--- - name: Update Docker configuration on shamash hosts: misc tasks: - name: Add users for running containers become: true ansible.builtin.user: name: "{{ item.name }}" uid: "{{ item.uid }}" state: "{{ item.state }}" create_home: false system: true loop: - name: jupyter uid: 42000 state: present - name: gitea uid: 42001 state: present - name: score uid: 42003 state: present - name: factorio uid: 845 state: present - name: hackmd uid: 1500 state: present - name: hedgedoc uid: 10000 state: absent - name: bsa uid: 42002 state: absent # All services that are behind Caddy need to be in this network - name: Create Caddy network become: true community.docker.docker_network: name: caddy-network state: present - name: Upload docker configuration become: true ansible.builtin.copy: src: ../../docker/docker dest: /etc/pbri # Files should inaccessible to non-root users. mode: u=rw,g=,o= # Directories should be listable directory_mode: u=rwx,g=rx,o=rx - name: Upload and decrypt docker environment vars become: true ansible.builtin.copy: src: "../../docker/envs/{{ item.name }}/.env" dest: /etc/pbri/docker/{{ item.name }}/.env # Files should inaccessible to non-root users. mode: u=rw,g=,o= # This is true by default but I put it here anyways # to emphasize what's happening decrypt: true # Not quite happy with all the seperate loops yet. loop: - name: codi state: present - name: drone state: present - name: factorio state: present - name: gitea state: present - name: Create directory for docker volumes become: true ansible.builtin.file: path: /var/lib/pbri/docker state: directory # Hide contents from non-root users mode: u=rwx,g=,o= - name: Create jupyter folders become: true ansible.builtin.file: path: "/var/lib/pbri/docker/{{ item.name }}" owner: "{{ item.user }}" group: "{{ item.user }}" state: directory mode: u=rwx,g=,o= loop: - name: jupyter_data user: jupyter - name: jupyter_notebooks user: jupyter - name: Create Factorio data folder become: true ansible.builtin.file: path: /var/lib/pbri/docker/factorio state: directory owner: factorio group: factorio mode: u=rwx,g=,o= - name: Create score data folder become: true ansible.builtin.file: path: /var/lib/pbri/docker/score state: directory owner: score group: score mode: u=rwx,g=,o= # Since some docker-compose configuration might want to pull # images from the Gitea package repository, we need to ensure # that Gitea is reachable before those configurations are deployed. - name: Set up caddy and gitea containers become: true community.docker.docker_compose: project_src: "/etc/pbri/docker/{{ item.name }}" state: "{{ item.state }}" build: true debug: true loop: - name: caddy state: present - name: gitea state: present # Before deploying the remaining configs below, we check that # Gitea is reachable at git.pbrinkmeier.de - name: Wait for gitea to be reachable check_mode: false ansible.builtin.uri: method: GET url: https://git.pbrinkmeier.de/api/v1/version register: gitea_version_response until: gitea_version_response.status == 200 retries: 10 delay: 5 # Retry every 5 seconds - name: Set up other containers become: true community.docker.docker_compose: project_src: "/etc/pbri/docker/{{ item.name }}" state: "{{ item.state }}" build: true pull: true debug: true loop: - name: drone state: present - name: codi state: present - name: jupyter state: present - name: utoy state: present - name: score state: present # Keep these to ensure they're down - name: factorio state: absent - name: glebby state: absent