web/git
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: web:f9db293f52daab697bc101a39497a65a26566f8a
Branches Tags
web:main web:feat/add-act-runner web:feat/hetzner
..
compare: web:143e6be9a072ac0f114326223b91db86c90d0ba8
Branches Tags
web:feat/add-act-runner web:main web:feat/hetzner

2 Commits
f9db293f52 ... 143e6be9a0

Author SHA1 Message Date
Max
143e6be9a0 style: renaming scheme for config files 2025-02-13 15:35:00 -05:00
Max
6193d99e1f chore: cleaned up ansible playbooks 2025-02-13 15:13:55 -05:00
8 changed files with 88 additions and 93 deletions
Expand all files Collapse all files

14
Taskfile.yml
View File

@@ -1,5 +1,4 @@
version: 3
# silent: true
includes:
tf: { taskfile: terraform, dir: terraform }
@@ -7,19 +6,14 @@ includes:
tasks:
dev: docker compose -f compose.dev.yml up --build --force-recreate --no-deps
build:slow: ansible-playbook playbooks/build.yml
deploy:slow: ansible-playbook playbooks/deploy.yml
build:fast: ansible-playbook playbooks/fast-build.yml
deploy:fast: ansible-playbook playbooks/fast-deploy.yml
restore: ansible-playbook playbooks/restore.yml -e "restore_bucket={{.BUCKET}} restore_key={{.KEY}}"
run:slow: [task: build:slow, task: deploy:slow]
run:fast: [task: build:fast, task: deploy:fast]
deploy:fast: ansible-playbook playbooks/fast.yml
deploy:slow: ansible-playbook playbooks/slow.yml
deploy:restore: ansible-playbook playbooks/restore.yml -e "restore_bucket={{.BUCKET}} restore_key={{.KEY}}"
enter:
cmd: aws ssm start-session --target $INSTANCE_ID
env:
INSTANCE_ID: { sh: jq -r .instance_id.value < config/infrastructure.secret.tf.json }
INSTANCE_ID: { sh: jq -r .instance_id.value < config/infrastructure.secret.json }
AWS_REGION: { sh: jq -r .aws_region < config/ansible.secret.json }
AWS_ACCESS_KEY_ID: { sh: jq -r .aws_access_key < config/ansible.secret.json }
AWS_SECRET_ACCESS_KEY: { sh: jq -r .aws_secret_key < config/ansible.secret.json }

42
playbooks/build.yml
View File

@@ -1,42 +0,0 @@
- name: Make build artifact.
hosts: localhost
vars_files: ../config/ansible.secret.json
gather_facts: false
tasks:
- name: Build image.
community.docker.docker_image_build:
name: "{{ image_name }}"
path: ../gitea
nocache: true
rebuild: always
pull: true
- name: Make temp file.
ansible.builtin.tempfile:
suffix: .tar
register: tar_file
- name: Push image to archive.
community.docker.docker_image:
name: "{{ image_name }}"
archive_path: "{{ tar_file.path }}"
source: local
- name: Compress archive to artifact.
register: compress_image
community.general.archive:
path: "{{ tar_file.path }}"
dest: "{{ tar_file.path }}.xz"
format: xz
mode: "0644"
- name: Push artifact to S3.
amazon.aws.s3_object:
bucket: "{{ image_bucket }}"
object: "{{ image_key }}"
src: "{{ tar_file.path }}.xz"
mode: put
region: "{{ aws_region }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"

29
playbooks/fast-build.yml
View File

@@ -1,29 +0,0 @@
- name: Make build artifact.
hosts: localhost
vars_files:
- ../config/ansible.secret.json
- ../config/infrastructure.secret.tf.json
gather_facts: false
tasks:
- name: Log into Docker.
community.docker.docker_login:
registry_url: '{{ full_domain.value }}'
username: '{{ username }}'
password: '{{ api_key }}'
reauthorize: true
- name: Build image.
community.docker.docker_image_build:
name: "{{ full_domain.value }}/{{ image_name }}:latest"
path: ../gitea
nocache: true
rebuild: always
pull: true
outputs: [{ type: image, push: true }]
platform:
- linux/amd64
- linux/arm64/v8
- name: Log out of Docker.
community.docker.docker_login:
state: absent

35
playbooks/fast-deploy.yml → playbooks/fast.yml
View File

@@ -1,17 +1,46 @@
- name: Make build artifact.
hosts: localhost
vars_files:
- ../config/ansible.secret.json
- ../config/infrastructure.secret.json
gather_facts: false
tasks:
- name: Log into Docker.
community.docker.docker_login:
registry_url: '{{ full_domain.value }}'
username: '{{ username }}'
password: '{{ api_key }}'
reauthorize: true
- name: Build image.
community.docker.docker_image_build:
name: "{{ full_domain.value }}/{{ image_name }}:latest"
path: ../gitea
nocache: true
rebuild: always
pull: true
outputs: [{ type: image, push: true }]
platform:
- linux/amd64
- linux/arm64/v8
- name: Log out of Docker.
community.docker.docker_login:
state: absent
- name: Deploy artifact to instance.
hosts: localhost
become: true
gather_facts: false
vars_files:
- ../config/ansible.secret.json
- ../config/infrastructure.secret.tf.json
- ../config/infrastructure.secret.json
vars:
ansible_connection: aws_ssm
ansible_python_interpreter: /usr/bin/python3
ansible_aws_ssm_plugin: "{{ ssm_plugin }}"
ansible_aws_ssm_bucket_name: "{{ image_bucket }}"
ansible_aws_ssm_instance_id: "{{ instance_id.value }}"
ansible_python_interpreter: /usr/bin/python3
ansible_aws_ssm_region: "{{ aws_region }}"
ansible_aws_ssm_access_key_id: "{{ aws_access_key }}"
ansible_aws_ssm_secret_access_key: "{{ aws_secret_key }}"

3
playbooks/restore.yml
View File

@@ -4,14 +4,13 @@
gather_facts: false
vars_files:
- ../config/ansible.secret.json
- ../config/infrastructure.secret.tf.json
- ../config/infrastructure.secret.json
vars:
ansible_connection: aws_ssm
ansible_python_interpreter: /usr/bin/python3
ansible_aws_ssm_plugin: "{{ ssm_plugin }}"
ansible_aws_ssm_bucket_name: "{{ image_bucket }}"
ansible_aws_ssm_instance_id: "{{ instance_id.value }}"
ansible_aws_ssm_region: "{{ aws_region }}"
ansible_aws_ssm_access_key_id: "{{ aws_access_key }}"
ansible_aws_ssm_secret_access_key: "{{ aws_secret_key }}"

46
playbooks/deploy.yml → playbooks/slow.yml
View File

@@ -1,17 +1,59 @@
- name: Make build artifact.
hosts: localhost
vars_files: ../config/ansible.secret.json
gather_facts: false
tasks:
- name: Build image.
community.docker.docker_image_build:
name: "{{ image_name }}"
path: ../gitea
nocache: true
rebuild: always
pull: true
- name: Make temp file.
ansible.builtin.tempfile:
suffix: .tar
register: tar_file
- name: Push image to archive.
community.docker.docker_image:
name: "{{ image_name }}"
archive_path: "{{ tar_file.path }}"
source: local
- name: Compress archive to artifact.
register: compress_image
community.general.archive:
path: "{{ tar_file.path }}"
dest: "{{ tar_file.path }}.xz"
format: xz
mode: "0644"
- name: Push artifact to S3.
amazon.aws.s3_object:
bucket: "{{ image_bucket }}"
object: "{{ image_key }}"
src: "{{ tar_file.path }}.xz"
mode: put
region: "{{ aws_region }}"
access_key: "{{ aws_access_key }}"
secret_key: "{{ aws_secret_key }}"
- name: Deploy artifact to instance.
hosts: localhost
become: true
gather_facts: false
vars_files:
- ../config/ansible.secret.json
- ../config/infrastructure.secret.tf.json
- ../config/infrastructure.secret.json
vars:
ansible_connection: aws_ssm
ansible_python_interpreter: /usr/bin/python3
ansible_aws_ssm_plugin: "{{ ssm_plugin }}"
ansible_aws_ssm_bucket_name: "{{ image_bucket }}"
ansible_aws_ssm_instance_id: "{{ instance_id.value }}"
ansible_aws_ssm_region: "{{ aws_region }}"
ansible_aws_ssm_access_key_id: "{{ aws_access_key }}"
ansible_aws_ssm_secret_access_key: "{{ aws_secret_key }}"

6
terraform/Taskfile.yml
View File

@@ -2,9 +2,9 @@ version: 3
silent: true
vars:
BACKEND: ../config/backend.secret.tf.json
VARIABLES: ../config/variables.secret.tf.json
OUTPUT: ../config/infrastructure.secret.tf.json
BACKEND: ../config/backend.secret.json
VARIABLES: ../config/variables.secret.json
OUTPUT: ../config/infrastructure.secret.json
tasks:
init: terraform init -backend-config={{.BACKEND}}

6
terraform/main.tf
View File

@@ -4,8 +4,10 @@ resource "aws_eip" "public" {
domain = "vpc"
}
data "aws_iam_instance_profile" "ssm" {
# An instance profile for access via AWS SSM.
resource "aws_iam_instance_profile" "ssm" {
name = "SSMInstanceProfile"
role = "AmazonSSMRoleForInstancesQuickSetup"
}
# The Gitea instance.
@@ -18,7 +20,7 @@ resource "aws_instance" "this" {
user_data = file("install.sh")
user_data_replace_on_change = false
iam_instance_profile = data.aws_iam_instance_profile.ssm.name
iam_instance_profile = aws_iam_instance_profile.ssm.name
vpc_security_group_ids = [aws_security_group.public_access.id]
metadata_options {