feat: new style in prod

2025-09-11 20:05:40 -04:00
parent f193ff4e6b
commit 31a8eafd65
8 changed files with 175 additions and 167 deletions
--- a/playbooks/deploy.yml
+++ b/playbooks/deploy.yml
@@ -32,6 +32,8 @@
 - name: Set up real host.
  gather_facts: false
  hosts: localhost
+  tags:
+    - deploy
  vars_files:
    - ../vault.yml
    - ../dist/terraform_outputs.yml
@@ -51,6 +53,21 @@
    - ../vault.yml
    - ../dist/terraform_outputs.yml
  tasks:
+    - name: Install PIP.
+      ansible.builtin.apt:
+        name:
+          - python3-pip
+        state: present
+
+    - name: Install needed packages.
+      ansible.builtin.pip:
+        name:
+          - botocore
+          - boto3
+          - packaging
+        state: present
+        break_system_packages: true
+
    - name: Download Docker repository key.
      ansible.builtin.apt_key:
        url: https://download.docker.com/linux/debian/gpg
@@ -92,6 +109,8 @@

 - name: Deploy artifact to instance.
  hosts: server
+  tags:
+    - deploy
  gather_facts: false
  vars_files:
    - ../variables.yml
@@ -129,6 +148,7 @@
        memory_swap: 900m
        ports: [80:80, 443:443, "22:22"]
        env:
+          # Secrets.
          GITEA__security__INTERNAL_TOKEN: "{{ secret.internal }}"
          GITEA__server__LFS_JWT_SECRET: "{{ secret.lfs }}"
          GITEA__oauth2__JWT_SECRET: "{{ secret.jwt }}"
@@ -137,10 +157,22 @@
          GITEA__server__DOMAIN: "{{ server_fqdn.value }}"
          GITEA__server__ROOT_URL: "https://{{ server_fqdn.value }}/"

+          # General S3 storage information.
          GITEA__storage__MINIO_BUCKET: "{{ secret.bucket.name }}"
          GITEA__storage__MINIO_ENDPOINT: "{{ secret.bucket.endpoint }}"
          GITEA__storage__MINIO_ACCESS_KEY_ID: "{{ secret.bucket.access_key }}"
          GITEA__storage__MINIO_SECRET_ACCESS_KEY: "{{ secret.bucket.secret_key }}"
+
+          # Set storage to specific S3 bucket path.
+          GITEA__storage_0x2E_attachments__MINIO_BASE_PATH: "{{ secret.storage.key }}/attachments"
+          GITEA__storage_0x2E_lfs__MINIO_BASE_PATH: "{{ secret.storage.key }}/lfs"
+          GITEA__storage_0x2E_avatars__MINIO_BASE_PATH: "{{ secret.storage.key }}/avatars"
+          GITEA__storage_0x2E_repo_0X2D_archive___MINIO_BASE_PATH: "{{ secret.storage.key }}/repo-archive"
+          GITEA__storage_0x2E_repo_0X2D_avatars__MINIO_BASE_PATH: "{{ secret.storage.key }}/repo-avatars"
+          GITEA__storage_0x2E_packages__MINIO_BASE_PATH: "{{ secret.storage.key }}/packages"
+          GITEA__storage_0x2E_actions_log__MINIO_BASE_PATH: "{{ secret.storage.key }}/actions_log"
+          GITEA__storage_0x2E_actions_artifacts__MINIO_BASE_PATH: "{{ secret.storage.key }}/actions_artifacts"
+
        labels:
          docker-volume-backup.stop-during-backup: "true"
        volumes:
--- a/playbooks/restore.yml
+++ b/playbooks/restore.yml
@@ -0,0 +1,72 @@
+- name: Set up real host.
+  gather_facts: false
+  hosts: localhost
+  vars_files:
+    - ../vault.yml
+    - ../dist/terraform_outputs.yml
+  tasks:
+    - name: Add remote host.
+      ansible.builtin.add_host:
+        name: server
+        ansible_ssh_host: "{{ server_ip.value }}"
+        ansible_user: root
+        ansible_port: 2222
+        ansible_private_key_file: "{{ secret.private_ssh_key_path }}"
+
+- name: Deploy artifact to instance.
+  hosts: server
+  become: true
+  gather_facts: false
+  vars_files:
+    - ../vault.yml
+    - ../dist/terraform_outputs.yml
+  tasks:
+    - name: Stop server.
+      community.docker.docker_container:
+        name: "{{ item }}"
+        state: stopped
+      loop: [server, backup]
+
+    - name: Copy backup from S3.
+      amazon.aws.s3_object:
+        bucket: "{{ secret.restore.bucket | mandatory(msg='You must specify the bucket of the data.') }}"
+        object: "{{ secret.restore.key | mandatory(msg='You must specify the key of the data.') }}"
+        dest: /root/snapshot.tar.gz
+        mode: get
+        region: "{{ secret.restore.region }}"
+        access_key: "{{ secret.restore.access_key }}"
+        secret_key: "{{ secret.restore.secret_key }}"
+        ignore_nonexistent_bucket: true
+
+    - name: Ensure backup directory exists.
+      ansible.builtin.file:
+        path: /root/restore
+        state: directory
+        mode: '0777'
+
+    - name: Extract backup.
+      ansible.builtin.unarchive:
+        src: /root/snapshot.tar.gz
+        dest: /root/restore
+        remote_src: true
+
+    - name: Move backup files to data folder.
+      ansible.builtin.copy:
+        remote_src: true
+        src: /root/restore/backup/my-app-backup/
+        dest: /root/data/
+        mode: '0777'
+
+    - name: Update permissions.
+      ansible.builtin.file:
+        path: /root/data
+        recurse: true
+        mode: '0777'
+        owner: 1000
+        group: 1000
+
+    - name: Restart containers.
+      community.docker.docker_container:
+        name: "{{ item }}"
+        state: started
+      loop: [server, backup]