git/playbooks/fast-deploy.yml

- name: Deploy artifact to instance.
  hosts: localhost
  become: true
  gather_facts: false
  vars_files:
    - ../config/ansible.secret.json
    - ../config/infrastructure.secret.tf.json
  vars:
    ansible_connection: aws_ssm
    ansible_python_interpreter: /usr/bin/python3
    ansible_aws_ssm_plugin: "{{ ssm_plugin }}"
    ansible_aws_ssm_bucket_name: "{{ image_bucket }}"
    ansible_aws_ssm_instance_id: "{{ instance_id.value }}"

    ansible_aws_ssm_region: "{{ aws_region }}"
    ansible_aws_ssm_access_key_id: "{{ aws_access_key }}"
    ansible_aws_ssm_secret_access_key: "{{ aws_secret_key }}"
  tasks:
    - name: Run image.
      community.docker.docker_container:
        name: server
        image: "{{ full_domain.value }}/{{ image_name }}:latest"
        state: started
        recreate: true
        restart_policy: unless-stopped
        memory: 425m
        memory_swap: 900m
        ports: [80:80, 2222:2222, 443:443, "22:22"]
        env:
          GITEA__security__INTERNAL_TOKEN: "{{ internal_secret }}"
          GITEA__server__LFS_JWT_SECRET: "{{ lfs_secret }}"
          GITEA__oauth2__JWT_SECRET: "{{ jwt_secret }}"
          GITEA__server__ACME_EMAIL: "{{ email }}"
          GITEA__server__SSH_DOMAIN: "{{ full_domain.value }}"
          GITEA__server__DOMAIN: "{{ full_domain.value }}"
          GITEA__server__ROOT_URL: "https://{{ full_domain.value }}/"
        labels:
          docker-volume-backup.stop-during-backup: "true"
        volumes:
          - /home/ssm-user/data:/var/lib/gitea
          - /etc/timezone:/etc/timezone:ro
          - /etc/localtime:/etc/localtime:ro

    - name: Run backup.
      community.docker.docker_container:
        name: backup
        image: offen/docker-volume-backup:v2
        state: started
        recreate: true
        restart_policy: unless-stopped
        volumes:
          - /home/ssm-user/data:/backup/my-app-backup:ro
          - /var/run/docker.sock:/var/run/docker.sock:ro
        env:
          AWS_S3_BUCKET_NAME: "{{ boot_bucket }}"
          AWS_S3_PATH: "{{ boot_key }}"
          AWS_REGION: "{{ boot_region.value }}"
          AWS_ACCESS_KEY_ID: "{{ boot_id.value }}"
          AWS_SECRET_ACCESS_KEY: "{{ boot_secret.value }}"
          BACKUP_CRON_EXPRESSION: "0 0 * * *"