Paul Brinkmeier
b4f6538ffe
All checks were successful
continuous-integration/drone/push Build is passing
114 lines
3.3 KiB
YAML
114 lines
3.3 KiB
YAML
---
|
|
- name: Update Docker configuration on shamash
|
|
hosts: misc
|
|
tasks:
|
|
- name: Add users for running containers
|
|
become: true
|
|
ansible.builtin.user:
|
|
name: "{{ item.name }}"
|
|
uid: "{{ item.uid }}"
|
|
create_home: false
|
|
state: present
|
|
loop:
|
|
- name: jupyter
|
|
uid: 42000
|
|
state: present
|
|
- name: gitea
|
|
uid: 42001
|
|
state: present
|
|
- name: factorio
|
|
uid: 845
|
|
state: present
|
|
- name: hackmd
|
|
uid: 1500
|
|
state: present
|
|
- name: hedgedoc
|
|
uid: 10000
|
|
state: present
|
|
# All services that are behind Caddy need to be in this network
|
|
- name: Create Caddy network
|
|
become: true
|
|
docker_network:
|
|
name: caddy-network
|
|
state: present
|
|
- name: Upload docker configuration
|
|
become: true
|
|
ansible.builtin.copy:
|
|
src: ../../docker
|
|
dest: /etc/pbri
|
|
# Files should inaccessible to non-root users.
|
|
mode: u=rw,g=,o=
|
|
# Directories should be listable
|
|
directory_mode: u=rwx,g=rx,o=rx
|
|
- name: Create directory for docker volumes
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: /var/lib/pbri/docker
|
|
state: directory
|
|
# Hide contents from non-root users
|
|
mode: u=rwx,g=,o=
|
|
- name: Create jupyter folders
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: "/var/lib/pbri/docker/{{ item.name }}"
|
|
owner: "{{ item.user }}"
|
|
group: "{{ item.user }}"
|
|
state: directory
|
|
mode: u=rwx,g=,o=
|
|
loop:
|
|
- name: jupyter_data
|
|
user: jupyter
|
|
- name: jupyter_notebooks
|
|
user: jupyter
|
|
- name: Create Factorio data folder
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: /var/lib/pbri/docker/factorio
|
|
state: directory
|
|
owner: factorio
|
|
group: factorio
|
|
mode: u=rwx,g=,o=
|
|
# Since some docker-compose configuration might want to pull
|
|
# images from the Gitea package repository, we need to ensure
|
|
# that Gitea is reachable before those configurations are deployed.
|
|
- name: Set up caddy and gitea containers
|
|
become: true
|
|
docker_compose:
|
|
project_src: "/etc/pbri/docker/{{ item.name }}"
|
|
state: "{{ item.state }}"
|
|
build: true
|
|
debug: true
|
|
loop:
|
|
- name: caddy
|
|
state: present
|
|
- name: gitea
|
|
state: present
|
|
# Before deploying the remaining configs below, we check that
|
|
# Gitea is reachable at git.pbrinkmeier.de
|
|
- name: Wait for gitea to be reachable
|
|
ansible.builtin.uri:
|
|
method: GET
|
|
url: https://git.pbrinkmeier.de/api/v1/version
|
|
register: gitea_version_response
|
|
until: gitea_version_response.status == 200
|
|
retries: 10
|
|
delay: 5 # Retry every 5 seconds
|
|
- name: Set up other containers
|
|
become: true
|
|
docker_compose:
|
|
project_src: "/etc/pbri/docker/{{ item.name }}"
|
|
state: "{{ item.state }}"
|
|
build: true
|
|
debug: true
|
|
loop:
|
|
- name: drone
|
|
state: present
|
|
- name: codi
|
|
state: present
|
|
- name: factorio
|
|
state: absent
|
|
- name: jupyter
|
|
state: present
|
|
- name: glebby
|
|
state: present
|