Compare commits
22 Commits
5992957204
...
master
Author | SHA1 | Date | |
---|---|---|---|
3174460451 | |||
ec0186ac08 | |||
b3b8aeaedb | |||
4c05a03f93 | |||
f4f3ce8f27 | |||
|
a5cc222971 | ||
|
154b450e0d | ||
|
a63cea077c | ||
|
5d33a9ad76 | ||
a4b98e0ac4 | |||
77088baa9b | |||
bffc222bb0 | |||
26eaea8c01 | |||
4f8568f1ba | |||
79b0a563be | |||
275bb3cd9e | |||
3a492c2f3e | |||
10186fdd3b | |||
8c856d7a6c | |||
c9c1049c4d | |||
16159e52f4 | |||
fdc9b6d2e6 |
3
.gitignore
vendored
3
.gitignore
vendored
@ -1 +1,4 @@
|
|||||||
__pycache__/
|
__pycache__/
|
||||||
|
|
||||||
|
# ansible vault password
|
||||||
|
.vault_pass
|
||||||
|
@ -6,6 +6,7 @@
|
|||||||
- name: PREP LXD -- Check if ubuntu minimal repo already added.
|
- name: PREP LXD -- Check if ubuntu minimal repo already added.
|
||||||
shell: lxc remote list | grep ubuntu-minimal | wc -l
|
shell: lxc remote list | grep ubuntu-minimal | wc -l
|
||||||
register: ubuntu_minimal_repo
|
register: ubuntu_minimal_repo
|
||||||
|
check_mode: no
|
||||||
- name: PREP LXD -- Add ubuntu minimal repo
|
- name: PREP LXD -- Add ubuntu minimal repo
|
||||||
command: lxc remote add --protocol simplestreams ubuntu-minimal https://cloud-images.ubuntu.com/minimal/releases/
|
command: lxc remote add --protocol simplestreams ubuntu-minimal https://cloud-images.ubuntu.com/minimal/releases/
|
||||||
when: ubuntu_minimal_repo.stdout != "1"
|
when: ubuntu_minimal_repo.stdout != "1"
|
||||||
|
@ -20,6 +20,7 @@
|
|||||||
- { name: haproxy, state: started }
|
- { name: haproxy, state: started }
|
||||||
- { name: gitea, state: started }
|
- { name: gitea, state: started }
|
||||||
- { name: freescout, state: started }
|
- { name: freescout, state: started }
|
||||||
|
- { name: saucy, state: started }
|
||||||
- { name: pretalx, state: stopped }
|
- { name: pretalx, state: stopped }
|
||||||
- name: Create haproxy port forwards
|
- name: Create haproxy port forwards
|
||||||
community.general.lxd_container:
|
community.general.lxd_container:
|
||||||
|
@ -2,15 +2,17 @@
|
|||||||
- name: GITEA -- install
|
- name: GITEA -- install
|
||||||
hosts: gitea@lxd.ansol.org
|
hosts: gitea@lxd.ansol.org
|
||||||
roles:
|
roles:
|
||||||
- { role: do1jlr.gitea, tags: gitea }
|
- { role: l3d.gitea, tags: gitea }
|
||||||
vars:
|
vars:
|
||||||
gitea_version: latest
|
gitea_version: 1.20.5
|
||||||
|
gitea_home: /var/lib/gitea
|
||||||
gitea_fqdn: 'git.ansol.org'
|
gitea_fqdn: 'git.ansol.org'
|
||||||
gitea_root_url: 'https://git.ansol.org'
|
gitea_root_url: 'https://git.ansol.org'
|
||||||
gitea_http_listen: '0.0.0.0'
|
gitea_http_listen: '0.0.0.0'
|
||||||
gitea_protocol: http
|
gitea_protocol: http
|
||||||
gitea_only_allow_external_registration: true
|
gitea_only_allow_external_registration: true
|
||||||
gitea_enable_captcha: false
|
gitea_enable_captcha: false
|
||||||
|
gitea_enable_notify_mail: true
|
||||||
gitea_require_signin: false
|
gitea_require_signin: false
|
||||||
gitea_show_registration_button: false
|
gitea_show_registration_button: false
|
||||||
gitea_start_ssh: true
|
gitea_start_ssh: true
|
||||||
@ -24,3 +26,9 @@
|
|||||||
SSH_LISTEN_PORT = 2222
|
SSH_LISTEN_PORT = 2222
|
||||||
SSH_USER = git
|
SSH_USER = git
|
||||||
BUILTIN_SSH_SERVER_USER = git
|
BUILTIN_SSH_SERVER_USER = git
|
||||||
|
gitea_mailer_enabled: true
|
||||||
|
gitea_mailer_protocol: smtp+starttls
|
||||||
|
gitea_mailer_smtp_addr: smtp.netureza.pt
|
||||||
|
gitea_mailer_user: '{{ smtp_username }}'
|
||||||
|
gitea_mailer_password: '{{ smtp_password }}'
|
||||||
|
gitea_mailer_from: '"git.ansol.org" <noreply@git.ansol.org>'
|
||||||
|
6
05_container_saucy.yml
Normal file
6
05_container_saucy.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
- name: SAUCY
|
||||||
|
hosts: saucy@lxd.ansol.org
|
||||||
|
roles:
|
||||||
|
- container-postgres
|
||||||
|
- container-saucy
|
@ -1,5 +1,6 @@
|
|||||||
[defaults]
|
[defaults]
|
||||||
inventory = hosts
|
inventory = hosts
|
||||||
|
vault_password_file = .vault_pass
|
||||||
|
|
||||||
[connection]
|
[connection]
|
||||||
pipelining = True
|
pipelining = True
|
||||||
|
@ -49,6 +49,9 @@ defaults
|
|||||||
errorfile 503 /etc/haproxy/errors/503.http
|
errorfile 503 /etc/haproxy/errors/503.http
|
||||||
errorfile 504 /etc/haproxy/errors/504.http
|
errorfile 504 /etc/haproxy/errors/504.http
|
||||||
|
|
||||||
|
resolvers localdns
|
||||||
|
parse-resolv-conf
|
||||||
|
|
||||||
# The web frontend
|
# The web frontend
|
||||||
|
|
||||||
frontend http_https
|
frontend http_https
|
||||||
@ -85,6 +88,10 @@ frontend http_https
|
|||||||
acl listas_ansol hdr(host) -i listas.ansol.org
|
acl listas_ansol hdr(host) -i listas.ansol.org
|
||||||
use_backend listas_ansol if listas_ansol
|
use_backend listas_ansol if listas_ansol
|
||||||
|
|
||||||
|
# Saucy
|
||||||
|
acl saucy hdr(host) -i saucy.ansol.org
|
||||||
|
use_backend saucy if saucy
|
||||||
|
|
||||||
# Let's Encrypt
|
# Let's Encrypt
|
||||||
|
|
||||||
backend letsencrypt
|
backend letsencrypt
|
||||||
@ -109,3 +116,9 @@ backend pretalx
|
|||||||
|
|
||||||
backend listas_ansol
|
backend listas_ansol
|
||||||
server listas_ansol kpn0.netureza.pt:80 check
|
server listas_ansol kpn0.netureza.pt:80 check
|
||||||
|
|
||||||
|
# Saucy
|
||||||
|
|
||||||
|
backend saucy
|
||||||
|
server saucy saucy.lxd:80 check resolvers localdns resolve-prefer ipv4
|
||||||
|
|
||||||
|
8
host_vars/gitea@lxd.ansol.org
Normal file
8
host_vars/gitea@lxd.ansol.org
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
35313130303563656537363634653234363936613936656332313061373838613331623838623936
|
||||||
|
3639633862323237393833393035623864663231356233640a363330396631643238326563303534
|
||||||
|
30616434363766613731373932313836356237633630663639616163313131613063663435643363
|
||||||
|
3434626566333235640a336231306532653163373333303238656666343538383833386337376161
|
||||||
|
32616635336333313835626330306135333637626630313330373433373463306339636165633565
|
||||||
|
34336431623234333861643837303138303563336164373930373763346134663866616463353837
|
||||||
|
313764393130663764373665333030623131
|
25
host_vars/saucy@lxd.ansol.org
Normal file
25
host_vars/saucy@lxd.ansol.org
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
64616462303033383065373838613534653461376264633632343134636264613037623166376636
|
||||||
|
3635363331383233326364376335353039323635343062360a313738626439343832646230373631
|
||||||
|
61663463333163663031663464373737393932623561363833633563376132373235653065326330
|
||||||
|
3230353834323866300a363733326332666639616164373965643532613238326463336661346332
|
||||||
|
66656261666433356138376338313533623433326230333761663934373766356538366630613261
|
||||||
|
39323036653465343332373031316433303662343232333665303565313230663730316238646262
|
||||||
|
37656432323236653262353231316461313731393336383463643231326637313135343262663164
|
||||||
|
39306139633234633137626461653364373830383034373235316663623230323730323261326139
|
||||||
|
33663965376639393864653465646263653861353733613936393065326165666131316662666339
|
||||||
|
39323238323061636536343463643437373735656362626366663266313235363531323632346630
|
||||||
|
63306365396235663831656137376638313765333333386162353963666637386465396462626261
|
||||||
|
38316439353562376630386466646531373661633737353133333363663633373564396230616561
|
||||||
|
36613465636633656432306330356330626238663836306339306132383932626436616338386364
|
||||||
|
39656135613339613138383464663863613063323334663861613338396464366331623664616232
|
||||||
|
38393761326230316539373466636435646562306535323830633333656465306532343661396135
|
||||||
|
62623361656336633532643864383163616163643336366665316535656332333537303062373630
|
||||||
|
36643738653161653731346130643435613235333339623030396161613935316465343266306461
|
||||||
|
36386634323962343731613034366538613663363133393039356661306132623964656430646562
|
||||||
|
64356264643361326566616533323364353535653664353538613362313937376261396632616232
|
||||||
|
36653164353365653162646161396361376434313533616664366461326538306261323139633862
|
||||||
|
62343737623362393533326163353333313032313861366638356338313930346631373430326164
|
||||||
|
64636639623430356433643537323363636537623030353635376632623731376439336461663738
|
||||||
|
35363038303737616561376663373631386633376430643661393665333465373138346131323932
|
||||||
|
34326133316464323138
|
1
hosts
1
hosts
@ -4,3 +4,4 @@ lxd.ansol.org
|
|||||||
[containers]
|
[containers]
|
||||||
haproxy@lxd.ansol.org ansible_connection=sshlxd
|
haproxy@lxd.ansol.org ansible_connection=sshlxd
|
||||||
gitea@lxd.ansol.org ansible_connection=sshlxd
|
gitea@lxd.ansol.org ansible_connection=sshlxd
|
||||||
|
saucy@lxd.ansol.org ansible_connection=sshlxd
|
||||||
|
@ -11,3 +11,4 @@
|
|||||||
- import_playbook: 03_container_haproxy.yaml
|
- import_playbook: 03_container_haproxy.yaml
|
||||||
# Container Gitea
|
# Container Gitea
|
||||||
- import_playbook: 04_container_gitea.yaml
|
- import_playbook: 04_container_gitea.yaml
|
||||||
|
- import_playbook: 05_container_saucy.yml
|
||||||
|
11
requirements.txt
Normal file
11
requirements.txt
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
ansible==6.2.0
|
||||||
|
ansible-core==2.13.2
|
||||||
|
cffi==1.15.1
|
||||||
|
cryptography==37.0.4
|
||||||
|
Jinja2==3.1.2
|
||||||
|
MarkupSafe==2.1.1
|
||||||
|
packaging==21.3
|
||||||
|
pycparser==2.21
|
||||||
|
pyparsing==3.0.9
|
||||||
|
PyYAML==6.0
|
||||||
|
resolvelib==0.8.1
|
3
roles/container-postgres/files/env
Normal file
3
roles/container-postgres/files/env
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
POSTGRES_USER={{ db_user }}
|
||||||
|
POSTGRES_PASSWORD={{ db_password }}
|
||||||
|
POSTGRES_DB={{ db_name }}
|
13
roles/container-postgres/files/unit.service
Normal file
13
roles/container-postgres/files/unit.service
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Container running postgres
|
||||||
|
Wants=network.target
|
||||||
|
After=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Restart=on-failure
|
||||||
|
TimeoutStopSec=70
|
||||||
|
ExecStart=/usr/bin/docker run --rm --name postgres --env-file /srv/postgres/env -v /srv/postgres/data:/var/lib/postgresql/data -p5432:5432 postgres:latest
|
||||||
|
ExecStop=/usr/bin/docker stop postgres
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target default.target
|
3
roles/container-postgres/handlers/main.yml
Normal file
3
roles/container-postgres/handlers/main.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
- name: reload systemd
|
||||||
|
systemd:
|
||||||
|
daemon_reload: yes
|
24
roles/container-postgres/tasks/main.yml
Normal file
24
roles/container-postgres/tasks/main.yml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
- name: container pg -- srv directory
|
||||||
|
become: true
|
||||||
|
file:
|
||||||
|
path: '/srv/postgres'
|
||||||
|
mode: 0700
|
||||||
|
state: directory
|
||||||
|
- name: container pg -- env file
|
||||||
|
become: true
|
||||||
|
template:
|
||||||
|
src: 'files/env'
|
||||||
|
dest: '/srv/postgres/env'
|
||||||
|
mode: 0600
|
||||||
|
- name: container pg -- systemd unit file
|
||||||
|
become: true
|
||||||
|
template:
|
||||||
|
src: 'files/unit.service'
|
||||||
|
dest: '/etc/systemd/system/container-postgres.service'
|
||||||
|
mode: 0644
|
||||||
|
notify: reload systemd
|
||||||
|
- name: container pg -- start
|
||||||
|
become: true
|
||||||
|
systemd:
|
||||||
|
name: container-postgres
|
||||||
|
state: started
|
16
roles/container-saucy/files/env
Normal file
16
roles/container-saucy/files/env
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
DATABASE_URL=postgres://{{ db_user }}:{{ db_password }}@{{ db_host }}/{{ db_name }}
|
||||||
|
SMTP_ADDRESS=smtp.netureza.pt
|
||||||
|
SMTP_DOMAIN=ansol.org
|
||||||
|
SMTP_USERNAME={{ smtp_username }}
|
||||||
|
SMTP_PASSWORD={{ smtp_password }}
|
||||||
|
SMTP_FROM_ADDRESS=direccao@ansol.org
|
||||||
|
SMTP_FROM_NAME=ANSOL
|
||||||
|
|
||||||
|
IFTHENPAY_KEY={{ ifthenpay_key }}
|
||||||
|
IFTHENPAY_ACCOUNTS={{ ifthenpay_accounts }}
|
||||||
|
|
||||||
|
BASE_HOST=saucy.ansol.org
|
||||||
|
RAILS_ENV=production
|
||||||
|
RAILS_LOG_TO_STDOUT=true
|
||||||
|
RAILS_SERVE_STATIC_FILES=true
|
||||||
|
SECRET_KEY_BASE={{ secret_key_base }}
|
13
roles/container-saucy/files/unit.service
Normal file
13
roles/container-saucy/files/unit.service
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Container running saucy
|
||||||
|
Wants=network.target
|
||||||
|
After=network-online.target container-postgres.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Restart=on-failure
|
||||||
|
TimeoutStopSec=70
|
||||||
|
ExecStart=/usr/bin/docker run --pull=always --rm --name saucy --env-file /srv/saucy/env -v /srv/saucy/data:/data -p80:3000 git.ansol.org/ansol/saucy:latest
|
||||||
|
ExecStop=/usr/bin/docker stop saucy
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target default.target
|
3
roles/container-saucy/handlers/main.yml
Normal file
3
roles/container-saucy/handlers/main.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
- name: reload systemd
|
||||||
|
systemd:
|
||||||
|
daemon_reload: yes
|
36
roles/container-saucy/tasks/main.yml
Normal file
36
roles/container-saucy/tasks/main.yml
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
- name: container saucy -- srv directory
|
||||||
|
become: true
|
||||||
|
file:
|
||||||
|
path: '/srv/saucy'
|
||||||
|
mode: 0700
|
||||||
|
state: directory
|
||||||
|
- name: container saucy -- env file
|
||||||
|
become: true
|
||||||
|
template:
|
||||||
|
src: 'files/env'
|
||||||
|
dest: '/srv/saucy/env'
|
||||||
|
mode: 0600
|
||||||
|
- name: container saucy -- systemd unit file
|
||||||
|
become: true
|
||||||
|
template:
|
||||||
|
src: 'files/unit.service'
|
||||||
|
dest: '/etc/systemd/system/container-saucy.service'
|
||||||
|
mode: 0644
|
||||||
|
notify: reload systemd
|
||||||
|
- name: container saucy -- start
|
||||||
|
become: true
|
||||||
|
systemd:
|
||||||
|
name: container-saucy
|
||||||
|
state: started
|
||||||
|
- name: container saucy -- sync cron
|
||||||
|
become: true
|
||||||
|
cron:
|
||||||
|
name: "saucy-sync"
|
||||||
|
minute: "*/5"
|
||||||
|
job: "/usr/bin/docker exec -it saucy bin/rails saucy:sync"
|
||||||
|
#- name: container saucy -- sync cron
|
||||||
|
# become: true
|
||||||
|
# cron:
|
||||||
|
# name: "saucy-sync"
|
||||||
|
# hour: "8"
|
||||||
|
# job: "/usr/bin/docker exec -it saucy bin/rails saucy:notify"
|
Loading…
Reference in New Issue
Block a user