From 30dd4ff8dc3383bd3ff3ae99fa969ee260d6c7b8 Mon Sep 17 00:00:00 2001 From: Salt Date: Sat, 7 Aug 2021 16:49:24 -0500 Subject: [PATCH] Divide webservices into task files --- playbooks/tasks/app/gulagbot.yml | 12 ++ playbooks/tasks/app/redis.yml | 9 + playbooks/tasks/web/9iron.yml | 11 ++ playbooks/tasks/web/desultd.yml | 10 ++ playbooks/tasks/web/gitea.yml | 22 +++ playbooks/tasks/web/ingress-generic.yml | 18 ++ playbooks/tasks/web/netbox.yml | 23 +++ playbooks/tasks/web/peertube.yml | 23 +++ playbooks/tasks/web/pleroma.yml | 19 +++ playbooks/web.yml | 209 ++++++------------------ 10 files changed, 193 insertions(+), 163 deletions(-) create mode 100644 playbooks/tasks/app/gulagbot.yml create mode 100644 playbooks/tasks/app/redis.yml create mode 100644 playbooks/tasks/web/9iron.yml create mode 100644 playbooks/tasks/web/desultd.yml create mode 100644 playbooks/tasks/web/gitea.yml create mode 100644 playbooks/tasks/web/ingress-generic.yml create mode 100644 playbooks/tasks/web/netbox.yml create mode 100644 playbooks/tasks/web/peertube.yml create mode 100644 playbooks/tasks/web/pleroma.yml diff --git a/playbooks/tasks/app/gulagbot.yml b/playbooks/tasks/app/gulagbot.yml new file mode 100644 index 0000000..b7c387a --- /dev/null +++ b/playbooks/tasks/app/gulagbot.yml @@ -0,0 +1,12 @@ +# vim:ft=ansible: +- name: docker deploy gulagbot + docker_container: + name: gulagbot + image: rehashedsalt/gulagbot:latest + env: + DISCORD_TOKEN: "{{ secret_gulagbot_discord_token }}" + PGHOST: 192.168.164.156 + PGDATABASE: gulagbot-desultd + PGUSER: gulagbot-desultd + PGPASSWORD: "{{ secret_gulagbot_db_pass }}" + tags: [ docker, gulagbot, stalin ] diff --git a/playbooks/tasks/app/redis.yml b/playbooks/tasks/app/redis.yml new file mode 100644 index 0000000..9e95316 --- /dev/null +++ b/playbooks/tasks/app/redis.yml @@ -0,0 +1,9 @@ +# vim:ft=ansible: +- name: docker deploy redis + docker_container: + name: redis + image: redis:6-alpine + networks: + - name: web + aliases: [ "redis" ] + tags: [ docker, redis ] diff --git a/playbooks/tasks/web/9iron.yml b/playbooks/tasks/web/9iron.yml new file mode 100644 index 0000000..d5b979e --- /dev/null +++ b/playbooks/tasks/web/9iron.yml @@ -0,0 +1,11 @@ +# vim:ft=ansible: +- name: docker deploy 9iron + docker_container: + name: 9iron + image: rehashedsalt/9iron:latest + ports: + - 8001:80 + volumes: + - /data/9iron/files:/var/www/html/files + - /data/9iron/packs:/var/www/html/minecraft/packs + tags: [ docker, 9iron ] diff --git a/playbooks/tasks/web/desultd.yml b/playbooks/tasks/web/desultd.yml new file mode 100644 index 0000000..6942c23 --- /dev/null +++ b/playbooks/tasks/web/desultd.yml @@ -0,0 +1,10 @@ +# vim:ft=ansible: +- name: docker deploy desultd + docker_container: + name: desultd + image: rehashedsalt/desultd:latest + ports: + - 8002:80 + volumes: + - /data/9iron/files:/var/www/html/files + tags: [ docker, 9iron ] diff --git a/playbooks/tasks/web/gitea.yml b/playbooks/tasks/web/gitea.yml new file mode 100644 index 0000000..a199253 --- /dev/null +++ b/playbooks/tasks/web/gitea.yml @@ -0,0 +1,22 @@ +# vim:ft=ansible: +- name: docker deploy gitea + docker_container: + name: gitea + image: gitea/gitea:1 + env: + USER_UID: "1002" + USER_GID: "1002" + GITEA__database_DB_TYPE: postgres + GITEA__database_HOST: 192.168.164.156:5432 + GITEA__database_NAME: gitea-desultd + GITEA__database_USER: gitea-desultd + GITEA__database_PASSWD: "{{ secret_gitea_db_pass }}" + ports: + - 3000:3000 + - 127.0.0.1:2222:22 + volumes: + - /data/gitea/data:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + - /var/lib/gitea/.ssh:/data/git/.ssh + tags: [ docker, gitea ] diff --git a/playbooks/tasks/web/ingress-generic.yml b/playbooks/tasks/web/ingress-generic.yml new file mode 100644 index 0000000..c3ab755 --- /dev/null +++ b/playbooks/tasks/web/ingress-generic.yml @@ -0,0 +1,18 @@ +# vim:ft=ansible: +- name: docker deploy nginx proxy + docker_container: + name: ingress + image: jonasal/nginx-certbot:2.2.0 + env: + TZ: "America/Chicago" + CERTBOT_EMAIL: rehashedsalt@cock.li + networks: + - name: web + aliases: [ "ingress" ] + ports: + - "443:443" + - "80:80" + volumes: + - /data/nginx-certbot/letsencrypt:/etc/letsencrypt + - /data/nginx-certbot/user_conf.d:/etc/nginx/user_conf.d:ro + tags: [ docker, ingress ] diff --git a/playbooks/tasks/web/netbox.yml b/playbooks/tasks/web/netbox.yml new file mode 100644 index 0000000..7523f22 --- /dev/null +++ b/playbooks/tasks/web/netbox.yml @@ -0,0 +1,23 @@ +# vim:ft=ansible: +- name: docker deploy netbox + docker_container: + name: netbox + image: netboxcommunity/netbox:latest + env: + SUPERUSER_EMAIL: rehashedsalt@cock.li + SUPERUSER_PASSWORD: "{{ secret_netbox_user_pass }}" + SUPERUSER_API_TOKEN: "{{ secret_netbox_api_token }}" + SECRET_KEY: "{{ secret_netbox_secret_key }}" + ALLOWED_HOST: netbox.desu.ltd + DB_HOST: 192.168.164.156 + DB_NAME: netbox-desultd + DB_USER: netbox-desultd + DB_PASSWORD: "{{ secret_netbox_db_pass }}" + REDIS_HOST: redis + REDIS_PORT: "6379" + networks: + - name: web + aliases: [ "netbox" ] + volumes: + - /data/netbox/config:/config + tags: [ docker, netbox ] diff --git a/playbooks/tasks/web/peertube.yml b/playbooks/tasks/web/peertube.yml new file mode 100644 index 0000000..dc7101f --- /dev/null +++ b/playbooks/tasks/web/peertube.yml @@ -0,0 +1,23 @@ +# vim:ft=ansible: +- name: docker deploy peertube + docker_container: + name: peertube + image: chocobozzz/peertube:production-buster + env: + POSTGRES_DB: peertube_cowfee + PEERTUBE_DB: peertube_cowfee + PEERTUBE_DB_USERNAME: peertube-cowfee + PEERTUBE_DB_PASSWORD: "{{ secret_peertube_db_pass }}" + PEERTUBE_DB_HOSTNAME: 192.168.164.156 + PEERTUBE_ADMIN_EMAIL: rehashedsalt@cock.li + PEERTUBE_WEBSERVER_HOSTNAME: tube.cowfee.moe + PEERTUBE_TRUST_PROXY: '["127.0.0.0/16", "192.168.0.0/16", "172.16.0.0/12", "10.0.0.0/8"]' + networks: + - name: web + aliases: [ "peertube" ] + ports: + - "1935:1935" + volumes: + - /data/peertube/data:/data + - /data/peertube/config:/config + tags: [ docker, peertube ] diff --git a/playbooks/tasks/web/pleroma.yml b/playbooks/tasks/web/pleroma.yml new file mode 100644 index 0000000..12d5723 --- /dev/null +++ b/playbooks/tasks/web/pleroma.yml @@ -0,0 +1,19 @@ +# vim:ft=ansible: +- name: docker deploy pleroma + docker_container: + name: pleroma + image: jordemort/pleroma + env: + TZ: "America/Chicago" + POSTGRES_HOST: 192.168.164.156 + POSTGRES_DB: pleroma_cowfee + POSTGRES_USER: pleroma-cowfee + POSTGRES_PASSWORD: "{{ secret_pleroma_9iron_db_pass }}" + networks: + - name: web + aliases: [ "pleroma" ] + volumes: + - /data/pleroma/etc:/etc/pleroma + - /data/pleroma/static:/var/lib/pleroma/static + - /data/pleroma/uploads:/var/lib/pleroma/uploads + tags: [ docker, pleroma ] diff --git a/playbooks/web.yml b/playbooks/web.yml index 90be458..08a0ca7 100755 --- a/playbooks/web.yml +++ b/playbooks/web.yml @@ -15,60 +15,25 @@ restart_policy: unless-stopped pull: yes tasks: + - name: include tasks for apps + include_tasks: tasks/app/{{ task }} + with_items: + - gulagbot.yml + loop_control: + loop_var: task + tags: [ always ] + - name: include tasks for web services + include_tasks: tasks/web/{{ task }} + with_items: + - 9iron.yml + - desultd.yml + - gitea.yml + loop_control: + loop_var: task + tags: [ always ] - name: configure nextcloud cronjob cron: user=www-data name=nextcloud minute=*/5 job="php -f /var/www/nc.desu.ltd/cron.php" tags: [ nextcloud, cron ] - - name: docker deploy 9iron - docker_container: - name: 9iron - image: rehashedsalt/9iron:latest - ports: - - 8001:80 - volumes: - - /data/9iron/files:/var/www/html/files - - /data/9iron/packs:/var/www/html/minecraft/packs - tags: [ docker, 9iron ] - - name: docker deploy desultd - docker_container: - name: desultd - image: rehashedsalt/desultd:latest - ports: - - 8002:80 - volumes: - - /data/9iron/files:/var/www/html/files - tags: [ docker, 9iron ] - - name: docker deploy gitea - docker_container: - name: gitea - image: gitea/gitea:1 - env: - USER_UID: "1002" - USER_GID: "1002" - GITEA__database_DB_TYPE: postgres - GITEA__database_HOST: 192.168.164.156:5432 - GITEA__database_NAME: gitea-desultd - GITEA__database_USER: gitea-desultd - GITEA__database_PASSWD: "{{ secret_gitea_db_pass }}" - ports: - - 3000:3000 - - 127.0.0.1:2222:22 - volumes: - - /data/gitea/data:/data - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - - /var/lib/gitea/.ssh:/data/git/.ssh - tags: [ docker, gitea ] - - name: docker deploy gulagbot - docker_container: - name: gulagbot - image: rehashedsalt/gulagbot:latest - env: - DISCORD_TOKEN: "{{ secret_gulagbot_discord_token }}" - PGHOST: 192.168.164.156 - PGDATABASE: gulagbot-desultd - PGUSER: gulagbot-desultd - PGPASSWORD: "{{ secret_gulagbot_db_pass }}" - tags: [ docker, gulagbot, stalin ] roles: - role: backup vars: @@ -147,71 +112,22 @@ } } tags: [ docker, ingress ] - - name: docker deploy pleroma - docker_container: - name: pleroma - image: jordemort/pleroma - env: - TZ: "America/Chicago" - POSTGRES_HOST: 192.168.164.156 - POSTGRES_DB: pleroma_cowfee - POSTGRES_USER: pleroma-cowfee - POSTGRES_PASSWORD: "{{ secret_pleroma_9iron_db_pass }}" - networks: - - name: web - aliases: [ "pleroma" ] - volumes: - - /data/pleroma/etc:/etc/pleroma - - /data/pleroma/static:/var/lib/pleroma/static - - /data/pleroma/uploads:/var/lib/pleroma/uploads - tags: [ docker, pleroma ] - - name: docker deploy redis - docker_container: - name: redis - image: redis:6-alpine - networks: - - name: web - aliases: [ "redis" ] - tags: [ docker, redis ] - - name: docker deploy peertube - docker_container: - name: peertube - image: chocobozzz/peertube:production-buster - env: - POSTGRES_DB: peertube_cowfee - PEERTUBE_DB: peertube_cowfee - PEERTUBE_DB_USERNAME: peertube-cowfee - PEERTUBE_DB_PASSWORD: "{{ secret_peertube_db_pass }}" - PEERTUBE_DB_HOSTNAME: 192.168.164.156 - PEERTUBE_ADMIN_EMAIL: rehashedsalt@cock.li - PEERTUBE_WEBSERVER_HOSTNAME: tube.cowfee.moe - PEERTUBE_TRUST_PROXY: '["127.0.0.0/16", "192.168.0.0/16", "172.16.0.0/12", "10.0.0.0/8"]' - networks: - - name: web - aliases: [ "peertube" ] - ports: - - "1935:1935" - volumes: - - /data/peertube/data:/data - - /data/peertube/config:/config - tags: [ docker, peertube ] - - name: docker deploy nginx proxy - docker_container: - name: ingress - image: jonasal/nginx-certbot:2.2.0 - env: - TZ: "America/Chicago" - CERTBOT_EMAIL: rehashedsalt@cock.li - networks: - - name: web - aliases: [ "ingress" ] - ports: - - "443:443" - - "80:80" - volumes: - - /data/nginx-certbot/letsencrypt:/etc/letsencrypt - - /data/nginx-certbot/user_conf.d:/etc/nginx/user_conf.d:ro - tags: [ docker, ingress ] + - name: include tasks for apps + include_tasks: tasks/app/{{ task }} + with_items: + - redis.yml + loop_control: + loop_var: task + tags: [ always ] + - name: include tasks for web services + include_tasks: tasks/web/{{ task }} + with_items: + - peertube.yml + - pleroma.yml + - ingress-generic.yml + loop_control: + loop_var: task + tags: [ always ] roles: - role: backup vars: @@ -254,53 +170,20 @@ } } tags: [ docker, ingress ] - - name: docker deploy redis - docker_container: - name: redis - image: redis:6-alpine - networks: - - name: web - aliases: [ "redis" ] - tags: [ docker, redis ] - - name: docker deploy netbox - docker_container: - name: netbox - image: netboxcommunity/netbox:latest - env: - SUPERUSER_EMAIL: rehashedsalt@cock.li - SUPERUSER_PASSWORD: "{{ secret_netbox_user_pass }}" - SUPERUSER_API_TOKEN: "{{ secret_netbox_api_token }}" - SECRET_KEY: "{{ secret_netbox_secret_key }}" - ALLOWED_HOST: netbox.desu.ltd - DB_HOST: 192.168.164.156 - DB_NAME: netbox-desultd - DB_USER: netbox-desultd - DB_PASSWORD: "{{ secret_netbox_db_pass }}" - REDIS_HOST: redis - REDIS_PORT: "6379" - networks: - - name: web - aliases: [ "netbox" ] - volumes: - - /data/netbox/config:/config - tags: [ docker, netbox ] - - name: docker deploy nginx proxy - docker_container: - name: ingress - image: jonasal/nginx-certbot:2.2.0 - env: - TZ: "America/Chicago" - CERTBOT_EMAIL: rehashedsalt@cock.li - networks: - - name: web - aliases: [ "ingress" ] - ports: - - "443:443" - - "80:80" - volumes: - - /data/nginx-certbot/letsencrypt:/etc/letsencrypt - - /data/nginx-certbot/user_conf.d:/etc/nginx/user_conf.d:ro - tags: [ docker, ingress ] + - name: include tasks for apps + include_tasks: tasks/app/{{ task }} + with_items: + - redis.yml + loop_control: + loop_var: task + tags: [ always ] + - name: include tasks for web services + include_tasks: tasks/web/{{ task }} + with_items: + - netbox.yml + loop_control: + loop_var: task + tags: [ always ] roles: - role: backup vars: