feat: stuff
This commit is contained in:
@@ -6,7 +6,7 @@ tasks:
|
|||||||
- docker compose -f compose.dev.yml up --build --force-recreate --no-deps
|
- docker compose -f compose.dev.yml up --build --force-recreate --no-deps
|
||||||
|
|
||||||
deploy:fast: ansible-playbook playbooks/fast.yml
|
deploy:fast: ansible-playbook playbooks/fast.yml
|
||||||
deploy:slow: ansible-playbook playbooks/slow.yml
|
deploy:slow: ansible-playbook playbooks/slow.yml {{.CLI_ARGS}}
|
||||||
deploy:restore: ansible-playbook playbooks/restore.yml -e "restore_bucket={{.BUCKET}} restore_key={{.KEY}}"
|
deploy:restore: ansible-playbook playbooks/restore.yml -e "restore_bucket={{.BUCKET}} restore_key={{.KEY}}"
|
||||||
|
|
||||||
vault: ansible-vault edit vault.yml
|
vault: ansible-vault edit vault.yml
|
||||||
|
|||||||
@@ -2,6 +2,8 @@
|
|||||||
hosts: localhost
|
hosts: localhost
|
||||||
vars_files: ../config/ansible.secret.json
|
vars_files: ../config/ansible.secret.json
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
|
vars:
|
||||||
|
image_name: "service/gitea"
|
||||||
tasks:
|
tasks:
|
||||||
- name: Build image.
|
- name: Build image.
|
||||||
community.docker.docker_image_build:
|
community.docker.docker_image_build:
|
||||||
@@ -11,6 +13,12 @@
|
|||||||
rebuild: always
|
rebuild: always
|
||||||
pull: true
|
pull: true
|
||||||
|
|
||||||
|
- name: Create build directory.
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: ../dist
|
||||||
|
state: directory
|
||||||
|
mode: '0777'
|
||||||
|
|
||||||
- name: Push image to archive.
|
- name: Push image to archive.
|
||||||
community.docker.docker_image:
|
community.docker.docker_image:
|
||||||
name: "{{ image_name }}"
|
name: "{{ image_name }}"
|
||||||
@@ -21,101 +29,56 @@
|
|||||||
register: compress_image
|
register: compress_image
|
||||||
community.general.archive:
|
community.general.archive:
|
||||||
path: ../dist/image.tar
|
path: ../dist/image.tar
|
||||||
dest: ../dist/image.tar.xz
|
dest: ../dist/image.tar.gz
|
||||||
format: xz
|
format: gz
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
|
||||||
- name: Push artifact to S3.
|
|
||||||
amazon.aws.s3_object:
|
|
||||||
bucket: "{{ image_bucket }}"
|
|
||||||
object: "{{ image_key }}"
|
|
||||||
src: ../dist/image.tar.xz
|
|
||||||
mode: put
|
|
||||||
|
|
||||||
region: "{{ aws_region }}"
|
|
||||||
access_key: "{{ aws_access_key }}"
|
|
||||||
secret_key: "{{ aws_secret_key }}"
|
|
||||||
|
|
||||||
- name: Deploy artifact to instance.
|
- name: Deploy artifact to instance.
|
||||||
hosts: localhost
|
hosts: compute
|
||||||
become: true
|
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
vars_files:
|
|
||||||
- ../config/ansible.secret.json
|
|
||||||
- ../config/infrastructure.secret.json
|
|
||||||
vars:
|
|
||||||
ansible_connection: aws_ssm
|
|
||||||
ansible_python_interpreter: /usr/bin/python3
|
|
||||||
ansible_aws_ssm_plugin: "{{ ssm_plugin }}"
|
|
||||||
ansible_aws_ssm_bucket_name: "{{ image_bucket }}"
|
|
||||||
ansible_aws_ssm_instance_id: "{{ instance_id.value }}"
|
|
||||||
ansible_aws_ssm_region: "{{ aws_region }}"
|
|
||||||
ansible_aws_ssm_access_key_id: "{{ aws_access_key }}"
|
|
||||||
ansible_aws_ssm_secret_access_key: "{{ aws_secret_key }}"
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Fetch image.
|
|
||||||
amazon.aws.s3_object:
|
|
||||||
mode: get
|
|
||||||
bucket: "{{ image_bucket }}"
|
|
||||||
object: "{{ image_key }}"
|
|
||||||
dest: /root/image.tar.gz
|
|
||||||
|
|
||||||
region: "{{ aws_region }}"
|
|
||||||
access_key: "{{ aws_access_key }}"
|
|
||||||
secret_key: "{{ aws_secret_key }}"
|
|
||||||
|
|
||||||
- name: Create data directory.
|
- name: Create data directory.
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: /home/ssm-user/data
|
path: "{{ item }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: '0777'
|
mode: '0777'
|
||||||
|
loop:
|
||||||
|
- ~/app
|
||||||
|
- ~/app/gitea
|
||||||
|
|
||||||
|
- name: Pull image to remote.
|
||||||
|
ansible.posix.synchronize:
|
||||||
|
src: ../dist/image.tar.gz
|
||||||
|
dest: ~/app/gitea/image.tar.gz
|
||||||
|
|
||||||
- name: Load image.
|
- name: Load image.
|
||||||
community.docker.docker_image_load:
|
containers.podman.podman_load:
|
||||||
path: /root/image.tar.gz
|
path: ~/app/gitea/image.tar.gz
|
||||||
register: image
|
register: image
|
||||||
|
|
||||||
- name: Run image.
|
# - name: Run image.
|
||||||
community.docker.docker_container:
|
# community.docker.docker_container:
|
||||||
name: server
|
# name: server
|
||||||
image: "{{ image.image_names[0] }}"
|
# image: "{{ image.image_names[0] }}"
|
||||||
state: started
|
# state: started
|
||||||
recreate: true
|
# recreate: true
|
||||||
restart_policy: unless-stopped
|
# restart_policy: unless-stopped
|
||||||
memory: 425m
|
# memory: 425m
|
||||||
memory_swap: 900m
|
# memory_swap: 900m
|
||||||
ports: [80:80, 2222:2222, 443:443, "22:22"]
|
# ports: [80:80, 2222:2222, 443:443, "22:22"]
|
||||||
env:
|
# env:
|
||||||
GITEA__security__INTERNAL_TOKEN: "{{ internal_secret }}"
|
# GITEA__security__INTERNAL_TOKEN: "{{ internal_secret }}"
|
||||||
GITEA__server__LFS_JWT_SECRET: "{{ lfs_secret }}"
|
# GITEA__server__LFS_JWT_SECRET: "{{ lfs_secret }}"
|
||||||
GITEA__oauth2__JWT_SECRET: "{{ jwt_secret }}"
|
# GITEA__oauth2__JWT_SECRET: "{{ jwt_secret }}"
|
||||||
GITEA__server__ACME_EMAIL: "{{ email }}"
|
# GITEA__server__ACME_EMAIL: "{{ email }}"
|
||||||
GITEA__server__SSH_DOMAIN: "{{ full_domain.value }}"
|
# GITEA__server__SSH_DOMAIN: "{{ full_domain.value }}"
|
||||||
GITEA__server__DOMAIN: "{{ full_domain.value }}"
|
# GITEA__server__DOMAIN: "{{ full_domain.value }}"
|
||||||
GITEA__server__ROOT_URL: "https://{{ full_domain.value }}/"
|
# GITEA__server__ROOT_URL: "https://{{ full_domain.value }}/"
|
||||||
GITEA__storage__MINIO_ACCESS_KEY_ID: "{{ minio_access_key }}"
|
# GITEA__storage__MINIO_ACCESS_KEY_ID: "{{ minio_access_key }}"
|
||||||
GITEA__storage__MINIO_SECRET_ACCESS_KEY: "{{ minio_secret_key }}"
|
# GITEA__storage__MINIO_SECRET_ACCESS_KEY: "{{ minio_secret_key }}"
|
||||||
labels:
|
# labels:
|
||||||
docker-volume-backup.stop-during-backup: "true"
|
# docker-volume-backup.stop-during-backup: "true"
|
||||||
volumes:
|
# volumes:
|
||||||
- /home/ssm-user/data:/var/lib/gitea
|
# - /home/ssm-user/data:/var/lib/gitea
|
||||||
- /etc/timezone:/etc/timezone:ro
|
# - /etc/timezone:/etc/timezone:ro
|
||||||
- /etc/localtime:/etc/localtime:ro
|
# - /etc/localtime:/etc/localtime:ro
|
||||||
|
|
||||||
- name: Run backup.
|
|
||||||
community.docker.docker_container:
|
|
||||||
name: backup
|
|
||||||
image: offen/docker-volume-backup:v2
|
|
||||||
state: started
|
|
||||||
recreate: true
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- /home/ssm-user/data:/backup/my-app-backup:ro
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
||||||
env:
|
|
||||||
AWS_S3_BUCKET_NAME: "{{ boot_bucket }}"
|
|
||||||
AWS_S3_PATH: "{{ boot_key }}"
|
|
||||||
AWS_REGION: "{{ boot_region.value }}"
|
|
||||||
AWS_ACCESS_KEY_ID: "{{ boot_id.value }}"
|
|
||||||
AWS_SECRET_ACCESS_KEY: "{{ boot_secret.value }}"
|
|
||||||
BACKUP_CRON_EXPRESSION: "0 0 * * *"
|
|
||||||
|
|||||||
Reference in New Issue
Block a user