diff --git a/_ansible/README.md b/_ansible/README.md new file mode 100644 index 0000000..315c812 --- /dev/null +++ b/_ansible/README.md @@ -0,0 +1,13 @@ +# Ansible project to deploy services + +## Variables + +### CLI variable overwrites + +#### force_gitea_runner_registration +`-e force_gitea_runner_registration=True` +Force gitea-runner to prompt a new registration token. + +#### docker_update +`-e docker_update=True` +Pull and build the docker compose services diff --git a/_ansible/inventory/group_vars/all/main.yml b/_ansible/inventory/group_vars/all/main.yml index 794f3c7..8b84ce9 100644 --- a/_ansible/inventory/group_vars/all/main.yml +++ b/_ansible/inventory/group_vars/all/main.yml @@ -11,3 +11,4 @@ mailer: services_path: /opt/services/ caddy_config_path: "{{ (services_path, 'caddy', 'config', 'conf.d') | path_join }}" +managed_sites: [] diff --git a/_ansible/local-dev.yml b/_ansible/local-dev.yml index 8bc8d89..8c368a4 100644 --- a/_ansible/local-dev.yml +++ b/_ansible/local-dev.yml @@ -14,3 +14,5 @@ - umami - watchtower - wiki-js + + - caddy diff --git a/_ansible/roles/caddy/tasks/clean-sites.yml b/_ansible/roles/caddy/tasks/clean-sites.yml new file mode 100644 index 0000000..71dbe04 --- /dev/null +++ b/_ansible/roles/caddy/tasks/clean-sites.yml @@ -0,0 +1,11 @@ +- name: Find caddy site configs, but exclude managed sites + ansible.builtin.find: + paths: "{{ caddy_config_path }}" + excludes: "{{ managed_sites | default([]) }}" + register: files_to_delete + +- name: Remove unmanaged sites + file: + path: "{{ item.path }}" + state: absent + with_items: "{{ files_to_delete.files }}" diff --git a/_ansible/roles/caddy/tasks/main.yml b/_ansible/roles/caddy/tasks/main.yml new file mode 100644 index 0000000..18a4793 --- /dev/null +++ b/_ansible/roles/caddy/tasks/main.yml @@ -0,0 +1,11 @@ +--- +- name: Deploy {{ svc.name }} + tags: + - caddy + - reverse_proxy + - webserver + block: + - import_tasks: deploy-common-service.yml + + - import_tasks: clean-sites.yml + - import_tasks: reload-caddy.yml diff --git a/_ansible/roles/caddy/tasks/reload-caddy.yml b/_ansible/roles/caddy/tasks/reload-caddy.yml new file mode 100644 index 0000000..9ed93b9 --- /dev/null +++ b/_ansible/roles/caddy/tasks/reload-caddy.yml @@ -0,0 +1,16 @@ +- name: Check caddy configuration + ansible.builtin.command: + cmd: docker compose exec app sh -c "caddy validate --config /etc/caddy/Caddyfile" + chdir: "{{ service_path }}" + when: "'local-dev' != inventory_hostname" + register: cmd_result + changed_when: false + +- name: Reload caddy configuration + ansible.builtin.command: + cmd: docker compose exec app sh -c "caddy reload --config /etc/caddy/Caddyfile" + chdir: "{{ service_path }}" + when: + - "'local-dev' != inventory_hostname" + - cmd_result.rc == 0 + changed_when: true # TODO find a way to detect changes diff --git a/_ansible/tasks/deploy-common-service.yml b/_ansible/tasks/deploy-common-service.yml index 661de01..d2ce6df 100644 --- a/_ansible/tasks/deploy-common-service.yml +++ b/_ansible/tasks/deploy-common-service.yml @@ -1,5 +1,6 @@ - import_tasks: steps/create-service-directory.yml - import_tasks: steps/template-docker-compose.yml - import_tasks: steps/template-service-env.yml -- import_tasks: steps/template-site-config.yml +- include_tasks: steps/template-site-config.yml + when: svc.domain is defined - import_tasks: steps/start-service.yml diff --git a/_ansible/tasks/steps/start-service.yml b/_ansible/tasks/steps/start-service.yml index 10b6d22..a88d14d 100644 --- a/_ansible/tasks/steps/start-service.yml +++ b/_ansible/tasks/steps/start-service.yml @@ -1,3 +1,25 @@ +- name: Build service + ansible.builtin.command: + cmd: docker compose build --pull + chdir: "{{ service_path }}" + when: + - "'local-dev' != inventory_hostname" + - docker_update is defined + - docker_update + register: cmd_result + changed_when: True + +- name: Pull service + ansible.builtin.command: + cmd: docker compose pull --ignore-buildable + chdir: "{{ service_path }}" + when: + - "'local-dev' != inventory_hostname" + - docker_update is defined + - docker_update + register: cmd_result + changed_when: True + - name: Start service ansible.builtin.command: cmd: docker compose up -d diff --git a/_ansible/tasks/steps/template-site-config.yml b/_ansible/tasks/steps/template-site-config.yml index ac84674..e98659d 100644 --- a/_ansible/tasks/steps/template-site-config.yml +++ b/_ansible/tasks/steps/template-site-config.yml @@ -1,6 +1,9 @@ -- name: Template caddy config +- name: Template caddy site ansible.builtin.template: src: caddy_site.conf.j2 dest: "{{ (caddy_config_path, svc.domain + '.conf') | path_join }}" mode: "0644" - when: svc.domain is defined + +- name: Register caddy site + ansible.builtin.set_fact: + managed_sites: "{{ managed_sites + [svc.domain + '.conf'] }}" diff --git a/create.sh b/create.sh deleted file mode 100755 index b569dbe..0000000 --- a/create.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/usr/bin/env sh - -printf "Project name: " -read -r PROJECT - -mkdir -p "$PROJECT" -cd "$PROJECT" || exit - -printf "Image name: " -read -r IMAGE - -printf "App name (network alias): " -read -r NAME - -printf "Enable watchtower [true/false]: " -read -r WATCHTOWER_ENABLE - -cat <"docker-compose.yml" -version: '3' -services: - app: - image: ${IMAGE} - restart: always - labels: - com.centurylinklabs.watchtower.enable: ${WATCHTOWER_ENABLE} - env_file: - - .env - - .secret.env - networks: - apps: - aliases: - - ${NAME} - -networks: - apps: - external: true -EOF - -vim -O2 "docker-compose.yml" ".env"