Gitea repo init; Woodpecker pipeline init; much CI/CD structure outlined in ./infra, incl. docker-compose.yaml, cicd-playbook.yaml, new cicd vault, & config files for gitea, woodpecker & ansible

infra/cicd-playbook.yaml

@@ -0,0 +1,114 @@
+- hosts: cicd
+  
+  tasks:
+    - name: Install Docker
+      ansible.builtin.apt:
+        name: docker.io
+        state: latest
+        update_cache: true
+      become: true
+    
+    - name: Install Nginx
+      ansible.builtin.apt:
+        name: nginx
+        state: latest
+      become: true
+
+    - name: Add out user to the docker group, so we don't need sudo/become
+      ansible.builtin.user:
+        name: '{{ ansible_user }}'
+        groups: docker
+        append: true # don't remove any existing groups
+      become: true
+
+    - name: Reset ssh connection to allow the user/group change to take effect
+      ansible.builtin.meta: reset_connection
+
+    - name: Install docker-compose-plugin & certbot
+      ansible.builtin.apt:
+        name:
+          - docker-compose-v2
+          - certbot
+          - python3-certbot-nginx
+        state: latest
+      become: true
+
+    - name: Create /opt/cicd/ directory tree
+      ansible.builtin.file:
+        path: "/opt/cicd/nginx"
+        state: directory
+      become: true
+
+    - name: Cp docker-compose.yaml to server
+      ansible.builtin.copy:
+        src: cicd/docker-compose.yaml
+        dest: /opt/cicd/docker-compose.yaml
+      become: true
+
+    - name: Template .env to /opt/cicd/
+      ansible.builtin.template:
+        src: cicd/.env.j2
+        dest: /opt/cicd/.env
+        mode: "0600"
+      become: true
+
+    - name: Deploy nginx config (Gitea)
+      ansible.builtin.copy:
+        src: cicd/nginx/gitea.conf
+        dest: /etc/nginx/sites-available/gitea
+      become: true
+      notify: Restart nginx
+
+    - name: Deploy nginx config (Woodpecker)
+      ansible.builtin.copy:
+        src: cicd/nginx/woodpecker.conf
+        dest: /etc/nginx/sites-available/woodpecker
+      become: true
+      notify: Restart nginx
+
+    - name: Enable nginx site (Gitea)
+      ansible.builtin.file:
+        src: /etc/nginx/sites-available/gitea
+        dest: /etc/nginx/sites-enabled/gitea
+        state: link
+      become: true
+      notify: Restart nginx
+
+    - name: Enable nginx site (Woodpecker)
+      ansible.builtin.file:
+        src: /etc/nginx/sites-available/woodpecker
+        dest: /etc/nginx/sites-enabled/woodpecker
+        state: link
+      become: true
+      notify: Restart nginx
+
+    - name: Remove default nginx site
+      ansible.builtin.file:
+        path: /etc/nginx/sites-enabled/default
+        state: absent
+      become: true
+      notify: Restart nginx
+
+    - name: Obtain SSL certs via certbot
+      ansible.builtin.command:
+        cmd: >
+          certbot --nginx
+          -d gitea.earthmanrpg.me
+          -d ci.earthmanrpg.me
+          --non-interactive
+          --agree-tos
+          -m discodedisco@outlook.com
+        creates: /etc/letsencrypt/live/gitea.earthmanrpg.me/fullchain.pem
+      become: true
+
+    - name: Run docker compose -f /opt/cicd/docker-compose.yaml up -d
+      ansible.builtin.command:
+        cmd: docker compose -f /opt/cicd/docker-compose.yaml up -d
+      become: true
+
+  handlers:
+    - name: Restart nginx
+      ansible.builtin.service:
+        name: nginx
+        state: restarted
+      become: true