Compare commits

..

22 Commits

Author SHA1 Message Date
3174460451 activa emails no gitea 2023-10-24 11:54:15 +01:00
ec0186ac08 Bump ao gitea (com nova role) 2023-10-23 20:02:31 +01:00
b3b8aeaedb Use docker stop in systemd services 2022-10-02 13:16:47 +01:00
4c05a03f93 Refaz o saucy
Em vez de usar o comminuty module cenas para docker, usa systemd para
gerir os jobs e env files normais.

Aproveita e renomeia um dos yaml para yml.
2022-10-02 00:10:14 +01:00
f4f3ce8f27 Merge pull request 'Adiciona Saucy' (#17) from add-saucy-container into master
Reviewed-on: #17
2022-09-28 17:14:51 +00:00
Tiago Carrondo
a5cc222971 trash! 2022-08-21 19:12:53 +01:00
Tiago Carrondo
154b450e0d completo! 2022-08-15 10:52:24 +01:00
Tiago Carrondo
a63cea077c add ifthenpay, still WIP 2022-08-15 10:28:34 +01:00
Tiago Carrondo
5d33a9ad76 using container name 2022-08-15 10:10:07 +01:00
a4b98e0ac4 var file 2022-08-12 20:11:40 +01:00
77088baa9b adiciona containers e tweaks 2022-08-12 20:11:31 +01:00
bffc222bb0 usa IP do container 2022-08-12 19:46:13 +01:00
26eaea8c01 prep ansible vault 2022-08-12 19:45:49 +01:00
4f8568f1ba instala docker no container saucy 2022-08-05 09:51:34 +01:00
79b0a563be adiciona saucy ao haproxy 2022-08-05 09:48:28 +01:00
275bb3cd9e add saucy host 2022-08-03 15:45:45 +01:00
3a492c2f3e add saucy container 2022-08-03 15:45:34 +01:00
10186fdd3b Merge pull request 'gitea version: latest > 1.17.0' (#16) from pin-gitea-version into master
Reviewed-on: #16
2022-08-03 14:24:18 +00:00
8c856d7a6c Merge branch 'master' into pin-gitea-version 2022-08-03 14:18:51 +00:00
c9c1049c4d Merge pull request 'fix-pretalx-state-start' (#15) from fix-pretalx-state-start into master
Reviewed-on: #15
2022-08-03 12:44:28 +00:00
16159e52f4 extra fix: check mode 2022-08-03 13:37:50 +01:00
fdc9b6d2e6 gitea version: latest > 1.17.0 2022-08-03 13:28:16 +01:00
20 changed files with 192 additions and 2 deletions

3
.gitignore vendored
View File

@ -1 +1,4 @@
__pycache__/ __pycache__/
# ansible vault password
.vault_pass

View File

@ -6,6 +6,7 @@
- name: PREP LXD -- Check if ubuntu minimal repo already added. - name: PREP LXD -- Check if ubuntu minimal repo already added.
shell: lxc remote list | grep ubuntu-minimal | wc -l shell: lxc remote list | grep ubuntu-minimal | wc -l
register: ubuntu_minimal_repo register: ubuntu_minimal_repo
check_mode: no
- name: PREP LXD -- Add ubuntu minimal repo - name: PREP LXD -- Add ubuntu minimal repo
command: lxc remote add --protocol simplestreams ubuntu-minimal https://cloud-images.ubuntu.com/minimal/releases/ command: lxc remote add --protocol simplestreams ubuntu-minimal https://cloud-images.ubuntu.com/minimal/releases/
when: ubuntu_minimal_repo.stdout != "1" when: ubuntu_minimal_repo.stdout != "1"

View File

@ -20,6 +20,7 @@
- { name: haproxy, state: started } - { name: haproxy, state: started }
- { name: gitea, state: started } - { name: gitea, state: started }
- { name: freescout, state: started } - { name: freescout, state: started }
- { name: saucy, state: started }
- { name: pretalx, state: stopped } - { name: pretalx, state: stopped }
- name: Create haproxy port forwards - name: Create haproxy port forwards
community.general.lxd_container: community.general.lxd_container:

View File

@ -2,15 +2,17 @@
- name: GITEA -- install - name: GITEA -- install
hosts: gitea@lxd.ansol.org hosts: gitea@lxd.ansol.org
roles: roles:
- { role: do1jlr.gitea, tags: gitea } - { role: l3d.gitea, tags: gitea }
vars: vars:
gitea_version: latest gitea_version: 1.20.5
gitea_home: /var/lib/gitea
gitea_fqdn: 'git.ansol.org' gitea_fqdn: 'git.ansol.org'
gitea_root_url: 'https://git.ansol.org' gitea_root_url: 'https://git.ansol.org'
gitea_http_listen: '0.0.0.0' gitea_http_listen: '0.0.0.0'
gitea_protocol: http gitea_protocol: http
gitea_only_allow_external_registration: true gitea_only_allow_external_registration: true
gitea_enable_captcha: false gitea_enable_captcha: false
gitea_enable_notify_mail: true
gitea_require_signin: false gitea_require_signin: false
gitea_show_registration_button: false gitea_show_registration_button: false
gitea_start_ssh: true gitea_start_ssh: true
@ -24,3 +26,9 @@
SSH_LISTEN_PORT = 2222 SSH_LISTEN_PORT = 2222
SSH_USER = git SSH_USER = git
BUILTIN_SSH_SERVER_USER = git BUILTIN_SSH_SERVER_USER = git
gitea_mailer_enabled: true
gitea_mailer_protocol: smtp+starttls
gitea_mailer_smtp_addr: smtp.netureza.pt
gitea_mailer_user: '{{ smtp_username }}'
gitea_mailer_password: '{{ smtp_password }}'
gitea_mailer_from: '"git.ansol.org" <noreply@git.ansol.org>'

6
05_container_saucy.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: SAUCY
hosts: saucy@lxd.ansol.org
roles:
- container-postgres
- container-saucy

View File

@ -1,5 +1,6 @@
[defaults] [defaults]
inventory = hosts inventory = hosts
vault_password_file = .vault_pass
[connection] [connection]
pipelining = True pipelining = True

View File

@ -49,6 +49,9 @@ defaults
errorfile 503 /etc/haproxy/errors/503.http errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http errorfile 504 /etc/haproxy/errors/504.http
resolvers localdns
parse-resolv-conf
# The web frontend # The web frontend
frontend http_https frontend http_https
@ -85,6 +88,10 @@ frontend http_https
acl listas_ansol hdr(host) -i listas.ansol.org acl listas_ansol hdr(host) -i listas.ansol.org
use_backend listas_ansol if listas_ansol use_backend listas_ansol if listas_ansol
# Saucy
acl saucy hdr(host) -i saucy.ansol.org
use_backend saucy if saucy
# Let's Encrypt # Let's Encrypt
backend letsencrypt backend letsencrypt
@ -109,3 +116,9 @@ backend pretalx
backend listas_ansol backend listas_ansol
server listas_ansol kpn0.netureza.pt:80 check server listas_ansol kpn0.netureza.pt:80 check
# Saucy
backend saucy
server saucy saucy.lxd:80 check resolvers localdns resolve-prefer ipv4

View File

@ -0,0 +1,8 @@
$ANSIBLE_VAULT;1.1;AES256
35313130303563656537363634653234363936613936656332313061373838613331623838623936
3639633862323237393833393035623864663231356233640a363330396631643238326563303534
30616434363766613731373932313836356237633630663639616163313131613063663435643363
3434626566333235640a336231306532653163373333303238656666343538383833386337376161
32616635336333313835626330306135333637626630313330373433373463306339636165633565
34336431623234333861643837303138303563336164373930373763346134663866616463353837
313764393130663764373665333030623131

View File

@ -0,0 +1,25 @@
$ANSIBLE_VAULT;1.1;AES256
64616462303033383065373838613534653461376264633632343134636264613037623166376636
3635363331383233326364376335353039323635343062360a313738626439343832646230373631
61663463333163663031663464373737393932623561363833633563376132373235653065326330
3230353834323866300a363733326332666639616164373965643532613238326463336661346332
66656261666433356138376338313533623433326230333761663934373766356538366630613261
39323036653465343332373031316433303662343232333665303565313230663730316238646262
37656432323236653262353231316461313731393336383463643231326637313135343262663164
39306139633234633137626461653364373830383034373235316663623230323730323261326139
33663965376639393864653465646263653861353733613936393065326165666131316662666339
39323238323061636536343463643437373735656362626366663266313235363531323632346630
63306365396235663831656137376638313765333333386162353963666637386465396462626261
38316439353562376630386466646531373661633737353133333363663633373564396230616561
36613465636633656432306330356330626238663836306339306132383932626436616338386364
39656135613339613138383464663863613063323334663861613338396464366331623664616232
38393761326230316539373466636435646562306535323830633333656465306532343661396135
62623361656336633532643864383163616163643336366665316535656332333537303062373630
36643738653161653731346130643435613235333339623030396161613935316465343266306461
36386634323962343731613034366538613663363133393039356661306132623964656430646562
64356264643361326566616533323364353535653664353538613362313937376261396632616232
36653164353365653162646161396361376434313533616664366461326538306261323139633862
62343737623362393533326163353333313032313861366638356338313930346631373430326164
64636639623430356433643537323363636537623030353635376632623731376439336461663738
35363038303737616561376663373631386633376430643661393665333465373138346131323932
34326133316464323138

1
hosts
View File

@ -4,3 +4,4 @@ lxd.ansol.org
[containers] [containers]
haproxy@lxd.ansol.org ansible_connection=sshlxd haproxy@lxd.ansol.org ansible_connection=sshlxd
gitea@lxd.ansol.org ansible_connection=sshlxd gitea@lxd.ansol.org ansible_connection=sshlxd
saucy@lxd.ansol.org ansible_connection=sshlxd

View File

@ -11,3 +11,4 @@
- import_playbook: 03_container_haproxy.yaml - import_playbook: 03_container_haproxy.yaml
# Container Gitea # Container Gitea
- import_playbook: 04_container_gitea.yaml - import_playbook: 04_container_gitea.yaml
- import_playbook: 05_container_saucy.yml

11
requirements.txt Normal file
View File

@ -0,0 +1,11 @@
ansible==6.2.0
ansible-core==2.13.2
cffi==1.15.1
cryptography==37.0.4
Jinja2==3.1.2
MarkupSafe==2.1.1
packaging==21.3
pycparser==2.21
pyparsing==3.0.9
PyYAML==6.0
resolvelib==0.8.1

View File

@ -0,0 +1,3 @@
POSTGRES_USER={{ db_user }}
POSTGRES_PASSWORD={{ db_password }}
POSTGRES_DB={{ db_name }}

View File

@ -0,0 +1,13 @@
[Unit]
Description=Container running postgres
Wants=network.target
After=network-online.target
[Service]
Restart=on-failure
TimeoutStopSec=70
ExecStart=/usr/bin/docker run --rm --name postgres --env-file /srv/postgres/env -v /srv/postgres/data:/var/lib/postgresql/data -p5432:5432 postgres:latest
ExecStop=/usr/bin/docker stop postgres
[Install]
WantedBy=multi-user.target default.target

View File

@ -0,0 +1,3 @@
- name: reload systemd
systemd:
daemon_reload: yes

View File

@ -0,0 +1,24 @@
- name: container pg -- srv directory
become: true
file:
path: '/srv/postgres'
mode: 0700
state: directory
- name: container pg -- env file
become: true
template:
src: 'files/env'
dest: '/srv/postgres/env'
mode: 0600
- name: container pg -- systemd unit file
become: true
template:
src: 'files/unit.service'
dest: '/etc/systemd/system/container-postgres.service'
mode: 0644
notify: reload systemd
- name: container pg -- start
become: true
systemd:
name: container-postgres
state: started

View File

@ -0,0 +1,16 @@
DATABASE_URL=postgres://{{ db_user }}:{{ db_password }}@{{ db_host }}/{{ db_name }}
SMTP_ADDRESS=smtp.netureza.pt
SMTP_DOMAIN=ansol.org
SMTP_USERNAME={{ smtp_username }}
SMTP_PASSWORD={{ smtp_password }}
SMTP_FROM_ADDRESS=direccao@ansol.org
SMTP_FROM_NAME=ANSOL
IFTHENPAY_KEY={{ ifthenpay_key }}
IFTHENPAY_ACCOUNTS={{ ifthenpay_accounts }}
BASE_HOST=saucy.ansol.org
RAILS_ENV=production
RAILS_LOG_TO_STDOUT=true
RAILS_SERVE_STATIC_FILES=true
SECRET_KEY_BASE={{ secret_key_base }}

View File

@ -0,0 +1,13 @@
[Unit]
Description=Container running saucy
Wants=network.target
After=network-online.target container-postgres.service
[Service]
Restart=on-failure
TimeoutStopSec=70
ExecStart=/usr/bin/docker run --pull=always --rm --name saucy --env-file /srv/saucy/env -v /srv/saucy/data:/data -p80:3000 git.ansol.org/ansol/saucy:latest
ExecStop=/usr/bin/docker stop saucy
[Install]
WantedBy=multi-user.target default.target

View File

@ -0,0 +1,3 @@
- name: reload systemd
systemd:
daemon_reload: yes

View File

@ -0,0 +1,36 @@
- name: container saucy -- srv directory
become: true
file:
path: '/srv/saucy'
mode: 0700
state: directory
- name: container saucy -- env file
become: true
template:
src: 'files/env'
dest: '/srv/saucy/env'
mode: 0600
- name: container saucy -- systemd unit file
become: true
template:
src: 'files/unit.service'
dest: '/etc/systemd/system/container-saucy.service'
mode: 0644
notify: reload systemd
- name: container saucy -- start
become: true
systemd:
name: container-saucy
state: started
- name: container saucy -- sync cron
become: true
cron:
name: "saucy-sync"
minute: "*/5"
job: "/usr/bin/docker exec -it saucy bin/rails saucy:sync"
#- name: container saucy -- sync cron
# become: true
# cron:
# name: "saucy-sync"
# hour: "8"
# job: "/usr/bin/docker exec -it saucy bin/rails saucy:notify"