netz39-infra-ansible/host-tau.yml

---
- hosts: tau.netz39.de
  become: true

  vars:
    ansible_python_interpreter: /usr/bin/python3

    data_dir: "/srv/data"

    docker_registry_port: 5000  # this is the reg standard port
    docker_registry_domain: "docker.netz39.de"

    dokuwiki_domain: "wiki.netz39.de"
    dokuwiki_port: 9005
    # This container is pinned, because there are issues
    # with backwards compatibility within the same tag!
    dokuwiki_image: "bitnami/dokuwiki:20220731@sha256:989ab52cf2d2e0f84166e114ca4ce88f59546b8f6d34958905f8d81c18cbd759"

  roles:
    # role 'docker_setup' applied through group 'docker_host'
    - role: apache
    - role: penguineer.dehydrated_cron

  tasks:
    - name: Setup docker network
      docker_network:
        name: dockernet
        driver: bridge
        ipam_config:
          - subnet: 192.168.0.0/24
            gateway: 192.168.0.1
        state: present

    - name: Setup Dehydrated
      include_role:
        name: ansible-role-dehydrated
      vars:
        dehydrated_contact_email: "{{ server_admin }}"
        dehydrated_domains:
          - name: "testredmine.netz39.de"
            deploy_challenge_hook: "/bin/systemctl restart apache2"
          - name: "mysql.adm.netz39.de"
            deploy_challenge_hook: "/bin/systemctl restart apache2"
          - name: "{{ docker_registry_domain }}"
            deploy_challenge_hook: "/bin/systemctl restart apache2"
          - name: "{{ dokuwiki_domain }}"
            deploy_challenge_hook: "/bin/systemctl restart apache2"

    - name: Setup proxy site testredmine.netz39.de
      include_role:
        name: setup_http_site_proxy
      vars:
        site_name: testredmine.netz39.de
        proxy_port: 9004

    - name: Setup phpmyadmin
      docker_container:
        name: phpmyadmin
        state: started
        image: phpmyadmin:5.0
        networks_cli_compatible: true
        networks:
          - name: dockernet
        restart_policy: always
        env:
          TZ: "{{ timezone }}"
          PMA_HOST: 192.168.0.1
          MYSQL_ROOT_PASSWORD: "{{ mysql_root_pw }}"
          PMA_ABSOLUTE_URI: "https://mysql.adm.netz39.de"
        published_ports:
          - 9001:80

    - name: Setup proxy site mysql.adm.netz39.de
      include_role:
        name: setup_http_site_proxy
      vars:
        site_name: mysql.adm.netz39.de
        proxy_port: 9001


    - name: Check if Docker Registry auth dir exists
      ansible.builtin.stat:
        path: "{{ data_dir }}/registry/auth"
      register: docker_dir
    - name: Fail if docker registry data dir does not exist
      ansible.builtin.fail:
        msg: "Docker Registry auth dir is missing, please restore from the backup!"
      when: not docker_dir.stat.exists
    - name: Ensure the Docker Registry data directory exists
      # This may not be part of the backup
      file:
        path: "{{ data_dir }}/registry/data"
        state: directory
        mode: "0755"

    - name: Setup Docker Registry Container
      docker_container:
        name: registry
        image: "registry:2"
        pull: true
        state: started
        restart_policy: unless-stopped
        detach: yes
        ports:
          - 127.0.0.1:{{ docker_registry_port }}:{{ docker_registry_port }}
        env:
          TZ: "{{ timezone }}"
          REGISTRY_HTTP_HOST: "https://{{ docker_registry_domain }}"
          REGISTRY_AUTH_HTPASSWD_REALM: "Netz39 Docker Registry"
          REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
        volumes:
          - "{{ data_dir }}/registry/data:/var/lib/registry:rw"
          - "{{ data_dir }}/registry/auth:/auth:rw"

    - name: Setup proxy site for the Docker Registry
      include_role:
        name: setup_http_site_proxy
      vars:
        site_name: "{{ docker_registry_domain }}"
        proxy_port: "{{ docker_registry_port }}"


    - name: Check if Dokuwiki data dir exists
      ansible.builtin.stat:
        path: "{{ data_dir }}/dokuwiki"
      register: dokuwiki_dir
    - name: Fail if Dokuwiki data dir does not exist
      ansible.builtin.fail:
        msg: "Dokuwiki data dir is missing, please restore from the backup!"
      when: not dokuwiki_dir.stat.exists

    - name: Set correct user for Dokuwiki data
      ansible.builtin.file:
        path: "{{ data_dir }}/dokuwiki"
        owner: "1001"  # According to container config
        recurse: yes

    - name: Setup Dokuwiki Container
      docker_container:
        name: dokuwiki
        image: "{{ dokuwiki_image }}"
        pull: true
        state: started
        restart_policy: unless-stopped
        detach: yes
        ports:
          - 127.0.0.1:{{ dokuwiki_port }}:{{ 8080 }}
        # env: No env here, because we copy the data
        # and the container will never be created from scratch.
        volumes:
          - "{{ data_dir }}/dokuwiki:/bitnami/dokuwiki:rw"
        env:
          TZ: "{{ timezone }}"

    - name: Setup proxy site for Dokuwiki
      include_role:
        name: setup_http_site_proxy
      vars:
        site_name: "{{ dokuwiki_domain }}"
        proxy_port: "{{ dokuwiki_port }}"


    - name: Setup container for secondary FFMD DNS
      docker_container:
        name: bind9-md-freifunk-net
        image: "ffmd/bind9-md-freifunk-net:2022111601"
        pull: true
        state: started
        restart_policy: unless-stopped
        detach: yes
        ports:
          - "53:53/udp"
        env:
          TZ: "{{ timezone }}"