--- - name: Ensuring microservice infrastructure hosts: webservers tasks: - name: Ensure podman is installed ansible.builtin.package: name: podman state: present become: true - name: Ensure podman-compose is installed ansible.builtin.package: name: podman-compose state: present become: true - name: Ensure git is installed ansible.builtin.package: name: git state: present become: true - name: Ensure possession of cloned repository with Compose files ansible.builtin.git: repo: senpai@sukaato.moe:repos/sukaato-compose.git # @TODO: replace with Ansible variable dest: ~/dev/sukaato-compose version: latest register: sshgit ignore_errors: true - name: Ensure possession of cloned repository with Compose files ansible.builtin.git: repo: 'https://git.sukaato.moe/' # @TODO: Finish HTTPS URI (or replace with Ansible variable) dest: ~/dev/sukaato-compose version: latest register: webgit ignore_errors: true when: sshgit is failed or sshgit is skipped - name: Ensure possession of cloned repository with Compose files ansible.builtin.git: repo: ~/repos/sukaato-compose.git dest: ~/dev/sukaato-compose version: latest register: autogit ignore_errors: true when: webgit is failed or webgit is skipped - name: Ensuring pods or containers are run block: - name: Ensuring pods or containers are run from Compose file(s) ansible.builtin.command: cmd: podman-compose up -d chdir: ~/dev/sukaato-compose register: podsup changed_when: podsup.rc != 0 rescue: - name: Ensure existence of Caddy data container volume containers.podman.podman_volume: state: present name: caddy_data - name: Ensure existence of Caddy configuration container volume containers.podman.podman_volume: state: present name: caddy_config - name: Ensure existence of Gitea data container volume containers.podman.podman_volume: state: present name: gitea_data - name: Ensure existence of directory for Caddyfile root path # @TODO: Specify ownership ansible.builtin.file: path: /srv/www/sukaato.moe state: directory mode: '0755' - name: Ensure existence of directory for Caddyfile root path ansible.builtin.file: path: ~/.config/caddy state: directory mode: '0755' - name: Ensure Caddyfile is copied into separate directory ansible.builtin.file: src: /srv/www/sukaato.moe/Caddyfile dest: ~/.config/caddy/Caddyfile mode: '0644' state: hard - name: Ensure possession of Caddy container image containers.podman.podman_image: name: caddy tag: latest - name: Ensure possession of Nextcloud container image containers.podman.podman_image: name: nextcloud/all-in-one tag: latest - name: Ensure possession of Postgres container image containers.podman.podman_image: name: postgres tag: 14.17 - name: Ensure possession of Gitea container image containers.podman.podman_image: name: gitea/gitea tag: 1.23-rootless - name: Ensure existence of shared network for Caddy reverse proxying containers.podman.podman_network: name: caddynet - name: Ensure existence of shared network for Nextcloud, Gitea et al containers.podman.podman_network: name: sharenet - name: Create secret for PostgreSQL database container containers.podman.podman_secret: # @TODO: Look into other Postgres authentication methods name: postgres_pass data: "admin" # @TODO: Replace value with Ansible variable state: present - name: Ensure containers are running with appropriate configuration containers.podman.podman_containers: containers: - name: revproxy state: started restart_policy: on-failure:5 image: caddy publish: - "80:80" - "443:443" - "443:443/udp" volumes: - "caddy_config:/config" - "caddy_data:/data" - "/srv/www/sukaato.moe:/srv/www/sukaato.moe" - "~/.config/caddy:/etc/caddy" network: - "caddynet" generate_systemd: restart_policy: always stop_timeout: 120 names: true container_prefix: pm@ - name: nextcloud-aio-mastercontainer # @TODO: fill out rest of needed attributes state: present # @TODO: Change to "started" later on restart_policy: on-failure:5 image: nextcloud/all-in-one init: true sig_proxy: false publish: - "8080:8080" volumes: - "~/.config/nextcloud:/mnt/docker-aio-config" - "/var/run/docker.sock:/var/run/docker.sock:ro" network: - "caddynet" - "sharenet" env: APACHE_PORT: 11000 APACHE_IP_BINDING: 0.0.0.0 SKIP_DOMAIN_VALIDATION: false NEXTCLOUD_DATADIR: "/mnt/datadrive/nextcloud" # @TODO: mount a ZFS-formatted volume/dataset on parent directory generate_systemd: restart_policy: always stop_timeout: 120 names: true container_prefix: pm@ # @NOTE: Below container has internal ports 3000 (web UI & HTTPS git) and 2222 (SSH git) - name: http_git # @TODO: Fill out rest of needed attributes state: present # @TODO: Change to "started" later on restart_policy: on-failure:5 image: gitea/gitea volumes: - "~/.config/gitea:/etc/gitea" - "gitea_data:/var/lib/gitea" - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro network: - "caddynet" - "sharenet" requires: - "db" # @NOTE: Postgres (below) default port is 5432 - name: db state: present restart_policy: on-failure:5 image: postgres # shm_size: 128mb # @TODO: Specify share of memory for container volumes: - "~/.config/postgres:/etc/postgresql" network: - "caddynet" - "sharenet" env: POSTGRES_USER: senpai POSTGRES_DB: mem POSTGRESS_PASSWORD_FILE: /run/secrets/postgres_pass # @TODO: Look into other Postgres authentication methods