boma/roles/netbird_coordinator/tasks/main.yml
sjat ab1b0678ab feat(netbird): coordinator service role (combined server + dashboard, v0.72.4)
First real service role. NetBird v0.72.4 self-hosted control plane: single
netbirdio/netbird-server:0.72.4 (management + signal + relay + STUN + embedded
Dex) plus netbirdio/dashboard:v2.39.0, both on the shared boma Docker network so
the M4a Caddy fronts them. Renders docker-compose.yml + config.yaml (secrets from
vault.netbird.*, no_log) + dashboard.env. STUN 3478/udp host-exposed; everything
else via the proxy. netbird_coordinator__manage gates the compose-up for Molecule.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-15 17:49:57 +02:00

38 lines
1 KiB
YAML

---
- name: Ensure the service directory exists
ansible.builtin.file:
path: "{{ netbird_coordinator__base_dir }}"
state: directory
mode: "0750"
tags: [config]
- name: Render the combined server config
ansible.builtin.template:
src: config.yaml.j2
dest: "{{ netbird_coordinator__base_dir }}/config.yaml"
mode: "0640"
no_log: true # holds authSecret + datastore encryption key
notify: restart netbird
tags: [config]
- name: Render the dashboard env file
ansible.builtin.template:
src: dashboard.env.j2
dest: "{{ netbird_coordinator__base_dir }}/dashboard.env"
mode: "0644"
notify: restart netbird
tags: [config]
- name: Render the compose file
ansible.builtin.template:
src: docker-compose.yml.j2
dest: "{{ netbird_coordinator__base_dir }}/docker-compose.yml"
mode: "0644"
tags: [config]
- name: Bring the NetBird coordinator up
community.docker.docker_compose_v2:
project_src: "{{ netbird_coordinator__base_dir }}"
state: present
when: netbird_coordinator__manage | bool
tags: [deploy]