reorganised build process, gitea basics are done

2020-05-06 13:11:30 +02:00 · 2020-05-06 13:11:30 +02:00 · 4cb54d2cbc
commit 4cb54d2cbc
parent c2fc791dbb
11 changed files with 153 additions and 111 deletions
--- a/deployer/group_vars/all/vars.yml
+++ b/deployer/group_vars/all/vars.yml
@ -10,26 +10,10 @@ backups_path: /vault/backups
 wordpress:
  version: 5.4
  checksum: sha1:d5f1e6d7cadd72c11d086a2e1ede0a72f23d993e
+gitea:
+  version: 1.11.4

 sites:
-  # - slug: test # Shorthand name to use as directory/file name
-  #   # The site URL (without www)
-  #   url: test.luxeylab.net
-  #   # Ask nginx to redirect url to www
-  #   # Else, we redirect www to url
-  #   redirect_to_www: no
-  #   # What kind of site is that?
-  #   type: wordpress
-  #   # Subnet addresses
-  #   subnet_cidr_address: 172.27.6.0/24
-  #   subnet_gateway_ip: 172.27.6.1
-  #   subnet_nginx_ip: 172.27.6.2
-  #   subnet_site_ip: 172.27.6.3
-  #   # MySQL
-  #   mysql_database: wp_test
-  #   mysql_username: wp_test
-  #   mysql_password: "{{ vault_wp_test_mysql_password }}"
-
  - slug: rdb # Shorthand name to use as directory/file name
    # The site URL (without www)
    url: rennesdesbois.fr
@ -120,3 +104,21 @@ sites:
    mysql_database: mts8
    mysql_username: mts
    mysql_password: "{{ vault_mts_mysql_password }}"
+
+  - slug: gitea_test # Shorthand name to use as directory/file name
+    # The site URL (without www)
+    url: git.luxeylab.net
+    # Ask nginx to redirect url to www
+    # Else, we redirect www to url
+    redirect_to_www: no
+    # What kind of site is that?
+    type: gitea
+    # Subnet addresses
+    subnet_cidr_address: 172.27.4.0/24
+    subnet_gateway_ip: 172.27.4.1
+    subnet_nginx_ip: 172.27.4.2
+    subnet_site_ip: 172.27.4.3
+    # MySQL
+    mysql_database: gitea_test
+    mysql_username: gitea_test
+    mysql_password: "{{ vault_lexperimental_mysql_password }}"
--- a/deployer/roles/build/tasks/drupal.yml
+++ b/deployer/roles/build/tasks/drupal.yml
@ -1,3 +1,4 @@
+---
 - name: "Set site_data_path to {{ www_path }}/{{ site.slug }}"
  set_fact: site_data_path="{{ www_path }}/{{ site.slug }}"
  tags: always
@ -38,22 +39,8 @@
 # MySQL configuration #
 #######################

-# MySQL equivalent:
-# create user <user>@<ip> identified by <pass>;
-# grant all on <db>.* to <user>@<ip>;
- name: "Add database user {{ site.mysql_username }}@{{ site.subnet_site_ip }} and grant all privileges on {{ site.mysql_database }}"
-  mysql_user:
-    # Credentials to log in MySQL
-    login_host: localhost
-    login_user: root
-    login_password: "{{ mysql_root_password }}"
-    # Credentials of the new db user
-    host: "{{ site.subnet_site_ip }}"
-    name: "{{ site.mysql_username }}"
-    password: "{{ site.mysql_password }}"
-    # Grants
-    priv: "{{ site.mysql_database }}.*:all"
-    state: present
+- name: "Setup MySQL"
+  import_tasks: mysql.yml
  tags: mysql


--- a/deployer/roles/build/tasks/gitea.yml
+++ b/deployer/roles/build/tasks/gitea.yml
@ -0,0 +1,29 @@
+---
+- name: "Set site_data_path to {{ www_path }}/{{ site.slug }}"
+  set_fact: site_data_path="{{ www_path }}/{{ site.slug }}"
+  tags: always
+
+####################
+# Render templates #
+####################
+
+- name: "Render templates"
+  import_tasks: render.yml
+  tags: render
+
+#######################
+# MySQL configuration #
+#######################
+
+- name: "Setup MySQL"
+  import_tasks: mysql.yml
+  tags: mysql
+
+#################
+# Setup backups #
+#################
+
+# Later...
+# - name: "Setup backups"
+#   import_tasks: backup.yml
+#   tags: backup
--- a/deployer/roles/build/tasks/main.yml
+++ b/deployer/roles/build/tasks/main.yml
@ -16,6 +16,13 @@
  when: item.type == "drupal"
  tags: drupal

+- name: Build Gitea sites
+  include_tasks: gitea.yml  
+  loop: "{{ sites }}"
+  loop_control:
+    loop_var: site
+  when: item.type == "gitea"
+  tags: gitea

 # build an image
  # do the msmtp bullshit
--- a/deployer/roles/build/tasks/mysql.yml
+++ b/deployer/roles/build/tasks/mysql.yml
@ -0,0 +1,20 @@
+---
+# Needs variables:
+#   - site: dict describing the site install (cf group_vars/all/vars.yml)
+
+# MySQL equivalent:
+# create user <user>@<ip> identified by <pass>;
+# grant all on <db>.* to <user>@<ip>;
+- name: "Add database user {{ site.mysql_username }}@{{ site.subnet_site_ip }} and grant all privileges on {{ site.mysql_database }}"
+  mysql_user:
+    # Credentials to log in MySQL
+    login_host: localhost
+    login_user: root
+    login_password: "{{ mysql_root_password }}"
+    # Credentials of the new db user
+    host: "{{ site.subnet_site_ip }}"
+    name: "{{ site.mysql_username }}"
+    password: "{{ site.mysql_password }}"
+    # Grants
+    priv: "{{ site.mysql_database }}.*:all"
+    state: present
--- a/deployer/roles/build/tasks/render.yml
+++ b/deployer/roles/build/tasks/render.yml
@ -0,0 +1,26 @@
+---
+# Needs variables:
+#   - site: dict describing the site install (cf group_vars/all/vars.yml)
+#   - any vars you use in roles/build/templates/{{ site.type }}
+
+- name: "Create folder {{ sites_path }}/{{ site.slug }}"
+  file: 
+    path: "{{ sites_path }}/{{ site.slug }}"
+    state: directory
+    mode: '750'
+
+- name: "Create {{ sites_path }}/{{ site.slug }} sub-directories"
+  file:
+    path: "{{ sites_path }}/{{ site.slug }}/{{ item.path }}"
+    state: directory
+    mode: "{{ item.mode }}"
+  with_filetree: "../templates/{{ site.type }}/"
+  when: item.state == 'directory'
+
+- name: Render template files 
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ sites_path }}/{{ site.slug }}/{{ item.path | regex_replace('.j2','') }}"
+    mode: "{{ item.mode }}"
+  with_filetree: "../templates/{{ site.type }}/"
+  when: item.state == 'file'
--- a/deployer/roles/build/tasks/wordpress.yml
+++ b/deployer/roles/build/tasks/wordpress.yml
@ -1,3 +1,4 @@
+---
 - name: "Set site_data_path to {{ www_path }}/{{ site.slug }}_wp-content"
  set_fact: site_data_path="{{ www_path }}/{{ site.slug }}_wp-content"
  tags: always
@ -55,59 +56,24 @@
        loop_var: toremove

  when: wpcontent.stat.exists is not defined or wpcontent.stat.exists == False
-  tags: [docker, nginx]
+  tags: bootstrap


 ####################
 # Render templates #
 ####################

- name: "Create folder {{ sites_path }}/{{ site.slug }}"
-  file: 
-    path: "{{ sites_path }}/{{ site.slug }}"
-    state: directory
-    mode: '750'
-  tags: [docker, nginx]
-
- name: "Create {{ sites_path }}/{{ site.slug }} sub-directories"
-  file:
-    path: "{{ sites_path }}/{{ site.slug }}/{{ item.path }}"
-    state: directory
-    mode: "{{ item.mode }}"
-  with_filetree: "../templates/wordpress/"
-  when: item.state == 'directory'
-  tags: [docker, nginx]
-
- name: Render template files 
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ sites_path }}/{{ site.slug }}/{{ item.path | regex_replace('.j2','') }}"
-    mode: "{{ item.mode }}"
-  with_filetree: "../templates/wordpress/"
-  when: item.state == 'file'
-  tags: [docker, nginx]
+- name: "Render templates"
+  import_tasks: render.yml
+  tags: render


 #######################
 # MySQL configuration #
 #######################

-# MySQL equivalent:
-# create user <user>@<ip> identified by <pass>;
-# grant all on <db>.* to <user>@<ip>;
- name: "Add database user {{ site.mysql_username }}@{{ site.subnet_site_ip }} and grant all privileges on {{ site.mysql_database }}"
-  mysql_user:
-    # Credentials to log in MySQL
-    login_host: localhost
-    login_user: root
-    login_password: "{{ mysql_root_password }}"
-    # Credentials of the new db user
-    host: "{{ site.subnet_site_ip }}"
-    name: "{{ site.mysql_username }}"
-    password: "{{ site.mysql_password }}"
-    # Grants
-    priv: "{{ site.mysql_database }}.*:all"
-    state: present
+- name: "Setup MySQL"
+  import_tasks: mysql.yml
  tags: mysql


--- a/deployer/roles/build/templates/gitea/docker-compose.yml.j2
+++ b/deployer/roles/build/templates/gitea/docker-compose.yml.j2
@ -1,33 +1,33 @@
 version: '3'

-# Generated by ansible for site {{ item.url }} 
-# On network {{ item.subnet_cidr_address }}:
-# - web server (nginx) at {{ item.subnet_nginx_ip }}
-# - site (gitea) at {{ item.subnet_site_ip }}
+# Generated by ansible for site {{ site.url }} 
+# On network {{ site.subnet_cidr_address }}:
+# - web server (nginx) at {{ site.subnet_nginx_ip }}
+# - site (gitea) at {{ site.subnet_site_ip }}

 services:
  site:
    # build: site
-    image: gitea/gitea:1.11.4
+    image: gitea/gitea:{{ gitea.version }}
    restart: always
    environment:
      APP_NAME: "Gitea: git with a cup of coffee"
-      DOMAIN: "{{ item.url }}"
-      ROOT_URL: "{{ item.url }}"
-      USER_UID: "{{ item.user_uid }}"
-      USER_GID: "{{ item.user_gid }}"
+      DOMAIN: "{{ site.url }}"
+      ROOT_URL: "{{ site.url }}"
+      USER_UID: "{{ site.user_uid }}"
+      USER_GID: "{{ site.user_gid }}"
      DB_TYPE: mysql
-      DB_HOST: "{{ item.subnet_gateway_ip }}"
-      DB_USER: "{{ item.mysql_username }}"
-      DB_PASSWD: "{{ item.mysql_password }}"
-      DB_NAME: "{{ item.mysql_database }}"
+      DB_HOST: "{{ site.subnet_gateway_ip }}"
+      DB_USER: "{{ site.mysql_username }}"
+      DB_PASSWD: "{{ site.mysql_password }}"
+      DB_NAME: "{{ site.mysql_database }}"
    volumes: 
      - "{{ site_data_path }}:/data"
      - "/etc/timezone:/etc/timezone:ro"
      - "/etc/localtime:/etc/localtime:ro"
    networks:
      net:
-        ipv4_address: "{{ item.subnet_site_ip }}"
+        ipv4_address: "{{ site.subnet_site_ip }}"

  nginx:
    build: nginx
@ -38,7 +38,7 @@ services:
      - "{{ site_data_path }}:/data"
    networks:
      net:
-        ipv4_address: "{{ item.subnet_nginx_ip }}"
+        ipv4_address: "{{ site.subnet_nginx_ip }}"


 networks:
@ -46,7 +46,7 @@ networks:
    ipam:
      driver: default
      config:
-        - subnet: "{{ item.subnet_cidr_address }}"
+        - subnet: "{{ site.subnet_cidr_address }}"

 volumes:
  html_data:
--- a/deployer/roles/build/templates/gitea/nginx.host.j2
+++ b/deployer/roles/build/templates/gitea/nginx.host.j2
@ -1,19 +1,19 @@
-# Generated by ansible for site {{ item.url }} 
-# At {{ item.subnet_site_ip }} on {{ item.subnet_cidr_address }}
+# Generated by ansible for site {{ site.url }} 
+# At {{ site.subnet_site_ip }} on {{ site.subnet_cidr_address }}

 server {
  listen 80;
  listen [::]:80;
-  server_name {{ item.url }} www.{{ item.url }};
+  server_name {{ site.url }} www.{{ site.url }};

  # Let's Encrypt
  include snippets/letsencrypt.conf;

  location / {
-{% if item.redirect_to_www %}
-    return 301 https://www.{{ item.url }}$request_uri;
+{% if site.redirect_to_www %}
+    return 301 https://www.{{ site.url }}$request_uri;
 {% else %}
-    return 301 https://{{ item.url }}$request_uri;
+    return 301 https://{{ site.url }}$request_uri;
 {% endif %}
  }
 }
@ -21,20 +21,20 @@ server {
 server {
  listen 443 ssl;
  listen [::]:443 ssl;
-  server_name {{ item.url }} www.{{ item.url }};
+  server_name {{ site.url }} www.{{ site.url }};

-  access_log  /var/log/nginx/{{ item.slug }}-access.log;
-  error_log   /var/log/nginx/{{ item.slug }}-error.log;
+  access_log  /var/log/nginx/{{ site.slug }}-access.log;
+  error_log   /var/log/nginx/{{ site.slug }}-error.log;

-{% if item.redirect_to_www %}
+{% if site.redirect_to_www %}
  # Redirect non-www to www
-  if ($host = {{ item.url }}) {
-    rewrite ^ https://www.{{ item.url }}$request_uri permanent;
+  if ($host = {{ site.url }}) {
+    rewrite ^ https://www.{{ site.url }}$request_uri permanent;
  }
 {% else %}
  # Redirect www to non-www
-  if ($host = www.{{ item.url }}) {
-    rewrite ^ https://{{ item.url }}$request_uri permanent;
+  if ($host = www.{{ site.url }}) {
+    rewrite ^ https://{{ site.url }}$request_uri permanent;
  }
 {% endif %}

@ -42,13 +42,13 @@ server {
  include snippets/letsencrypt.conf;

  include snippets/ssl-params.conf;
-  ssl_certificate /etc/letsencrypt/live/{{ item.url }}/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/{{ item.url }}/privkey.pem;
+  ssl_certificate /etc/letsencrypt/live/{{ site.url }}/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/{{ site.url }}/privkey.pem;
  
  include snippets/header-params_server.conf;
  location / {
    include snippets/header-params_location.conf;
  
-    proxy_pass http://{{ item.subnet_nginx_ip }}:80;
+    proxy_pass http://{{ site.subnet_nginx_ip }}:80;
  }
 }
--- a/deployer/roles/build/templates/gitea/nginx/Dockerfile.j2
+++ b/deployer/roles/build/templates/gitea/nginx/Dockerfile.j2
@ -0,0 +1,5 @@
+FROM nginx:latest
+COPY nginx.conf /etc/nginx/nginx.conf
+
+# Should be UID & GID=33
+# USER www-data:www-data 
--- a/deployer/roles/build/templates/gitea/nginx/nginx.conf.j2
+++ b/deployer/roles/build/templates/gitea/nginx/nginx.conf.j2
@ -15,7 +15,7 @@ http {
  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;

-  set_real_ip_from {{ item.subnet_gateway_ip }};
+  set_real_ip_from {{ site.subnet_gateway_ip }};
  log_format  main  '$http_x_real_ip - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';
@ -59,9 +59,9 @@ http {
  server {
    listen 80 default;
    listen [::]:80 default;
-    server_name {{ item.url }} www.{{ item.url }};
+    server_name {{ site.url }} www.{{ site.url }};

    location / {
-      proxy_pass http://{{ item.subnet_site_ip }}:3000;
+      proxy_pass http://{{ site.subnet_site_ip }}:3000;
    }
 }