kadet.net/servers
1
0
Fork 0
Code Releases Activity

Compare commits

base: kadet.net:0a01fa3c6dc361f248337fdee8bcb39d43a784ef
Branches Tags
kadet.net:master
kadet.net:feature/mgmt-server
..
compare: kadet.net:7f165dd1ad2fe70fd920b7b8c37409ba04fa9d2f
Branches Tags
kadet.net:master
kadet.net:feature/mgmt-server

6 Commits
0a01fa3c6d ... 7f165dd1ad

Author SHA1 Message Date
Kacper Donat
7f165dd1ad wipe: Bump prod version to 2023.1.6 2023-02-12 16:02:55 +01:00
Kacper Donat
3d731b29c5 marcel: Add marcel's blog service 2023-02-12 16:02:55 +01:00
Kacper Donat
43b3caa31e wordpress: Add wordpress service template 2023-02-12 16:02:55 +01:00
Kacper Donat
07468c2efa traefik: Add lets-encrypt-tls resolver 2023-02-12 16:00:19 +01:00
Kacper Donat
a832e95730 wipe: Fix reusing of same volume accross differnt instances 2023-02-12 15:59:27 +01:00
Kacper Donat
26cb43e07c reformat: Apply new formatting to all files 2023-02-12 15:58:26 +01:00
10 changed files with 175 additions and 121 deletions
Show Stats Expand all files Collapse all files

7
main.yaml
View File

@ -1,9 +1,10 @@
--- ---
- hosts: all - hosts: all
become: yes become: yes
name: Setup server
- name: Setup server
import_playbook: setup.yaml import_playbook: setup.yaml
- name: Deploy services - hosts: all
become: yes
name: Deploy services
import_playbook: deploy.yaml import_playbook: deploy.yaml

1
ping.yaml
View File

@ -1,3 +1,4 @@
---
- hosts: - hosts:
- all - all
tasks: tasks:

6
services/traefik/config/traefik.yaml
View File

@ -79,3 +79,9 @@ certificatesResolvers:
storage: "/etc/traefik/acme/lets-encrypt.json" storage: "/etc/traefik/acme/lets-encrypt.json"
dnsChallenge: dnsChallenge:
provider: ovh provider: ovh
lets-encrypt-tls:
acme:
caServer: "{{ lets_encrypt_url|default('https://acme-v02.api.letsencrypt.org/directory') }}"
email: "kacper@kadet.net"
storage: "/etc/traefik/acme/lets-encrypt-tls.json"
tlsChallenge: {}

27
services/wipe/stack.yml
View File

@ -25,31 +25,31 @@ services:
pod.component.fpm: | pod.component.fpm: |
image: registry.kadet.net/wipe/php-fpm:{{ wipe_version }} image: registry.kadet.net/wipe/php-fpm:{{ wipe_version }}
volumes: volumes:
- www-data:/var/www - {{ service }}-www-data:/var/www
- storage-data:/var/www/storage - {{ service }}-storage-data:/var/www/storage
pod.component.nginx: | pod.component.nginx: |
image: nginx:latest image: nginx:latest
volumes: volumes:
- www-data:/var/www - {{ service }}-www-data:/var/www
- storage-data:/var/www/storage - {{ service }}-storage-data:/var/www/storage
- nginx-config:/etc/nginx/templates - {{ service }}-nginx-config:/etc/nginx/templates
pod.copy.fpm: /var/conf/wipe/.env:/var/www/.env pod.copy.fpm: /var/conf/wipe/.env:/var/www/.env
pod.init.components: | pod.init.components: |
- image: registry.kadet.net/wipe/php-fpm:{{ wipe_version }} - image: registry.kadet.net/wipe/php-fpm:{{ wipe_version }}
entrypoint: ["/bin/sh", "-c"] entrypoint: ["/bin/sh", "-c"]
command: ["cp -r /var/www/* /mnt/www"] command: ["cp -r /var/www/* /mnt/www"]
volumes: volumes:
- www-data:/mnt/www - {{ service }}-www-data:/mnt/www
- image: registry.kadet.net/wipe/php-fpm:{{ wipe_version }} - image: registry.kadet.net/wipe/php-fpm:{{ wipe_version }}
entrypoint: ["/bin/sh", "-c"] entrypoint: ["/bin/sh", "-c"]
command: ["cp -rnp /var/www/storage/* /mnt/storage"] command: ["cp -rnp /var/www/storage/* /mnt/storage"]
volumes: volumes:
- storage-data:/mnt/storage - {{ service }}-storage-data:/mnt/storage
- image: registry.kadet.net/wipe/php-fpm:{{ wipe_version }} - image: registry.kadet.net/wipe/php-fpm:{{ wipe_version }}
entrypoint: ["/bin/sh", "-c"] entrypoint: ["/bin/sh", "-c"]
command: ["cp -r /var/www/nginx/* /mnt/config"] command: ["cp -r /var/www/nginx/* /mnt/config"]
volumes: volumes:
- nginx-config:/mnt/config - {{ service }}-nginx-config:/mnt/config
configs: configs:
- source: dotenv_{{ dotenv_file.checksum }} - source: dotenv_{{ dotenv_file.checksum }}
target: /var/conf/wipe/.env target: /var/conf/wipe/.env
@ -73,14 +73,13 @@ configs:
volumes: volumes:
nginx-config: nginx-config:
name: '{{ "nginx-config.{{.Task.ID}}" }}' name: '{{ service }}-{{ "nginx-config.{{.Task.ID}}" }}'
labels: labels:
com.github.rycus86.podlike.volume-ref: nginx-config com.github.rycus86.podlike.volume-ref: "{{ service }}-nginx-config"
www-data: www-data:
name: '{{ "www-data.{{.Task.ID}}" }}' name: '{{ service }}-{{ "www-data.{{.Task.ID}}" }}'
labels: labels:
com.github.rycus86.podlike.volume-ref: www-data com.github.rycus86.podlike.volume-ref: "{{ service }}-www-data"
storage-data: storage-data:
name: '{{ "www-data.{{.Task.ID}}" }}'
labels: labels:
com.github.rycus86.podlike.volume-ref: storage-data com.github.rycus86.podlike.volume-ref: "{{ service }}-storage-data"

24
services/wordpress/stack.yml Normal file
View File

@ -0,0 +1,24 @@
version: "{{ compose_version }}"
services:
wordpress:
image: wordpress
networks: ["{{ ingress_network }}", "default"]
environment:
WORDPRESS_DB_HOST: "{{ database_mysql_host }}"
WORDPRESS_DB_USER: "{{ wordpress_db_user }}"
WORDPRESS_DB_PASSWORD: "{{ wordpress_db_pass }}"
WORDPRESS_DB_NAME: "{{ wordpress_db_name }}"
volumes:
- wordpress_data:/var/www/html
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.{{ service }}.rule={{ traefik_routing_rule }}
- traefik.http.routers.{{ service }}.tls=true
- traefik.http.routers.{{ service }}.tls.certresolver=lets-encrypt
- traefik.http.routers.{{ service }}.middlewares=gzip@file
- traefik.http.services.{{ service }}.loadbalancer.server.port=80
volumes:
wordpress_data: ~

2
services/wordpress/vars/defaults.yaml Normal file
View File

@ -0,0 +1,2 @@
---
wordpress_db_pass: "{{ mysql_user_passwords[wordpress_db_user] }}"

2
setup.yaml
View File

@ -18,7 +18,7 @@
user: user:
user: "{{ ansible_user }}" user: "{{ ansible_user }}"
groups: docker groups: docker
append: yes append: true
- name: "Add acl package" - name: "Add acl package"
apt: apt:

27
vars/databases.yml
View File

@ -15,11 +15,12 @@ mysql_databases:
- name: shitcode - name: shitcode
- name: cojedzie-next - name: cojedzie-next
- name: cojedzie - name: cojedzie
- name: marcelchefmonsieur
mysql_users: mysql_users:
- name: gitea - name: gitea
priv: gitea.*:ALL priv: gitea.*:ALL
host: '172.%' host: "172.%"
password: !vault | password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
30636438636462653666616466313837303063666463656462383737326662636231393933353735 30636438636462653666616466313837303063666463656462383737326662636231393933353735
@ -29,7 +30,7 @@ mysql_users:
35356139353564373630363838393166316339616434306461396238626361653638 35356139353564373630363838393166316339616434306461396238626361653638
- name: keylighter - name: keylighter
priv: keylighter.*:ALL priv: keylighter.*:ALL
host: '172.%' host: "172.%"
password: !vault | password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
63656537653463313639373130666537373365393866623031616265643762353739643965326132 63656537653463313639373130666537373365393866623031616265643762353739643965326132
@ -39,7 +40,7 @@ mysql_users:
36613162336666323933333833643838373465333764643134663631333631383231 36613162336666323933333833643838373465333764643134663631333631383231
- name: shitcode - name: shitcode
priv: shitcode.*:ALL priv: shitcode.*:ALL
host: '172.%' host: "172.%"
password: !vault | password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
39306237636162363632396565633635373166333732333139343036666434303938613038646665 39306237636162363632396565633635373166333732333139343036666434303938613038646665
@ -49,7 +50,7 @@ mysql_users:
65396634613136306630643964386637653936346236386333323262363430303261 65396634613136306630643964386637653936346236386333323262363430303261
- name: wipe-stg - name: wipe-stg
priv: wipe-stg.*:ALL priv: wipe-stg.*:ALL
host: '172.%' host: "172.%"
password: !vault | password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
32316135383561636662333363393635373537616138306538616335393032303962333031346137 32316135383561636662333363393635373537616138306538616335393032303962333031346137
@ -60,7 +61,7 @@ mysql_users:
3863336164663865636633396361353133353238313262313934 3863336164663865636633396361353133353238313262313934
- name: wipe - name: wipe
priv: wipe.*:ALL priv: wipe.*:ALL
host: '172.%' host: "172.%"
password: !vault | password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
63313762333536383933373232616461356632373963666438333339626434303661313131383061 63313762333536383933373232616461356632373963666438333339626434303661313131383061
@ -70,7 +71,7 @@ mysql_users:
63323630626239396263626536306632356635373535366335666265396630353430 63323630626239396263626536306632356635373535366335666265396630353430
- name: cojedzie-next - name: cojedzie-next
priv: cojedzie-next.*:ALL priv: cojedzie-next.*:ALL
host: '172.%' host: "172.%"
password: !vault | password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
35346533366533313962656662613965626139646164656536616361353137386137353962616137 35346533366533313962656662613965626139646164656536616361353137386137353962616137
@ -81,7 +82,7 @@ mysql_users:
3737323335303065376633356238303961323331396666366636 3737323335303065376633356238303961323331396666366636
- name: cojedzie - name: cojedzie
priv: cojedzie.*:ALL priv: cojedzie.*:ALL
host: '172.%' host: "172.%"
password: !vault | password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
35346533366533313962656662613965626139646164656536616361353137386137353962616137 35346533366533313962656662613965626139646164656536616361353137386137353962616137
@ -90,6 +91,16 @@ mysql_users:
3662646135666461310a353561383261313130623132636366363264393639613963386162613330 3662646135666461310a353561383261313130623132636366363264393639613963386162613330
31303239636231636633366530333530643063303434623763363731616635663639636135316666 31303239636231636633366530333530643063303434623763363731616635663639636135316666
3737323335303065376633356238303961323331396666366636 3737323335303065376633356238303961323331396666366636
- name: marcelchefmonsieur
priv: marcelchefmonsieur.*:ALL
host: "172.%"
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
61343731393737383031356234633063386434396639623365326137643033653565626465653534
6139343835626266356161616464373631646230303531340a656634346132393532366265393537
66346138666133333330323764633738383536616437646133646239303266613934653231383762
6135343532633333330a316338613733303165666237623434343365343866383533633934303462
38623733306137336335633135386538343062346439623765343137333963636436383465316163
6336356566316135333037653739663264313566323164646232
mysql_user_passwords: "{{ mysql_users|items2dict(key_name='name', value_name='password') }}" mysql_user_passwords: "{{ mysql_users|items2dict(key_name='name', value_name='password') }}"

14
vars/services.yml
View File

@ -65,8 +65,18 @@ service_config:
name: gitea name: gitea
user: gitea user: gitea
password: "{{ mysql_user_passwords['gitea'] }}" password: "{{ mysql_user_passwords['gitea'] }}"
marcel:
template: wordpress
traefik_routing_rule: Host(`marcelchefmonsieur.kadet.net`)
wordpress_db_name: marcelchefmonsieur
wordpress_db_user: marcelchefmonsieur
legacy: legacy:
www_data_users: ["{{ ansible_user }}"] www_data_users: ["{{ ansible_user }}"]
wipe-stg: wipe-stg:
template: wipe template: wipe
@ -99,7 +109,7 @@ service_config:
623838613832393239343036396439383561 623838613832393239343036396439383561
wipe: wipe:
wipe_rule: Host(`wipe.kadet.net`, `wipozaekranem.pl`) wipe_rule: Host(`wipe.kadet.net`, `wipozaekranem.pl`)
wipe_version: "2023.1.3" wipe_version: "2023.1.6"
wipe_mail: wipe_mail:
host: email-smtp.eu-north-1.amazonaws.com host: email-smtp.eu-north-1.amazonaws.com
from: "WIPE #7 <no-reply@wipozaekranem.pl>" from: "WIPE #7 <no-reply@wipozaekranem.pl>"
@ -148,7 +158,7 @@ service_config:
62643132313336356365313465353263626565616434633963343764653330316566613633633638 62643132313336356365313465353263626565616434633963343764653330316566613633633638
623838613832393239343036396439383561 623838613832393239343036396439383561
cojedzie: cojedzie:
cojedzie_version: '2022.3.1' cojedzie_version: "2022.3.1"
cojedzie_gtm: GTM-TQNX386 cojedzie_gtm: GTM-TQNX386
cojedzie_database: cojedzie_database:
name: cojedzie name: cojedzie