--- - name: Frontend setup hosts: frontend vars: username: matt certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}" certbot_auto_renew_hour: "3" certbot_auto_renew_minute: "30" certbot_create_if_missing: true certbot_admin_email: matthew@thespencers.me.uk certbot_certs: - webroot: "/var/www/html" domains: - "apptabulous.co.uk" - "www.apptabulous.co.uk" - "hub.apptabulous.co.uk" - "m5p3nc3r.co.uk" - "www.m5p3nc3r.co.uk" certbot_repo: https://github.com/certbot/certbot.git certbot_version: master certbot_keep_updated: true certbot_dir: /opt/certbot certbot_create_extra_args: "" docker_add_repo: true docker_users: - "{{ username }}" roles: - role: geerlingguy.git become: true - role: geerlingguy.docker become: true - role: geerlingguy.certbot become: true tasks: - name: Copy reverse proxy configuration to host become: true ansible.builtin.copy: src: apptabulous/reverseproxy dest: /etc - name: Start reverse proxy container community.docker.docker_container: name: reverse_proxy image: nginx:mainline-alpine-slim restart_policy: always volumes: - /etc/reverseproxy/conf.d:/etc/nginx/conf.d - /etc/letsencrypt:/etc/letsencrypt ports: - "80:80" - "443:443" state: started - name: Start docker registry community.docker.docker_container: name: registry image: registry:2 restart_policy: always ports: - "5000:5000" state: started - name: Log into ghcf.io registry community.general.docker_login: registry: ghcr.io username: "{{ secrets.GITHUB_ACTOR }}" password: "{{ secrets.GITHUB_TOKEN }}" # NOTE: This will fail on the first run because the container has not been # uploaded to the registry yet - name: Start website community.docker.docker_container: name: website image: ghcr.io/m5p3nc3r/website:main restart_policy: always ports: - "3000:3000" state: started