185 lines
5.5 KiB
YAML
185 lines
5.5 KiB
YAML
- hosts: all
|
|
|
|
tasks:
|
|
- name: Debug django_allowed_host
|
|
debug:
|
|
var: django_allowed_host
|
|
|
|
- name: Install docker
|
|
ansible.builtin.apt:
|
|
name: docker.io
|
|
state: latest
|
|
update_cache: true
|
|
become: true
|
|
|
|
- name: Install nginx
|
|
ansible.builtin.apt:
|
|
name: nginx
|
|
state: latest
|
|
become: true
|
|
|
|
- name: Deploy nginx config
|
|
ansible.builtin.template:
|
|
src: nginx.conf.j2
|
|
dest: /etc/nginx/sites-available/gamearray
|
|
become: true
|
|
notify: Restart nginx
|
|
|
|
- name: Enable nginx site
|
|
ansible.builtin.file:
|
|
src: /etc/nginx/sites-available/gamearray
|
|
dest: /etc/nginx/sites-enabled/gamearray
|
|
state: link
|
|
become: true
|
|
notify: Restart nginx
|
|
|
|
- name: Remove default nginx site
|
|
ansible.builtin.file:
|
|
path: /etc/nginx/sites-enabled/default
|
|
state: absent
|
|
become: true
|
|
notify: Restart nginx
|
|
|
|
- name: Add our user to the docker group, so we don't need sudo/become
|
|
ansible.builtin.user:
|
|
name: '{{ ansible_user }}'
|
|
groups: docker
|
|
append: true # don't remove any existing groups
|
|
become: true
|
|
|
|
- name: Reset ssh connection to allow the user/group change to take effect
|
|
ansible.builtin.meta: reset_connection
|
|
|
|
- name: Ensure .secret-key files exists
|
|
# the intention is that this only happens once per server
|
|
ansible.builtin.copy:
|
|
dest: ~/.secret-key
|
|
content: "{{ lookup('password', '/dev/null length=32 chars=ascii_letters') }}"
|
|
mode: 0600
|
|
force: false # do not recreate file if it already exists
|
|
|
|
- name: Read secret key back from file
|
|
ansible.builtin.slurp:
|
|
src: ~/.secret-key
|
|
register: secret_key
|
|
|
|
- name: Create /opt/gamearray/ directory
|
|
ansible.builtin.file:
|
|
path: /opt/gamearray
|
|
state: directory
|
|
become: true
|
|
|
|
- name: Template gamearray.env to server
|
|
ansible.builtin.template:
|
|
src: gamearray.env.j2
|
|
dest: /opt/gamearray/gamearray.env
|
|
owner: "{{ ansible_user }}"
|
|
mode: "0600"
|
|
become: true
|
|
|
|
- name: Template deploy script to server
|
|
ansible.builtin.template:
|
|
src: deploy.sh.j2
|
|
dest: /opt/gamearray/deploy.sh
|
|
mode: "0755"
|
|
become: true
|
|
|
|
- name: Login to Gitea container registry
|
|
ansible.builtin.command:
|
|
cmd: docker login gitea.earthmanrpg.me -u discoman -p {{ gitea_registry_token }}
|
|
no_log: true
|
|
|
|
- name: Create Docker network
|
|
community.docker.docker_network:
|
|
name: gamearray_net
|
|
state: present
|
|
|
|
- name: Create Postgres data volume
|
|
community.docker.docker_volume:
|
|
name: gamearray_postgres_data
|
|
state: present
|
|
|
|
- name: Start Postgres container
|
|
community.docker.docker_container:
|
|
name: gamearray_postgres
|
|
image: postgres:16
|
|
state: started
|
|
restart_policy: unless-stopped
|
|
networks:
|
|
- name: gamearray_net
|
|
volumes:
|
|
- gamearray_postgres_data:/var/lib/postgresql/data
|
|
env:
|
|
POSTGRES_DB: gamearray
|
|
POSTGRES_USER: gamearray
|
|
POSTGRES_PASSWORD: "{{ postgres_password }}"
|
|
|
|
- name: Start Redis container
|
|
community.docker.docker_container:
|
|
name: gamearray_redis
|
|
image: redis:7
|
|
state: started
|
|
restart_policy: unless-stopped
|
|
networks:
|
|
- name: gamearray_net
|
|
|
|
- name: Run container
|
|
community.docker.docker_container:
|
|
name: gamearray
|
|
image: gitea.earthmanrpg.me/discoman/gamearray:latest
|
|
state: started
|
|
recreate: true
|
|
env:
|
|
DJANGO_DEBUG_FALSE: "1"
|
|
DJANGO_SECRET_KEY: "{{ secret_key.content | b64decode }}"
|
|
DJANGO_ALLOWED_HOST: "{{ django_allowed_host }}"
|
|
DATABASE_URL: "postgresql://gamearray:{{ postgres_password }}@gamearray_postgres/gamearray"
|
|
MAILGUN_API_KEY: "{{ mailgun_api_key }}"
|
|
CELERY_BROKER_URL: "redis://gamearray_redis:6379/0"
|
|
networks:
|
|
- name: gamearray_net
|
|
ports:
|
|
127.0.0.1:8888:8888
|
|
|
|
- name: Start Celery worker container
|
|
community.docker.docker_container:
|
|
name: gamearray_celery
|
|
image: gitea.earthmanrpg.me/discoman/gamearray:latest
|
|
state: started
|
|
recreate: true
|
|
env:
|
|
DJANGO_DEBUG_FALSE: "1"
|
|
DJANGO_SECRET_KEY: "{{ secret_key.content | b64decode }}"
|
|
DJANGO_ALLOWED_HOST: "{{ django_allowed_host }}"
|
|
DATABASE_URL: "postgresql://gamearray:{{ postgres_password }}@gamearray_postgres/gamearray"
|
|
MAILGUN_API_KEY: "{{ mailgun_api_key }}"
|
|
CELERY_BROKER_URL: "redis://gamearray_redis:6379/0"
|
|
networks:
|
|
- name: gamearray_net
|
|
command: "python -m celery -A core worker -l info"
|
|
|
|
|
|
- name: Create static files directory
|
|
ansible.builtin.file:
|
|
path: /var/www/gamearray/static
|
|
state: directory
|
|
owner: www-data
|
|
group: www-data
|
|
become: true
|
|
|
|
- name: Copy static files from container to host
|
|
ansible.builtin.command:
|
|
cmd: docker cp gamearray:/src/static/. /var/www/gamearray/static/
|
|
become: true
|
|
|
|
- name: Run migration inside container
|
|
community.docker.docker_container_exec:
|
|
container: gamearray
|
|
command: python manage.py migrate
|
|
|
|
handlers:
|
|
- name: Restart nginx
|
|
ansible.builtin.service:
|
|
name: nginx
|
|
state: restarted
|
|
become: true |