refactor docker using role

2024-10-16 06:38:18 +02:00 · 2024-10-11 18:41:46 +02:00 · 2024-10-11 18:41:46 +02:00 · b3706204ce
commit b3706204ce
parent c6b4cb700b
16 changed files with 74 additions and 286 deletions
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@ -25,6 +25,7 @@ jobs:
          ANSIBLE_INVENTORY: inventories/github.yaml
          ANSIBLE_VAULT_PASSWORD_FILE: vault.pass
          ANSIBLE_FORCE_COLOR: "true"
          ANSIBLE_ROLES_PATH: "./roles"
        run: |
          echo '${{ secrets.ANSIBLE_VAULT_PASSWORD }}' > $ANSIBLE_VAULT_PASSWORD_FILE
          ls $ANSIBLE_VAULT_PASSWORD_FILE
--- a/.github/workflows/dry-run.yml
+++ b/.github/workflows/dry-run.yml
@ -23,6 +23,7 @@ jobs:
          ANSIBLE_INVENTORY: inventories/github.yaml
          ANSIBLE_VAULT_PASSWORD_FILE: vault.pass
          ANSIBLE_FORCE_COLOR: "true"
          ANSIBLE_ROLES_PATH: "./roles"
        run: |
          echo '${{ secrets.ANSIBLE_VAULT_PASSWORD }}' > $ANSIBLE_VAULT_PASSWORD_FILE
          ls $ANSIBLE_VAULT_PASSWORD_FILE
--- a/.mise.toml
+++ b/.mise.toml
@ -1,3 +1,4 @@
 [env]
 ANSIBLE_INVENTORY = "{{config_root}}/inventories/local.yaml"
 ANSIBLE_VAULT_PASSWORD_FILE = "{{config_root}}/vault.pass"
 ANSIBLE_ROLES_PATH = "{{config_root}}/roles"
--- a/playbooks/apps/charasheet.yaml
+++ b/playbooks/apps/charasheet.yaml
@ -3,45 +3,12 @@
  hosts: servers
  gather_facts: false
  tasks:
-    - name: Create dir
+    - name: Docker
-      ansible.builtin.file:
+      ansible.builtin.include_role:
-        path: "{{ dir }}"
+        name: docker
        state: directory
        mode: "0775"
    - name: Write files
      ansible.builtin.copy:
        src: "{{ item }}"
        dest: "{{ dir }}/"
        mode: preserve
      with_fileglob:
        - files/{{ app_name }}/*
        - files/{{ app_name }}/.*
      notify:
        - Restart service
    - name: Write templates
      ansible.builtin.template:
        src: "{{ item }}"
        dest: "{{ dir }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
        mode: preserve
      with_fileglob:
        - templates/{{ app_name }}/*.j2
        - templates/{{ app_name }}/.*.j2
      notify:
        - Restart service
    - name: Ensure service is started
      community.docker.docker_compose_v2:
        project_src: "{{ dir }}"
        state: present
  handlers:
    - name: Restart service
      community.docker.docker_compose_v2:
        project_src: "{{ dir }}"
        state: restarted
  vars:
-    app_name: charasheet
+    docker_app_name: charasheet
    dir: /mnt/data/{{ app_name }}
    secret_key: !vault |
      $ANSIBLE_VAULT;1.1;AES256
      35666131616231643064336266303061326534356131666364633932373330663637343836353837
--- a/playbooks/apps/checkout.yaml
+++ b/playbooks/apps/checkout.yaml
@ -3,45 +3,12 @@
  hosts: servers
  gather_facts: false
  tasks:
-    - name: Create dir
+    - name: Docker
-      ansible.builtin.file:
+      ansible.builtin.include_role:
-        path: "{{ dir }}"
+        name: docker
        state: directory
        mode: "0775"
    - name: Write files
      ansible.builtin.copy:
        src: "{{ item }}"
        dest: "{{ dir }}/"
        mode: preserve
      with_fileglob:
        - files/{{ app_name }}/*
        - files/{{ app_name }}/.*
      notify:
        - Restart service
    - name: Write templates
      ansible.builtin.template:
        src: "{{ item }}"
        dest: "{{ dir }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
        mode: preserve
      with_fileglob:
        - templates/{{ app_name }}/*.j2
        - templates/{{ app_name }}/.*.j2
      notify:
        - Restart service
    - name: Ensure service is started
      community.docker.docker_compose_v2:
        project_src: "{{ dir }}"
        state: present
  handlers:
    - name: Restart service
      community.docker.docker_compose_v2:
        project_src: "{{ dir }}"
        state: restarted
  vars:
-    app_name: checkout
+    docker_app_name: checkout
    dir: /mnt/data/{{ app_name }}
    secret_key: !vault |
      $ANSIBLE_VAULT;1.1;AES256
      33393761643061393863616663323863663033313865383135663939636433393730643831616231
--- a/playbooks/apps/code.yaml
+++ b/playbooks/apps/code.yaml
@ -3,45 +3,12 @@
  hosts: servers
  gather_facts: false
  tasks:
-    - name: Create dir
+    - name: Docker
-      ansible.builtin.file:
+      ansible.builtin.include_role:
-        path: "{{ dir }}"
+        name: docker
        state: directory
        mode: "0775"
    - name: Write files
      ansible.builtin.copy:
        src: "{{ item }}"
        dest: "{{ dir }}/"
        mode: preserve
      with_fileglob:
        - files/{{ app_name }}/*
        - files/{{ app_name }}/.*
      notify:
        - Restart service
    - name: Write templates
      ansible.builtin.template:
        src: "{{ item }}"
        dest: "{{ dir }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
        mode: preserve
      with_fileglob:
        - templates/{{ app_name }}/*.j2
        - templates/{{ app_name }}/.*.j2
      notify:
        - Restart service
    - name: Ensure service is started
      community.docker.docker_compose_v2:
        project_src: "{{ dir }}"
        state: present
  handlers:
    - name: Restart service
      community.docker.docker_compose_v2:
        project_src: "{{ dir }}"
        state: restarted
  vars:
-    app_name: code
+    docker_app_name: code
    dir: /mnt/data/{{ app_name }}
    password: !vault |
      $ANSIBLE_VAULT;1.1;AES256
      65333933333436616332666161653932633431333334636364346239346530336337303939643435
--- a/playbooks/apps/collabora.yaml
+++ b/playbooks/apps/collabora.yaml
@ -3,45 +3,12 @@
  hosts: servers
  gather_facts: false
  tasks:
-    - name: Create dir
+    - name: Docker
-      ansible.builtin.file:
+      ansible.builtin.include_role:
-        path: "{{ dir }}"
+        name: docker
        state: directory
        mode: "0775"
    - name: Write files
      ansible.builtin.copy:
        src: "{{ item }}"
        dest: "{{ dir }}/"
        mode: preserve
      with_fileglob:
        - files/{{ app_name }}/*
        - files/{{ app_name }}/.*
      notify:
        - Restart service
    - name: Write templates
      ansible.builtin.template:
        src: "{{ item }}"
        dest: "{{ dir }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
        mode: preserve
      with_fileglob:
        - templates/{{ app_name }}/*.j2
        - templates/{{ app_name }}/.*.j2
      notify:
        - Restart service
    - name: Ensure service is started
      community.docker.docker_compose_v2:
        project_src: "{{ dir }}"
        state: present
  handlers:
    - name: Restart service
      community.docker.docker_compose_v2:
        project_src: "{{ dir }}"
        state: restarted
  vars:
-    app_name: collabora
+    docker_app_name: collabora
    dir: /mnt/data/{{ app_name }}
    password: !vault |
      $ANSIBLE_VAULT;1.1;AES256
      64396634656334643030623536313236663438653730663266346530326233353836656339356631
--- a/playbooks/apps/files/gitea/docker-compose.yaml
+++ b/playbooks/apps/files/gitea/docker-compose.yaml
--- a/playbooks/apps/files/gitea/gitea.env
+++ b/playbooks/apps/files/gitea/gitea.env
--- a/playbooks/apps/gitea.yaml
+++ b/playbooks/apps/gitea.yaml
@ -1,23 +1,11 @@
 ---
- name: Setup gitea
+- name: Gitea
  hosts: servers
  gather_facts: false
  tasks:
-    - name: Create dir
+    - name: Docker
-      ansible.builtin.file:
+      ansible.builtin.include_role:
-        path: "{{ dir }}"
+        name: docker
        state: directory
        mode: "0775"
    - name: Write env file
      ansible.builtin.copy:
        src: files/gitea/gitea.env
        dest: "{{ dir }}/gitea.env"
        mode: "0644"
    - name: Write docker-compose.yaml
      ansible.builtin.copy:
        src: files/gitea/docker-compose.yaml
        dest: "{{ dir }}/docker-compose.yaml"
        mode: "0644"
    - name: Write app.ini
      ansible.builtin.template:
        src: templates/gitea_app.ini.j2
@ -25,19 +13,10 @@
        mode: "0600"
      notify:
        - Restart service
    - name: Ensure service is started
      community.docker.docker_compose_v2:
        project_src: "{{ dir }}"
        state: present
  handlers:
    - name: Restart service
      community.docker.docker_compose_v2:
        project_src: "{{ dir }}"
        state: restarted
  vars:
-    dir: /mnt/data/git
+    docker_app_name: git
    dir: /mnt/data/{{ docker_app_name }}
    lfs_jwt_secret: !vault |
      $ANSIBLE_VAULT;1.1;AES256
      34656631616165623233353835386162343837363230366136303764613334323262313233616462
--- a/playbooks/apps/template.yaml.dist
+++ b/playbooks/apps/template.yaml.dist
@ -3,42 +3,8 @@
  hosts: servers
  gather_facts: false
  tasks:
-    - name: Create dir
+    - include_role:
-      ansible.builtin.file:
+        name: docker
        path: "{{ dir }}"
        state: directory
        mode: "0775"
    - name: Write files
      ansible.builtin.copy:
        src: "{{ item }}"
        dest: "{{ dir }}/"
        mode: preserve
      with_fileglob:
        - files/{{ app_name }}/*
        - files/{{ app_name }}/.*
      notify:
        - Restart service
    - name: Write templates
      ansible.builtin.template:
        src: "{{ item }}"
        dest: "{{ dir }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
        mode: preserve
      with_fileglob:
        - templates/{{ app_name }}/*.j2
        - templates/{{ app_name }}/.*.j2
      notify:
        - Restart service
    - name: Ensure service is started
      community.docker.docker_compose_v2:
        project_src: "{{ dir }}"
        state: present
  handlers:
    - name: Restart service
      community.docker.docker_compose_v2:
        project_src: "{{ dir }}"
        state: restarted
  vars:
-    app_name: ==APP==
+    docker_app_name: ==APP==
    dir: /mnt/data/{{ app_name }}
--- a/playbooks/apps/test_headers.yaml
+++ b/playbooks/apps/test_headers.yaml
@ -3,42 +3,9 @@
  hosts: servers
  gather_facts: false
  tasks:
-    - name: Create dir
+    - name: Docker
-      ansible.builtin.file:
+      ansible.builtin.include_role:
-        path: "{{ dir }}"
+        name: docker
        state: directory
        mode: "0775"
    - name: Write files
      ansible.builtin.copy:
        src: "{{ item }}"
        dest: "{{ dir }}/"
        mode: preserve
      with_fileglob:
        - files/{{ app_name }}/*
        - files/{{ app_name }}/.*
      notify:
        - Restart service
    - name: Write templates
      ansible.builtin.template:
        src: "{{ item }}"
        dest: "{{ dir }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
        mode: preserve
      with_fileglob:
        - templates/{{ app_name }}/*.j2
        - templates/{{ app_name }}/.*.j2
      notify:
        - Restart service
    - name: Ensure service is started
      community.docker.docker_compose_v2:
        project_src: "{{ dir }}"
        state: present
  handlers:
    - name: Restart service
      community.docker.docker_compose_v2:
        project_src: "{{ dir }}"
        state: restarted
  vars:
-    app_name: test_headers
+    docker_app_name: test_headers
    dir: /mnt/data/{{ app_name }}
--- a/playbooks/apps/wallabag.yaml
+++ b/playbooks/apps/wallabag.yaml
@ -3,45 +3,12 @@
  hosts: servers
  gather_facts: false
  tasks:
-    - name: Create dir
+    - name: Docker
-      ansible.builtin.file:
+      ansible.builtin.include_role:
-        path: "{{ dir }}"
+        name: docker
        state: directory
        mode: "0775"
    - name: Write files
      ansible.builtin.copy:
        src: "{{ item }}"
        dest: "{{ dir }}/"
        mode: preserve
      with_fileglob:
        - files/{{ app_name }}/*
        - files/{{ app_name }}/.*
      notify:
        - Restart service
    - name: Write templates
      ansible.builtin.template:
        src: "{{ item }}"
        dest: "{{ dir }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
        mode: preserve
      with_fileglob:
        - templates/{{ app_name }}/*.j2
        - templates/{{ app_name }}/.*.j2
      notify:
        - Restart service
    - name: Ensure service is started
      community.docker.docker_compose_v2:
        project_src: "{{ dir }}"
        state: present
  handlers:
    - name: Restart service
      community.docker.docker_compose_v2:
        project_src: "{{ dir }}"
        state: restarted
  vars:
-    app_name: wallabag
+    docker_app_name: wallabag
    dir: /mnt/data/{{ app_name }}
    secret_key: !vault |
      $ANSIBLE_VAULT;1.1;AES256
      31346432623062383331306633383230376264326530643236393838356166346563653637376666
--- a/roles/docker/defaults/main.yaml
+++ b/roles/docker/defaults/main.yaml
@ -0,0 +1,3 @@
 ---
 docker_app_name: some-app
 docker_dir: /mnt/data/{{ docker_app_name }}
--- a/roles/docker/handlers/main.yaml
+++ b/roles/docker/handlers/main.yaml
@ -0,0 +1,5 @@
 ---
 - name: Restart service
  community.docker.docker_compose_v2:
    project_src: "{{ docker_dir }}"
    state: restarted
--- a/roles/docker/tasks/main.yaml
+++ b/roles/docker/tasks/main.yaml
@ -0,0 +1,30 @@
 ---
 - name: Create dir
  ansible.builtin.file:
    path: "{{ docker_dir }}"
    state: directory
    mode: "0775"
 - name: Write files
  ansible.builtin.copy:
    src: "{{ item }}"
    dest: "{{ docker_dir }}/"
    mode: preserve
  with_fileglob:
    - files/{{ docker_app_name }}/*
    - files/{{ docker_app_name }}/.*
  notify:
    - Restart service
 - name: Write templates
  ansible.builtin.template:
    src: "{{ item }}"
    dest: "{{ docker_dir }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
    mode: preserve
  with_fileglob:
    - templates/{{ docker_app_name }}/*.j2
    - templates/{{ docker_app_name }}/.*.j2
  notify:
    - Restart service
 - name: Ensure service is started
  community.docker.docker_compose_v2:
    project_src: "{{ docker_dir }}"
    state: present