av/pet-project-server
1
0
Fork 0
Code Pull Requests Activity

Remove old playbooks and configs

Browse Source
This commit is contained in:
Anton Vakhrushev 2025-05-04 11:05:18 +03:00
parent 528512e665
commit c6db39b55a
Signed by: av
GPG Key ID: F5BF52FC352E255A
6 changed files with 15 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
README.md
View File

@ -3,12 +3,11 @@
Настройки виртуального сервера для домашних проектов.
> В этом проекте не самые оптимальные решения.
> Но они помогают мне поддерживать сервер для моих личных проектов уже семь лет.
> Но они помогают мне поддерживать сервер для моих личных проектов уже много лет.
## Требования
- [ansible](https://docs.ansible.com/ansible/latest/getting_started/index.html)
- [invoke](https://www.pyinvoke.org/)
- [task](https://taskfile.dev/)
- [yq](https://github.com/mikefarah/yq)
@ -21,7 +20,7 @@ $ ansible-galaxy install --role-file requirements.yml
## Структура
- Для каждого приложения создается свой пользователь.
- Для каждого приложения создается свой пользователь (опционально).
- Для доступа используется ssh-ключ.
- Докер используется для запуска и изоляции приложений. Для загрузки образов настраивается Yandex Docker Registry.
- Выход во внешнюю сеть через proxy server [Caddy](https://caddyserver.com/).
@ -32,30 +31,10 @@ $ ansible-galaxy install --role-file requirements.yml
В организации Яндекс: https://admin.yandex.ru/domains/vakhrushev.me?action=set_dns&uid=46045840
## Частые команды
Конфигурация приложений (если нужно добавить новое приложение):
```bash
$ task configure-apps
```
Конфигурация мониторинга (если нужно обновить netdata):
```bash
$ task configure-monitoring
```
## Деплой приложений
Доступные для деплоя приложения:
Деплой всех приложений через ansible:
```bash
invoke --list
```
Выполнить команду деплоя, например:
```bash
invoke deploy:gitea
ansible-playbook -i production.yml --diff playbook-gitea.yml
```

28
Vagrantfile vendored
View File

@ -1,28 +0,0 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# Этот файл предназначен для запуска тестовой виртуальной машины,
# на которой можно обкатать роли для настройки сервера.
ENV["LC_ALL"] = "en_US.UTF-8"
Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/bionic64"
config.vm.provider "virtualbox" do |v|
v.memory = 2048
v.cpus = 2
end
config.vm.network "private_network", ip: "192.168.50.10"
# Приватный ключ для доступа к машине
config.vm.provision "shell" do |s|
ssh_pub_key = File.readlines("#{Dir.home}/.ssh/id_rsa.pub").first.strip
s.inline = <<-SHELL
echo #{ssh_pub_key} >> /home/vagrant/.ssh/authorized_keys
echo #{ssh_pub_key} >> /root/.ssh/authorized_keys
SHELL
end
end

17
files/keep-files.py
View File

@ -5,10 +5,13 @@ import argparse
def main():
parser = argparse.ArgumentParser(description='Retain specified number of files in a directory sorted by name, delete others.')
parser.add_argument('directory', type=str, help='Path to target directory')
parser.add_argument('--keep', type=int, default=2,
help='Number of files to retain (default: 2)')
parser = argparse.ArgumentParser(
description="Retain specified number of files in a directory sorted by name, delete others."
)
parser.add_argument("directory", type=str, help="Path to target directory")
parser.add_argument(
"--keep", type=int, default=2, help="Number of files to retain (default: 2)"
)
args = parser.parse_args()
# Validate arguments
@ -27,10 +30,10 @@ def main():
# Sort files alphabetically
sorted_files = sorted(files)
# Identify files to delete
to_delete = sorted_files[:-args.keep] if args.keep > 0 else sorted_files.copy()
to_delete = sorted_files[: -args.keep] if args.keep > 0 else sorted_files.copy()
# Delete files and print results
for filename in to_delete:
filepath = os.path.join(args.directory, filename)

1
files/yandex-docker-registry-auth.sh
View File

@ -1,5 +1,6 @@
#!/usr/bin/env sh
# Must be executed for every user
# See https://cloud.yandex.ru/docs/container-registry/tutorials/run-docker-on-vm#run
set -eu

79
playbook-configuration.yml
View File

@ -1,79 +0,0 @@
---
- hosts: all
vars_files:
- vars/ports.yml
- vars/vars.yml
tasks:
# Applications
- ansible.builtin.import_role:
name: docker-app
vars:
username: keycloak
extra_groups:
- docker
ssh_keys:
- '{{ lookup("file", "files/av_id_rsa.pub") }}'
env:
PROJECT_NAME: keycloak
DOCKER_PREFIX: keycloak
IMAGE_PREFIX: keycloak
CONTAINER_PREFIX: keycloak
WEB_SERVER_PORT: "127.0.0.1:{{ keycloak_port }}"
KEYCLOAK_ADMIN: "{{ keycloak.admin_login }}"
KEYCLOAK_ADMIN_PASSWORD: "{{ keycloak.admin_password }}"
USER_UID: "{{ uc_result.uid }}"
USER_GID: "{{ uc_result.group }}"
tags:
- apps
- ansible.builtin.import_role:
name: docker-app
vars:
username: outline
extra_groups:
- docker
ssh_keys:
- '{{ lookup("file", "files/av_id_rsa.pub") }}'
env:
PROJECT_NAME: outline
DOCKER_PREFIX: outline
IMAGE_PREFIX: outline
CONTAINER_PREFIX: outline
WEB_SERVER_PORT: "127.0.0.1:{{ outline_port }}"
USER_UID: "{{ uc_result.uid }}"
USER_GID: "{{ uc_result.group }}"
# Postgres
POSTGRES_USER: "{{ outline.postgres_user }}"
POSTGRES_PASSWORD: "{{ outline.postgres_password }}"
POSTGRES_DB: "outline"
# See sample https://github.com/outline/outline/blob/main/.env.sample
NODE_ENV: "production"
SECRET_KEY: "{{ outline.secret_key }}"
UTILS_SECRET: "{{ outline.utils_secret }}"
DATABASE_URL: "postgres://{{ outline.postgres_user }}:{{ outline.postgres_password }}@postgres:5432/outline"
PGSSLMODE: "disable"
REDIS_URL: "redis://redis:6379"
URL: "https://outline.vakhrushev.me"
FILE_STORAGE: "s3"
AWS_ACCESS_KEY_ID: "{{ outline.s3_access_key }}"
AWS_SECRET_ACCESS_KEY: "{{ outline.s3_secret_key }}"
AWS_REGION: "ru-central1"
AWS_S3_ACCELERATE_URL: ""
AWS_S3_UPLOAD_BUCKET_URL: "https://storage.yandexcloud.net"
AWS_S3_UPLOAD_BUCKET_NAME: "av-outline-wiki"
AWS_S3_FORCE_PATH_STYLE: "true"
AWS_S3_ACL: "private"
OIDC_CLIENT_ID: "{{ outline.oidc_client_id }}"
OIDC_CLIENT_SECRET: "{{ outline.oidc_client_secret }}"
OIDC_AUTH_URI: "https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/auth"
OIDC_TOKEN_URI: "https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/token"
OIDC_USERINFO_URI: "https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/userinfo"
OIDC_LOGOUT_URI: "https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/logout"
OIDC_USERNAME_CLAIM: "email"
OIDC_DISPLAY_NAME: "KK"
tags:
- apps

57
tasks.py
View File

@ -1,57 +0,0 @@
import os
import shlex
import fabric
from invoke import task
SERVER_HOST_FILE = "hosts_prod"
DOKER_REGISTRY = "cr.yandex/crplfk0168i4o8kd7ade"
@task(name="deploy:gitea")
def deploy_gitea(context):
deploy("gitea", dirs=["data"])
@task(name="deploy:keycloak")
def deploy_keykloak(context):
deploy("keycloak", compose_file="docker-compose.prod.yml", dirs=["data"])
@task(name="deploy:outline")
def deploy_outline(context):
deploy("outline", compose_file="docker-compose.prod.yml", dirs=["data/postgres"])
def read_host():
with open(SERVER_HOST_FILE) as f:
return f.read().strip()
def ssh_host(app_name):
return f"{app_name}@{read_host()}"
def deploy(app_name: str, compose_file="docker-compose.yml", dirs=None):
docker_compose = os.path.join("app", app_name, compose_file)
assert os.path.exists(docker_compose)
conn_str = ssh_host(app_name)
dirs = dirs or []
print("Deploy app from", docker_compose)
print("Start setup remote host", conn_str)
with fabric.Connection(conn_str) as c:
print("Copy docker compose file to remote host")
c.put(
local=docker_compose,
remote=f"/home/{app_name}/docker-compose.yml",
)
print("Copy environment file")
c.run("cp .env .env.prod")
for d in dirs:
print("Create remote directory", d)
c.run(f"mkdir -p {d}")
print("Up services")
c.run(
f"docker compose --project-name {shlex.quote(app_name)} --env-file=.env.prod up --detach --remove-orphans"
)
c.run(f"docker system prune --all --volumes --force")
print("Done.")