First real service role. NetBird v0.72.4 self-hosted control plane: single netbirdio/netbird-server:0.72.4 (management + signal + relay + STUN + embedded Dex) plus netbirdio/dashboard:v2.39.0, both on the shared boma Docker network so the M4a Caddy fronts them. Renders docker-compose.yml + config.yaml (secrets from vault.netbird.*, no_log) + dashboard.env. STUN 3478/udp host-exposed; everything else via the proxy. netbird_coordinator__manage gates the compose-up for Molecule. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
38 lines
1 KiB
YAML
38 lines
1 KiB
YAML
---
|
|
- name: Ensure the service directory exists
|
|
ansible.builtin.file:
|
|
path: "{{ netbird_coordinator__base_dir }}"
|
|
state: directory
|
|
mode: "0750"
|
|
tags: [config]
|
|
|
|
- name: Render the combined server config
|
|
ansible.builtin.template:
|
|
src: config.yaml.j2
|
|
dest: "{{ netbird_coordinator__base_dir }}/config.yaml"
|
|
mode: "0640"
|
|
no_log: true # holds authSecret + datastore encryption key
|
|
notify: restart netbird
|
|
tags: [config]
|
|
|
|
- name: Render the dashboard env file
|
|
ansible.builtin.template:
|
|
src: dashboard.env.j2
|
|
dest: "{{ netbird_coordinator__base_dir }}/dashboard.env"
|
|
mode: "0644"
|
|
notify: restart netbird
|
|
tags: [config]
|
|
|
|
- name: Render the compose file
|
|
ansible.builtin.template:
|
|
src: docker-compose.yml.j2
|
|
dest: "{{ netbird_coordinator__base_dir }}/docker-compose.yml"
|
|
mode: "0644"
|
|
tags: [config]
|
|
|
|
- name: Bring the NetBird coordinator up
|
|
community.docker.docker_compose_v2:
|
|
project_src: "{{ netbird_coordinator__base_dir }}"
|
|
state: present
|
|
when: netbird_coordinator__manage | bool
|
|
tags: [deploy]
|