Compare commits
10 commits
6cb06d43f1
...
2966e6715b
Author | SHA1 | Date | |
---|---|---|---|
Sam A. | 2966e6715b | ||
Sam A. | 5ae78bcd17 | ||
Sam A. | 3dc4e14c15 | ||
Sam A. | af6a130695 | ||
Sam A. | 98fcc2d634 | ||
Sam A. | 3ac2d83971 | ||
Sam A. | 3001317e20 | ||
Sam A. | 301d1b7719 | ||
Sam A. | f8b4e49f7f | ||
Sam A. | d0b23d4ef5 |
10
Vagrantfile
vendored
10
Vagrantfile
vendored
|
@ -13,7 +13,8 @@ Vagrant.configure(2) do |config|
|
||||||
config.vm.hostname = "datacoop"
|
config.vm.hostname = "datacoop"
|
||||||
|
|
||||||
config.vm.provider :virtualbox do |v|
|
config.vm.provider :virtualbox do |v|
|
||||||
v.memory = 8192
|
v.cpus = 8
|
||||||
|
v.memory = 16384
|
||||||
end
|
end
|
||||||
|
|
||||||
config.vm.provision :ansible do |ansible|
|
config.vm.provision :ansible do |ansible|
|
||||||
|
@ -26,7 +27,12 @@ Vagrant.configure(2) do |config|
|
||||||
if provisioned?
|
if provisioned?
|
||||||
config.ssh.guest_port = PORT
|
config.ssh.guest_port = PORT
|
||||||
ansible.extra_vars = {
|
ansible.extra_vars = {
|
||||||
ansible_port: PORT
|
ansible_port: PORT,
|
||||||
|
from_vagrant: true
|
||||||
|
}
|
||||||
|
else
|
||||||
|
ansible.extra_vars = {
|
||||||
|
from_vagrant: true
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
vars:
|
vars:
|
||||||
ldap_dn: "dc=data,dc=coop"
|
ldap_dn: "dc=data,dc=coop"
|
||||||
|
|
||||||
vagrant: "{{ ansible_virtualization_role == 'guest' }}"
|
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
|
||||||
letsencrypt_enabled: "{{ not vagrant }}"
|
letsencrypt_enabled: "{{ not vagrant }}"
|
||||||
|
|
||||||
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
|
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
volume_root_folder: "/docker-volumes"
|
volume_root_folder: "/docker-volumes"
|
||||||
|
volume_website_folder: "{{ volume_root_folder }}/websites"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
|
|
||||||
|
@ -114,6 +115,7 @@ services:
|
||||||
data_coop_website:
|
data_coop_website:
|
||||||
domain: "{{ base_domain }}"
|
domain: "{{ base_domain }}"
|
||||||
www_domain: "www.{{ base_domain }}"
|
www_domain: "www.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_website_folder }}/datacoop"
|
||||||
pre_deploy_tasks: true
|
pre_deploy_tasks: true
|
||||||
version: stable
|
version: stable
|
||||||
staging_domain: "staging.{{ base_domain }}"
|
staging_domain: "staging.{{ base_domain }}"
|
||||||
|
@ -121,20 +123,24 @@ services:
|
||||||
|
|
||||||
slides_2022_website:
|
slides_2022_website:
|
||||||
domain: "2022.slides.{{ base_domain }}"
|
domain: "2022.slides.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_website_folder }}/slides-2022"
|
||||||
version: latest
|
version: latest
|
||||||
|
|
||||||
fedi_dk_website:
|
fedi_dk_website:
|
||||||
domain: fedi.dk
|
domain: fedi.dk
|
||||||
|
volume_folder: "{{ volume_website_folder }}/fedidk"
|
||||||
version: latest
|
version: latest
|
||||||
|
|
||||||
vhs_website:
|
vhs_website:
|
||||||
domain: vhs.data.coop
|
domain: vhs.data.coop
|
||||||
|
volume_folder: "{{ volume_website_folder }}/vhs"
|
||||||
version: latest
|
version: latest
|
||||||
|
|
||||||
cryptohagen_website:
|
cryptohagen_website:
|
||||||
domains:
|
domains:
|
||||||
- "cryptohagen.dk"
|
- "cryptohagen.dk"
|
||||||
- "www.cryptohagen.dk"
|
- "www.cryptohagen.dk"
|
||||||
|
volume_folder: "{{ volume_website_folder }}/cryptohagen"
|
||||||
|
|
||||||
ulovliglogning_website:
|
ulovliglogning_website:
|
||||||
domains:
|
domains:
|
||||||
|
@ -142,11 +148,13 @@ services:
|
||||||
- "www.ulovliglogning.dk"
|
- "www.ulovliglogning.dk"
|
||||||
- "ulovlig-logning.dk"
|
- "ulovlig-logning.dk"
|
||||||
- "www.ulovlig-logning.dk"
|
- "www.ulovlig-logning.dk"
|
||||||
|
volume_folder: "{{ volume_website_folder }}/ulovliglogning"
|
||||||
|
|
||||||
cryptoaarhus_website:
|
cryptoaarhus_website:
|
||||||
domains:
|
domains:
|
||||||
- "cryptoaarhus.dk"
|
- "cryptoaarhus.dk"
|
||||||
- "www.cryptoaarhus.dk"
|
- "www.cryptoaarhus.dk"
|
||||||
|
volume_folder: "{{ volume_website_folder }}/cryptoaarhus"
|
||||||
|
|
||||||
drone:
|
drone:
|
||||||
domain: "drone.{{ base_domain }}"
|
domain: "drone.{{ base_domain }}"
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: "restart nginx"
|
- name: restart nginx
|
||||||
community.docker.docker_container:
|
command: docker compose restart proxy
|
||||||
name: "nginx-proxy"
|
args:
|
||||||
restart: "yes"
|
chdir: "{{ services.nginx_proxy.volume_folder }}"
|
||||||
state: "started"
|
|
||||||
|
|
24
roles/docker/tasks/block.yml
Normal file
24
roles/docker/tasks/block.yml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create volume folder for service {{ service.name }}
|
||||||
|
file:
|
||||||
|
name: "{{ service.vars.volume_folder }}"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Upload Compose file for service {{ service.name }}
|
||||||
|
template:
|
||||||
|
src: compose-files/{{ service.name }}.yml.j2
|
||||||
|
dest: "{{ service.vars.volume_folder }}/docker-compose.yml"
|
||||||
|
|
||||||
|
- name: Run pre-deployment tasks for service {{ service.name }}
|
||||||
|
include_tasks: pre_deploy/{{ service.name }}.yml
|
||||||
|
when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks
|
||||||
|
|
||||||
|
- name: Deploy Compose stack for service {{ service.name }}
|
||||||
|
command: docker compose up -d --remove-orphans --pull always
|
||||||
|
args:
|
||||||
|
chdir: "{{ service.vars.volume_folder }}"
|
||||||
|
|
||||||
|
- name: Run post-deployment tasks for service {{ service.name }}
|
||||||
|
include_tasks: post_deploy/{{ service.name }}.yml
|
||||||
|
when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks
|
|
@ -1,64 +1,24 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: setup external services network
|
- name: Set up external services network
|
||||||
docker_network:
|
docker_network:
|
||||||
name: external_services
|
name: external_services
|
||||||
|
|
||||||
- name: Service block for all services
|
- name: Deploy all services
|
||||||
|
include_tasks:
|
||||||
|
file: block.yml
|
||||||
|
vars:
|
||||||
|
service: "{{ item }}"
|
||||||
loop: "{{ services | dict2items(key_name='name', value_name='vars') }}"
|
loop: "{{ services | dict2items(key_name='name', value_name='vars') }}"
|
||||||
loop_control:
|
|
||||||
loop_var: service
|
|
||||||
when: single_service is not defined and
|
when: single_service is not defined and
|
||||||
(service.vars.disabled_in_vagrant is not defined or
|
(item.vars.disabled_in_vagrant is not defined or
|
||||||
not (service.vars.disabled_in_vagrant and vagrant))
|
not (item.vars.disabled_in_vagrant and vagrant))
|
||||||
block:
|
|
||||||
- name: Create volume folder
|
|
||||||
file:
|
|
||||||
name: "{{ service.vars.volume_folder }}"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: Upload Compose file
|
- name: Deploy single service
|
||||||
template:
|
include_tasks:
|
||||||
src: compose-files/{{ service.name }}.yml.j2
|
file: block.yml
|
||||||
dest: "{{ service.vars.volume_folder }}/docker-compose.yml"
|
vars:
|
||||||
|
service: "{{ {single_service: services[single_service]} | dict2items(key_name='name', value_name='vars') | join }}"
|
||||||
- name: Run pre-deployment tasks
|
|
||||||
include_tasks: pre_deploy/{{ service.name }}.yml
|
|
||||||
when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks
|
|
||||||
|
|
||||||
- name: Deploy Compose stack
|
|
||||||
command: docker compose up -d --remove-orphans --pull always
|
|
||||||
args:
|
|
||||||
chdir: "{{ service.vars.volume_folder }}"
|
|
||||||
|
|
||||||
- name: Run post-deployment tasks
|
|
||||||
include_tasks: post_deploy/{{ service.name }}.yml
|
|
||||||
when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks
|
|
||||||
|
|
||||||
- name: Service block for a single service
|
|
||||||
when: single_service is defined and single_service in services and
|
when: single_service is defined and single_service in services and
|
||||||
(services[single_service].disabled_in_vagrant is not defined or
|
(services[single_service].disabled_in_vagrant is not defined or
|
||||||
not (services[single_service].disabled_in_vagrant and vagrant))
|
not (services[single_service].disabled_in_vagrant and vagrant))
|
||||||
block:
|
|
||||||
- name: Create volume folder
|
|
||||||
file:
|
|
||||||
name: "{{ services[single_service].volume_folder }}"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: Upload Compose file
|
|
||||||
template:
|
|
||||||
src: compose-files/{{ single_service }}.yml.j2
|
|
||||||
dest: "{{ services[single_service].volume_folder }}/docker-compose.yml"
|
|
||||||
|
|
||||||
- name: Run pre-deployment tasks
|
|
||||||
include_tasks: pre_deploy/{{ single_service }}.yml
|
|
||||||
when: services[single_service].pre_deploy_tasks is defined and services[single_service].pre_deploy_tasks
|
|
||||||
|
|
||||||
- name: Deploy Compose stack
|
|
||||||
command: docker compose up -d --remove-orphans --pull always
|
|
||||||
args:
|
|
||||||
chdir: "{{ services[single_service].volume_folder }}"
|
|
||||||
|
|
||||||
- name: Run post-deployment tasks
|
|
||||||
include_tasks: post_deploy/{{ single_service }}.yml
|
|
||||||
when: services[single_service].post_deploy_tasks is defined and services[single_service].post_deploy_tasks
|
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
version: "3.8"
|
version: "3.8"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
prod:
|
prod-web:
|
||||||
image: docker.data.coop/data-coop-website:{{ services.data_coop_website.version }}
|
image: docker.data.coop/data-coop-website:{{ services.data_coop_website.version }}
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
|
@ -12,7 +12,7 @@ services:
|
||||||
LETSENCRYPT_HOST: "{{ services.data_coop_website.domain }},{{ services.data_coop_website.www_domain }}"
|
LETSENCRYPT_HOST: "{{ services.data_coop_website.domain }},{{ services.data_coop_website.www_domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
staging:
|
staging-web:
|
||||||
image: docker.data.coop/data-coop-website:{{ services.data_coop_website.staging_version }}
|
image: docker.data.coop/data-coop-website:{{ services.data_coop_website.staging_version }}
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
|
|
|
@ -24,7 +24,7 @@ services:
|
||||||
security_opt:
|
security_opt:
|
||||||
- apparmor:unconfined
|
- apparmor:unconfined
|
||||||
|
|
||||||
socket_proxy:
|
socket-proxy:
|
||||||
image: tecnativa/docker-socket-proxy:latest
|
image: tecnativa/docker-socket-proxy:latest
|
||||||
volumes:
|
volumes:
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||||
|
|
|
@ -6,7 +6,8 @@
|
||||||
comment: "{{ item.comment }}"
|
comment: "{{ item.comment }}"
|
||||||
password: "{{ item.password }}"
|
password: "{{ item.password }}"
|
||||||
groups: "{{ item.groups }}"
|
groups: "{{ item.groups }}"
|
||||||
update_password: "always"
|
update_password: always
|
||||||
|
shell: /bin/bash
|
||||||
loop: "{{ users | default([]) }}"
|
loop: "{{ users | default([]) }}"
|
||||||
|
|
||||||
- name: "Add ssh authorized_keys"
|
- name: "Add ssh authorized_keys"
|
||||||
|
|
Loading…
Reference in a new issue