From 9a589e0db4e32bd0ad1a16ef25696755694704be Mon Sep 17 00:00:00 2001
From: Alex Tavarez <admin@sukaato.moe>
Date: Fri, 4 Jul 2025 14:53:57 -0400
Subject: [PATCH] Last commit before an entire reworking of Ansible here

---
 playbooks/cengine.init.yaml | 52 +++++++++++++++++++++++++++++++------
 1 file changed, 44 insertions(+), 8 deletions(-)

diff --git a/playbooks/cengine.init.yaml b/playbooks/cengine.init.yaml
index cabe97e..fb6534d 100644
--- a/playbooks/cengine.init.yaml
+++ b/playbooks/cengine.init.yaml
@@ -19,14 +19,14 @@
       become: true
     - name: Ensure possession of cloned repository with Compose files
       ansible.builtin.git:
-        repo: senpai@sukaato.moe:repos/sukaato-compose.git # @TODO: replace with Ansible variable
+        repo: "{{ lookup('ansible.builtin.env', 'ANSIBLE_CENG_SSH_REPO', default='senpai@sukaato.moe:repos/sukaato-compose.git') }}"
         dest: ~/dev/sukaato-compose
         version: latest
       register: sshgit
       ignore_errors: true
     - name: Ensure possession of cloned repository with Compose files
       ansible.builtin.git:
-        repo: 'https://git.sukaato.moe/' # @TODO: Finish HTTPS URI (or replace with Ansible variable)
+        repo: "{{ lookup('ansible.builtin.env', 'ANSIBLE_CENG_HTTPS_REPO', default='https://git.sukaato.moe/') }}" # @TODO: Finish HTTPS URI
         dest: ~/dev/sukaato-compose
         version: latest
       register: webgit
@@ -93,6 +93,10 @@
           containers.podman.podman_image:
             name: gitea/gitea
             tag: 1.23-rootless
+        - name: Ensure possession of Shlink container image
+          containers.podman.podman_image:
+            name: shlinkio/shlink
+            tag: stable
         - name: Ensure existence of shared network for Caddy reverse proxying
           containers.podman.podman_network:
             name: caddynet
@@ -102,7 +106,7 @@
         - name: Create secret for PostgreSQL database container
           containers.podman.podman_secret: # @TODO: Look into other Postgres authentication methods
             name: postgres_pass
-            data: "admin" # @TODO: Replace value with Ansible variable
+            data: "{{ lookup('ansible.builtin.env', 'ANSIBLE_POSTGRES_PASSWORD', default='administrator') }}"
             state: present
         - name: Ensure containers are running with appropriate configuration
           containers.podman.podman_containers:
@@ -127,8 +131,10 @@
                   stop_timeout: 120
                   names: true
                   container_prefix: pm@
-              - name: nextcloud-aio-mastercontainer # @TODO: fill out rest of needed attributes
-                state: present # @TODO: Change to "started" later on
+                # requires:
+                #   - "db"
+              - name: nextcloud-aio-mastercontainer
+                state: started
                 restart_policy: on-failure:5
                 image: nextcloud/all-in-one
                 init: true
@@ -151,9 +157,11 @@
                   stop_timeout: 120
                   names: true
                   container_prefix: pm@
+                requires:
+                  - "revproxy"
               # @NOTE: Below container has internal ports 3000 (web UI & HTTPS git) and 2222 (SSH git)
               - name: http_git # @TODO: Fill out rest of needed attributes
-                state: present # @TODO: Change to "started" later on
+                state: started
                 restart_policy: on-failure:5
                 image: gitea/gitea
                 volumes:
@@ -164,14 +172,19 @@
                 network:
                   - "caddynet"
                   - "sharenet"
+                generate_systemd:
+                  restart_policy: always
+                  stop_timeout: 120
+                  names: true
+                  container_prefix: pm@
                 requires:
-                  - "db"
+                  - "revproxy"
               # @NOTE: Postgres (below) default port is 5432
               - name: db
                 state: present
                 restart_policy: on-failure:5
                 image: postgres
-                # shm_size: 128mb # @TODO: Specify share of memory for container
+                shm_size: "{{ lookup('ansible.builtin.env', 'ANSIBLE_DB_CENG_SHARE', default='128m') }}"
                 volumes:
                   - "~/.config/postgres:/etc/postgresql"
                 network:
@@ -181,3 +194,26 @@
                   POSTGRES_USER: senpai
                   POSTGRES_DB: mem
                   POSTGRESS_PASSWORD_FILE: /run/secrets/postgres_pass # @TODO: Look into other Postgres authentication methods
+                generate_systemd:
+                  restart_policy: always
+                  stop_timeout: 120
+                  names: true
+                  container_prefix: pm@
+                # @NOTE: Below container internal port is 8080
+              - name: shlinks
+                state: present
+                restart_policy: on-failure:5
+                image: shlinkio/shlink
+                env:
+                  DEFAULT_DOMAIN: "{{ lookup('ansible.builtin.env', 'ANSIBLE_SHORTLINK_DOMAIN', default='sukaato.moe') }}"
+                  BASE_PATH: /s
+                  IS_HTTPS_ENABLED: false
+                  MEMORY_LIMIT: 128m
+                  DELETE_SHORT_URL_THRESHOLD: "{{ lookup('ansible.builtin.env', 'ANSIBLE_SHORTLINK_POP_FLOOR', default='600') }}"
+                  DEFAULT_SHORT_CODES_LENGTH: 6
+                  # INITIAL_API_KEY: 
+                generate_systemd:
+                  restart_policy: always
+                  stop_timeout: 120
+                  names: true
+                  container_prefix: pm@