python-tdd/infra/cicd-playbook.yaml

- hosts: cicd
  
  tasks:
    - name: Install Docker
      ansible.builtin.apt:
        name: docker.io
        state: latest
        update_cache: true
      become: true
    
    - name: Install Nginx
      ansible.builtin.apt:
        name: nginx
        state: latest
      become: true

    - name: Add out user to the docker group, so we don't need sudo/become
      ansible.builtin.user:
        name: '{{ ansible_user }}'
        groups: docker
        append: true # don't remove any existing groups
      become: true

    - name: Reset ssh connection to allow the user/group change to take effect
      ansible.builtin.meta: reset_connection

    - name: Install docker-compose-plugin & certbot
      ansible.builtin.apt:
        name:
          - docker-compose-v2
          - certbot
          - python3-certbot-nginx
        state: latest
      become: true

    - name: Create /opt/cicd/ directory tree
      ansible.builtin.file:
        path: "/opt/cicd/nginx"
        state: directory
      become: true

    - name: Cp docker-compose.yaml to server
      ansible.builtin.copy:
        src: cicd/docker-compose.yaml
        dest: /opt/cicd/docker-compose.yaml
      become: true

    - name: Template .env to /opt/cicd/
      ansible.builtin.template:
        src: cicd/.env.j2
        dest: /opt/cicd/.env
        mode: "0600"
      become: true

    - name: Deploy nginx config (Gitea)
      ansible.builtin.copy:
        src: cicd/nginx/gitea.conf
        dest: /etc/nginx/sites-available/gitea
      become: true
      notify: Restart nginx

    - name: Deploy nginx config (Woodpecker)
      ansible.builtin.copy:
        src: cicd/nginx/woodpecker.conf
        dest: /etc/nginx/sites-available/woodpecker
      become: true
      notify: Restart nginx

    - name: Enable nginx site (Gitea)
      ansible.builtin.file:
        src: /etc/nginx/sites-available/gitea
        dest: /etc/nginx/sites-enabled/gitea
        state: link
      become: true
      notify: Restart nginx

    - name: Enable nginx site (Woodpecker)
      ansible.builtin.file:
        src: /etc/nginx/sites-available/woodpecker
        dest: /etc/nginx/sites-enabled/woodpecker
        state: link
      become: true
      notify: Restart nginx

    - name: Remove default nginx site
      ansible.builtin.file:
        path: /etc/nginx/sites-enabled/default
        state: absent
      become: true
      notify: Restart nginx

    - name: Obtain SSL certs via certbot
      ansible.builtin.command:
        cmd: >
          certbot --nginx
          -d gitea.earthmanrpg.me
          -d ci.earthmanrpg.me
          --non-interactive
          --agree-tos
          -m discodedisco@outlook.com
        creates: /etc/letsencrypt/live/gitea.earthmanrpg.me/fullchain.pem
      become: true

    - name: Run docker compose -f /opt/cicd/docker-compose.yaml up -d
      ansible.builtin.command:
        cmd: docker compose -f /opt/cicd/docker-compose.yaml up -d
      become: true

  handlers:
    - name: Restart nginx
      ansible.builtin.service:
        name: nginx
        state: restarted
      become: true
Gitea repo init; Woodpecker pipeline init; much CI/CD structure outlined in ./infra, incl. docker-compose.yaml, cicd-playbook.yaml, new cicd vault, & config files for gitea, woodpecker & ansible 2026-02-10 21:16:00 -05:00			`- hosts: cicd`

			`tasks:`
			`- name: Install Docker`
			`ansible.builtin.apt:`
			`name: docker.io`
			`state: latest`
			`update_cache: true`
			`become: true`

			`- name: Install Nginx`
			`ansible.builtin.apt:`
			`name: nginx`
			`state: latest`
			`become: true`

			`- name: Add out user to the docker group, so we don't need sudo/become`
			`ansible.builtin.user:`
			`name: '{{ ansible_user }}'`
			`groups: docker`
			`append: true # don't remove any existing groups`
			`become: true`

			`- name: Reset ssh connection to allow the user/group change to take effect`
			`ansible.builtin.meta: reset_connection`

			`- name: Install docker-compose-plugin & certbot`
			`ansible.builtin.apt:`
			`name:`
			`- docker-compose-v2`
			`- certbot`
			`- python3-certbot-nginx`
			`state: latest`
			`become: true`

			`- name: Create /opt/cicd/ directory tree`
			`ansible.builtin.file:`
			`path: "/opt/cicd/nginx"`
			`state: directory`
			`become: true`

			`- name: Cp docker-compose.yaml to server`
			`ansible.builtin.copy:`
			`src: cicd/docker-compose.yaml`
			`dest: /opt/cicd/docker-compose.yaml`
			`become: true`

			`- name: Template .env to /opt/cicd/`
			`ansible.builtin.template:`
			`src: cicd/.env.j2`
			`dest: /opt/cicd/.env`
			`mode: "0600"`
			`become: true`

			`- name: Deploy nginx config (Gitea)`
			`ansible.builtin.copy:`
			`src: cicd/nginx/gitea.conf`
			`dest: /etc/nginx/sites-available/gitea`
			`become: true`
			`notify: Restart nginx`

			`- name: Deploy nginx config (Woodpecker)`
			`ansible.builtin.copy:`
			`src: cicd/nginx/woodpecker.conf`
			`dest: /etc/nginx/sites-available/woodpecker`
			`become: true`
			`notify: Restart nginx`

			`- name: Enable nginx site (Gitea)`
			`ansible.builtin.file:`
			`src: /etc/nginx/sites-available/gitea`
			`dest: /etc/nginx/sites-enabled/gitea`
			`state: link`
			`become: true`
			`notify: Restart nginx`

			`- name: Enable nginx site (Woodpecker)`
			`ansible.builtin.file:`
			`src: /etc/nginx/sites-available/woodpecker`
			`dest: /etc/nginx/sites-enabled/woodpecker`
			`state: link`
			`become: true`
			`notify: Restart nginx`

			`- name: Remove default nginx site`
			`ansible.builtin.file:`
			`path: /etc/nginx/sites-enabled/default`
			`state: absent`
			`become: true`
			`notify: Restart nginx`

			`- name: Obtain SSL certs via certbot`
			`ansible.builtin.command:`
			`cmd: >`
			`certbot --nginx`
			`-d gitea.earthmanrpg.me`
			`-d ci.earthmanrpg.me`
			`--non-interactive`
			`--agree-tos`
			`-m discodedisco@outlook.com`
			`creates: /etc/letsencrypt/live/gitea.earthmanrpg.me/fullchain.pem`
			`become: true`

			`- name: Run docker compose -f /opt/cicd/docker-compose.yaml up -d`
			`ansible.builtin.command:`
			`cmd: docker compose -f /opt/cicd/docker-compose.yaml up -d`
			`become: true`

			`handlers:`
			`- name: Restart nginx`
			`ansible.builtin.service:`
			`name: nginx`
			`state: restarted`
			`become: true`