68 lines
2.0 KiB
YAML
68 lines
2.0 KiB
YAML
---
|
|
- name: Update Docker configuration
|
|
hosts: nanna
|
|
tasks:
|
|
- name: Add users for running containers
|
|
become: true
|
|
ansible.builtin.user:
|
|
name: "{{ item.name }}"
|
|
uid: "{{ item.uid }}"
|
|
state: "{{ item.state }}"
|
|
create_home: false
|
|
system: true
|
|
loop:
|
|
- name: gitea
|
|
uid: 42001
|
|
state: present
|
|
- name: caddy
|
|
uid: 42002
|
|
state: present
|
|
- name: Create Caddy network
|
|
become: true
|
|
community.docker.docker_network:
|
|
name: caddy-network
|
|
state: present
|
|
- name: Upload docker configuration
|
|
become: true
|
|
ansible.builtin.copy:
|
|
src: ../../docker/docker
|
|
dest: /etc/pbri
|
|
# Files should inaccessible to non-root users.
|
|
mode: u=rw,g=,o=
|
|
# Directories should be listable
|
|
directory_mode: u=rwx,g=rx,o=rx
|
|
- name: Create directory for docker volumes
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: /var/lib/pbri/docker
|
|
state: directory
|
|
# Hide contents from non-root users
|
|
mode: u=rwx,g=,o=
|
|
- name: Upload and decrypt docker environment vars
|
|
become: true
|
|
ansible.builtin.copy:
|
|
src: "../../docker/envs/{{ item.name }}/.env"
|
|
dest: /etc/pbri/docker/{{ item.name }}/.env
|
|
# Files should inaccessible to non-root users.
|
|
mode: u=rw,g=,o=
|
|
# This is true by default but I put it here anyways
|
|
# to emphasize what's happening
|
|
decrypt: true
|
|
# Not quite happy with all the seperate loops yet.
|
|
loop:
|
|
- name: gitea
|
|
state: present
|
|
- name: Create volume directories with correct permissions
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: "/var/lib/pbri/docker/{{ item.name }}"
|
|
owner: "{{ item.user }}"
|
|
group: "{{ item.user }}"
|
|
state: directory
|
|
mode: u=rwx,g=,o=
|
|
loop:
|
|
- name: caddy_config
|
|
user: caddy
|
|
- name: caddy_data
|
|
user: caddy
|