From 800166c2ac0f11df30dc58b54182801b5166a8e9 Mon Sep 17 00:00:00 2001
From: Maddox <maddox@3ddbrewery.com>
Date: Thu, 29 Jan 2026 12:39:36 +0000
Subject: [PATCH] Fix download-stack healthchecks to test external connectivity

The localhost healthchecks didn't detect when gluetun's network
namespace died - services still responded locally but couldn't
reach the internet. Changed healthchecks to curl http://1.1.1.1
which requires the VPN tunnel to be working.

Also adds phpmyadmin, phppgadmin compose files and deploy playbook.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .../databases/phpmyadmin/docker-compose.yml   |  34 ++++++
 .../databases/phppgadmin/docker-compose.yml   |  34 ++++++
 .../download-stack/docker-compose.yml         |   4 +-
 playbooks/deploy-db-admin-tools.yml           | 104 ++++++++++++++++++
 4 files changed, 174 insertions(+), 2 deletions(-)
 create mode 100644 compose-files/databases/phpmyadmin/docker-compose.yml
 create mode 100644 compose-files/databases/phppgadmin/docker-compose.yml
 create mode 100644 playbooks/deploy-db-admin-tools.yml

diff --git a/compose-files/databases/phpmyadmin/docker-compose.yml b/compose-files/databases/phpmyadmin/docker-compose.yml
new file mode 100644
index 0000000..aa65389
--- /dev/null
+++ b/compose-files/databases/phpmyadmin/docker-compose.yml
@@ -0,0 +1,34 @@
+services:
+  phpmyadmin:
+    image: phpmyadmin:latest
+    container_name: phpmyadmin
+    hostname: phpmyadmin
+    environment:
+      # Multiple MySQL hosts: Hetzner (im), NAS (different ports)
+      - PMA_HOSTS=192.168.12.3,192.168.1.251,192.168.1.251
+      - PMA_PORTS=3306,33306,3306
+      - MAX_EXECUTION_TIME=300
+      - MEMORY_LIMIT=512M
+      - UPLOAD_LIMIT=2048K
+      - TZ=America/Indiana/Indianapolis
+    ports:
+      - "2500:80"
+    restart: unless-stopped
+    networks:
+      - proxy
+    deploy:
+      resources:
+        limits:
+          memory: 512M
+          cpus: '1.0'
+    labels:
+      - "autoheal=true"
+      - "com.centurylinklabs.watchtower.enable=true"
+      - "homepage.group=Infrastructure"
+      - "homepage.name=Phpmyadmin"
+      - "homepage.icon=phpmyadmin.png"
+      - "homepage.href=https://php.3ddbrewery.com"
+
+networks:
+  proxy:
+    external: true
diff --git a/compose-files/databases/phppgadmin/docker-compose.yml b/compose-files/databases/phppgadmin/docker-compose.yml
new file mode 100644
index 0000000..af73f59
--- /dev/null
+++ b/compose-files/databases/phppgadmin/docker-compose.yml
@@ -0,0 +1,34 @@
+services:
+  phppgadmin:
+    image: dockage/phppgadmin:latest
+    container_name: phppgadmin
+    hostname: phppgadmin
+    environment:
+      # PostgreSQL on Hetzner (im)
+      - PHP_PG_ADMIN_SERVER_HOST=192.168.12.2
+      - PHP_PG_ADMIN_SERVER_PORT=55432
+      - PHP_PG_ADMIN_SERVER_SSL_MODE=allow
+    ports:
+      - "5183:80"
+      - "4433:443"
+    restart: unless-stopped
+    volumes:
+      - ./data:/data
+    networks:
+      - proxy
+    deploy:
+      resources:
+        limits:
+          memory: 256M
+          cpus: '0.5'
+    labels:
+      - "autoheal=true"
+      - "com.centurylinklabs.watchtower.enable=true"
+      - "homepage.group=Infrastructure"
+      - "homepage.name=PhpPGadmin"
+      - "homepage.icon=postgres.png"
+      - "homepage.href=https://phppgadmin.3ddbrewery.com"
+
+networks:
+  proxy:
+    external: true
diff --git a/compose-files/download-stack/download-stack/docker-compose.yml b/compose-files/download-stack/download-stack/docker-compose.yml
index 0c6c911..8df2899 100644
--- a/compose-files/download-stack/download-stack/docker-compose.yml
+++ b/compose-files/download-stack/download-stack/docker-compose.yml
@@ -65,7 +65,7 @@ services:
       - /mnt/nas/media:/media
     network_mode: service:gluetun
     healthcheck:
-      test: ["CMD-SHELL", "curl -sf http://localhost:6789 || exit 1"]
+      test: ["CMD-SHELL", "curl -sf --max-time 5 http://1.1.1.1 || exit 1"]
       interval: 30s
       timeout: 10s
       retries: 3
@@ -104,7 +104,7 @@ services:
       - /mnt/nas/media:/media
     network_mode: service:gluetun
     healthcheck:
-      test: ["CMD-SHELL", "curl -sf http://localhost:80 || exit 1"]
+      test: ["CMD-SHELL", "curl -sf --max-time 5 http://1.1.1.1 || exit 1"]
       interval: 30s
       timeout: 10s
       retries: 3
diff --git a/playbooks/deploy-db-admin-tools.yml b/playbooks/deploy-db-admin-tools.yml
new file mode 100644
index 0000000..57a172b
--- /dev/null
+++ b/playbooks/deploy-db-admin-tools.yml
@@ -0,0 +1,104 @@
+---
+# Deploy Database Admin Tools to databases VM
+# Deploys: phpmyadmin, phppgadmin
+# Target: databases (192.168.1.81)
+
+- name: Deploy Database Admin Tools
+  hosts: databases
+  vars:
+    appdata_path: /home/docker/appdata
+    compose_src: "{{ playbook_dir }}/../compose-files/databases"
+  
+  tasks:
+    # =========================================================================
+    # PHPMYADMIN
+    # =========================================================================
+    - name: Create phpmyadmin directory
+      ansible.builtin.file:
+        path: "{{ appdata_path }}/phpmyadmin"
+        state: directory
+        mode: '0755'
+    
+    - name: Copy phpmyadmin docker-compose.yml
+      ansible.builtin.copy:
+        src: "{{ compose_src }}/phpmyadmin/docker-compose.yml"
+        dest: "{{ appdata_path }}/phpmyadmin/docker-compose.yml"
+        mode: '0644'
+    
+    - name: Deploy phpmyadmin container
+      community.docker.docker_compose_v2:
+        project_src: "{{ appdata_path }}/phpmyadmin"
+        state: present
+        pull: always
+      register: phpmyadmin_result
+    
+    - name: Show phpmyadmin status
+      ansible.builtin.debug:
+        msg: "phpMyAdmin deployed: {{ phpmyadmin_result.changed }}"
+
+    # =========================================================================
+    # PHPPGADMIN
+    # =========================================================================
+    - name: Create phppgadmin directory
+      ansible.builtin.file:
+        path: "{{ appdata_path }}/phppgadmin"
+        state: directory
+        mode: '0755'
+    
+    - name: Create phppgadmin data directory
+      ansible.builtin.file:
+        path: "{{ appdata_path }}/phppgadmin/data"
+        state: directory
+        mode: '0755'
+    
+    - name: Create phppgadmin logs directory
+      ansible.builtin.file:
+        path: "{{ appdata_path }}/phppgadmin/logs"
+        state: directory
+        mode: '0755'
+    
+    - name: Copy phppgadmin docker-compose.yml
+      ansible.builtin.copy:
+        src: "{{ compose_src }}/phppgadmin/docker-compose.yml"
+        dest: "{{ appdata_path }}/phppgadmin/docker-compose.yml"
+        mode: '0644'
+    
+    - name: Deploy phppgadmin container
+      community.docker.docker_compose_v2:
+        project_src: "{{ appdata_path }}/phppgadmin"
+        state: present
+        pull: always
+      register: phppgadmin_result
+    
+    - name: Show phppgadmin status
+      ansible.builtin.debug:
+        msg: "phpPgAdmin deployed: {{ phppgadmin_result.changed }}"
+
+    # =========================================================================
+    # VERIFICATION
+    # =========================================================================
+    - name: Wait for phpmyadmin to be ready
+      ansible.builtin.uri:
+        url: "http://localhost:2500"
+        status_code: 200
+        timeout: 5
+      register: pma_health
+      retries: 10
+      delay: 5
+      until: pma_health.status == 200
+
+    - name: Wait for phppgadmin to be ready
+      ansible.builtin.uri:
+        url: "http://localhost:5183"
+        status_code: [200, 302]
+        timeout: 5
+      register: pga_health
+      retries: 10
+      delay: 5
+      until: pga_health.status in [200, 302]
+    
+    - name: Summary
+      ansible.builtin.debug:
+        msg:
+          - "✅ phpMyAdmin: http://192.168.1.81:2500"
+          - "✅ phpPgAdmin: http://192.168.1.81:5183"