WIP.
This commit is contained in:
parent
62850cfba0
commit
c870c2f14e
|
@ -42,7 +42,7 @@ use_default_rules: true
|
||||||
|
|
||||||
# Ansible-lint completely ignores rules or tags listed below
|
# Ansible-lint completely ignores rules or tags listed below
|
||||||
skip_list:
|
skip_list:
|
||||||
- skip_this_tag
|
- no-log-password
|
||||||
|
|
||||||
# Ansible-lint does not automatically load rules that have the 'opt-in' tag.
|
# Ansible-lint does not automatically load rules that have the 'opt-in' tag.
|
||||||
# You must enable opt-in rules by listing each rule 'id' below.
|
# You must enable opt-in rules by listing each rule 'id' below.
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
repos:
|
repos:
|
||||||
|
|
||||||
- repo: https://github.com/lyz-code/yamlfix/
|
- repo: https://github.com/lyz-code/yamlfix/
|
||||||
rev: master
|
rev: 1.1.1
|
||||||
hooks:
|
hooks:
|
||||||
- id: yamlfix
|
- id: yamlfix
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
---
|
---
|
||||||
- hosts: all
|
- name: Deploy data.coop services
|
||||||
|
hosts: all
|
||||||
gather_facts: true
|
gather_facts: true
|
||||||
become: true
|
become: true
|
||||||
vars:
|
vars:
|
||||||
|
@ -14,9 +15,11 @@
|
||||||
smtp_port: '587'
|
smtp_port: '587'
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- import_role:
|
- name: Setup host basics
|
||||||
|
ansible.builtin.import_role:
|
||||||
name: ubuntu_base
|
name: ubuntu_base
|
||||||
tags:
|
tags:
|
||||||
- base_only
|
- base_only
|
||||||
- import_role:
|
- name: Deploy docker containers (services)
|
||||||
|
ansible.builtin.import_role:
|
||||||
name: docker
|
name: docker
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
- name: restart nginx
|
- name: Restart nginx
|
||||||
community.docker.docker_container:
|
community.docker.docker_container:
|
||||||
name: nginx-proxy
|
name: nginx-proxy
|
||||||
restart: 'yes'
|
restart: 'yes'
|
||||||
|
|
|
@ -1,33 +1,33 @@
|
||||||
---
|
---
|
||||||
- name: add docker gpg key
|
- name: Add docker gpg key
|
||||||
apt_key:
|
ansible.builtin.apt_key:
|
||||||
keyserver: pgp.mit.edu
|
keyserver: pgp.mit.edu
|
||||||
id: 8D81803C0EBFCD88
|
id: 8D81803C0EBFCD88
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: add docker apt repository
|
- name: Add docker apt repository
|
||||||
ansible.builtin.apt_repository:
|
ansible.builtin.apt_repository:
|
||||||
repo: deb https://download.docker.com/linux/ubuntu bionic stable
|
repo: deb https://download.docker.com/linux/ubuntu bionic stable
|
||||||
state: present
|
state: present
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
|
||||||
- name: install docker-ce
|
- name: Install docker-ce
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name: docker-ce
|
name: docker-ce
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: install docker python bindings
|
- name: Install docker python bindings
|
||||||
pip:
|
ansible.builtin.pip:
|
||||||
executable: pip3
|
executable: pip3
|
||||||
name: docker-compose
|
name: docker-compose
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: create folder structure for bind mounts
|
- name: Create folder structure for bind mounts
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
name: '{{ volume_root_folder }}'
|
name: '{{ volume_root_folder }}'
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
- name: setup services
|
- name: Setup services
|
||||||
import_tasks: services.yml
|
ansible.builtin.import_tasks: services.yml
|
||||||
tags:
|
tags:
|
||||||
- setup_services
|
- setup_services
|
||||||
|
|
|
@ -4,10 +4,12 @@
|
||||||
name: external_services
|
name: external_services
|
||||||
|
|
||||||
- name: setup services
|
- name: setup services
|
||||||
include_tasks: services/{{ item.value.file }}
|
include_tasks: services/{{ docker_service.value.file }}
|
||||||
loop: '{{ services | dict2items }}'
|
loop: '{{ services | dict2items }}'
|
||||||
when: single_service is not defined and item.value.file is defined and item.value.disabled_in_vagrant
|
loop_control:
|
||||||
is not defined
|
loop_var: docker_service
|
||||||
|
when: single_service is not defined and docker_service.value.file is defined and
|
||||||
|
docker_service.value.disabled_in_vagrant is not defined
|
||||||
|
|
||||||
- name: setup single service
|
- name: setup single service
|
||||||
include_tasks: services/{{ services[single_service].file }}
|
include_tasks: services/{{ services[single_service].file }}
|
||||||
|
|
|
@ -24,8 +24,8 @@
|
||||||
REGISTRY_AUTH_HTPASSWD_REALM: data.coop docker registry
|
REGISTRY_AUTH_HTPASSWD_REALM: data.coop docker registry
|
||||||
|
|
||||||
- name: generate htpasswd file
|
- name: generate htpasswd file
|
||||||
shell: docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > {{
|
shell: docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > services.docker_registry.volume_folder
|
||||||
services.docker_registry.volume_folder }}/auth/htpasswd
|
}}/auth/htpasswd
|
||||||
args:
|
args:
|
||||||
creates: '{{ services.docker_registry.volume_folder }}/auth/htpasswd'
|
creates: '{{ services.docker_registry.volume_folder }}/auth/htpasswd'
|
||||||
|
|
||||||
|
|
|
@ -50,8 +50,10 @@
|
||||||
- name: upload vhost config for riot domain
|
- name: upload vhost config for riot domain
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: files/configs/matrix/vhost-riot
|
src: files/configs/matrix/vhost-riot
|
||||||
dest: '{{ services.nginx_proxy.volume_folder }}/vhost/{{ item }}'
|
dest: '{{ services.nginx_proxy.volume_folder }}/vhost/{{ domain }}'
|
||||||
loop: '{{ services.riot.domains }}'
|
loop: '{{ services.riot.domains }}'
|
||||||
|
loop_control:
|
||||||
|
loop_var: domain
|
||||||
|
|
||||||
- name: upload homeserver.yaml
|
- name: upload homeserver.yaml
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
|
|
@ -8,8 +8,8 @@
|
||||||
networks:
|
networks:
|
||||||
- name: external_services
|
- name: external_services
|
||||||
env:
|
env:
|
||||||
VIRTUAL_HOST: new-new.{{ services.data_coop_website.domains|join(',') }}
|
VIRTUAL_HOST: new-new.{{ services.data_coop_website.domains | join(',') }}
|
||||||
LETSENCRYPT_HOST: new-new.{{ services.data_coop_website.domains|join(',')
|
LETSENCRYPT_HOST: new-new.{{ services.data_coop_website.domains | join(',')
|
||||||
}}
|
}}
|
||||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||||
# The ssh-key is for read-only only
|
# The ssh-key is for read-only only
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
when: not vagrant
|
when: not vagrant
|
||||||
|
|
||||||
- name: Install necessary packages via pip
|
- name: Install necessary packages via pip
|
||||||
pip:
|
ansible.builtin.pip:
|
||||||
name: '{{ packages }}'
|
name: '{{ packages }}'
|
||||||
vars:
|
vars:
|
||||||
packages:
|
packages:
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: Import dell apt signing key
|
- name: Import dell apt signing key
|
||||||
apt_key:
|
ansible.builtin.apt_key:
|
||||||
id: 1285491434D8786F
|
id: 1285491434D8786F
|
||||||
keyserver: keyserver.ubuntu.com
|
keyserver: keyserver.ubuntu.com
|
||||||
|
|
||||||
|
|
|
@ -20,3 +20,5 @@
|
||||||
- port: 587 # Email
|
- port: 587 # Email
|
||||||
- port: 993 # Email
|
- port: 993 # Email
|
||||||
- port: 19022 # SSH
|
- port: 19022 # SSH
|
||||||
|
loop_control:
|
||||||
|
loop_var: ubuntu_base_port
|
||||||
|
|
|
@ -1,19 +1,23 @@
|
||||||
---
|
---
|
||||||
- name: Add users
|
- name: Add users
|
||||||
user:
|
user:
|
||||||
name: '{{ item.name }}'
|
name: '{{ ubuntu_base_user.name }}'
|
||||||
comment: '{{ item.comment }}'
|
comment: '{{ ubuntu_base_user.comment }}'
|
||||||
password: '{{ item.password }}'
|
password: '{{ ubuntu_base_user.password }}'
|
||||||
groups: '{{ item.groups }}'
|
groups: '{{ ubuntu_base_user.groups }}'
|
||||||
update_password: always
|
update_password: always
|
||||||
loop: '{{ users | default([]) }}'
|
loop: '{{ users | default([]) }}'
|
||||||
|
loop_control:
|
||||||
|
loop_var: ubuntu_base_user
|
||||||
|
|
||||||
- name: Add ssh authorized_keys
|
- name: Add ssh authorized_keys
|
||||||
ansible.posix.authorized_key:
|
ansible.posix.authorized_key:
|
||||||
user: '{{ item.name }}'
|
user: '{{ ubuntu_base_user.name }}'
|
||||||
key: "{{ item.ssh_keys | join('\n') }}"
|
key: "{{ ubuntu_base_user.ssh_keys | join('\n') }}"
|
||||||
exclusive: true
|
exclusive: true
|
||||||
loop: '{{ users | default([]) }}'
|
loop: '{{ users | default([]) }}'
|
||||||
|
loop_control:
|
||||||
|
loop_var: ubuntu_base_user
|
||||||
|
|
||||||
- name: Add ssh authorized_keys to root user
|
- name: Add ssh authorized_keys to root user
|
||||||
ansible.posix.authorized_key:
|
ansible.posix.authorized_key:
|
||||||
|
|
Loading…
Reference in a new issue