diff --git a/Makefile b/Makefile index 2fe589d..c5aab5d 100644 --- a/Makefile +++ b/Makefile @@ -6,48 +6,53 @@ install-roles: rebuild-test-machine: vagrant destroy -f && vagrant up -configure: - ansible-playbook \ - --inventory "ansible/hosts_prod" \ - --extra-vars='ansible_python_interpreter=/usr/bin/python3' \ - --user=av \ - --ask-become-pass \ - ansible/configuration.yml +PLAYBOOK := ansible/configuration.yml +STAGE := vagrant -configure-web-server: +ifeq ($(STAGE), prod) + ANSIBLE_HOST_KEY_CHECKING := True + INVENTORY := ansible/hosts_prod + USER_ARGS := --user="av" --ask-become-pass +else + ANSIBLE_HOST_KEY_CHECKING := False + INVENTORY := ansible/hosts_vagrant + USER_ARGS := --user="root" +endif + +ifneq ($(TAGS),) + TAGS_ARGS := --tags="$(TAGS)" +else + TAGS_ARGS := +endif + +configure: + ANSIBLE_HOST_KEY_CHECKING=$(ANSIBLE_HOST_KEY_CHECKING) \ ansible-playbook \ - --inventory "ansible/hosts_prod" \ + $(USER_ARGS) \ + $(TAGS_ARGS) \ + --inventory="$(INVENTORY)" \ --extra-vars='ansible_python_interpreter=/usr/bin/python3' \ - --user=av \ - --ask-become-pass \ - --tags webserver \ - ansible/configuration.yml + $(PLAYBOOK) + +configure-env: + $(MAKE) configure TAGS="env" dry-run: + ANSIBLE_HOST_KEY_CHECKING=$(ANSIBLE_HOST_KEY_CHECKING) \ ansible-playbook \ - --inventory "ansible/hosts_prod" \ + $(USER_ARGS) \ + $(TAGS_ARGS) \ + --inventory="$(INVENTORY)" \ --extra-vars='ansible_python_interpreter=/usr/bin/python3' \ - --user=av \ - --ask-become-pass \ --check \ --diff \ - ansible/configuration.yml + $(PLAYBOOK) -configure-test: - ANSIBLE_HOST_KEY_CHECKING=False \ +list-tags: ansible-playbook \ - --inventory="ansible/hosts_vagrant" \ - --extra-vars="ansible_python_interpreter=/usr/bin/python3" \ - --user="root" \ - --tags="webserver,apps" \ - ansible/amber.yml - -configure-test-list-tags: - ANSIBLE_HOST_KEY_CHECKING=False \ - ansible-playbook \ - --inventory="ansible/hosts_vagrant" \ + --inventory="$(INVENTORY)" \ --list-tags \ - ansible/amber.yml + $(PLAYBOOK) lint: ansible-lint "./ansible/configuration.yml" --exclude="./ansible/galaxy.roles/" -v || true diff --git a/ansible/amber.yml b/ansible/amber.yml deleted file mode 100644 index c113741..0000000 --- a/ansible/amber.yml +++ /dev/null @@ -1,64 +0,0 @@ ---- -- hosts: all - - tasks: - - - name: 'Install additional packages.' - apt: - name: '{{ packages }}' - update_cache: yes - vars: - packages: - - python3-pip - - - import_role: - name: yatesr.timezone - vars: - timezone: UTC - - - import_role: - name: geerlingguy.security - vars: - security_ssh_permit_root_login: "yes" - security_autoupdate_enabled: false - security_fail2ban_enabled: false - - - name: 'Install python docker lib.' - pip: - name: docker - - - import_role: - name: geerlingguy.docker - vars: - docker_users: - - homepage - - - import_role: - name: antoiner77.caddy - vars: - caddy_config: '{{ lookup("template", "templates/Caddyfile.j2") }}' - caddy_setcap: True - caddy_systemd_capabilities_enabled: True - caddy_systemd_capabilities: "CAP_NET_BIND_SERVICE" - tags: - - webserver - - - import_role: - name: netdata - tags: - - monitoring - - # Applications - - - import_role: - name: docker-app - vars: - username: homepage - extra_groups: - - www-data - ssh_keys: - - '{{ lookup("file", "files/av_id_rsa.pub") }}' - env: - DOCKER_PREFIX: homepage - tags: - - apps diff --git a/ansible/configuration.yml b/ansible/configuration.yml index 2aaf917..c113741 100644 --- a/ansible/configuration.yml +++ b/ansible/configuration.yml @@ -1,60 +1,64 @@ --- - hosts: all - become: true - vars: - deploy_user: deployer + tasks: - timezone: UTC + - name: 'Install additional packages.' + apt: + name: '{{ packages }}' + update_cache: yes + vars: + packages: + - python3-pip - # nginx settings + - import_role: + name: yatesr.timezone + vars: + timezone: UTC - nginx_remove_default_vhost: true + - import_role: + name: geerlingguy.security + vars: + security_ssh_permit_root_login: "yes" + security_autoupdate_enabled: false + security_fail2ban_enabled: false - # php settings + - name: 'Install python docker lib.' + pip: + name: docker - php_version: '7.1' - php_packages_extra: - - 'php{{ php_version }}' - - 'php{{ php_version }}-curl' - - 'php{{ php_version }}-gd' - - 'php{{ php_version }}-fpm' - - 'php{{ php_version }}-mbstring' - - 'php{{ php_version }}-xml' - - 'php{{ php_version }}-intl' - - 'php{{ php_version }}-zip' - - 'php{{ php_version }}-mysql' - php_webserver_daemon: nginx - php_enable_php_fpm: true - php_date_timezone: '{{ timezone }}' + - import_role: + name: geerlingguy.docker + vars: + docker_users: + - homepage - pre_tasks: - - name: Install system packages - apt: pkg={{ item }} state=latest - with_items: - - curl - - git - - make - - python-software-properties - - wget - - zip - - name: Ensure that PHP PPA is added. - apt_repository: repo=ppa:ondrej/php state=present - - name: Update apt cache - apt: update_cache=yes cache_valid_time=86400 - - name: Add deploy user - user: - name: '{{ deploy_user }}' - groups: www-data - - roles: - - name: yatesr.timezone - - name: geerlingguy.nginx + - import_role: + name: antoiner77.caddy + vars: + caddy_config: '{{ lookup("template", "templates/Caddyfile.j2") }}' + caddy_setcap: True + caddy_systemd_capabilities_enabled: True + caddy_systemd_capabilities: "CAP_NET_BIND_SERVICE" tags: - webserver - - name: geerlingguy.php-versions - - name: geerlingguy.php - - homepage -# - s2photo -# - notes + - import_role: + name: netdata + tags: + - monitoring + + # Applications + + - import_role: + name: docker-app + vars: + username: homepage + extra_groups: + - www-data + ssh_keys: + - '{{ lookup("file", "files/av_id_rsa.pub") }}' + env: + DOCKER_PREFIX: homepage + tags: + - apps diff --git a/ansible/roles/netdata/tasks/main.yml b/ansible/roles/netdata/tasks/main.yml index 37c679a..3579d17 100644 --- a/ansible/roles/netdata/tasks/main.yml +++ b/ansible/roles/netdata/tasks/main.yml @@ -19,4 +19,4 @@ security_opts: - 'apparmor:unconfined' env: - PGID: '{{ docker_group.stdout }}' + PGID: '{{ docker_group.stdout|default(999) }}'