WIP.
This commit is contained in:
parent
62850cfba0
commit
c870c2f14e
|
@ -42,7 +42,7 @@ use_default_rules: true
|
|||
|
||||
# Ansible-lint completely ignores rules or tags listed below
|
||||
skip_list:
|
||||
- skip_this_tag
|
||||
- no-log-password
|
||||
|
||||
# Ansible-lint does not automatically load rules that have the 'opt-in' tag.
|
||||
# You must enable opt-in rules by listing each rule 'id' below.
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
repos:
|
||||
|
||||
- repo: https://github.com/lyz-code/yamlfix/
|
||||
rev: master
|
||||
rev: 1.1.1
|
||||
hooks:
|
||||
- id: yamlfix
|
||||
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
- hosts: all
|
||||
- name: Deploy data.coop services
|
||||
hosts: all
|
||||
gather_facts: true
|
||||
become: true
|
||||
vars:
|
||||
|
@ -14,9 +15,11 @@
|
|||
smtp_port: '587'
|
||||
|
||||
tasks:
|
||||
- import_role:
|
||||
- name: Setup host basics
|
||||
ansible.builtin.import_role:
|
||||
name: ubuntu_base
|
||||
tags:
|
||||
- base_only
|
||||
- import_role:
|
||||
- name: Deploy docker containers (services)
|
||||
ansible.builtin.import_role:
|
||||
name: docker
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
- name: restart nginx
|
||||
- name: Restart nginx
|
||||
community.docker.docker_container:
|
||||
name: nginx-proxy
|
||||
restart: 'yes'
|
||||
|
|
|
@ -1,33 +1,33 @@
|
|||
---
|
||||
- name: add docker gpg key
|
||||
apt_key:
|
||||
- name: Add docker gpg key
|
||||
ansible.builtin.apt_key:
|
||||
keyserver: pgp.mit.edu
|
||||
id: 8D81803C0EBFCD88
|
||||
state: present
|
||||
|
||||
- name: add docker apt repository
|
||||
- name: Add docker apt repository
|
||||
ansible.builtin.apt_repository:
|
||||
repo: deb https://download.docker.com/linux/ubuntu bionic stable
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: install docker-ce
|
||||
- name: Install docker-ce
|
||||
ansible.builtin.apt:
|
||||
name: docker-ce
|
||||
state: present
|
||||
|
||||
- name: install docker python bindings
|
||||
pip:
|
||||
- name: Install docker python bindings
|
||||
ansible.builtin.pip:
|
||||
executable: pip3
|
||||
name: docker-compose
|
||||
state: present
|
||||
|
||||
- name: create folder structure for bind mounts
|
||||
- name: Create folder structure for bind mounts
|
||||
ansible.builtin.file:
|
||||
name: '{{ volume_root_folder }}'
|
||||
state: directory
|
||||
|
||||
- name: setup services
|
||||
import_tasks: services.yml
|
||||
- name: Setup services
|
||||
ansible.builtin.import_tasks: services.yml
|
||||
tags:
|
||||
- setup_services
|
||||
|
|
|
@ -4,10 +4,12 @@
|
|||
name: external_services
|
||||
|
||||
- name: setup services
|
||||
include_tasks: services/{{ item.value.file }}
|
||||
include_tasks: services/{{ docker_service.value.file }}
|
||||
loop: '{{ services | dict2items }}'
|
||||
when: single_service is not defined and item.value.file is defined and item.value.disabled_in_vagrant
|
||||
is not defined
|
||||
loop_control:
|
||||
loop_var: docker_service
|
||||
when: single_service is not defined and docker_service.value.file is defined and
|
||||
docker_service.value.disabled_in_vagrant is not defined
|
||||
|
||||
- name: setup single service
|
||||
include_tasks: services/{{ services[single_service].file }}
|
||||
|
|
|
@ -24,8 +24,8 @@
|
|||
REGISTRY_AUTH_HTPASSWD_REALM: data.coop docker registry
|
||||
|
||||
- name: generate htpasswd file
|
||||
shell: docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > {{
|
||||
services.docker_registry.volume_folder }}/auth/htpasswd
|
||||
shell: docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > services.docker_registry.volume_folder
|
||||
}}/auth/htpasswd
|
||||
args:
|
||||
creates: '{{ services.docker_registry.volume_folder }}/auth/htpasswd'
|
||||
|
||||
|
|
|
@ -50,8 +50,10 @@
|
|||
- name: upload vhost config for riot domain
|
||||
ansible.builtin.template:
|
||||
src: files/configs/matrix/vhost-riot
|
||||
dest: '{{ services.nginx_proxy.volume_folder }}/vhost/{{ item }}'
|
||||
dest: '{{ services.nginx_proxy.volume_folder }}/vhost/{{ domain }}'
|
||||
loop: '{{ services.riot.domains }}'
|
||||
loop_control:
|
||||
loop_var: domain
|
||||
|
||||
- name: upload homeserver.yaml
|
||||
ansible.builtin.template:
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
when: not vagrant
|
||||
|
||||
- name: Install necessary packages via pip
|
||||
pip:
|
||||
ansible.builtin.pip:
|
||||
name: '{{ packages }}'
|
||||
vars:
|
||||
packages:
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: Import dell apt signing key
|
||||
apt_key:
|
||||
ansible.builtin.apt_key:
|
||||
id: 1285491434D8786F
|
||||
keyserver: keyserver.ubuntu.com
|
||||
|
||||
|
|
|
@ -20,3 +20,5 @@
|
|||
- port: 587 # Email
|
||||
- port: 993 # Email
|
||||
- port: 19022 # SSH
|
||||
loop_control:
|
||||
loop_var: ubuntu_base_port
|
||||
|
|
|
@ -1,19 +1,23 @@
|
|||
---
|
||||
- name: Add users
|
||||
user:
|
||||
name: '{{ item.name }}'
|
||||
comment: '{{ item.comment }}'
|
||||
password: '{{ item.password }}'
|
||||
groups: '{{ item.groups }}'
|
||||
name: '{{ ubuntu_base_user.name }}'
|
||||
comment: '{{ ubuntu_base_user.comment }}'
|
||||
password: '{{ ubuntu_base_user.password }}'
|
||||
groups: '{{ ubuntu_base_user.groups }}'
|
||||
update_password: always
|
||||
loop: '{{ users | default([]) }}'
|
||||
loop_control:
|
||||
loop_var: ubuntu_base_user
|
||||
|
||||
- name: Add ssh authorized_keys
|
||||
ansible.posix.authorized_key:
|
||||
user: '{{ item.name }}'
|
||||
key: "{{ item.ssh_keys | join('\n') }}"
|
||||
user: '{{ ubuntu_base_user.name }}'
|
||||
key: "{{ ubuntu_base_user.ssh_keys | join('\n') }}"
|
||||
exclusive: true
|
||||
loop: '{{ users | default([]) }}'
|
||||
loop_control:
|
||||
loop_var: ubuntu_base_user
|
||||
|
||||
- name: Add ssh authorized_keys to root user
|
||||
ansible.posix.authorized_key:
|
||||
|
|
Loading…
Reference in a new issue