python-tdd/infra/cicd-playbook.yaml

- hosts: cicd
  
  tasks:
    - name: Install Docker
      ansible.builtin.apt:
        name: docker.io
        state: latest
        update_cache: true
      become: true
    
    - name: Install Nginx
      ansible.builtin.apt:
        name: nginx
        state: latest
      become: true

    - name: Add out user to the docker group, so we don't need sudo/become
      ansible.builtin.user:
        name: '{{ ansible_user }}'
        groups: docker
        append: true # don't remove any existing groups
      become: true

    - name: Reset ssh connection to allow the user/group change to take effect
      ansible.builtin.meta: reset_connection

    - name: Install docker-compose-plugin & certbot
      ansible.builtin.apt:
        name:
          - docker-compose-v2
          - certbot
          - python3-certbot-nginx
        state: latest
      become: true

    - name: Create /opt/cicd/ directory tree
      ansible.builtin.file:
        path: "/opt/cicd/nginx"
        state: directory
      become: true

    - name: Cp docker-compose.yaml to server
      ansible.builtin.copy:
        src: cicd/docker-compose.yaml
        dest: /opt/cicd/docker-compose.yaml
      become: true

    - name: Template .env to /opt/cicd/
      ansible.builtin.template:
        src: cicd/.env.j2
        dest: /opt/cicd/.env
        mode: "0600"
      become: true

    - name: Deploy nginx config (Gitea)
      ansible.builtin.copy:
        src: cicd/nginx/gitea.conf
        dest: /etc/nginx/sites-available/gitea
      become: true
      notify: Restart nginx

    - name: Deploy nginx config (Woodpecker)
      ansible.builtin.copy:
        src: cicd/nginx/woodpecker.conf
        dest: /etc/nginx/sites-available/woodpecker
      become: true
      notify: Restart nginx

    - name: Enable nginx site (Gitea)
      ansible.builtin.file:
        src: /etc/nginx/sites-available/gitea
        dest: /etc/nginx/sites-enabled/gitea
        state: link
      become: true
      notify: Restart nginx

    - name: Enable nginx site (Woodpecker)
      ansible.builtin.file:
        src: /etc/nginx/sites-available/woodpecker
        dest: /etc/nginx/sites-enabled/woodpecker
        state: link
      become: true
      notify: Restart nginx

    - name: Remove default nginx site
      ansible.builtin.file:
        path: /etc/nginx/sites-enabled/default
        state: absent
      become: true
      notify: Restart nginx

    - name: Obtain SSL certs via certbot
      ansible.builtin.command:
        cmd: >
          certbot --nginx
          -d gitea.earthmanrpg.me
          -d ci.earthmanrpg.me
          --non-interactive
          --agree-tos
          -m discodedisco@outlook.com
        creates: /etc/letsencrypt/live/gitea.earthmanrpg.me/fullchain.pem
      become: true

    - name: Run docker compose -f /opt/cicd/docker-compose.yaml up -d
      ansible.builtin.command:
        cmd: docker compose -f /opt/cicd/docker-compose.yaml up -d
      become: true

  handlers:
    - name: Restart nginx
      ansible.builtin.service:
        name: nginx
        state: restarted
      become: true