131 lines
3.5 KiB
YAML
Executable File
131 lines
3.5 KiB
YAML
Executable File
---
|
|
- name: Frontend setup
|
|
hosts: frontend
|
|
|
|
vars:
|
|
username: matt
|
|
|
|
#certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}"
|
|
certbot_auto_renew_user: "root"
|
|
certbot_auto_renew_hour: "3"
|
|
certbot_auto_renew_minute: "30"
|
|
|
|
certbot_create_if_missing: true
|
|
certbot_admin_email: matthew@thespencers.me.uk
|
|
|
|
certbot_certs:
|
|
- domains:
|
|
- "apptabulous.co.uk"
|
|
- "www.apptabulous.co.uk"
|
|
- "hub.apptabulous.co.uk"
|
|
- "watchtower.apptabulous.co.uk"
|
|
webroot: "/var/www/html"
|
|
|
|
- domains:
|
|
- "m5p3nc3r.co.uk"
|
|
- "www.m5p3nc3r.co.uk"
|
|
- "gitea.m5p3nc3r.co.uk"
|
|
webroot: "/var/www/html"
|
|
|
|
certbot_repo: https://github.com/certbot/certbot.git
|
|
certbot_version: master
|
|
certbot_keep_updated: true
|
|
certbot_dir: /opt/certbot
|
|
certbot_create_extra_args: ""
|
|
|
|
docker_add_repo: true
|
|
docker_users:
|
|
- "{{ username }}"
|
|
|
|
roles:
|
|
- role: geerlingguy.git
|
|
become: true
|
|
- role: geerlingguy.docker
|
|
become: true
|
|
- role: geerlingguy.certbot
|
|
become: true
|
|
|
|
tasks:
|
|
- name: Override default certbot start/stop jobs
|
|
become: true
|
|
ansible.builtin.copy:
|
|
src: letsencrypt
|
|
dest: /etc
|
|
|
|
- name: Copy reverse proxy configuration to host
|
|
become: true
|
|
ansible.builtin.copy:
|
|
src: apptabulous/reverseproxy
|
|
dest: /etc
|
|
|
|
- name: Start reverse proxy container
|
|
community.docker.docker_container:
|
|
name: reverse_proxy
|
|
image: nginx:alpine
|
|
#image: ghcr.io/m5p3nc3r/nginx-keyval:main
|
|
restart_policy: always
|
|
volumes:
|
|
- /etc/reverseproxy/nginx.conf:/etc/nginx/nginx.conf
|
|
- /etc/reverseproxy/conf.d:/etc/nginx/conf.d
|
|
- /etc/reverseproxy/stream.d:/etc/nginx/stream.d
|
|
- /etc/letsencrypt:/etc/letsencrypt
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "2222:2222"
|
|
state: started
|
|
|
|
- name: Start docker registry
|
|
community.docker.docker_container:
|
|
name: registry
|
|
image: registry:2
|
|
restart_policy: always
|
|
ports:
|
|
- "5000:5000"
|
|
state: started
|
|
|
|
- name: Log into ghcf.io registry
|
|
community.general.docker_login:
|
|
registry: ghcr.io
|
|
username: "{{ secrets.GITHUB_ACTOR }}"
|
|
password: "{{ secrets.GITHUB_TOKEN }}"
|
|
|
|
- name: Start m5p3nc3r website
|
|
community.docker.docker_container:
|
|
name: website
|
|
image: ghcr.io/m5p3nc3r/website:main
|
|
restart_policy: always
|
|
volumes:
|
|
- /home/matt/public/apps:/app/public/apps
|
|
ports:
|
|
- "3000:3000"
|
|
env:
|
|
NEXT_SERVER_ACTIONS_ENCRYPTION_KEY: "{{ secrets.NEXT_SERVER_ACTIONS_ENCRYPTION_KEY }}"
|
|
state: started
|
|
|
|
- name: Start Apptabulous website
|
|
community.docker.docker_container:
|
|
name: apptabulous_website
|
|
image: ghcr.io/m5p3nc3r/apptabulous_website:main
|
|
restart_policy: always
|
|
ports:
|
|
- "3001:3000"
|
|
state: started
|
|
|
|
- name: Start watchtower
|
|
community.docker.docker_container:
|
|
name: watchtower
|
|
image: nickfedor/watchtower
|
|
restart_policy: always
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- /home/matt/.docker/config.json:/config.json
|
|
command:
|
|
- --cleanup
|
|
- --http-api-update
|
|
- --http-api-token={{ secrets.WATCHTOWER_HTTP_API_TOKEN }}
|
|
- --http-api-periodic-polls
|
|
ports:
|
|
- "8080:8080"
|
|
state: started
|