Matt Spencer
d7c18b747e
Needed to modify the nginx configuration to allow streaming of ssh. Using docker compose for this service, will probably migrate all others soon.
128 lines
3.5 KiB
YAML
Executable File
128 lines
3.5 KiB
YAML
Executable File
---
|
|
- name: Frontend setup
|
|
hosts: frontend
|
|
|
|
vars:
|
|
username: matt
|
|
|
|
#certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}"
|
|
certbot_auto_renew_user: "root"
|
|
certbot_auto_renew_hour: "3"
|
|
certbot_auto_renew_minute: "30"
|
|
|
|
certbot_create_if_missing: true
|
|
certbot_admin_email: matthew@thespencers.me.uk
|
|
|
|
certbot_certs:
|
|
- webroot: "/var/www/html"
|
|
domains:
|
|
- "apptabulous.co.uk"
|
|
- "www.apptabulous.co.uk"
|
|
- "hub.apptabulous.co.uk"
|
|
- "watchtower.apptabulous.co.uk"
|
|
- "m5p3nc3r.co.uk"
|
|
- "www.m5p3nc3r.co.uk"
|
|
- "gitea.m5p3nc3r.co.uk"
|
|
|
|
certbot_repo: https://github.com/certbot/certbot.git
|
|
certbot_version: master
|
|
certbot_keep_updated: true
|
|
certbot_dir: /opt/certbot
|
|
certbot_create_extra_args: ""
|
|
|
|
docker_add_repo: true
|
|
docker_users:
|
|
- "{{ username }}"
|
|
|
|
roles:
|
|
- role: geerlingguy.git
|
|
become: true
|
|
- role: geerlingguy.docker
|
|
become: true
|
|
- role: geerlingguy.certbot
|
|
become: true
|
|
|
|
tasks:
|
|
- name: Override default certbot start/stop jobs
|
|
become: true
|
|
ansible.builtin.copy:
|
|
src: letsencrypt
|
|
dest: /etc
|
|
|
|
- name: Copy reverse proxy configuration to host
|
|
become: true
|
|
ansible.builtin.copy:
|
|
src: apptabulous/reverseproxy
|
|
dest: /etc
|
|
|
|
- name: Start reverse proxy container
|
|
community.docker.docker_container:
|
|
name: reverse_proxy
|
|
image: nginx:alpine
|
|
#image: ghcr.io/m5p3nc3r/nginx-keyval:main
|
|
restart_policy: always
|
|
volumes:
|
|
- /etc/reverseproxy/nginx.conf:/etc/nginx/nginx.conf
|
|
- /etc/reverseproxy/conf.d:/etc/nginx/conf.d
|
|
- /etc/reverseproxy/stream.d:/etc/nginx/stream.d
|
|
- /etc/letsencrypt:/etc/letsencrypt
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "2222:2222"
|
|
state: started
|
|
|
|
- name: Start docker registry
|
|
community.docker.docker_container:
|
|
name: registry
|
|
image: registry:2
|
|
restart_policy: always
|
|
ports:
|
|
- "5000:5000"
|
|
state: started
|
|
|
|
- name: Log into ghcf.io registry
|
|
community.general.docker_login:
|
|
registry: ghcr.io
|
|
username: "{{ secrets.GITHUB_ACTOR }}"
|
|
password: "{{ secrets.GITHUB_TOKEN }}"
|
|
|
|
- name: Start m5p3nc3r website
|
|
community.docker.docker_container:
|
|
name: website
|
|
image: ghcr.io/m5p3nc3r/website:main
|
|
restart_policy: always
|
|
volumes:
|
|
- /home/matt/public/apps:/app/public/apps
|
|
ports:
|
|
- "3000:3000"
|
|
env:
|
|
NEXT_SERVER_ACTIONS_ENCRYPTION_KEY: "{{ secrets.NEXT_SERVER_ACTIONS_ENCRYPTION_KEY }}"
|
|
state: started
|
|
|
|
- name: Start Apptabulous website
|
|
community.docker.docker_container:
|
|
name: apptabulous_website
|
|
image: ghcr.io/m5p3nc3r/apptabulous_website:main
|
|
restart_policy: always
|
|
ports:
|
|
- "3001:3000"
|
|
state: started
|
|
|
|
- name: Start watchtower
|
|
community.docker.docker_container:
|
|
name: watchtower
|
|
image: nickfedor/watchtower
|
|
restart_policy: always
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- /home/matt/.docker/config.json:/config.json
|
|
command:
|
|
- --cleanup
|
|
- --http-api-update
|
|
- --http-api-token={{ secrets.WATCHTOWER_HTTP_API_TOKEN }}
|
|
- --http-api-periodic-polls
|
|
ports:
|
|
- "8080:8080"
|
|
state: started
|