Alexander Dahl
605eca4c38
Removes the redundant words "ansible" and "role" from the role name
originating from the Git repo name, and uses the author's name as
namespace instead. This makes it easier to recognize as external role.
Note: the host-wittgenstein recipe already used that new name, but we
did not set it up in requirements, yet. (How did that ever work?)
Link: https://docs.ansible.com/ansible/latest/galaxy/user_guide.html#installing-multiple-roles-from-a-file
Fixes: f4db6fa395 ("Add Ansible setup for wittgenstein")
198 lines
5.9 KiB
YAML
198 lines
5.9 KiB
YAML
---
|
|
- hosts: tau.netz39.de
|
|
become: true
|
|
|
|
vars:
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
|
|
data_dir: "/srv/data"
|
|
|
|
docker_registry_port: 5000 # this is the reg standard port
|
|
docker_registry_domain: "docker.netz39.de"
|
|
|
|
dokuwiki_domain: "wiki.netz39.de"
|
|
dokuwiki_port: 9005
|
|
# This container is pinned, because there are issues
|
|
# with backwards compatibility within the same tag!
|
|
dokuwiki_image: bitnami/dokuwiki:20240206.1.0
|
|
|
|
discord_invite_domain: discord.netz39.de
|
|
|
|
roles:
|
|
# role 'docker_setup' applied through group 'docker_host'
|
|
- role: apache
|
|
- role: penguineer.dehydrated_cron
|
|
|
|
tasks:
|
|
- name: Setup docker network
|
|
docker_network:
|
|
name: dockernet
|
|
driver: bridge
|
|
ipam_config:
|
|
- subnet: 192.168.0.0/24
|
|
gateway: 192.168.0.1
|
|
state: present
|
|
|
|
- name: Setup Dehydrated
|
|
include_role:
|
|
name: 24367dfa.dehydrated
|
|
vars:
|
|
dehydrated_contact_email: "{{ server_admin }}"
|
|
dehydrated_domains:
|
|
- name: "testredmine.netz39.de"
|
|
deploy_challenge_hook: "/bin/systemctl restart apache2"
|
|
- name: "mysql.adm.netz39.de"
|
|
deploy_challenge_hook: "/bin/systemctl restart apache2"
|
|
- name: "{{ docker_registry_domain }}"
|
|
deploy_challenge_hook: "/bin/systemctl restart apache2"
|
|
- name: "{{ dokuwiki_domain }}"
|
|
deploy_challenge_hook: "/bin/systemctl restart apache2"
|
|
- name: "{{ discord_invite_domain }}"
|
|
deploy_challenge_hook: "/bin/systemctl restart apache2"
|
|
|
|
- name: Setup proxy site testredmine.netz39.de
|
|
include_role:
|
|
name: setup_http_site_proxy
|
|
vars:
|
|
site_name: testredmine.netz39.de
|
|
proxy_port: 9004
|
|
|
|
- name: Setup phpmyadmin
|
|
docker_container:
|
|
name: phpmyadmin
|
|
state: started
|
|
image: phpmyadmin:5.2
|
|
networks_cli_compatible: true
|
|
networks:
|
|
- name: dockernet
|
|
restart_policy: always
|
|
env:
|
|
TZ: "{{ timezone }}"
|
|
PMA_HOST: 192.168.0.1
|
|
MYSQL_ROOT_PASSWORD: "{{ mysql_root_pw }}"
|
|
PMA_ABSOLUTE_URI: "https://mysql.adm.netz39.de"
|
|
published_ports:
|
|
- 9001:80
|
|
|
|
- name: Setup proxy site mysql.adm.netz39.de
|
|
include_role:
|
|
name: setup_http_site_proxy
|
|
vars:
|
|
site_name: mysql.adm.netz39.de
|
|
proxy_port: 9001
|
|
|
|
|
|
- name: Check if Docker Registry auth dir exists
|
|
ansible.builtin.stat:
|
|
path: "{{ data_dir }}/registry/auth"
|
|
register: docker_dir
|
|
- name: Fail if docker registry data dir does not exist
|
|
ansible.builtin.fail:
|
|
msg: "Docker Registry auth dir is missing, please restore from the backup!"
|
|
when: not docker_dir.stat.exists
|
|
- name: Ensure the Docker Registry data directory exists
|
|
# This may not be part of the backup
|
|
file:
|
|
path: "{{ data_dir }}/registry/data"
|
|
state: directory
|
|
mode: "0755"
|
|
|
|
- name: Setup Docker Registry Container
|
|
docker_container:
|
|
name: registry
|
|
image: registry:2
|
|
pull: true
|
|
state: started
|
|
restart_policy: unless-stopped
|
|
detach: yes
|
|
ports:
|
|
- 127.0.0.1:{{ docker_registry_port }}:{{ docker_registry_port }}
|
|
env:
|
|
TZ: "{{ timezone }}"
|
|
REGISTRY_HTTP_HOST: "https://{{ docker_registry_domain }}"
|
|
REGISTRY_AUTH_HTPASSWD_REALM: "Netz39 Docker Registry"
|
|
REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
|
|
volumes:
|
|
- "{{ data_dir }}/registry/data:/var/lib/registry:rw"
|
|
- "{{ data_dir }}/registry/auth:/auth:rw"
|
|
|
|
- name: Setup proxy site for the Docker Registry
|
|
include_role:
|
|
name: setup_http_site_proxy
|
|
vars:
|
|
site_name: "{{ docker_registry_domain }}"
|
|
proxy_port: "{{ docker_registry_port }}"
|
|
|
|
|
|
- name: Check if Dokuwiki data dir exists
|
|
ansible.builtin.stat:
|
|
path: "{{ data_dir }}/dokuwiki"
|
|
register: dokuwiki_dir
|
|
tags:
|
|
- dokuwiki
|
|
- name: Fail if Dokuwiki data dir does not exist
|
|
ansible.builtin.fail:
|
|
msg: "Dokuwiki data dir is missing, please restore from the backup!"
|
|
when: not dokuwiki_dir.stat.exists
|
|
tags:
|
|
- dokuwiki
|
|
|
|
- name: Set correct user for Dokuwiki data
|
|
ansible.builtin.file:
|
|
path: "{{ data_dir }}/dokuwiki"
|
|
owner: "1001" # According to container config
|
|
recurse: yes
|
|
tags:
|
|
- dokuwiki
|
|
|
|
- name: Setup Dokuwiki Container
|
|
docker_container:
|
|
name: dokuwiki
|
|
image: "{{ dokuwiki_image }}"
|
|
pull: true
|
|
state: started
|
|
restart_policy: unless-stopped
|
|
detach: yes
|
|
ports:
|
|
- 127.0.0.1:{{ dokuwiki_port }}:{{ 8080 }}
|
|
# env: No env here, because we copy the data
|
|
# and the container will never be created from scratch.
|
|
volumes:
|
|
- "{{ data_dir }}/dokuwiki:/bitnami/dokuwiki:rw"
|
|
env:
|
|
TZ: "{{ timezone }}"
|
|
tags:
|
|
- dokuwiki
|
|
|
|
- name: Setup proxy site for Dokuwiki
|
|
include_role:
|
|
name: setup_http_site_proxy
|
|
vars:
|
|
site_name: "{{ dokuwiki_domain }}"
|
|
proxy_port: "{{ dokuwiki_port }}"
|
|
tags:
|
|
- dokuwiki
|
|
|
|
|
|
- name: Setup container for secondary FFMD DNS
|
|
docker_container:
|
|
name: bind9-md-freifunk-net
|
|
image: ffmd/bind9-md-freifunk-net:v2022122301
|
|
pull: true
|
|
state: started
|
|
restart_policy: unless-stopped
|
|
detach: yes
|
|
ports:
|
|
- "53:53/udp"
|
|
env:
|
|
TZ: "{{ timezone }}"
|
|
tags:
|
|
- ffmd-dns
|
|
|
|
- name: Setup forwarding for Discord invite
|
|
include_role:
|
|
name: setup-http-site-forward
|
|
vars:
|
|
site_name: "{{ discord_invite_domain }}"
|
|
# forward_to: "https://discord.com/invite/8FcDvAf"
|
|
forward_to: "https://sl.n39.eu/discord"
|