moved stuff around, gitea not working

2020-05-07 08:17:17 +02:00 · 2020-05-07 08:17:17 +02:00 · 189e2ec60f
commit 189e2ec60f
parent 4cb54d2cbc
12 changed files with 220 additions and 194 deletions
--- a/deployer/group_vars/all/vars.yml
+++ b/deployer/group_vars/all/vars.yml
@ -14,96 +14,96 @@ gitea:
  version: 1.11.4

 sites:
-  - slug: rdb # Shorthand name to use as directory/file name
-    # The site URL (without www)
-    url: rennesdesbois.fr
-    # Ask nginx to redirect url to www
-    # Else, we redirect www to url
-    redirect_to_www: yes
-    # What kind of site is that?
-    type: wordpress
-    # Subnet addresses
-    subnet_cidr_address: 172.27.1.0/24
-    subnet_gateway_ip: 172.27.1.1
-    subnet_nginx_ip: 172.27.1.2
-    subnet_site_ip: 172.27.1.3
-    # MySQL
-    mysql_database: rdb
-    mysql_username: rdb
-    mysql_password: "{{ vault_rdb_mysql_password }}"
+  # - slug: rdb # Shorthand name to use as directory/file name
+  #   # The site URL (without www)
+  #   url: rennesdesbois.fr
+  #   # Ask nginx to redirect url to www
+  #   # Else, we redirect www to url
+  #   redirect_to_www: yes
+  #   # What kind of site is that?
+  #   type: wordpress
+  #   # Subnet addresses
+  #   subnet_cidr_address: 172.27.1.0/24
+  #   subnet_gateway_ip: 172.27.1.1
+  #   subnet_nginx_ip: 172.27.1.2
+  #   subnet_site_ip: 172.27.1.3
+  #   # MySQL
+  #   mysql_database: rdb
+  #   mysql_username: rdb
+  #   mysql_password: "{{ vault_rdb_mysql_password }}"

-  - slug: arvuhez # Shorthand name to use as directory/file name
-    # The site URL (without www)
-    url: arvuhez.org
-    # Ask nginx to redirect url to www
-    # Else, we redirect www to url
-    redirect_to_www: no
-    # What kind of site is that?
-    type: wordpress
-    # Subnet addresses
-    subnet_cidr_address: 172.27.2.0/24
-    subnet_gateway_ip: 172.27.2.1
-    subnet_nginx_ip: 172.27.2.2
-    subnet_site_ip: 172.27.2.3
-    # MySQL    
-    mysql_database: arvuhez
-    mysql_username: arvuhez
-    mysql_password: "{{ vault_arvuhez_mysql_password }}"
+  # - slug: arvuhez # Shorthand name to use as directory/file name
+  #   # The site URL (without www)
+  #   url: arvuhez.org
+  #   # Ask nginx to redirect url to www
+  #   # Else, we redirect www to url
+  #   redirect_to_www: no
+  #   # What kind of site is that?
+  #   type: wordpress
+  #   # Subnet addresses
+  #   subnet_cidr_address: 172.27.2.0/24
+  #   subnet_gateway_ip: 172.27.2.1
+  #   subnet_nginx_ip: 172.27.2.2
+  #   subnet_site_ip: 172.27.2.3
+  #   # MySQL    
+  #   mysql_database: arvuhez
+  #   mysql_username: arvuhez
+  #   mysql_password: "{{ vault_arvuhez_mysql_password }}"

-  - slug: zinzoscope # Shorthand name to use as directory/file name
-    # The site URL (without www)
-    url: zinz.luxeylab.net
-    # Ask nginx to redirect url to www
-    # Else, we redirect www to url
-    redirect_to_www: no
-    # What kind of site is that?
-    type: wordpress
-    # Subnet addresses
-    subnet_cidr_address: 172.27.3.0/24
-    subnet_gateway_ip: 172.27.3.1
-    subnet_nginx_ip: 172.27.3.2
-    subnet_site_ip: 172.27.3.3
-    # MySQL
-    mysql_database: zinzoscope
-    mysql_username: zinzoscope
-    mysql_password: "{{ vault_zinzoscope_mysql_password }}"
+  # - slug: zinzoscope # Shorthand name to use as directory/file name
+  #   # The site URL (without www)
+  #   url: zinz.luxeylab.net
+  #   # Ask nginx to redirect url to www
+  #   # Else, we redirect www to url
+  #   redirect_to_www: no
+  #   # What kind of site is that?
+  #   type: wordpress
+  #   # Subnet addresses
+  #   subnet_cidr_address: 172.27.3.0/24
+  #   subnet_gateway_ip: 172.27.3.1
+  #   subnet_nginx_ip: 172.27.3.2
+  #   subnet_site_ip: 172.27.3.3
+  #   # MySQL
+  #   mysql_database: zinzoscope
+  #   mysql_username: zinzoscope
+  #   mysql_password: "{{ vault_zinzoscope_mysql_password }}"

-  - slug: lexperimental # Shorthand name to use as directory/file name
-    # The site URL (without www)
-    url: lexperimental.fr
-    # Ask nginx to redirect url to www
-    # Else, we redirect www to url
-    redirect_to_www: no
-    # What kind of site is that?
-    type: wordpress
-    # Subnet addresses
-    subnet_cidr_address: 172.27.4.0/24
-    subnet_gateway_ip: 172.27.4.1
-    subnet_nginx_ip: 172.27.4.2
-    subnet_site_ip: 172.27.4.3
-    # MySQL
-    mysql_database: lexperimental
-    mysql_username: lexperimental
-    mysql_password: "{{ vault_lexperimental_mysql_password }}"
+  # - slug: lexperimental # Shorthand name to use as directory/file name
+  #   # The site URL (without www)
+  #   url: lexperimental.fr
+  #   # Ask nginx to redirect url to www
+  #   # Else, we redirect www to url
+  #   redirect_to_www: no
+  #   # What kind of site is that?
+  #   type: wordpress
+  #   # Subnet addresses
+  #   subnet_cidr_address: 172.27.4.0/24
+  #   subnet_gateway_ip: 172.27.4.1
+  #   subnet_nginx_ip: 172.27.4.2
+  #   subnet_site_ip: 172.27.4.3
+  #   # MySQL
+  #   mysql_database: lexperimental
+  #   mysql_username: lexperimental
+  #   mysql_password: "{{ vault_lexperimental_mysql_password }}"

-  - slug: mts # Shorthand name to use as directory/file name
-    # The site URL (without www)
-    url: editionsmangetasoupe.fr
-    # Ask nginx to redirect url to www
-    # Else, we redirect www to url
-    redirect_to_www: no
-    # What kind of site is that?
-    type: drupal
-    # Subnet addresses
-    subnet_cidr_address: 172.27.5.0/24
-    subnet_gateway_ip: 172.27.5.1
-    subnet_site_ip: 172.27.5.2
-    # This will allow setting up MySQL
-    # Configuration on Drupal's side must be done by hand:
-    # Edit your <drupal_install>/sites/default/settings.php
-    mysql_database: mts8
-    mysql_username: mts
-    mysql_password: "{{ vault_mts_mysql_password }}"
+  # - slug: mts # Shorthand name to use as directory/file name
+  #   # The site URL (without www)
+  #   url: editionsmangetasoupe.fr
+  #   # Ask nginx to redirect url to www
+  #   # Else, we redirect www to url
+  #   redirect_to_www: no
+  #   # What kind of site is that?
+  #   type: drupal
+  #   # Subnet addresses
+  #   subnet_cidr_address: 172.27.5.0/24
+  #   subnet_gateway_ip: 172.27.5.1
+  #   subnet_site_ip: 172.27.5.2
+  #   # This will allow setting up MySQL
+  #   # Configuration on Drupal's side must be done by hand:
+  #   # Edit your <drupal_install>/sites/default/settings.php
+  #   mysql_database: mts8
+  #   mysql_username: mts
+  #   mysql_password: "{{ vault_mts_mysql_password }}"

  - slug: gitea_test # Shorthand name to use as directory/file name
    # The site URL (without www)
@ -114,11 +114,14 @@ sites:
    # What kind of site is that?
    type: gitea
    # Subnet addresses
-    subnet_cidr_address: 172.27.4.0/24
-    subnet_gateway_ip: 172.27.4.1
-    subnet_nginx_ip: 172.27.4.2
-    subnet_site_ip: 172.27.4.3
+    subnet_cidr_address: 172.27.6.0/24
+    subnet_gateway_ip: 172.27.6.1
+    subnet_nginx_ip: 172.27.6.2
+    subnet_site_ip: 172.27.6.3
+    # User ID (git on remote)
+    user_uid: 1007
+    user_gid: 1006
    # MySQL
    mysql_database: gitea_test
    mysql_username: gitea_test
-    mysql_password: "{{ vault_lexperimental_mysql_password }}"
+    mysql_password: "{{ vault_gitea_test_mysql_password }}"
--- a/deployer/group_vars/all/vault.yml
+++ b/deployer/group_vars/all/vault.yml
@ -1,34 +1,38 @@
 $ANSIBLE_VAULT;1.1;AES256
-34386539366237643636326332343434623662373561336536363338373535393662323663656535
-6431333031393336353139616535363739343763356163620a356164313063616231373634393963
-30366366616539306438326563623832626666363562383334303961643862373736356337356635
-6461363664316566660a346539376262326438353933663333393137623438643166623335383236
-38643631363032636138333739353337633839303562383664366163303537633463663331313362
-30306132383465633434376236626562353935383463306333386538653436323832313063646162
-35653934306631383633636132666534373537316137623961653566303463376433373561323166
-38353034393830323165653130663063646135656137633434313066616663636635346431333138
-65633663626266613039323264653738316564643563303764646330643837383639646131643639
-36646664386138623565353864373235326362353537306133633663316238613862616464323732
-66383733306166633466333833643162353261356565326232356132303062623936663731663136
-36613261646130383632636165393061316235326435383064313233316639383830323165653265
-31383063303463303561383434623832323536336438623265316264623661653333323133356231
-64663734343333663130303565383466666436383964646564313932323637393136646165643634
-66636261663561613139393333326663646464303339323933663061383736343536623164356566
-36323534323666303532383333343363373666386565643566396636386265393232636233396133
-35393338613166653931666536663336633364383735303361636366656666636433356262656262
-34633534306239663563326566623161633363633466613764343836613331326265636439623530
-37326138393738316536393464643131653537663434323664343237393165613039646232343835
-34323036386232363437633966303861643962393337326332613334343431383231646465336334
-65396465373163643163313466376334646436386463373232613663393663373139356234326165
-64353633313832633335633830323337636130636431666263383061626231343138646665346136
-36323232373338373734333436656435646163393961633366613735616537656638633034373965
-38663662373736626561666239333733393630653439383265616433663934366435323136373963
-66303836363764393363383833323066616234316666303934626638363734346663616661616664
-36366635656534343738343234356363323032636435336433333135666232623231333739336262
-30636561613938396631623365613535656666313334663665363037636534353030626262313134
-62663931626661313231613235366364613635383638633265386330373731663738336435346537
-30393137373636363237643365626437623734376162626437306364313564616530663934343137
-33313065346465633933616134386434323031313239303736653564623833376563336361366164
-37666635643334663665633966653738616131643237343063326430326263363461303966333032
-64616336303361626336343930363666623565356431336461346132326636333636663730343934
-3666
+64313133656432666630353732343865386336613536386135326132616366393761663936653565
+3038656636653562353037643765333831656334343332310a313062353730333865383964376537
+30393232616663626336616638373136316130336332626632633132643764613034333838653361
+3563393837396232370a636232646566353261356333333137386234313661633238626263313535
+36326239633339663035303165333239346530373332393431396462326266366536623566656630
+35313335313836656239333137363337353833333333343732353138313638336662613733333032
+61353033343934343066333235336466373665353964316136316534666135353538353562316238
+32613861636336376533356535656134333934653834336136303364313335353061373738343232
+62663238383535653637616532353662343061353236396231346365346339353964663962646233
+61376535306166353261386163386362356137653962386338633631383738326164646235356532
+34333665393963306130393832343834353132623035363739323736396531353462633331653135
+31333262303433633434653430616363663932333830363163393362376437636163376162326338
+64613431336631333033663966346438386632326461633934393433643864343061363239383338
+36663938623661343535643663646661643335616431616364646535663735396639353239353936
+30356166643630316564663137393666666635666466356661363039666436346136613032393034
+62326563313061316466666430366163396537663262303562386265353938373833393531636437
+37346331353364366436666531656534323332353439373935623835646363633330636232396137
+35666466316134613538376166633863656332616332613130613134633362643839343131366332
+61343630653865353236383532353736626530343332626138323636346239356235303037636565
+64363438343435313232363035643462653736323362323636383062333335336531626366363431
+35616631386539306436333733656530626637616533343164343035316165366138373363613930
+30373136316562306530376633653431346463663162383466643933306133633132383961343432
+35336533623735633135623332366136323563366136633761633137363664393563386462303864
+39633163333636386563303162366537386237646635373666653662633239343532663061363536
+34626338616638666266323637333630353262376135613237313738383965386539636365306162
+32366335666438383632326139386561303937613138386666396538333034336235373063613863
+39383238346561653236663464306332363461663933633462636432383639363632393130633965
+33356633616462336637396432646633343535383133353065616630303736323335623439313932
+66633030643664326662636264323234623064376464333838363039353234343138373732633533
+30653761306131386430613838383538306564636361633838326636383636383539313465656135
+32626264353534366565306236623361353331623036613137623332636366653331333534623035
+31313731363263323063656264663632636265393639633765366435623333313937313065303231
+32656239663961333430613161346435333438616662613735313862666239636561326566353139
+35643965393263353865356637383664316166333839633738373861383535343337663466396563
+32393563613730636438393539323561393962366532646138633131376364383862653437393037
+37343634333233393135643939396361626135353435666466393664666335623533636337626436
+3632
--- a/deployer/roles/build/tasks/main.yml
+++ b/deployer/roles/build/tasks/main.yml
@ -5,7 +5,7 @@
  loop: "{{ sites }}"
  loop_control:
    loop_var: site
-  when: item.type == "wordpress"
+  when: site.type == "wordpress"
  tags: wordpress

 - name: Build Drupal sites
@ -13,7 +13,7 @@
  loop: "{{ sites }}"
  loop_control:
    loop_var: site
-  when: item.type == "drupal"
+  when: site.type == "drupal"
  tags: drupal

 - name: Build Gitea sites
@ -21,7 +21,7 @@
  loop: "{{ sites }}"
  loop_control:
    loop_var: site
-  when: item.type == "gitea"
+  when: site.type == "gitea"
  tags: gitea

 # build an image
--- a/deployer/roles/build/tasks/mysql.yml
+++ b/deployer/roles/build/tasks/mysql.yml
@ -2,6 +2,15 @@
 # Needs variables:
 #   - site: dict describing the site install (cf group_vars/all/vars.yml)

+- name: "Create database {{ site.mysql_database }} if inexistent"
+  mysql_db:
+    name: "{{ site.mysql_database }}"
+    state: present
+    # Credentials to log in MySQL
+    login_host: localhost
+    login_user: root
+    login_password: "{{ mysql_root_password }}"
+
 # MySQL equivalent:
 # create user <user>@<ip> identified by <pass>;
 # grant all on <db>.* to <user>@<ip>;
@ -17,4 +26,4 @@
    password: "{{ site.mysql_password }}"
    # Grants
    priv: "{{ site.mysql_database }}.*:all"
-    state: present
+    state: present
--- a/deployer/roles/build/templates/gitea/docker-compose.yml.j2
+++ b/deployer/roles/build/templates/gitea/docker-compose.yml.j2
@ -12,8 +12,8 @@ services:
    restart: always
    environment:
      APP_NAME: "Gitea: git with a cup of coffee"
-      DOMAIN: "{{ site.url }}"
-      ROOT_URL: "{{ site.url }}"
+      # DOMAIN: "{{ site.url }}"
+      # ROOT_URL: "{{ site.url }}"
      USER_UID: "{{ site.user_uid }}"
      USER_GID: "{{ site.user_gid }}"
      DB_TYPE: mysql
--- a/deployer/roles/build/templates/gitea/nginx/nginx.conf.j2
+++ b/deployer/roles/build/templates/gitea/nginx/nginx.conf.j2
@ -57,11 +57,23 @@ http {


  server {
-    listen 80 default;
-    listen [::]:80 default;
+    listen 80;
+    listen [::]:80;
    server_name {{ site.url }} www.{{ site.url }};

+    root /data;
+
    location / {
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Url-Scheme $scheme;
+      proxy_redirect off;
+      proxy_max_temp_file_size 0;
+      proxy_read_timeout 120;
+
      proxy_pass http://{{ site.subnet_site_ip }}:3000;
    }
+  }
 }
--- a/deployer/roles/deploy/tasks/deploy.yml
+++ b/deployer/roles/deploy/tasks/deploy.yml
@ -0,0 +1,10 @@
+# Needs variables:
+#   - site: dict describing the site install (cf group_vars/all/vars.yml)
+
+- name: Include nginx tasks
+  include_tasks: nginx.yml 
+  tags: nginx
+
+- name: Include docker tasks
+  include_tasks: docker.yml
+  tags: docker 
--- a/deployer/roles/deploy/tasks/docker.yml
+++ b/deployer/roles/deploy/tasks/docker.yml
@ -0,0 +1,10 @@
+---
+# Needs variables:
+#   - site: dict describing the site install (cf group_vars/all/vars.yml)
+
+- name: "Launch the site's containers"
+  docker_compose:
+    project_src: "{{ sites_path }}/{{ site.slug }}"
+    state: present 
+    build: yes
+    restarted: yes
--- a/deployer/roles/deploy/tasks/drupal.yml
+++ b/deployer/roles/deploy/tasks/drupal.yml
@ -1,27 +0,0 @@
- name: "Launch the site's containers"
-  docker_compose:
-    project_src: "{{ sites_path }}/{{ item.slug }}"
-    state: present 
-    build: yes
-    restarted: yes
-  tags: docker
-
- name: "Symlink nginx configuration to sites-enabled"
-  file:
-    src: "/etc/nginx/sites-available/{{ item.url }}"
-    dest: "/etc/nginx/sites-enabled/{{ item.url }}"
-    state: link
-  become: yes
-  tags: nginx
-
- name: Verify nginx configuration
-  command: "nginx -t"
-  become: yes
-  tags: nginx
-
- name: Restart nginx service 
-  service:
-    name: nginx 
-    state: restarted
-  become: yes
-  tags: nginx
--- a/deployer/roles/deploy/tasks/main.yml
+++ b/deployer/roles/deploy/tasks/main.yml
@ -1,13 +1,25 @@
 ---

 - name: Deploy Wordpress sites
-  include_tasks: wordpress.yml  
+  include_tasks: deploy.yml
  loop: "{{ sites }}"
-  when: item.type == "wordpress"
+  loop_control:
+    loop_var: site
+  when: site.type == "wordpress"
  tags: wordpress

 - name: Deploy Drupal sites
-  include_tasks: drupal.yml  
+  include_tasks: deploy.yml
  loop: "{{ sites }}"
-  when: item.type == "drupal"
-  tags: drupal
+  loop_control:
+    loop_var: site
+  when: site.type == "drupal"
+  tags: drupal
+
+- name: Deploy Gitea sites
+  include_tasks: deploy.yml
+  loop: "{{ sites }}"
+  loop_control:
+    loop_var: site
+  when: site.type == "gitea"
+  tags: gitea
--- a/deployer/roles/deploy/tasks/nginx.yml
+++ b/deployer/roles/deploy/tasks/nginx.yml
@ -0,0 +1,23 @@
+# Needs variables:
+#   - site: dict describing the site install (cf group_vars/all/vars.yml)
+
+- name: Copy host config to /etc/nginx/sites-available
+  copy:
+    remote_src: yes
+    src: "{{ sites_path }}/{{ site.slug }}/nginx.host"
+    dest: "/etc/nginx/sites-available/{{ site.url }}"
+  become: yes
+  notify: Restart nginx
+
+- name: "Symlink nginx configuration to sites-enabled"
+  file:
+    src: "/etc/nginx/sites-available/{{ site.url }}"
+    dest: "/etc/nginx/sites-enabled/{{ site.url }}"
+    state: link
+  become: yes
+  notify: Restart nginx
+
+- name: Verify nginx configuration
+  command: "nginx -t"
+  any_errors_fatal: true
+  become: yes
--- a/deployer/roles/deploy/tasks/wordpress.yml
+++ b/deployer/roles/deploy/tasks/wordpress.yml
@ -1,30 +0,0 @@
- name: "Launch the site's containers"
-  docker_compose:
-    project_src: "{{ sites_path }}/{{ item.slug }}"
-    state: present 
-    build: yes
-    restarted: yes
-  tags: docker
-
- name: Copy host config to /etc/nginx/sites-available
-  copy:
-    remote_src: yes
-    src: "{{ sites_path }}/{{ item.slug }}/nginx.host"
-    dest: "/etc/nginx/sites-available/{{ item.url }}"
-  become: yes
-  notify: Restart nginx
-  tags: nginx
-
- name: "Symlink nginx configuration to sites-enabled"
-  file:
-    src: "/etc/nginx/sites-available/{{ item.url }}"
-    dest: "/etc/nginx/sites-enabled/{{ item.url }}"
-    state: link
-  become: yes
-  notify: Restart nginx
-  tags: nginx
-
- name: Verify nginx configuration
-  command: "nginx -t"
-  become: yes
-  tags: nginx