Compare commits

..

17 commits

19 changed files with 93 additions and 15 deletions

View file

@ -3,3 +3,4 @@ profile: production
strict: true strict: true
exclude_paths: exclude_paths:
- "**/*docker-compose.yaml" - "**/*docker-compose.yaml"
- .github/

0
.ansible-lint-ignore Normal file
View file

6
.github/dependabot.yaml vendored Normal file
View file

@ -0,0 +1,6 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "monthly"

36
.github/workflows/main.yml vendored Normal file
View file

@ -0,0 +1,36 @@
on:
workflow_dispatch:
push:
branches:
- master
jobs:
ansible:
name: run ansible
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v5.2.0
with:
# Version range or exact version of Python or PyPy to use, using SemVer's version range syntax. Reads from .python-version if unset.
python-version: 3
# Used to specify a package manager for caching in the default directory. Supported values: pip, pipenv, poetry.
cache: pip
# Set this option if you want the action to check for the latest available version that satisfies the version spec.
check-latest: true
- name: Run ansible
env:
DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
DEPLOY_PORT: ${{ secrets.DEPLOY_PORT }}
DEPLOY_USERNAME: ${{ secrets.DEPLOY_USERNAME }}
ANSIBLE_INVENTORY: inventories/github.yaml
ANSIBLE_VAULT_PASSWORD_FILE: vault.pass
ANSIBLE_FORCE_COLOR: "true"
run: |
echo '${{ secrets.ANSIBLE_VAULT_PASSWORD }}' > $ANSIBLE_VAULT_PASSWORD_FILE
ls $ANSIBLE_VAULT_PASSWORD_FILE
export KEY_FILE=$(mktemp)
echo "${{ secrets.DEPLOY_KEY }}" > $KEY_FILE
ansible-playbook playbooks/all.yaml

View file

@ -1,3 +1,3 @@
[env] [env]
ANSIBLE_INVENTORY = "{{config_root}}/inventory.ini" ANSIBLE_INVENTORY = "{{config_root}}/inventories/local.yaml"
ANSIBLE_VAULT_PASSWORD_FILE = "{{config_root}}/vault.pass" ANSIBLE_VAULT_PASSWORD_FILE = "{{config_root}}/vault.pass"

10
inventories/github.yaml Normal file
View file

@ -0,0 +1,10 @@
---
servers:
hosts:
ubuntu:
ansible_host: "{{ lookup('env', 'DEPLOY_HOST') }}"
ansible_port: "{{ lookup('env', 'DEPLOY_PORT') }}"
ansible_user: "{{ lookup('env', 'DEPLOY_USERNAME') }}"
ansible_ssh_private_key_file: "{{ lookup('env', 'KEY_FILE') }}"
ansible_python_interpreter: auto_silent
ansible_ssh_common_args: -o StrictHostKeyChecking=no

6
inventories/local.yaml Normal file
View file

@ -0,0 +1,6 @@
---
servers:
hosts:
ubuntu:
ansible_host: 192.168.0.6
ansible_python_interpreter: auto_silent

View file

@ -1,2 +0,0 @@
[servers]
ubuntu ansible_host=192.168.0.6 ansible_python_interpreter=auto_silent

4
playbooks/all.yaml Normal file
View file

@ -0,0 +1,4 @@
---
- import_playbook: system/all.yaml # noqa: name[play]
- import_playbook: dependencies/all.yaml # noqa: name[play]
- import_playbook: apps/all.yaml # noqa: name[play]

8
playbooks/apps/all.yaml Normal file
View file

@ -0,0 +1,8 @@
---
- import_playbook: caddy.yaml # noqa: name[play]
- import_playbook: ghost-update.yaml # noqa: name[play]
- import_playbook: gitea.yaml # noqa: name[play]
- import_playbook: goatcounter.yaml # noqa: name[play]
- import_playbook: lyon-transports.yaml # noqa: name[play]
- import_playbook: test_headers.yaml # noqa: name[play]
- import_playbook: wallabag.yaml # noqa: name[play]

View file

@ -8,7 +8,7 @@
chdir: /mnt/data/gabnotes.org chdir: /mnt/data/gabnotes.org
cmd: ghost update cmd: ghost update
register: gabnotes_async register: gabnotes_async
changed_when: true changed_when: false
async: 300 async: 300
poll: 0 poll: 0
- name: Start update on voyages-lois.augendre.info - name: Start update on voyages-lois.augendre.info
@ -16,7 +16,7 @@
chdir: /mnt/data/voyages-lois.augendre.info chdir: /mnt/data/voyages-lois.augendre.info
cmd: ghost update cmd: ghost update
register: voyages_lois_async register: voyages_lois_async
changed_when: true changed_when: false
async: 300 async: 300
poll: 0 poll: 0
- name: Start update on voyages.coccomagnard.fr - name: Start update on voyages.coccomagnard.fr
@ -24,7 +24,7 @@
chdir: /mnt/data/voyages.coccomagnard.fr chdir: /mnt/data/voyages.coccomagnard.fr
cmd: ghost update cmd: ghost update
register: voyages_coccomagnard_async register: voyages_coccomagnard_async
changed_when: true changed_when: false
async: 300 async: 300
poll: 0 poll: 0
- name: Check gabnotes.org - name: Check gabnotes.org

View file

@ -15,22 +15,22 @@
- name: Download binary - name: Download binary
ansible.builtin.get_url: ansible.builtin.get_url:
url: https://github.com/arp242/goatcounter/releases/download/{{ release.tag }}/goatcounter-{{ release.tag }}-linux-amd64.gz url: https://github.com/arp242/goatcounter/releases/download/{{ release.tag }}/goatcounter-{{ release.tag }}-linux-amd64.gz
dest: "{{ base_dir }}/goatcounter-{{ release.tag }}.gz" dest: "{{ dir }}/goatcounter-{{ release.tag }}.gz"
mode: "0644" mode: "0644"
owner: gaugendre owner: gaugendre
group: gaugendre group: gaugendre
- name: Uncompress - name: Uncompress
ansible.builtin.command: gunzip {{ base_dir }}/goatcounter-{{ release.tag }}.gz ansible.builtin.command: gunzip {{ dir }}/goatcounter-{{ release.tag }}.gz
args: args:
creates: "{{ base_dir }}/goatcounter-{{ release.tag }}" creates: "{{ dir }}/goatcounter-{{ release.tag }}"
- name: Make executable - name: Make executable
ansible.builtin.file: ansible.builtin.file:
path: "{{ base_dir }}/goatcounter-{{ release.tag }}" path: "{{ dir }}/goatcounter-{{ release.tag }}"
mode: "0775" mode: "0775"
- name: Symlink - name: Symlink
ansible.builtin.file: ansible.builtin.file:
src: "{{ base_dir }}/goatcounter-{{ release.tag }}" src: "{{ dir }}/goatcounter-{{ release.tag }}"
dest: "{{ base_dir }}/goatcounter" dest: "{{ dir }}/goatcounter"
state: link state: link
- name: Write service unit file - name: Write service unit file
become: true become: true
@ -65,7 +65,7 @@
vars: vars:
ansible_python_interpreter: /tmp/ansible/bin/python ansible_python_interpreter: /tmp/ansible/bin/python
base_dir: /mnt/data/goatcounter dir: /mnt/data/goatcounter
gc_mailgun_api_key: !vault | gc_mailgun_api_key: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
31386237653033306338393237353961396535363061363931643863653461333631376365663338 31386237653033306338393237353961396535363061363931643863653461333631376365663338

View file

@ -35,6 +35,7 @@
state: restarted state: restarted
vars: vars:
dir: /mnt/data/lyon-transports
lyon_transports_password: !vault | lyon_transports_password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
35356364616633356164376433623139333165626433303437666266613762643239373730616131 35356364616633356164376433623139333165626433303437666266613762643239373730616131

View file

@ -3,7 +3,7 @@ Description=Goatcounter
After=network.target After=network.target
[Service] [Service]
ExecStart={{base_dir}}/goatcounter serve -listen *:8005 -tls http -smtp smtps://goatcounter%%40mg.augendre.info:{{gc_mailgun_api_key}}@smtp.mailgun.org:587 -email-from goatcounter@mg.augendre.info -automigrate -db sqlite+{{base_dir}}/db/goatcounter.sqlite3 ExecStart={{ dir }}/goatcounter serve -listen *:8005 -tls http -smtp smtps://goatcounter%%40mg.augendre.info:{{gc_mailgun_api_key}}@smtp.mailgun.org:587 -email-from goatcounter@mg.augendre.info -automigrate -db sqlite+{{ dir }}/db/goatcounter.sqlite3
Type=simple Type=simple
Restart=always Restart=always
User=gaugendre User=gaugendre

View file

@ -3,7 +3,7 @@ Description=Lyon transports API
After=network.target After=network.target
[Service] [Service]
ExecStart=/mnt/data/lyon-transports/lyon-transports-linux-amd64 --host 0.0.0.0 --port 8013 -u {{ lyon_transports_username }} -p {{ lyon_transports_password }} --cors-allowed-origin https://display.augendre.info ExecStart={{ dir }}/lyon-transports-linux-amd64 --host 0.0.0.0 --port 8013 -u {{ lyon_transports_username }} -p {{ lyon_transports_password }} --cors-allowed-origin https://display.augendre.info
Type=simple Type=simple
Restart=always Restart=always
User=gaugendre User=gaugendre

View file

@ -9,6 +9,7 @@
pkg: pkg:
- python3-venv - python3-venv
- name: Setup venv - name: Setup venv
# github3.py required by the goatcounter playbook
ansible.builtin.shell: | ansible.builtin.shell: |
if [ -x /tmp/ansible/bin/python ]; then exit 123; fi if [ -x /tmp/ansible/bin/python ]; then exit 123; fi
/usr/bin/python3 -m venv /tmp/ansible /usr/bin/python3 -m venv /tmp/ansible

View file

@ -0,0 +1,4 @@
---
# intentionally leaving 00-clean-deps to prevent re-creating the venv every time
- import_playbook: 01-setup-deps.yaml # noqa: name[play]
- import_playbook: caddy.yaml # noqa: name[play]

View file

@ -0,0 +1,2 @@
---
- import_playbook: update.yaml # noqa: name[play]

1
requirements.txt Normal file
View file

@ -0,0 +1 @@
ansible