paul/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Further nanna stuff: Update docker setup & gitea runner

Browse Source
This commit is contained in:
Paul Brinkmeier 2025-01-24 19:31:05 +01:00
parent 41a5970c4b
commit b8d4ff9d97
9 changed files with 98 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
ansible/playbooks/nanna-docker.yaml Normal file
View File

@ -0,0 +1,67 @@
---
- name: Update Docker configuration
hosts: nanna
tasks:
- name: Add users for running containers
become: true
ansible.builtin.user:
name: "{{ item.name }}"
uid: "{{ item.uid }}"
state: "{{ item.state }}"
create_home: false
system: true
loop:
- name: gitea
uid: 42001
state: present
- name: caddy
uid: 42002
state: present
- name: Create Caddy network
become: true
community.docker.docker_network:
name: caddy-network
state: present
- name: Upload docker configuration
become: true
ansible.builtin.copy:
src: ../../docker/docker
dest: /etc/pbri
# Files should inaccessible to non-root users.
mode: u=rw,g=,o=
# Directories should be listable
directory_mode: u=rwx,g=rx,o=rx
- name: Create directory for docker volumes
become: true
ansible.builtin.file:
path: /var/lib/pbri/docker
state: directory
# Hide contents from non-root users
mode: u=rwx,g=,o=
- name: Upload and decrypt docker environment vars
become: true
ansible.builtin.copy:
src: "../../docker/envs/{{ item.name }}/.env"
dest: /etc/pbri/docker/{{ item.name }}/.env
# Files should inaccessible to non-root users.
mode: u=rw,g=,o=
# This is true by default but I put it here anyways
# to emphasize what's happening
decrypt: true
# Not quite happy with all the seperate loops yet.
loop:
- name: gitea
state: present
- name: Create volume directories with correct permissions
become: true
ansible.builtin.file:
path: "/var/lib/pbri/docker/{{ item.name }}"
owner: "{{ item.user }}"
group: "{{ item.user }}"
state: directory
mode: u=rwx,g=,o=
loop:
- name: caddy_config
user: caddy
- name: caddy_data
user: caddy

3
ansible/playbooks/nanna-setup.yaml
View File

@ -17,6 +17,9 @@
validate: /usr/sbin/sshd -T -f %s validate: /usr/sbin/sshd -T -f %s
notify: notify:
- Restart sshd - Restart sshd
- name: Install and set up Docker and docker-compose
ansible.builtin.include_role:
name: docker
handlers: handlers:
- name: Restart sshd - name: Restart sshd

18
ansible/playbooks/nanna-sites.yaml Normal file
View File

@ -0,0 +1,18 @@
---
- name: Check out static sites hosted on nanna
hosts: nanna
tasks:
- name: Check out static sites
ansible.builtin.include_role:
name: checkout_static_sites
vars:
checkout_static_sites_config:
checkouts:
- path: /home/paul/Sites/pbrinkmeier.de
url: https://git.pbrinkmeier.de/paul/pbrinkmeier.de
commit: bab3208e61972851a5e609930a05e0d4322f8a06
owner: paul
- path: /home/paul/Sites/tichy.click
url: https://github.com/pbrinkmeier/tichy-clicker
commit: 7dfb14183c765e3661fda84a7e89c2f73ca86f26
owner: paul

4
ansible/roles/docker/defaults/main.yaml Normal file
View File

@ -0,0 +1,4 @@
---
docker_apt_arch: "amd64"
docker_ubuntu_release: "{{ ansible_distribution_release }}"

7
ansible/roles/docker/tasks/main.yaml
View File

@ -25,12 +25,6 @@
stdin: "{{ docker_gpg_key.content }}" stdin: "{{ docker_gpg_key.content }}"
creates: /usr/share/keyrings/docker-archive-keyring.gpg creates: /usr/share/keyrings/docker-archive-keyring.gpg
- name: Retrieve dpkg architecture
check_mode: false
ansible.builtin.command: dpkg --print-architecture
register: docker_dpkg_architecture
changed_when: false
- name: Add Docker apt repository - name: Add Docker apt repository
become: true become: true
ansible.builtin.template: ansible.builtin.template:
@ -48,3 +42,4 @@
- docker-ce - docker-ce
- docker-ce-cli - docker-ce-cli
- containerd.io - containerd.io
- docker-compose-plugin

2
ansible/roles/docker/templates/docker.list.j2
View File

@ -1 +1 @@
deb [arch={{ docker_dpkg_architecture.stdout }} signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable deb [arch={{ docker_apt_arch }} signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu {{ docker_ubuntu_release }} stable

1
docker/docker/caddy/docker-compose.yaml
View File

@ -6,6 +6,7 @@ services:
ports: ports:
- "80:80" - "80:80"
- "443:443" - "443:443"
user: "42002"
volumes: volumes:
- /var/lib/pbri/docker/caddy_data:/data - /var/lib/pbri/docker/caddy_data:/data
- /var/lib/pbri/docker/caddy_config:/config - /var/lib/pbri/docker/caddy_config:/config

2
docker/docker/gitea/Dockerfile
View File

@ -1,3 +1,3 @@
FROM gitea/act_runner:0.2.10 FROM gitea/act_runner:0.2.11
COPY runner-config.yaml /opt/runner-config.yaml COPY runner-config.yaml /opt/runner-config.yaml

3
docker/docker/gitea/docker-compose.yaml
View File

@ -64,7 +64,8 @@ services:
- /var/lib/pbri/docker/gitea_db:/var/lib/postgresql/data - /var/lib/pbri/docker/gitea_db:/var/lib/postgresql/data
gitea_runner: gitea_runner:
image: pbrinkmeier/act_runner:0.2.10 # Make sure to keep this in sync with the version in the Dockerfile
image: pbrinkmeier/act_runner:0.2.11
build: . build: .
restart: unless-stopped restart: unless-stopped
environment: environment: