- hosts: all tasks: - name: Debug django_allowed_host debug: var: django_allowed_host - name: Install docker ansible.builtin.apt: name: docker.io state: latest update_cache: true become: true - name: Install nginx ansible.builtin.apt: name: nginx state: latest become: true - name: Deploy nginx config ansible.builtin.template: src: nginx.conf.j2 dest: /etc/nginx/sites-available/gamearray become: true notify: Restart nginx - name: Enable nginx site ansible.builtin.file: src: /etc/nginx/sites-available/gamearray dest: /etc/nginx/sites-enabled/gamearray state: link become: true notify: Restart nginx - name: Remove default nginx site ansible.builtin.file: path: /etc/nginx/sites-enabled/default state: absent become: true notify: Restart nginx - name: Add our user to the docker group, so we don't need sudo/become ansible.builtin.user: name: '{{ ansible_user }}' groups: docker append: true # don't remove any existing groups become: true - name: Reset ssh connection to allow the user/group change to take effect ansible.builtin.meta: reset_connection - name: Build container image locally community.docker.docker_image: name: gamearray source: build state: present build: path: /mnt/d/cosmovault/latticework/oreilly/percival/python-tdd platform: linux/amd64 force_source: true delegate_to: 127.0.0.1 - name: Export container image locally community.docker.docker_image: name: gamearray archive_path: /tmp/gamearray-img.tar source: local delegate_to: 127.0.0.1 - name: Upload image to server ansible.builtin.copy: src: /tmp/gamearray-img.tar dest: /tmp/gamearray-img.tar - name: Import container image on server community.docker.docker_image: name: gamearray load_path: /tmp/gamearray-img.tar source: load force_source: true state: present - name: Ensure .secret-key files exists # the intention is that this only happens once per server ansible.builtin.copy: dest: ~/.secret-key content: "{{ lookup('password', '/dev/null length=32 chars=ascii_letters') }}" mode: 0600 force: false # do not recreate file if it already exists - name: Read secret key back from file ansible.builtin.slurp: src: ~/.secret-key register: secret_key - name: Create /opt/gamearray/ directory ansible.builtin.file: path: /opt/gamearray state: directory become: true - name: Template gamearray.env to server ansible.builtin.template: src: gamearray.env.j2 dest: /opt/gamearray/gamearray.env mode: "0600" become: true - name: Template deploy script to server ansible.builtin.template: src: deploy.sh.j2 dest: /opt/gamearray/deploy.sh mode: "0755" become: true - name: Login to Gitea container registry ansible.builtin.command: cmd: docker login gitea.earthmanrpg.me -u discoman -p {{ gitea_registry_token }} no_log: true - name: Ensure db.sqlite3 file exists outside container ansible.builtin.file: path: "{{ ansible_env.HOME }}/db.sqlite3" state: touch owner: 1234 # so nonroot user can access it in container become: true # needed for ownership change - name: Run container community.docker.docker_container: name: gamearray image: gamearray state: started recreate: true env: DJANGO_DEBUG_FALSE: "1" DJANGO_SECRET_KEY: "{{ secret_key.content | b64decode }}" DJANGO_ALLOWED_HOST: "{{ django_allowed_host }}" DJANGO_DB_PATH: "/home/nonroot/db.sqlite3" EMAIL_HOST_USER: "{{ email_host_user }}" EMAIL_HOST_PASSWORD: "{{ email_host_password }}" MAILGUN_API_KEY: "{{ mailgun_api_key }}" ports: 127.0.0.1:8888:8888 - name: Create static files directory ansible.builtin.file: path: /var/www/gamearray/static state: directory owner: www-data group: www-data become: true - name: Copy static files from container to host ansible.builtin.command: cmd: docker cp gamearray:/src/static/. /var/www/gamearray/static/ become: true - name: Run migration inside container community.docker.docker_container_exec: container: gamearray command: ./manage.py migrate handlers: - name: Restart nginx ansible.builtin.service: name: nginx state: restarted become: true