python-tdd/infra/deploy-playbook.yaml

- hosts: all

  tasks:
    - name: Debug django_allowed_host
      debug:
        var: django_allowed_host

    - name: Install docker
      ansible.builtin.apt:
        name: docker.io
        state: latest
        update_cache: true
      become: true

    - name: Install nginx
      ansible.builtin.apt:
        name: nginx
        state: latest
      become: true

    - name: Deploy nginx config
      ansible.builtin.template:
        src: nginx.conf.j2
        dest: /etc/nginx/sites-available/gamearray
      become: true
      notify: Restart nginx

    - name: Enable nginx site
      ansible.builtin.file:
        src: /etc/nginx/sites-available/gamearray
        dest: /etc/nginx/sites-enabled/gamearray
        state: link
      become: true
      notify: Restart nginx

    - name: Remove default nginx site
      ansible.builtin.file:
        path: /etc/nginx/sites-enabled/default
        state: absent
      become: true
      notify: Restart nginx

    - name: Add our user to the docker group, so we don't need sudo/become
      ansible.builtin.user:
        name: '{{ ansible_user }}'
        groups: docker
        append: true # don't remove any existing groups
      become: true

    - name: Reset ssh connection to allow the user/group change to take effect
      ansible.builtin.meta: reset_connection

    - name: Ensure .secret-key files exists
      # the intention is that this only happens once per server
      ansible.builtin.copy:
        dest: ~/.secret-key
        content: "{{ lookup('password', '/dev/null length=32 chars=ascii_letters') }}"
        mode: 0600
        force: false # do not recreate file if it already exists

    - name: Read secret key back from file
      ansible.builtin.slurp:
        src: ~/.secret-key
      register: secret_key

    - name: Create /opt/gamearray/ directory
      ansible.builtin.file:
        path: /opt/gamearray
        state: directory
      become: true

    - name: Template gamearray.env to server
      ansible.builtin.template:
        src: gamearray.env.j2
        dest: /opt/gamearray/gamearray.env
        owner: "{{ ansible_user }}"
        mode: "0600"
      become: true

    - name: Template deploy script to server
      ansible.builtin.template:
        src: deploy.sh.j2
        dest: /opt/gamearray/deploy.sh
        mode: "0755"
      become: true

    - name: Login to Gitea container registry
      ansible.builtin.command:
        cmd: docker login gitea.earthmanrpg.me -u discoman -p {{ gitea_registry_token }}
      no_log: true

    - name: Create Docker network
      community.docker.docker_network:
        name: gamearray_net
        state: present

    - name: Create Postgres data volume
      community.docker.docker_volume:
        name: gamearray_postgres_data
        state: present

    - name: Start Postgres container
      community.docker.docker_container:
        name: gamearray_postgres
        image: postgres:16
        state: started
        restart_policy: unless-stopped
        networks:
          - name: gamearray_net
        volumes:
          - gamearray_postgres_data:/var/lib/postgresql/data
        env:
          POSTGRES_DB: gamearray
          POSTGRES_USER: gamearray
          POSTGRES_PASSWORD: "{{ postgres_password }}"

    - name: Run container
      community.docker.docker_container:
        name: gamearray
        image: gitea.earthmanrpg.me/discoman/gamearray:latest
        state: started
        recreate: true
        env:
          DJANGO_DEBUG_FALSE: "1"
          DJANGO_SECRET_KEY: "{{ secret_key.content | b64decode }}"
          DJANGO_ALLOWED_HOST: "{{ django_allowed_host }}"
          DATABASE_URL: "postgresql://gamearray:{{ postgres_password }}@gamearray_postgres/gamearray"
          MAILGUN_API_KEY: "{{  mailgun_api_key }}"
        networks:
          - name: gamearray_net
        ports:
          127.0.0.1:8888:8888

    - name: Create static files directory
      ansible.builtin.file:
        path: /var/www/gamearray/static
        state: directory
        owner: www-data
        group: www-data
      become: true

    - name: Copy static files from container to host
      ansible.builtin.command:
        cmd: docker cp gamearray:/src/static/. /var/www/gamearray/static/
      become: true

    - name: Run migration inside container
      community.docker.docker_container_exec:
        container: gamearray
        command: python manage.py migrate

  handlers:
    - name: Restart nginx
      ansible.builtin.service:
        name: nginx
        state: restarted
      become: true
nginx compatibility added to serve static files on server; whitenoise installed to catch static file serving in local docker container, also added to core.settings middleware; console logs & print statements removed from dashboard.js & functional_tests.container_commands; ansible playbook and nginx config file support nginx w.in deployment workflow 2026-02-08 17:55:09 -05:00			`- hosts: all`
manage.py changed to lf; FTs tweaked to accomodate WSL2 ansible deployment 2026-01-13 20:58:05 -05:00
			`tasks:`
after many diversions and forlorn pivot from copilot to claude, new infra/ structure contains group_vars and ansible vaults; requests added to dev and prod dependencies; apps.lyric.views and core .settings both abandon django's send_mail(); instead incorporate requests to target Mailgun's HTTP API (DigitalOcean's SMTP blocker thwarted previous magic login link email attempts, but this issue has been resol ved with this commit) 2026-02-07 18:58:17 -05:00			`- name: Debug django_allowed_host`
			`debug:`
			`var: django_allowed_host`

manage.py changed to lf; FTs tweaked to accomodate WSL2 ansible deployment 2026-01-13 20:58:05 -05:00			`- name: Install docker`
			`ansible.builtin.apt:`
			`name: docker.io`
			`state: latest`
			`update_cache: true`
			`become: true`

nginx compatibility added to serve static files on server; whitenoise installed to catch static file serving in local docker container, also added to core.settings middleware; console logs & print statements removed from dashboard.js & functional_tests.container_commands; ansible playbook and nginx config file support nginx w.in deployment workflow 2026-02-08 17:55:09 -05:00			`- name: Install nginx`
			`ansible.builtin.apt:`
			`name: nginx`
			`state: latest`
			`become: true`

			`- name: Deploy nginx config`
			`ansible.builtin.template:`
			`src: nginx.conf.j2`
			`dest: /etc/nginx/sites-available/gamearray`
			`become: true`
			`notify: Restart nginx`

			`- name: Enable nginx site`
			`ansible.builtin.file:`
			`src: /etc/nginx/sites-available/gamearray`
			`dest: /etc/nginx/sites-enabled/gamearray`
			`state: link`
			`become: true`
			`notify: Restart nginx`

			`- name: Remove default nginx site`
			`ansible.builtin.file:`
			`path: /etc/nginx/sites-enabled/default`
			`state: absent`
			`become: true`
			`notify: Restart nginx`

manage.py changed to lf; FTs tweaked to accomodate WSL2 ansible deployment 2026-01-13 20:58:05 -05:00			`- name: Add our user to the docker group, so we don't need sudo/become`
			`ansible.builtin.user:`
			`name: '{{ ansible_user }}'`
			`groups: docker`
			`append: true # don't remove any existing groups`
			`become: true`

			`- name: Reset ssh connection to allow the user/group change to take effect`
			`ansible.builtin.meta: reset_connection`

			`- name: Ensure .secret-key files exists`
			`# the intention is that this only happens once per server`
			`ansible.builtin.copy:`
			`dest: ~/.secret-key`
			`content: "{{ lookup('password', '/dev/null length=32 chars=ascii_letters') }}"`
			`mode: 0600`
			`force: false # do not recreate file if it already exists`

			`- name: Read secret key back from file`
			`ansible.builtin.slurp:`
			`src: ~/.secret-key`
			`register: secret_key`

created CD pipeline to complement the existing gitea/woodpecker CI pipeline: build, push to registry, deploy to staging on main 2026-02-13 15:27:59 -05:00			`- name: Create /opt/gamearray/ directory`
			`ansible.builtin.file:`
			`path: /opt/gamearray`
			`state: directory`
			`become: true`

			`- name: Template gamearray.env to server`
			`ansible.builtin.template:`
			`src: gamearray.env.j2`
			`dest: /opt/gamearray/gamearray.env`
renormalized to LF end of line sequences for all files for CD compatibility; created .gitattributes @ project root to manage it; defined {{ ansible_user }} more explicitly in the ansible playbook 2026-02-17 17:48:09 -05:00			`owner: "{{ ansible_user }}"`
created CD pipeline to complement the existing gitea/woodpecker CI pipeline: build, push to registry, deploy to staging on main 2026-02-13 15:27:59 -05:00			`mode: "0600"`
			`become: true`

			`- name: Template deploy script to server`
			`ansible.builtin.template:`
			`src: deploy.sh.j2`
			`dest: /opt/gamearray/deploy.sh`
			`mode: "0755"`
			`become: true`

			`- name: Login to Gitea container registry`
			`ansible.builtin.command:`
			`cmd: docker login gitea.earthmanrpg.me -u discoman -p {{ gitea_registry_token }}`
			`no_log: true`

postgres integration complete thru woodpecker pipeline 2026-02-18 21:12:01 -05:00			`- name: Create Docker network`
			`community.docker.docker_network:`
			`name: gamearray_net`
			`state: present`

			`- name: Create Postgres data volume`
			`community.docker.docker_volume:`
			`name: gamearray_postgres_data`
			`state: present`

			`- name: Start Postgres container`
			`community.docker.docker_container:`
			`name: gamearray_postgres`
			`image: postgres:16`
			`state: started`
			`restart_policy: unless-stopped`
			`networks:`
			`- name: gamearray_net`
			`volumes:`
			`- gamearray_postgres_data:/var/lib/postgresql/data`
			`env:`
			`POSTGRES_DB: gamearray`
			`POSTGRES_USER: gamearray`
			`POSTGRES_PASSWORD: "{{ postgres_password }}"`
manage.py changed to lf; FTs tweaked to accomodate WSL2 ansible deployment 2026-01-13 20:58:05 -05:00
			`- name: Run container`
			`community.docker.docker_container:`
			`name: gamearray`
postgres integration complete thru woodpecker pipeline 2026-02-18 21:12:01 -05:00			`image: gitea.earthmanrpg.me/discoman/gamearray:latest`
manage.py changed to lf; FTs tweaked to accomodate WSL2 ansible deployment 2026-01-13 20:58:05 -05:00			`state: started`
			`recreate: true`
			`env:`
			`DJANGO_DEBUG_FALSE: "1"`
			`DJANGO_SECRET_KEY: "{{ secret_key.content \| b64decode }}"`
after many diversions and forlorn pivot from copilot to claude, new infra/ structure contains group_vars and ansible vaults; requests added to dev and prod dependencies; apps.lyric.views and core .settings both abandon django's send_mail(); instead incorporate requests to target Mailgun's HTTP API (DigitalOcean's SMTP blocker thwarted previous magic login link email attempts, but this issue has been resol ved with this commit) 2026-02-07 18:58:17 -05:00			`DJANGO_ALLOWED_HOST: "{{ django_allowed_host }}"`
postgres integration complete thru woodpecker pipeline 2026-02-18 21:12:01 -05:00			`DATABASE_URL: "postgresql://gamearray:{{ postgres_password }}@gamearray_postgres/gamearray"`
after many diversions and forlorn pivot from copilot to claude, new infra/ structure contains group_vars and ansible vaults; requests added to dev and prod dependencies; apps.lyric.views and core .settings both abandon django's send_mail(); instead incorporate requests to target Mailgun's HTTP API (DigitalOcean's SMTP blocker thwarted previous magic login link email attempts, but this issue has been resol ved with this commit) 2026-02-07 18:58:17 -05:00			`MAILGUN_API_KEY: "{{ mailgun_api_key }}"`
postgres integration complete thru woodpecker pipeline 2026-02-18 21:12:01 -05:00			`networks:`
			`- name: gamearray_net`
manage.py changed to lf; FTs tweaked to accomodate WSL2 ansible deployment 2026-01-13 20:58:05 -05:00			`ports:`
nginx compatibility added to serve static files on server; whitenoise installed to catch static file serving in local docker container, also added to core.settings middleware; console logs & print statements removed from dashboard.js & functional_tests.container_commands; ansible playbook and nginx config file support nginx w.in deployment workflow 2026-02-08 17:55:09 -05:00			`127.0.0.1:8888:8888`

			`- name: Create static files directory`
			`ansible.builtin.file:`
			`path: /var/www/gamearray/static`
			`state: directory`
			`owner: www-data`
			`group: www-data`
			`become: true`

			`- name: Copy static files from container to host`
			`ansible.builtin.command:`
			`cmd: docker cp gamearray:/src/static/. /var/www/gamearray/static/`
			`become: true`
manage.py changed to lf; FTs tweaked to accomodate WSL2 ansible deployment 2026-01-13 20:58:05 -05:00
			`- name: Run migration inside container`
			`community.docker.docker_container_exec:`
			`container: gamearray`
postgres integration complete thru woodpecker pipeline 2026-02-18 21:12:01 -05:00			`command: python manage.py migrate`
nginx compatibility added to serve static files on server; whitenoise installed to catch static file serving in local docker container, also added to core.settings middleware; console logs & print statements removed from dashboard.js & functional_tests.container_commands; ansible playbook and nginx config file support nginx w.in deployment workflow 2026-02-08 17:55:09 -05:00
			`handlers:`
			`- name: Restart nginx`
			`ansible.builtin.service:`
			`name: nginx`
			`state: restarted`
			`become: true`