web/git
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
767fd3b503b69cf7804de7f67925d184d207d7f5
git/playbooks/deploy.yml

202 lines
6.1 KiB
YAML
Raw Blame History

- name: Set up for fresh host.
gather_facts: false
hosts: localhost
vars_files:
- ../vault.yml
- ../dist/terraform_outputs.yml
tasks:
- name: Add remote host.
ansible.builtin.add_host:
name: server_fresh
ansible_ssh_host: "{{ server_ip.value }}"
ansible_user: root
ansible_port: 22
ansible_private_key_file: "{{ secret.private_ssh_key_path }}"
- name: Switch port to 2222.
hosts: server_fresh
ignore_unreachable: true
gather_facts: false
tasks:
- name: Update SSH port.
ansible.builtin.lineinfile:
dest: "/etc/ssh/sshd_config"
regexp: "^Port"
line: "Port 2222"
- name: Restart service.
ansible.builtin.service:
name: ssh
state: restarted
- name: Set up real host.
gather_facts: false
hosts: localhost
tags:
- deploy
vars_files:
- ../vault.yml
- ../dist/terraform_outputs.yml
tasks:
- name: Add remote host.
ansible.builtin.add_host:
name: server
ansible_ssh_host: "{{ server_ip.value }}"
ansible_user: root
ansible_port: 2222
ansible_private_key_file: "{{ secret.private_ssh_key_path }}"
- name: Install Docker.
gather_facts: true
hosts: server
vars_files:
- ../vault.yml
- ../dist/terraform_outputs.yml
tasks:
- name: Install PIP.
ansible.builtin.apt:
update_cache: true
name:
- python3-pip
state: present
- name: Install needed packages.
ansible.builtin.pip:
name:
- botocore
- boto3
- packaging
state: present
break_system_packages: true
- name: Download Docker repository key.
ansible.builtin.apt_key:
url: https://download.docker.com/linux/debian/gpg
state: present
- name: Download Docker repository.
ansible.builtin.apt_repository:
repo: "deb https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
state: present
- name: Remove bad packages.
ansible.builtin.apt:
state: absent
package:
- docker.io
- docker-doc
- docker-compose
- podman-docker
- containerd
- runc
- name: Download Docker dependencies.
ansible.builtin.apt:
state: present
package:
- ca-certificates
- curl
- name: Download Docker packages.
ansible.builtin.apt:
state: present
update_cache: true
package:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin
- name: Deploy artifact to instance.
hosts: server
tags:
- deploy
gather_facts: false
vars_files:
- ../variables.yml
- ../vault.yml
- ../dist/terraform_outputs.yml
tasks:
- name: Copy gitea folder.
ansible.builtin.copy:
src: ../gitea/
dest: /root/gitea/
mode: preserve
- name: Build image.
community.docker.docker_image_build:
name: "{{ variables.image_name }}"
path: /root/gitea
nocache: true
rebuild: always
pull: true
- name: Create data directory.
ansible.builtin.file:
path: /root/data
state: directory
mode: '0777'
- name: Run image.
community.docker.docker_container:
name: server
image: "{{ variables.image_name }}"
state: started
recreate: true
restart_policy: unless-stopped
memory: 425m
memory_swap: 900m
ports: [80:80, 443:443, "22:22"]
env:
# Secrets.
GITEA__security__INTERNAL_TOKEN: "{{ secret.internal }}"
GITEA__server__LFS_JWT_SECRET: "{{ secret.lfs }}"
GITEA__oauth2__JWT_SECRET: "{{ secret.jwt }}"
GITEA__server__ACME_EMAIL: "acme@maximhutz.me"
GITEA__server__SSH_DOMAIN: "{{ server_fqdn.value }}"
GITEA__server__DOMAIN: "{{ server_fqdn.value }}"
GITEA__server__ROOT_URL: "https://{{ server_fqdn.value }}/"
# General S3 storage information.
GITEA__storage__MINIO_BUCKET: "{{ secret.bucket.name }}"
GITEA__storage__MINIO_ENDPOINT: "{{ secret.bucket.endpoint }}"
GITEA__storage__MINIO_ACCESS_KEY_ID: "{{ secret.bucket.access_key }}"
GITEA__storage__MINIO_SECRET_ACCESS_KEY: "{{ secret.bucket.secret_key }}"
# Set storage to specific S3 bucket path.
GITEA__storage_0x2E_attachments__MINIO_BASE_PATH: "{{ secret.storage.key }}/attachments"
GITEA__storage_0x2E_lfs__MINIO_BASE_PATH: "{{ secret.storage.key }}/lfs"
GITEA__storage_0x2E_avatars__MINIO_BASE_PATH: "{{ secret.storage.key }}/avatars"
GITEA__storage_0x2E_repo_0X2D_archive___MINIO_BASE_PATH: "{{ secret.storage.key }}/repo-archive"
GITEA__storage_0x2E_repo_0X2D_avatars__MINIO_BASE_PATH: "{{ secret.storage.key }}/repo-avatars"
GITEA__storage_0x2E_packages__MINIO_BASE_PATH: "{{ secret.storage.key }}/packages"
GITEA__storage_0x2E_actions_log__MINIO_BASE_PATH: "{{ secret.storage.key }}/actions_log"
GITEA__storage_0x2E_actions_artifacts__MINIO_BASE_PATH: "{{ secret.storage.key }}/actions_artifacts"
labels:
docker-volume-backup.stop-during-backup: "true"
volumes:
- /root/data:/var/lib/gitea
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- name: Run backup.
community.docker.docker_container:
name: backup
image: offen/docker-volume-backup:v2
state: started
recreate: true
restart_policy: unless-stopped
volumes:
- /root/data:/backup/my-app-backup:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
env:
AWS_S3_BUCKET_NAME: "{{ secret.bucket.name }}"
AWS_S3_PATH: "{{ secret.backup.key }}"
AWS_REGION: "{{ secret.bucket.region }}"
AWS_ACCESS_KEY_ID: "{{ secret.bucket.access_key }}"
AWS_SECRET_ACCESS_KEY: "{{ secret.bucket.secret_key }}"
AWS_ENDPOINT: "{{ secret.bucket.endpoint }}"
BACKUP_CRON_EXPRESSION: "0 0 * * *"
Reference in New Issue View Git Blame Copy Permalink