diff --git a/.gitignore b/.gitignore index c18dd8d..5aba8ef 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,4 @@ __pycache__/ + +# ansible vault password +.vault_pass diff --git a/02_lxc_containers.yaml b/02_lxc_containers.yaml index 96960d0..29fa490 100644 --- a/02_lxc_containers.yaml +++ b/02_lxc_containers.yaml @@ -20,6 +20,7 @@ - { name: haproxy, state: started } - { name: gitea, state: started } - { name: freescout, state: started } + - { name: saucy, state: started } - { name: pretalx, state: stopped } - name: Create haproxy port forwards community.general.lxd_container: diff --git a/05_container_saucy.yaml b/05_container_saucy.yaml new file mode 100644 index 0000000..aa51d89 --- /dev/null +++ b/05_container_saucy.yaml @@ -0,0 +1,80 @@ +--- +- name: SAUCY + hosts: saucy@lxd.ansol.org + become: true + tasks: + - name: SAUCY -- install needed packages + become: true + package: + state: present + name: '{{ item }}' + with_items: + - ca-certificates + - curl + - gnupg + - lsb-release + - name: SAUCY -- add Docker GPG key + become: true + apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + state: present + - name: SAUCY -- add Docker repository to apt + become: true + apt_repository: + repo: deb https://download.docker.com/linux/ubuntu focal stable + state: present + - name: SAUCY -- install docker + become: true + apt: + name: '{{item}}' + state: latest + loop: + - docker-ce + - docker-ce-cli + - containerd.io + - python3-docker + - name: SAUCY -- start, and enable, docker service + become: true + service: + name: docker + state: started + enabled: yes + # postgres server and db, account + - name: SAUCY -- install postgresql + become: true + community.docker.docker_container: + name: postgresql + image: postgres:latest + state: started + container_default_behavior: no_defaults + volumes: + - /data:/var/lib/postgresql/data + ports: + - '5432:5432' + env: + POSTGRES_USER: '{{ db_user }}' + POSTGRES_PASSWORD: '{{ db_password }}' + POSTGRES_DB: '{{ db_name }}' + - name: SAUCY -- add Saucy container + community.docker.docker_container: + name: saucy + image: git.ansol.org/ansol/saucy:latest + state: started + container_default_behavior: no_defaults + ports: + - '80:3000' + env: + DATABASE_URL: 'postgres://{{ db_user }}:{{ db_password }}@{{ db_host }}/{{ db_name }}' + SMTP_ADDRESS: smtp.netureza.pt + SMTP_DOMAIN: ansol.org + SMTP_USERNAME: '{{ smtp_username }}' + SMTP_PASSWORD: '{{ smtp_password }}' + SMTP_FROM_ADDRESS: direccao@ansol.org + SMTP_FROM_NAME: ANSOL + + IFTHENPAY_KEY: '{{ ifthenpay_key }}' + IFTHENPAY_ACCOUNTS: '{{ ifthenpay_accounts }}' + + BASE_HOST: saucy.ansol.org + RAILS_LOG_TO_STDOUT: 'true' + RAILS_ENV: production diff --git a/ansible.cfg b/ansible.cfg index 5d5f478..698a0af 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,5 +1,6 @@ [defaults] inventory = hosts +vault_password_file = .vault_pass [connection] pipelining = True diff --git a/files/ha_haproxy.cfg.j2 b/files/ha_haproxy.cfg.j2 index 10bc673..2b230e0 100644 --- a/files/ha_haproxy.cfg.j2 +++ b/files/ha_haproxy.cfg.j2 @@ -49,6 +49,9 @@ defaults errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http +resolvers localdns + parse-resolv-conf + # The web frontend frontend http_https @@ -85,6 +88,10 @@ frontend http_https acl listas_ansol hdr(host) -i listas.ansol.org use_backend listas_ansol if listas_ansol + # Saucy + acl saucy hdr(host) -i saucy.ansol.org + use_backend saucy if saucy + # Let's Encrypt backend letsencrypt @@ -109,3 +116,9 @@ backend pretalx backend listas_ansol server listas_ansol kpn0.netureza.pt:80 check + +# Saucy + +backend saucy + server saucy saucy.lxd:80 check resolvers localdns resolve-prefer ipv4 + diff --git a/host_vars/saucy@lxd.ansol.org b/host_vars/saucy@lxd.ansol.org new file mode 100644 index 0000000..ce69d58 --- /dev/null +++ b/host_vars/saucy@lxd.ansol.org @@ -0,0 +1,18 @@ +$ANSIBLE_VAULT;1.1;AES256 +37323635663062383436383061366461326133386235313733653466313565346562373131333031 +3235306530653634333733326430616632393064356330350a363864653566653763383664663061 +30656266383834303464366266366435636438343663313436393764353537326163366434313131 +3565323935396330310a613631623530333365643530313531373039336434366166663338613261 +37316462393330663263636464343865313962343738323537623239316533643831303764623132 +39636337646538386336393366656336333066316337336634356564303533626263313435376435 +36376539383434376430666263316639376337376636616337356161653234393666636461356466 +36366665376632643964386535316538326235666266396631363064613235623639666235396434 +39316636623264366561393032346666343465333565316136636234323962333339313832303634 +37623230313538366666656338666332386431616230343533616234633065356337633766633330 +65626566386632303130393336343736303464326130383964333133656632653236626366376166 +63383363653830346364373966393036316363393863643833386630633535366332343932643639 +38366630326235363033346636316631343532386236613430616165643632636331313832633463 +65336664343336663064383866323635663561306637613439626364366435656131646664353138 +63356631623562633735303636343232333232646439623764303239643730653431626465616363 +35663633303234613064353433646632343436643130336337336361326664336239326135323161 +3738 diff --git a/hosts b/hosts index 037fadd..4488532 100644 --- a/hosts +++ b/hosts @@ -4,3 +4,4 @@ lxd.ansol.org [containers] haproxy@lxd.ansol.org ansible_connection=sshlxd gitea@lxd.ansol.org ansible_connection=sshlxd +saucy@lxd.ansol.org ansible_connection=sshlxd