Add shell to users

Vagrantfile

@@ -13,7 +13,8 @@ Vagrant.configure(2) do |config|
   config.vm.hostname = "datacoop"
 
   config.vm.provider :virtualbox do |v|
-    v.memory = 8192
+    v.cpus = 8
+    v.memory = 16384
   end
 
   config.vm.provision :ansible do |ansible|
@@ -26,7 +27,12 @@ Vagrant.configure(2) do |config|
     if provisioned?
       config.ssh.guest_port = PORT
       ansible.extra_vars = {
-        ansible_port: PORT
+        ansible_port: PORT,
+        from_vagrant: true
+      }
+    else
+      ansible.extra_vars = {
+        from_vagrant: true
       }
     end
   end

playbook.yml

@@ -6,7 +6,7 @@
   vars:
     ldap_dn: "dc=data,dc=coop"
 
-    vagrant: "{{ ansible_virtualization_role == 'guest' }}"
+    vagrant: "{{ from_vagrant is defined and from_vagrant }}"
     letsencrypt_enabled: "{{ not vagrant }}"
 
     base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"

roles/docker/defaults/main.yml

@@ -1,6 +1,7 @@
 # vim: ft=yaml.ansible
 ---
 volume_root_folder: "/docker-volumes"
+volume_website_folder: "{{ volume_root_folder }}/websites"
 
 services:
 
@@ -114,6 +115,7 @@ services:
   data_coop_website:
     domain: "{{ base_domain }}"
     www_domain: "www.{{ base_domain }}"
+    volume_folder: "{{ volume_website_folder }}/datacoop"
     pre_deploy_tasks: true
     version: stable
     staging_domain: "staging.{{ base_domain }}"
@@ -121,20 +123,24 @@ services:
 
   slides_2022_website:
     domain: "2022.slides.{{ base_domain }}"
+    volume_folder: "{{ volume_website_folder }}/slides-2022"
     version: latest
 
   fedi_dk_website:
     domain: fedi.dk
+    volume_folder: "{{ volume_website_folder }}/fedidk"
     version: latest
 
   vhs_website:
     domain: vhs.data.coop
+    volume_folder: "{{ volume_website_folder }}/vhs"
     version: latest
 
   cryptohagen_website:
     domains:
       - "cryptohagen.dk"
       - "www.cryptohagen.dk"
+    volume_folder: "{{ volume_website_folder }}/cryptohagen"
 
   ulovliglogning_website:
     domains:
@@ -142,11 +148,13 @@ services:
       - "www.ulovliglogning.dk"
       - "ulovlig-logning.dk"
       - "www.ulovlig-logning.dk"
+    volume_folder: "{{ volume_website_folder }}/ulovliglogning"
 
   cryptoaarhus_website:
     domains:
       - "cryptoaarhus.dk"
       - "www.cryptoaarhus.dk"
+    volume_folder: "{{ volume_website_folder }}/cryptoaarhus"
 
   drone:
     domain: "drone.{{ base_domain }}"

roles/docker/handlers/main.yml

@@ -1,7 +1,6 @@
 # vim: ft=yaml.ansible
 ---
-- name: "restart nginx"
-  community.docker.docker_container:
-    name: "nginx-proxy"
-    restart: "yes"
-    state: "started"
+- name: restart nginx
+  command: docker compose restart proxy
+  args:
+    chdir: "{{ services.nginx_proxy.volume_folder }}"

roles/docker/tasks/block.yml

@@ -0,0 +1,24 @@
+# vim: ft=yaml.ansible
+---
+- name: Create volume folder for service {{ service.name }}
+  file:
+    name: "{{ service.vars.volume_folder }}"
+    state: directory
+
+- name: Upload Compose file for service {{ service.name }}
+  template:
+    src: compose-files/{{ service.name }}.yml.j2
+    dest: "{{ service.vars.volume_folder }}/docker-compose.yml"
+
+- name: Run pre-deployment tasks for service {{ service.name }}
+  include_tasks: pre_deploy/{{ service.name }}.yml
+  when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks
+
+- name: Deploy Compose stack for service {{ service.name }}
+  command: docker compose up -d --remove-orphans --pull always
+  args:
+    chdir: "{{ service.vars.volume_folder }}"
+
+- name: Run post-deployment tasks for service {{ service.name }}
+  include_tasks: post_deploy/{{ service.name }}.yml
+  when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks

roles/docker/tasks/services.yml

@@ -1,64 +1,24 @@
 # vim: ft=yaml.ansible
 ---
-- name: setup external services network
+- name: Set up external services network
   docker_network:
     name: external_services
 
-- name: Service block for all services
+- name: Deploy all services
+  include_tasks:
+    file: block.yml
+  vars:
+    service: "{{ item }}"
   loop: "{{ services | dict2items(key_name='name', value_name='vars') }}"
-  loop_control:
-    loop_var: service
   when: single_service is not defined and
-        (service.vars.disabled_in_vagrant is not defined or
-        not (service.vars.disabled_in_vagrant and vagrant))
-  block:
-    - name: Create volume folder
-      file:
-        name: "{{ service.vars.volume_folder }}"
-        state: directory
+        (item.vars.disabled_in_vagrant is not defined or
+        not (item.vars.disabled_in_vagrant and vagrant))
 
-    - name: Upload Compose file
-      template:
-        src: compose-files/{{ service.name }}.yml.j2
-        dest: "{{ service.vars.volume_folder }}/docker-compose.yml"
-
-    - name: Run pre-deployment tasks
-      include_tasks: pre_deploy/{{ service.name }}.yml
-      when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks
-
-    - name: Deploy Compose stack
-      command: docker compose up -d --remove-orphans --pull always
-      args:
-        chdir: "{{ service.vars.volume_folder }}"
-
-    - name: Run post-deployment tasks
-      include_tasks: post_deploy/{{ service.name }}.yml
-      when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks
-
-- name: Service block for a single service
+- name: Deploy single service
+  include_tasks:
+    file: block.yml
+  vars:
+    service: "{{ {single_service: services[single_service]} | dict2items(key_name='name', value_name='vars') | join }}"
   when: single_service is defined and single_service in services and
         (services[single_service].disabled_in_vagrant is not defined or
         not (services[single_service].disabled_in_vagrant and vagrant))
-  block:
-    - name: Create volume folder
-      file:
-        name: "{{ services[single_service].volume_folder }}"
-        state: directory
-
-    - name: Upload Compose file
-      template:
-        src: compose-files/{{ single_service }}.yml.j2
-        dest: "{{ services[single_service].volume_folder }}/docker-compose.yml"
-
-    - name: Run pre-deployment tasks
-      include_tasks: pre_deploy/{{ single_service }}.yml
-      when: services[single_service].pre_deploy_tasks is defined and services[single_service].pre_deploy_tasks
-
-    - name: Deploy Compose stack
-      command: docker compose up -d --remove-orphans --pull always
-      args:
-        chdir: "{{ services[single_service].volume_folder }}"
-
-    - name: Run post-deployment tasks
-      include_tasks: post_deploy/{{ single_service }}.yml
-      when: services[single_service].post_deploy_tasks is defined and services[single_service].post_deploy_tasks

roles/docker/templates/compose-files/data_coop_website.yml.j2

@@ -2,7 +2,7 @@
 version: "3.8"
 
 services:
-  prod:
+  prod-web:
     image: docker.data.coop/data-coop-website:{{ services.data_coop_website.version }}
     restart: unless-stopped
     networks:
@@ -12,7 +12,7 @@ services:
       LETSENCRYPT_HOST: "{{ services.data_coop_website.domain }},{{ services.data_coop_website.www_domain }}"
       LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
 
-  staging:
+  staging-web:
     image: docker.data.coop/data-coop-website:{{ services.data_coop_website.staging_version }}
     restart: unless-stopped
     networks:

roles/docker/templates/compose-files/netdata.yml.j2

@@ -24,7 +24,7 @@ services:
     security_opt:
       - apparmor:unconfined
 
-  socket_proxy:
+  socket-proxy:
     image: tecnativa/docker-socket-proxy:latest
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock:ro"

roles/ubuntu_base/tasks/users.yml

@@ -6,7 +6,8 @@
     comment: "{{ item.comment }}"
     password: "{{ item.password }}"
     groups: "{{ item.groups }}"
-    update_password: "always"
+    update_password: always
+    shell: /bin/bash
   loop: "{{ users | default([]) }}"
 
 - name: "Add ssh authorized_keys"