Compare commits
No commits in common. "7241cca4fbbbd966d1f8c175be0ea817dfbb708c" and "98a1087e84d678a11b2908739895de781aa9db1d" have entirely different histories.
7241cca4fb
...
98a1087e84
62
Taskfile.yml
62
Taskfile.yml
@ -7,24 +7,70 @@ vars:
|
|||||||
sh: 'id -u'
|
sh: 'id -u'
|
||||||
GROUP_ID:
|
GROUP_ID:
|
||||||
sh: 'id -g'
|
sh: 'id -g'
|
||||||
HOSTS_FILE: 'production.yml'
|
HOSTS_FILE: 'ansible/hosts_prod'
|
||||||
REMOTE_USER:
|
REMOTE_USER: 'major'
|
||||||
sh: 'yq .ungrouped.hosts.server.ansible_user {{.HOSTS_FILE}}'
|
|
||||||
REMOTE_HOST:
|
REMOTE_HOST:
|
||||||
sh: 'yq .ungrouped.hosts.server.ansible_host {{.HOSTS_FILE}}'
|
sh: 'cat {{.HOSTS_FILE}} | xargs'
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
ssh:
|
ssh:
|
||||||
cmds:
|
cmds:
|
||||||
- ssh {{.REMOTE_USER}}@{{.REMOTE_HOST}}
|
- ssh {{.REMOTE_USER}}@{{.REMOTE_HOST}}
|
||||||
|
|
||||||
edit-vars:
|
edit-vars:
|
||||||
cmds:
|
cmds:
|
||||||
- ansible-vault edit vars/vars.yml
|
- ansible-vault edit ansible/vars/vars.yml
|
||||||
env:
|
env:
|
||||||
EDITOR: micro
|
EDITOR: micro
|
||||||
|
|
||||||
|
list-tags:
|
||||||
|
cmds:
|
||||||
|
- >-
|
||||||
|
ansible-playbook
|
||||||
|
--inventory="{{.HOSTS_FILE}}"
|
||||||
|
--list-tags
|
||||||
|
ansible/configuration.yml
|
||||||
|
|
||||||
|
configure:
|
||||||
|
internal: true
|
||||||
|
vars:
|
||||||
|
TAGS: '{{ (empty .TAGS) | ternary "" (list "--tags=\"" .TAGS "\"" | join "") }}'
|
||||||
|
cmds:
|
||||||
|
- >-
|
||||||
|
ansible-playbook
|
||||||
|
--become
|
||||||
|
--user="{{.REMOTE_USER}}"
|
||||||
|
--inventory="{{.HOSTS_FILE}}"
|
||||||
|
--extra-vars="ansible_python_interpreter=/usr/bin/python3"
|
||||||
|
{{.TAGS}}
|
||||||
|
ansible/configuration.yml
|
||||||
|
|
||||||
|
configure-all:
|
||||||
|
cmds:
|
||||||
|
- task: configure
|
||||||
|
|
||||||
|
configure-monitoring:
|
||||||
|
cmds:
|
||||||
|
- task: configure
|
||||||
|
vars: { TAGS: 'monitoring' }
|
||||||
|
|
||||||
|
configure-apps:
|
||||||
|
cmds:
|
||||||
|
- task: configure
|
||||||
|
vars: { TAGS: 'webserver,apps,env' }
|
||||||
|
|
||||||
|
configure-users:
|
||||||
|
cmds:
|
||||||
|
- task: configure
|
||||||
|
vars: { TAGS: 'apps,env' }
|
||||||
|
|
||||||
format-py-files:
|
format-py-files:
|
||||||
cmds:
|
cmds:
|
||||||
- >-
|
- >-
|
||||||
docker run --rm -u {{.USER_ID}}:{{.GROUP_ID}} -v $PWD:/app -w /app pyfound/black:latest_release black .
|
docker run
|
||||||
|
--rm
|
||||||
|
-u {{.USER_ID}}:{{.GROUP_ID}}
|
||||||
|
-v $PWD:/app
|
||||||
|
-w /app
|
||||||
|
pyfound/black:latest_release
|
||||||
|
black .
|
||||||
|
|||||||
1
hosts_prod
Normal file
1
hosts_prod
Normal file
@ -0,0 +1 @@
|
|||||||
|
158.160.46.255
|
||||||
@ -1,27 +0,0 @@
|
|||||||
---
|
|
||||||
- name: 'Install and configure Caddy server'
|
|
||||||
hosts: all
|
|
||||||
|
|
||||||
vars_files:
|
|
||||||
- vars/ports.yml
|
|
||||||
- vars/vars.yml
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
|
|
||||||
- name: 'Ensure networkd service is started (required by Caddy).'
|
|
||||||
ansible.builtin.systemd:
|
|
||||||
name: systemd-networkd
|
|
||||||
state: started
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
- name: 'Install and configure Caddy server'
|
|
||||||
ansible.builtin.import_role:
|
|
||||||
name: caddy_ansible.caddy_ansible
|
|
||||||
vars:
|
|
||||||
caddy_github_token: '{{ caddy_vars.github_token }}'
|
|
||||||
caddy_config: '{{ lookup("template", "templates/Caddyfile.j2") }}'
|
|
||||||
caddy_setcap: true
|
|
||||||
caddy_systemd_capabilities_enabled: true
|
|
||||||
caddy_systemd_capabilities: "CAP_NET_BIND_SERVICE"
|
|
||||||
# Поменяй на true, чтобы обновить Caddy
|
|
||||||
caddy_update: false
|
|
||||||
@ -7,6 +7,26 @@
|
|||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
|
|
||||||
|
- name: 'Ensure networkd service is started (required by Caddy).'
|
||||||
|
systemd:
|
||||||
|
name: systemd-networkd
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
tags:
|
||||||
|
- webserver
|
||||||
|
|
||||||
|
- import_role:
|
||||||
|
name: caddy_ansible.caddy_ansible
|
||||||
|
vars:
|
||||||
|
caddy_github_token: '{{ caddy_vars.github_token }}'
|
||||||
|
caddy_config: '{{ lookup("template", "templates/Caddyfile.j2") }}'
|
||||||
|
caddy_update: False
|
||||||
|
caddy_setcap: True
|
||||||
|
caddy_systemd_capabilities_enabled: True
|
||||||
|
caddy_systemd_capabilities: "CAP_NET_BIND_SERVICE"
|
||||||
|
tags:
|
||||||
|
- webserver
|
||||||
|
|
||||||
# Applications
|
# Applications
|
||||||
|
|
||||||
- import_role:
|
- import_role:
|
||||||
|
|||||||
@ -1,27 +0,0 @@
|
|||||||
---
|
|
||||||
- name: 'Update and upgrade system packages'
|
|
||||||
hosts: all
|
|
||||||
|
|
||||||
vars_files:
|
|
||||||
- vars/ports.yml
|
|
||||||
- vars/vars.yml
|
|
||||||
|
|
||||||
vars:
|
|
||||||
user_name: '<put-name-here>'
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
- name: 'Remove user "{{ user_name }}"'
|
|
||||||
ansible.builtin.user:
|
|
||||||
name: '{{ user_name }}'
|
|
||||||
state: absent
|
|
||||||
remove: true
|
|
||||||
|
|
||||||
- name: 'Remove group "{{ user_name }}"'
|
|
||||||
ansible.builtin.group:
|
|
||||||
name: '{{ user_name }}'
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
- name: 'Remove web dir'
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: '/var/www/{{ user_name }}'
|
|
||||||
state: absent
|
|
||||||
@ -10,7 +10,6 @@
|
|||||||
apt_packages:
|
apt_packages:
|
||||||
- acl
|
- acl
|
||||||
- git
|
- git
|
||||||
- htop
|
|
||||||
- python3-pip
|
- python3-pip
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
|
|||||||
@ -10,18 +10,18 @@
|
|||||||
- name: Perform an upgrade of packages
|
- name: Perform an upgrade of packages
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
upgrade: 'yes'
|
upgrade: 'yes'
|
||||||
update_cache: true
|
update_cache: yes
|
||||||
|
|
||||||
- name: Check if a reboot is required
|
- name: Check if a reboot is required
|
||||||
ansible.builtin.stat:
|
ansible.builtin.stat:
|
||||||
path: /var/run/reboot-required
|
path: /var/run/reboot-required
|
||||||
get_checksum: false
|
get_checksum: no
|
||||||
register: reboot_required_file
|
register: reboot_required_file
|
||||||
|
|
||||||
- name: Reboot the server (if required)
|
- name: Reboot the server (if required)
|
||||||
ansible.builtin.reboot:
|
ansible.builtin.reboot:
|
||||||
when: reboot_required_file.stat.exists
|
when: reboot_required_file.stat.exists == true
|
||||||
|
|
||||||
- name: Remove dependencies that are no longer required
|
- name: Remove dependencies that are no longer required
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
autoremove: true
|
autoremove: yes
|
||||||
|
|||||||
@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
ungrouped:
|
|
||||||
hosts:
|
|
||||||
server:
|
|
||||||
ansible_host: '158.160.46.255'
|
|
||||||
ansible_user: 'major'
|
|
||||||
ansible_become: true
|
|
||||||
4
tasks.py
4
tasks.py
@ -53,5 +53,7 @@ def deploy(app_name: str, compose_file="docker-compose.yml", dirs=None):
|
|||||||
c.run(
|
c.run(
|
||||||
f"docker compose --project-name {shlex.quote(app_name)} --env-file=.env.prod up --detach --remove-orphans"
|
f"docker compose --project-name {shlex.quote(app_name)} --env-file=.env.prod up --detach --remove-orphans"
|
||||||
)
|
)
|
||||||
c.run(f"docker system prune --all --volumes --force")
|
c.run(
|
||||||
|
f"docker system prune --all --volumes --force"
|
||||||
|
)
|
||||||
print("Done.")
|
print("Done.")
|
||||||
|
|||||||
@ -7,9 +7,18 @@
|
|||||||
}
|
}
|
||||||
|
|
||||||
# -------------------------------------------------------------------
|
# -------------------------------------------------------------------
|
||||||
# Netdata service
|
# Proxy services
|
||||||
# -------------------------------------------------------------------
|
# -------------------------------------------------------------------
|
||||||
|
|
||||||
|
vakhrushev.me {
|
||||||
|
tls anwinged@ya.ru
|
||||||
|
|
||||||
|
reverse_proxy {
|
||||||
|
to 127.0.0.1:{{ homepage_port }}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# NetData proxy
|
||||||
status.vakhrushev.me, :29999 {
|
status.vakhrushev.me, :29999 {
|
||||||
tls anwinged@ya.ru
|
tls anwinged@ya.ru
|
||||||
|
|
||||||
@ -22,15 +31,27 @@ status.vakhrushev.me, :29999 {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# -------------------------------------------------------------------
|
wiki.vakhrushev.me {
|
||||||
# Applications
|
|
||||||
# -------------------------------------------------------------------
|
|
||||||
|
|
||||||
vakhrushev.me {
|
|
||||||
tls anwinged@ya.ru
|
tls anwinged@ya.ru
|
||||||
|
|
||||||
reverse_proxy {
|
reverse_proxy {
|
||||||
to 127.0.0.1:{{ homepage_port }}
|
to 127.0.0.1:{{ wiki_port }}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
nomie.vakhrushev.me {
|
||||||
|
tls anwinged@ya.ru
|
||||||
|
|
||||||
|
reverse_proxy {
|
||||||
|
to 127.0.0.1:{{ nomie_port }}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
nomie-db.vakhrushev.me {
|
||||||
|
tls anwinged@ya.ru
|
||||||
|
|
||||||
|
reverse_proxy {
|
||||||
|
to 127.0.0.1:{{ nomie_db_port }}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user