220 lines
8.8 KiB
YAML
220 lines
8.8 KiB
YAML
---
|
|
- name: Ensuring microservice infrastructure
|
|
hosts: webservers
|
|
tasks:
|
|
- name: Ensure podman is installed
|
|
ansible.builtin.package:
|
|
name: podman
|
|
state: present
|
|
become: true
|
|
- name: Ensure podman-compose is installed
|
|
ansible.builtin.package:
|
|
name: podman-compose
|
|
state: present
|
|
become: true
|
|
- name: Ensure git is installed
|
|
ansible.builtin.package:
|
|
name: git
|
|
state: present
|
|
become: true
|
|
- name: Ensure possession of cloned repository with Compose files
|
|
ansible.builtin.git:
|
|
repo: "{{ lookup('ansible.builtin.env', 'ANSIBLE_CENG_SSH_REPO', default='senpai@sukaato.moe:repos/sukaato-compose.git') }}"
|
|
dest: ~/dev/sukaato-compose
|
|
version: latest
|
|
register: sshgit
|
|
ignore_errors: true
|
|
- name: Ensure possession of cloned repository with Compose files
|
|
ansible.builtin.git:
|
|
repo: "{{ lookup('ansible.builtin.env', 'ANSIBLE_CENG_HTTPS_REPO', default='https://git.sukaato.moe/') }}" # @TODO: Finish HTTPS URI
|
|
dest: ~/dev/sukaato-compose
|
|
version: latest
|
|
register: webgit
|
|
ignore_errors: true
|
|
when: sshgit is failed or sshgit is skipped
|
|
- name: Ensure possession of cloned repository with Compose files
|
|
ansible.builtin.git:
|
|
repo: ~/repos/sukaato-compose.git
|
|
dest: ~/dev/sukaato-compose
|
|
version: latest
|
|
register: autogit
|
|
ignore_errors: true
|
|
when: webgit is failed or webgit is skipped
|
|
- name: Ensuring pods or containers are run
|
|
block:
|
|
- name: Ensuring pods or containers are run from Compose file(s)
|
|
ansible.builtin.command:
|
|
cmd: podman-compose up -d
|
|
chdir: ~/dev/sukaato-compose
|
|
register: podsup
|
|
changed_when: podsup.rc != 0
|
|
rescue:
|
|
- name: Ensure existence of Caddy data container volume
|
|
containers.podman.podman_volume:
|
|
state: present
|
|
name: caddy_data
|
|
- name: Ensure existence of Caddy configuration container volume
|
|
containers.podman.podman_volume:
|
|
state: present
|
|
name: caddy_config
|
|
- name: Ensure existence of Gitea data container volume
|
|
containers.podman.podman_volume:
|
|
state: present
|
|
name: gitea_data
|
|
- name: Ensure existence of directory for Caddyfile root path # @TODO: Specify ownership
|
|
ansible.builtin.file:
|
|
path: /srv/www/sukaato.moe
|
|
state: directory
|
|
mode: '0755'
|
|
- name: Ensure existence of directory for Caddyfile root path
|
|
ansible.builtin.file:
|
|
path: ~/.config/caddy
|
|
state: directory
|
|
mode: '0755'
|
|
- name: Ensure Caddyfile is copied into separate directory
|
|
ansible.builtin.file:
|
|
src: /srv/www/sukaato.moe/Caddyfile
|
|
dest: ~/.config/caddy/Caddyfile
|
|
mode: '0644'
|
|
state: hard
|
|
- name: Ensure possession of Caddy container image
|
|
containers.podman.podman_image:
|
|
name: caddy
|
|
tag: latest
|
|
- name: Ensure possession of Nextcloud container image
|
|
containers.podman.podman_image:
|
|
name: nextcloud/all-in-one
|
|
tag: latest
|
|
- name: Ensure possession of Postgres container image
|
|
containers.podman.podman_image:
|
|
name: postgres
|
|
tag: 14.17
|
|
- name: Ensure possession of Gitea container image
|
|
containers.podman.podman_image:
|
|
name: gitea/gitea
|
|
tag: 1.23-rootless
|
|
- name: Ensure possession of Shlink container image
|
|
containers.podman.podman_image:
|
|
name: shlinkio/shlink
|
|
tag: stable
|
|
- name: Ensure existence of shared network for Caddy reverse proxying
|
|
containers.podman.podman_network:
|
|
name: caddynet
|
|
- name: Ensure existence of shared network for Nextcloud, Gitea et al
|
|
containers.podman.podman_network:
|
|
name: sharenet
|
|
- name: Create secret for PostgreSQL database container
|
|
containers.podman.podman_secret: # @TODO: Look into other Postgres authentication methods
|
|
name: postgres_pass
|
|
data: "{{ lookup('ansible.builtin.env', 'ANSIBLE_POSTGRES_PASSWORD', default='administrator') }}"
|
|
state: present
|
|
- name: Ensure containers are running with appropriate configuration
|
|
containers.podman.podman_containers:
|
|
containers:
|
|
- name: revproxy
|
|
state: started
|
|
restart_policy: on-failure:5
|
|
image: caddy
|
|
publish:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "443:443/udp"
|
|
volumes:
|
|
- "caddy_config:/config"
|
|
- "caddy_data:/data"
|
|
- "/srv/www/sukaato.moe:/srv/www/sukaato.moe"
|
|
- "~/.config/caddy:/etc/caddy"
|
|
network:
|
|
- "caddynet"
|
|
generate_systemd:
|
|
restart_policy: always
|
|
stop_timeout: 120
|
|
names: true
|
|
container_prefix: pm@
|
|
# requires:
|
|
# - "db"
|
|
- name: nextcloud-aio-mastercontainer
|
|
state: started
|
|
restart_policy: on-failure:5
|
|
image: nextcloud/all-in-one
|
|
init: true
|
|
sig_proxy: false
|
|
publish:
|
|
- "8080:8080"
|
|
volumes:
|
|
- "~/.config/nextcloud:/mnt/docker-aio-config"
|
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
network:
|
|
- "caddynet"
|
|
- "sharenet"
|
|
env:
|
|
APACHE_PORT: 11000
|
|
APACHE_IP_BINDING: 0.0.0.0
|
|
SKIP_DOMAIN_VALIDATION: false
|
|
NEXTCLOUD_DATADIR: "/mnt/datadrive/nextcloud" # @TODO: mount a ZFS-formatted volume/dataset on parent directory
|
|
generate_systemd:
|
|
restart_policy: always
|
|
stop_timeout: 120
|
|
names: true
|
|
container_prefix: pm@
|
|
requires:
|
|
- "revproxy"
|
|
# @NOTE: Below container has internal ports 3000 (web UI & HTTPS git) and 2222 (SSH git)
|
|
- name: http_git # @TODO: Fill out rest of needed attributes
|
|
state: started
|
|
restart_policy: on-failure:5
|
|
image: gitea/gitea
|
|
volumes:
|
|
- "~/.config/gitea:/etc/gitea"
|
|
- "gitea_data:/var/lib/gitea"
|
|
- /etc/timezone:/etc/timezone:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
network:
|
|
- "caddynet"
|
|
- "sharenet"
|
|
generate_systemd:
|
|
restart_policy: always
|
|
stop_timeout: 120
|
|
names: true
|
|
container_prefix: pm@
|
|
requires:
|
|
- "revproxy"
|
|
# @NOTE: Postgres (below) default port is 5432
|
|
- name: db
|
|
state: present
|
|
restart_policy: on-failure:5
|
|
image: postgres
|
|
shm_size: "{{ lookup('ansible.builtin.env', 'ANSIBLE_DB_CENG_SHARE', default='128m') }}"
|
|
volumes:
|
|
- "~/.config/postgres:/etc/postgresql"
|
|
network:
|
|
- "caddynet"
|
|
- "sharenet"
|
|
env:
|
|
POSTGRES_USER: senpai
|
|
POSTGRES_DB: mem
|
|
POSTGRESS_PASSWORD_FILE: /run/secrets/postgres_pass # @TODO: Look into other Postgres authentication methods
|
|
generate_systemd:
|
|
restart_policy: always
|
|
stop_timeout: 120
|
|
names: true
|
|
container_prefix: pm@
|
|
# @NOTE: Below container internal port is 8080
|
|
- name: shlinks
|
|
state: present
|
|
restart_policy: on-failure:5
|
|
image: shlinkio/shlink
|
|
env:
|
|
DEFAULT_DOMAIN: "{{ lookup('ansible.builtin.env', 'ANSIBLE_SHORTLINK_DOMAIN', default='sukaato.moe') }}"
|
|
BASE_PATH: /s
|
|
IS_HTTPS_ENABLED: false
|
|
MEMORY_LIMIT: 128m
|
|
DELETE_SHORT_URL_THRESHOLD: "{{ lookup('ansible.builtin.env', 'ANSIBLE_SHORTLINK_POP_FLOOR', default='600') }}"
|
|
DEFAULT_SHORT_CODES_LENGTH: 6
|
|
# INITIAL_API_KEY:
|
|
generate_systemd:
|
|
restart_policy: always
|
|
stop_timeout: 120
|
|
names: true
|
|
container_prefix: pm@
|