Improve ansible stuff and prepare caddy

2023-06-26 01:17:41 +02:00 · 2023-06-26 01:17:41 +02:00 · 3b9ed6a4f4
parent 2d8c670110
commit 3b9ed6a4f4
10 changed files with 83 additions and 42 deletions
--- a/_ansible/README.md
+++ b/_ansible/README.md
@ -0,0 +1,13 @@
+# Ansible project to deploy services
+
+## Variables
+
+### CLI variable overwrites
+
+#### force_gitea_runner_registration
+`-e force_gitea_runner_registration=True`  
+Force gitea-runner to prompt a new registration token.
+
+#### docker_update
+`-e docker_update=True`  
+Pull and build the docker compose services
--- a/_ansible/inventory/group_vars/all/main.yml
+++ b/_ansible/inventory/group_vars/all/main.yml
@ -11,3 +11,4 @@ mailer:

 services_path: /opt/services/
 caddy_config_path: "{{ (services_path, 'caddy', 'config', 'conf.d') | path_join }}"
+managed_sites: []
--- a/_ansible/local-dev.yml
+++ b/_ansible/local-dev.yml
@ -14,3 +14,5 @@
    - umami
    - watchtower
    - wiki-js
+
+    - caddy
--- a/_ansible/roles/caddy/tasks/clean-sites.yml
+++ b/_ansible/roles/caddy/tasks/clean-sites.yml
@ -0,0 +1,11 @@
+- name: Find caddy site configs, but exclude managed sites
+  ansible.builtin.find:
+    paths: "{{ caddy_config_path }}"
+    excludes: "{{ managed_sites | default([]) }}"
+  register: files_to_delete
+
+- name: Remove unmanaged sites
+  file:
+    path: "{{ item.path }}"
+    state: absent
+  with_items: "{{ files_to_delete.files }}"
--- a/_ansible/roles/caddy/tasks/main.yml
+++ b/_ansible/roles/caddy/tasks/main.yml
@ -0,0 +1,11 @@
+---
+- name: Deploy {{ svc.name }}
+  tags:
+    - caddy
+    - reverse_proxy
+    - webserver
+  block:
+    - import_tasks: deploy-common-service.yml
+
+    - import_tasks: clean-sites.yml
+    - import_tasks: reload-caddy.yml
--- a/_ansible/roles/caddy/tasks/reload-caddy.yml
+++ b/_ansible/roles/caddy/tasks/reload-caddy.yml
@ -0,0 +1,16 @@
+- name: Check caddy configuration
+  ansible.builtin.command:
+    cmd: docker compose exec app sh -c "caddy validate --config /etc/caddy/Caddyfile"
+    chdir: "{{ service_path }}"
+  when: "'local-dev' != inventory_hostname"
+  register: cmd_result
+  changed_when: false
+
+- name: Reload caddy configuration
+  ansible.builtin.command:
+    cmd: docker compose exec app sh -c "caddy reload --config /etc/caddy/Caddyfile"
+    chdir: "{{ service_path }}"
+  when:
+    - "'local-dev' != inventory_hostname"
+    - cmd_result.rc == 0
+  changed_when: true # TODO find a way to detect changes
--- a/_ansible/tasks/deploy-common-service.yml
+++ b/_ansible/tasks/deploy-common-service.yml
@ -1,5 +1,6 @@
 - import_tasks: steps/create-service-directory.yml
 - import_tasks: steps/template-docker-compose.yml
 - import_tasks: steps/template-service-env.yml
- import_tasks: steps/template-site-config.yml
+- include_tasks: steps/template-site-config.yml
+  when: svc.domain is defined
 - import_tasks: steps/start-service.yml
--- a/_ansible/tasks/steps/start-service.yml
+++ b/_ansible/tasks/steps/start-service.yml
@ -1,3 +1,25 @@
+- name: Build service
+  ansible.builtin.command:
+    cmd: docker compose build --pull
+    chdir: "{{ service_path }}"
+  when:
+    - "'local-dev' != inventory_hostname"
+    - docker_update is defined
+    - docker_update
+  register: cmd_result
+  changed_when: True
+
+- name: Pull service
+  ansible.builtin.command:
+    cmd: docker compose pull --ignore-buildable
+    chdir: "{{ service_path }}"
+  when:
+    - "'local-dev' != inventory_hostname"
+    - docker_update is defined
+    - docker_update
+  register: cmd_result
+  changed_when: True
+
 - name: Start service
  ansible.builtin.command:
    cmd: docker compose up -d
--- a/_ansible/tasks/steps/template-site-config.yml
+++ b/_ansible/tasks/steps/template-site-config.yml
@ -1,6 +1,9 @@
- name: Template caddy config
+- name: Template caddy site
  ansible.builtin.template:
    src: caddy_site.conf.j2
    dest: "{{ (caddy_config_path, svc.domain + '.conf') | path_join }}"
    mode: "0644"
-  when: svc.domain is defined
+
+- name: Register caddy site
+  ansible.builtin.set_fact:
+    managed_sites: "{{ managed_sites + [svc.domain + '.conf'] }}"
--- a/create.sh
+++ b/create.sh
@ -1,39 +0,0 @@
-#!/usr/bin/env sh
-
-printf "Project name: "
-read -r PROJECT
-
-mkdir -p "$PROJECT"
-cd "$PROJECT" || exit
-
-printf "Image name: "
-read -r IMAGE
-
-printf "App name (network alias): "
-read -r NAME
-
-printf "Enable watchtower [true/false]: "
-read -r WATCHTOWER_ENABLE
-
-cat <<EOF >"docker-compose.yml"
-version: '3'
-services:
-  app:
-    image: ${IMAGE}
-    restart: always
-    labels:
-      com.centurylinklabs.watchtower.enable: ${WATCHTOWER_ENABLE}
-    env_file:
-      - .env
-      - .secret.env
-    networks:
-      apps:
-        aliases:
-          - ${NAME}
-
-networks:
-  apps:
-    external: true
-EOF
-
-vim -O2 "docker-compose.yml" ".env"