---
- name: Update Docker configuration on shamash
hosts: misc
tasks:
- name: Add users for running containers
become: true
ansible.builtin.user:
name: "{{ item.name }}"
uid: "{{ item.uid }}"
state: "{{ item.state }}"
create_home: false
system: true
loop:
- name: jupyter
uid: 42000
state: present
- name: gitea
uid: 42001
state: present
- name: score
uid: 42003
state: present
- name: factorio
uid: 845
state: present
- name: hackmd
uid: 1500
state: present
- name: hedgedoc
uid: 10000
state: absent
- name: bsa
uid: 42002
state: absent
# All services that are behind Caddy need to be in this network
- name: Create Caddy network
become: true
community.docker.docker_network:
name: caddy-network
state: present
- name: Upload docker configuration
become: true
ansible.builtin.copy:
src: ../../docker/docker
dest: /etc/pbri
# Files should inaccessible to non-root users.
mode: u=rw,g=,o=
# Directories should be listable
directory_mode: u=rwx,g=rx,o=rx
- name: Upload and decrypt docker environment vars
become: true
ansible.builtin.copy:
src: "../../docker/envs/{{ item.name }}/.env"
dest: /etc/pbri/docker/{{ item.name }}/.env
# Files should inaccessible to non-root users.
mode: u=rw,g=,o=
# This is true by default but I put it here anyways
# to emphasize what's happening
decrypt: true
# Not quite happy with all the seperate loops yet.
loop:
- name: codi
state: present
- name: drone
state: present
- name: factorio
state: present
- name: gitea
state: present
- name: Create directory for docker volumes
become: true
ansible.builtin.file:
path: /var/lib/pbri/docker
state: directory
# Hide contents from non-root users
mode: u=rwx,g=,o=
- name: Create jupyter folders
become: true
ansible.builtin.file:
path: "/var/lib/pbri/docker/{{ item.name }}"
owner: "{{ item.user }}"
group: "{{ item.user }}"
state: directory
mode: u=rwx,g=,o=
loop:
- name: jupyter_data
user: jupyter
- name: jupyter_notebooks
user: jupyter
- name: Create Factorio data folder
become: true
ansible.builtin.file:
path: /var/lib/pbri/docker/factorio
state: directory
owner: factorio
group: factorio
mode: u=rwx,g=,o=
- name: Create score data folder
become: true
ansible.builtin.file:
path: /var/lib/pbri/docker/score
state: directory
owner: score
group: score
mode: u=rwx,g=,o=
# Since some docker-compose configuration might want to pull
# images from the Gitea package repository, we need to ensure
# that Gitea is reachable before those configurations are deployed.
- name: Set up caddy and gitea containers
become: true
community.docker.docker_compose:
project_src: "/etc/pbri/docker/{{ item.name }}"
state: "{{ item.state }}"
build: true
debug: true
loop:
- name: caddy
state: present
- name: gitea
state: present
# Before deploying the remaining configs below, we check that
# Gitea is reachable at git.pbrinkmeier.de
- name: Wait for gitea to be reachable
check_mode: false
ansible.builtin.uri:
method: GET
url: https://git.pbrinkmeier.de/api/v1/version
register: gitea_version_response
until: gitea_version_response.status == 200
retries: 10
delay: 5 # Retry every 5 seconds
- name: Set up other containers
become: true
community.docker.docker_compose:
project_src: "/etc/pbri/docker/{{ item.name }}"
state: "{{ item.state }}"
build: true
debug: true
loop:
- name: drone
state: present
- name: codi
state: present
- name: jupyter
state: present
- name: utoy
state: present
- name: score
state: present
- name: factorio
state: absent
- name: glebby
state: absent