrastructure project.infrastructure.tfstate = JSON.stringify(project.infrastructure.tfstate); - await ACTION('Infrastructures/import', project.infrastructure) - .params({ id: project.infrastructure.id }) + let iid = await ACTION('Infrastructures/import', project.infrastructure) .user($.user) .promise($); @@ -26,7 +25,7 @@ NEWSCHEMA('Settings', function (schema) { await Promise.all( (project.softwares ?? []).map(software => ACTION('Softwares/import', software) - .params({ id: software.id }) + .params({ iid: iid }) .user($.user) .promise($) ) @@ -43,7 +42,7 @@ NEWSCHEMA('Settings', function (schema) { variable.value = JSON.stringify(variable.value); return ACTION('Variables/import', variable) - .params({ id: variable.id }) + .params({ iid: iid }) .user($.user) .promise($); }) @@ -191,7 +190,8 @@ NEWSCHEMA('Settings', function (schema) { logError(err, 'settings schema execution'); } - $.callback(ENCRYPT(output, model.password)); + // $.callback(ENCRYPT(output, model.password)); + $.callback(output); } }); }); diff --git a/ui/schemas/softwares.js b/ui/schemas/softwares.js index cee25da7..c623c947 100644 --- a/ui/schemas/softwares.js +++ b/ui/schemas/softwares.js @@ -244,16 +244,17 @@ NEWSCHEMA('Softwares', function (schema) { schema.action('import', { name: 'Import a software', - params: '*id:UID', + params: '*iid:UID', input: '*domain:String,domain_alias:String,*exposition:String,*instance:String,*size:String,*software:String,*version:String', action: async function ($, model) { - const { id } = $.params; - DATA.modify('nosql/softwares', model, true).where('id', id).insert(function(doc) { - doc.uid = $.user.id; - doc.id = id; - doc.dtupdated = NOW; - }); + model.iid = $.params.iid; + model.id = UID(); + model.uid = $.user.id; + model.dtupdated = NOW; + + await DATA.insert('nosql/softwares', model).error('@(Error)').promise($); + $.success(); } }); diff --git a/ui/schemas/variables.js b/ui/schemas/variables.js index 937a9f82..108529ae 100644 --- a/ui/schemas/variables.js +++ b/ui/schemas/variables.js @@ -247,15 +247,17 @@ NEWSCHEMA('Variables', function (schema) { schema.action('import', { name: 'Import a variable', - params: '*id:UID', + params: '*iid:UID', input: '*key:String, *key2:String, *type:String, *value:Json', action: async function ($, model) { - const { id } = $.params; + model.iid = $.params.iid; + model.id = UID(); + model.uid = $.user.id; + model.dtupdated = NOW; model.value = ENCRYPT(model.value, process.env.AUTH_SECRET); - DATA.modify('nosql/variables', model, true).where('id', id).insert(function(doc) { - doc.id = id; - doc.dtupdated = NOW; - }); + + await DATA.insert('nosql/variables', model).error('@(Error)').promise($); + $.success(); } }); From 5a7015d991e8af062a349dc1abe9788912d101ae Mon Sep 17 00:00:00 2001 From: Mathieu Garcia Date: Fri, 28 Nov 2025 13:44:59 +0100 Subject: [PATCH 07/10] feat(docker): add support for custom Docker runtimes Introduce `docker_runtimes` variable in defaults and render it in the `daemon.json` template, enabling configuration of additional runtimes (e.g., nvidia). This enhances flexibility without altering existing behaviour. --- .../playbooks/paas/roles/ansible-docker/defaults/main.yml | 6 ++++++ .../paas/roles/ansible-docker/templates/daemon.json.j2 | 6 +++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/ansible/playbooks/paas/roles/ansible-docker/defaults/main.yml b/ansible/playbooks/paas/roles/ansible-docker/defaults/main.yml index db376765..36380a0a 100644 --- a/ansible/playbooks/paas/roles/ansible-docker/defaults/main.yml +++ b/ansible/playbooks/paas/roles/ansible-docker/defaults/main.yml @@ -22,6 +22,12 @@ docker_dns_servers: docker_metrics_addr: "{{ docker_tcp_listen_address }}:9323" +docker_runtimes: [] + # - key: nvidia + # value: + # args: {} + # path: nvidia-container-runtime + # TLS # CA docker_ca_install_tls_ca_host: localhost diff --git a/ansible/playbooks/paas/roles/ansible-docker/templates/daemon.json.j2 b/ansible/playbooks/paas/roles/ansible-docker/templates/daemon.json.j2 index 95048c5e..6dcbb879 100644 --- a/ansible/playbooks/paas/roles/ansible-docker/templates/daemon.json.j2 +++ b/ansible/playbooks/paas/roles/ansible-docker/templates/daemon.json.j2 @@ -1,4 +1,8 @@ { "metrics-addr" : "{{ docker_metrics_addr }}", - "dns": [{% for item in docker_dns_servers %}"{{ item }}"{% if not loop.last %},{% endif %}{% endfor %}] + "dns": [{% for item in docker_dns_servers %}"{{ item }}"{% if not loop.last %},{% endif %}{% endfor %}], + "runtimes": { + {%- for runtime in docker_runtimes | default([]) -%} + "{{ runtime.key }}": {{ runtime.value | to_json }}{% if not loop.last %},{% endif %}{% endfor %} + } } From 821132f34fb68db44b021eac2e90e87649297969 Mon Sep 17 00:00:00 2001 From: Mathieu Garcia Date: Fri, 28 Nov 2025 13:45:25 +0100 Subject: [PATCH 08/10] fix(coredns): correct address templating in Corefile Update Corefile template to use proper hostvars lookup for the Nomad address. Adjust upstream.yml to build the GitHub API URL via string concatenation, fixing malformed URL generation. --- ansible/playbooks/paas/roles/coredns/templates/Corefile.j2 | 2 +- ansible/playbooks/paas/roles/coredns/vars/upstream.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/playbooks/paas/roles/coredns/templates/Corefile.j2 b/ansible/playbooks/paas/roles/coredns/templates/Corefile.j2 index 9dd4e207..f74e37f3 100644 --- a/ansible/playbooks/paas/roles/coredns/templates/Corefile.j2 +++ b/ansible/playbooks/paas/roles/coredns/templates/Corefile.j2 @@ -4,7 +4,7 @@ service.nomad.:1053 { #debug #log nomad { - address https://{{ hostvars[nomad_primary_master_node | default(inventory_hostname)]['ansible_' + nomad_iface].ipv4.address | default('127.0.0.1') }}:4646 + address https://{{ hostvars[nomad_primary_master_node | default(inventory_hostname)]['ansible_' + hostvars[nomad_primary_master_node | default(inventory_hostname)].nomad_iface].ipv4.address | default('127.0.0.1') }}:4646 token {{ lookup('simple-stack-ui', type='secret', key=nomad_primary_master_node | default(inventory_hostname), subkey='nomad_management_token', missing='error') }} ttl 10 } diff --git a/ansible/playbooks/paas/roles/coredns/vars/upstream.yml b/ansible/playbooks/paas/roles/coredns/vars/upstream.yml index 036aa64c..df805dec 100644 --- a/ansible/playbooks/paas/roles/coredns/vars/upstream.yml +++ b/ansible/playbooks/paas/roles/coredns/vars/upstream.yml @@ -1,4 +1,4 @@ --- -latest_version: "{{ (lookup('url', 'https://api.github.com/repos/{{ image.upstream.user }}/{{ image.upstream.repo }}/releases/latest', headers={'Accept': 'application/vnd.github+json', 'Authorization': 'Bearer ' + lookup('ansible.builtin.env', 'GITHUB_API_TOKEN') }) | from_json).get('tag_name') | replace('v', '') }}" +latest_version: "{{ (lookup('url', 'https://api.github.com/repos/' + image.upstream.user + '/' + image.upstream.repo + '/releases/latest', headers={'Accept': 'application/vnd.github+json', 'Authorization': 'Bearer ' + lookup('ansible.builtin.env', 'GITHUB_API_TOKEN') }) | from_json).get('tag_name') | replace('v', '') }}" upstream_file_name: "{{ image.upstream.file | replace('REPO', image.upstream.repo) | replace('VERSION', latest_version) | replace('OS', image.upstream.os) | replace('ARCH', upstream_default_arch) | replace('FORMAT', image.upstream.format) }}" upstream_file_url: "https://github.com/{{ image.upstream.user }}/{{ image.upstream.repo }}/releases/download/v{{ latest_version }}/{{ upstream_file_name }}" From 3e144e8900f22de8ad009c1d54a96d5495aec776 Mon Sep 17 00:00:00 2001 From: Mathieu Garcia Date: Fri, 28 Nov 2025 13:45:54 +0100 Subject: [PATCH 09/10] refactor(ui): remove status field from variable schema --- ui/index.js.map | 4 ++-- ui/public/forms/variable.html | 3 --- ui/schemas/variables.js | 3 +-- 3 files changed, 3 insertions(+), 7 deletions(-) diff --git a/ui/index.js.map b/ui/index.js.map index 9ed838f4..2e07593c 100644 --- a/ui/index.js.map +++ b/ui/index.js.map @@ -308,7 +308,7 @@ "auth": 1, "params": "id:string", "id": "variables_update", - "input": "*type:String, *key:String, status:Boolean, value:String", + "input": "*type:String, *key:String, value:String", "name": "Update a variable set" }, { @@ -608,7 +608,7 @@ { "name": "Variables/update", "params": "*id:UID", - "input": "*type:String, *key:String, status:Boolean, value:String" + "input": "*type:String, *key:String, value:String" }, { "name": "Variables/remove", diff --git a/ui/public/forms/variable.html b/ui/public/forms/variable.html index e5f2afbe..9c25de74 100644 --- a/ui/public/forms/variable.html +++ b/ui/public/forms/variable.html @@ -17,9 +17,6 @@
-
- @(Use this key in inventory) -