chore: added iac

Signed-off-by: ITQ <itq.dev@ya.ru>

infrastructure/iac/ansible/roles/coolify/defaults/main.yaml

@@ -0,0 +1,19 @@
+---
+coolify_state: present  # latest | present | absent
+coolify_remove_data_on_absent: false
+coolify_base_dir: /data/coolify
+
+coolify_docker_network: coolify
+coolify_http_port: 8000
+
+coolify_owner: 9999
+coolify_group: root
+coolify_compose_files:
+  - docker-compose.yml
+  - docker-compose.prod.yml
+
+coolify_container_names:
+  - coolify
+  - coolify-db
+  - coolify-redis
+  - coolify-realtime

infrastructure/iac/ansible/roles/coolify/tasks/delete.yaml

@@ -0,0 +1,120 @@
+---
+- name: Check if Coolify is running before uninstallation
+  community.docker.docker_container_info:
+    name: "{{ item }}"
+  loop: "{{ coolify_container_names }}"
+  register: coolify_containers_pre_uninstall
+  ignore_errors: true
+  tags: coolify, deletion, pre-check
+
+- name: Stop and remove Coolify services (compose down)
+  become: true
+  community.docker.docker_compose_v2:
+    project_src: "{{ coolify_base_dir }}/source"
+    files: "{{ coolify_compose_files }}"
+    state: absent
+    remove_orphans: true
+    remove_volumes: false
+  ignore_errors: true
+  tags: coolify, docker, deletion
+
+- name: Force remove any remaining Coolify containers
+  community.docker.docker_container:
+    name: "{{ item.item }}"
+    state: absent
+    force_kill: true
+    force_remove: true
+  loop: "{{ coolify_containers_pre_uninstall.results }}"
+  when: 
+    - item.exists | default(false)
+    - coolify_remove_data_on_absent | bool
+  ignore_errors: true
+  tags: coolify, docker, deletion
+
+- name: Remove Coolify files and data (conditional)
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - "{{ coolify_base_dir }}/source"
+    - "{{ coolify_base_dir }}/applications"
+    - "{{ coolify_base_dir }}/databases"
+    - "{{ coolify_base_dir }}/backups"
+    - "{{ coolify_base_dir }}/services"
+    - "{{ coolify_base_dir }}/proxy"
+    - "{{ coolify_base_dir }}/webhooks-during-maintenance"
+    - "{{ coolify_base_dir }}/ssh"
+    - "{{ coolify_base_dir }}/sentinel"
+  when: coolify_remove_data_on_absent | bool
+  tags: coolify, files, deletion, data
+
+- name: Remove base directory if empty (only when requested)
+  ansible.builtin.file:
+    path: "{{ coolify_base_dir }}"
+    state: absent
+  when: coolify_remove_data_on_absent | bool
+  tags: coolify, files, deletion, data
+
+- name: Remove Coolify docker volumes (find)
+  community.docker.docker_volume_info:
+    name: "^coolify_.*"
+  register: coolify_volumes
+  ignore_errors: true
+  when: coolify_remove_data_on_absent | bool
+  tags: coolify, docker, deletion
+
+- name: Remove Coolify docker volumes
+  community.docker.docker_volume:
+    name: "{{ item.Name }}"
+    state: absent
+    force: true
+  loop: "{{ coolify_volumes.volumes | default([]) }}"
+  when: coolify_volumes is defined and coolify_volumes.volumes | length > 0
+  tags: coolify, docker, deletion
+
+- name: Remove Coolify docker network
+  community.docker.docker_network:
+    name: "{{ coolify_docker_network }}"
+    state: absent
+    force: "{{ coolify_remove_data_on_absent | bool }}"
+  ignore_errors: true
+  when: coolify_remove_data_on_absent | bool
+  tags: coolify, docker, deletion
+
+- name: Prune Coolify images
+  become: true
+  community.docker.docker_prune:
+    images: true
+    images_filters:
+      reference: "ghcr.io/coollabsio/*"
+    build_cache: true
+  ignore_errors: true
+  when: coolify_remove_data_on_absent | bool
+  tags: coolify, docker, deletion
+
+- name: Prune unused Docker resources
+  become: true
+  community.docker.docker_prune:
+    containers: true
+    images: false
+    networks: true
+    volumes: false
+    builder_cache: true
+  ignore_errors: true
+  when: coolify_remove_data_on_absent | bool
+  tags: coolify, docker, deletion
+
+- name: Verify Coolify removal
+  community.docker.docker_container_info:
+    name: "{{ item }}"
+  loop: "{{ coolify_container_names }}"
+  register: coolify_containers_post_uninstall
+  ignore_errors: true
+  tags: coolify, deletion, verification
+
+- name: Display uninstallation message
+  ansible.builtin.debug:
+    msg:
+      - "Coolify has been uninstalled"
+      - "Application data preserved: {{ not coolify_remove_data_on_absent }}"
+  tags: coolify, deletion

infrastructure/iac/ansible/roles/coolify/tasks/install.yaml

@@ -0,0 +1,111 @@
+---
+- name: Install prerequisites (apt)
+  ansible.builtin.apt:
+    name:
+      - curl
+      - openssl
+    state: present
+    update_cache: true
+    cache_valid_time: 3600
+  tags: coolify, prerequisites, installation
+
+- name: Ensure Docker service is started and enabled
+  ansible.builtin.systemd:
+    name: docker
+    state: started
+    enabled: true
+  tags: coolify, docker, installation
+
+- name: Create Coolify directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ coolify_owner }}"
+    group: "{{ coolify_group }}"
+    mode: '0750'
+  loop:
+    - "{{ coolify_base_dir }}/source"
+    - "{{ coolify_base_dir }}/ssh/keys"
+    - "{{ coolify_base_dir }}/ssh/mux"
+    - "{{ coolify_base_dir }}/applications"
+    - "{{ coolify_base_dir }}/databases"
+    - "{{ coolify_base_dir }}/backups"
+    - "{{ coolify_base_dir }}/services"
+    - "{{ coolify_base_dir }}/proxy/dynamic"
+    - "{{ coolify_base_dir }}/webhooks-during-maintenance"
+  tags: coolify, files, installation
+
+- name: Download Coolify configuration files
+  ansible.builtin.get_url:
+    url: "https://cdn.coollabs.io/coolify/{{ item.file }}"
+    dest: "{{ coolify_base_dir }}/source/{{ item.dest }}"
+    mode: '0644'
+  loop:
+    - { file: "docker-compose.yml", dest: "docker-compose.yml" }
+    - { file: "docker-compose.prod.yml", dest: "docker-compose.prod.yml" }
+    - { file: "upgrade.sh", dest: "upgrade.sh" }
+  tags: coolify, files, installation
+
+- name: Ensure .env exists from template (only when missing)
+  ansible.builtin.stat:
+    path: "{{ coolify_base_dir }}/source/.env"
+  register: env_file_check
+  tags: coolify, files, installation
+
+- name: Create .env from template when missing
+  ansible.builtin.template:
+    src: "templates/.env.production.j2"
+    dest: "{{ coolify_base_dir }}/source/.env"
+    mode: '0640'
+  when: not env_file_check.stat.exists
+  tags: coolify, files, installation
+
+- name: Ensure correct ownership and permissions recursively
+  ansible.builtin.file:
+    path: "{{ coolify_base_dir }}"
+    owner: "{{ coolify_owner }}"
+    group: "{{ coolify_group }}"
+    mode: '0750'
+    recurse: true
+  tags: coolify, permissions, installation
+
+- name: Ensure Docker network exists
+  become: true
+  community.docker.docker_network:
+    name: "{{ coolify_docker_network }}"
+    driver: bridge
+    attachable: true
+    state: present
+  tags: coolify, docker, installation
+
+- name: Start Coolify services
+  become: true
+  community.docker.docker_compose_v2:
+    project_src: "{{ coolify_base_dir }}/source"
+    files: "{{ coolify_compose_files }}"
+    pull: always
+    state: present
+    wait: true
+    wait_timeout: 300
+  tags: coolify, docker, installation
+
+- name: Wait for Coolify HTTP to respond
+  ansible.builtin.uri:
+    url: "http://localhost:{{ coolify_http_port }}"
+    method: GET
+    status_code: 200
+    timeout: 30
+    body_format: json
+  register: coolify_health
+  until: coolify_health.status == 200
+  retries: 10
+  delay: 10
+  tags: coolify, health, installation
+
+- name: Show installed message
+  ansible.builtin.debug:
+    msg:
+      - "Coolify installed successfully"
+      - "All containers are healthy and responding"
+      - "Access at: http://{{ ansible_host }}:{{ coolify_http_port }}"
+  tags: coolify, installation

infrastructure/iac/ansible/roles/coolify/tasks/main.yaml

@@ -0,0 +1,51 @@
+---
+- name: Validate coolify_state parameter
+  ansible.builtin.assert:
+    that:
+      - coolify_state in ['present', 'absent', 'latest']
+    msg: "coolify_state must be one of: present, absent, latest"
+  tags: always
+
+- name: Check if Coolify is installed (compose file exists)
+  ansible.builtin.stat:
+    path: "{{ coolify_base_dir }}/source/{{ coolify_compose_files[0] }}"
+  register: coolify_installed
+  tags: always
+
+- name: Check Coolify container status
+  community.docker.docker_container_info:
+    name: "{{ item }}"
+  loop: "{{ coolify_container_names }}"
+  register: coolify_containers
+  when: coolify_installed.stat.exists
+  tags: always
+
+- name: Set Coolify health fact
+  ansible.builtin.set_fact:
+    coolify_healthy: "{{ coolify_containers.results | selectattr('container', 'defined') | selectattr('container.State.Health.Status', 'defined') | selectattr('container.State.Health.Status', 'equalto', 'healthy') | list | length == coolify_container_names | length }}"
+  when: coolify_containers is defined and coolify_containers.results is defined
+  tags: always
+
+- name: Include deletion tasks if state is absent
+  ansible.builtin.include_tasks: delete.yaml
+  when: coolify_state == 'absent'
+  tags: coolify, deletion
+
+- name: Include installation tasks when desired and not installed
+  ansible.builtin.include_tasks: install.yaml
+  when: (coolify_state in ['present','latest']) and not coolify_installed.stat.exists
+  tags: coolify, installation
+
+- name: Include update tasks when latest requested and already installed
+  ansible.builtin.include_tasks: update.yaml
+  when: (coolify_state == 'latest') and coolify_installed.stat.exists
+  tags: coolify, update
+
+- name: Show status when present and already installed
+  ansible.builtin.debug:
+    msg:
+      - "Coolify is already installed and running"
+      - "Containers healthy: {{ coolify_healthy | default('unknown') }}"
+      - "Access at: http://{{ ansible_host }}:{{ coolify_http_port }}"
+  when: (coolify_state == 'present') and coolify_installed.stat.exists | default(false)
+  tags: coolify, status

infrastructure/iac/ansible/roles/coolify/tasks/update.yaml

@@ -0,0 +1,32 @@
+---
+- name: Update Coolify services with recreate
+  community.docker.docker_compose_v2:
+    project_src: "{{ coolify_base_dir }}/source"
+    files: "{{ coolify_compose_files }}"
+    pull: always
+    state: present
+    recreate: always
+    wait: true
+    wait_timeout: 300
+  tags: coolify, update
+
+- name: Wait for Coolify HTTP to respond after update
+  ansible.builtin.uri:
+    url: "http://localhost:{{ coolify_http_port }}"
+    method: GET
+    status_code: 200
+    timeout: 30
+    body_format: json
+  register: coolify_health_after_update
+  until: coolify_health_after_update.status == 200
+  retries: 10
+  delay: 10
+  tags: coolify, update, health
+
+- name: Show update success message
+  ansible.builtin.debug:
+    msg:
+      - "Coolify updated successfully to latest version"
+      - "All containers are healthy and responding"
+      - "Access at: http://{{ ansible_host }}:{{ coolify_http_port }}"
+  tags: coolify, update

infrastructure/iac/ansible/roles/coolify/templates/.env.production.j2

@@ -0,0 +1,18 @@
+APP_ID={{ coolify_app_id | default(lookup('pipe','openssl rand -hex 16')) }}
+APP_NAME={{ coolify_app_name | default('Coolify') }}
+APP_KEY={{ coolify_app_key | default('base64:' ~ lookup('pipe','openssl rand -base64 32')) }}
+
+DB_USERNAME={{ coolify_db_username | default('coolify') }}
+DB_PASSWORD={{ coolify_db_password | default(lookup('pipe','openssl rand -base64 32')) }}
+
+REDIS_PASSWORD={{ coolify_redis_password | default(lookup('pipe','openssl rand -base64 32')) }}
+
+PUSHER_APP_ID={{ coolify_pusher_app_id | default(lookup('pipe','openssl rand -hex 32')) }}
+PUSHER_APP_KEY={{ coolify_pusher_app_key | default(lookup('pipe','openssl rand -hex 32')) }}
+PUSHER_APP_SECRET={{ coolify_pusher_app_secret | default(lookup('pipe','openssl rand -hex 32')) }}
+
+ROOT_USERNAME={{ coolify_root_username | default('') }}
+ROOT_USER_EMAIL={{ coolify_root_email | default('') }}
+ROOT_USER_PASSWORD={{ coolify_root_password | default('') }}
+
+REGISTRY_URL={{ coolify_registry_url | default('ghcr.io') }}