This commit is contained in:
Víðir Valberg Guðmundsson 2022-11-26 10:47:37 +01:00
parent 62850cfba0
commit c870c2f14e
13 changed files with 45 additions and 32 deletions

View file

@ -42,7 +42,7 @@ use_default_rules: true
# Ansible-lint completely ignores rules or tags listed below # Ansible-lint completely ignores rules or tags listed below
skip_list: skip_list:
- skip_this_tag - no-log-password
# Ansible-lint does not automatically load rules that have the 'opt-in' tag. # Ansible-lint does not automatically load rules that have the 'opt-in' tag.
# You must enable opt-in rules by listing each rule 'id' below. # You must enable opt-in rules by listing each rule 'id' below.

View file

@ -2,7 +2,7 @@
repos: repos:
- repo: https://github.com/lyz-code/yamlfix/ - repo: https://github.com/lyz-code/yamlfix/
rev: master rev: 1.1.1
hooks: hooks:
- id: yamlfix - id: yamlfix

View file

@ -1,5 +1,6 @@
--- ---
- hosts: all - name: Deploy data.coop services
hosts: all
gather_facts: true gather_facts: true
become: true become: true
vars: vars:
@ -14,9 +15,11 @@
smtp_port: '587' smtp_port: '587'
tasks: tasks:
- import_role: - name: Setup host basics
ansible.builtin.import_role:
name: ubuntu_base name: ubuntu_base
tags: tags:
- base_only - base_only
- import_role: - name: Deploy docker containers (services)
ansible.builtin.import_role:
name: docker name: docker

View file

@ -1,5 +1,5 @@
--- ---
- name: restart nginx - name: Restart nginx
community.docker.docker_container: community.docker.docker_container:
name: nginx-proxy name: nginx-proxy
restart: 'yes' restart: 'yes'

View file

@ -1,33 +1,33 @@
--- ---
- name: add docker gpg key - name: Add docker gpg key
apt_key: ansible.builtin.apt_key:
keyserver: pgp.mit.edu keyserver: pgp.mit.edu
id: 8D81803C0EBFCD88 id: 8D81803C0EBFCD88
state: present state: present
- name: add docker apt repository - name: Add docker apt repository
ansible.builtin.apt_repository: ansible.builtin.apt_repository:
repo: deb https://download.docker.com/linux/ubuntu bionic stable repo: deb https://download.docker.com/linux/ubuntu bionic stable
state: present state: present
update_cache: true update_cache: true
- name: install docker-ce - name: Install docker-ce
ansible.builtin.apt: ansible.builtin.apt:
name: docker-ce name: docker-ce
state: present state: present
- name: install docker python bindings - name: Install docker python bindings
pip: ansible.builtin.pip:
executable: pip3 executable: pip3
name: docker-compose name: docker-compose
state: present state: present
- name: create folder structure for bind mounts - name: Create folder structure for bind mounts
ansible.builtin.file: ansible.builtin.file:
name: '{{ volume_root_folder }}' name: '{{ volume_root_folder }}'
state: directory state: directory
- name: setup services - name: Setup services
import_tasks: services.yml ansible.builtin.import_tasks: services.yml
tags: tags:
- setup_services - setup_services

View file

@ -4,10 +4,12 @@
name: external_services name: external_services
- name: setup services - name: setup services
include_tasks: services/{{ item.value.file }} include_tasks: services/{{ docker_service.value.file }}
loop: '{{ services | dict2items }}' loop: '{{ services | dict2items }}'
when: single_service is not defined and item.value.file is defined and item.value.disabled_in_vagrant loop_control:
is not defined loop_var: docker_service
when: single_service is not defined and docker_service.value.file is defined and
docker_service.value.disabled_in_vagrant is not defined
- name: setup single service - name: setup single service
include_tasks: services/{{ services[single_service].file }} include_tasks: services/{{ services[single_service].file }}

View file

@ -24,8 +24,8 @@
REGISTRY_AUTH_HTPASSWD_REALM: data.coop docker registry REGISTRY_AUTH_HTPASSWD_REALM: data.coop docker registry
- name: generate htpasswd file - name: generate htpasswd file
shell: docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > {{ shell: docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > services.docker_registry.volume_folder
services.docker_registry.volume_folder }}/auth/htpasswd }}/auth/htpasswd
args: args:
creates: '{{ services.docker_registry.volume_folder }}/auth/htpasswd' creates: '{{ services.docker_registry.volume_folder }}/auth/htpasswd'

View file

@ -50,8 +50,10 @@
- name: upload vhost config for riot domain - name: upload vhost config for riot domain
ansible.builtin.template: ansible.builtin.template:
src: files/configs/matrix/vhost-riot src: files/configs/matrix/vhost-riot
dest: '{{ services.nginx_proxy.volume_folder }}/vhost/{{ item }}' dest: '{{ services.nginx_proxy.volume_folder }}/vhost/{{ domain }}'
loop: '{{ services.riot.domains }}' loop: '{{ services.riot.domains }}'
loop_control:
loop_var: domain
- name: upload homeserver.yaml - name: upload homeserver.yaml
ansible.builtin.template: ansible.builtin.template:

View file

@ -16,7 +16,7 @@
when: not vagrant when: not vagrant
- name: Install necessary packages via pip - name: Install necessary packages via pip
pip: ansible.builtin.pip:
name: '{{ packages }}' name: '{{ packages }}'
vars: vars:
packages: packages:

View file

@ -1,6 +1,6 @@
--- ---
- name: Import dell apt signing key - name: Import dell apt signing key
apt_key: ansible.builtin.apt_key:
id: 1285491434D8786F id: 1285491434D8786F
keyserver: keyserver.ubuntu.com keyserver: keyserver.ubuntu.com

View file

@ -20,3 +20,5 @@
- port: 587 # Email - port: 587 # Email
- port: 993 # Email - port: 993 # Email
- port: 19022 # SSH - port: 19022 # SSH
loop_control:
loop_var: ubuntu_base_port

View file

@ -1,19 +1,23 @@
--- ---
- name: Add users - name: Add users
user: user:
name: '{{ item.name }}' name: '{{ ubuntu_base_user.name }}'
comment: '{{ item.comment }}' comment: '{{ ubuntu_base_user.comment }}'
password: '{{ item.password }}' password: '{{ ubuntu_base_user.password }}'
groups: '{{ item.groups }}' groups: '{{ ubuntu_base_user.groups }}'
update_password: always update_password: always
loop: '{{ users | default([]) }}' loop: '{{ users | default([]) }}'
loop_control:
loop_var: ubuntu_base_user
- name: Add ssh authorized_keys - name: Add ssh authorized_keys
ansible.posix.authorized_key: ansible.posix.authorized_key:
user: '{{ item.name }}' user: '{{ ubuntu_base_user.name }}'
key: "{{ item.ssh_keys | join('\n') }}" key: "{{ ubuntu_base_user.ssh_keys | join('\n') }}"
exclusive: true exclusive: true
loop: '{{ users | default([]) }}' loop: '{{ users | default([]) }}'
loop_control:
loop_var: ubuntu_base_user
- name: Add ssh authorized_keys to root user - name: Add ssh authorized_keys to root user
ansible.posix.authorized_key: ansible.posix.authorized_key: