JensWH/netz39-infra-ansible
1
0
Fork 0
forked from Netz39_Admin/netz39-infra-ansible
Code Pull requests Activity
netz39-infra-ansible/pottwal.yml
Alexander Dahl fdc923263f 🍻 pottwal: jabber/prosody: Add deploy cert hook 
Hook works outside of ansible in personal prosody instance. Hope I
understood the template correctly, docs of dehydrated role are quite
sparse on that.

The dehydrated cert path variable is only available since recent change
c4af7754b2 (" Use variables to configure dehydrated
locations").

Link: https://prosody.im/doc/certificates
2022-10-06 20:46:24 +02:00

244 lines
7.2 KiB
YAML
Raw Blame History

---
- hosts: pottwal.n39.eu
become: true
vars:
ansible_python_interpreter: /usr/bin/python3
data_dir: "/srv/data"
gitea_host_port: 9091
shlink_host_port: 8083
shlink_domain_name: sl.n39.eu
prosody_data: "{{ data_dir }}/prosody"
jabber_host_port: 8086
hedgedoc_host_port: 8084
hedgedoc_image: quay.io/hedgedoc/hedgedoc:1.9.3
roles:
- role: docker_setup
vars:
docker_data_root: "/srv/docker"
- role: apache
- role: apache-letsencrypt # Uses configuration from dehydrated setup
- role: ansible-role-dehydrated
vars:
dehydrated_contact_email: "{{ server_admin }}"
dehydrated_domains:
- name: gitea.n39.eu
- name: uritools.n39.eu
- name: uritools-api.n39.eu
- name: sl.n39.eu
- name: pad.n39.eu
- name: jabber.n39.eu
deploy_cert_hook: "docker exec prosody prosodyctl --root cert import ${DOMAIN} /var/lib/dehydrated/certs"
- role: penguineer.dehydrated_cron
- role: dd24-dyndns-cron
# variables are set in the inventory
- role: cleanuri
vars:
cleanuri_ui_domain: uritools.n39.eu
cleanuri_ui_host_port: 8090
cleanuri_api_domain: uritools-api.n39.eu
cleanuri_api_host_port: 8091
# RabbitMQ setup can be found in the inventory
tasks:
- name: Check if gitea data dir exists
ansible.builtin.stat:
path: "{{ data_dir }}/gitea"
register: gitea_dir
- name: Fail if gitea data dir does not exist
ansible.builtin.fail:
msg: "Gitea data dir is missing, please restore from the backup!"
when: not gitea_dir.stat.exists
# If port 2222 is changed here, it must also be adapted
# in the gitea config file (see application volume)!!
- name: Setup the docker container for gitea
docker_container:
name: gitea
image: "gitea/gitea:1.16.8"
pull: true
state: started
restart_policy: unless-stopped
detach: yes
ports:
- 127.0.0.1:{{ gitea_host_port }}:3000
- 2222:2222
env:
APP_NAME="Netz39 Gitea"
RUN_MODE="prod"
SSH_DOMAIN="gitea.n39.eu"
SSH_PORT="2222"
SSH_START_SERVER="false"
ROOT_URL="https://gitea.n39.eu"
DISABLE_REGISTRATION="true"
USER_UID=1000
USER_GID=1000
volumes:
- "{{ data_dir }}/gitea:/data:rw"
- name: Setup proxy site gitea.n39.eu
include_role:
name: setup-http-site-proxy
vars:
site_name: "gitea.n39.eu"
proxy_port: "{{ gitea_host_port }}"
- name: Ensure apt-cacher container is running
docker_container:
name: apt_cacher_ng
image: "mrtux/apt-cacher-ng"
pull: true
state: started
restart_policy: unless-stopped
detach: yes
ports:
- 3142:3142
- name: Ensure container for shlink is running
docker_container:
name: shlink
image: shlinkio/shlink:2.6.2
pull: true
state: started
detach: yes
ports:
- "127.0.0.1:{{ shlink_host_port }}:8080"
restart_policy: unless-stopped
env:
SHORT_DOMAIN_HOST: "{{ shlink_domain_name }}"
SHORT_DOMAIN_SCHEMA: https
GEOLITE_LICENSE_KEY: "{{ shlink_geolite_license_key }}"
- name: Setup proxy site {{ shlink_domain_name }}
include_role:
name: setup-http-site-proxy
vars:
site_name: "{{ shlink_domain_name }}"
proxy_port: "{{ shlink_host_port }}"
- name: Ensure container for prosody XMPP server is running
docker_container:
name: prosody
image: netz39/prosody:0.11
pull: true
state: started
detach: true
restart_policy: unless-stopped
ports:
# container offers more ports, depends on actual prosody configuration
- 5222:5222 # xmpp-client
- 5269:5269 # xmpp-server
volumes:
- "{{ prosody_data }}/etc/prosody:/etc/prosody:rw"
- "{{ prosody_data }}/var/lib/prosody:/var/lib/prosody:rw"
- "{{ prosody_data }}/var/log/prosody:/var/log/prosody:rw"
- "{{ dehydrated_certs_dir }}/jabber.n39.eu:/var/lib/dehydrated/certs/jabber.n39.eu:ro"
- name: Ensure container for static XMPP website is running
docker_container:
name: jabber-static-website
image: joseluisq/static-web-server:latest
pull: true
state: started
detach: true
restart_policy: unless-stopped
env:
SERVER_HOST=127.0.0.1
SERVER_PORT=80
SERVER_ROOT=/public
ports:
- "127.0.0.1:{{ jabber_host_port }}:80"
volumes:
- "{{ prosody_data }}/var/www:/public:ro"
- name: Setup proxy site jabber.n39.eu
# point to static website for now
include_role:
name: setup-http-site-proxy
vars:
site_name: "jabber.n39.eu"
proxy_port: "{{ jabber_host_port }}"
- name: Check if hedgedoc data dir exists
ansible.builtin.stat:
path: "{{ data_dir }}/hedgedoc"
register: hedgedoc_dir
- name: Fail if hedgedoc data dir does not exist
ansible.builtin.fail:
msg: "hedgedoc data dir is missing, please restore from the backup!"
when: not hedgedoc_dir.stat.exists
- name: Ensure the hedgedoc directories exist
file:
path: "{{ item }}"
state: directory
with_items:
- "{{ data_dir }}/hedgedoc/data/database"
- "{{ data_dir }}/hedgedoc/data/uploads"
- name: Setup docker network
docker_network:
name: hedgedocnet
state: present
internal: true
- name: Install HedgeDoc database container
docker_container:
name: hedgedocdb
image: "postgres:11.6-alpine"
pull: true
state: started
restart_policy: unless-stopped
detach: yes
env:
POSTGRES_USER: "hedgedoc"
POSTGRES_PASSWORD: "{{ hedgedoc_postgres_password }}"
POSTGRES_DB: "hedgedoc"
volumes:
- "{{ data_dir }}/hedgedoc/data/database:/var/lib/postgresql/data"
networks:
- name: hedgedocnet
- name: Ensure container for hedgedoc is running
docker_container:
name: hedgedoc
image: "{{ hedgedoc_image }}"
pull: true
state: started
detach: yes
ports:
- "127.0.0.1:{{ hedgedoc_host_port }}:3000"
restart_policy: unless-stopped
env:
NODE_ENV: "production"
CMD_PROTOCOL_USESSL: "true"
CMD_DOMAIN: "pad.n39.eu"
CMD_URL_ADDPORT: "false"
CMD_DB_HOST: "hedgedocdb"
CMD_DB_PORT: "5432"
CMD_DB_DIALECT: "postgres"
CMD_DB_DATABASE: "hedgedoc"
CMD_DB_USERNAME: "hedgedoc"
CMD_DB_PASSWORD: "{{ hedgedoc_postgres_password }}"
volumes:
- "{{ data_dir }}/hedgedoc/data/uploads:/hedgedoc/public/uploads"
networks:
- name: hedgedocnet
- name: Setup proxy site pad.n39.eu
include_role:
name: setup-http-site-proxy
vars:
site_name: pad.n39.eu
proxy_port: "{{ hedgedoc_host_port }}"
handlers:
View git blame Copy permalink