web/git
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: install docker; auto change port

Browse Source
This commit is contained in:
Maxim Hutz
2025-09-08 23:17:43 -04:00
parent fd30ee265f
commit 65893c30f3
6 changed files with 134 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
Taskfile.yml
View File

@@ -1,5 +1,12 @@
version: 3 version: 3
tasks: tasks:
vault: ansible-vault edit vault.yml vault: ansible-vault edit vault.yml {{.CLI_ARGS}}
infra: ansible-playbook playbooks/infrastructure.yml infra: ansible-playbook playbooks/provision.yml {{.CLI_ARGS}}
setup: ansible-playbook playbooks/deploy.yml {{.CLI_ARGS}}
enter:
cmd: ssh -i {{.KEY}} -p 2222 root@{{.IP}}
vars:
KEY: { sh: ansible-vault view vault.yml | yq -r ".deploy.private_ssh_key_path" }
IP: { sh: cat dist/terraform_outputs.yml | jq -r ".server_ip.value" }

3
ansible.cfg
View File

@@ -2,6 +2,7 @@
callbacks_enabled = profile_tasks callbacks_enabled = profile_tasks
localhost_warning = False localhost_warning = False
vault_password_file = vault.key vault_password_file = vault.key
interpreter_python = /usr/bin/python3.11
[inventory] [inventory]
inventory_unparsed_warning = False inventory_unparsed_warning = False
@@ -9,4 +10,4 @@ inventory_unparsed_warning = False
[ssh_connection] [ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes -o IdentityAgent=none ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes -o IdentityAgent=none
pipelining = True pipelining = True
retries = 256 retries = 2

91
playbooks/deploy.yml Normal file
View File

@@ -0,0 +1,91 @@
- name: Set up for fresh host.
gather_facts: false
hosts: localhost
vars_files:
- ../vault.yml
- ../dist/terraform_outputs.yml
tasks:
- name: Add remote host.
ansible.builtin.add_host:
name: server_fresh
ansible_ssh_host: "{{ server_ip.value }}"
ansible_user: root
ansible_port: 22
ansible_private_key_file: "{{ deploy.private_ssh_key_path }}"
- name: Switch port to 2222.
hosts: server_fresh
ignore_unreachable: true
gather_facts: false
tasks:
- name: Update SSH port.
ansible.builtin.lineinfile:
dest: "/etc/ssh/sshd_config"
regexp: "^Port"
line: "Port 2222"
- name: Restart service.
ansible.builtin.service:
name: ssh
state: restarted
- name: Set up real host.
gather_facts: false
hosts: localhost
vars_files:
- ../vault.yml
- ../dist/terraform_outputs.yml
tasks:
- name: Add remote host.
ansible.builtin.add_host:
name: server
ansible_ssh_host: "{{ server_ip.value }}"
ansible_user: root
ansible_port: 2222
ansible_private_key_file: "{{ deploy.private_ssh_key_path }}"
- name: Install Docker.
gather_facts: true
hosts: server
vars_files:
- ../vault.yml
- ../dist/terraform_outputs.yml
tasks:
- name: Download Docker repository key.
ansible.builtin.apt_key:
url: https://download.docker.com/linux/debian/gpg
state: present
- name: Download Docker repository.
ansible.builtin.apt_repository:
repo: "deb https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
state: present
- name: Remove bad packages.
ansible.builtin.apt:
state: absent
package:
- docker.io
- docker-doc
- docker-compose
- podman-docker
- containerd
- runc
- name: Download Docker dependencies.
ansible.builtin.apt:
state: present
package:
- ca-certificates
- curl
- name: Download Docker packages.
ansible.builtin.apt:
state: present
update_cache: true
package:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin

4
playbooks/infrastructure.yml → playbooks/provision.yml
View File

@@ -26,7 +26,7 @@
- name: Create secret directory. - name: Create secret directory.
ansible.builtin.file: ansible.builtin.file:
path: ../secret path: ../dist
recurse: true recurse: true
mode: "0755" mode: "0755"
state: directory state: directory
@@ -34,5 +34,5 @@
- name: Send outputs to file. - name: Send outputs to file.
ansible.builtin.copy: ansible.builtin.copy:
content: "{{ terraform_apply.outputs }}" content: "{{ terraform_apply.outputs }}"
dest: ../secret/terraform_outputs.yml dest: ../dist/terraform_outputs.yml
mode: '0755' mode: '0755'

2
terraform/main.tf
View File

@@ -45,7 +45,7 @@ resource "hcloud_firewall" "server_firewall" {
# Poke holes for applications, and SSH. # Poke holes for applications, and SSH.
dynamic "rule" { dynamic "rule" {
for_each = ["80", "443", "22"] for_each = ["80", "443", "22", "2222"]
content { content {
direction = "in" direction = "in"

55
vault.yml
View File

@@ -1,27 +1,30 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
38323339316264326632393865326536613866323232396239306431386339326431316637343431 34643530383765643831323664663862643337623238343461366330376462326636383935333036
6537323139653664383461393937656332666136373333370a373964396538643439376633316437 6537343334303666336163363965303035613437333235650a346434356437323964376262663834
32613563306661323830376135623466626636316433323866396230313566653933386162366131 61373330643932363061393039373064306262373738303934393437333934653434626434373362
3562343139653337660a366136623834613564633964306662326336306334646264643365623864 6265383464376133650a333162373362323261353163646566653733626533613863323237633833
33303965326234373235386230353464393061356639303438636535626330333064353863623030 36616463396535366436356662306333383134653233323334303639336439653732326534313161
33383539323136333939303939313734636137376637636638643334663962653061633930386262 38353463643563363631346537653133353165376438336131323662376263356662366233343337
39333766613031343861376639303636363763663431363538633566616366653632633262336362 61333961653339316332653630666633323635353135303633316635326430373630653464343765
32666463336665653135316266393231323264303163646336343962633537643534353632363637 66613938663762326462353563323138356466653966383336633962613639633638363561353836
30643831303866376634383939623439633530653330353839663037313731306163633938303961 32376161343131323262643831653965333338346263643463613238626231383364626431386636
66313735353831376366323635653063343262343337666537633766633037313765386237383134 34636330663261303664656534353934656135306164353864623236396530323366363666623832
62343234356635653733633461613232333935396363666631653638363961376362643932643135 36386666383434336265623262626566626464363163663332623562393330653137333062353665
65626463323265623863663766613865326664653863643032303464333939363739656238383732 39623233626130613263653434613066393831383931666138373066323336663066646230623738
37343936666238333130323263666131363833616261633936623833353565353332666638316232 30613139663838623632376137343935353739626239303034633766363239383333633035653365
66343064386265313830306163366533313035343261383037646666366532313565643762363432 39316665633536323238393930646461623363613964393132353636633663376163323164363362
33646161376236363932326532393935363736643732373838633035653565376466663538393132 62653861326434646537323365663534653462303239396333653132373337333262633934633439
33646436666463356330386337633636373961323031343065303638323439623034333031323135 31316330373565313462613239626331383462613762303737386436646633363361373835643839
30663362393539396366656634353166636533303562376232643733303434376565323936316638 38373863306534383831646162323839323433633139336636333037376633313939306438303635
36353338373664386331303532633063383166646332326562303830353264386335663363326262 61356366613265333832326363626135663731316366633639343162383132373364396462623438
32666161633134626162636463663364316139623234383531343363316566633336633238323434 39373630363439643762363464303233623631613030616135366332393163393835353064666362
62613634663465356238666238356164636231343938643064333466343135333032623435396230 32663331323030356265366434356466613161323065366331343432656638646334316139656263
64323265633537333538343363656438333764623532366431643263396263303966326264373139 62343331376335336434663636636436616338343837646566353131353661366165393565313062
38346138643866666233313162346431656131653137373562333234626263313332363366626130 32326436396539623236316563306264396134613030623533343761623464323135396235303535
65316338363465323435373638353266366331663535643733353565303565353730346462633265 38343662306636653039373962363030353666343837343865333965646538396432346264346236
33396637353939303335383634623732633565643964316233373962316530623232313663666266 32616562336561633366656366396133346463613037366139656233313961393565373833643130
33353463633661633831323830303864363863306330313261356464383231373163383231393631 63613434663330336431363732323132333166373762373831653362326466663862356534323331
3037376236613365393332666331613263333936616362616639 65653663323336613535383735303130336262343936356331363839643537623037633766626635
62383837656532623734396438383334363466373439396435326163373531343963376131306461
35323535356432633432393065346662336233393334396534346630393436303331666363653131
65353932383566346366656161366136366564633036386262643333316533663962