diff --git a/README.md b/README.md index f89566a..19645f6 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ ```bash $ cp ansible-vault-password-file.dist ansible-vault-password-file -$ ansible-galaxy install --role-file ansible/requirements.yml +$ ansible-galaxy install --role-file requirements.yml ``` ## Структура @@ -24,7 +24,7 @@ $ ansible-galaxy install --role-file ansible/requirements.yml - Для доступа используется ssh-ключ. - Докер используется для запуска и изоляции приложений. Для загрузки образов настраивается Yandex Docker Registry. - Выход во внешнюю сеть через proxy server [Caddy](https://caddyserver.com/). -- Чувствительные данные в `ansible/vars/vars.yaml` зашифрованы с помощью Ansible Vault. +- Чувствительные данные в `vars/vars.yaml` зашифрованы с помощью Ansible Vault. - Для мониторинга за сервером устанавливается [netdata](https://github.com/netdata/netdata). ## Частые команды diff --git a/playbook-configuration.yml b/playbook-configuration.yml index 10c1091..9e97258 100644 --- a/playbook-configuration.yml +++ b/playbook-configuration.yml @@ -7,21 +7,6 @@ tasks: - - - name: 'Install python docker lib.' - pip: - name: docker - tags: - - docker - - - import_role: - name: geerlingguy.docker - vars: - docker_users: - - major - tags: - - docker - - name: 'Ensure networkd service is started (required by Caddy).' systemd: name: systemd-networkd @@ -42,14 +27,6 @@ tags: - webserver - - import_role: - name: netdata - vars: - netdata_version: 'v2.0.0' - netdata_exposed_port: '{{ netdata_port }}' - tags: - - monitoring - # Applications - import_role: diff --git a/playbook-docker.yml b/playbook-docker.yml new file mode 100644 index 0000000..3408747 --- /dev/null +++ b/playbook-docker.yml @@ -0,0 +1,25 @@ +--- +- name: 'Configure docker parameters' + hosts: all + + vars_files: + - vars/ports.yml + - vars/vars.yml + + tasks: + + - name: 'Install python docker lib from pip' + ansible.builtin.pip: + name: docker + + - name: 'Install docker' + ansible.builtin.import_role: + name: geerlingguy.docker + vars: + docker_edition: 'ce' + docker_packages: + - "docker-{{ docker_edition }}" + - "docker-{{ docker_edition }}-cli" + - "docker-{{ docker_edition }}-rootless-extras" + docker_users: + - major diff --git a/playbook-upgrade.yml b/playbook-upgrade.yml new file mode 100644 index 0000000..8802c2e --- /dev/null +++ b/playbook-upgrade.yml @@ -0,0 +1,27 @@ +--- +- name: 'Update and upgrade system packages' + hosts: all + + vars_files: + - vars/ports.yml + - vars/vars.yml + + tasks: + - name: Perform an upgrade of packages + ansible.builtin.apt: + upgrade: 'yes' + update_cache: yes + + - name: Check if a reboot is required + ansible.builtin.stat: + path: /var/run/reboot-required + get_checksum: no + register: reboot_required_file + + - name: Reboot the server (if required) + ansible.builtin.reboot: + when: reboot_required_file.stat.exists == true + + - name: Remove dependencies that are no longer required + ansible.builtin.apt: + autoremove: yes diff --git a/requirements.yml b/requirements.yml index a5b0fb6..2892d97 100644 --- a/requirements.yml +++ b/requirements.yml @@ -6,7 +6,7 @@ version: 2.4.0 - src: geerlingguy.docker - version: 6.1.0 + version: 7.4.3 - src: caddy_ansible.caddy_ansible version: v3.2.0