Move all ansible files to root

2024-12-21 13:08:20 +03:00
parent 9776f79432
commit 42dbf8e19f
20 changed files with 2 additions and 2 deletions
--- a/roles/docker-app/files/yandex-docker-registry-auth.sh
+++ b/roles/docker-app/files/yandex-docker-registry-auth.sh
@ -0,0 +1,11 @@
+#!/usr/bin/env sh
+
+# See https://cloud.yandex.ru/docs/container-registry/tutorials/run-docker-on-vm#run
+
+set -eu
+
+curl --silent --show-error -H Metadata-Flavor:Google 169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token | \
+    cut -f1 -d',' | \
+    cut -f2 -d':' | \
+    tr -d '"' | \
+    docker login --username iam --password-stdin cr.yandex
--- a/roles/docker-app/tasks/main.yml
+++ b/roles/docker-app/tasks/main.yml
@ -0,0 +1,24 @@
+---
+- name: 'Create owner.'
+  import_role:
+    name: owner
+  vars:
+    owner_name: '{{ username }}'
+    owner_group: '{{ username }}'
+    owner_extra_groups: '{{ extra_groups | default([]) }}'
+    owner_ssh_keys: '{{ ssh_keys | default([]) }}'
+    owner_env: '{{ env | default({}) }}'
+
+- name: 'Create web dir.'
+  file:
+    path: '/var/www/{{ username }}'
+    state: directory
+    owner: '{{ username }}'
+    group: '{{ username }}'
+    recurse: True
+
+- name: 'Login to yandex docker registry.'
+  ansible.builtin.script:
+    cmd: 'files/yandex-docker-registry-auth.sh'
+  become: yes
+  become_user: '{{ username }}'
--- a/roles/netdata/defaults/main.yml
+++ b/roles/netdata/defaults/main.yml
@ -0,0 +1,4 @@
+---
+netdata_version: 'v2.0.0'
+netdata_image: 'netdata/netdata:{{ netdata_version }}'
+netdata_exposed_port: '19999'
--- a/roles/netdata/tasks/main.yml
+++ b/roles/netdata/tasks/main.yml
@ -0,0 +1,36 @@
+---
+- name: 'Grab docker group id.'
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      grep docker /etc/group | cut -d ':' -f 3
+    executable: /bin/bash
+  register: netdata_docker_group_output
+  changed_when: netdata_docker_group_output.rc != 0
+
+- name: 'Create NetData container from {{ netdata_image }}'
+  community.docker.docker_container:
+    name: netdata
+    image: '{{ netdata_image }}'
+    image_name_mismatch: 'recreate'
+    restart_policy: 'always'
+    published_ports:
+      - '127.0.0.1:{{ netdata_exposed_port }}:19999'
+    volumes:
+      - '/:/host/root:ro,rslave'
+      - '/etc/group:/host/etc/group:ro'
+      - '/etc/localtime:/etc/localtime:ro'
+      - '/etc/os-release:/host/etc/os-release:ro'
+      - '/etc/passwd:/host/etc/passwd:ro'
+      - '/proc:/host/proc:ro'
+      - '/run/dbus:/run/dbus:ro'
+      - '/sys:/host/sys:ro'
+      - '/var/log:/host/var/log:ro'
+      - '/var/run/docker.sock:/var/run/docker.sock:ro'
+    capabilities:
+      - 'SYS_PTRACE'
+      - 'SYS_ADMIN'
+    security_opts:
+      - 'apparmor:unconfined'
+    env:
+      PGID: '{{ netdata_docker_group_output.stdout | default(999) }}'
--- a/roles/owner/defaults/main.yml
+++ b/roles/owner/defaults/main.yml
@ -0,0 +1,5 @@
+---
+owner_name: ''
+owner_group: '{{ owner_name }}'
+owner_ssh_keys: []
+owner_env: {}
--- a/roles/owner/tasks/main.yml
+++ b/roles/owner/tasks/main.yml
@ -0,0 +1,60 @@
+---
+- name: 'Check app requirements for user "{{ owner_name }}".'
+  fail:
+    msg: You must set owner name.
+  when: not owner_name
+
+- name: 'Create group "{{ owner_group }}".'
+  group:
+    name: '{{ owner_group }}'
+    state: present
+
+- name: 'Create user "{{ owner_name }}".'
+  user:
+    name: '{{ owner_name }}'
+    group: '{{ owner_group }}'
+    groups: '{{ owner_extra_groups }}'
+    shell: /bin/bash
+  register: uc_result
+
+- name: 'Set up user ssh keys for user "{{ owner_name }}".'
+  authorized_key:
+    user: '{{ owner_name }}'
+    key: '{{ item }}'
+    state: present
+  with_items: '{{ owner_ssh_keys }}'
+  when: owner_ssh_keys | length > 0
+
+- name: 'Prepare env variables.'
+  set_fact:
+    env_dict: '{{ owner_env | combine({
+      "CURRENT_UID": uc_result.uid | default(owner_name),
+      "CURRENT_GID": uc_result.group | default(owner_group) }) }}'
+  tags:
+    - env
+
+- name: 'Set up environment variables for user "{{ owner_name }}".'
+  template:
+    src: env.j2
+    dest: '/home/{{ owner_name }}/.env'
+    owner: '{{ owner_name }}'
+    group: '{{ owner_group }}'
+  tags:
+    - env
+
+- name: 'Remove absent environment variables for user "{{ owner_name }}" from bashrc.'
+  lineinfile:
+    path: '/home/{{ owner_name }}/.bashrc'
+    regexp: '^export {{ item.key }}='
+    state: absent
+  with_dict: '{{ env_dict }}'
+  tags:
+    - env
+
+- name: 'Include environment variables for user "{{ owner_name }}" in bashrc.'
+  lineinfile:
+    path: '/home/{{ owner_name }}/.bashrc'
+    regexp: '^export \$\(grep -v'
+    line: 'export $(grep -v "^#" "$HOME"/.env | xargs)'
+  tags:
+    - env
--- a/roles/owner/templates/env.j2
+++ b/roles/owner/templates/env.j2
@ -0,0 +1,3 @@
+{% for name in env_dict.keys() | sort %}
+{{ name }}={{ env_dict[name] }}
+{% endfor %}