--- # create directories - name: "create omni directories" ansible.builtin.file: path: "{{ item }}" state: "directory" mode: "0755" loop: - "/mnt/omni" - "/mnt/omni/data" - "/mnt/omni/etcd-vol" # omni etcd key - name: "etcd key" ansible.builtin.copy: dest: "/mnt/omni/omni.asc" owner: "root" group: "root" mode: "0644" content: "{{ omni_etcd_priv_key }}" notify: "restart omni" # omni domain key - name: "link - omni domain key" ansible.builtin.file: src: "/root/.acme.sh/simoncor.net_ecc/simoncor.net.key" dest: "/mnt/omni/omni.key" state: "link" # omni domain cert - name: "link - omni domain cert" ansible.builtin.file: src: "/root/.acme.sh/simoncor.net_ecc/fullchain.cer" dest: "/mnt/omni/omni.pem" state: "link" # run omni - name: "run omni" community.docker.docker_container: container_default_behavior: "no_defaults" detach: "yes" pull: "always" state: "started" name: "omni" image: "ghcr.io/siderolabs/omni:v1.5.11" restart_policy: "unless-stopped" network_mode: "host" capabilities: - "NET_ADMIN" devices: - "/dev/net/tun" volumes: - "/mnt/omni/etcd-vol:/_out/etcd" - "/mnt/omni/data/:/data" - "/mnt/omni/omni.asc:/omni.asc" - "/mnt/omni/omni.pem:/tls.crt" - "/mnt/omni/omni.key:/tls.key" command: >- --account-id={{ omni_account_uuid }} --advertised-api-url="https://api.{{ omni_domain }}" --advertised-kubernetes-proxy-url="https://kube.{{ omni_domain }}:8100" --auth-auth0-client-id={{ auth0_client_id }} --auth-auth0-domain={{ auth0_domain }} --auth-auth0-enabled=true --bind-addr=0.0.0.0:443 --cert=/tls.crt --event-sink-port=8091 --initial-users={{ omni_sso_user }} --k8s-proxy-bind-addr=0.0.0.0:8100 --key=/tls.key --machine-api-bind-addr=0.0.0.0:8090 --machine-api-cert=/tls.crt --machine-api-key=/tls.key --name=omni --private-key-source='file:///omni.asc' --siderolink-api-advertised-url="https://{{ omni_domain }}:8090" --siderolink-wireguard-advertised-addr="{{ omni_ip }}:50180" --sqlite-storage-path=/data/omni-sqlite.db