From c2aace842bd334ef38cb62bdb83cbcaf1f1ae875 Mon Sep 17 00:00:00 2001 From: Thomas Boerger Date: Fri, 8 Sep 2017 05:42:39 +0200 Subject: [PATCH] Big restructuring based on docker-compose deployments (#25) * Dropped coverage role * Added appleboy and ssh keys * Fixed root ssh keys * Big restructuring based on docker-compose deployments --- .gitignore | 2 + ansible/group_vars/all.yml | 45 ++++++ ansible/group_vars/server.yml | 4 - ansible/host_vars/dchi.yml | 0 ansible/host_vars/dchi/drone.yml | 15 ++ ansible/host_vars/pangu.yml | 0 ansible/host_vars/pangu/drone.yml | 30 ++++ ansible/host_vars/pangu/lgtm.yml | 16 ++ ansible/host_vars/pangu/minio.yml | 15 ++ ansible/playbook.yml | 11 +- ansible/roles/base/tasks/main.yml | 4 + ansible/roles/base/tasks/ubuntu.yml | 2 + ansible/roles/blog/defaults/main.yml | 2 - ansible/roles/blog/tasks/main.yml | 21 --- ansible/roles/blog/templates/default.j2 | 0 ansible/roles/blog/templates/service.j2 | 23 --- ansible/roles/code/defaults/main.yml | 2 - ansible/roles/code/handlers/main.yml | 5 - ansible/roles/code/tasks/main.yml | 21 --- ansible/roles/code/templates/default.j2 | 0 ansible/roles/code/templates/service.j2 | 23 --- ansible/roles/coverage/defaults/main.yml | 5 - ansible/roles/coverage/handlers/main.yml | 5 - ansible/roles/coverage/tasks/main.yml | 21 --- ansible/roles/coverage/templates/default.j2 | 3 - ansible/roles/coverage/templates/service.j2 | 30 ---- ansible/roles/demo/defaults/main.yml | 3 +- ansible/roles/demo/tasks/main.yml | 32 +++- ansible/roles/demo/templates/compose.j2 | 40 +++++ ansible/roles/demo/templates/default.j2 | 3 + ansible/roles/demo/templates/service.j2 | 18 +-- ansible/roles/docker-gc/defaults/main.yml | 2 +- ansible/roles/docker-gc/tasks/main.yml | 6 + ansible/roles/docker-gc/templates/service.j2 | 1 + ansible/roles/docker/defaults/main.yml | 10 +- ansible/roles/docker/tasks/main.yml | 43 ++++- ansible/roles/docker/templates/service.j2 | 5 +- ansible/roles/docs/defaults/main.yml | 2 - ansible/roles/docs/handlers/main.yml | 5 - ansible/roles/docs/tasks/main.yml | 21 --- ansible/roles/docs/templates/default.j2 | 0 ansible/roles/docs/templates/service.j2 | 23 --- ansible/roles/downloads/defaults/main.yml | 6 + ansible/roles/downloads/tasks/main.yml | 32 +++- ansible/roles/downloads/templates/compose.j2 | 52 ++++++ ansible/roles/downloads/templates/default.j2 | 7 + ansible/roles/downloads/templates/service.j2 | 17 +- ansible/roles/drone/defaults/main.yml | 25 +-- ansible/roles/drone/handlers/main.yml | 10 +- ansible/roles/drone/tasks/agent.yml | 14 -- ansible/roles/drone/tasks/main.yml | 48 ++++-- ansible/roles/drone/tasks/server.yml | 14 -- ansible/roles/drone/templates/agent.j2 | 30 ---- ansible/roles/drone/templates/compose.j2 | 72 +++++++++ ansible/roles/drone/templates/default.j2 | 26 ++- ansible/roles/drone/templates/server.j2 | 32 ---- ansible/roles/drone/templates/service.j2 | 18 +++ ansible/roles/lgtm/defaults/main.yml | 4 +- ansible/roles/lgtm/tasks/main.yml | 32 +++- ansible/roles/lgtm/templates/compose.j2 | 34 ++++ ansible/roles/lgtm/templates/default.j2 | 4 + ansible/roles/lgtm/templates/service.j2 | 22 +-- ansible/roles/minio/defaults/main.yml | 2 - ansible/roles/minio/handlers/main.yml | 5 - ansible/roles/minio/tasks/main.yml | 21 --- ansible/roles/minio/templates/default.j2 | 0 ansible/roles/minio/templates/service.j2 | 27 ---- ansible/roles/pages/defaults/main.yml | 11 ++ .../roles/{blog => pages}/handlers/main.yml | 4 +- ansible/roles/pages/tasks/main.yml | 45 ++++++ ansible/roles/pages/templates/compose.j2 | 75 +++++++++ ansible/roles/pages/templates/default.j2 | 11 ++ ansible/roles/pages/templates/service.j2 | 18 +++ ansible/roles/root/tasks/main.yml | 16 +- ansible/roles/traefik/defaults/main.yml | 8 +- ansible/roles/traefik/tasks/main.yml | 55 +++++-- ansible/roles/traefik/templates/compose.j2 | 42 +++++ .../templates/{traefik.j2 => config.j2} | 15 +- ansible/roles/traefik/templates/default.j2 | 7 + ansible/roles/traefik/templates/service.j2 | 24 +-- ansible/roles/users/tasks/main.yml | 14 ++ ansible/roles/watchtower/defaults/main.yml | 2 - ansible/roles/watchtower/handlers/main.yml | 5 - ansible/roles/watchtower/tasks/main.yml | 21 --- ansible/roles/watchtower/templates/default.j2 | 1 - ansible/roles/watchtower/templates/service.j2 | 25 --- ansible/roles/website/defaults/main.yml | 2 - ansible/roles/website/handlers/main.yml | 5 - ansible/roles/website/tasks/main.yml | 21 --- ansible/roles/website/templates/default.j2 | 0 ansible/roles/website/templates/service.j2 | 23 --- bin/ansible | 9 +- bin/playbook | 7 + terraform/domains.tf | 152 +++++++++++++++--- terraform/variables.tf | 6 +- 95 files changed, 1057 insertions(+), 640 deletions(-) delete mode 100644 ansible/group_vars/server.yml delete mode 100644 ansible/host_vars/dchi.yml create mode 100644 ansible/host_vars/dchi/drone.yml delete mode 100644 ansible/host_vars/pangu.yml create mode 100644 ansible/host_vars/pangu/drone.yml create mode 100644 ansible/host_vars/pangu/lgtm.yml create mode 100644 ansible/host_vars/pangu/minio.yml delete mode 100644 ansible/roles/blog/defaults/main.yml delete mode 100644 ansible/roles/blog/tasks/main.yml delete mode 100644 ansible/roles/blog/templates/default.j2 delete mode 100644 ansible/roles/blog/templates/service.j2 delete mode 100644 ansible/roles/code/defaults/main.yml delete mode 100644 ansible/roles/code/handlers/main.yml delete mode 100644 ansible/roles/code/tasks/main.yml delete mode 100644 ansible/roles/code/templates/default.j2 delete mode 100644 ansible/roles/code/templates/service.j2 delete mode 100644 ansible/roles/coverage/defaults/main.yml delete mode 100644 ansible/roles/coverage/handlers/main.yml delete mode 100644 ansible/roles/coverage/tasks/main.yml delete mode 100644 ansible/roles/coverage/templates/default.j2 delete mode 100644 ansible/roles/coverage/templates/service.j2 create mode 100644 ansible/roles/demo/templates/compose.j2 delete mode 100644 ansible/roles/docs/defaults/main.yml delete mode 100644 ansible/roles/docs/handlers/main.yml delete mode 100644 ansible/roles/docs/tasks/main.yml delete mode 100644 ansible/roles/docs/templates/default.j2 delete mode 100644 ansible/roles/docs/templates/service.j2 create mode 100644 ansible/roles/downloads/templates/compose.j2 delete mode 100644 ansible/roles/drone/tasks/agent.yml delete mode 100644 ansible/roles/drone/tasks/server.yml delete mode 100644 ansible/roles/drone/templates/agent.j2 create mode 100644 ansible/roles/drone/templates/compose.j2 delete mode 100644 ansible/roles/drone/templates/server.j2 create mode 100644 ansible/roles/drone/templates/service.j2 create mode 100644 ansible/roles/lgtm/templates/compose.j2 delete mode 100644 ansible/roles/minio/defaults/main.yml delete mode 100644 ansible/roles/minio/handlers/main.yml delete mode 100644 ansible/roles/minio/tasks/main.yml delete mode 100644 ansible/roles/minio/templates/default.j2 delete mode 100644 ansible/roles/minio/templates/service.j2 create mode 100644 ansible/roles/pages/defaults/main.yml rename ansible/roles/{blog => pages}/handlers/main.yml (59%) create mode 100644 ansible/roles/pages/tasks/main.yml create mode 100644 ansible/roles/pages/templates/compose.j2 create mode 100644 ansible/roles/pages/templates/default.j2 create mode 100644 ansible/roles/pages/templates/service.j2 create mode 100644 ansible/roles/traefik/templates/compose.j2 rename ansible/roles/traefik/templates/{traefik.j2 => config.j2} (58%) delete mode 100644 ansible/roles/watchtower/defaults/main.yml delete mode 100644 ansible/roles/watchtower/handlers/main.yml delete mode 100644 ansible/roles/watchtower/tasks/main.yml delete mode 100644 ansible/roles/watchtower/templates/default.j2 delete mode 100644 ansible/roles/watchtower/templates/service.j2 delete mode 100644 ansible/roles/website/defaults/main.yml delete mode 100644 ansible/roles/website/handlers/main.yml delete mode 100644 ansible/roles/website/tasks/main.yml delete mode 100644 ansible/roles/website/templates/default.j2 delete mode 100644 ansible/roles/website/templates/service.j2 diff --git a/.gitignore b/.gitignore index 1c4aedc..0aced05 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ +.vault + playbook.retry terraform.tfstate.backup diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index d7d1235..36c446d 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -3,6 +3,17 @@ root_castles: - tboerger/homeshick-vim - tboerger/homeshick-linux +root_sshkeys: | + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCc1nE4kCs9WXEEbotF+0Rivnr/9I0fc56QLZTqIr4Rsl3iZcvVDgYJmh6rPcl9xKBptNo/jK1EJF/bm2APf6wIU5Q7tNjeIw5IMJnBRBfPdQujXumb1LZMGnQvPT/gHdpVZvPkYlKkBocOJGPG99GZL0FlXXpc4eDYrgCMfCzRFG1SbQWcUdipbJJgELmbiOy7c5eHtb9i51x7g99pC91WnpInuN4pa0AFHwDQpBhS8RSLFEAfWNNs4T3SiYiUUq0lIHBoIoTM8fTTzhshXAlGWuwsZ9c9luEAw+n4QL8oD9a2ycWTJ3JCRK3CC/+J2MqCROSL4zpVA7+PFrloScMV tboerger@gitea.io + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1vlBRSgKE2LN6Tbp5pQ4qVVOXlqUnhI4fkEJLCGAGmsQGu5usxNvp9UJq0cGt6Sq1htoDmgIjEZwCE/np8/O7ZQPyHpwOWtUlS4WWiXKW0GYaeoYsuMabMLbuV1CpSZhb93zy7ZLIKUYpP7WHyZmivDaXnYkn2IOu3fvDtTQdXbwlCer96dIQjNE/KEH4/gUXetrLMYYg26gUnSDeHaxGrLQAfA9jNG1EbXiUkx8cFmZLEREHjwkBAHcwZDkqbLvZr+ExAKIVUcSzj1ep5sOrtSpbwxRtmDscviFPruJmsx/Jjl9fMhpZq8lIQb6aQ0qq09KGv1WP4YbLGRItvq9T tboerger@gitea.io + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjASyOuvhSdzOeJCC/9crxcuztTY/AeFV7v59wQrCwozS2hPBcy5UJ4li80ly79t2D/ppCsiGDQjxCpMUKq++canqCIRZ1d6/6ylQPZIQw0rCGRHXDIKlc99i3Fz94XD85ZtFdGe2TWq1T2EEgmCRM9dGWq+f5iloRxnoSrCTXpy8JshnO5kMyQovChKzLBKdHIxddBDlEHxvWI0UcvWNuA8J2nrrOfMdMVKdPa5xeveX2V5oW3YClku7b/W6jO1rdkZ0tyl1n+wbETGmWQC+V4HE5qxK0u+Zmyz/4J+82sKQC6uEWbC9dFRslq+84rd4LyCD2467ZmzzV6HcyWJhL tboerger@gitea.io + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNxqUBNvl59j7Xkw3I1rXkiz0LWNvOK2KFFgLB4C101xv6C/UGjCJPlAWYl5lrTokICqi8fmLkVzAuhhGaPs28Eo55lARl1uZoTSuuobKaZHc/SZzIqn2NgSYV9WNzskpo8IkN2K5DWCYr73x6tskJ5BT9hcXWaPRb8s7dEPnw7NduhMroqlNBFgCwIgkYrjjNNIEZt5G5q2aYFLmIRRZ1JimuAJBlmQJCw+W049tjjNUKY4f2Fm9zIbktPZvSgT2kRvMWxUc8KR1kyzMVaDgqFJKQFjEoZ3kKTfkf3FV2O6tIZHA9fnRYABQy+7HAjRRFcVEu7usu12BKZ0QHKhWT lunny@gitea.io + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCianSaWiFmKklsBv1GlN2wLx9MTfVqjUHSKyYz54AbCBBpXzOx6mrc86DiNuYHmCGDJAHywtCEQfZQTC0gqI62bKhjtI7tVo3Pp47cpAYLX8i4DR5YOHDTZTBRrLAsoACu+Cv905LD/R7FAtR5rKDXl8706HS0ftIiB1bsOBaH2UMIKZHfKg2swR4uMRsLec8GC4lZ5G1kVbtuT9jor7lvWPABstdp7eAe7Ty6/K0HvAo9IXdPdIbKUxVAkwpYnCsh+Ri4AFwWSnDTpBp/w2v4MarhMFno3Qm+3Kqusug1V8/XxsxPD1PVPVZnRocbuocTcuB1uhyWMYh29x7hN6bp bkc-ws@gitea.io + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2Sovl8XfHqhiAo1GQpsJ/Z8YMvs+xPt1NMsHa5mqAtaMSGsaxIgfpL80+oSX7/itHZJfi7OcRz7R8LzJfy6WKMZUzSkkXXZlxYT328qlMzRPOtkyDWBgIY7ArcDkiyY2MFnbv5uIgilpRKFxFNxx7TuUucOmrB9SHTINy1rDiLHbvZTyJH83WVRo8V6+2JB1N1hyBWbsLNRL9VTAb3v1RvRaDUq92HJqLN77SrxHitst/7PnSimIdnPN04pogP8bDqD/XVL08ZAOXgIQvXqHIC6V+UebLSw18tw/Iac7rYNyYo949NnzQCZ0lB3/yi+L/3Hq9rpiDp3GmANQRRcBN bkc-work@gitea.io + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9WgmBjn7jlFzAz7QPE5p3F+wG2Dbcg616J/vQk1e0Z4hlRSejoFoA9JVV8IuKBdXYDCieqctvbd01S/5dyDOq8rIoyLa1vfYAqkztzShjZ91WAnv8JOU2o5YC1HtiSKP4ygDzTztr97L1Mv29S3RM1ZFjiNo/0gncMK2uI7z9BgzTXkHEvWPqOy+ca8f6HFVDTL5wfer1oY0gkj4fbYdHclpFrMQh0WBI/Z4YvZz7oRmJHajyRfmTu5X/iLsFk8daP+O7wJpQPwKsefczZmrHyKLC4DgrcHEBzvfyfRa/MQNdJZ+ohayomX51xpsAfBOb4AlJbM7o2SgyJcnfolK7 bkc-900@gitea.io + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRTsax/+U1Qz3GeTFEZnNQbqrX0sIqgxWDrZ/6ZRIfjZBunkredTz8PtU1hq0F9jW7R+/DWr3vK0puGucHLhn4ds3WcEOADWcMXHHP5p36EQwaXgKzbUTLAGDjBbK+J2MPlPLMd/46aNT4RKs+6ft3ZueJHrWo6qkf80PjtLr1z0U+ixEVf9kjuCED/l3ODIamajw2eoyA9qQKjishZRVTm6uac6IYUYDQlibCOxjZL52zVCFYwG6KE/3pzARBugNRljn5VPVahFlPo1NMlWXziIvmzDF5cblt7rfdeHXlx8IaO/jVW8ze1OWiiCt32hEwWZobtsNoaeEXbLaUsdzp bkc-hsm@gitea.io + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3uQtMr300gb2icmedgrYgsI/slCgS8mDkPS1G0rlEACyMund4lMo+C8vTnhfoq7CmWGFDuGXXMGcgnnhiN67EXf4xKwCiypmvV4hrisd5FDyluNvUo9wdsqcq3Nv8jNYid27uidgx2v1o4bjidV8F163M5OuQV/Ij1uYsoZ4GiZvLAq5W09twqThEcz9Us9PljQlpqMxoF68hEyL3FM7MioOPshQiENf/3yRohHTzcDYI369hjJu7OpFqp+VORDc/Lma8bOufd/jGZsOBSiV9wjwYLHUHJsSzYv2Cg+jdmUnYjfqUsabwH1bjTVtiRKiXfZMeFF8ju5d9I7ExNp4x appleboy@gitea.io + users: - name: tboerger uid: 1000 @@ -42,3 +53,37 @@ users: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2Sovl8XfHqhiAo1GQpsJ/Z8YMvs+xPt1NMsHa5mqAtaMSGsaxIgfpL80+oSX7/itHZJfi7OcRz7R8LzJfy6WKMZUzSkkXXZlxYT328qlMzRPOtkyDWBgIY7ArcDkiyY2MFnbv5uIgilpRKFxFNxx7TuUucOmrB9SHTINy1rDiLHbvZTyJH83WVRo8V6+2JB1N1hyBWbsLNRL9VTAb3v1RvRaDUq92HJqLN77SrxHitst/7PnSimIdnPN04pogP8bDqD/XVL08ZAOXgIQvXqHIC6V+UebLSw18tw/Iac7rYNyYo949NnzQCZ0lB3/yi+L/3Hq9rpiDp3GmANQRRcBN bkc-work@gitea.io ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9WgmBjn7jlFzAz7QPE5p3F+wG2Dbcg616J/vQk1e0Z4hlRSejoFoA9JVV8IuKBdXYDCieqctvbd01S/5dyDOq8rIoyLa1vfYAqkztzShjZ91WAnv8JOU2o5YC1HtiSKP4ygDzTztr97L1Mv29S3RM1ZFjiNo/0gncMK2uI7z9BgzTXkHEvWPqOy+ca8f6HFVDTL5wfer1oY0gkj4fbYdHclpFrMQh0WBI/Z4YvZz7oRmJHajyRfmTu5X/iLsFk8daP+O7wJpQPwKsefczZmrHyKLC4DgrcHEBzvfyfRa/MQNdJZ+ohayomX51xpsAfBOb4AlJbM7o2SgyJcnfolK7 bkc-900@gitea.io ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRTsax/+U1Qz3GeTFEZnNQbqrX0sIqgxWDrZ/6ZRIfjZBunkredTz8PtU1hq0F9jW7R+/DWr3vK0puGucHLhn4ds3WcEOADWcMXHHP5p36EQwaXgKzbUTLAGDjBbK+J2MPlPLMd/46aNT4RKs+6ft3ZueJHrWo6qkf80PjtLr1z0U+ixEVf9kjuCED/l3ODIamajw2eoyA9qQKjishZRVTm6uac6IYUYDQlibCOxjZL52zVCFYwG6KE/3pzARBugNRljn5VPVahFlPo1NMlWXziIvmzDF5cblt7rfdeHXlx8IaO/jVW8ze1OWiiCt32hEwWZobtsNoaeEXbLaUsdzp bkc-hsm@gitea.io + - name: appleboy + uid: 1003 + shell: /bin/bash + castles: + - tboerger/homeshick-base + - tboerger/homeshick-vim + - tboerger/homeshick-linux + groups: + - sudo + sshkeys: | + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3uQtMr300gb2icmedgrYgsI/slCgS8mDkPS1G0rlEACyMund4lMo+C8vTnhfoq7CmWGFDuGXXMGcgnnhiN67EXf4xKwCiypmvV4hrisd5FDyluNvUo9wdsqcq3Nv8jNYid27uidgx2v1o4bjidV8F163M5OuQV/Ij1uYsoZ4GiZvLAq5W09twqThEcz9Us9PljQlpqMxoF68hEyL3FM7MioOPshQiENf/3yRohHTzcDYI369hjJu7OpFqp+VORDc/Lma8bOufd/jGZsOBSiV9wjwYLHUHJsSzYv2Cg+jdmUnYjfqUsabwH1bjTVtiRKiXfZMeFF8ju5d9I7ExNp4x appleboy@gitea.io + +users_available: + - tboerger + - lunny + - bkc + - appleboy + +traefik_cloudflare_email: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 39303065666339663763306465643233633630653338616539623236386262633837343065643162 + 6533373132393566666635643466626239356165623665660a323763383661386332303737336462 + 61393866633661326263613930613632303732663735653334343664326237376465366135613764 + 3864633665336361630a346666643530623439373030643833343761353436663861396433623136 + 3937 + +traefik_cloudflare_apikey: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 61383661663033383161306536313332643663356436313137393633656631623732326261633962 + 6163623565356530343562383633633934303138303639310a356363626436393731343634346534 + 30663230343962633731323935346635656531363866626637303832616436666664356364666463 + 6533323738633463630a323064626662636166376162656630623262623639333135363731393533 + 37333739653637373130363964653336326234396161663365363437363466323464313239303934 + 3931323432373336646234663963653030623434663135383139 diff --git a/ansible/group_vars/server.yml b/ansible/group_vars/server.yml deleted file mode 100644 index 6555c40..0000000 --- a/ansible/group_vars/server.yml +++ /dev/null @@ -1,4 +0,0 @@ -users_available: - - tboerger - - lunny - - bkc diff --git a/ansible/host_vars/dchi.yml b/ansible/host_vars/dchi.yml deleted file mode 100644 index e69de29..0000000 diff --git a/ansible/host_vars/dchi/drone.yml b/ansible/host_vars/dchi/drone.yml new file mode 100644 index 0000000..1750405 --- /dev/null +++ b/ansible/host_vars/dchi/drone.yml @@ -0,0 +1,15 @@ +drone_domain: drone.try.gitea.io +drone_orgs: gitea +drone_admins: tboerger,lunny,bkcsoft,appleboy +drone_max_procs: 1 +drone_gitea: true +drone_gitea_url: https://try.gitea.io +drone_gitea_skip_verify: false + +drone_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 33396362313237376239323631386235343930613537623363613663326165373664663362323732 + 3166323537636530613634326436663539333631646636370a353466643231643366343738396239 + 30623036633535396238396539333939646366346132633834366432343230663564336232653566 + 6162663762646266390a633834316430323931313137633364393535303838643835303766613161 + 38623337323936386436646638363030356665356232336330646439653235326232 diff --git a/ansible/host_vars/pangu.yml b/ansible/host_vars/pangu.yml deleted file mode 100644 index e69de29..0000000 diff --git a/ansible/host_vars/pangu/drone.yml b/ansible/host_vars/pangu/drone.yml new file mode 100644 index 0000000..39dfe69 --- /dev/null +++ b/ansible/host_vars/pangu/drone.yml @@ -0,0 +1,30 @@ +drone_domain: drone.gitea.io +drone_orgs: go-gitea +drone_admins: tboerger,lunny,bkcsoft,appleboy +drone_max_procs: 2 +drone_github: true + +drone_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 31363030316336373437656164363162646539393137633932666230333739333036363734313237 + 6265383139366564383865366232663137343733396238390a613631623539656634336365323132 + 61643832323137656631643334636333396439343865636266633962663933313636303138333061 + 3935343561363133390a313730663934626363343431663266653862363930363866316264623666 + 61393831386436313666653838333238306431383534396663636635633731356663 + +drone_github_client: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 64343364643039386330393632353262613234383532623566623238326639353030393364626639 + 6539336263326138326136386232316530396336386363650a366165336631633964633334323731 + 32643733653662663935623432373664366336376237353734666133386637323265353332396365 + 3563623166316461330a383161656562626661636161333836323931396238656133393438353464 + 32666233646162643530623539396439363265326337353666363633383437613762 + +drone_github_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 37356261303961666132383539376162613939393936623334626366633264326437386537343432 + 6335636561613937373434316165303732616339613332300a363436616233366435313431366335 + 39343763656463636564393932623165633830386531653838613562313432393039633939663365 + 6339326134366236330a383162386462633661373334366138666131383631636661613862383131 + 31636336666231316666666161306436656431346139636563636139613664346435663763336239 + 3665393437343934613738653564343163343861376163323837 diff --git a/ansible/host_vars/pangu/lgtm.yml b/ansible/host_vars/pangu/lgtm.yml new file mode 100644 index 0000000..4daef83 --- /dev/null +++ b/ansible/host_vars/pangu/lgtm.yml @@ -0,0 +1,16 @@ +lgtm_debug: true +lgtm_client: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 37633363353037653737656536376239613033306436343032386666323166303236373864303561 + 3131663133323130616536393033316266363630306132610a396531313333303736333738656233 + 32333334343162386265653639313063373630626266356338303936626135626663623733626461 + 3164663839623731620a643330663664373737666166623431613963646666613333393961363131 + 37326632653833346438323433383766363438373864623530643430623465623665 +lgtm_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 31316534313331333337633063343639353232636161396232393762316135613463653338633766 + 6533646631303539333034313431316664393936303032320a333564353866656565633932326563 + 38633830653939666663323339313739663063303930336439306334663336363932333132353834 + 3762663238613435640a336531663965373339326264323437316663316366663738653430376634 + 66313066373134633663333066353934353833646634343233303033653238343438353536636564 + 3135663562373833376636663137623265383662343331366162 diff --git a/ansible/host_vars/pangu/minio.yml b/ansible/host_vars/pangu/minio.yml new file mode 100644 index 0000000..bb6d4c2 --- /dev/null +++ b/ansible/host_vars/pangu/minio.yml @@ -0,0 +1,15 @@ +minio_access: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 65623830663533373032613338333637633738303532376465646332656238393365306236653730 + 3863333664393966613031353030366438626135376633390a333037633838623235666666376464 + 38613662396236333435366135656231336637383436613663383739346633383263653462383433 + 6538373139363035360a613032643139376134346538376262396166383863383565613163393133 + 62313361376430356230373130633435373466386364356263653766623038383161 +minio_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 34336533656239373630333030666130316366656533643835643739303164646161356562306437 + 6137663663326635393861353662306438653234373339640a346435616239323962336362373339 + 30393562613339376235333435313433346531643934356336663732323934393161306166333431 + 3161636662353234610a666263326362346631393161363162653738313230363936383637303133 + 33623430646330353136666461383939633164616366336233343736663664633439643332306565 + 3733313933353432336162333135643863626663633135656661 diff --git a/ansible/playbook.yml b/ansible/playbook.yml index af75d23..612883e 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -12,22 +12,17 @@ - root - users - docker - - watchtower - docker-gc - traefik - hosts: dchi roles: + - drone - demo - hosts: pangu roles: - - lgtm - - coverage - drone - - minio - - website - - docs - - blog - - code + - pages - downloads + - lgtm diff --git a/ansible/roles/base/tasks/main.yml b/ansible/roles/base/tasks/main.yml index 65b82d8..ba0b249 100644 --- a/ansible/roles/base/tasks/main.yml +++ b/ansible/roles/base/tasks/main.yml @@ -1,7 +1,11 @@ - name: vars include_vars: ubuntu.yml when: ansible_distribution == 'Ubuntu' + tags: + - base - name: ubuntu include: ubuntu.yml when: ansible_distribution == 'Ubuntu' + tags: + - base diff --git a/ansible/roles/base/tasks/ubuntu.yml b/ansible/roles/base/tasks/ubuntu.yml index ecc04e3..dc34833 100644 --- a/ansible/roles/base/tasks/ubuntu.yml +++ b/ansible/roles/base/tasks/ubuntu.yml @@ -3,3 +3,5 @@ package: name: '{{ item }}' state: present + tags: + - base diff --git a/ansible/roles/blog/defaults/main.yml b/ansible/roles/blog/defaults/main.yml deleted file mode 100644 index 6258d7f..0000000 --- a/ansible/roles/blog/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -blog_domain: blog.gitea.io -blog_container: gitea/blog:latest diff --git a/ansible/roles/blog/tasks/main.yml b/ansible/roles/blog/tasks/main.yml deleted file mode 100644 index 7e6654c..0000000 --- a/ansible/roles/blog/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- name: service - notify: - - restart blog - template: - src: service.j2 - dest: /etc/systemd/system/blog.service - -- name: default - notify: - - restart blog - template: - src: default.j2 - dest: /etc/default/blog - -- name: start - systemd: - name: blog - state: started - daemon_reload: yes - masked: no - enabled: yes diff --git a/ansible/roles/blog/templates/default.j2 b/ansible/roles/blog/templates/default.j2 deleted file mode 100644 index e69de29..0000000 diff --git a/ansible/roles/blog/templates/service.j2 b/ansible/roles/blog/templates/service.j2 deleted file mode 100644 index 07f22d3..0000000 --- a/ansible/roles/blog/templates/service.j2 +++ /dev/null @@ -1,23 +0,0 @@ -[Unit] -Description=Blog - -Requires=docker.service -After=docker.service - -[Service] -Restart=always - -EnvironmentFile=/etc/default/blog -ExecStop=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker stop %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker kill %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps -a | /bin/grep %p 1> /dev/null && /usr/bin/docker rm %p || true' -ExecStartPre=/usr/bin/docker pull {{ blog_container }} - -ExecStart=/usr/bin/docker run --rm \ - --name %p \ - --hostname {{ blog_domain }} \ - --label traefik.frontend.rule=Host:{{ blog_domain }} \ - {{ blog_container }} - -[Install] -WantedBy=multi-user.target diff --git a/ansible/roles/code/defaults/main.yml b/ansible/roles/code/defaults/main.yml deleted file mode 100644 index ad24c3f..0000000 --- a/ansible/roles/code/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -code_domain: code.gitea.io -code_container: gitea/redirects:latest diff --git a/ansible/roles/code/handlers/main.yml b/ansible/roles/code/handlers/main.yml deleted file mode 100644 index 829705c..0000000 --- a/ansible/roles/code/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -- name: restart code - systemd: - name: code - state: restarted - daemon_reload: yes diff --git a/ansible/roles/code/tasks/main.yml b/ansible/roles/code/tasks/main.yml deleted file mode 100644 index 143782d..0000000 --- a/ansible/roles/code/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- name: service - notify: - - restart code - template: - src: service.j2 - dest: /etc/systemd/system/code.service - -- name: default - notify: - - restart code - template: - src: default.j2 - dest: /etc/default/code - -- name: start - systemd: - name: code - state: started - daemon_reload: yes - masked: no - enabled: yes diff --git a/ansible/roles/code/templates/default.j2 b/ansible/roles/code/templates/default.j2 deleted file mode 100644 index e69de29..0000000 diff --git a/ansible/roles/code/templates/service.j2 b/ansible/roles/code/templates/service.j2 deleted file mode 100644 index 8df77f5..0000000 --- a/ansible/roles/code/templates/service.j2 +++ /dev/null @@ -1,23 +0,0 @@ -[Unit] -Description=Code - -Requires=docker.service -After=docker.service - -[Service] -Restart=always - -EnvironmentFile=/etc/default/code -ExecStop=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker stop %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker kill %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps -a | /bin/grep %p 1> /dev/null && /usr/bin/docker rm %p || true' -ExecStartPre=/usr/bin/docker pull {{ code_container }} - -ExecStart=/usr/bin/docker run --rm \ - --name %p \ - --hostname {{ code_domain }} \ - --label traefik.frontend.rule=Host:{{ code_domain }} \ - {{ code_container }} - -[Install] -WantedBy=multi-user.target diff --git a/ansible/roles/coverage/defaults/main.yml b/ansible/roles/coverage/defaults/main.yml deleted file mode 100644 index 42da08c..0000000 --- a/ansible/roles/coverage/defaults/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -coverage_container: aircover/aircover:latest -coverage_domain: coverage.gitea.io -coverage_debug: true -coverage_teams: go-gitea -coverage_admins: tboerger,lunny,bkcsoft diff --git a/ansible/roles/coverage/handlers/main.yml b/ansible/roles/coverage/handlers/main.yml deleted file mode 100644 index e83ace7..0000000 --- a/ansible/roles/coverage/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -- name: restart coverage - systemd: - name: coverage - state: restarted - daemon_reload: yes diff --git a/ansible/roles/coverage/tasks/main.yml b/ansible/roles/coverage/tasks/main.yml deleted file mode 100644 index 00ae208..0000000 --- a/ansible/roles/coverage/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- name: service - notify: - - restart coverage - template: - src: service.j2 - dest: /etc/systemd/system/coverage.service - -- name: default - notify: - - restart coverage - template: - src: default.j2 - dest: /etc/default/coverage - -- name: start - systemd: - name: coverage - state: started - daemon_reload: yes - masked: no - enabled: yes diff --git a/ansible/roles/coverage/templates/default.j2 b/ansible/roles/coverage/templates/default.j2 deleted file mode 100644 index c2c9af0..0000000 --- a/ansible/roles/coverage/templates/default.j2 +++ /dev/null @@ -1,3 +0,0 @@ -COVERAGE_DEBUG={{ coverage_debug }} -COVERAGE_TEAMS={{ coverage_teams }} -COVERAGE_ADMINS={{ coverage_admins }} diff --git a/ansible/roles/coverage/templates/service.j2 b/ansible/roles/coverage/templates/service.j2 deleted file mode 100644 index 512b51f..0000000 --- a/ansible/roles/coverage/templates/service.j2 +++ /dev/null @@ -1,30 +0,0 @@ -[Unit] -Description=Coverage - -Requires=docker.service -After=docker.service - -[Service] -Restart=always - -EnvironmentFile=/etc/default/secrets -EnvironmentFile=/etc/default/coverage -ExecStop=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker stop %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker kill %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps -a | /bin/grep %p 1> /dev/null && /usr/bin/docker rm %p || true' -ExecStartPre=/usr/bin/docker pull {{ coverage_container }} - -ExecStart=/usr/bin/docker run --rm \ - --name %p \ - --hostname {{ coverage_domain }} \ - --label traefik.frontend.rule=Host:{{ coverage_domain }} \ - --volume /var/lib/coverage:/var/lib/aircover \ - --env GITHUB_CLIENT=${COVERAGE_GITHUB_CLIENT} \ - --env GITHUB_SECRET=${COVERAGE_GITHUB_SECRET} \ - --env TEAMS=${COVERAGE_TEAMS} \ - --env ADMINS=${COVERAGE_ADMINS} \ - --env DEBUG=${COVERAGE_DEBUG} \ - {{ coverage_container }} - -[Install] -WantedBy=multi-user.target diff --git a/ansible/roles/demo/defaults/main.yml b/ansible/roles/demo/defaults/main.yml index cea9241..d4af7d0 100644 --- a/ansible/roles/demo/defaults/main.yml +++ b/ansible/roles/demo/defaults/main.yml @@ -1,2 +1,3 @@ -demo_domain: try.gitea.io demo_container: gitea/gitea:latest +demo_domain: try.gitea.io +demo_ssh: 22 diff --git a/ansible/roles/demo/tasks/main.yml b/ansible/roles/demo/tasks/main.yml index 0edf6be..3011b63 100644 --- a/ansible/roles/demo/tasks/main.yml +++ b/ansible/roles/demo/tasks/main.yml @@ -1,16 +1,38 @@ -- name: service +- name: dirs + with_items: + - /compose/demo + file: + path: '{{ item }}' + state: directory + tags: + - demo + +- name: compose notify: - restart demo template: - src: service.j2 - dest: /etc/systemd/system/demo.service + src: compose.j2 + dest: /compose/demo/docker-compose.yml + tags: + - demo - name: default notify: - restart demo template: src: default.j2 - dest: /etc/default/demo + dest: /compose/demo/.env + tags: + - demo + +- name: service + notify: + - restart demo + template: + src: service.j2 + dest: /etc/systemd/system/demo.service + tags: + - demo - name: start systemd: @@ -19,3 +41,5 @@ daemon_reload: yes masked: no enabled: yes + tags: + - demo diff --git a/ansible/roles/demo/templates/compose.j2 b/ansible/roles/demo/templates/compose.j2 new file mode 100644 index 0000000..20fda51 --- /dev/null +++ b/ansible/roles/demo/templates/compose.j2 @@ -0,0 +1,40 @@ +version: "3" + +networks: + traefik: + external: + name: traefik_general + internal: + external: false + +volumes: + git: + driver: local + gitea: + driver: local + ssh: + driver: local + +services: + server: + image: ${DEMO_CONTAINER} + restart: always + networks: + - traefik + - internal + labels: + - traefik.docker.network=traefik_general + - traefik.port=3000 + - traefik.frontend.rule=Host:${DEMO_DOMAIN} + healthcheck: + test: ["NONE"] + interval: 30s + timeout: 10s + retries: 5 + volumes: + - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro + - git:/data/git + - gitea:/data/gitea + - ssh:/data/ssh + ports: + - ${DEMO_SSH}:22 diff --git a/ansible/roles/demo/templates/default.j2 b/ansible/roles/demo/templates/default.j2 index e69de29..590d92e 100644 --- a/ansible/roles/demo/templates/default.j2 +++ b/ansible/roles/demo/templates/default.j2 @@ -0,0 +1,3 @@ +DEMO_CONTAINER={{ demo_container }} +DEMO_DOMAIN={{ demo_domain }} +DEMO_SSH={{ demo_ssh | default(22) }} diff --git a/ansible/roles/demo/templates/service.j2 b/ansible/roles/demo/templates/service.j2 index d2c6100..aef9018 100644 --- a/ansible/roles/demo/templates/service.j2 +++ b/ansible/roles/demo/templates/service.j2 @@ -6,21 +6,13 @@ After=docker.service [Service] Restart=always +WorkingDirectory=/compose/demo -EnvironmentFile=/etc/default/demo -ExecStop=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker stop %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker kill %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps -a | /bin/grep %p 1> /dev/null && /usr/bin/docker rm %p || true' -ExecStartPre=/usr/bin/docker pull {{ demo_container }} +ExecStop=/bin/sh -c '/usr/local/bin/docker-compose kill || true' +ExecStopPost=/bin/sh -c '/usr/local/bin/docker-compose down --remove-orphans || true' -ExecStart=/usr/bin/docker run --rm \ - --name %p \ - --hostname {{ demo_domain }} \ - --label traefik.frontend.rule=Host:{{ demo_domain }} \ - --label traefik.port=3000 \ - --volume /var/lib/gitea:/data \ - --publish 22:22 \ - {{ demo_container }} +ExecStartPre=/bin/sh -c '/usr/local/bin/docker-compose pull --ignore-pull-failures || true' +ExecStart=/usr/local/bin/docker-compose up --abort-on-container-exit --remove-orphans [Install] WantedBy=multi-user.target diff --git a/ansible/roles/docker-gc/defaults/main.yml b/ansible/roles/docker-gc/defaults/main.yml index 9694fe3..596c531 100644 --- a/ansible/roles/docker-gc/defaults/main.yml +++ b/ansible/roles/docker-gc/defaults/main.yml @@ -1,2 +1,2 @@ -docker_gc_container: spotify/docker-gc +docker_gc_container: spotify/docker-gc:latest docker_gc_interval: daily diff --git a/ansible/roles/docker-gc/tasks/main.yml b/ansible/roles/docker-gc/tasks/main.yml index b44bec7..49b16ac 100644 --- a/ansible/roles/docker-gc/tasks/main.yml +++ b/ansible/roles/docker-gc/tasks/main.yml @@ -4,6 +4,8 @@ template: src: timer.j2 dest: /etc/systemd/system/docker-gc.timer + tags: + - docker-gc - name: service notify: @@ -11,6 +13,8 @@ template: src: service.j2 dest: /etc/systemd/system/docker-gc.service + tags: + - docker-gc - name: start systemd: @@ -19,3 +23,5 @@ daemon_reload: yes masked: no enabled: yes + tags: + - docker-gc diff --git a/ansible/roles/docker-gc/templates/service.j2 b/ansible/roles/docker-gc/templates/service.j2 index 8dcf606..f3345e4 100644 --- a/ansible/roles/docker-gc/templates/service.j2 +++ b/ansible/roles/docker-gc/templates/service.j2 @@ -9,4 +9,5 @@ Type=oneshot ExecStart=/usr/bin/docker run --rm \ --volume /var/run/docker.sock:/var/run/docker.sock \ + --volume /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro \ {{ docker_gc_container }} diff --git a/ansible/roles/docker/defaults/main.yml b/ansible/roles/docker/defaults/main.yml index 7517813..ee44664 100644 --- a/ansible/roles/docker/defaults/main.yml +++ b/ansible/roles/docker/defaults/main.yml @@ -1,7 +1,15 @@ +docker_deps: + - apt-transport-https + - ca-certificates + - software-properties-common + docker_packages: - - docker-engine + - docker-ce docker_services: - docker +docker_compose_url: https://github.com/docker/compose/releases/download/1.14.0/docker-compose-Linux-x86_64 +docker_compose_checksum: eda2bcd4077daacb763e0745764b9b722bcf4fc6 + docker_opts: diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index d7556aa..a662846 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -1,21 +1,43 @@ -- name: key +- name: deps + with_items: '{{ docker_deps }}' + package: + name: '{{ item }}' + state: present + tags: + - docker + +- name: key1 + apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 + state: present + tags: + - docker + +- name: key2 apt_key: keyserver: hkp://p80.pool.sks-keyservers.net:80 id: 58118E89F3A912897C070ADBF76221572C52609D state: present + tags: + - docker - name: repo apt_repository: - repo: deb https://apt.dockerproject.org/repo ubuntu-xenial main - filename: docker.list + repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable + filename: docker update_cache: yes state: present + tags: + - docker - name: install with_items: '{{ docker_packages }}' package: name: '{{ item }}' state: present + tags: + - docker - name: service notify: @@ -23,6 +45,8 @@ template: src: service.j2 dest: /etc/systemd/system/docker.service + tags: + - docker - name: default notify: @@ -30,6 +54,8 @@ template: src: default.j2 dest: /etc/default/docker + tags: + - docker - name: start with_items: '{{ docker_services }}' @@ -39,3 +65,14 @@ daemon_reload: yes masked: no enabled: yes + tags: + - docker + +- name: compose + get_url: + url: '{{ docker_compose_url }}' + dest: /usr/local/bin/docker-compose + checksum: sha1:{{ docker_compose_checksum }} + mode: u=rwx,g=rx,o=rx + tags: + - docker diff --git a/ansible/roles/docker/templates/service.j2 b/ansible/roles/docker/templates/service.j2 index b6000fb..e788056 100644 --- a/ansible/roles/docker/templates/service.j2 +++ b/ansible/roles/docker/templates/service.j2 @@ -12,10 +12,13 @@ Type=notify TimeoutStartSec=0 Delegate=yes KillMode=process -LimitNOFILE=infinity +LimitNOFILE=1048576 LimitNPROC=infinity LimitCORE=infinity TasksMax=infinity +Restart=on-failure +StartLimitBurst=3 +StartLimitInterval=60s ExecStart=/usr/bin/dockerd -H fd:// $DOCKER_OPTS ExecReload=/bin/kill -s HUP $MAINPID diff --git a/ansible/roles/docs/defaults/main.yml b/ansible/roles/docs/defaults/main.yml deleted file mode 100644 index cae73b2..0000000 --- a/ansible/roles/docs/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -docs_domain: docs.gitea.io -docs_container: gitea/docs:latest diff --git a/ansible/roles/docs/handlers/main.yml b/ansible/roles/docs/handlers/main.yml deleted file mode 100644 index 744a6ae..0000000 --- a/ansible/roles/docs/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -- name: restart docs - systemd: - name: docs - state: restarted - daemon_reload: yes diff --git a/ansible/roles/docs/tasks/main.yml b/ansible/roles/docs/tasks/main.yml deleted file mode 100644 index ba3f5d2..0000000 --- a/ansible/roles/docs/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- name: service - notify: - - restart docs - template: - src: service.j2 - dest: /etc/systemd/system/docs.service - -- name: default - notify: - - restart docs - template: - src: default.j2 - dest: /etc/default/docs - -- name: start - systemd: - name: docs - state: started - daemon_reload: yes - masked: no - enabled: yes diff --git a/ansible/roles/docs/templates/default.j2 b/ansible/roles/docs/templates/default.j2 deleted file mode 100644 index e69de29..0000000 diff --git a/ansible/roles/docs/templates/service.j2 b/ansible/roles/docs/templates/service.j2 deleted file mode 100644 index d6a888a..0000000 --- a/ansible/roles/docs/templates/service.j2 +++ /dev/null @@ -1,23 +0,0 @@ -[Unit] -Description=Docs - -Requires=docker.service -After=docker.service - -[Service] -Restart=always - -EnvironmentFile=/etc/default/docs -ExecStop=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker stop %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker kill %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps -a | /bin/grep %p 1> /dev/null && /usr/bin/docker rm %p || true' -ExecStartPre=/usr/bin/docker pull {{ docs_container }} - -ExecStart=/usr/bin/docker run --rm \ - --name %p \ - --hostname {{ docs_domain }} \ - --label traefik.frontend.rule=Host:{{ docs_domain }} \ - {{ docs_container }} - -[Install] -WantedBy=multi-user.target diff --git a/ansible/roles/downloads/defaults/main.yml b/ansible/roles/downloads/defaults/main.yml index 97c33af..a3d5660 100644 --- a/ansible/roles/downloads/defaults/main.yml +++ b/ansible/roles/downloads/defaults/main.yml @@ -1 +1,7 @@ +downloads_container: webhippie/caddy:latest downloads_domain: dl.gitea.io + +minio_container: webhippie/minio:latest +minio_domain: storage.gitea.io +minio_access: +minio_secret: diff --git a/ansible/roles/downloads/tasks/main.yml b/ansible/roles/downloads/tasks/main.yml index 25df448..aebd4df 100644 --- a/ansible/roles/downloads/tasks/main.yml +++ b/ansible/roles/downloads/tasks/main.yml @@ -1,16 +1,38 @@ -- name: service +- name: dirs + with_items: + - /compose/downloads + file: + path: '{{ item }}' + state: directory + tags: + - downloads + +- name: compose notify: - restart downloads template: - src: service.j2 - dest: /etc/systemd/system/downloads.service + src: compose.j2 + dest: /compose/downloads/docker-compose.yml + tags: + - downloads - name: default notify: - restart downloads template: src: default.j2 - dest: /etc/default/downloads + dest: /compose/downloads/.env + tags: + - downloads + +- name: service + notify: + - restart downloads + template: + src: service.j2 + dest: /etc/systemd/system/downloads.service + tags: + - downloads - name: start systemd: @@ -19,3 +41,5 @@ daemon_reload: yes masked: no enabled: yes + tags: + - downloads diff --git a/ansible/roles/downloads/templates/compose.j2 b/ansible/roles/downloads/templates/compose.j2 new file mode 100644 index 0000000..1e01209 --- /dev/null +++ b/ansible/roles/downloads/templates/compose.j2 @@ -0,0 +1,52 @@ +version: "3" + +networks: + traefik: + external: + name: traefik_general + +volumes: + server: + driver: local + +services: + server: + image: ${DOWNLOADS_CONTAINER} + restart: always + environment: + - CADDY_WEBROOT=/var/lib/minio/releases + networks: + - traefik + labels: + - traefik.docker.network=traefik_general + - traefik.port=8080 + - traefik.frontend.rule=Host:${DOWNLOADS_DOMAIN} + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8080/"] + interval: 30s + timeout: 10s + retries: 5 + volumes: + - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro + - server:/var/lib/minio + + minio: + image: ${MINIO_CONTAINER} + restart: always + environment: + - MINIO_ACCESS_KEY=${MINIO_ACCESS} + - MINIO_SECRET_KEY=${MINIO_SECRET} + networks: + - traefik + labels: + - traefik.docker.network=traefik_general + - traefik.port=9000 + - traefik.frontend.rule=Host:${MINIO_DOMAIN} + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/"] + interval: 30s + timeout: 10s + retries: 5 + volumes: + - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro + - server:/var/lib/minio diff --git a/ansible/roles/downloads/templates/default.j2 b/ansible/roles/downloads/templates/default.j2 index e69de29..6fd9b25 100644 --- a/ansible/roles/downloads/templates/default.j2 +++ b/ansible/roles/downloads/templates/default.j2 @@ -0,0 +1,7 @@ +DOWNLOADS_CONTAINER={{ downloads_container }} +DOWNLOADS_DOMAIN={{ downloads_domain }} + +MINIO_CONTAINER={{ minio_container }} +MINIO_DOMAIN={{ minio_domain }} +MINIO_ACCESS={{ minio_access }} +MINIO_SECRET={{ minio_secret }} diff --git a/ansible/roles/downloads/templates/service.j2 b/ansible/roles/downloads/templates/service.j2 index 0885d81..accbc70 100644 --- a/ansible/roles/downloads/templates/service.j2 +++ b/ansible/roles/downloads/templates/service.j2 @@ -6,20 +6,13 @@ After=docker.service [Service] Restart=always +WorkingDirectory=/compose/downloads -EnvironmentFile=/etc/default/downloads -ExecStop=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker stop %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker kill %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps -a | /bin/grep %p 1> /dev/null && /usr/bin/docker rm %p || true' -ExecStartPre=/usr/bin/docker pull abiosoft/caddy:latest +ExecStop=/bin/sh -c '/usr/local/bin/docker-compose kill || true' +ExecStopPost=/bin/sh -c '/usr/local/bin/docker-compose down --remove-orphans || true' -ExecStart=/usr/bin/docker run --rm \ - --name %p \ - --hostname {{ downloads_domain }} \ - --label traefik.frontend.rule=Host:{{ downloads_domain }} \ - --label traefik.port=2015 \ - --volume /var/lib/minio/releases:/srv \ - abiosoft/caddy:latest +ExecStartPre=/bin/sh -c '/usr/local/bin/docker-compose pull --ignore-pull-failures || true' +ExecStart=/usr/local/bin/docker-compose up --abort-on-container-exit --remove-orphans [Install] WantedBy=multi-user.target diff --git a/ansible/roles/drone/defaults/main.yml b/ansible/roles/drone/defaults/main.yml index 6d5dd94..b5ff4de 100644 --- a/ansible/roles/drone/defaults/main.yml +++ b/ansible/roles/drone/defaults/main.yml @@ -1,10 +1,17 @@ -drone_type: both -drone_container: drone/drone:0.5 -drone_domain: drone.gitea.io -drone_github: true -drone_open: true -drone_orgs: go-gitea -drone_admins: tboerger,lunny,bkcsoft +drone_server: drone/drone:0.8 +drone_agent: drone/agent:0.8 +drone_domain: drone_debug: true -drone_plugin_pull: true -drone_max_procs: 1 +drone_open: true +drone_orgs: +drone_admins: +drone_max_procs: 2 +drone_secret: + +drone_github: false +drone_github_client: +drone_github_secret: + +drone_gitea: false +drone_gitea_url: +drone_gitea_skip_verify: false diff --git a/ansible/roles/drone/handlers/main.yml b/ansible/roles/drone/handlers/main.yml index d9ae56e..6c03ca1 100644 --- a/ansible/roles/drone/handlers/main.yml +++ b/ansible/roles/drone/handlers/main.yml @@ -1,13 +1,5 @@ -- name: restart server - when: drone_type == 'server' or drone_type == 'both' +- name: restart drone systemd: name: drone state: restarted daemon_reload: yes - -- name: restart agent - when: drone_type == 'agent' or drone_type == 'both' - systemd: - name: agent - state: restarted - daemon_reload: yes diff --git a/ansible/roles/drone/tasks/agent.yml b/ansible/roles/drone/tasks/agent.yml deleted file mode 100644 index 6a6d0b2..0000000 --- a/ansible/roles/drone/tasks/agent.yml +++ /dev/null @@ -1,14 +0,0 @@ -- name: agent service - notify: - - restart agent - template: - src: agent.j2 - dest: /etc/systemd/system/agent.service - -- name: agent start - systemd: - name: agent - state: started - daemon_reload: yes - masked: no - enabled: yes diff --git a/ansible/roles/drone/tasks/main.yml b/ansible/roles/drone/tasks/main.yml index f9a2c6e..c9b0e9a 100644 --- a/ansible/roles/drone/tasks/main.yml +++ b/ansible/roles/drone/tasks/main.yml @@ -1,15 +1,45 @@ +- name: dirs + with_items: + - /compose/drone + file: + path: '{{ item }}' + state: directory + tags: + - drone + +- name: compose + notify: + - restart drone + template: + src: compose.j2 + dest: /compose/drone/docker-compose.yml + tags: + - drone + - name: default notify: - - restart agent - - restart server + - restart drone template: src: default.j2 - dest: /etc/default/drone + dest: /compose/drone/.env + tags: + - drone -- name: server - include: server.yml - when: drone_type == 'server' or drone_type == 'both' +- name: service + notify: + - restart drone + template: + src: service.j2 + dest: /etc/systemd/system/drone.service + tags: + - drone -- name: agent - include: agent.yml - when: drone_type == 'agent' or drone_type == 'both' +- name: start + systemd: + name: drone + state: started + daemon_reload: yes + masked: no + enabled: yes + tags: + - drone diff --git a/ansible/roles/drone/tasks/server.yml b/ansible/roles/drone/tasks/server.yml deleted file mode 100644 index 6dced08..0000000 --- a/ansible/roles/drone/tasks/server.yml +++ /dev/null @@ -1,14 +0,0 @@ -- name: server service - notify: - - restart server - template: - src: server.j2 - dest: /etc/systemd/system/drone.service - -- name: server start - systemd: - name: drone - state: started - daemon_reload: yes - masked: no - enabled: yes diff --git a/ansible/roles/drone/templates/agent.j2 b/ansible/roles/drone/templates/agent.j2 deleted file mode 100644 index 72d4ccf..0000000 --- a/ansible/roles/drone/templates/agent.j2 +++ /dev/null @@ -1,30 +0,0 @@ -[Unit] -Description=Agent - -Requires=docker.service -After=docker.service - -[Service] -Restart=always - -EnvironmentFile=/etc/default/secrets -EnvironmentFile=/etc/default/drone -ExecStop=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker stop %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker kill %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps -a | /bin/grep %p 1> /dev/null && /usr/bin/docker rm %p || true' -ExecStartPre=/usr/bin/docker pull {{ drone_container }} - -ExecStart=/usr/bin/docker run --rm \ - --name %p \ - --hostname %p \ - --label traefik.enable=false \ - --volume /var/run/docker.sock:/var/run/docker.sock \ - --env DRONE_DEBUG=${DRONE_DEBUG} \ - --env DRONE_SERVER=${DRONE_SERVER} \ - --env DRONE_SECRET=${DRONE_SECRET} \ - --env DRONE_PLUGIN_PULL=${DRONE_PLUGIN_PULL} \ - --env DOCKER_MAX_PROCS=${DRONE_DOCKER_MAX_PROCS} \ - {{ drone_container }} agent - -[Install] -WantedBy=multi-user.target diff --git a/ansible/roles/drone/templates/compose.j2 b/ansible/roles/drone/templates/compose.j2 new file mode 100644 index 0000000..0a02ac9 --- /dev/null +++ b/ansible/roles/drone/templates/compose.j2 @@ -0,0 +1,72 @@ +version: "3" + +networks: + traefik: + external: + name: traefik_general + internal: + external: false + +volumes: + server: + driver: local + +services: + server: + image: ${DRONE_SERVER} + restart: always + environment: + - DRONE_GITHUB=${DRONE_GITHUB} + - DRONE_GITHUB_CLIENT=${DRONE_GITHUB_CLIENT} + - DRONE_GITHUB_SECRET=${DRONE_GITHUB_SECRET} + - DRONE_GOGS=${DRONE_GITEA} + - DRONE_GOGS_URL=${DRONE_GITEA_URL} + - DRONE_GOGS_SKIP_VERIFY=${DRONE_GITEA_SKIP_VERIFY} + - DRONE_DEBUG=${DRONE_DEBUG} + - DRONE_SECRET=${DRONE_SECRET} + - DRONE_OPEN=${DRONE_OPEN} + - DRONE_ORGS=${DRONE_ORGS} + - DRONE_ADMIN=${DRONE_ADMIN} + - DRONE_HOST=https://${DRONE_DOMAIN} + - DRONE_VOLUME=/etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro + - DRONE_NETWORK=drone_internal + - DATABASE_DRIVER=sqlite3 + - DATABASE_CONFIG=/var/lib/drone/database.sqlite3 + networks: + - traefik + - internal + labels: + - traefik.docker.network=traefik_general + - traefik.port=8000 + - traefik.frontend.rule=Host:${DRONE_DOMAIN} + healthcheck: + test: ["NONE"] + interval: 30s + timeout: 10s + retries: 5 + volumes: + - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro + - server:/var/lib/drone + + agent: + image: ${DRONE_AGENT} + restart: always + environment: + - DRONE_SERVER=server:9000 + - DRONE_DEBUG=${DRONE_DEBUG} + - DRONE_SECRET=${DRONE_SECRET} + - DRONE_MAX_PROCS=${DRONE_MAX_PROCS} + networks: + - internal + depends_on: + - server + labels: + - traefik.enable=false + healthcheck: + test: ["NONE"] + interval: 30s + timeout: 10s + retries: 5 + volumes: + - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro + - /var/run/docker.sock:/var/run/docker.sock diff --git a/ansible/roles/drone/templates/default.j2 b/ansible/roles/drone/templates/default.j2 index 07a2a7e..3224aba 100644 --- a/ansible/roles/drone/templates/default.j2 +++ b/ansible/roles/drone/templates/default.j2 @@ -1,8 +1,18 @@ -DRONE_GITHUB={{ drone_github }} -DRONE_OPEN={{ drone_open }} -DRONE_ORGS={{ drone_orgs }} -DRONE_ADMIN={{ drone_admins }} -DRONE_DEBUG={{ drone_debug }} -DRONE_SERVER=wss://{{ drone_domain }}/ws/broker -DRONE_PLUGIN_PULL={{ drone_plugin_pull }} -DRONE_DOCKER_MAX_PROCS={{ drone_max_procs }} +DRONE_SERVER={{ drone_server }} +DRONE_AGENT={{ drone_agent }} +DRONE_DOMAIN={{ drone_domain }} +DRONE_SERVER_HOST=https://{{ drone_domain }} +DRONE_DEBUG={{ drone_debug | default(False) | lower }} +DRONE_SECRET={{ drone_secret }} +DRONE_OPEN={{ drone_open | default(False) | lower }} +DRONE_ORGS={{ drone_orgs | default("") }} +DRONE_ADMIN={{ drone_admins | default("") }} +DRONE_MAX_PROCS={{ drone_max_procs | default(5) }} + +DRONE_GITHUB={{ drone_github | default(False) | lower }} +DRONE_GITHUB_CLIENT={{ drone_github_client | default("") }} +DRONE_GITHUB_SECRET={{ drone_github_secret | default("") }} + +DRONE_GITEA={{ drone_gitea | default(False) | lower }} +DRONE_GITEA_URL={{ drone_gitea_url | default("") }} +DRONE_GITEA_SKIP_VERIFY={{ drone_gitea_skip_verify | default(False) | lower }} diff --git a/ansible/roles/drone/templates/server.j2 b/ansible/roles/drone/templates/server.j2 deleted file mode 100644 index d5c2e0a..0000000 --- a/ansible/roles/drone/templates/server.j2 +++ /dev/null @@ -1,32 +0,0 @@ -[Unit] -Description=Drone - -Requires=docker.service -After=docker.service - -[Service] -Restart=always - -EnvironmentFile=/etc/default/secrets -EnvironmentFile=/etc/default/drone -ExecStop=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker stop %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker kill %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps -a | /bin/grep %p 1> /dev/null && /usr/bin/docker rm %p || true' -ExecStartPre=/usr/bin/docker pull {{ drone_container }} - -ExecStart=/usr/bin/docker run --rm \ - --name %p \ - --hostname %p \ - --label traefik.frontend.rule=Host:{{ drone_domain }} \ - --volume /var/lib/drone:/var/lib/drone \ - --env DRONE_GITHUB=${DRONE_GITHUB} \ - --env DRONE_GITHUB_CLIENT=${DRONE_GITHUB_CLIENT} \ - --env DRONE_GITHUB_SECRET=${DRONE_GITHUB_SECRET} \ - --env DRONE_SECRET=${DRONE_SECRET} \ - --env DRONE_OPEN=${DRONE_OPEN} \ - --env DRONE_ORGS=${DRONE_ORGS} \ - --env DRONE_ADMIN=${DRONE_ADMIN} \ - {{ drone_container }} server - -[Install] -WantedBy=multi-user.target diff --git a/ansible/roles/drone/templates/service.j2 b/ansible/roles/drone/templates/service.j2 new file mode 100644 index 0000000..31e14a7 --- /dev/null +++ b/ansible/roles/drone/templates/service.j2 @@ -0,0 +1,18 @@ +[Unit] +Description=Drone + +Requires=docker.service +After=docker.service + +[Service] +Restart=always +WorkingDirectory=/compose/drone + +ExecStop=/bin/sh -c '/usr/local/bin/docker-compose kill || true' +ExecStopPost=/bin/sh -c '/usr/local/bin/docker-compose down --remove-orphans || true' + +ExecStartPre=/bin/sh -c '/usr/local/bin/docker-compose pull --ignore-pull-failures || true' +ExecStart=/usr/local/bin/docker-compose up --abort-on-container-exit --remove-orphans + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/lgtm/defaults/main.yml b/ansible/roles/lgtm/defaults/main.yml index a2a2162..5a3fb70 100644 --- a/ansible/roles/lgtm/defaults/main.yml +++ b/ansible/roles/lgtm/defaults/main.yml @@ -1,3 +1,5 @@ lgtm_container: gitea/lgtm:latest lgtm_domain: lgtm.gitea.io -lgtm_debug: true +lgtm_debug: false +lgtm_client: +lgtm_secret: diff --git a/ansible/roles/lgtm/tasks/main.yml b/ansible/roles/lgtm/tasks/main.yml index bc9a448..cbce52f 100644 --- a/ansible/roles/lgtm/tasks/main.yml +++ b/ansible/roles/lgtm/tasks/main.yml @@ -1,16 +1,38 @@ -- name: service +- name: dirs + with_items: + - /compose/lgtm + file: + path: '{{ item }}' + state: directory + tags: + - lgtm + +- name: compose notify: - restart lgtm template: - src: service.j2 - dest: /etc/systemd/system/lgtm.service + src: compose.j2 + dest: /compose/lgtm/docker-compose.yml + tags: + - lgtm - name: default notify: - restart lgtm template: src: default.j2 - dest: /etc/default/lgtm + dest: /compose/lgtm/.env + tags: + - lgtm + +- name: service + notify: + - restart lgtm + template: + src: service.j2 + dest: /etc/systemd/system/lgtm.service + tags: + - lgtm - name: start systemd: @@ -19,3 +41,5 @@ daemon_reload: yes masked: no enabled: yes + tags: + - lgtm diff --git a/ansible/roles/lgtm/templates/compose.j2 b/ansible/roles/lgtm/templates/compose.j2 new file mode 100644 index 0000000..74fc21d --- /dev/null +++ b/ansible/roles/lgtm/templates/compose.j2 @@ -0,0 +1,34 @@ +version: "3" + +networks: + traefik: + external: + name: traefik_general + +volumes: + server: + driver: local + +services: + server: + image: ${LGTM_CONTAINER} + restart: always + environment: + - DEBUG=${LGTM_DEBUG} + - GITHUB_CLIENT=${LGTM_CLIENT} + - GITHUB_SECRET=${LGTM_SECRET} + networks: + - traefik + labels: + - traefik.docker.network=traefik_general + - traefik.port=8000 + - traefik.frontend.rule=Host:${LGTM_DOMAIN} + healthcheck: + test: ["NONE"] + interval: 30s + timeout: 10s + retries: 5 + volumes: + - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro + - server:/var/lib/lgtm + diff --git a/ansible/roles/lgtm/templates/default.j2 b/ansible/roles/lgtm/templates/default.j2 index 999e17b..3286c9d 100644 --- a/ansible/roles/lgtm/templates/default.j2 +++ b/ansible/roles/lgtm/templates/default.j2 @@ -1 +1,5 @@ +LGTM_CONTAINER={{ lgtm_container }} +LGTM_DOMAIN={{ lgtm_domain }} LGTM_DEBUG={{ lgtm_debug }} +LGTM_CLIENT={{ lgtm_client }} +LGTM_SECRET={{ lgtm_secret }} diff --git a/ansible/roles/lgtm/templates/service.j2 b/ansible/roles/lgtm/templates/service.j2 index 3286184..1e47750 100644 --- a/ansible/roles/lgtm/templates/service.j2 +++ b/ansible/roles/lgtm/templates/service.j2 @@ -1,28 +1,18 @@ [Unit] -Description=Lgtm +Description=LGTM Requires=docker.service After=docker.service [Service] Restart=always +WorkingDirectory=/compose/lgtm -EnvironmentFile=/etc/default/secrets -EnvironmentFile=/etc/default/lgtm -ExecStop=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker stop %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker kill %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps -a | /bin/grep %p 1> /dev/null && /usr/bin/docker rm %p || true' -ExecStartPre=/usr/bin/docker pull {{ lgtm_container }} +ExecStop=/bin/sh -c '/usr/local/bin/docker-compose kill || true' +ExecStopPost=/bin/sh -c '/usr/local/bin/docker-compose down --remove-orphans || true' -ExecStart=/usr/bin/docker run --rm \ - --name %p \ - --hostname {{ lgtm_domain }} \ - --label traefik.frontend.rule=Host:{{ lgtm_domain }} \ - --volume /var/lib/lgtm:/var/lib/lgtm \ - --env GITHUB_CLIENT=${LGTM_GITHUB_CLIENT} \ - --env GITHUB_SECRET=${LGTM_GITHUB_SECRET} \ - --env DEBUG=${LGTM_DEBUG} \ - {{ lgtm_container }} +ExecStartPre=/bin/sh -c '/usr/local/bin/docker-compose pull --ignore-pull-failures || true' +ExecStart=/usr/local/bin/docker-compose up --abort-on-container-exit --remove-orphans [Install] WantedBy=multi-user.target diff --git a/ansible/roles/minio/defaults/main.yml b/ansible/roles/minio/defaults/main.yml deleted file mode 100644 index e9f2eb1..0000000 --- a/ansible/roles/minio/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -minio_container: webhippie/minio:latest -minio_domain: storage.gitea.io diff --git a/ansible/roles/minio/handlers/main.yml b/ansible/roles/minio/handlers/main.yml deleted file mode 100644 index 2bae7e1..0000000 --- a/ansible/roles/minio/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -- name: restart minio - systemd: - name: minio - state: restarted - daemon_reload: yes diff --git a/ansible/roles/minio/tasks/main.yml b/ansible/roles/minio/tasks/main.yml deleted file mode 100644 index 6ba7266..0000000 --- a/ansible/roles/minio/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- name: service - notify: - - restart minio - template: - src: service.j2 - dest: /etc/systemd/system/minio.service - -- name: default - notify: - - restart minio - template: - src: default.j2 - dest: /etc/default/minio - -- name: start - systemd: - name: minio - state: started - daemon_reload: yes - masked: no - enabled: yes diff --git a/ansible/roles/minio/templates/default.j2 b/ansible/roles/minio/templates/default.j2 deleted file mode 100644 index e69de29..0000000 diff --git a/ansible/roles/minio/templates/service.j2 b/ansible/roles/minio/templates/service.j2 deleted file mode 100644 index 468888e..0000000 --- a/ansible/roles/minio/templates/service.j2 +++ /dev/null @@ -1,27 +0,0 @@ -[Unit] -Description=Minio - -Requires=docker.service -After=docker.service - -[Service] -Restart=always - -EnvironmentFile=/etc/default/secrets -EnvironmentFile=/etc/default/minio -ExecStop=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker stop %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker kill %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps -a | /bin/grep %p 1> /dev/null && /usr/bin/docker rm %p || true' -ExecStartPre=/usr/bin/docker pull {{ minio_container }} - -ExecStart=/usr/bin/docker run --rm \ - --name %p \ - --hostname {{ minio_domain }} \ - --label traefik.frontend.rule=Host:{{ minio_domain }} \ - --volume /var/lib/minio:/var/lib/minio \ - --env MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY} \ - --env MINIO_SECRET_KEY=${MINIO_SECRET_KEY} \ - {{ minio_container }} - -[Install] -WantedBy=multi-user.target diff --git a/ansible/roles/pages/defaults/main.yml b/ansible/roles/pages/defaults/main.yml new file mode 100644 index 0000000..74ea0ab --- /dev/null +++ b/ansible/roles/pages/defaults/main.yml @@ -0,0 +1,11 @@ +pages_redirects_container: gitea/redirects:latest +pages_redirects_domain: code.gitea.io + +pages_blog_container: gitea/blog:latest +pages_blog_domain: blog.gitea.io + +pages_docs_container: gitea/docs:latest +pages_docs_domain: docs.gitea.io + +pages_website_container: gitea/website:latest +pages_website_domain: gitea.io diff --git a/ansible/roles/blog/handlers/main.yml b/ansible/roles/pages/handlers/main.yml similarity index 59% rename from ansible/roles/blog/handlers/main.yml rename to ansible/roles/pages/handlers/main.yml index bba4cb6..e1af81f 100644 --- a/ansible/roles/blog/handlers/main.yml +++ b/ansible/roles/pages/handlers/main.yml @@ -1,5 +1,5 @@ -- name: restart blog +- name: restart pages systemd: - name: blog + name: pages state: restarted daemon_reload: yes diff --git a/ansible/roles/pages/tasks/main.yml b/ansible/roles/pages/tasks/main.yml new file mode 100644 index 0000000..b7e02e9 --- /dev/null +++ b/ansible/roles/pages/tasks/main.yml @@ -0,0 +1,45 @@ +- name: dirs + with_items: + - /compose/pages + file: + path: '{{ item }}' + state: directory + tags: + - pages + +- name: compose + notify: + - restart pages + template: + src: compose.j2 + dest: /compose/pages/docker-compose.yml + tags: + - pages + +- name: default + notify: + - restart pages + template: + src: default.j2 + dest: /compose/pages/.env + tags: + - pages + +- name: service + notify: + - restart pages + template: + src: service.j2 + dest: /etc/systemd/system/pages.service + tags: + - pages + +- name: start + systemd: + name: pages + state: started + daemon_reload: yes + masked: no + enabled: yes + tags: + - pages diff --git a/ansible/roles/pages/templates/compose.j2 b/ansible/roles/pages/templates/compose.j2 new file mode 100644 index 0000000..879ba0e --- /dev/null +++ b/ansible/roles/pages/templates/compose.j2 @@ -0,0 +1,75 @@ +version: "3" + +networks: + traefik: + external: + name: traefik_general + +services: + redirects: + image: ${PAGES_REDIRECTS_CONTAINER} + restart: always + networks: + - traefik + labels: + - traefik.docker.network=traefik_general + - traefik.port=80 + - traefik.frontend.rule=Host:${PAGES_REDIRECTS_DOMAIN} + healthcheck: + test: ["NONE"] + interval: 30s + timeout: 10s + retries: 5 + volumes: + - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro + + blog: + image: ${PAGES_BLOG_CONTAINER} + restart: always + networks: + - traefik + labels: + - traefik.docker.network=traefik_general + - traefik.port=80 + - traefik.frontend.rule=Host:${PAGES_BLOG_DOMAIN} + healthcheck: + test: ["NONE"] + interval: 30s + timeout: 10s + retries: 5 + volumes: + - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro + + docs: + image: ${PAGES_DOCS_CONTAINER} + restart: always + networks: + - traefik + labels: + - traefik.docker.network=traefik_general + - traefik.port=80 + - traefik.frontend.rule=Host:${PAGES_DOCS_DOMAIN} + healthcheck: + test: ["NONE"] + interval: 30s + timeout: 10s + retries: 5 + volumes: + - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro + + website: + image: ${PAGES_WEBSITE_CONTAINER} + restart: always + networks: + - traefik + labels: + - traefik.docker.network=traefik_general + - traefik.port=80 + - traefik.frontend.rule=Host:${PAGES_WEBSITE_DOMAIN} + healthcheck: + test: ["NONE"] + interval: 30s + timeout: 10s + retries: 5 + volumes: + - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro diff --git a/ansible/roles/pages/templates/default.j2 b/ansible/roles/pages/templates/default.j2 new file mode 100644 index 0000000..cc34fad --- /dev/null +++ b/ansible/roles/pages/templates/default.j2 @@ -0,0 +1,11 @@ +PAGES_REDIRECTS_DOMAIN={{ pages_redirects_domain }} +PAGES_REDIRECTS_CONTAINER={{ pages_redirects_container }} + +PAGES_BLOG_DOMAIN={{ pages_blog_domain }} +PAGES_BLOG_CONTAINER={{ pages_blog_container }} + +PAGES_DOCS_DOMAIN={{ pages_docs_domain }} +PAGES_DOCS_CONTAINER={{ pages_docs_container }} + +PAGES_WEBSITE_DOMAIN={{ pages_website_domain }} +PAGES_WEBSITE_CONTAINER={{ pages_website_container }} diff --git a/ansible/roles/pages/templates/service.j2 b/ansible/roles/pages/templates/service.j2 new file mode 100644 index 0000000..24ed191 --- /dev/null +++ b/ansible/roles/pages/templates/service.j2 @@ -0,0 +1,18 @@ +[Unit] +Description=Pages + +Requires=docker.service +After=docker.service + +[Service] +Restart=always +WorkingDirectory=/compose/pages + +ExecStop=/bin/sh -c '/usr/local/bin/docker-compose kill || true' +ExecStopPost=/bin/sh -c '/usr/local/bin/docker-compose down --remove-orphans || true' + +ExecStartPre=/bin/sh -c '/usr/local/bin/docker-compose pull --ignore-pull-failures || true' +ExecStart=/usr/local/bin/docker-compose up --abort-on-container-exit --remove-orphans + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/root/tasks/main.yml b/ansible/roles/root/tasks/main.yml index 9aabc96..abb3047 100644 --- a/ansible/roles/root/tasks/main.yml +++ b/ansible/roles/root/tasks/main.yml @@ -4,11 +4,15 @@ package: name: '{{ item }}' state: present + tags: + - root - name: homeshick git: repo: https://github.com/andsens/homeshick.git dest: /root/.homesick/repos/homeshick + tags: + - root - name: castles with_items: '{{ root_castles }}' @@ -16,21 +20,23 @@ git: repo: https://github.com/{{ item }}.git dest: /root/.homesick/repos/{{ item | basename }} + tags: + - root - name: links with_items: '{{ root_castles }}' when: root_castles|default(None) != None command: /root/.homesick/repos/homeshick/bin/homeshick -f -b -q link {{ item | basename }} + tags: + - root - name: sshkeys when: root_sshkeys|default(None) != None authorized_key: user: root key: '{{ root_sshkeys }}' - path: /root/.ssh/instance_keys + path: /root/.ssh/authorized_keys exclusive: yes state: present - -- name: fetchkeys - when: root_sshkeys|default(None) != None - command: scw-fetch-ssh-keys --upgrade + tags: + - root diff --git a/ansible/roles/traefik/defaults/main.yml b/ansible/roles/traefik/defaults/main.yml index 3a8f7a2..30b80a0 100644 --- a/ansible/roles/traefik/defaults/main.yml +++ b/ansible/roles/traefik/defaults/main.yml @@ -1,4 +1,10 @@ -traefik_container: containous/traefik:v1.2.3 +traefik_container: containous/traefik:v1.3.7 traefik_domain: gitea.io traefik_email: info@gitea.io traefik_loglevel: INFO + +traefik_cloudflare_email: +traefik_cloudflare_apikey: + +traefik_watchtower_container: webhippie/watchtower:latest +traefik_watchtower_cleanup: true diff --git a/ansible/roles/traefik/tasks/main.yml b/ansible/roles/traefik/tasks/main.yml index da788da..e4c1ba1 100644 --- a/ansible/roles/traefik/tasks/main.yml +++ b/ansible/roles/traefik/tasks/main.yml @@ -1,15 +1,47 @@ - name: acme - file: - path: /etc/acme.json - mode: u=rw,g-rwx,o-rrwx - state: touch + copy: + content: "" + dest: /etc/acme.json + mode: u=rw,g=,o= + force: no + tags: + - traefik -- name: traefik +- name: config notify: - restart traefik template: - src: traefik.j2 + src: config.j2 dest: /etc/traefik.toml + tags: + - traefik + +- name: dirs + with_items: + - /compose/traefik + file: + path: '{{ item }}' + state: directory + tags: + - traefik + +- name: compose + notify: + - restart traefik + template: + src: compose.j2 + dest: /compose/traefik/docker-compose.yml + tags: + - traefik + +- name: default + notify: + - restart traefik + template: + src: default.j2 + dest: /compose/traefik/.env + tags: + - traefik - name: service notify: @@ -17,13 +49,8 @@ template: src: service.j2 dest: /etc/systemd/system/traefik.service - -- name: default - notify: - - restart traefik - template: - src: default.j2 - dest: /etc/default/traefik + tags: + - traefik - name: start systemd: @@ -32,3 +59,5 @@ daemon_reload: yes masked: no enabled: yes + tags: + - traefik diff --git a/ansible/roles/traefik/templates/compose.j2 b/ansible/roles/traefik/templates/compose.j2 new file mode 100644 index 0000000..e56da95 --- /dev/null +++ b/ansible/roles/traefik/templates/compose.j2 @@ -0,0 +1,42 @@ +version: "3" + +networks: + general: + driver: bridge + +services: + server: + image: ${TRAEFIK_CONTAINER} + restart: always + command: -c /etc/traefik.toml + environment: + - CLOUDFLARE_EMAIL=${TRAEFIK_CLOUDFLARE_EMAIL} + - CLOUDFLARE_API_KEY=${TRAEFIK_CLOUDFLARE_APIKEY} + ports: + - 80:80 + - 443:443 + networks: + - general + labels: + - traefik.enable=false + healthcheck: + test: ["NONE"] + interval: 30s + timeout: 10s + retries: 5 + volumes: + - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro + - /var/run/docker.sock:/var/run/docker.sock + - /etc/acme.json:/etc/acme.json + - /etc/traefik.toml:/etc/traefik.toml + + watchtower: + image: ${TRAEFIK_WATCHTOWER_CONTAINER} + restart: always + environment: + - WATCHTOWER_CLEANUP=${TRAEFIK_WATCHTOWER_CLEANUP} + labels: + - traefik.enable=false + volumes: + - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro + - /var/run/docker.sock:/var/run/docker.sock diff --git a/ansible/roles/traefik/templates/traefik.j2 b/ansible/roles/traefik/templates/config.j2 similarity index 58% rename from ansible/roles/traefik/templates/traefik.j2 rename to ansible/roles/traefik/templates/config.j2 index 16c202e..c029a9b 100644 --- a/ansible/roles/traefik/templates/traefik.j2 +++ b/ansible/roles/traefik/templates/config.j2 @@ -11,12 +11,13 @@ logLevel = "{{ traefik_loglevel }}" [entryPoints.https.tls] [acme] -email = "{{ traefik_email }}" -storage = "/etc/acme.json" -entryPoint = "https" -onDemand = true -dnsProvider = "cloudflare" + email = "{{ traefik_email }}" + storage = "/etc/acme.json" + entryPoint = "https" + onDemand = true + dnsProvider = "cloudflare" + acmeLogging = true [docker] -domain = "{{ traefik_domain }}" -watch = true + domain = "{{ traefik_domain }}" + watch = true diff --git a/ansible/roles/traefik/templates/default.j2 b/ansible/roles/traefik/templates/default.j2 index e69de29..03dfcf5 100644 --- a/ansible/roles/traefik/templates/default.j2 +++ b/ansible/roles/traefik/templates/default.j2 @@ -0,0 +1,7 @@ +TRAEFIK_CONTAINER={{ traefik_container }} + +TRAEFIK_CLOUDFLARE_EMAIL={{ traefik_cloudflare_email }} +TRAEFIK_CLOUDFLARE_APIKEY={{ traefik_cloudflare_apikey }} + +TRAEFIK_WATCHTOWER_CONTAINER={{ traefik_watchtower_container }} +TRAEFIK_WATCHTOWER_CLEANUP={{ traefik_watchtower_cleanup | default(False) | lower }} diff --git a/ansible/roles/traefik/templates/service.j2 b/ansible/roles/traefik/templates/service.j2 index cf708c2..687ba8d 100644 --- a/ansible/roles/traefik/templates/service.j2 +++ b/ansible/roles/traefik/templates/service.j2 @@ -6,26 +6,14 @@ After=docker.service [Service] Restart=always +WorkingDirectory=/compose/traefik +TimeoutStartSec=300 -EnvironmentFile=/etc/default/secrets -EnvironmentFile=/etc/default/traefik -ExecStop=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker stop %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker kill %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps -a | /bin/grep %p 1> /dev/null && /usr/bin/docker rm %p || true' -ExecStartPre=/usr/bin/docker pull {{ traefik_container }} +ExecStop=/bin/sh -c '/usr/local/bin/docker-compose kill || true' +ExecStopPost=/bin/sh -c '/usr/local/bin/docker-compose down --remove-orphans || true' -ExecStart=/usr/bin/docker run --rm \ - --name %p \ - --hostname {{ traefik_domain }} \ - --label traefik.enable=false \ - --volume /etc/acme.json:/etc/acme.json \ - --volume /etc/traefik.toml:/etc/traefik.toml \ - --volume /var/run/docker.sock:/var/run/docker.sock \ - --env CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL} \ - --env CLOUDFLARE_API_KEY=${CLOUDFLARE_API_KEY} \ - --publish 443:443 \ - --publish 80:80 \ - {{ traefik_container }} -c /etc/traefik.toml +ExecStartPre=/bin/sh -c '/usr/local/bin/docker-compose pull --ignore-pull-failures || true' +ExecStart=/usr/local/bin/docker-compose up --abort-on-container-exit --remove-orphans [Install] WantedBy=multi-user.target diff --git a/ansible/roles/users/tasks/main.yml b/ansible/roles/users/tasks/main.yml index 847f7ac..bccbe27 100644 --- a/ansible/roles/users/tasks/main.yml +++ b/ansible/roles/users/tasks/main.yml @@ -4,6 +4,8 @@ package: name: '{{ item }}' state: present + tags: + - users - name: group with_items: '{{ users }}' @@ -12,6 +14,8 @@ name: '{{ item.name }}' gid: '{{ item.uid }}' state: present + tags: + - users - name: create with_items: '{{ users }}' @@ -26,6 +30,8 @@ append: yes createhome: yes state: present + tags: + - users - name: homeshick with_items: '{{ users }}' @@ -35,6 +41,8 @@ git: repo: https://github.com/andsens/homeshick.git dest: /home/{{ item.name }}/.homesick/repos/homeshick + tags: + - users - name: castles with_subelements: ['{{ users }}', castles] @@ -44,6 +52,8 @@ git: repo: https://github.com/{{ item.1 }}.git dest: /home/{{ item.0.name }}/.homesick/repos/{{ item.1 | basename }} + tags: + - users - name: links with_subelements: ['{{ users }}', castles] @@ -51,6 +61,8 @@ become: yes become_user: '{{ item.0.name }}' command: /home/{{ item.0.name }}/.homesick/repos/homeshick/bin/homeshick -f -b -q link {{ item.1 | basename }} + tags: + - users - name: sshkeys with_items: '{{ users }}' @@ -60,3 +72,5 @@ key: '{{ item.sshkeys }}' exclusive: yes state: present + tags: + - users diff --git a/ansible/roles/watchtower/defaults/main.yml b/ansible/roles/watchtower/defaults/main.yml deleted file mode 100644 index 4bce99f..0000000 --- a/ansible/roles/watchtower/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -watchtower_container: webhippie/watchtower:latest -watchtower_cleanup: true diff --git a/ansible/roles/watchtower/handlers/main.yml b/ansible/roles/watchtower/handlers/main.yml deleted file mode 100644 index 8e15069..0000000 --- a/ansible/roles/watchtower/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -- name: restart watchtower - systemd: - name: watchtower - state: restarted - daemon_reload: yes diff --git a/ansible/roles/watchtower/tasks/main.yml b/ansible/roles/watchtower/tasks/main.yml deleted file mode 100644 index c1d61f0..0000000 --- a/ansible/roles/watchtower/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- name: service - notify: - - restart watchtower - template: - src: service.j2 - dest: /etc/systemd/system/watchtower.service - -- name: default - notify: - - restart watchtower - template: - src: default.j2 - dest: /etc/default/watchtower - -- name: start - systemd: - name: watchtower - state: started - daemon_reload: yes - masked: no - enabled: yes diff --git a/ansible/roles/watchtower/templates/default.j2 b/ansible/roles/watchtower/templates/default.j2 deleted file mode 100644 index c0d965e..0000000 --- a/ansible/roles/watchtower/templates/default.j2 +++ /dev/null @@ -1 +0,0 @@ -WATCHTOWER_CLEANUP={{ watchtower_cleanup }} diff --git a/ansible/roles/watchtower/templates/service.j2 b/ansible/roles/watchtower/templates/service.j2 deleted file mode 100644 index f26f775..0000000 --- a/ansible/roles/watchtower/templates/service.j2 +++ /dev/null @@ -1,25 +0,0 @@ -[Unit] -Description=Watchtower - -Requires=docker.service -After=docker.service - -[Service] -Restart=always - -EnvironmentFile=/etc/default/watchtower -ExecStop=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker stop %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker kill %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps -a | /bin/grep %p 1> /dev/null && /usr/bin/docker rm %p || true' -ExecStartPre=/usr/bin/docker pull {{ watchtower_container }} - -ExecStart=/usr/bin/docker run --rm \ - --name %p \ - --hostname %p \ - --label traefik.enable=false \ - --volume /var/run/docker.sock:/var/run/docker.sock \ - --env WATCHTOWER_CLEANUP=${WATCHTOWER_CLEANUP} \ - {{ watchtower_container }} - -[Install] -WantedBy=multi-user.target diff --git a/ansible/roles/website/defaults/main.yml b/ansible/roles/website/defaults/main.yml deleted file mode 100644 index 2e2ddb6..0000000 --- a/ansible/roles/website/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -website_domain: gitea.io -website_container: gitea/website:latest diff --git a/ansible/roles/website/handlers/main.yml b/ansible/roles/website/handlers/main.yml deleted file mode 100644 index eefb1e0..0000000 --- a/ansible/roles/website/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -- name: restart website - systemd: - name: website - state: restarted - daemon_reload: yes diff --git a/ansible/roles/website/tasks/main.yml b/ansible/roles/website/tasks/main.yml deleted file mode 100644 index 2f84761..0000000 --- a/ansible/roles/website/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- name: service - notify: - - restart website - template: - src: service.j2 - dest: /etc/systemd/system/website.service - -- name: default - notify: - - restart website - template: - src: default.j2 - dest: /etc/default/website - -- name: start - systemd: - name: website - state: started - daemon_reload: yes - masked: no - enabled: yes diff --git a/ansible/roles/website/templates/default.j2 b/ansible/roles/website/templates/default.j2 deleted file mode 100644 index e69de29..0000000 diff --git a/ansible/roles/website/templates/service.j2 b/ansible/roles/website/templates/service.j2 deleted file mode 100644 index 1bdfb05..0000000 --- a/ansible/roles/website/templates/service.j2 +++ /dev/null @@ -1,23 +0,0 @@ -[Unit] -Description=Website - -Requires=docker.service -After=docker.service - -[Service] -Restart=always - -EnvironmentFile=/etc/default/website -ExecStop=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker stop %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps | /bin/grep %p 1> /dev/null && /usr/bin/docker kill %p || true' -ExecStartPre=/bin/sh -c '/usr/bin/docker ps -a | /bin/grep %p 1> /dev/null && /usr/bin/docker rm %p || true' -ExecStartPre=/usr/bin/docker pull {{ website_container }} - -ExecStart=/usr/bin/docker run --rm \ - --name %p \ - --hostname {{ website_domain }} \ - --label traefik.frontend.rule=Host:{{ website_domain }} \ - {{ website_container }} - -[Install] -WantedBy=multi-user.target diff --git a/bin/ansible b/bin/ansible index fe7f90d..1c6adbe 100755 --- a/bin/ansible +++ b/bin/ansible @@ -14,5 +14,12 @@ then exit 1 fi +if ! test -f ${ROOT}/.vault +then + echo "Failed to find .vault file!" + exit 1 +fi + exec ansible \ - --inventory-file=${ROOT}/ansible/hosts.ini $@ + --vault-password-file=${ROOT}/.vault \ + --inventory-file=${ROOT}/ansible/hosts.ini $@ diff --git a/bin/playbook b/bin/playbook index 56b655a..f84ddec 100755 --- a/bin/playbook +++ b/bin/playbook @@ -14,6 +14,13 @@ then exit 1 fi +if ! test -f ${ROOT}/.vault +then + echo "Failed to find .vault file!" + exit 1 +fi + exec ansible-playbook \ + --vault-password-file=${ROOT}/.vault \ --inventory-file=${ROOT}/ansible/hosts.ini \ ${ROOT}/ansible/playbook.yml $@ diff --git a/terraform/domains.tf b/terraform/domains.tf index ec3f7d5..1f11866 100644 --- a/terraform/domains.tf +++ b/terraform/domains.tf @@ -1,12 +1,119 @@ -resource "cloudflare_record" "mx" { +resource "cloudflare_record" "mx1" { domain = "${var.cloudflare_domain}" name = "@" - value = "${var.mail_domain}" + value = "mx.zoho.com" type = "MX" priority = 10 proxied = false } +resource "cloudflare_record" "mx2" { + domain = "${var.cloudflare_domain}" + name = "@" + value = "mx2.zoho.com" + type = "MX" + priority = 20 + proxied = false +} + +resource "cloudflare_record" "mx3" { + domain = "${var.cloudflare_domain}" + name = "mailgun" + value = "mxa.mailgun.org" + type = "MX" + priority = 10 + proxied = false +} + +resource "cloudflare_record" "mx4" { + domain = "${var.cloudflare_domain}" + name = "mailgun" + value = "mxb.mailgun.org" + type = "MX" + priority = 10 + proxied = false +} + +resource "cloudflare_record" "spf1" { + domain = "${var.cloudflare_domain}" + name = "zoho" + value = "v=spf1 mx include:zoho.com ~all" + type = "SPF" + proxied = false +} + +resource "cloudflare_record" "txt1" { + domain = "${var.cloudflare_domain}" + name = "_acme-challenge.coverage" + value = "OPuLFURRN5kvhFzJBMCY9AMY6DThIi7YonbaheKguGc" + type = "TXT" + proxied = false +} + +resource "cloudflare_record" "txt2" { + domain = "${var.cloudflare_domain}" + name = "@" + value = "v=spf1 include:zoho.com ~all" + type = "TXT" + proxied = false +} + +resource "cloudflare_record" "txt3" { + domain = "${var.cloudflare_domain}" + name = "k1._domainkey.mailgun" + value = "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUz1pPYWPp2BPsov+ds4O1PVe2FaptKqPaxXqwk/BDv8xeWf9FnMmt2+m+cODM8jr+c9pZeSmkhXkX/VVbIaaZE3ilpJymn+cHmHRXhGWhjB9eMw4Md6DswQtzu55U8m6PUaP7q2e2LZaMW6NafXsCsjj2RrGRedgFIOtw02E6RQIDAQAB" + type = "TXT" + proxied = false +} + +resource "cloudflare_record" "txt4" { + domain = "${var.cloudflare_domain}" + name = "mailgun" + value = "v=spf1 include:mailgun.org ~all" + type = "TXT" + proxied = false +} + +resource "cloudflare_record" "txt5" { + domain = "${var.cloudflare_domain}" + name = "zoho._domainkey" + value = "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdlMfEWjnNTTEnlfrCUmdXDYehLExTJWTJFPv8VileUh9RBCXoHAeUOasCxD4xJq6iEd/mVoaV0ojTppYnf4++G3UJRYUIRrlLDnVD6vQfAQegIT9wVyANj98kFxi5ptJLZNqFSfWz1+/E4M/ekp+A1Rynh9rrW+rvC5yLstudYwIDAQAB" + type = "TXT" + proxied = false +} + +resource "cloudflare_record" "discourse" { + domain = "${var.cloudflare_domain}" + name = "discourse" + value = "gitea.hosted-by-discourse.com" + type = "CNAME" + proxied = false +} + +resource "cloudflare_record" "mailgun" { + domain = "${var.cloudflare_domain}" + name = "email.mailgun" + value = "mailgun.org" + type = "CNAME" + proxied = false +} + +resource "cloudflare_record" "status" { + domain = "${var.cloudflare_domain}" + name = "status" + value = "stats.uptimerobot.com" + type = "CNAME" + proxied = false +} + +resource "cloudflare_record" "zoho" { + domain = "${var.cloudflare_domain}" + name = "zb14818752" + value = "zmverify.zoho.com" + type = "CNAME" + proxied = false +} + resource "cloudflare_record" "gitea" { domain = "${var.cloudflare_domain}" name = "@" @@ -23,14 +130,22 @@ resource "cloudflare_record" "blog" { proxied = true } -resource "cloudflare_record" "docs" { +resource "cloudflare_record" "code" { domain = "${var.cloudflare_domain}" - name = "docs" + name = "code" value = "${lookup(var.server_names, 0)}.${var.cloudflare_domain}" type = "CNAME" proxied = true } +resource "cloudflare_record" "coverage" { + domain = "${var.cloudflare_domain}" + name = "coverage" + value = "${lookup(var.server_names, 0)}.${var.cloudflare_domain}" + type = "CNAME" + proxied = false +} + resource "cloudflare_record" "dl" { domain = "${var.cloudflare_domain}" name = "dl" @@ -39,17 +154,17 @@ resource "cloudflare_record" "dl" { proxied = true } -resource "cloudflare_record" "code" { +resource "cloudflare_record" "docs" { domain = "${var.cloudflare_domain}" - name = "code" + name = "docs" value = "${lookup(var.server_names, 0)}.${var.cloudflare_domain}" type = "CNAME" proxied = true } -resource "cloudflare_record" "storage" { +resource "cloudflare_record" "drone" { domain = "${var.cloudflare_domain}" - name = "storage" + name = "drone" value = "${lookup(var.server_names, 0)}.${var.cloudflare_domain}" type = "CNAME" proxied = false @@ -63,17 +178,9 @@ resource "cloudflare_record" "lgtm" { proxied = false } -resource "cloudflare_record" "coverage" { +resource "cloudflare_record" "storage" { domain = "${var.cloudflare_domain}" - name = "coverage" - value = "${lookup(var.server_names, 0)}.${var.cloudflare_domain}" - type = "CNAME" - proxied = false -} - -resource "cloudflare_record" "drone" { - domain = "${var.cloudflare_domain}" - name = "drone" + name = "storage" value = "${lookup(var.server_names, 0)}.${var.cloudflare_domain}" type = "CNAME" proxied = false @@ -88,3 +195,12 @@ resource "cloudflare_record" "try" { depends_on = ["digitalocean_droplet.demo"] } +resource "cloudflare_record" "try-drone" { + domain = "${var.cloudflare_domain}" + name = "drone.try" + value = "${lookup(var.demo_names, 0)}.${var.cloudflare_domain}" + type = "CNAME" + proxied = false + depends_on = ["digitalocean_droplet.demo"] +} + diff --git a/terraform/variables.tf b/terraform/variables.tf index 493ef13..aeaf953 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -15,11 +15,6 @@ variable "cloudflare_domain" { default = "gitea.io" } -variable "mail_domain" { - type = "string" - default = "mx.ym.163.com" -} - variable "demo_count" { type = "string" default = "1" @@ -105,6 +100,7 @@ variable "ssh_keys" { "bkc2" = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2Sovl8XfHqhiAo1GQpsJ/Z8YMvs+xPt1NMsHa5mqAtaMSGsaxIgfpL80+oSX7/itHZJfi7OcRz7R8LzJfy6WKMZUzSkkXXZlxYT328qlMzRPOtkyDWBgIY7ArcDkiyY2MFnbv5uIgilpRKFxFNxx7TuUucOmrB9SHTINy1rDiLHbvZTyJH83WVRo8V6+2JB1N1hyBWbsLNRL9VTAb3v1RvRaDUq92HJqLN77SrxHitst/7PnSimIdnPN04pogP8bDqD/XVL08ZAOXgIQvXqHIC6V+UebLSw18tw/Iac7rYNyYo949NnzQCZ0lB3/yi+L/3Hq9rpiDp3GmANQRRcBN bkc@gitea.io" "bkc3" = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9WgmBjn7jlFzAz7QPE5p3F+wG2Dbcg616J/vQk1e0Z4hlRSejoFoA9JVV8IuKBdXYDCieqctvbd01S/5dyDOq8rIoyLa1vfYAqkztzShjZ91WAnv8JOU2o5YC1HtiSKP4ygDzTztr97L1Mv29S3RM1ZFjiNo/0gncMK2uI7z9BgzTXkHEvWPqOy+ca8f6HFVDTL5wfer1oY0gkj4fbYdHclpFrMQh0WBI/Z4YvZz7oRmJHajyRfmTu5X/iLsFk8daP+O7wJpQPwKsefczZmrHyKLC4DgrcHEBzvfyfRa/MQNdJZ+ohayomX51xpsAfBOb4AlJbM7o2SgyJcnfolK7 bkc@gitea.io" "lunny1" = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNxqUBNvl59j7Xkw3I1rXkiz0LWNvOK2KFFgLB4C101xv6C/UGjCJPlAWYl5lrTokICqi8fmLkVzAuhhGaPs28Eo55lARl1uZoTSuuobKaZHc/SZzIqn2NgSYV9WNzskpo8IkN2K5DWCYr73x6tskJ5BT9hcXWaPRb8s7dEPnw7NduhMroqlNBFgCwIgkYrjjNNIEZt5G5q2aYFLmIRRZ1JimuAJBlmQJCw+W049tjjNUKY4f2Fm9zIbktPZvSgT2kRvMWxUc8KR1kyzMVaDgqFJKQFjEoZ3kKTfkf3FV2O6tIZHA9fnRYABQy+7HAjRRFcVEu7usu12BKZ0QHKhWT lunny@gitea.io" + "appleboy1" = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3uQtMr300gb2icmedgrYgsI/slCgS8mDkPS1G0rlEACyMund4lMo+C8vTnhfoq7CmWGFDuGXXMGcgnnhiN67EXf4xKwCiypmvV4hrisd5FDyluNvUo9wdsqcq3Nv8jNYid27uidgx2v1o4bjidV8F163M5OuQV/Ij1uYsoZ4GiZvLAq5W09twqThEcz9Us9PljQlpqMxoF68hEyL3FM7MioOPshQiENf/3yRohHTzcDYI369hjJu7OpFqp+VORDc/Lma8bOufd/jGZsOBSiV9wjwYLHUHJsSzYv2Cg+jdmUnYjfqUsabwH1bjTVtiRKiXfZMeFF8ju5d9I7ExNp4x appleboy@gitea.io" } }