From ecab24c02fbd5d9e3a8f12b842ea429458e9edfe Mon Sep 17 00:00:00 2001 From: Beta Date: Wed, 26 Nov 2025 13:11:59 -0300 Subject: [PATCH 01/10] VPS 4 testing --- hosts.production | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hosts.production b/hosts.production index 7af3cda..6fc5e94 100644 --- a/hosts.production +++ b/hosts.production @@ -11,3 +11,9 @@ ansible_ssh_user=root sutty.nl [sutty:vars] + +[testing] +157.180.114.62 + +[testing:vars] +ansible_ssh_user=root -- 2.49.0 From 7cdf7bb8856a1bc0b9bd102250d3ba73a320d3d2 Mon Sep 17 00:00:00 2001 From: Beta Date: Wed, 26 Nov 2025 14:41:57 -0300 Subject: [PATCH 02/10] ej de test net --- testnet.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 testnet.yml diff --git a/testnet.yml b/testnet.yml new file mode 100644 index 0000000..f9c621b --- /dev/null +++ b/testnet.yml @@ -0,0 +1,23 @@ +althost: testnet +matrix: + - service_name: comun + roles: + - kemal + domains: + - comun.abyayala.red + + - service_name: dns + roles: + - knsupdate + + - service_name: vpn + roles: + - rap + nodos: + - qi + + - service_name: qi + domains: + - qi.abyayala.red + nodo: qi.comun +# force_https: yes \ No newline at end of file -- 2.49.0 From fd57ecd546de7ed7302bc60ac9a36d8cd90a5357 Mon Sep 17 00:00:00 2001 From: Beta Date: Wed, 26 Nov 2025 15:17:46 -0300 Subject: [PATCH 03/10] =?UTF-8?q?fix:=20soporte=20autom=C3=A1tico=20para?= =?UTF-8?q?=20Debian=2012=20y=2013=20en=20repositorio=20Docker?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Reemplaza 'bookworm' hardcodeado con detección automática usando ansible_distribution_release - Agrega validación explícita que solo permite Debian 12 (bookworm) o 13 (trixie) - Mensaje de error claro si se intenta usar en versión no soportada - Comentarios actualizados indicando versiones soportadas Esto permite que el rol funcione automáticamente en Debian 12 y 13 sin necesidad de cambios manuales en el código. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- roles/althost/tasks/main.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/althost/tasks/main.yml b/roles/althost/tasks/main.yml index 163e3df..495d836 100644 --- a/roles/althost/tasks/main.yml +++ b/roles/althost/tasks/main.yml @@ -1,6 +1,14 @@ # DOCKER CE this is specific for Debian # https://docs.docker.com/install/linux/docker-ce/debian/ + # Supports Debian 12 (bookworm) and Debian 13 (trixie) - block: + - name: verify debian version is supported + assert: + that: + - ansible_distribution == "Debian" + - ansible_distribution_release in ['bookworm', 'trixie'] + fail_msg: "This role only supports Debian 12 (bookworm) or Debian 13 (trixie). Current: {{ ansible_distribution }} {{ ansible_distribution_release }}" + success_msg: "Debian {{ ansible_distribution_release }} detected - proceeding with installation" - name: "unattended upgrades" apt: name: "unattended-upgrades" @@ -18,7 +26,7 @@ - name: docker apt repository apt_repository: - repo: deb [arch=amd64] https://download.docker.com/linux/debian bookworm stable + repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable" - name: install docker community edition apt: -- 2.49.0 From 6ed17848cd0327e0b6f8665e0ade13626f95cd30 Mon Sep 17 00:00:00 2001 From: Beta Date: Wed, 26 Nov 2025 15:54:08 -0300 Subject: [PATCH 04/10] =?UTF-8?q?fix:=20eliminar=20m=C3=B3dulos=20Python?= =?UTF-8?q?=20deprecados=20y=20break=5Fsystem=5Fpackages?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cambios realizados: - Instalar Docker Compose v2 via docker-compose-plugin (apt) en lugar de pip - Especificar paquetes Docker explícitamente: docker-ce, docker-ce-cli, containerd.io, docker-compose-plugin - Reemplazar instalación de python-docker via pip por python3-docker desde apt - Eliminar break_system_packages que rompe aislamiento PEP 668 - Eliminar instalación obsoleta de docker-compose via pip Beneficios: - Cumple con PEP 668 (externally managed environments) - Docker Compose v2 más rápido y mejor integrado - Gestión de paquetes más limpia y mantenible - Compatible con Debian 12 y 13 Refs: - https://peps.python.org/pep-0668/ - https://docs.docker.com/compose/install/linux/ - https://packages.debian.org/bookworm/python3-docker --- roles/althost/tasks/main.yml | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/roles/althost/tasks/main.yml b/roles/althost/tasks/main.yml index 163e3df..8e5fff8 100644 --- a/roles/althost/tasks/main.yml +++ b/roles/althost/tasks/main.yml @@ -20,9 +20,13 @@ apt_repository: repo: deb [arch=amd64] https://download.docker.com/linux/debian bookworm stable - - name: install docker community edition + - name: install docker community edition and compose plugin apt: - name: docker-ce + name: + - docker-ce + - docker-ce-cli + - containerd.io + - docker-compose-plugin update_cache: yes - name: is node already in swarm mode @@ -48,23 +52,11 @@ state: present # ansible-docker requirements - - name: python package docker-py is deprecated - pip: - name: docker-py - state: absent - break_system_packages: true - - - name: ensure python package docker is present - pip: - name: docker + # Use system packages instead of pip to avoid break_system_packages + - name: ensure python3-docker package is present + apt: + name: python3-docker state: present - break_system_packages: true - - - name: ensure python package docker-compose is present - pip: - name: docker-compose - state: present - break_system_packages: true tags: installation -- 2.49.0 From 71e6eb94292e6cea79bbbf428f1183cf1446479a Mon Sep 17 00:00:00 2001 From: Beta Date: Wed, 26 Nov 2025 16:10:51 -0300 Subject: [PATCH 05/10] fix: reemplazar apt_key y apt_repository deprecados con deb822 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Reemplazar apt_key con get_url + keyrings directory - Reemplazar apt_repository con deb822_repository (formato moderno) - Detección automática de Debian 12 (bookworm) y 13 (trixie) - Llave GPG específica por repositorio (más seguro) - Requiere Ansible 2.15+ Beneficios: - Formato DEB822 moderno y no deprecado - Mayor seguridad con llaves por repositorio - Compatible con Debian 12 y 13 - Cumple con mejores prácticas actuales Refs: - https://docs.ansible.com/ansible/latest/collections/ansible/builtin/deb822_repository_module.html - https://manpages.debian.org/bookworm/apt/sources.list.5.en.html --- roles/althost/tasks/main.yml | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/roles/althost/tasks/main.yml b/roles/althost/tasks/main.yml index 163e3df..3e0fe7b 100644 --- a/roles/althost/tasks/main.yml +++ b/roles/althost/tasks/main.yml @@ -1,24 +1,39 @@ # DOCKER CE this is specific for Debian # https://docs.docker.com/install/linux/docker-ce/debian/ + # Supports Debian 12 (bookworm) and Debian 13 (trixie) + # Requires Ansible 2.15+ for deb822_repository module - block: - name: "unattended upgrades" apt: name: "unattended-upgrades" state: "present" - + - name: required packages apt: name: ['apt-transport-https', 'ca-certificates', 'curl', 'gnupg2', 'software-properties-common', 'python3-pip'] state: present - - name: docker signing key - apt_key: + - name: create keyrings directory + file: + path: /etc/apt/keyrings + state: directory + mode: '0755' + + - name: download docker gpg key + get_url: url: https://download.docker.com/linux/debian/gpg - state: present - - - name: docker apt repository - apt_repository: - repo: deb [arch=amd64] https://download.docker.com/linux/debian bookworm stable + dest: /etc/apt/keyrings/docker.asc + mode: '0644' + + - name: add docker repository with deb822 format + deb822_repository: + name: docker + types: [deb] + uris: https://download.docker.com/linux/debian + suites: ["{{ ansible_distribution_release }}"] + components: [stable] + architectures: [amd64] + signed_by: /etc/apt/keyrings/docker.asc - name: install docker community edition apt: -- 2.49.0 From 733c9930e260bbb459bdc2b5b58708e009d5ba5c Mon Sep 17 00:00:00 2001 From: Beta Date: Wed, 26 Nov 2025 16:29:00 -0300 Subject: [PATCH 06/10] fix: reemplazar local_action deprecado con delegate_to MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Reemplazar 9 usos de local_action con delegate_to: localhost - 7 cambios en compose.yml (stat, blockinfile, lineinfile) - 2 cambios en main.yml (file, template) - Agregar ansible_connection=local en hosts.production para localhost Beneficios: - Cumple con mejores prácticas de Ansible - Sintaxis moderna y no deprecada - Evita intentos de conexión SSH a localhost - Mismo comportamiento funcional que local_action Refs: - https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_delegation.html --- hosts.production | 2 +- roles/althost/tasks/compose.yml | 28 ++++++++++++++-------------- roles/althost/tasks/main.yml | 10 +++++----- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/hosts.production b/hosts.production index 7af3cda..4b4a130 100644 --- a/hosts.production +++ b/hosts.production @@ -1,5 +1,5 @@ [localhost] -127.0.0.1 +127.0.0.1 ansible_connection=local [hetzner] 5.161.236.18 diff --git a/roles/althost/tasks/compose.yml b/roles/althost/tasks/compose.yml index b69e8d0..6f4140a 100644 --- a/roles/althost/tasks/compose.yml +++ b/roles/althost/tasks/compose.yml @@ -1,13 +1,13 @@ - name: check if service volumes exists - local_action: - module: stat + stat: path: "{{ playbook_dir }}/roles/{{ item.roles[0] | default('proxy') }}/templates/volumes.yml" + delegate_to: localhost register: volumes_def - name: check if service networks exists - local_action: - module: stat + stat: path: "{{ playbook_dir }}/roles/{{ item.roles[0] | default('proxy') }}/templates/networks.yml" + delegate_to: localhost register: networks_def - set_fact: @@ -22,53 +22,53 @@ when: networks_def.stat.exists - name: define services in local composition - local_action: - module: blockinfile + blockinfile: path: "{{ local_compose_path }}/docker-compose.yml" insertafter: "services:" marker: "# {mark} {{ service_name|upper }}" block: "{{ services_content }}" + delegate_to: localhost changed_when: false - name: define volumes in local composition - local_action: - module: lineinfile + lineinfile: path: "{{ local_compose_path }}/docker-compose.yml" insertafter: "# volumenes compartidos" line: "volumes: #" state: present regexp: "volumes: #" + delegate_to: localhost when: volumes_def.stat.exists changed_when: false - name: define volumes content in local composition - local_action: - module: lineinfile + lineinfile: path: "{{ local_compose_path }}/docker-compose.yml" insertafter: "volumes: #" line: "{{ volumes_content }}" state: present regexp: "{{ volumes_content }}" + delegate_to: localhost when: volumes_content is defined changed_when: false - name: define networks in local composition - local_action: - module: lineinfile + lineinfile: path: "{{ local_compose_path }}/docker-compose.yml" insertafter: "# redes compartidas" line: "networks: #" state: present regexp: "networks: #" + delegate_to: localhost when: networks_def.stat.exists changed_when: false - name: define networks content in local composition - local_action: - module: lineinfile + lineinfile: path: "{{ local_compose_path }}/docker-compose.yml" insertafter: "networks: #" line: "{{ networks_content }}" state: present + delegate_to: localhost when: networks_content is defined changed_when: false diff --git a/roles/althost/tasks/main.yml b/roles/althost/tasks/main.yml index 163e3df..cae4516 100644 --- a/roles/althost/tasks/main.yml +++ b/roles/althost/tasks/main.yml @@ -74,16 +74,16 @@ file: path={{ compose_path }} state=directory - name: make sure local compose path exists - local_action: - module: file - path: "{{ local_compose_path }}" + file: + path: "{{ local_compose_path }}" state: directory + delegate_to: localhost - name: clean docker-compose.yml - local_action: - module: template + template: dest: "{{ local_compose_path }}/docker-compose.yml" src: roles/althost/templates/docker-compose.yml + delegate_to: localhost changed_when: false - name: execute roles per domain mapping -- 2.49.0 From cdadee266ed4e5e8f8e261ba637f7f445d2274ae Mon Sep 17 00:00:00 2001 From: Beta Date: Wed, 26 Nov 2025 16:32:29 -0300 Subject: [PATCH 07/10] proxy nodo llavero --- abyayala.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/abyayala.yml b/abyayala.yml index 65712f4..ac48b17 100644 --- a/abyayala.yml +++ b/abyayala.yml @@ -227,3 +227,9 @@ matrix: - kaasavi.abyaya.la nodo: kaasavi.comun force_https: yes + + - service_name: llavero + domains: + - llavero.abyaya.la + nodo: llavero.comun + force_https: yes \ No newline at end of file -- 2.49.0 From 0e2d64d39ea1ef2d07bbb56c83159cc07917cb4c Mon Sep 17 00:00:00 2001 From: Beta Date: Wed, 26 Nov 2025 17:42:40 -0300 Subject: [PATCH 08/10] actualizacion de deprecaciones en instalacion --- roles/althost/tasks/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/althost/tasks/main.yml b/roles/althost/tasks/main.yml index ba2ff66..4273177 100644 --- a/roles/althost/tasks/main.yml +++ b/roles/althost/tasks/main.yml @@ -1,7 +1,6 @@ # DOCKER CE this is specific for Debian # https://docs.docker.com/install/linux/docker-ce/debian/ - # Supports Debian 12 (bookworm) and Debian 13 (trixie) - # Requires Ansible 2.15+ for deb822_repository module + # Soporta Debian 12 (bookworm) y Debian 13 (trixie) - block: - name: "unattended upgrades" apt: -- 2.49.0 From 82f6c6280362ddfae8f3964b4c41a2428a8db058 Mon Sep 17 00:00:00 2001 From: Beta Date: Wed, 26 Nov 2025 18:05:47 -0300 Subject: [PATCH 09/10] fix: actualizar prerequisitos para compatibilidad Debian 12 y 13 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Eliminar software-properties-common (no existe en Debian, solo Ubuntu) - Eliminar apt-transport-https (incluido por defecto en Debian moderno) - Eliminar gnupg2 (no requerido explícitamente) - Mantener solo paquetes esenciales: ca-certificates, curl, python3-pip Cumple con requisitos oficiales de Docker para Debian: https://docs.docker.com/engine/install/debian/ Compatible con Debian 12 (bookworm) y 13 (trixie) --- roles/althost/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/althost/tasks/main.yml b/roles/althost/tasks/main.yml index 3e0fe7b..d20a9df 100644 --- a/roles/althost/tasks/main.yml +++ b/roles/althost/tasks/main.yml @@ -10,7 +10,7 @@ - name: required packages apt: - name: ['apt-transport-https', 'ca-certificates', 'curl', 'gnupg2', 'software-properties-common', 'python3-pip'] + name: ['ca-certificates', 'curl', 'python3-pip'] state: present - name: create keyrings directory -- 2.49.0 From 51bd9c9935a27b29edbb38e7446edc6dd85d5b0e Mon Sep 17 00:00:00 2001 From: Beta Date: Wed, 26 Nov 2025 18:13:55 -0300 Subject: [PATCH 10/10] =?UTF-8?q?feat:=20agregar=20configuraci=C3=B3n=20gr?= =?UTF-8?q?oup=5Fvars=20para=20host=20testing?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Definir host_ip: 157.180.114.62 - Requerido por rol knsupdate y certbot --- group_vars/testing/vars | 1 + 1 file changed, 1 insertion(+) create mode 100644 group_vars/testing/vars diff --git a/group_vars/testing/vars b/group_vars/testing/vars new file mode 100644 index 0000000..d43597d --- /dev/null +++ b/group_vars/testing/vars @@ -0,0 +1 @@ +host_ip: 157.180.114.62 -- 2.49.0