From 4cb54d2cbcb9d81ed3ea316ff3736adc8cadac98 Mon Sep 17 00:00:00 2001 From: Adrien Luxey Date: Wed, 6 May 2020 13:11:30 +0200 Subject: [PATCH] reorganised build process, gitea basics are done --- deployer/group_vars/all/vars.yml | 38 ++++++++------- deployer/roles/build/tasks/drupal.yml | 19 ++------ deployer/roles/build/tasks/gitea.yml | 29 +++++++++++ deployer/roles/build/tasks/main.yml | 7 +++ deployer/roles/build/tasks/mysql.yml | 20 ++++++++ deployer/roles/build/tasks/render.yml | 26 ++++++++++ deployer/roles/build/tasks/wordpress.yml | 48 +++---------------- .../templates/gitea/docker-compose.yml.j2 | 32 ++++++------- .../roles/build/templates/gitea/nginx.host.j2 | 34 ++++++------- .../build/templates/gitea/nginx/Dockerfile.j2 | 5 ++ .../build/templates/gitea/nginx/nginx.conf.j2 | 6 +-- 11 files changed, 153 insertions(+), 111 deletions(-) create mode 100644 deployer/roles/build/tasks/gitea.yml create mode 100644 deployer/roles/build/tasks/mysql.yml create mode 100644 deployer/roles/build/tasks/render.yml diff --git a/deployer/group_vars/all/vars.yml b/deployer/group_vars/all/vars.yml index f9fc6db..688b513 100644 --- a/deployer/group_vars/all/vars.yml +++ b/deployer/group_vars/all/vars.yml @@ -10,26 +10,10 @@ backups_path: /vault/backups wordpress: version: 5.4 checksum: sha1:d5f1e6d7cadd72c11d086a2e1ede0a72f23d993e +gitea: + version: 1.11.4 sites: - # - slug: test # Shorthand name to use as directory/file name - # # The site URL (without www) - # url: test.luxeylab.net - # # Ask nginx to redirect url to www - # # Else, we redirect www to url - # redirect_to_www: no - # # What kind of site is that? - # type: wordpress - # # Subnet addresses - # subnet_cidr_address: 172.27.6.0/24 - # subnet_gateway_ip: 172.27.6.1 - # subnet_nginx_ip: 172.27.6.2 - # subnet_site_ip: 172.27.6.3 - # # MySQL - # mysql_database: wp_test - # mysql_username: wp_test - # mysql_password: "{{ vault_wp_test_mysql_password }}" - - slug: rdb # Shorthand name to use as directory/file name # The site URL (without www) url: rennesdesbois.fr @@ -120,3 +104,21 @@ sites: mysql_database: mts8 mysql_username: mts mysql_password: "{{ vault_mts_mysql_password }}" + + - slug: gitea_test # Shorthand name to use as directory/file name + # The site URL (without www) + url: git.luxeylab.net + # Ask nginx to redirect url to www + # Else, we redirect www to url + redirect_to_www: no + # What kind of site is that? + type: gitea + # Subnet addresses + subnet_cidr_address: 172.27.4.0/24 + subnet_gateway_ip: 172.27.4.1 + subnet_nginx_ip: 172.27.4.2 + subnet_site_ip: 172.27.4.3 + # MySQL + mysql_database: gitea_test + mysql_username: gitea_test + mysql_password: "{{ vault_lexperimental_mysql_password }}" diff --git a/deployer/roles/build/tasks/drupal.yml b/deployer/roles/build/tasks/drupal.yml index db56584..159c70b 100644 --- a/deployer/roles/build/tasks/drupal.yml +++ b/deployer/roles/build/tasks/drupal.yml @@ -1,3 +1,4 @@ +--- - name: "Set site_data_path to {{ www_path }}/{{ site.slug }}" set_fact: site_data_path="{{ www_path }}/{{ site.slug }}" tags: always @@ -38,22 +39,8 @@ # MySQL configuration # ####################### -# MySQL equivalent: -# create user @ identified by ; -# grant all on .* to @; -- name: "Add database user {{ site.mysql_username }}@{{ site.subnet_site_ip }} and grant all privileges on {{ site.mysql_database }}" - mysql_user: - # Credentials to log in MySQL - login_host: localhost - login_user: root - login_password: "{{ mysql_root_password }}" - # Credentials of the new db user - host: "{{ site.subnet_site_ip }}" - name: "{{ site.mysql_username }}" - password: "{{ site.mysql_password }}" - # Grants - priv: "{{ site.mysql_database }}.*:all" - state: present +- name: "Setup MySQL" + import_tasks: mysql.yml tags: mysql diff --git a/deployer/roles/build/tasks/gitea.yml b/deployer/roles/build/tasks/gitea.yml new file mode 100644 index 0000000..566638e --- /dev/null +++ b/deployer/roles/build/tasks/gitea.yml @@ -0,0 +1,29 @@ +--- +- name: "Set site_data_path to {{ www_path }}/{{ site.slug }}" + set_fact: site_data_path="{{ www_path }}/{{ site.slug }}" + tags: always + +#################### +# Render templates # +#################### + +- name: "Render templates" + import_tasks: render.yml + tags: render + +####################### +# MySQL configuration # +####################### + +- name: "Setup MySQL" + import_tasks: mysql.yml + tags: mysql + +################# +# Setup backups # +################# + +# Later... +# - name: "Setup backups" +# import_tasks: backup.yml +# tags: backup \ No newline at end of file diff --git a/deployer/roles/build/tasks/main.yml b/deployer/roles/build/tasks/main.yml index 97a1a8a..f802357 100644 --- a/deployer/roles/build/tasks/main.yml +++ b/deployer/roles/build/tasks/main.yml @@ -16,6 +16,13 @@ when: item.type == "drupal" tags: drupal +- name: Build Gitea sites + include_tasks: gitea.yml + loop: "{{ sites }}" + loop_control: + loop_var: site + when: item.type == "gitea" + tags: gitea # build an image # do the msmtp bullshit diff --git a/deployer/roles/build/tasks/mysql.yml b/deployer/roles/build/tasks/mysql.yml new file mode 100644 index 0000000..a5b6ccc --- /dev/null +++ b/deployer/roles/build/tasks/mysql.yml @@ -0,0 +1,20 @@ +--- +# Needs variables: +# - site: dict describing the site install (cf group_vars/all/vars.yml) + +# MySQL equivalent: +# create user @ identified by ; +# grant all on .* to @; +- name: "Add database user {{ site.mysql_username }}@{{ site.subnet_site_ip }} and grant all privileges on {{ site.mysql_database }}" + mysql_user: + # Credentials to log in MySQL + login_host: localhost + login_user: root + login_password: "{{ mysql_root_password }}" + # Credentials of the new db user + host: "{{ site.subnet_site_ip }}" + name: "{{ site.mysql_username }}" + password: "{{ site.mysql_password }}" + # Grants + priv: "{{ site.mysql_database }}.*:all" + state: present diff --git a/deployer/roles/build/tasks/render.yml b/deployer/roles/build/tasks/render.yml new file mode 100644 index 0000000..498c91a --- /dev/null +++ b/deployer/roles/build/tasks/render.yml @@ -0,0 +1,26 @@ +--- +# Needs variables: +# - site: dict describing the site install (cf group_vars/all/vars.yml) +# - any vars you use in roles/build/templates/{{ site.type }} + +- name: "Create folder {{ sites_path }}/{{ site.slug }}" + file: + path: "{{ sites_path }}/{{ site.slug }}" + state: directory + mode: '750' + +- name: "Create {{ sites_path }}/{{ site.slug }} sub-directories" + file: + path: "{{ sites_path }}/{{ site.slug }}/{{ item.path }}" + state: directory + mode: "{{ item.mode }}" + with_filetree: "../templates/{{ site.type }}/" + when: item.state == 'directory' + +- name: Render template files + template: + src: "{{ item.src }}" + dest: "{{ sites_path }}/{{ site.slug }}/{{ item.path | regex_replace('.j2','') }}" + mode: "{{ item.mode }}" + with_filetree: "../templates/{{ site.type }}/" + when: item.state == 'file' diff --git a/deployer/roles/build/tasks/wordpress.yml b/deployer/roles/build/tasks/wordpress.yml index 25cf61c..70a5429 100644 --- a/deployer/roles/build/tasks/wordpress.yml +++ b/deployer/roles/build/tasks/wordpress.yml @@ -1,3 +1,4 @@ +--- - name: "Set site_data_path to {{ www_path }}/{{ site.slug }}_wp-content" set_fact: site_data_path="{{ www_path }}/{{ site.slug }}_wp-content" tags: always @@ -55,59 +56,24 @@ loop_var: toremove when: wpcontent.stat.exists is not defined or wpcontent.stat.exists == False - tags: [docker, nginx] + tags: bootstrap #################### # Render templates # #################### -- name: "Create folder {{ sites_path }}/{{ site.slug }}" - file: - path: "{{ sites_path }}/{{ site.slug }}" - state: directory - mode: '750' - tags: [docker, nginx] - -- name: "Create {{ sites_path }}/{{ site.slug }} sub-directories" - file: - path: "{{ sites_path }}/{{ site.slug }}/{{ item.path }}" - state: directory - mode: "{{ item.mode }}" - with_filetree: "../templates/wordpress/" - when: item.state == 'directory' - tags: [docker, nginx] - -- name: Render template files - template: - src: "{{ item.src }}" - dest: "{{ sites_path }}/{{ site.slug }}/{{ item.path | regex_replace('.j2','') }}" - mode: "{{ item.mode }}" - with_filetree: "../templates/wordpress/" - when: item.state == 'file' - tags: [docker, nginx] +- name: "Render templates" + import_tasks: render.yml + tags: render ####################### # MySQL configuration # ####################### -# MySQL equivalent: -# create user @ identified by ; -# grant all on .* to @; -- name: "Add database user {{ site.mysql_username }}@{{ site.subnet_site_ip }} and grant all privileges on {{ site.mysql_database }}" - mysql_user: - # Credentials to log in MySQL - login_host: localhost - login_user: root - login_password: "{{ mysql_root_password }}" - # Credentials of the new db user - host: "{{ site.subnet_site_ip }}" - name: "{{ site.mysql_username }}" - password: "{{ site.mysql_password }}" - # Grants - priv: "{{ site.mysql_database }}.*:all" - state: present +- name: "Setup MySQL" + import_tasks: mysql.yml tags: mysql diff --git a/deployer/roles/build/templates/gitea/docker-compose.yml.j2 b/deployer/roles/build/templates/gitea/docker-compose.yml.j2 index cd3d72c..40dfade 100644 --- a/deployer/roles/build/templates/gitea/docker-compose.yml.j2 +++ b/deployer/roles/build/templates/gitea/docker-compose.yml.j2 @@ -1,33 +1,33 @@ version: '3' -# Generated by ansible for site {{ item.url }} -# On network {{ item.subnet_cidr_address }}: -# - web server (nginx) at {{ item.subnet_nginx_ip }} -# - site (gitea) at {{ item.subnet_site_ip }} +# Generated by ansible for site {{ site.url }} +# On network {{ site.subnet_cidr_address }}: +# - web server (nginx) at {{ site.subnet_nginx_ip }} +# - site (gitea) at {{ site.subnet_site_ip }} services: site: # build: site - image: gitea/gitea:1.11.4 + image: gitea/gitea:{{ gitea.version }} restart: always environment: APP_NAME: "Gitea: git with a cup of coffee" - DOMAIN: "{{ item.url }}" - ROOT_URL: "{{ item.url }}" - USER_UID: "{{ item.user_uid }}" - USER_GID: "{{ item.user_gid }}" + DOMAIN: "{{ site.url }}" + ROOT_URL: "{{ site.url }}" + USER_UID: "{{ site.user_uid }}" + USER_GID: "{{ site.user_gid }}" DB_TYPE: mysql - DB_HOST: "{{ item.subnet_gateway_ip }}" - DB_USER: "{{ item.mysql_username }}" - DB_PASSWD: "{{ item.mysql_password }}" - DB_NAME: "{{ item.mysql_database }}" + DB_HOST: "{{ site.subnet_gateway_ip }}" + DB_USER: "{{ site.mysql_username }}" + DB_PASSWD: "{{ site.mysql_password }}" + DB_NAME: "{{ site.mysql_database }}" volumes: - "{{ site_data_path }}:/data" - "/etc/timezone:/etc/timezone:ro" - "/etc/localtime:/etc/localtime:ro" networks: net: - ipv4_address: "{{ item.subnet_site_ip }}" + ipv4_address: "{{ site.subnet_site_ip }}" nginx: build: nginx @@ -38,7 +38,7 @@ services: - "{{ site_data_path }}:/data" networks: net: - ipv4_address: "{{ item.subnet_nginx_ip }}" + ipv4_address: "{{ site.subnet_nginx_ip }}" networks: @@ -46,7 +46,7 @@ networks: ipam: driver: default config: - - subnet: "{{ item.subnet_cidr_address }}" + - subnet: "{{ site.subnet_cidr_address }}" volumes: html_data: diff --git a/deployer/roles/build/templates/gitea/nginx.host.j2 b/deployer/roles/build/templates/gitea/nginx.host.j2 index bc146f7..96af935 100644 --- a/deployer/roles/build/templates/gitea/nginx.host.j2 +++ b/deployer/roles/build/templates/gitea/nginx.host.j2 @@ -1,19 +1,19 @@ -# Generated by ansible for site {{ item.url }} -# At {{ item.subnet_site_ip }} on {{ item.subnet_cidr_address }} +# Generated by ansible for site {{ site.url }} +# At {{ site.subnet_site_ip }} on {{ site.subnet_cidr_address }} server { listen 80; listen [::]:80; - server_name {{ item.url }} www.{{ item.url }}; + server_name {{ site.url }} www.{{ site.url }}; # Let's Encrypt include snippets/letsencrypt.conf; location / { -{% if item.redirect_to_www %} - return 301 https://www.{{ item.url }}$request_uri; +{% if site.redirect_to_www %} + return 301 https://www.{{ site.url }}$request_uri; {% else %} - return 301 https://{{ item.url }}$request_uri; + return 301 https://{{ site.url }}$request_uri; {% endif %} } } @@ -21,20 +21,20 @@ server { server { listen 443 ssl; listen [::]:443 ssl; - server_name {{ item.url }} www.{{ item.url }}; + server_name {{ site.url }} www.{{ site.url }}; - access_log /var/log/nginx/{{ item.slug }}-access.log; - error_log /var/log/nginx/{{ item.slug }}-error.log; + access_log /var/log/nginx/{{ site.slug }}-access.log; + error_log /var/log/nginx/{{ site.slug }}-error.log; -{% if item.redirect_to_www %} +{% if site.redirect_to_www %} # Redirect non-www to www - if ($host = {{ item.url }}) { - rewrite ^ https://www.{{ item.url }}$request_uri permanent; + if ($host = {{ site.url }}) { + rewrite ^ https://www.{{ site.url }}$request_uri permanent; } {% else %} # Redirect www to non-www - if ($host = www.{{ item.url }}) { - rewrite ^ https://{{ item.url }}$request_uri permanent; + if ($host = www.{{ site.url }}) { + rewrite ^ https://{{ site.url }}$request_uri permanent; } {% endif %} @@ -42,13 +42,13 @@ server { include snippets/letsencrypt.conf; include snippets/ssl-params.conf; - ssl_certificate /etc/letsencrypt/live/{{ item.url }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ item.url }}/privkey.pem; + ssl_certificate /etc/letsencrypt/live/{{ site.url }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ site.url }}/privkey.pem; include snippets/header-params_server.conf; location / { include snippets/header-params_location.conf; - proxy_pass http://{{ item.subnet_nginx_ip }}:80; + proxy_pass http://{{ site.subnet_nginx_ip }}:80; } } diff --git a/deployer/roles/build/templates/gitea/nginx/Dockerfile.j2 b/deployer/roles/build/templates/gitea/nginx/Dockerfile.j2 index e69de29..1201821 100644 --- a/deployer/roles/build/templates/gitea/nginx/Dockerfile.j2 +++ b/deployer/roles/build/templates/gitea/nginx/Dockerfile.j2 @@ -0,0 +1,5 @@ +FROM nginx:latest +COPY nginx.conf /etc/nginx/nginx.conf + +# Should be UID & GID=33 +# USER www-data:www-data \ No newline at end of file diff --git a/deployer/roles/build/templates/gitea/nginx/nginx.conf.j2 b/deployer/roles/build/templates/gitea/nginx/nginx.conf.j2 index 6b3400f..620e3d7 100644 --- a/deployer/roles/build/templates/gitea/nginx/nginx.conf.j2 +++ b/deployer/roles/build/templates/gitea/nginx/nginx.conf.j2 @@ -15,7 +15,7 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; - set_real_ip_from {{ item.subnet_gateway_ip }}; + set_real_ip_from {{ site.subnet_gateway_ip }}; log_format main '$http_x_real_ip - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; @@ -59,9 +59,9 @@ http { server { listen 80 default; listen [::]:80 default; - server_name {{ item.url }} www.{{ item.url }}; + server_name {{ site.url }} www.{{ site.url }}; location / { - proxy_pass http://{{ item.subnet_site_ip }}:3000; + proxy_pass http://{{ site.subnet_site_ip }}:3000; } } \ No newline at end of file