2026-02-08 17:55:09 -05:00
|
|
|
- hosts: all
|
2026-01-13 20:58:05 -05:00
|
|
|
|
|
|
|
|
tasks:
|
2026-02-07 18:58:17 -05:00
|
|
|
- name: Debug django_allowed_host
|
|
|
|
|
debug:
|
|
|
|
|
var: django_allowed_host
|
|
|
|
|
|
2026-01-13 20:58:05 -05:00
|
|
|
- name: Install docker
|
|
|
|
|
ansible.builtin.apt:
|
|
|
|
|
name: docker.io
|
|
|
|
|
state: latest
|
|
|
|
|
update_cache: true
|
|
|
|
|
become: true
|
|
|
|
|
|
2026-02-08 17:55:09 -05:00
|
|
|
- name: Install nginx
|
|
|
|
|
ansible.builtin.apt:
|
|
|
|
|
name: nginx
|
|
|
|
|
state: latest
|
|
|
|
|
become: true
|
|
|
|
|
|
|
|
|
|
- name: Deploy nginx config
|
|
|
|
|
ansible.builtin.template:
|
|
|
|
|
src: nginx.conf.j2
|
|
|
|
|
dest: /etc/nginx/sites-available/gamearray
|
|
|
|
|
become: true
|
|
|
|
|
notify: Restart nginx
|
|
|
|
|
|
|
|
|
|
- name: Enable nginx site
|
|
|
|
|
ansible.builtin.file:
|
|
|
|
|
src: /etc/nginx/sites-available/gamearray
|
|
|
|
|
dest: /etc/nginx/sites-enabled/gamearray
|
|
|
|
|
state: link
|
|
|
|
|
become: true
|
|
|
|
|
notify: Restart nginx
|
|
|
|
|
|
|
|
|
|
- name: Remove default nginx site
|
|
|
|
|
ansible.builtin.file:
|
|
|
|
|
path: /etc/nginx/sites-enabled/default
|
|
|
|
|
state: absent
|
|
|
|
|
become: true
|
|
|
|
|
notify: Restart nginx
|
|
|
|
|
|
2026-01-13 20:58:05 -05:00
|
|
|
- name: Add our user to the docker group, so we don't need sudo/become
|
|
|
|
|
ansible.builtin.user:
|
|
|
|
|
name: '{{ ansible_user }}'
|
|
|
|
|
groups: docker
|
|
|
|
|
append: true # don't remove any existing groups
|
|
|
|
|
become: true
|
|
|
|
|
|
|
|
|
|
- name: Reset ssh connection to allow the user/group change to take effect
|
|
|
|
|
ansible.builtin.meta: reset_connection
|
|
|
|
|
|
|
|
|
|
- name: Build container image locally
|
|
|
|
|
community.docker.docker_image:
|
|
|
|
|
name: gamearray
|
|
|
|
|
source: build
|
|
|
|
|
state: present
|
|
|
|
|
build:
|
|
|
|
|
path: /mnt/d/cosmovault/latticework/oreilly/percival/python-tdd
|
|
|
|
|
platform: linux/amd64
|
|
|
|
|
force_source: true
|
|
|
|
|
delegate_to: 127.0.0.1
|
|
|
|
|
|
|
|
|
|
- name: Export container image locally
|
|
|
|
|
community.docker.docker_image:
|
|
|
|
|
name: gamearray
|
|
|
|
|
archive_path: /tmp/gamearray-img.tar
|
|
|
|
|
source: local
|
|
|
|
|
delegate_to: 127.0.0.1
|
|
|
|
|
|
|
|
|
|
- name: Upload image to server
|
|
|
|
|
ansible.builtin.copy:
|
|
|
|
|
src: /tmp/gamearray-img.tar
|
|
|
|
|
dest: /tmp/gamearray-img.tar
|
|
|
|
|
|
|
|
|
|
- name: Import container image on server
|
|
|
|
|
community.docker.docker_image:
|
|
|
|
|
name: gamearray
|
|
|
|
|
load_path: /tmp/gamearray-img.tar
|
|
|
|
|
source: load
|
|
|
|
|
force_source: true
|
|
|
|
|
state: present
|
|
|
|
|
|
|
|
|
|
- name: Ensure .secret-key files exists
|
|
|
|
|
# the intention is that this only happens once per server
|
|
|
|
|
ansible.builtin.copy:
|
|
|
|
|
dest: ~/.secret-key
|
|
|
|
|
content: "{{ lookup('password', '/dev/null length=32 chars=ascii_letters') }}"
|
|
|
|
|
mode: 0600
|
|
|
|
|
force: false # do not recreate file if it already exists
|
|
|
|
|
|
|
|
|
|
- name: Read secret key back from file
|
|
|
|
|
ansible.builtin.slurp:
|
|
|
|
|
src: ~/.secret-key
|
|
|
|
|
register: secret_key
|
|
|
|
|
|
2026-02-13 15:27:59 -05:00
|
|
|
- name: Create /opt/gamearray/ directory
|
|
|
|
|
ansible.builtin.file:
|
|
|
|
|
path: /opt/gamearray
|
|
|
|
|
state: directory
|
|
|
|
|
become: true
|
|
|
|
|
|
|
|
|
|
- name: Template gamearray.env to server
|
|
|
|
|
ansible.builtin.template:
|
|
|
|
|
src: gamearray.env.j2
|
|
|
|
|
dest: /opt/gamearray/gamearray.env
|
2026-02-17 17:48:09 -05:00
|
|
|
owner: "{{ ansible_user }}"
|
2026-02-13 15:27:59 -05:00
|
|
|
mode: "0600"
|
|
|
|
|
become: true
|
|
|
|
|
|
|
|
|
|
- name: Template deploy script to server
|
|
|
|
|
ansible.builtin.template:
|
|
|
|
|
src: deploy.sh.j2
|
|
|
|
|
dest: /opt/gamearray/deploy.sh
|
|
|
|
|
mode: "0755"
|
|
|
|
|
become: true
|
|
|
|
|
|
|
|
|
|
- name: Login to Gitea container registry
|
|
|
|
|
ansible.builtin.command:
|
|
|
|
|
cmd: docker login gitea.earthmanrpg.me -u discoman -p {{ gitea_registry_token }}
|
|
|
|
|
no_log: true
|
|
|
|
|
|
2026-01-13 20:58:05 -05:00
|
|
|
- name: Ensure db.sqlite3 file exists outside container
|
|
|
|
|
ansible.builtin.file:
|
|
|
|
|
path: "{{ ansible_env.HOME }}/db.sqlite3"
|
|
|
|
|
state: touch
|
|
|
|
|
owner: 1234 # so nonroot user can access it in container
|
|
|
|
|
become: true # needed for ownership change
|
|
|
|
|
|
|
|
|
|
- name: Run container
|
|
|
|
|
community.docker.docker_container:
|
|
|
|
|
name: gamearray
|
|
|
|
|
image: gamearray
|
|
|
|
|
state: started
|
|
|
|
|
recreate: true
|
|
|
|
|
env:
|
|
|
|
|
DJANGO_DEBUG_FALSE: "1"
|
|
|
|
|
DJANGO_SECRET_KEY: "{{ secret_key.content | b64decode }}"
|
2026-02-07 18:58:17 -05:00
|
|
|
DJANGO_ALLOWED_HOST: "{{ django_allowed_host }}"
|
2026-01-13 20:58:05 -05:00
|
|
|
DJANGO_DB_PATH: "/home/nonroot/db.sqlite3"
|
2026-02-07 18:58:17 -05:00
|
|
|
EMAIL_HOST_USER: "{{ email_host_user }}"
|
|
|
|
|
EMAIL_HOST_PASSWORD: "{{ email_host_password }}"
|
|
|
|
|
MAILGUN_API_KEY: "{{ mailgun_api_key }}"
|
2026-01-13 20:58:05 -05:00
|
|
|
ports:
|
2026-02-08 17:55:09 -05:00
|
|
|
127.0.0.1:8888:8888
|
|
|
|
|
|
|
|
|
|
- name: Create static files directory
|
|
|
|
|
ansible.builtin.file:
|
|
|
|
|
path: /var/www/gamearray/static
|
|
|
|
|
state: directory
|
|
|
|
|
owner: www-data
|
|
|
|
|
group: www-data
|
|
|
|
|
become: true
|
|
|
|
|
|
|
|
|
|
- name: Copy static files from container to host
|
|
|
|
|
ansible.builtin.command:
|
|
|
|
|
cmd: docker cp gamearray:/src/static/. /var/www/gamearray/static/
|
|
|
|
|
become: true
|
2026-01-13 20:58:05 -05:00
|
|
|
|
|
|
|
|
- name: Run migration inside container
|
|
|
|
|
community.docker.docker_container_exec:
|
|
|
|
|
container: gamearray
|
2026-02-08 17:55:09 -05:00
|
|
|
command: ./manage.py migrate
|
|
|
|
|
|
|
|
|
|
handlers:
|
|
|
|
|
- name: Restart nginx
|
|
|
|
|
ansible.builtin.service:
|
|
|
|
|
name: nginx
|
|
|
|
|
state: restarted
|
|
|
|
|
become: true
|
