Update appwrite provitioning

playbooks/files/container-compose.yml

@@ -0,0 +1,837 @@
+# WARNING!
+x-logging: &x-logging
+  logging:
+    driver: 'json-file'
+    options:
+      max-file: '5'
+      max-size: '10m'
+version: '3'
+
+services:
+  traefik:
+    image: docker.io/traefik:2.9
+    container_name: appwrite-traefik
+    <<: *x-logging
+    command:
+      - --providers.file.directory=/storage/config
+      - --providers.file.watch=true
+      - --providers.docker=true
+      - --providers.docker.exposedByDefault=false
+      - --providers.docker.constraints=Label(`traefik.constraint-label-stack`,`appwrite`)
+      - --entrypoints.appwrite_web.address=:80
+      - --entrypoints.appwrite_websecure.address=:443
+      - --entrypoints.appwrite_websecure.forwardedHeaders.trustedIPs=10.0.0.0/8
+      - --entrypoints.appwrite_websecure.proxyProtocol.trustedIPs=10.0.0.0/8
+#      - --entrypoints.appwrite_web.forwardedHeaders.trustedIPs=192.168.2.1/32
+#      - --entrypoints.appwrite_web.proxyProtocol.trustedIPs=192.168.2.1/32
+#      - --entrypoints.appwrite_websecure.forwardedHeaders.trustedIPs=192.168.2.1/32
+#      - --entrypoints.appwrite_websecure.proxyProtocol.trustedIPs=192.168.2.1/32
+      - --accesslog=true
+    restart: unless-stopped
+    ports:
+      - 8080:80
+      - 8443:443
+    security_opt:
+      - label=disable
+    volumes:
+      - /run/user/1000/podman/podman.sock:/var/run/docker.sock:z
+      - appwrite-config:/storage/config:ro
+      - appwrite-certificates:/storage/certificates:ro
+    depends_on:
+      - appwrite
+    networks:
+      - gateway
+      - appwrite
+
+  appwrite:
+    image: docker.io/appwrite/appwrite:1.4.13
+    container_name: appwrite
+    <<: *x-logging
+    restart: unless-stopped
+    networks:
+      - appwrite
+    labels:
+      - traefik.enable=true
+      - traefik.constraint-label-stack=appwrite
+      - traefik.docker.network=appwrite
+      - traefik.http.services.appwrite_api.loadbalancer.server.port=80
+      #http
+      - traefik.http.routers.appwrite_api_http.entrypoints=appwrite_web
+      - traefik.http.routers.appwrite_api_http.rule=PathPrefix(`/`)
+      - traefik.http.routers.appwrite_api_http.service=appwrite_api
+      # https
+      - traefik.http.routers.appwrite_api_https.entrypoints=appwrite_websecure
+      - traefik.http.routers.appwrite_api_https.rule=PathPrefix(`/`)
+      - traefik.http.routers.appwrite_api_https.service=appwrite_api
+      - traefik.http.routers.appwrite_api_https.tls=true
+    volumes:
+      - appwrite-uploads:/storage/uploads:rw
+      - appwrite-cache:/storage/cache:rw
+      - appwrite-config:/storage/config:rw
+      - appwrite-certificates:/storage/certificates:rw
+      - appwrite-functions:/storage/functions:rw
+    depends_on:
+      - mariadb
+      - redis
+#      - clamav
+      - influxdb
+#    entrypoint: 
+#      - php
+#      - -e
+#      - app/http.php
+#      - -dopcache.preload=opcache.preload=/usr/src/code/app/preload.php
+    environment:
+      - _APP_ENV=${_APP_ENV}
+      - _APP_WORKER_PER_CORE=${_APP_WORKER_PER_CORE}
+      - _APP_LOCALE=${_APP_LOCALE}
+      - _APP_CONSOLE_WHITELIST_ROOT=${_APP_CONSOLE_WHITELIST_ROOT}
+      - _APP_CONSOLE_WHITELIST_EMAILS=${_APP_CONSOLE_WHITELIST_EMAILS}
+      - _APP_CONSOLE_WHITELIST_IPS=${_APP_CONSOLE_WHITELIST_IPS}
+      - _APP_SYSTEM_EMAIL_NAME=${_APP_SYSTEM_EMAIL_NAME}
+      - _APP_SYSTEM_EMAIL_ADDRESS=${_APP_SYSTEM_EMAIL_ADDRESS}
+      - _APP_SYSTEM_SECURITY_EMAIL_ADDRESS=${_APP_SYSTEM_SECURITY_EMAIL_ADDRESS}
+      - _APP_SYSTEM_RESPONSE_FORMAT=${_APP_SYSTEM_RESPONSE_FORMAT}
+      - _APP_OPTIONS_ABUSE=${_APP_OPTIONS_ABUSE}
+      - _APP_OPTIONS_ROUTER_PROTECTION=${_APP_OPTIONS_ROUTER_PROTECTION}
+      - _APP_OPTIONS_FORCE_HTTPS=${_APP_OPTIONS_FORCE_HTTPS}
+      - _APP_OPTIONS_FUNCTIONS_FORCE_HTTPS=${_APP_OPTIONS_FUNCTIONS_FORCE_HTTPS}
+      - _APP_OPENSSL_KEY_V1=${_APP_OPENSSL_KEY_V1}
+      - _APP_DOMAIN=${_APP_DOMAIN}
+      - _APP_DOMAIN_TARGET=${_APP_DOMAIN_TARGET}
+      - _APP_DOMAIN_FUNCTIONS=${_APP_DOMAIN_FUNCTIONS}
+      - _APP_REDIS_HOST=${_APP_REDIS_HOST}
+      - _APP_REDIS_PORT=${_APP_REDIS_PORT}
+      - _APP_REDIS_USER=${_APP_REDIS_USER}
+      - _APP_REDIS_PASS=${_APP_REDIS_PASS}
+      - _APP_DB_HOST=${_APP_DB_HOST}
+      - _APP_DB_PORT=${_APP_DB_PORT}
+      - _APP_DB_SCHEMA=${_APP_DB_SCHEMA}
+      - _APP_DB_USER=${_APP_DB_USER}
+      - _APP_DB_PASS=${_APP_DB_PASS}
+      - _APP_SMTP_HOST=${_APP_SMTP_HOST}
+      - _APP_SMTP_PORT=${_APP_SMTP_PORT}
+      - _APP_SMTP_SECURE=${_APP_SMTP_SECURE}
+      - _APP_SMTP_USERNAME=${_APP_SMTP_USERNAME}
+      - _APP_SMTP_PASSWORD=${_APP_SMTP_PASSWORD}
+      - _APP_USAGE_STATS=${_APP_USAGE_STATS}
+      - _APP_INFLUXDB_HOST=${_APP_INFLUXDB_HOST}
+      - _APP_INFLUXDB_PORT=${_APP_INFLUXDB_PORT}
+      - _APP_STORAGE_LIMIT=${_APP_STORAGE_LIMIT}
+      - _APP_STORAGE_PREVIEW_LIMIT=${_APP_STORAGE_PREVIEW_LIMIT}
+      - _APP_STORAGE_ANTIVIRUS=${_APP_STORAGE_ANTIVIRUS}
+      - _APP_STORAGE_ANTIVIRUS_HOST=${_APP_STORAGE_ANTIVIRUS_HOST}
+      - _APP_STORAGE_ANTIVIRUS_PORT=${_APP_STORAGE_ANTIVIRUS_PORT}
+      - _APP_STORAGE_DEVICE=${_APP_STORAGE_DEVICE}
+      - _APP_STORAGE_S=${_APP_STORAGE_S3_ACCESS_KEY}
+      - _APP_STORAGE_S=${_APP_STORAGE_S3_SECRET}
+      - _APP_STORAGE_S=${_APP_STORAGE_S3_REGION}
+      - _APP_STORAGE_S=${_APP_STORAGE_S3_BUCKET}
+      - _APP_STORAGE_DO_SPACES_ACCESS_KEY=${_APP_STORAGE_DO_SPACES_ACCESS_KEY}
+      - _APP_STORAGE_DO_SPACES_SECRET=${_APP_STORAGE_DO_SPACES_SECRET}
+      - _APP_STORAGE_DO_SPACES_REGION=${_APP_STORAGE_DO_SPACES_REGION}
+      - _APP_STORAGE_DO_SPACES_BUCKET=${_APP_STORAGE_DO_SPACES_BUCKET}
+      - _APP_STORAGE_BACKBLAZE_ACCESS_KEY=${_APP_STORAGE_BACKBLAZE_ACCESS_KEY}
+      - _APP_STORAGE_BACKBLAZE_SECRET=${_APP_STORAGE_BACKBLAZE_SECRET}
+      - _APP_STORAGE_BACKBLAZE_REGION=${_APP_STORAGE_BACKBLAZE_REGION}
+      - _APP_STORAGE_BACKBLAZE_BUCKET=${_APP_STORAGE_BACKBLAZE_BUCKET}
+      - _APP_STORAGE_LINODE_ACCESS_KEY=${_APP_STORAGE_LINODE_ACCESS_KEY}
+      - _APP_STORAGE_LINODE_SECRET=${_APP_STORAGE_LINODE_SECRET}
+      - _APP_STORAGE_LINODE_REGION=${_APP_STORAGE_LINODE_REGION}
+      - _APP_STORAGE_LINODE_BUCKET=${_APP_STORAGE_LINODE_BUCKET}
+      - _APP_STORAGE_WASABI_ACCESS_KEY=${_APP_STORAGE_WASABI_ACCESS_KEY}
+      - _APP_STORAGE_WASABI_SECRET=${_APP_STORAGE_WASABI_SECRET}
+      - _APP_STORAGE_WASABI_REGION=${_APP_STORAGE_WASABI_REGION}
+      - _APP_STORAGE_WASABI_BUCKET=${_APP_STORAGE_WASABI_BUCKET}
+      - _APP_FUNCTIONS_SIZE_LIMIT=${_APP_FUNCTIONS_SIZE_LIMIT}
+      - _APP_FUNCTIONS_TIMEOUT=${_APP_FUNCTIONS_TIMEOUT}
+      - _APP_FUNCTIONS_BUILD_TIMEOUT=${_APP_FUNCTIONS_BUILD_TIMEOUT}
+      - _APP_FUNCTIONS_CPUS=${_APP_FUNCTIONS_CPUS}
+      - _APP_FUNCTIONS_MEMORY=${_APP_FUNCTIONS_MEMORY}
+      - _APP_FUNCTIONS_RUNTIMES=${_APP_FUNCTIONS_RUNTIMES}
+      - _APP_EXECUTOR_SECRET=${_APP_EXECUTOR_SECRET}
+      - _APP_EXECUTOR_HOST=${_APP_EXECUTOR_HOST}
+      - _APP_LOGGING_PROVIDER=${_APP_LOGGING_PROVIDER}
+      - _APP_LOGGING_CONFIG=${_APP_LOGGING_CONFIG}
+      - _APP_STATSD_HOST=${_APP_STATSD_HOST}
+      - _APP_STATSD_PORT=${_APP_STATSD_PORT}
+      - _APP_MAINTENANCE_INTERVAL=${_APP_MAINTENANCE_INTERVAL}
+      - _APP_MAINTENANCE_RETENTION_EXECUTION=${_APP_MAINTENANCE_RETENTION_EXECUTION}
+      - _APP_MAINTENANCE_RETENTION_CACHE=${_APP_MAINTENANCE_RETENTION_CACHE}
+      - _APP_MAINTENANCE_RETENTION_ABUSE=${_APP_MAINTENANCE_RETENTION_ABUSE}
+      - _APP_MAINTENANCE_RETENTION_AUDIT=${_APP_MAINTENANCE_RETENTION_AUDIT}
+      - _APP_MAINTENANCE_RETENTION_USAGE_HOURLY=${_APP_MAINTENANCE_RETENTION_USAGE_HOURLY}
+      - _APP_MAINTENANCE_RETENTION_SCHEDULES=${_APP_MAINTENANCE_RETENTION_SCHEDULES}
+      - _APP_SMS_PROVIDER=${_APP_SMS_PROVIDER}
+      - _APP_SMS_FROM=${_APP_SMS_FROM}
+      - _APP_GRAPHQL_MAX_BATCH_SIZE=${_APP_GRAPHQL_MAX_BATCH_SIZE}
+      - _APP_GRAPHQL_MAX_COMPLEXITY=${_APP_GRAPHQL_MAX_COMPLEXITY}
+      - _APP_GRAPHQL_MAX_DEPTH=${_APP_GRAPHQL_MAX_DEPTH}
+      - _APP_VCS_GITHUB_APP_NAME=${_APP_VCS_GITHUB_APP_NAME}
+      - _APP_VCS_GITHUB_PRIVATE_KEY=${_APP_VCS_GITHUB_PRIVATE_KEY}
+      - _APP_VCS_GITHUB_APP_ID=${_APP_VCS_GITHUB_APP_ID}
+      - _APP_VCS_GITHUB_WEBHOOK_SECRET=${_APP_VCS_GITHUB_WEBHOOK_SECRET}
+      - _APP_VCS_GITHUB_CLIENT_SECRET=${_APP_VCS_GITHUB_CLIENT_SECRET}
+      - _APP_VCS_GITHUB_CLIENT_ID=${_APP_VCS_GITHUB_CLIENT_ID}
+      - _APP_MIGRATIONS_FIREBASE_CLIENT_ID=${_APP_MIGRATIONS_FIREBASE_CLIENT_ID}
+      - _APP_MIGRATIONS_FIREBASE_CLIENT_SECRET=${_APP_MIGRATIONS_FIREBASE_CLIENT_SECRET}
+      - _APP_ASSISTANT_OPENAI_API_KEY=${_APP_ASSISTANT_OPENAI_API_KEY}
+
+  appwrite-realtime:
+    image: docker.io/appwrite/appwrite:1.4.13
+    entrypoint: realtime
+    container_name: appwrite-realtime
+    <<: *x-logging
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.constraint-label-stack=appwrite"
+      - "traefik.docker.network=appwrite"
+      - "traefik.http.services.appwrite_realtime.loadbalancer.server.port=80"
+      #ws
+      - traefik.http.routers.appwrite_realtime_ws.entrypoints=appwrite_web
+      - traefik.http.routers.appwrite_realtime_ws.rule=PathPrefix(`/v1/realtime`)
+      - traefik.http.routers.appwrite_realtime_ws.service=appwrite_realtime
+      # wss
+      - traefik.http.routers.appwrite_realtime_wss.entrypoints=appwrite_websecure
+      - traefik.http.routers.appwrite_realtime_wss.rule=PathPrefix(`/v1/realtime`)
+      - traefik.http.routers.appwrite_realtime_wss.service=appwrite_realtime
+      - traefik.http.routers.appwrite_realtime_wss.tls=true
+    networks:
+      - appwrite
+    depends_on:
+      - mariadb
+      - redis
+    environment:
+      - _APP_ENV=${_APP_ENV}
+      - _APP_WORKER_PER_CORE=${_APP_WORKER_PER_CORE}
+      - _APP_OPTIONS_ABUSE=${_APP_OPTIONS_ABUSE}
+      - _APP_OPTIONS_ROUTER_PROTECTION=${_APP_OPTIONS_ROUTER_PROTECTION}
+      - _APP_OPENSSL_KEY_V1=${_APP_OPENSSL_KEY_V1}
+      - _APP_REDIS_HOST=${_APP_REDIS_HOST}
+      - _APP_REDIS_PORT=${_APP_REDIS_PORT}
+      - _APP_REDIS_USER=${_APP_REDIS_USER}
+      - _APP_REDIS_PASS=${_APP_REDIS_PASS}
+      - _APP_DB_HOST=${_APP_DB_HOST}
+      - _APP_DB_PORT=${_APP_DB_PORT}
+      - _APP_DB_SCHEMA=${_APP_DB_SCHEMA}
+      - _APP_DB_USER=${_APP_DB_USER}
+      - _APP_DB_PASS=${_APP_DB_PASS}
+      - _APP_USAGE_STATS=${_APP_USAGE_STATS}
+      - _APP_LOGGING_PROVIDER=${_APP_LOGGING_PROVIDER}
+      - _APP_LOGGING_CONFIG=${_APP_LOGGING_CONFIG}
+
+  appwrite-worker-audits:
+    image: docker.io/appwrite/appwrite:1.4.13
+    entrypoint: worker-audits
+    <<: *x-logging
+    container_name: appwrite-worker-audits
+    restart: unless-stopped
+    networks:
+      - appwrite
+    depends_on:
+      - redis
+      - mariadb
+    environment:
+      - _APP_ENV=${_APP_ENV}
+      - _APP_WORKER_PER_CORE=${_APP_WORKER_PER_CORE}
+      - _APP_OPENSSL_KEY_V1=${_APP_OPENSSL_KEY_V1}
+      - _APP_REDIS_HOST=${_APP_REDIS_HOST}
+      - _APP_REDIS_PORT=${_APP_REDIS_PORT}
+      - _APP_REDIS_USER=${_APP_REDIS_USER}
+      - _APP_REDIS_PASS=${_APP_REDIS_PASS}
+      - _APP_DB_HOST=${_APP_DB_HOST}
+      - _APP_DB_PORT=${_APP_DB_PORT}
+      - _APP_DB_SCHEMA=${_APP_DB_SCHEMA}
+      - _APP_DB_USER=${_APP_DB_USER}
+      - _APP_DB_PASS=${_APP_DB_PASS}
+      - _APP_LOGGING_PROVIDER=${_APP_LOGGING_PROVIDER}
+      - _APP_LOGGING_CONFIG=${_APP_LOGGING_CONFIG}
+
+  appwrite-worker-webhooks:
+    entrypoint: worker-webhooks
+    <<: *x-logging
+    container_name: appwrite-worker-webhooks
+    image: docker.io/appwrite/appwrite:1.4.13
+    networks:
+      - appwrite
+#    volumes:
+#      - ./app:/usr/src/code/app
+#      - ./src:/usr/src/code/src
+    depends_on:
+      - redis
+      - mariadb
+    environment:
+      - _APP_ENV=${_APP_ENV}
+      - _APP_WORKER_PER_CORE=${_APP_WORKER_PER_CORE}
+      - _APP_OPENSSL_KEY_V1=${_APP_OPENSSL_KEY_V1}
+      - _APP_SYSTEM_SECURITY_EMAIL_ADDRESS=${_APP_SYSTEM_SECURITY_EMAIL_ADDRESS}
+      - _APP_REDIS_HOST=${_APP_REDIS_HOST}
+      - _APP_REDIS_PORT=${_APP_REDIS_PORT}
+      - _APP_REDIS_USER=${_APP_REDIS_USER}
+      - _APP_REDIS_PASS=${_APP_REDIS_PASS}
+      - _APP_LOGGING_PROVIDER=${_APP_LOGGING_PROVIDER}
+      - _APP_LOGGING_CONFIG=${_APP_LOGGING_CONFIG}
+
+  appwrite-worker-deletes:
+    image: docker.io/appwrite/appwrite:1.4.13
+    entrypoint: worker-deletes
+    <<: *x-logging
+    container_name: appwrite-worker-deletes
+    restart: unless-stopped
+    networks:
+      - appwrite
+    depends_on:
+      - redis
+      - mariadb
+    volumes: 
+      - appwrite-uploads:/storage/uploads:rw
+      - appwrite-cache:/storage/cache:rw
+      - appwrite-functions:/storage/functions:rw
+      - appwrite-builds:/storage/builds:rw
+      - appwrite-certificates:/storage/certificates:rw
+    environment:
+      - _APP_ENV=${_APP_ENV}
+      - _APP_WORKER_PER_CORE=${_APP_WORKER_PER_CORE}
+      - _APP_OPENSSL_KEY_V1=${_APP_OPENSSL_KEY_V1}
+      - _APP_REDIS_HOST=${_APP_REDIS_HOST}
+      - _APP_REDIS_PORT=${_APP_REDIS_PORT}
+      - _APP_REDIS_USER=${_APP_REDIS_USER}
+      - _APP_REDIS_PASS=${_APP_REDIS_PASS}
+      - _APP_DB_HOST=${_APP_DB_HOST}
+      - _APP_DB_PORT=${_APP_DB_PORT}
+      - _APP_DB_SCHEMA=${_APP_DB_SCHEMA}
+      - _APP_DB_USER=${_APP_DB_USER}
+      - _APP_DB_PASS=${_APP_DB_PASS}
+      - _APP_STORAGE_DEVICE=${_APP_STORAGE_DEVICE}
+      - _APP_STORAGE_S=${_APP_STORAGE_S3_ACCESS_KEY}
+      - _APP_STORAGE_S=${_APP_STORAGE_S3_SECRET}
+      - _APP_STORAGE_S=${_APP_STORAGE_S3_REGION}
+      - _APP_STORAGE_S=${_APP_STORAGE_S3_BUCKET}
+      - _APP_STORAGE_DO_SPACES_ACCESS_KEY=${_APP_STORAGE_DO_SPACES_ACCESS_KEY}
+      - _APP_STORAGE_DO_SPACES_SECRET=${_APP_STORAGE_DO_SPACES_SECRET}
+      - _APP_STORAGE_DO_SPACES_REGION=${_APP_STORAGE_DO_SPACES_REGION}
+      - _APP_STORAGE_DO_SPACES_BUCKET=${_APP_STORAGE_DO_SPACES_BUCKET}
+      - _APP_STORAGE_BACKBLAZE_ACCESS_KEY=${_APP_STORAGE_BACKBLAZE_ACCESS_KEY}
+      - _APP_STORAGE_BACKBLAZE_SECRET=${_APP_STORAGE_BACKBLAZE_SECRET}
+      - _APP_STORAGE_BACKBLAZE_REGION=${_APP_STORAGE_BACKBLAZE_REGION}
+      - _APP_STORAGE_BACKBLAZE_BUCKET=${_APP_STORAGE_BACKBLAZE_BUCKET}
+      - _APP_STORAGE_LINODE_ACCESS_KEY=${_APP_STORAGE_LINODE_ACCESS_KEY}
+      - _APP_STORAGE_LINODE_SECRET=${_APP_STORAGE_LINODE_SECRET}
+      - _APP_STORAGE_LINODE_REGION=${_APP_STORAGE_LINODE_REGION}
+      - _APP_STORAGE_LINODE_BUCKET=${_APP_STORAGE_LINODE_BUCKET}
+      - _APP_STORAGE_WASABI_ACCESS_KEY=${_APP_STORAGE_WASABI_ACCESS_KEY}
+      - _APP_STORAGE_WASABI_SECRET=${_APP_STORAGE_WASABI_SECRET}
+      - _APP_STORAGE_WASABI_REGION=${_APP_STORAGE_WASABI_REGION}
+      - _APP_STORAGE_WASABI_BUCKET=${_APP_STORAGE_WASABI_BUCKET}
+      - _APP_LOGGING_PROVIDER=${_APP_LOGGING_PROVIDER}
+      - _APP_LOGGING_CONFIG=${_APP_LOGGING_CONFIG}
+      - _APP_EXECUTOR_SECRET=${_APP_EXECUTOR_SECRET}
+      - _APP_EXECUTOR_HOST=${_APP_EXECUTOR_HOST}
+
+  appwrite-worker-databases:
+    image: docker.io/appwrite/appwrite:1.4.13
+    entrypoint: worker-databases
+    <<: *x-logging
+    container_name: appwrite-worker-databases
+    restart: unless-stopped
+    networks:
+      - appwrite
+    depends_on:
+      - redis
+      - mariadb
+    environment:
+      - _APP_ENV=${_APP_ENV}
+      - _APP_WORKER_PER_CORE=${_APP_WORKER_PER_CORE}
+      - _APP_OPENSSL_KEY_V1=${_APP_OPENSSL_KEY_V1}
+      - _APP_REDIS_HOST=${_APP_REDIS_HOST}
+      - _APP_REDIS_PORT=${_APP_REDIS_PORT}
+      - _APP_REDIS_USER=${_APP_REDIS_USER}
+      - _APP_REDIS_PASS=${_APP_REDIS_PASS}
+      - _APP_DB_HOST=${_APP_DB_HOST}
+      - _APP_DB_PORT=${_APP_DB_PORT}
+      - _APP_DB_SCHEMA=${_APP_DB_SCHEMA}
+      - _APP_DB_USER=${_APP_DB_USER}
+      - _APP_DB_PASS=${_APP_DB_PASS}
+      - _APP_LOGGING_PROVIDER=${_APP_LOGGING_PROVIDER}
+      - _APP_LOGGING_CONFIG=${_APP_LOGGING_CONFIG}
+
+  appwrite-worker-builds:
+    image: docker.io/appwrite/appwrite:1.4.13
+    entrypoint: worker-builds
+    <<: *x-logging
+    container_name: appwrite-worker-builds
+    restart: unless-stopped
+    networks:
+      - appwrite
+    depends_on:
+      - redis
+      - mariadb
+    volumes:
+      - appwrite-functions:/storage/functions:rw
+      - appwrite-builds:/storage/builds:rw
+    environment:
+      - _APP_ENV=${_APP_ENV}
+      - _APP_WORKER_PER_CORE=${_APP_WORKER_PER_CORE}
+      - _APP_OPENSSL_KEY_V1=${_APP_OPENSSL_KEY_V1}
+      - _APP_EXECUTOR_SECRET=${_APP_EXECUTOR_SECRET}
+      - _APP_EXECUTOR_HOST=${_APP_EXECUTOR_HOST}
+      - _APP_REDIS_HOST=${_APP_REDIS_HOST}
+      - _APP_REDIS_PORT=${_APP_REDIS_PORT}
+      - _APP_REDIS_USER=${_APP_REDIS_USER}
+      - _APP_REDIS_PASS=${_APP_REDIS_PASS}
+      - _APP_DB_HOST=${_APP_DB_HOST}
+      - _APP_DB_PORT=${_APP_DB_PORT}
+      - _APP_DB_SCHEMA=${_APP_DB_SCHEMA}
+      - _APP_DB_USER=${_APP_DB_USER}
+      - _APP_DB_PASS=${_APP_DB_PASS}
+      - _APP_LOGGING_PROVIDER=${_APP_LOGGING_PROVIDER}
+      - _APP_LOGGING_CONFIG=${_APP_LOGGING_CONFIG}
+      - _APP_VCS_GITHUB_APP_NAME=${_APP_VCS_GITHUB_APP_NAME}
+      - _APP_VCS_GITHUB_PRIVATE_KEY=${_APP_VCS_GITHUB_PRIVATE_KEY}
+      - _APP_VCS_GITHUB_APP_ID=${_APP_VCS_GITHUB_APP_ID}
+      - _APP_FUNCTIONS_TIMEOUT=${_APP_FUNCTIONS_TIMEOUT}
+      - _APP_FUNCTIONS_BUILD_TIMEOUT=${_APP_FUNCTIONS_BUILD_TIMEOUT}
+      - _APP_FUNCTIONS_CPUS=${_APP_FUNCTIONS_CPUS}
+      - _APP_FUNCTIONS_MEMORY=${_APP_FUNCTIONS_MEMORY}
+      - _APP_FUNCTIONS_SIZE_LIMIT=${_APP_FUNCTIONS_SIZE_LIMIT}
+      - _APP_OPTIONS_FORCE_HTTPS=${_APP_OPTIONS_FORCE_HTTPS}
+      - _APP_OPTIONS_FUNCTIONS_FORCE_HTTPS=${_APP_OPTIONS_FUNCTIONS_FORCE_HTTPS}
+      - _APP_DOMAIN=${_APP_DOMAIN}
+      - _APP_STORAGE_DEVICE=${_APP_STORAGE_DEVICE}
+      - _APP_STORAGE_S=${_APP_STORAGE_S3_ACCESS_KEY}
+      - _APP_STORAGE_S=${_APP_STORAGE_S3_SECRET}
+      - _APP_STORAGE_S=${_APP_STORAGE_S3_REGION}
+      - _APP_STORAGE_S=${_APP_STORAGE_S3_BUCKET}
+      - _APP_STORAGE_DO_SPACES_ACCESS_KEY=${_APP_STORAGE_DO_SPACES_ACCESS_KEY}
+      - _APP_STORAGE_DO_SPACES_SECRET=${_APP_STORAGE_DO_SPACES_SECRET}
+      - _APP_STORAGE_DO_SPACES_REGION=${_APP_STORAGE_DO_SPACES_REGION}
+      - _APP_STORAGE_DO_SPACES_BUCKET=${_APP_STORAGE_DO_SPACES_BUCKET}
+      - _APP_STORAGE_BACKBLAZE_ACCESS_KEY=${_APP_STORAGE_BACKBLAZE_ACCESS_KEY}
+      - _APP_STORAGE_BACKBLAZE_SECRET=${_APP_STORAGE_BACKBLAZE_SECRET}
+      - _APP_STORAGE_BACKBLAZE_REGION=${_APP_STORAGE_BACKBLAZE_REGION}
+      - _APP_STORAGE_BACKBLAZE_BUCKET=${_APP_STORAGE_BACKBLAZE_BUCKET}
+      - _APP_STORAGE_LINODE_ACCESS_KEY=${_APP_STORAGE_LINODE_ACCESS_KEY}
+      - _APP_STORAGE_LINODE_SECRET=${_APP_STORAGE_LINODE_SECRET}
+      - _APP_STORAGE_LINODE_REGION=${_APP_STORAGE_LINODE_REGION}
+      - _APP_STORAGE_LINODE_BUCKET=${_APP_STORAGE_LINODE_BUCKET}
+      - _APP_STORAGE_WASABI_ACCESS_KEY=${_APP_STORAGE_WASABI_ACCESS_KEY}
+      - _APP_STORAGE_WASABI_SECRET=${_APP_STORAGE_WASABI_SECRET}
+      - _APP_STORAGE_WASABI_REGION=${_APP_STORAGE_WASABI_REGION}
+      - _APP_STORAGE_WASABI_BUCKET=${_APP_STORAGE_WASABI_BUCKET}
+
+  appwrite-worker-certificates:
+    entrypoint: worker-certificates
+    <<: *x-logging
+    container_name: appwrite-worker-certificates
+    image: docker.io/appwrite/appwrite:1.4.13
+    networks:
+      - appwrite
+    depends_on:
+      - redis
+      - mariadb
+    volumes: 
+      - appwrite-config:/storage/config:rw
+      - appwrite-certificates:/storage/certificates:rw
+    environment:
+      - _APP_ENV=${_APP_ENV}
+      - _APP_WORKER_PER_CORE=${_APP_WORKER_PER_CORE}
+      - _APP_OPENSSL_KEY_V1=${_APP_OPENSSL_KEY_V1}
+      - _APP_DOMAIN=${_APP_DOMAIN}
+      - _APP_DOMAIN_TARGET=${_APP_DOMAIN_TARGET}
+      - _APP_DOMAIN_FUNCTIONS=${_APP_DOMAIN_FUNCTIONS}
+      - _APP_SYSTEM_SECURITY_EMAIL_ADDRESS=${_APP_SYSTEM_SECURITY_EMAIL_ADDRESS}
+      - _APP_REDIS_HOST=${_APP_REDIS_HOST}
+      - _APP_REDIS_PORT=${_APP_REDIS_PORT}
+      - _APP_REDIS_USER=${_APP_REDIS_USER}
+      - _APP_REDIS_PASS=${_APP_REDIS_PASS}
+      - _APP_DB_HOST=${_APP_DB_HOST}
+      - _APP_DB_PORT=${_APP_DB_PORT}
+      - _APP_DB_SCHEMA=${_APP_DB_SCHEMA}
+      - _APP_DB_USER=${_APP_DB_USER}
+      - _APP_DB_PASS=${_APP_DB_PASS}
+      - _APP_LOGGING_PROVIDER=${_APP_LOGGING_PROVIDER}
+      - _APP_LOGGING_CONFIG=${_APP_LOGGING_CONFIG}
+
+  appwrite-worker-functions:
+    entrypoint: worker-functions
+    <<: *x-logging
+    container_name: appwrite-worker-functions
+    image: docker.io/appwrite/appwrite:1.4.13
+    networks:
+      - appwrite
+    depends_on:
+      - redis
+      - mariadb
+      - openruntimes-executor
+    environment:
+      - _APP_ENV=${_APP_ENV}
+      - _APP_WORKER_PER_CORE=${_APP_WORKER_PER_CORE}
+      - _APP_OPENSSL_KEY_V1=${_APP_OPENSSL_KEY_V1}
+      - _APP_REDIS_HOST=${_APP_REDIS_HOST}
+      - _APP_REDIS_PORT=${_APP_REDIS_PORT}
+      - _APP_REDIS_USER=${_APP_REDIS_USER}
+      - _APP_REDIS_PASS=${_APP_REDIS_PASS}
+      - _APP_DB_HOST=${_APP_DB_HOST}
+      - _APP_DB_PORT=${_APP_DB_PORT}
+      - _APP_DB_SCHEMA=${_APP_DB_SCHEMA}
+      - _APP_DB_USER=${_APP_DB_USER}
+      - _APP_DB_PASS=${_APP_DB_PASS}
+      - _APP_FUNCTIONS_TIMEOUT=${_APP_FUNCTIONS_TIMEOUT}
+      - _APP_FUNCTIONS_BUILD_TIMEOUT=${_APP_FUNCTIONS_BUILD_TIMEOUT}
+      - _APP_FUNCTIONS_CPUS=${_APP_FUNCTIONS_CPUS}
+      - _APP_FUNCTIONS_MEMORY=${_APP_FUNCTIONS_MEMORY}
+      - _APP_EXECUTOR_SECRET=${_APP_EXECUTOR_SECRET}
+      - _APP_EXECUTOR_HOST=${_APP_EXECUTOR_HOST}
+      - _APP_USAGE_STATS=${_APP_USAGE_STATS}
+      - _APP_DOCKER_HUB_USERNAME=${_APP_DOCKER_HUB_USERNAME}
+      - _APP_DOCKER_HUB_PASSWORD=${_APP_DOCKER_HUB_PASSWORD}
+      - _APP_LOGGING_CONFIG=${_APP_LOGGING_CONFIG}
+      - _APP_LOGGING_PROVIDER=${_APP_LOGGING_PROVIDER}
+
+  appwrite-worker-mails:
+    image: docker.io/appwrite/appwrite:1.4.13
+    entrypoint: worker-mails
+    <<: *x-logging
+    container_name: appwrite-worker-mails
+    restart: unless-stopped
+    networks:
+      - appwrite
+    depends_on:
+      - redis
+    environment:
+      - _APP_ENV=${_APP_ENV}
+      - _APP_WORKER_PER_CORE=${_APP_WORKER_PER_CORE}
+      - _APP_OPENSSL_KEY_V1=${_APP_OPENSSL_KEY_V1}
+      - _APP_SYSTEM_EMAIL_NAME=${_APP_SYSTEM_EMAIL_NAME}
+      - _APP_SYSTEM_EMAIL_ADDRESS=${_APP_SYSTEM_EMAIL_ADDRESS}
+      - _APP_REDIS_HOST=${_APP_REDIS_HOST}
+      - _APP_REDIS_PORT=${_APP_REDIS_PORT}
+      - _APP_REDIS_USER=${_APP_REDIS_USER}
+      - _APP_REDIS_PASS=${_APP_REDIS_PASS}
+      - _APP_SMTP_HOST=${_APP_SMTP_HOST}
+      - _APP_SMTP_PORT=${_APP_SMTP_PORT}
+      - _APP_SMTP_SECURE=${_APP_SMTP_SECURE}
+      - _APP_SMTP_USERNAME=${_APP_SMTP_USERNAME}
+      - _APP_SMTP_PASSWORD=${_APP_SMTP_PASSWORD}
+      - _APP_LOGGING_PROVIDER=${_APP_LOGGING_PROVIDER}
+      - _APP_LOGGING_CONFIG=${_APP_LOGGING_CONFIG}
+
+  appwrite-worker-messaging:
+    image: docker.io/appwrite/appwrite:1.4.13
+    entrypoint: worker-messaging
+    <<: *x-logging
+    container_name: appwrite-worker-messaging
+    restart: unless-stopped
+    networks:
+      - appwrite
+    depends_on:
+      - redis
+    environment:
+      - _APP_ENV=${_APP_ENV}
+      - _APP_WORKER_PER_CORE=${_APP_WORKER_PER_CORE}
+      - _APP_REDIS_HOST=${_APP_REDIS_HOST}
+      - _APP_REDIS_PORT=${_APP_REDIS_PORT}
+      - _APP_REDIS_USER=${_APP_REDIS_USER}
+      - _APP_REDIS_PASS=${_APP_REDIS_PASS}
+      - _APP_SMS_PROVIDER=${_APP_SMS_PROVIDER}
+      - _APP_SMS_FROM=${_APP_SMS_FROM}
+      - _APP_LOGGING_PROVIDER=${_APP_LOGGING_PROVIDER}
+      - _APP_LOGGING_CONFIG=${_APP_LOGGING_CONFIG}
+
+  appwrite-worker-migrations:
+    image: docker.io/appwrite/appwrite:1.4.13
+    entrypoint: worker-migrations
+    <<: *x-logging
+    container_name: appwrite-worker-migrations
+    restart: unless-stopped
+    networks:
+      - appwrite
+    depends_on:
+      - mariadb
+    environment:
+      - _APP_ENV=${_APP_ENV}
+      - _APP_WORKER_PER_CORE=${_APP_WORKER_PER_CORE}
+      - _APP_OPENSSL_KEY_V1=${_APP_OPENSSL_KEY_V1}
+      - _APP_DOMAIN=${_APP_DOMAIN}
+      - _APP_DOMAIN_TARGET=${_APP_DOMAIN_TARGET}
+      - _APP_SYSTEM_SECURITY_EMAIL_ADDRESS=${_APP_SYSTEM_SECURITY_EMAIL_ADDRESS}
+      - _APP_REDIS_HOST=${_APP_REDIS_HOST}
+      - _APP_REDIS_PORT=${_APP_REDIS_PORT}
+      - _APP_REDIS_USER=${_APP_REDIS_USER}
+      - _APP_REDIS_PASS=${_APP_REDIS_PASS}
+      - _APP_DB_HOST=${_APP_DB_HOST}
+      - _APP_DB_PORT=${_APP_DB_PORT}
+      - _APP_DB_SCHEMA=${_APP_DB_SCHEMA}
+      - _APP_DB_USER=${_APP_DB_USER}
+      - _APP_DB_PASS=${_APP_DB_PASS}
+      - _APP_LOGGING_PROVIDER=${_APP_LOGGING_PROVIDER}
+      - _APP_LOGGING_CONFIG=${_APP_LOGGING_CONFIG}
+      - _APP_MIGRATIONS_FIREBASE_CLIENT_ID=${_APP_MIGRATIONS_FIREBASE_CLIENT_ID}
+      - _APP_MIGRATIONS_FIREBASE_CLIENT_SECRET=${_APP_MIGRATIONS_FIREBASE_CLIENT_SECRET}
+
+  appwrite-maintenance:
+    image: docker.io/appwrite/appwrite:1.4.13
+    entrypoint: maintenance
+    <<: *x-logging
+    container_name: appwrite-maintenance
+    restart: unless-stopped
+    networks:
+      - appwrite
+    depends_on:
+      - redis
+    environment:
+      - _APP_ENV=${_APP_ENV}
+      - _APP_WORKER_PER_CORE=${_APP_WORKER_PER_CORE}
+      - _APP_DOMAIN=${_APP_DOMAIN}
+      - _APP_DOMAIN_TARGET=${_APP_DOMAIN_TARGET}
+      - _APP_DOMAIN_FUNCTIONS=${_APP_DOMAIN_FUNCTIONS}
+      - _APP_OPENSSL_KEY_V1=${_APP_OPENSSL_KEY_V1}
+      - _APP_REDIS_HOST=${_APP_REDIS_HOST}
+      - _APP_REDIS_PORT=${_APP_REDIS_PORT}
+      - _APP_REDIS_USER=${_APP_REDIS_USER}
+      - _APP_REDIS_PASS=${_APP_REDIS_PASS}
+      - _APP_DB_HOST=${_APP_DB_HOST}
+      - _APP_DB_PORT=${_APP_DB_PORT}
+      - _APP_DB_SCHEMA=${_APP_DB_SCHEMA}
+      - _APP_DB_USER=${_APP_DB_USER}
+      - _APP_DB_PASS=${_APP_DB_PASS}
+      - _APP_MAINTENANCE_INTERVAL=${_APP_MAINTENANCE_INTERVAL}
+      - _APP_MAINTENANCE_RETENTION_EXECUTION=${_APP_MAINTENANCE_RETENTION_EXECUTION}
+      - _APP_MAINTENANCE_RETENTION_CACHE=${_APP_MAINTENANCE_RETENTION_CACHE}
+      - _APP_MAINTENANCE_RETENTION_ABUSE=${_APP_MAINTENANCE_RETENTION_ABUSE}
+      - _APP_MAINTENANCE_RETENTION_AUDIT=${_APP_MAINTENANCE_RETENTION_AUDIT}
+      - _APP_MAINTENANCE_RETENTION_USAGE_HOURLY=${_APP_MAINTENANCE_RETENTION_USAGE_HOURLY}
+      - _APP_MAINTENANCE_RETENTION_SCHEDULES=${_APP_MAINTENANCE_RETENTION_SCHEDULES}
+
+  appwrite-usage:
+    image: docker.io/appwrite/appwrite:1.4.13
+    entrypoint: usage
+    <<: *x-logging
+    container_name: appwrite-usage
+    restart: unless-stopped
+    networks:
+      - appwrite
+    depends_on:
+      - influxdb
+      - mariadb
+    environment:
+      - _APP_ENV=${_APP_ENV}
+      - _APP_WORKER_PER_CORE=${_APP_WORKER_PER_CORE}
+      - _APP_OPENSSL_KEY_V1=${_APP_OPENSSL_KEY_V1}
+      - _APP_DB_HOST=${_APP_DB_HOST}
+      - _APP_DB_PORT=${_APP_DB_PORT}
+      - _APP_DB_SCHEMA=${_APP_DB_SCHEMA}
+      - _APP_DB_USER=${_APP_DB_USER}
+      - _APP_DB_PASS=${_APP_DB_PASS}
+      - _APP_INFLUXDB_HOST=${_APP_INFLUXDB_HOST}
+      - _APP_INFLUXDB_PORT=${_APP_INFLUXDB_PORT}
+      - _APP_USAGE_AGGREGATION_INTERVAL=${_APP_USAGE_AGGREGATION_INTERVAL}
+      - _APP_REDIS_HOST=${_APP_REDIS_HOST}
+      - _APP_REDIS_PORT=${_APP_REDIS_PORT}
+      - _APP_REDIS_USER=${_APP_REDIS_USER}
+      - _APP_REDIS_PASS=${_APP_REDIS_PASS}
+      - _APP_USAGE_STATS=${_APP_USAGE_STATS}
+      - _APP_LOGGING_PROVIDER=${_APP_LOGGING_PROVIDER}
+      - _APP_LOGGING_CONFIG=${_APP_LOGGING_CONFIG}
+
+  appwrite-schedule:
+    image: docker.io/appwrite/appwrite:1.4.13
+    entrypoint: schedule
+    <<: *x-logging
+    container_name: appwrite-schedule
+    restart: unless-stopped
+    networks:
+      - appwrite
+    depends_on:
+      - mariadb
+      - redis
+    environment:
+      - _APP_ENV=${_APP_ENV}
+      - _APP_WORKER_PER_CORE=${_APP_WORKER_PER_CORE}
+      - _APP_OPENSSL_KEY_V1=${_APP_OPENSSL_KEY_V1}
+      - _APP_REDIS_HOST=${_APP_REDIS_HOST}
+      - _APP_REDIS_PORT=${_APP_REDIS_PORT}
+      - _APP_REDIS_USER=${_APP_REDIS_USER}
+      - _APP_REDIS_PASS=${_APP_REDIS_PASS}
+      - _APP_DB_HOST=${_APP_DB_HOST}
+      - _APP_DB_PORT=${_APP_DB_PORT}
+      - _APP_DB_SCHEMA=${_APP_DB_SCHEMA}
+      - _APP_DB_USER=${_APP_DB_USER}
+      - _APP_DB_PASS=${_APP_DB_PASS}
+
+  appwrite-assistant:
+    image: docker.io/appwrite/assistant:0.2.2
+    container_name: appwrite-assistant
+    restart: unless-stopped
+    networks:
+      - appwrite
+    environment:
+      - _APP_ASSISTANT_OPENAI_API_KEY=${_APP_ASSISTANT_OPENAI_API_KEY}
+
+  openruntimes-executor:
+    container_name: openruntimes-executor
+    hostname: appwrite-executor
+    <<: *x-logging
+    restart: unless-stopped
+    stop_signal: SIGINT
+    image: docker.io/openruntimes/executor:0.4.5
+    networks:
+      - appwrite
+      - runtimes
+    security_opt:
+      - label=disable
+    volumes:
+      - /run/user/1000/podman/podman.sock:/var/run/docker.sock:z
+      - appwrite-builds:/storage/builds:rw
+      - appwrite-functions:/storage/functions:rw
+      # Host mount nessessary to share files between executor and runtimes.
+      # It's not possible to share mount file between 2 containers without host mount (copying is too slow)
+      - /home/ptoal/appwrite/tmp:/tmp:z
+    environment:
+      - OPR_EXECUTOR_INACTIVE_TRESHOLD=${_APP_FUNCTIONS_INACTIVE_THRESHOLD}}
+      - OPR_EXECUTOR_MAINTENANCE_INTERVAL=${_APP_FUNCTIONS_MAINTENANCE_INTERVAL}
+      - OPR_EXECUTOR_NETWORK=${_APP_FUNCTIONS_RUNTIMES_NETWORK}
+      - OPR_EXECUTOR_DOCKER_HUB_USERNAME=${_APP_DOCKER_HUB_USERNAME}
+      - OPR_EXECUTOR_DOCKER_HUB_PASSWORD=${_APP_DOCKER_HUB_PASSWORD}
+      - OPR_EXECUTOR_ENV=${_APP_ENV}
+      - OPR_EXECUTOR_RUNTIMES=${_APP_FUNCTIONS_RUNTIMES}
+      - OPR_EXECUTOR_SECRET=${_APP_EXECUTOR_SECRET}
+      - OPR_EXECUTOR_RUNTIME_VERSIONS=v2,v3
+      - OPR_EXECUTOR_LOGGING_PROVIDER=${_APP_LOGGING_PROVIDER}
+      - OPR_EXECUTOR_LOGGING_CONFIG=${_APP_LOGGING_CONFIG}
+      - OPR_EXECUTOR_STORAGE_DEVICE=${_APP_STORAGE_DEVICE}
+      - OPR_EXECUTOR_STORAGE_S3_ACCESS_KEY=${_APP_STORAGE_S3_ACCESS_KEY}
+      - OPR_EXECUTOR_STORAGE_S3_SECRET=${_APP_STORAGE_S3_SECRET}
+      - OPR_EXECUTOR_STORAGE_S3_REGION=${_APP_STORAGE_S3_REGION}
+      - OPR_EXECUTOR_STORAGE_S3_BUCKET=${_APP_STORAGE_S3_BUCKET}
+      - OPR_EXECUTOR_STORAGE_DO_SPACES_ACCESS_KEY=${_APP_STORAGE_DO_SPACES_ACCESS_KEY}
+      - OPR_EXECUTOR_STORAGE_DO_SPACES_SECRET=${_APP_STORAGE_DO_SPACES_SECRET}
+      - OPR_EXECUTOR_STORAGE_DO_SPACES_REGION=${_APP_STORAGE_DO_SPACES_REGION}
+      - OPR_EXECUTOR_STORAGE_DO_SPACES_BUCKET=${_APP_STORAGE_DO_SPACES_BUCKET}
+      - OPR_EXECUTOR_STORAGE_BACKBLAZE_ACCESS_KEY=${_APP_STORAGE_BACKBLAZE_ACCESS_KEY}
+      - OPR_EXECUTOR_STORAGE_BACKBLAZE_SECRET=${_APP_STORAGE_BACKBLAZE_SECRET}
+      - OPR_EXECUTOR_STORAGE_BACKBLAZE_REGION=${_APP_STORAGE_BACKBLAZE_REGION}
+      - OPR_EXECUTOR_STORAGE_BACKBLAZE_BUCKET=${_APP_STORAGE_BACKBLAZE_BUCKET}
+      - OPR_EXECUTOR_STORAGE_LINODE_ACCESS_KEY=${_APP_STORAGE_LINODE_ACCESS_KEY}
+      - OPR_EXECUTOR_STORAGE_LINODE_SECRET=${_APP_STORAGE_LINODE_SECRET}
+      - OPR_EXECUTOR_STORAGE_LINODE_REGION=${_APP_STORAGE_LINODE_REGION}
+      - OPR_EXECUTOR_STORAGE_LINODE_BUCKET=${_APP_STORAGE_LINODE_BUCKET}
+      - OPR_EXECUTOR_STORAGE_WASABI_ACCESS_KEY=${_APP_STORAGE_WASABI_ACCESS_KEY}
+      - OPR_EXECUTOR_STORAGE_WASABI_SECRET=${_APP_STORAGE_WASABI_SECRET}
+      - OPR_EXECUTOR_STORAGE_WASABI_REGION=${_APP_STORAGE_WASABI_REGION}
+      - OPR_EXECUTOR_STORAGE_WASABI_BUCKET=${_APP_STORAGE_WASABI_BUCKET}
+
+#  openruntimes-proxy:
+#    container_name: openruntimes-proxy
+#    hostname: proxy
+#    <<: *x-logging
+#    stop_signal: SIGINT
+#    image: docker.io/openruntimes/proxy:0.3.1
+#    networks:
+#      - appwrite
+#      - runtimes
+#    environment:
+#      - OPR_PROXY_WORKER_PER_CORE=${_APP_WORKER_PER_CORE}
+#      - OPR_PROXY_ENV=${_APP_ENV}
+#      - OPR_PROXY_EXECUTOR_SECRET=${_APP_EXECUTOR_SECRET}
+#      - OPR_PROXY_SECRET=${_APP_EXECUTOR_SECRET}
+#      - OPR_PROXY_LOGGING_PROVIDER=${_APP_LOGGING_PROVIDER}
+#      - OPR_PROXY_LOGGING_CONFIG=${_APP_LOGGING_CONFIG}
+#      - OPR_PROXY_ALGORITHM=random
+#      - OPR_PROXY_EXECUTORS=appwrite-executor
+#      - OPR_PROXY_HEALTHCHECK_INTERVAL=10000
+#      - OPR_PROXY_MAX_TIMEOUT=600
+#      - OPR_PROXY_HEALTHCHECK=enabled
+
+  mariadb:
+    image: docker.io/mariadb:10.7 # fix issues when upgrading using: mysql_upgrade -u root -p
+    container_name: appwrite-mariadb
+    <<: *x-logging
+    restart: unless-stopped
+    networks:
+      - appwrite
+    volumes:
+      - appwrite-mariadb:/var/lib/mysql:rw
+    environment:
+      - MYSQL_ROOT_PASSWORD=${_APP_DB_ROOT_PASS}
+      - MYSQL_DATABASE=${_APP_DB_SCHEMA}
+      - MYSQL_USER=${_APP_DB_USER}
+      - MYSQL_PASSWORD=${_APP_DB_PASS}
+    command: 'mysqld --innodb-flush-method=fsync'
+
+  # smtp:
+  #   image: appwrite/smtp:1.2.0
+  #   container_name: appwrite-smtp
+  #   restart: unless-stopped
+  #   networks:
+  #     - appwrite
+  #   environment:
+  #     - LOCAL_DOMAINS=@
+  #     - RELAY_FROM_HOSTS=192.168.0.0/16 ; *.yourdomain.com
+  #     - SMARTHOST_HOST=smtp
+  #     - SMARTHOST_PORT=587
+
+  redis:
+    image: docker.io/redis:7.0.4-alpine
+    <<: *x-logging
+    container_name: appwrite-redis
+    restart: unless-stopped
+    command: >
+      redis-server
+      --maxmemory            512mb
+      --maxmemory-policy     allkeys-lru
+      --maxmemory-samples    5
+    networks:
+      - appwrite
+    volumes:
+      - appwrite-redis:/data:rw
+
+#  clamav:
+#    image: docker.io/appwrite/clamav:1.2.0
+#    container_name: appwrite-clamav
+#    networks:
+#      - appwrite
+#    volumes:
+#      - appwrite-uploads:/storage/uploads
+
+  influxdb:
+    image: docker.io/appwrite/influxdb:1.5.0
+    container_name: appwrite-influxdb
+    <<: *x-logging
+    restart: unless-stopped
+    networks:
+      - appwrite
+    volumes:
+      - appwrite-influxdb:/var/lib/influxdb:rw
+
+  telegraf:
+    image: docker.io/appwrite/telegraf:1.4.0
+    container_name: appwrite-telegraf
+    <<: *x-logging
+    restart: unless-stopped
+    networks:
+      - appwrite
+    environment:
+      - _APP_INFLUXDB_HOST=${_APP_INFLUXDB_HOST}
+      - _APP_INFLUXDB_PORT=${_APP_INFLUXDB_PORT}
+
+networks:
+  gateway:
+    name: gateway
+  appwrite:
+    name: appwrite
+  runtimes:
+    name: runtimes
+
+volumes:
+  appwrite-mariadb:
+  appwrite-redis:
+  appwrite-cache:
+  appwrite-uploads:
+  appwrite-certificates:
+  appwrite-functions:
+  appwrite-builds:
+  appwrite-influxdb:
+  appwrite-config:
+  # appwrite-chronograf:
+

playbooks/files/database/boat.json

@@ -0,0 +1 @@
+{"total": 4, "documents": [{"name": "ProjectX", "displayName": "PX", "class": "J/27", "year": null, "imgSrc": "https://appwrite.toal.ca/v1/storage/buckets/663594f7001155eee5aa/files/663595c800394eaed548/view?project=65ede55a213134f2b688&mode=admin", "iconSrc": "https://appwrite.toal.ca/v1/storage/buckets/663594f7001155eee5aa/files/663595bd002db349c47b/view?project=65ede55a213134f2b688&mode=admin", "requiredCerts": [], "maxPassengers": 8, "defects": [], "bookingAvailable": null, "$id": "663594a70039a8408753", "$createdAt": "2024-05-04T01:51:35.800+00:00", "$updatedAt": "2024-05-04T01:59:25.214+00:00", "$permissions": [], "$databaseId": "65ee1cbf9c2493faf15f", "$collectionId": "66341910003e287cd71c"}, {"name": "Take5", "displayName": "T5", "class": "J/27", "year": null, "imgSrc": "https://appwrite.toal.ca/v1/storage/buckets/663594f7001155eee5aa/files/663595c800394eaed548/view?project=65ede55a213134f2b688&mode=admin", "iconSrc": "https://appwrite.toal.ca/v1/storage/buckets/663594f7001155eee5aa/files/663595ad002e45213604/view?project=65ede55a213134f2b688&mode=admin", "requiredCerts": [], "maxPassengers": 8, "defects": [], "bookingAvailable": null, "$id": "663596b9000235ffea55", "$createdAt": "2024-05-04T02:00:24.871+00:00", "$updatedAt": "2024-05-04T02:00:24.871+00:00", "$permissions": [], "$databaseId": "65ee1cbf9c2493faf15f", "$collectionId": "66341910003e287cd71c"}, {"name": "Wee Beestie", "displayName": "WB", "class": "Capri 25", "year": null, "imgSrc": "https://apidev.bab.toal.ca/v1/storage/buckets/663594f7001155eee5aa/files/663595d1002085458d4a/view?project=65ede55a213134f2b688", "iconSrc": null, "requiredCerts": [], "maxPassengers": 8, "defects": [], "bookingAvailable": null, "$id": "663597030029b71c7a9b", "$createdAt": "2024-05-04T02:01:39.517+00:00", "$updatedAt": "2024-05-04T02:29:32.827+00:00", "$permissions": [], "$databaseId": "65ee1cbf9c2493faf15f", "$collectionId": "66341910003e287cd71c"}, {"name": "Just My Imagination", "displayName": "JMI", "class": "Siruis 28", "year": null, "imgSrc": "https://appwrite.toal.ca/v1/storage/buckets/663594f7001155eee5aa/files/663595980004adc65134/view?project=65ede55a213134f2b688&mode=admin", "iconSrc": null, "requiredCerts": [], "maxPassengers": 8, "defects": [], "bookingAvailable": true, "$id": "66359729003825946ae1", "$createdAt": "2024-05-04T02:02:17.749+00:00", "$updatedAt": "2024-05-04T11:08:42.882+00:00", "$permissions": [], "$databaseId": "65ee1cbf9c2493faf15f", "$collectionId": "66341910003e287cd71c"}]}

playbooks/files/database/intervalTemplate.json

@@ -0,0 +1 @@
+{"total": 2, "documents": [{"name": "Weekend - Summer", "timeTuple": ["07:00", "11:00", "11:00", "15:00"], "$id": "663c17d70010075c2506", "$createdAt": "2024-05-09T00:24:54.989+00:00", "$updatedAt": "2024-05-09T02:27:55.456+00:00", "$permissions": ["read(\"user:65ede5a2ca44888379bd\")", "update(\"user:65ede5a2ca44888379bd\")", "delete(\"user:65ede5a2ca44888379bd\")"], "$databaseId": "65ee1cbf9c2493faf15f", "$collectionId": "66361f480007fdd639af"}, {"name": "Weekday - Summer", "timeTuple": ["09:00", "12:00", "12:00", "15:00", "15:00", "18:00"], "$id": "663d0890001d054f9cd2", "$createdAt": "2024-05-09T17:32:00.192+00:00", "$updatedAt": "2024-05-10T12:32:42.320+00:00", "$permissions": ["read(\"user:65ede5a2ca44888379bd\")", "update(\"user:65ede5a2ca44888379bd\")", "delete(\"user:65ede5a2ca44888379bd\")"], "$databaseId": "65ee1cbf9c2493faf15f", "$collectionId": "66361f480007fdd639af"}]}

playbooks/files/database/reservation.json

@@ -0,0 +1 @@
+{"total": 3, "documents": [{"user": "65ede5a2ca44888379bd", "start": "2024-05-13T16:00:00.000+00:00", "end": "2024-05-13T19:00:00.000+00:00", "resource": "66359729003825946ae1", "status": "tentative", "$id": "663f8a0b000d219e05c6", "$createdAt": "2024-05-11T15:08:58.860+00:00", "$updatedAt": "2024-05-14T01:50:04.662+00:00", "$permissions": [], "$databaseId": "65ee1cbf9c2493faf15f", "$collectionId": "663f8847000b8f5e29bb"}, {"user": "rich.ohare", "start": "2024-05-17T13:00:00.000+00:00", "end": "2024-05-17T16:00:00.000+00:00", "resource": "66359729003825946ae1", "status": "tentative", "$id": "663f8d880005f9c86b11", "$createdAt": "2024-05-11T15:23:51.749+00:00", "$updatedAt": "2024-05-14T01:49:19.743+00:00", "$permissions": [], "$databaseId": "65ee1cbf9c2493faf15f", "$collectionId": "663f8847000b8f5e29bb"}, {"user": "663e66b200284eb00659", "start": "2024-05-18T13:00:00.000+00:00", "end": "2024-05-18T16:00:00.000+00:00", "resource": "663597030029b71c7a9b", "status": "tentative", "$id": "6642bf91001a583ae6dc", "$createdAt": "2024-05-14T01:34:09.029+00:00", "$updatedAt": "2024-05-17T22:29:26.569+00:00", "$permissions": [], "$databaseId": "65ee1cbf9c2493faf15f", "$collectionId": "663f8847000b8f5e29bb"}]}

playbooks/files/database/skillTag.json

@@ -0,0 +1 @@
+{"total": 3, "documents": [{"name": "basic", "description": "Basic Skills", "tagColour": "", "$id": "660725e4666f2c2ed4b2", "$createdAt": "2024-03-29T20:34:44.420+00:00", "$updatedAt": "2024-04-07T16:19:07.205+00:00", "$permissions": [], "$databaseId": "65ee1cbf9c2493faf15f", "$collectionId": "66072582a74d94a4bd01"}, {"name": "intermediate", "description": "Intermediate Skills", "tagColour": "", "$id": "660725f01f0c4fd286e9", "$createdAt": "2024-03-29T20:34:56.127+00:00", "$updatedAt": "2024-04-07T16:18:56.523+00:00", "$permissions": [], "$databaseId": "65ee1cbf9c2493faf15f", "$collectionId": "66072582a74d94a4bd01"}, {"name": "advanced", "description": "Advanced Skills", "tagColour": "", "$id": "660725f9d40e34565514", "$createdAt": "2024-03-29T20:35:05.869+00:00", "$updatedAt": "2024-04-07T16:18:45.953+00:00", "$permissions": [], "$databaseId": "65ee1cbf9c2493faf15f", "$collectionId": "66072582a74d94a4bd01"}]}

playbooks/files/database/task.json

@@ -0,0 +1 @@
+{"total": 5, "documents": [{"title": "Wash Boat", "description": "Wash the deck, and hull<br>", "required_skills": ["660725e4666f2c2ed4b2"], "tags": ["65ee231947b1dceca3ef"], "duration": 2, "volunteers": [], "volunteers_required": 2, "status": "ready", "depends_on": [], "boat": "", "due_date": "2024-04-02T00:00:00.000+00:00", "$id": "660c73e3c42d9027ffde", "$createdAt": "2024-04-02T21:08:51.804+00:00", "$updatedAt": "2024-04-08T01:27:34.750+00:00", "$permissions": ["read(\"user:65ede5a2ca44888379bd\")", "update(\"user:65ede5a2ca44888379bd\")", "delete(\"user:65ede5a2ca44888379bd\")"], "$databaseId": "65ee1cbf9c2493faf15f", "$collectionId": "65ee1cd5b550023fae4f"}, {"title": "Float the plane", "description": "What does this have to do with boats?<br>", "required_skills": ["660725f9d40e34565514"], "tags": ["65ee231947b1dceca3ef"], "duration": 4, "volunteers": [], "volunteers_required": 2, "status": "ready", "depends_on": [null], "boat": "4", "due_date": "2024-04-05T00:00:00.000+00:00", "$id": "66109c930ed300707ad6", "$createdAt": "2024-04-06T00:51:31.061+00:00", "$updatedAt": "2024-05-03T18:27:55.819+00:00", "$permissions": ["read(\"user:65ede5a2ca44888379bd\")", "update(\"user:65ede5a2ca44888379bd\")", "delete(\"user:65ede5a2ca44888379bd\")"], "$databaseId": "65ee1cbf9c2493faf15f", "$collectionId": "65ee1cd5b550023fae4f"}, {"title": "Testing 123", "description": "This is a testing.<br>", "required_skills": ["660725e4666f2c2ed4b2", "660725f01f0c4fd286e9"], "tags": ["65ee231947b1dceca3ef", "65ee235be89c369cad44"], "duration": 2, "volunteers": [], "volunteers_required": 2, "status": "ready", "depends_on": [], "boat": "2", "due_date": "2024-04-06T00:00:00.000+00:00", "$id": "66118c702d4b5ed06979", "$createdAt": "2024-04-06T17:54:56.186+00:00", "$updatedAt": "2024-04-08T01:27:43.278+00:00", "$permissions": ["read(\"user:65ede5a2ca44888379bd\")", "update(\"user:65ede5a2ca44888379bd\")", "delete(\"user:65ede5a2ca44888379bd\")"], "$databaseId": "65ee1cbf9c2493faf15f", "$collectionId": "65ee1cd5b550023fae4f"}, {"title": "Repair Rudder ", "description": "Rudder is broken.&nbsp; Fix it", "required_skills": ["660725f01f0c4fd286e9"], "tags": ["65ee231947b1dceca3ef"], "duration": 5, "volunteers": [], "volunteers_required": 2, "status": "ready", "depends_on": [], "boat": "3", "due_date": "2024-04-12T00:00:00.000+00:00", "$id": "6614745a1f576420fbed", "$createdAt": "2024-04-08T22:48:58.128+00:00", "$updatedAt": "2024-04-08T22:48:58.128+00:00", "$permissions": ["read(\"user:65ede5a2ca44888379bd\")", "update(\"user:65ede5a2ca44888379bd\")", "delete(\"user:65ede5a2ca44888379bd\")"], "$databaseId": "65ee1cbf9c2493faf15f", "$collectionId": "65ee1cd5b550023fae4f"}, {"title": "Test 53", "description": "", "required_skills": [], "tags": [], "duration": 0, "volunteers": [], "volunteers_required": 0, "status": "ready", "depends_on": [], "boat": null, "due_date": "2024-05-03T00:00:00.000+00:00", "$id": "6634c914ec70293b93a1", "$createdAt": "2024-05-03T11:23:00.969+00:00", "$updatedAt": "2024-05-03T11:23:00.969+00:00", "$permissions": ["read(\"user:65ede5a2ca44888379bd\")", "update(\"user:65ede5a2ca44888379bd\")", "delete(\"user:65ede5a2ca44888379bd\")"], "$databaseId": "65ee1cbf9c2493faf15f", "$collectionId": "65ee1cd5b550023fae4f"}]}

playbooks/files/database/taskTag.json

@@ -0,0 +1 @@
+{"total": 2, "documents": [{"description": "Tasks required for Launch", "name": "launch", "colour": null, "$id": "65ee231947b1dceca3ef", "$createdAt": "2024-03-10T21:16:09.294+00:00", "$updatedAt": "2024-03-30T14:16:46.407+00:00", "$permissions": [], "$databaseId": "65ee1cbf9c2493faf15f", "$collectionId": "65ee21d72d5c8007c34c"}, {"description": "Tasks related to Haulout", "name": "haulout", "colour": null, "$id": "65ee235be89c369cad44", "$createdAt": "2024-03-10T21:17:15.952+00:00", "$updatedAt": "2024-03-30T14:16:32.125+00:00", "$permissions": [], "$databaseId": "65ee1cbf9c2493faf15f", "$collectionId": "65ee21d72d5c8007c34c"}]}

playbooks/investigate_high_cpu.yml

@@ -21,7 +21,7 @@
     - name: Create Problem Template # noqa: no-relative-paths
       ansible.builtin.template:
         mode: '0644'
-        src: '../templates/cpuhog_ticket.j2'
+        src: 'cpuhog_ticket.j2'
         dest: /tmp/cpuhog_details.txt
       delegate_to: localhost
 

playbooks/load_data.yml

@@ -0,0 +1,27 @@
+---
+- name: Provision Beta Test User Accounts
+  hosts: appwrite:&prod
+  gather_facts: false
+  tasks:
+
+    - name: Load json for boats
+      ansible.builtin.set_fact:
+        boat_docs: "{{ lookup( 'ansible.builtin.file', 'files/database/boat.json' ) | ansible.builtin.from_json  }}"
+
+    - name: Use Appwrite REST API to Load data
+      ansible.builtin.uri:
+        url: "{{ appwrite_api_uri }}/databases/{{ bab_database.id }}/collections/boat/documents"
+        method: POST
+        body_format: json
+        headers:
+          X-Appwrite-Response-Format: '{{ appwrite_response_format }}'
+          X-Appwrite-Project: '{{ appwrite_project }}'
+          X-Appwrite-Key: '{{ appwrite_api_key }}'
+        body:
+          documentId: "{{ item['$id'] }}"
+          data: "{{ item| ansible.utils.remove_keys(target=['$id','$databaseId','$collectionId']) }}"
+        status_code: [201, 409]
+        return_content: true
+      register: appwrite_api_result
+      loop: '{{ boat_docs.documents }}'
+      delegate_to: localhost

playbooks/provision_database.yml

@@ -0,0 +1,59 @@
+---
+# TODO: This doesn't have any real idempotency.  Can't compare current and desired states.
+- name: Provision Database
+  hosts: prod:&appwrite
+  gather_facts: false
+  module_defaults:
+    ansible.builtin.uri:
+      body_format: json
+      headers:
+        X-Appwrite-Response-Format: '{{ appwrite_response_format }}'
+        X-Appwrite-Project: '{{ appwrite_project }}'
+        X-Appwrite-Key: '{{ appwrite_api_key }}'
+      return_content: true
+  tasks:
+    - name: Use Appwrite REST API to create new database
+      ansible.builtin.uri:
+        url: "{{ appwrite_api_uri }}/databases"
+        method: POST
+        body:
+          databaseId: "{{ bab_database.id }}"
+          name: "{{ bab_database.name }}"
+          enabled: "{{ bab_database.enabled }}"
+        status_code: [201, 409]
+      register: appwrite_api_result
+      delegate_to: localhost
+
+    - name: Create Collections
+      ansible.builtin.uri:
+        url: "{{ appwrite_api_uri }}/databases/{{ bab_database.id }}/collections/"
+        method: POST
+        body:
+          collectionId: "{{ item.id }}"
+          name: "{{ item.name }}"
+          permissions: "{{ item.permissions }}"
+        status_code: [201, 409]
+      register: appwrite_api_result
+      loop: '{{ bab_database.collections }}'
+      delegate_to: localhost
+
+    # - name: Create Attributes
+    #   ansible.builtin.debug:
+    #     msg: "{{ lookup('ansible.builtin.template', 'appwrite_attribute_template.json.j2') }}"
+    #   register: appwrite_api_result
+    #   loop: "{{ bab_database.collections | subelements('attributes', skip_missing=True) }}"
+    # #   delegate_to: localhost
+
+    - name: Create Attributes
+      ansible.builtin.uri:
+        url: "{{ appwrite_api_uri }}/databases/{{ bab_database.id }}/collections/{{ item[0].id }}/attributes/{{ (item[1].format is defined and item[1].format != '' ) |ternary(item[1].format, item[1].type) }}"
+        method: POST
+        body: "{{ lookup('ansible.builtin.template', 'appwrite_attribute_template.json.j2') }}"
+        status_code: [202, 409]
+      register: appwrite_api_result
+      loop: "{{ bab_database.collections | subelements('attributes', skip_missing=True) }}"
+      delegate_to: localhost
+
+    # - name: Display response
+    #   ansible.builtin.debug:
+    #     var: appwrite_api_result

playbooks/provision_users.yml

@@ -1,6 +1,6 @@
 ---
 - name: Provision Beta Test User Accounts
-  hosts: apidev.bab.toal.ca
+  hosts: appwrite:&prod
   gather_facts: false
   tasks:
     - name: Use Appwrite REST API to create new user

playbooks/read_database.yml

@@ -0,0 +1,52 @@
+---
+- name: Gather Information about Database
+  hosts: appwrite:&dev
+  gather_facts: false
+  module_defaults:
+    ansible.builtin.uri:
+      body_format: json
+      headers:
+        X-Appwrite-Response-Format: '{{ appwrite_response_format }}'
+        X-Appwrite-Project: '{{ appwrite_project }}'
+        X-Appwrite-Key: '{{ appwrite_api_key }}'
+      return_content: true
+  tasks:
+    - name: Get Users
+      ansible.builtin.uri:
+        url: "{{ appwrite_api_uri }}/users"
+        method: GET
+      register: appwrite_api_result
+      delegate_to: localhost
+
+    - name: Display response
+      ansible.builtin.debug:
+        var: appwrite_api_result
+
+    - name: Get database info
+      ansible.builtin.uri:
+        url: "{{ appwrite_api_uri }}/databases/{{ bab_database.id }}"
+        method: GET
+      register: appwrite_api_result
+      delegate_to: localhost
+
+    - name: Get collection info
+      ansible.builtin.uri:
+        url: "{{ appwrite_api_uri }}/databases/{{ bab_database.id }}/collections"
+        method: GET
+      register: appwrite_collections
+      delegate_to: localhost
+
+    - name: Get documents from each table
+      ansible.builtin.uri:
+        url: "{{ appwrite_api_uri }}/databases/{{ bab_database.id }}/collections/{{ item['$id'] }}/documents"
+        method: GET
+      loop: "{{ appwrite_collections.json.collections }}"
+      delegate_to: localhost
+      register: document_results
+
+    - name: Save Data
+      ansible.builtin.copy:
+        dest: 'files/database/{{ item.item.name }}.json'
+        content: '{{ item.json }}'
+      loop: "{{ document_results.results }}"
+      delegate_to: localhost

playbooks/templates/act_runner.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Act Runner for automatic builds from Gitea.
+
+[Service]
+Environment="DOCKER_HOST=unix://{{ lookup('ansible.builtin.env','XDG_RUNTIME_DIR') }}/podman/podman.sock"
+Type=simple
+ExecStart=/home/ptoal/act_runner daemon
+Restart=on-failure
+StandardOutput=file:%h/log_file
+
+[Install]
+WantedBy=default.target

playbooks/templates/appwrite_attribute_template.json.j2

@@ -0,0 +1,11 @@
+{
+  "key": "{{ item[1].key }}",
+  "required": {{ item[1].required }},
+  {% if item[1].default is defined and item[1].default and item[1].default != "null" %}"default": "{{ item[1].default }}",{% endif %}
+  {% if item[1].array is defined %}"array": {{ item[1].array }}, {% endif %}
+  {% if item[1].elements is defined %}"elements": [{% for e in item[1].elements %}"{{ e }}"{%- if not loop.last %},{% endif %}{% endfor %}],{% endif %}
+  {% if item[1].min is defined %}"min": {{ item[1].min | int }},{% endif %}
+  {% if item[1].max is defined %}"max": {{ item[1].max | int }},{% endif %}
+  {% if item[1].size is defined %}"size": {{ item[1].size | int }},{% endif %}
+  {% if item[1].encrypt is defined %}"encrypt": {{ item[1].encrypt }}{% endif%}
+}

playbooks/templates/cpuhog_ticket.j2

@@ -0,0 +1,19 @@
+= CPUHog Report =
+A high CPU event was triggered from AlertManager.
+
+{% if ansible_eda is defined %}
+Annotations: "{{ ansible_eda.event.alert.annotations }}"
+Generator URL: "{{ ansible_eda.event.alert.generatorURL }}"
+Severity: "{{ ansible_eda.event.alert.labels.severity }}"
+Instance: "{{ ansible_eda.event.alert.labels.instance }}"
+{% endif %}
+
+** Top CPU Consumers **
+{% for line in processes_cpu.stdout_lines[0:10] %}
+{{ line }}
+{% endfor %}
+
+** Top Memory Consumers **
+{% for line in processes_mem.stdout_lines[0:10] %}
+{{ line }}
+{% endfor %}

playbooks/update_certificates.yml

@@ -1,51 +0,0 @@
----
-- name: Request and INstall Certs from Red Hat IdM
-  hosts: webservers
-  become: true
-
-  tasks:
-    - name: Ensure the IPA client and OpenSSL are installed
-      ansible.builtin.package:
-        name:
-          - ipa-client
-          - openssl
-        state: present
-
-    - name: Generate private key
-      community.crypto.openssl_privatekey:
-        path: "{{ key_path }}"
-        size: 2048
-
-    - name: Generate CSR
-      community.crypto.openssl_csr:
-        path: "{{ csr_path }}"
-        privatekey_path: "{{ key_path }}"
-        common_name: "{{ ansible_fqdn }}"
-        subject: "{{ cert_subject }}"
-        key_usage:
-          - digitalSignature
-          - keyEncipherment
-        extended_key_usage:
-          - serverAuth
-
-    - name: Request a certificate from IdM
-      redhat.rhel_idm.ipacert:
-        ipaadmin_password: "{{ ipa_admin_password }}"
-        csr_path: "{{ csr_path }}"
-        principal: "HTTP/{{ ansible_fqdn }}@{{ ipa_domain }}"
-        cert_profile: "HTTP_Server"
-        cert_out_path: "{{ cert_path }}"
-      register: cert_result
-
-    - name: Install the certificate
-      ansible.builtin.copy:
-        content: "{{ cert_result.certificate }}"
-        dest: "{{ cert_path }}"
-      notify:
-        - restart web server
-
-  handlers:
-    - name: restart web server
-      ansible.builtin.service:
-        name: httpd
-        state: restarted