| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120 |
- ---
- - name: Install apt-add-repository
- apt:
- name: '{{ packages }}'
- state: present
- update_cache: yes
- vars:
- packages:
- - apt-transport-https
- - ca-certificates
- - curl
- - gnupg2
- - software-properties-common
- - name: Add Docker's GPG key
- shell: curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
- args:
- warn: False # Piping
- - name: Add Docker's apt repository
- shell: add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
- - name: Install Docker
- apt:
- name: '{{ packages }}'
- state: present
- update_cache: yes
- vars:
- packages:
- - docker-ce
- - docker-ce-cli
- - containerd.io
- - name: Add '{{ user }}' to docker group
- user:
- name: '{{ user }}'
- groups: docker
- append: yes
- - name: Install docker-compose
- shell: curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose && chmod +x /usr/local/bin/docker-compose
- args:
- warn: False # Calls to uname
- - name: Copy compose config
- copy:
- src: templates/web/compose
- dest: '/home/{{ user }}'
- owner: '{{ user }}'
- group: '{{ user }}'
- mode: "600"
- - name: Install NFS common
- apt:
- name: nfs-common
- state: present
- update_cache: yes
- - name: Create mountable dir
- file:
- path: /nfs
- state: directory
- mode: u=rwx,g=r,o=r
- owner: '{{ user }}'
- group: '{{ user }}'
- - name: set mountpoints
- mount:
- name: /nfs
- src: 172.20.69.1:/nfs
- fstype: nfs
- state: mounted
- # TODO the certbot installation process probably needs fixing
- - name: Install pip
- apt:
- name: python-pip
- state: present
- - name: Install certbot's cloudflare plugin
- pip:
- name: certbot-dns-cloudflare
- extra_args: --user
- - name: Write example cloudflare secrets file
- copy:
- src: templates/web/cloudflare.ini.example
- dest: /root/cloudflare.ini.example
- mode: "0700"
- owner: root
- group: root
- - name: Run certbot
- shell: /root/.local/bin/certbot renew --dns-cloudflare --dns-cloudflare-credentials /root/cloudflare.ini -d jibby.org,\*.jibby.org --preferred-challenges dns-01
- ignore_errors: yes # This fails if the certs already exist
- - name: Schedule certbot renewal cronjob
- cron:
- name: "renew certs"
- special_time: weekly
- job: '/root/.local/bin/certbot renew'
- - name: Set outward facing nginx server
- copy:
- src: templates/web/docker.conf
- dest: /etc/nginx/conf.d/docker.conf
- mode: "0644"
- owner: root
- group: root
- - name: Remove default nginx site
- file:
- path: /etc/nginx/sites-enabled/default
- state: absent
- - name: Start and enable Nginx
- service:
- name: nginx
- state: started
- enabled: yes
|
