liph/dotfiles_arch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1baf5ecddf015a10593b6209dc1bfcf095019f3d
dotfiles_arch/ansible/AGENTS.md
liph 8925d9677e added ansible script
2026-02-16 23:40:30 +01:00

260 lines
7.5 KiB
Markdown
Raw Blame History

# Agent Guidelines for Ansible Infrastructure Repository
This repository contains Docker Compose infrastructure configurations for deploying self-hosted productivity services. This document provides guidelines for AI coding agents working in this repository.
## Project Overview
**Type:** Docker Compose Infrastructure Project
**Primary Technology:** Docker, Docker Compose
**Purpose:** Deployment configurations for self-hosted productivity stack including Nextcloud, OnlyOffice, Excalidraw, and Obsidian
## Repository Structure
```
/home/liph/programming/ansible/
└── nextcloud/
├── docker-compose.yml # Main orchestration file (5 services)
└── .env # Environment variables
```
## Commands
### Docker Compose Operations
```bash
# Navigate to service directory
cd nextcloud/
# Start all services
docker compose up -d
# Start specific service
docker compose up -d <service-name>
# Stop all services
docker compose down
# Stop and remove volumes (DESTRUCTIVE)
docker compose down -v
# View logs for all services
docker compose logs -f
# View logs for specific service
docker compose logs -f <service-name>
# Restart a service
docker compose restart <service-name>
# Rebuild and restart service
docker compose up -d --build <service-name>
# Validate docker-compose.yml syntax
docker compose config
# List running services
docker compose ps
```
### Service Names
- `excalidraw` - Drawing/whiteboard tool (port 3009)
- `next-db` - PostgreSQL 18 database
- `next` - Nextcloud main application (port 8808)
- `onlyoffice` - Document server (port 8000)
- `obsidian` - Note-taking app (ports 3004-3005)
### Testing
No automated tests exist. Manual testing workflow:
1. Validate syntax: `docker compose config`
2. Start services: `docker compose up -d`
3. Check health: `docker compose ps`
4. Review logs: `docker compose logs`
5. Test endpoints: `curl localhost:8808` (Nextcloud), etc.
## Code Style Guidelines
### YAML Formatting (docker-compose.yml)
**Indentation:**
- Use 2 spaces for indentation (NO tabs)
- Maintain consistent indentation levels
**Structure:**
```yaml
services:
service-name:
image: docker.io/image:tag
container_name: container-name
depends_on:
- dependency
ports:
- "host:container"
environment:
- KEY=value
- KEY=${ENV_VAR}
volumes:
- volume_name:/container/path
- ./host/path:/container/path
restart: unless-stopped
networks:
- network_name
```
**Naming Conventions:**
- Container names: Use kebab-case (e.g., `next-db`, `next-redis`)
- Service names: Use snake_case or kebab-case consistently
- Volume names: Use snake_case (e.g., `nextcloud_data`, `pg_data`)
- Network names: Use snake_case with project prefix (e.g., `nextcloud_network`)
**Environment Variables:**
- Reference .env variables using `${VAR_NAME}` syntax
- Never hardcode sensitive data (passwords, secrets) in docker-compose.yml
- Use explicit environment variable declarations with `-` prefix
**Image Specifications:**
- Always use fully qualified image names: `docker.io/image:tag`
- Pin specific versions for production (avoid `:latest` in production)
- Current exception: development environment uses `:latest` tags
**Volumes:**
- Named volumes for persistent data (defined in volumes section)
- Bind mounts for configuration files using `./relative/path`
- Always specify volume mount destination path
- CRITICAL: Never leave empty volume definitions (e.g., `- :/path`)
**Comments:**
- Use `#` for comments
- Add comments above service definitions to describe purpose
- Comment out optional services with `# ` prefix on each line
### Environment Files (.env)
**Format:**
```bash
# Database Configuration
DB_PASSWORD=secure_password_here
DB_USERNAME=nextcloud
DB_DATABASE_NAME=nextcloud
DB_HOST=next-db
# User/Group IDs
PUID=33
PGID=1000
```
**Rules:**
- One variable per line: `KEY=value`
- No spaces around `=`
- No quotes needed for values
- Group related variables with comment headers
- Never commit sensitive values (use placeholders or .env.example)
- All variables must have values (no empty assignments)
### Security Guidelines
1. **Secrets Management:**
- Never hardcode passwords in docker-compose.yml
- Use .env file for credentials (ensure .env is in .gitignore)
- Consider Docker secrets for sensitive production data
- Rotate default passwords immediately
2. **Current Security Issues to Fix:**
- Line 53 in docker-compose.yml: Remove hardcoded admin password
- .env file: All database credentials are empty
- Consider enabling JWT for OnlyOffice (currently disabled)
3. **Network Security:**
- Use isolated Docker networks for service communication
- Only expose necessary ports to host
- Consider reverse proxy (nginx/traefik) for HTTPS termination
### Error Handling
**Validation Steps Before Committing:**
1. Run `docker compose config` to validate YAML syntax
2. Ensure all volume mount paths are complete
3. Verify all environment variables are defined in .env
4. Check for hardcoded secrets
5. Confirm port conflicts with `docker compose ps`
**Common Issues:**
- Empty volume definitions: Always specify source and destination
- Missing environment variables: Define all referenced vars in .env
- Port conflicts: Use `docker ps` to check existing port bindings
- Network errors: Ensure services on same network can communicate
### Configuration Management
**Volume Mapping Patterns:**
```yaml
# Named volume (recommended for data)
volumes:
- nextcloud_data:/var/www/html
# Bind mount with SELinux label (for config)
volumes:
- ./config:/var/www/html/config:Z
# Bind mount with shared label
volumes:
- ./vault:/vault:z
```
**Restart Policies:**
- Use `restart: unless-stopped` for production services
- Avoid `restart: always` (harder to stop deliberately)
- Use `restart: on-failure` for development/debugging
### Database Configuration
**PostgreSQL Environment Variables:**
- `POSTGRES_DB` - Database name
- `POSTGRES_USER` - Database user
- `POSTGRES_PASSWORD` - Database password
**Nextcloud Database Connection:**
- `POSTGRES_HOST` - Hostname (service name: `next-db`)
- Must match database service configuration
### Best Practices
1. **Service Dependencies:**
- Use `depends_on` to define startup order
- Note: `depends_on` doesn't wait for "ready" state
2. **Resource Limits:**
- Consider adding memory/CPU limits for production
- Current config uses `mem_swappiness: -1` for Nextcloud
3. **Timezone Configuration:**
- Set `TZ` environment variable for correct timestamps
- Current: `TZ=Europe/Zurich` (Excalidraw), `TZ=Etc/UTC` (Obsidian)
4. **Data Persistence:**
- Always use named volumes for important data
- Define volumes in top-level `volumes:` section
- Backup volume data regularly
5. **Making Changes:**
- Test changes in development before production
- Use `docker compose config` to validate
- Review diff carefully before applying
- Document breaking changes
## Development Workflow
1. Make changes to docker-compose.yml or .env
2. Validate: `docker compose config`
3. Apply changes: `docker compose up -d`
4. Verify: `docker compose ps && docker compose logs`
5. Test affected services manually
6. Document changes in commit message
## Critical Fixes Needed
- [ ] Complete empty volume mount paths (lines 21, 55-57, 74, 89-90)
- [ ] Remove hardcoded admin password (line 53)
- [ ] Populate database credentials in .env file
- [ ] Add .gitignore to exclude .env from version control
- [ ] Consider adding docker-compose.override.yml for local development
Reference in New Issue View Git Blame Copy Permalink