reorganised build process, gitea basics are done

This commit is contained in:
Adrien Luxey 2020-05-06 13:11:30 +02:00
parent c2fc791dbb
commit 4cb54d2cbc
11 changed files with 153 additions and 111 deletions

View file

@ -10,26 +10,10 @@ backups_path: /vault/backups
wordpress: wordpress:
version: 5.4 version: 5.4
checksum: sha1:d5f1e6d7cadd72c11d086a2e1ede0a72f23d993e checksum: sha1:d5f1e6d7cadd72c11d086a2e1ede0a72f23d993e
gitea:
version: 1.11.4
sites: sites:
# - slug: test # Shorthand name to use as directory/file name
# # The site URL (without www)
# url: test.luxeylab.net
# # Ask nginx to redirect url to www
# # Else, we redirect www to url
# redirect_to_www: no
# # What kind of site is that?
# type: wordpress
# # Subnet addresses
# subnet_cidr_address: 172.27.6.0/24
# subnet_gateway_ip: 172.27.6.1
# subnet_nginx_ip: 172.27.6.2
# subnet_site_ip: 172.27.6.3
# # MySQL
# mysql_database: wp_test
# mysql_username: wp_test
# mysql_password: "{{ vault_wp_test_mysql_password }}"
- slug: rdb # Shorthand name to use as directory/file name - slug: rdb # Shorthand name to use as directory/file name
# The site URL (without www) # The site URL (without www)
url: rennesdesbois.fr url: rennesdesbois.fr
@ -120,3 +104,21 @@ sites:
mysql_database: mts8 mysql_database: mts8
mysql_username: mts mysql_username: mts
mysql_password: "{{ vault_mts_mysql_password }}" mysql_password: "{{ vault_mts_mysql_password }}"
- slug: gitea_test # Shorthand name to use as directory/file name
# The site URL (without www)
url: git.luxeylab.net
# Ask nginx to redirect url to www
# Else, we redirect www to url
redirect_to_www: no
# What kind of site is that?
type: gitea
# Subnet addresses
subnet_cidr_address: 172.27.4.0/24
subnet_gateway_ip: 172.27.4.1
subnet_nginx_ip: 172.27.4.2
subnet_site_ip: 172.27.4.3
# MySQL
mysql_database: gitea_test
mysql_username: gitea_test
mysql_password: "{{ vault_lexperimental_mysql_password }}"

View file

@ -1,3 +1,4 @@
---
- name: "Set site_data_path to {{ www_path }}/{{ site.slug }}" - name: "Set site_data_path to {{ www_path }}/{{ site.slug }}"
set_fact: site_data_path="{{ www_path }}/{{ site.slug }}" set_fact: site_data_path="{{ www_path }}/{{ site.slug }}"
tags: always tags: always
@ -38,22 +39,8 @@
# MySQL configuration # # MySQL configuration #
####################### #######################
# MySQL equivalent: - name: "Setup MySQL"
# create user <user>@<ip> identified by <pass>; import_tasks: mysql.yml
# grant all on <db>.* to <user>@<ip>;
- name: "Add database user {{ site.mysql_username }}@{{ site.subnet_site_ip }} and grant all privileges on {{ site.mysql_database }}"
mysql_user:
# Credentials to log in MySQL
login_host: localhost
login_user: root
login_password: "{{ mysql_root_password }}"
# Credentials of the new db user
host: "{{ site.subnet_site_ip }}"
name: "{{ site.mysql_username }}"
password: "{{ site.mysql_password }}"
# Grants
priv: "{{ site.mysql_database }}.*:all"
state: present
tags: mysql tags: mysql

View file

@ -0,0 +1,29 @@
---
- name: "Set site_data_path to {{ www_path }}/{{ site.slug }}"
set_fact: site_data_path="{{ www_path }}/{{ site.slug }}"
tags: always
####################
# Render templates #
####################
- name: "Render templates"
import_tasks: render.yml
tags: render
#######################
# MySQL configuration #
#######################
- name: "Setup MySQL"
import_tasks: mysql.yml
tags: mysql
#################
# Setup backups #
#################
# Later...
# - name: "Setup backups"
# import_tasks: backup.yml
# tags: backup

View file

@ -16,6 +16,13 @@
when: item.type == "drupal" when: item.type == "drupal"
tags: drupal tags: drupal
- name: Build Gitea sites
include_tasks: gitea.yml
loop: "{{ sites }}"
loop_control:
loop_var: site
when: item.type == "gitea"
tags: gitea
# build an image # build an image
# do the msmtp bullshit # do the msmtp bullshit

View file

@ -0,0 +1,20 @@
---
# Needs variables:
# - site: dict describing the site install (cf group_vars/all/vars.yml)
# MySQL equivalent:
# create user <user>@<ip> identified by <pass>;
# grant all on <db>.* to <user>@<ip>;
- name: "Add database user {{ site.mysql_username }}@{{ site.subnet_site_ip }} and grant all privileges on {{ site.mysql_database }}"
mysql_user:
# Credentials to log in MySQL
login_host: localhost
login_user: root
login_password: "{{ mysql_root_password }}"
# Credentials of the new db user
host: "{{ site.subnet_site_ip }}"
name: "{{ site.mysql_username }}"
password: "{{ site.mysql_password }}"
# Grants
priv: "{{ site.mysql_database }}.*:all"
state: present

View file

@ -0,0 +1,26 @@
---
# Needs variables:
# - site: dict describing the site install (cf group_vars/all/vars.yml)
# - any vars you use in roles/build/templates/{{ site.type }}
- name: "Create folder {{ sites_path }}/{{ site.slug }}"
file:
path: "{{ sites_path }}/{{ site.slug }}"
state: directory
mode: '750'
- name: "Create {{ sites_path }}/{{ site.slug }} sub-directories"
file:
path: "{{ sites_path }}/{{ site.slug }}/{{ item.path }}"
state: directory
mode: "{{ item.mode }}"
with_filetree: "../templates/{{ site.type }}/"
when: item.state == 'directory'
- name: Render template files
template:
src: "{{ item.src }}"
dest: "{{ sites_path }}/{{ site.slug }}/{{ item.path | regex_replace('.j2','') }}"
mode: "{{ item.mode }}"
with_filetree: "../templates/{{ site.type }}/"
when: item.state == 'file'

View file

@ -1,3 +1,4 @@
---
- name: "Set site_data_path to {{ www_path }}/{{ site.slug }}_wp-content" - name: "Set site_data_path to {{ www_path }}/{{ site.slug }}_wp-content"
set_fact: site_data_path="{{ www_path }}/{{ site.slug }}_wp-content" set_fact: site_data_path="{{ www_path }}/{{ site.slug }}_wp-content"
tags: always tags: always
@ -55,59 +56,24 @@
loop_var: toremove loop_var: toremove
when: wpcontent.stat.exists is not defined or wpcontent.stat.exists == False when: wpcontent.stat.exists is not defined or wpcontent.stat.exists == False
tags: [docker, nginx] tags: bootstrap
#################### ####################
# Render templates # # Render templates #
#################### ####################
- name: "Create folder {{ sites_path }}/{{ site.slug }}" - name: "Render templates"
file: import_tasks: render.yml
path: "{{ sites_path }}/{{ site.slug }}" tags: render
state: directory
mode: '750'
tags: [docker, nginx]
- name: "Create {{ sites_path }}/{{ site.slug }} sub-directories"
file:
path: "{{ sites_path }}/{{ site.slug }}/{{ item.path }}"
state: directory
mode: "{{ item.mode }}"
with_filetree: "../templates/wordpress/"
when: item.state == 'directory'
tags: [docker, nginx]
- name: Render template files
template:
src: "{{ item.src }}"
dest: "{{ sites_path }}/{{ site.slug }}/{{ item.path | regex_replace('.j2','') }}"
mode: "{{ item.mode }}"
with_filetree: "../templates/wordpress/"
when: item.state == 'file'
tags: [docker, nginx]
####################### #######################
# MySQL configuration # # MySQL configuration #
####################### #######################
# MySQL equivalent: - name: "Setup MySQL"
# create user <user>@<ip> identified by <pass>; import_tasks: mysql.yml
# grant all on <db>.* to <user>@<ip>;
- name: "Add database user {{ site.mysql_username }}@{{ site.subnet_site_ip }} and grant all privileges on {{ site.mysql_database }}"
mysql_user:
# Credentials to log in MySQL
login_host: localhost
login_user: root
login_password: "{{ mysql_root_password }}"
# Credentials of the new db user
host: "{{ site.subnet_site_ip }}"
name: "{{ site.mysql_username }}"
password: "{{ site.mysql_password }}"
# Grants
priv: "{{ site.mysql_database }}.*:all"
state: present
tags: mysql tags: mysql

View file

@ -1,33 +1,33 @@
version: '3' version: '3'
# Generated by ansible for site {{ item.url }} # Generated by ansible for site {{ site.url }}
# On network {{ item.subnet_cidr_address }}: # On network {{ site.subnet_cidr_address }}:
# - web server (nginx) at {{ item.subnet_nginx_ip }} # - web server (nginx) at {{ site.subnet_nginx_ip }}
# - site (gitea) at {{ item.subnet_site_ip }} # - site (gitea) at {{ site.subnet_site_ip }}
services: services:
site: site:
# build: site # build: site
image: gitea/gitea:1.11.4 image: gitea/gitea:{{ gitea.version }}
restart: always restart: always
environment: environment:
APP_NAME: "Gitea: git with a cup of coffee" APP_NAME: "Gitea: git with a cup of coffee"
DOMAIN: "{{ item.url }}" DOMAIN: "{{ site.url }}"
ROOT_URL: "{{ item.url }}" ROOT_URL: "{{ site.url }}"
USER_UID: "{{ item.user_uid }}" USER_UID: "{{ site.user_uid }}"
USER_GID: "{{ item.user_gid }}" USER_GID: "{{ site.user_gid }}"
DB_TYPE: mysql DB_TYPE: mysql
DB_HOST: "{{ item.subnet_gateway_ip }}" DB_HOST: "{{ site.subnet_gateway_ip }}"
DB_USER: "{{ item.mysql_username }}" DB_USER: "{{ site.mysql_username }}"
DB_PASSWD: "{{ item.mysql_password }}" DB_PASSWD: "{{ site.mysql_password }}"
DB_NAME: "{{ item.mysql_database }}" DB_NAME: "{{ site.mysql_database }}"
volumes: volumes:
- "{{ site_data_path }}:/data" - "{{ site_data_path }}:/data"
- "/etc/timezone:/etc/timezone:ro" - "/etc/timezone:/etc/timezone:ro"
- "/etc/localtime:/etc/localtime:ro" - "/etc/localtime:/etc/localtime:ro"
networks: networks:
net: net:
ipv4_address: "{{ item.subnet_site_ip }}" ipv4_address: "{{ site.subnet_site_ip }}"
nginx: nginx:
build: nginx build: nginx
@ -38,7 +38,7 @@ services:
- "{{ site_data_path }}:/data" - "{{ site_data_path }}:/data"
networks: networks:
net: net:
ipv4_address: "{{ item.subnet_nginx_ip }}" ipv4_address: "{{ site.subnet_nginx_ip }}"
networks: networks:
@ -46,7 +46,7 @@ networks:
ipam: ipam:
driver: default driver: default
config: config:
- subnet: "{{ item.subnet_cidr_address }}" - subnet: "{{ site.subnet_cidr_address }}"
volumes: volumes:
html_data: html_data:

View file

@ -1,19 +1,19 @@
# Generated by ansible for site {{ item.url }} # Generated by ansible for site {{ site.url }}
# At {{ item.subnet_site_ip }} on {{ item.subnet_cidr_address }} # At {{ site.subnet_site_ip }} on {{ site.subnet_cidr_address }}
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name {{ item.url }} www.{{ item.url }}; server_name {{ site.url }} www.{{ site.url }};
# Let's Encrypt # Let's Encrypt
include snippets/letsencrypt.conf; include snippets/letsencrypt.conf;
location / { location / {
{% if item.redirect_to_www %} {% if site.redirect_to_www %}
return 301 https://www.{{ item.url }}$request_uri; return 301 https://www.{{ site.url }}$request_uri;
{% else %} {% else %}
return 301 https://{{ item.url }}$request_uri; return 301 https://{{ site.url }}$request_uri;
{% endif %} {% endif %}
} }
} }
@ -21,20 +21,20 @@ server {
server { server {
listen 443 ssl; listen 443 ssl;
listen [::]:443 ssl; listen [::]:443 ssl;
server_name {{ item.url }} www.{{ item.url }}; server_name {{ site.url }} www.{{ site.url }};
access_log /var/log/nginx/{{ item.slug }}-access.log; access_log /var/log/nginx/{{ site.slug }}-access.log;
error_log /var/log/nginx/{{ item.slug }}-error.log; error_log /var/log/nginx/{{ site.slug }}-error.log;
{% if item.redirect_to_www %} {% if site.redirect_to_www %}
# Redirect non-www to www # Redirect non-www to www
if ($host = {{ item.url }}) { if ($host = {{ site.url }}) {
rewrite ^ https://www.{{ item.url }}$request_uri permanent; rewrite ^ https://www.{{ site.url }}$request_uri permanent;
} }
{% else %} {% else %}
# Redirect www to non-www # Redirect www to non-www
if ($host = www.{{ item.url }}) { if ($host = www.{{ site.url }}) {
rewrite ^ https://{{ item.url }}$request_uri permanent; rewrite ^ https://{{ site.url }}$request_uri permanent;
} }
{% endif %} {% endif %}
@ -42,13 +42,13 @@ server {
include snippets/letsencrypt.conf; include snippets/letsencrypt.conf;
include snippets/ssl-params.conf; include snippets/ssl-params.conf;
ssl_certificate /etc/letsencrypt/live/{{ item.url }}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/{{ site.url }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ item.url }}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/{{ site.url }}/privkey.pem;
include snippets/header-params_server.conf; include snippets/header-params_server.conf;
location / { location / {
include snippets/header-params_location.conf; include snippets/header-params_location.conf;
proxy_pass http://{{ item.subnet_nginx_ip }}:80; proxy_pass http://{{ site.subnet_nginx_ip }}:80;
} }
} }

View file

@ -0,0 +1,5 @@
FROM nginx:latest
COPY nginx.conf /etc/nginx/nginx.conf
# Should be UID & GID=33
# USER www-data:www-data

View file

@ -15,7 +15,7 @@ http {
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
default_type application/octet-stream; default_type application/octet-stream;
set_real_ip_from {{ item.subnet_gateway_ip }}; set_real_ip_from {{ site.subnet_gateway_ip }};
log_format main '$http_x_real_ip - $remote_user [$time_local] "$request" ' log_format main '$http_x_real_ip - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" ' '$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'; '"$http_user_agent" "$http_x_forwarded_for"';
@ -59,9 +59,9 @@ http {
server { server {
listen 80 default; listen 80 default;
listen [::]:80 default; listen [::]:80 default;
server_name {{ item.url }} www.{{ item.url }}; server_name {{ site.url }} www.{{ site.url }};
location / { location / {
proxy_pass http://{{ item.subnet_site_ip }}:3000; proxy_pass http://{{ site.subnet_site_ip }}:3000;
} }
} }