wipe: Bump prod version to 2023.1.6

marcel: Add marcel's blog service
wordpress: Add wordpress service template
2023-02-12 16:02:55 +01:00 · 2023-02-12 16:02:55 +01:00 · 2023-02-12 16:02:55 +01:00 · 2023-02-12 16:00:19 +01:00 · 2023-02-12 15:59:27 +01:00 · 2023-02-12 15:58:26 +01:00
10 changed files with 175 additions and 121 deletions
--- a/main.yaml
+++ b/main.yaml
@ -1,9 +1,10 @@
 ---
 - hosts: all
  become: yes
-
- name: Setup server
+  name: Setup server
  import_playbook: setup.yaml

- name: Deploy services
+- hosts: all
+  become: yes
+  name: Deploy services
  import_playbook: deploy.yaml
--- a/ping.yaml
+++ b/ping.yaml
@ -1,3 +1,4 @@
+---
 - hosts:
    - all
  tasks:
--- a/services/traefik/config/traefik.yaml
+++ b/services/traefik/config/traefik.yaml
@ -79,3 +79,9 @@ certificatesResolvers:
      storage: "/etc/traefik/acme/lets-encrypt.json"
      dnsChallenge: 
        provider: ovh
+  lets-encrypt-tls:
+    acme:
+      caServer: "{{ lets_encrypt_url|default('https://acme-v02.api.letsencrypt.org/directory') }}"
+      email: "kacper@kadet.net"
+      storage: "/etc/traefik/acme/lets-encrypt-tls.json"
+      tlsChallenge: {}
--- a/services/wipe/stack.yml
+++ b/services/wipe/stack.yml
@ -25,31 +25,31 @@ services:
      pod.component.fpm: |
        image: registry.kadet.net/wipe/php-fpm:{{ wipe_version }}
        volumes:
-          - www-data:/var/www
-          - storage-data:/var/www/storage
+          - {{ service }}-www-data:/var/www
+          - {{ service }}-storage-data:/var/www/storage
      pod.component.nginx: |
        image: nginx:latest
        volumes:
-          - www-data:/var/www
-          - storage-data:/var/www/storage
-          - nginx-config:/etc/nginx/templates
+          - {{ service }}-www-data:/var/www
+          - {{ service }}-storage-data:/var/www/storage
+          - {{ service }}-nginx-config:/etc/nginx/templates
      pod.copy.fpm: /var/conf/wipe/.env:/var/www/.env
      pod.init.components: |
        - image: registry.kadet.net/wipe/php-fpm:{{ wipe_version }}
          entrypoint: ["/bin/sh", "-c"]
          command: ["cp -r /var/www/* /mnt/www"]
          volumes:
-            - www-data:/mnt/www
+            - {{ service }}-www-data:/mnt/www
        - image: registry.kadet.net/wipe/php-fpm:{{ wipe_version }}
          entrypoint: ["/bin/sh", "-c"]
          command: ["cp -rnp /var/www/storage/* /mnt/storage"]
          volumes:
-            - storage-data:/mnt/storage
+            - {{ service }}-storage-data:/mnt/storage
        - image: registry.kadet.net/wipe/php-fpm:{{ wipe_version }}
          entrypoint: ["/bin/sh", "-c"]
          command: ["cp -r /var/www/nginx/* /mnt/config"]
          volumes:
-            - nginx-config:/mnt/config
+            - {{ service }}-nginx-config:/mnt/config
    configs:
      - source: dotenv_{{ dotenv_file.checksum }}
        target: /var/conf/wipe/.env
@ -73,14 +73,13 @@ configs:

 volumes:
  nginx-config:
-    name: '{{ "nginx-config.{{.Task.ID}}" }}'
+    name: '{{ service }}-{{ "nginx-config.{{.Task.ID}}" }}'
    labels:
-      com.github.rycus86.podlike.volume-ref: nginx-config
+      com.github.rycus86.podlike.volume-ref: "{{ service }}-nginx-config"
  www-data:
-    name: '{{ "www-data.{{.Task.ID}}" }}'
+    name: '{{ service }}-{{ "www-data.{{.Task.ID}}" }}'
    labels:
-      com.github.rycus86.podlike.volume-ref: www-data
+      com.github.rycus86.podlike.volume-ref: "{{ service }}-www-data"
  storage-data:
-    name: '{{ "www-data.{{.Task.ID}}" }}'
    labels:
-      com.github.rycus86.podlike.volume-ref: storage-data
+      com.github.rycus86.podlike.volume-ref: "{{ service }}-storage-data"
--- a/services/wordpress/stack.yml
+++ b/services/wordpress/stack.yml
@ -0,0 +1,24 @@
+version: "{{ compose_version }}"
+
+services:
+  wordpress:
+    image: wordpress
+    networks: ["{{ ingress_network }}", "default"]
+    environment:
+      WORDPRESS_DB_HOST: "{{ database_mysql_host }}"
+      WORDPRESS_DB_USER: "{{ wordpress_db_user }}"
+      WORDPRESS_DB_PASSWORD: "{{ wordpress_db_pass }}"
+      WORDPRESS_DB_NAME: "{{ wordpress_db_name }}"
+    volumes:
+      - wordpress_data:/var/www/html
+    deploy:
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.{{ service }}.rule={{ traefik_routing_rule }}
+        - traefik.http.routers.{{ service }}.tls=true
+        - traefik.http.routers.{{ service }}.tls.certresolver=lets-encrypt
+        - traefik.http.routers.{{ service }}.middlewares=gzip@file
+        - traefik.http.services.{{ service }}.loadbalancer.server.port=80
+
+volumes:
+  wordpress_data: ~
--- a/services/wordpress/vars/defaults.yaml
+++ b/services/wordpress/vars/defaults.yaml
@ -0,0 +1,2 @@
+---
+wordpress_db_pass: "{{ mysql_user_passwords[wordpress_db_user] }}"
--- a/setup.yaml
+++ b/setup.yaml
@ -18,9 +18,9 @@
      user:
        user: "{{ ansible_user }}"
        groups: docker
-        append: yes
+        append: true

    - name: "Add acl package"
-      apt: 
+      apt:
        name: acl
        state: present
--- a/vars/databases.yml
+++ b/vars/databases.yml
@ -1,11 +1,11 @@
 mysql_root_password: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          63373634623230333965653830623535363363363930666331303933303061333135373163366434
-          6263633764613336356130343562333635623731346636650a613063323833363038356566306633
-          33376461626236663765323234613966613036616635646362316230313162333838326263393563
-          3134373663326635650a303837303133353830366236346536333238366664633131613437346363
-          30316362393664316261363834633464303632323461626463636263626236346566323165323738
-          3036323064333065663430316362363630313065613437343938
+  $ANSIBLE_VAULT;1.1;AES256
+  63373634623230333965653830623535363363363930666331303933303061333135373163366434
+  6263633764613336356130343562333635623731346636650a613063323833363038356566306633
+  33376461626236663765323234613966613036616635646362316230313162333838326263393563
+  3134373663326635650a303837303133353830366236346536333238366664633131613437346363
+  30316362393664316261363834633464303632323461626463636263626236346566323165323738
+  3036323064333065663430316362363630313065613437343938

 mysql_databases:
  - name: gitea
@ -15,81 +15,92 @@ mysql_databases:
  - name: shitcode
  - name: cojedzie-next
  - name: cojedzie
+  - name: marcelchefmonsieur

 mysql_users:
  - name: gitea
    priv: gitea.*:ALL
-    host: '172.%'
+    host: "172.%"
    password: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          30636438636462653666616466313837303063666463656462383737326662636231393933353735
-          3262636431363230323834313637626136396362656564350a643732306466643536323937353531
-          62643935653066373330633732623162376431356535663766393435636336343561373861653534
-          6565323737646632610a383561386133303963613333656532623636363039336265356334373230
-          35356139353564373630363838393166316339616434306461396238626361653638
+      $ANSIBLE_VAULT;1.1;AES256
+      30636438636462653666616466313837303063666463656462383737326662636231393933353735
+      3262636431363230323834313637626136396362656564350a643732306466643536323937353531
+      62643935653066373330633732623162376431356535663766393435636336343561373861653534
+      6565323737646632610a383561386133303963613333656532623636363039336265356334373230
+      35356139353564373630363838393166316339616434306461396238626361653638
  - name: keylighter
    priv: keylighter.*:ALL
-    host: '172.%'
-    password: !vault | 
-          $ANSIBLE_VAULT;1.1;AES256
-          63656537653463313639373130666537373365393866623031616265643762353739643965326132
-          3764653563333266616132393335613335363361633531660a373730363362666230363836393266
-          62346536356636653664306131643636303164356531656139616463363337343866386135616135
-          3765393631656264660a346264613933663136636464666430633062623438386561363137383538
-          36613162336666323933333833643838373465333764643134663631333631383231
+    host: "172.%"
+    password: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      63656537653463313639373130666537373365393866623031616265643762353739643965326132
+      3764653563333266616132393335613335363361633531660a373730363362666230363836393266
+      62346536356636653664306131643636303164356531656139616463363337343866386135616135
+      3765393631656264660a346264613933663136636464666430633062623438386561363137383538
+      36613162336666323933333833643838373465333764643134663631333631383231
  - name: shitcode
    priv: shitcode.*:ALL
-    host: '172.%'
+    host: "172.%"
    password: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          39306237636162363632396565633635373166333732333139343036666434303938613038646665
-          3839373166306433643232323535636239333730613566310a326239393635326635623830343732
-          61613137616236303230626639666334326466333931613430613166333161646536313661343738
-          3732386638376330350a353334383464313866613738646566636665396566623062373564323933
-          65396634613136306630643964386637653936346236386333323262363430303261
+      $ANSIBLE_VAULT;1.1;AES256
+      39306237636162363632396565633635373166333732333139343036666434303938613038646665
+      3839373166306433643232323535636239333730613566310a326239393635326635623830343732
+      61613137616236303230626639666334326466333931613430613166333161646536313661343738
+      3732386638376330350a353334383464313866613738646566636665396566623062373564323933
+      65396634613136306630643964386637653936346236386333323262363430303261
  - name: wipe-stg
    priv: wipe-stg.*:ALL
-    host: '172.%'
+    host: "172.%"
    password: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          32316135383561636662333363393635373537616138306538616335393032303962333031346137
-          3861633263343130663037636130346535653330313039310a353634346538383561363338626334
-          65376538643837303330343437626335636134363761393063313561633539616531613065656436
-          3435386439313732320a333932626435613733306239346131646564613037373265316234346563
-          35343734393636633030633233323465613634623733376135656232393235333762646239613361
-          3863336164663865636633396361353133353238313262313934
+      $ANSIBLE_VAULT;1.1;AES256
+      32316135383561636662333363393635373537616138306538616335393032303962333031346137
+      3861633263343130663037636130346535653330313039310a353634346538383561363338626334
+      65376538643837303330343437626335636134363761393063313561633539616531613065656436
+      3435386439313732320a333932626435613733306239346131646564613037373265316234346563
+      35343734393636633030633233323465613634623733376135656232393235333762646239613361
+      3863336164663865636633396361353133353238313262313934
  - name: wipe
    priv: wipe.*:ALL
-    host: '172.%'
+    host: "172.%"
    password: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          63313762333536383933373232616461356632373963666438333339626434303661313131383061
-          6461316637326634393862626632316139656133353833360a383466303763663135383536376539
-          65373333353830613433663533633265303965356234396136326631626239646533383761326135
-          3365633834336464340a616133656265663039353236666565316431383631656435303166393538
-          63323630626239396263626536306632356635373535366335666265396630353430
+      $ANSIBLE_VAULT;1.1;AES256
+      63313762333536383933373232616461356632373963666438333339626434303661313131383061
+      6461316637326634393862626632316139656133353833360a383466303763663135383536376539
+      65373333353830613433663533633265303965356234396136326631626239646533383761326135
+      3365633834336464340a616133656265663039353236666565316431383631656435303166393538
+      63323630626239396263626536306632356635373535366335666265396630353430
  - name: cojedzie-next
    priv: cojedzie-next.*:ALL
-    host: '172.%'
+    host: "172.%"
    password: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          35346533366533313962656662613965626139646164656536616361353137386137353962616137
-          3639333138656330326431643362363737656536376661350a343430386361653732333932393265
-          65363865616465623965643564376330316437653665646332353663613038343765316663313837
-          3662646135666461310a353561383261313130623132636366363264393639613963386162613330
-          31303239636231636633366530333530643063303434623763363731616635663639636135316666
-          3737323335303065376633356238303961323331396666366636
+      $ANSIBLE_VAULT;1.1;AES256
+      35346533366533313962656662613965626139646164656536616361353137386137353962616137
+      3639333138656330326431643362363737656536376661350a343430386361653732333932393265
+      65363865616465623965643564376330316437653665646332353663613038343765316663313837
+      3662646135666461310a353561383261313130623132636366363264393639613963386162613330
+      31303239636231636633366530333530643063303434623763363731616635663639636135316666
+      3737323335303065376633356238303961323331396666366636
  - name: cojedzie
    priv: cojedzie.*:ALL
-    host: '172.%'
+    host: "172.%"
    password: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          35346533366533313962656662613965626139646164656536616361353137386137353962616137
-          3639333138656330326431643362363737656536376661350a343430386361653732333932393265
-          65363865616465623965643564376330316437653665646332353663613038343765316663313837
-          3662646135666461310a353561383261313130623132636366363264393639613963386162613330
-          31303239636231636633366530333530643063303434623763363731616635663639636135316666
-          3737323335303065376633356238303961323331396666366636
-
+      $ANSIBLE_VAULT;1.1;AES256
+      35346533366533313962656662613965626139646164656536616361353137386137353962616137
+      3639333138656330326431643362363737656536376661350a343430386361653732333932393265
+      65363865616465623965643564376330316437653665646332353663613038343765316663313837
+      3662646135666461310a353561383261313130623132636366363264393639613963386162613330
+      31303239636231636633366530333530643063303434623763363731616635663639636135316666
+      3737323335303065376633356238303961323331396666366636
+  - name: marcelchefmonsieur
+    priv: marcelchefmonsieur.*:ALL
+    host: "172.%"
+    password: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      61343731393737383031356234633063386434396639623365326137643033653565626465653534
+      6139343835626266356161616464373631646230303531340a656634346132393532366265393537
+      66346138666133333330323764633738383536616437646133646239303266613934653231383762
+      6135343532633333330a316338613733303165666237623434343365343866383533633934303462
+      38623733306137336335633135386538343062346439623765343137333963636436383465316163
+      6336356566316135333037653739663264313566323164646232

 mysql_user_passwords: "{{ mysql_users|items2dict(key_name='name', value_name='password') }}"
--- a/vars/environment.yml
+++ b/vars/environment.yml
@ -6,12 +6,12 @@ pip_install_packages:
  - pyyaml
  - passlib
  - bcrypt
-ansible_python_interpreter: /usr/bin/python3  
+ansible_python_interpreter: /usr/bin/python3
 pip_package: python3-pip
 pip_executable: pip3

 swarm_global_networks:
- - name: traefik
+  - name: traefik
 swarm_host_address: "{{ ansible_docker0.ipv4.address }}"
 swarm_registry_user:
  name: docker-swarm
@ -24,5 +24,5 @@ swarm_registry_user:
    65353438613864373962636463613836313034633963613834393233376136313861303538346265
    6139666332373137303962646530353364333732353339313262
 swarm_global_secrets:
- - name: dockerregistryauth
-   data: "{{ lookup('ansible.builtin.template', 'templates/dockerregistryauth.json.j2', convert_data=False)|string }}"
+  - name: dockerregistryauth
+    data: "{{ lookup('ansible.builtin.template', 'templates/dockerregistryauth.json.j2', convert_data=False)|string }}"
--- a/vars/services.yml
+++ b/vars/services.yml
@ -19,37 +19,37 @@ service_config:
  traefik:
    ovh_endpoint: ovh-eu
    ovh_application_key: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          36316437333734643766303734613564306539363531323832623032343233303739303135633563
-          3263613130636262386463323836353238656164306462660a616533366165313437636331303766
-          33383963393464313032303336343761306436316163346630306262363762613831373838663837
-          6363373339316534640a333766373162343864613730376563303361656138323262306339613530
-          34653466333161353433326632323731306565643930383962653233346162343362
+      $ANSIBLE_VAULT;1.1;AES256
+      36316437333734643766303734613564306539363531323832623032343233303739303135633563
+      3263613130636262386463323836353238656164306462660a616533366165313437636331303766
+      33383963393464313032303336343761306436316163346630306262363762613831373838663837
+      6363373339316534640a333766373162343864613730376563303361656138323262306339613530
+      34653466333161353433326632323731306565643930383962653233346162343362
    ovh_application_secret: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          37363635656333343863393435343031306630373038663561303038383136616138363538333636
-          6438353634323266356233633034613263653435386262300a393962656564366432643932373264
-          36656161353730376636646233363662376636383461656434306339646339643865626162646435
-          3835623031326137320a653962383531663532663436316264313035356237623466663262643735
-          66646465646531643638653165316531336430356266393631353439633236323733656463643935
-          6436623435613135313862643962663362656539363165303037
+      $ANSIBLE_VAULT;1.1;AES256
+      37363635656333343863393435343031306630373038663561303038383136616138363538333636
+      6438353634323266356233633034613263653435386262300a393962656564366432643932373264
+      36656161353730376636646233363662376636383461656434306339646339643865626162646435
+      3835623031326137320a653962383531663532663436316264313035356237623466663262643735
+      66646465646531643638653165316531336430356266393631353439633236323733656463643935
+      6436623435613135313862643962663362656539363165303037
    ovh_consumer_key: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          64356531386663353164303762396664393031323864363362346336346166353933336334303563
-          6135386139616638396136336534656562643061653630650a366365653234643439323537663766
-          31643864353032303237633933326334626161646336346532386566333465333230383639313664
-          3531383466316437390a393130303136356262363231643063373763303265393563326565633965
-          39303464363636366638373065363535353161613334373530623062376333373234666161323731
-          3764613331316433653335376337356464313137336563643834
+      $ANSIBLE_VAULT;1.1;AES256
+      64356531386663353164303762396664393031323864363362346336346166353933336334303563
+      6135386139616638396136336534656562643061653630650a366365653234643439323537663766
+      31643864353032303237633933326334626161646336346532386566333465333230383639313664
+      3531383466316437390a393130303136356262363231643063373763303265393563326565633965
+      39303464363636366638373065363535353161613334373530623062376333373234666161323731
+      3764613331316433653335376337356464313137336563643834

    traefik_token: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          66623665393638313039616464613563316437386566396238623937363238626535633937633536
-          6236653135363566333636633961343766323138633737610a346666636430303031373333376565
-          62643038666134386631306139613835623830346139356163376438643261646366386437343064
-          3365363639663862660a616239366130326538396431393537623964396530393531363665353361
-          65343938646438366264353837316263643634373639346334303939663732383832353439313330
-          3466323034336339626239633763393832383435623632386632
+      $ANSIBLE_VAULT;1.1;AES256
+      66623665393638313039616464613563316437386566396238623937363238626535633937633536
+      6236653135363566333636633961343766323138633737610a346666636430303031373333376565
+      62643038666134386631306139613835623830346139356163376438643261646366386437343064
+      3365363639663862660a616239366130326538396431393537623964396530393531363665353361
+      65343938646438366264353837316263643634373639346334303939663732383832353439313330
+      3466323034336339626239633763393832383435623632386632
    dashboard_users:
      - name: kadet
        password: !vault |
@ -65,8 +65,18 @@ service_config:
      name: gitea
      user: gitea
      password: "{{ mysql_user_passwords['gitea'] }}"
+
+  marcel:
+    template: wordpress
+
+    traefik_routing_rule: Host(`marcelchefmonsieur.kadet.net`)
+
+    wordpress_db_name: marcelchefmonsieur
+    wordpress_db_user: marcelchefmonsieur
+
  legacy:
    www_data_users: ["{{ ansible_user }}"]
+
  wipe-stg:
    template: wipe

@ -99,7 +109,7 @@ service_config:
      623838613832393239343036396439383561
  wipe:
    wipe_rule: Host(`wipe.kadet.net`, `wipozaekranem.pl`)
-    wipe_version: "2023.1.3"
+    wipe_version: "2023.1.6"
    wipe_mail:
      host: email-smtp.eu-north-1.amazonaws.com
      from: "WIPE #7 <no-reply@wipozaekranem.pl>"
@ -148,13 +158,13 @@ service_config:
      62643132313336356365313465353263626565616434633963343764653330316566613633633638
      623838613832393239343036396439383561
  cojedzie:
-    cojedzie_version: '2022.3.1'
+    cojedzie_version: "2022.3.1"
    cojedzie_gtm: GTM-TQNX386
    cojedzie_database:
      name: cojedzie
      user: cojedzie
      password: "{{ mysql_user_passwords['cojedzie'] }}"
-  cojedzie-next: 
+  cojedzie-next:
    cojedzie_database:
      name: cojedzie-next
      user: cojedzie-next
@ -222,13 +232,13 @@ service_config:
  echo: {}
  management:
    api_server_vault_password: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          38376138373336636630386339653761646333313238386365653365623335383035643231643162
-          3936353164363934633939306462346262666438346262310a313366353766303833373734383032
-          38643039376636633762653838623565376236653061633734626262616530313734366231326632
-          6530373935323033360a613236366135656436306330306162636661313963613466656163316139
-          32333032613461633834396261623166656365666364393761326438366536306237373661303834
-          3339396235393636346666346365306463643430373639613762
+      $ANSIBLE_VAULT;1.1;AES256
+      38376138373336636630386339653761646333313238386365653365623335383035643231643162
+      3936353164363934633939306462346262666438346262310a313366353766303833373734383032
+      38643039376636633762653838623565376236653061633734626262616530313734366231326632
+      6530373935323033360a613236366135656436306330306162636661313963613466656163316139
+      32333032613461633834396261623166656365666364393761326438366536306237373661303834
+      3339396235393636346666346365306463643430373639613762
    api_server_users:
      - token: !vault |
          $ANSIBLE_VAULT;1.1;AES256
Author	SHA1	Message	Date
Kacper Donat	7f165dd1ad	wipe: Bump prod version to 2023.1.6	2023-02-12 16:02:55 +01:00
Kacper Donat	3d731b29c5	marcel: Add marcel's blog service	2023-02-12 16:02:55 +01:00
Kacper Donat	43b3caa31e	wordpress: Add wordpress service template	2023-02-12 16:02:55 +01:00
Kacper Donat	07468c2efa	traefik: Add lets-encrypt-tls resolver	2023-02-12 16:00:19 +01:00
Kacper Donat	a832e95730	wipe: Fix reusing of same volume accross differnt instances	2023-02-12 15:59:27 +01:00
Kacper Donat	26cb43e07c	reformat: Apply new formatting to all files	2023-02-12 15:58:26 +01:00