Add database role

2021-03-13 16:40:24 +01:00 · 2021-03-13 16:40:24 +01:00 · cbc789fce1
commit cbc789fce1
parent 618db1dadd
5 changed files with 75 additions and 16 deletions
--- a/init.yaml
+++ b/init.yaml
@ -5,10 +5,12 @@
  vars_files:
    - vars/services.yml
    - vars/environment.yml
+    - vars/databases.yml

  roles:
    - geerlingguy.docker
    - geerlingguy.pip
+    - geerlingguy.mysql
    - kadet.docker-swarm

  tasks:
--- a/roles/kadet.docker-swarm/tasks/main.yml
+++ b/roles/kadet.docker-swarm/tasks/main.yml
@ -3,6 +3,7 @@
  community.docker.docker_swarm:
    state: present
    advertise_addr: "{{ swarm_addr|default(omit) }}"
+    task_history_retention_limit: "{{ swarm_task_history_limit|default(3) }}"

 - name: Init global networks for swarm
  community.docker.docker_network:
@ -10,3 +11,7 @@
    driver: "{{ item.driver|default('overlay') }}"
    scope: swarm
  loop: "{{ swarm_global_networks }}"
+
+- name: Set swarm_host_address fact
+  set_fact:
+    swarm_host_address: "{{ ansible_docker0.ipv4.address }}"
--- a/services/gitea/stack.yml
+++ b/services/gitea/stack.yml
@ -11,16 +11,15 @@ services:
      - USER_GID={{ git_user.group }}
      - ROOT_URL=http://git.{{ main_domain }}/
      - DB_TYPE=mysql
-      - DB_HOST=db:3306
-      - DB_NAME=gitea
-      - DB_USER=gitea
-      - DB_PASSWD=gitea
+      - DB_HOST={{ database_mysql_host }}:3306
+      - DB_NAME={{ database.name }}
+      - DB_USER={{ database.user }}
+      - DB_PASSWD={{ database.password }}
    ports:
      - 127.0.0.1:2222:22
    networks: 
      - "{{ ingress_network }}"
      - default
-    depends_on: ['db']
    volumes:
      - "{{ repositories_path }}:/data"
      - "{{ git_user.home }}/.ssh:/data/git/.ssh"
@ -31,14 +30,3 @@ services:
        - traefik.enable=true
        - traefik.http.routers.{{ service }}.rule=Host(`git.{{ main_domain }}`)
        - traefik.http.services.{{ service }}.loadbalancer.server.port=3000
-
-  db:
-     image: mysql:5.7
-     restart: always
-     environment:
-       - MYSQL_ROOT_PASSWORD=gitea
-       - MYSQL_USER=gitea
-       - MYSQL_PASSWORD=gitea
-       - MYSQL_DATABASE=gitea
-     volumes:
-       - db_data:/var/lib/mysql
--- a/vars/databases.yml
+++ b/vars/databases.yml
@ -0,0 +1,57 @@
+mysql_root_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          63373634623230333965653830623535363363363930666331303933303061333135373163366434
+          6263633764613336356130343562333635623731346636650a613063323833363038356566306633
+          33376461626236663765323234613966613036616635646362316230313162333838326263393563
+          3134373663326635650a303837303133353830366236346536333238366664633131613437346363
+          30316362393664316261363834633464303632323461626463636263626236346566323165323738
+          3036323064333065663430316362363630313065613437343938
+
+mysql_databases:
+  - name: gitea
+  - name: wipe
+  - name: keylighter
+
+mysql_users:
+  - name: gitea
+    priv: gitea.*:ALL
+    host: '172.%'
+    password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          30636438636462653666616466313837303063666463656462383737326662636231393933353735
+          3262636431363230323834313637626136396362656564350a643732306466643536323937353531
+          62643935653066373330633732623162376431356535663766393435636336343561373861653534
+          6565323737646632610a383561386133303963613333656532623636363039336265356334373230
+          35356139353564373630363838393166316339616434306461396238626361653638
+  - name: keylighter
+    priv: keylighter.*:ALL
+    host: '172.%'
+    password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          63656537653463313639373130666537373365393866623031616265643762353739643965326132
+          3764653563333266616132393335613335363361633531660a373730363362666230363836393266
+          62346536356636653664306131643636303164356531656139616463363337343866386135616135
+          3765393631656264660a346264613933663136636464666430633062623438386561363137383538
+          36613162336666323933333833643838373465333764643134663631333631383231
+  - name: shitcode
+    priv: shitcode.*:ALL
+    host: '172.%'
+    password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          39306237636162363632396565633635373166333732333139343036666434303938613038646665
+          3839373166306433643232323535636239333730613566310a326239393635326635623830343732
+          61613137616236303230626639666334326466333931613430613166333161646536313661343738
+          3732386638376330350a353334383464313866613738646566636665396566623062373564323933
+          65396634613136306630643964386637653936346236386333323262363430303261
+  - name: wipe
+    priv: wipe.*:ALL
+    host: '172.%'
+    password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          63313762333536383933373232616461356632373963666438333339626434303661313131383061
+          6461316637326634393862626632316139656133353833360a383466303763663135383536376539
+          65373333353830613433663533633265303965356234396136326631626239646533383761326135
+          3365633834336464340a616133656265663039353236666565316431383631656435303166393538
+          63323630626239396263626536306632356635373535366335666265396630353430
+
+mysql_user_passwords: "{{ mysql_users|items2dict(key_name='name', value_name='password') }}"
--- a/vars/services.yml
+++ b/vars/services.yml
@ -13,6 +13,8 @@ ingress_network: traefik

 main_domain: kadet.local

+database_mysql_host: "{{ swarm_host_address }}"
+
 service_config:
  traefik:
    dashboard_users:
@ -25,4 +27,9 @@ service_config:
          3634346265616162370a653132663638633234663432343839666531363734376433343836316137
          35353236333161636466383462343234323461623233643339653739623932666637386633626330
          6366666637366362663865313661306137383931613565663564
+  gitea:
+    database:
+      name: gitea
+      user: gitea
+      password: "{{ mysql_user_passwords['gitea'] }}"