From e53a7da36ce406caa1d2f084d9c6902ad6e0fe11 Mon Sep 17 00:00:00 2001 From: ebesson Date: Fri, 15 Jan 2021 21:32:00 +0100 Subject: [PATCH] feat: initial commit --- .drone.yml | 9 ++++ .gitignore | 9 ++++ .yamllint | 15 +++++++ ansible.cfg | 6 +++ inventories/molecule/group_vars/all.yml | 1 + inventories/molecule/group_vars/all/vars.yml | 4 ++ inventories/molecule/group_vars/all/vault.yml | 3 ++ inventories/vps/group_vars/all/vars.yml | 3 ++ inventories/vps/group_vars/all/vault.yml | 1 + inventories/vps/hosts | 10 +++++ molecule/default/molecule.yml | 44 +++++++++++++++++++ molecule/default/prepare.yml | 41 +++++++++++++++++ molecule/default/tests/test_docker.py | 16 +++++++ molecule/default/tests/test_gitea.py | 23 ++++++++++ molecule/default/tests/test_traefik.py | 11 +++++ requirements.yml | 3 ++ roles/gitea/defaults/main.yml | 5 +++ roles/gitea/handlers/main.yml | 7 +++ roles/gitea/tasks/configure.yml | 14 ++++++ roles/gitea/tasks/install.yml | 12 +++++ roles/gitea/tasks/main.yml | 2 + roles/gitea/tasks/present.yml | 4 ++ roles/gitea/tasks/start.yml | 14 ++++++ roles/gitea/tasks/stop.yml | 5 +++ .../etc/systemd/system/gitea.service.j2 | 11 +++++ .../templates/opt/gitea/docker-compose.yml.j2 | 29 ++++++++++++ roles/traefik/defaults/main.yml | 9 ++++ roles/traefik/handlers/main.yml | 7 +++ roles/traefik/tasks/configure.yml | 35 +++++++++++++++ roles/traefik/tasks/install.yml | 12 +++++ roles/traefik/tasks/main.yml | 2 + roles/traefik/tasks/present.yml | 4 ++ roles/traefik/tasks/start.yml | 10 +++++ roles/traefik/tasks/stop.yml | 5 +++ .../etc/systemd/system/traefik.service.j2 | 13 ++++++ .../opt/traefik/docker-compose.yml.j2 | 27 ++++++++++++ .../templates/opt/traefik/traefik.toml.j2 | 43 ++++++++++++++++++ site.yml | 23 ++++++++++ tox.ini | 20 +++++++++ venv.sh | 4 ++ 40 files changed, 516 insertions(+) create mode 100644 .drone.yml create mode 100644 .gitignore create mode 100755 .yamllint create mode 100755 ansible.cfg create mode 100644 inventories/molecule/group_vars/all.yml create mode 100644 inventories/molecule/group_vars/all/vars.yml create mode 100644 inventories/molecule/group_vars/all/vault.yml create mode 100755 inventories/vps/group_vars/all/vars.yml create mode 100644 inventories/vps/group_vars/all/vault.yml create mode 100755 inventories/vps/hosts create mode 100644 molecule/default/molecule.yml create mode 100644 molecule/default/prepare.yml create mode 100755 molecule/default/tests/test_docker.py create mode 100644 molecule/default/tests/test_gitea.py create mode 100755 molecule/default/tests/test_traefik.py create mode 100644 requirements.yml create mode 100644 roles/gitea/defaults/main.yml create mode 100644 roles/gitea/handlers/main.yml create mode 100644 roles/gitea/tasks/configure.yml create mode 100644 roles/gitea/tasks/install.yml create mode 100644 roles/gitea/tasks/main.yml create mode 100644 roles/gitea/tasks/present.yml create mode 100644 roles/gitea/tasks/start.yml create mode 100644 roles/gitea/tasks/stop.yml create mode 100644 roles/gitea/templates/etc/systemd/system/gitea.service.j2 create mode 100644 roles/gitea/templates/opt/gitea/docker-compose.yml.j2 create mode 100644 roles/traefik/defaults/main.yml create mode 100644 roles/traefik/handlers/main.yml create mode 100644 roles/traefik/tasks/configure.yml create mode 100644 roles/traefik/tasks/install.yml create mode 100644 roles/traefik/tasks/main.yml create mode 100644 roles/traefik/tasks/present.yml create mode 100644 roles/traefik/tasks/start.yml create mode 100644 roles/traefik/tasks/stop.yml create mode 100644 roles/traefik/templates/etc/systemd/system/traefik.service.j2 create mode 100644 roles/traefik/templates/opt/traefik/docker-compose.yml.j2 create mode 100755 roles/traefik/templates/opt/traefik/traefik.toml.j2 create mode 100755 site.yml create mode 100644 tox.ini create mode 100644 venv.sh diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..2b394ff --- /dev/null +++ b/.drone.yml @@ -0,0 +1,9 @@ +--- +kind: pipeline +name: default +steps: + - name: lint + image: python:3.7.8-buster + commands: + - pip install tox + - tox -e ci diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..34cdef7 --- /dev/null +++ b/.gitignore @@ -0,0 +1,9 @@ +roles-dependencies/ +tests/report.xml +*.pyc +.cache +.molecule +report.xml +*.retry +.vscode +.tox \ No newline at end of file diff --git a/.yamllint b/.yamllint new file mode 100755 index 0000000..e5b74fd --- /dev/null +++ b/.yamllint @@ -0,0 +1,15 @@ +--- +extends: default +ignore: | + .tox + roles-dependencies + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/ansible.cfg b/ansible.cfg new file mode 100755 index 0000000..7ba4d4c --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,6 @@ +[defaults] +roles_path=roles-dependencies:roles + +[ssh_connection] +pipelining = True +control_path = /tmp/ansible-ssh-%%h-%%p-%%r \ No newline at end of file diff --git a/inventories/molecule/group_vars/all.yml b/inventories/molecule/group_vars/all.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/inventories/molecule/group_vars/all.yml @@ -0,0 +1 @@ +--- diff --git a/inventories/molecule/group_vars/all/vars.yml b/inventories/molecule/group_vars/all/vars.yml new file mode 100644 index 0000000..636a636 --- /dev/null +++ b/inventories/molecule/group_vars/all/vars.yml @@ -0,0 +1,4 @@ +--- +# Traefik +traefik_acme_enabled: false +traefik_dashboard_enabled: true diff --git a/inventories/molecule/group_vars/all/vault.yml b/inventories/molecule/group_vars/all/vault.yml new file mode 100644 index 0000000..e200372 --- /dev/null +++ b/inventories/molecule/group_vars/all/vault.yml @@ -0,0 +1,3 @@ +--- +vault_drone_gitea_client_id: test +vault_drone_gitea_client_secret: secret diff --git a/inventories/vps/group_vars/all/vars.yml b/inventories/vps/group_vars/all/vars.yml new file mode 100755 index 0000000..9ae0a1c --- /dev/null +++ b/inventories/vps/group_vars/all/vars.yml @@ -0,0 +1,3 @@ +# group_vars/prd +--- +traefik_docker_domain: ebesson.fr diff --git a/inventories/vps/group_vars/all/vault.yml b/inventories/vps/group_vars/all/vault.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/inventories/vps/group_vars/all/vault.yml @@ -0,0 +1 @@ +--- diff --git a/inventories/vps/hosts b/inventories/vps/hosts new file mode 100755 index 0000000..cfe93f6 --- /dev/null +++ b/inventories/vps/hosts @@ -0,0 +1,10 @@ +# inventories/middleware +[middleware] + +[gitea] + + +[vps:children] +middleware +gitea + diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..61656d5 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,44 @@ +--- +driver: + name: vagrant + provider: + name: virtualbox +lint: | + yamllint --config-file .yamllint . + ansible-lint . +platforms: + - name: buster + box: debian/buster64 + interfaces: + - auto_config: true + network_name: private_network + ip: "192.168.50.4" + instance_raw_config_args: + - "vm.network 'forwarded_port', guest: 8080, host: 8080" + - "vm.network 'forwarded_port', guest: 8000, host: 80" + - "vm.network 'forwarded_port', guest: 8443, host: 443" + - "vm.network 'forwarded_port', guest: 3000, host: 3000" + - "vm.network 'forwarded_port', guest: 9091, host: 9091" + groups: + - all + - molecule + - middleware + - gitea +provisioner: + name: ansible + lint: ansible-lint + env: + ANSIBLE_ROLES_PATH: ${PWD}/roles:${PWD}/roles-dependencies + playbooks: + converge: ../../site.yml + inventory: + links: + group_vars: ../../inventories/molecule/group_vars +scenario: + name: default +verifier: + name: testinfra + options: + junit-xml: report.xml + o: "junit_family=legacy" + diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml new file mode 100644 index 0000000..190321c --- /dev/null +++ b/molecule/default/prepare.yml @@ -0,0 +1,41 @@ +--- +- name: Prepare + hosts: all + become: true + gather_facts: false + tasks: + - name: Install Python3 for Ansible + raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal sudo) + changed_when: false + +- name: Install Mkcert + hosts: all + become: true + gather_facts: false + tasks: + - name: install curl + apt: + name: curl + state: present + update_cache: yes + - name: install libnss3-tools + apt: + name: libnss3-tools + state: present + update_cache: yes + - name: download and install mkcert + get_url: + url: https://github.com/FiloSottile/mkcert/releases/download/v1.4.1/mkcert-v1.4.1-linux-amd64 + dest: /usr/local/bin/mkcert + mode: 0755 + - name: install the local CA in the system trust store + shell: mkcert -install + - name: create certs directory + file: + path: /certs + state: directory + mode: 0755 + - name: generate certificates + shell: mkcert -cert-file local-cert.pem -key-file local-key.pem "docker.localhost" "*.docker.localhost" "*.192.168.50.4" + args: + chdir: /certs diff --git a/molecule/default/tests/test_docker.py b/molecule/default/tests/test_docker.py new file mode 100755 index 0000000..c76a852 --- /dev/null +++ b/molecule/default/tests/test_docker.py @@ -0,0 +1,16 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('middleware') + + +def test_docker_package(host): + + assert host.package("docker-ce").is_installed + + +def test_docker_service(host): + assert host.service('docker').is_running + assert host.service('docker').is_enabled diff --git a/molecule/default/tests/test_gitea.py b/molecule/default/tests/test_gitea.py new file mode 100644 index 0000000..cdbcdfe --- /dev/null +++ b/molecule/default/tests/test_gitea.py @@ -0,0 +1,23 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('gitea') + + +def test_gitea_service(host): + assert host.service('gitea').is_running + assert host.service('gitea').is_enabled + + +def test_gitea_with_https(host): + cmd = host.run("curl -I -k -H Host:git.localhost https://127.0.0.1") + assert cmd.rc == 0 + assert "HTTP/2 200" in cmd.stdout + + +def test_gitea_redirection_with_http(host): + cmd = host.run("curl -I -H Host:git.localhost http://127.0.0.1") + assert cmd.rc == 0 + assert "HTTP/1.1 307 Temporary Redirect" in cmd.stdout diff --git a/molecule/default/tests/test_traefik.py b/molecule/default/tests/test_traefik.py new file mode 100755 index 0000000..a827aef --- /dev/null +++ b/molecule/default/tests/test_traefik.py @@ -0,0 +1,11 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('middleware') + + +def test_traefik_service(host): + assert host.service('traefik').is_running + assert host.service('traefik').is_enabled diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..1ed07c5 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,3 @@ +--- +- src: geerlingguy.docker + version: 3.0.0 diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml new file mode 100644 index 0000000..dbdba38 --- /dev/null +++ b/roles/gitea/defaults/main.yml @@ -0,0 +1,5 @@ +--- +gitea_state: present +gitea_version: 1.13.1 +gitea_docker_compose_directory: /opt/gitea +gitea_url: git.localhost diff --git a/roles/gitea/handlers/main.yml b/roles/gitea/handlers/main.yml new file mode 100644 index 0000000..035f2a8 --- /dev/null +++ b/roles/gitea/handlers/main.yml @@ -0,0 +1,7 @@ +--- +- name: restart gitea + service: + name: gitea + state: restarted + daemon_reload: True + enabled: True diff --git a/roles/gitea/tasks/configure.yml b/roles/gitea/tasks/configure.yml new file mode 100644 index 0000000..edcc5a8 --- /dev/null +++ b/roles/gitea/tasks/configure.yml @@ -0,0 +1,14 @@ +--- +- name: configure | deploy systemd configuration + template: + src: etc/systemd/system/gitea.service.j2 + dest: /etc/systemd/system/gitea.service + owner: root + group: root + mode: 0644 + notify: "restart gitea" + +- name: ensure that service is started + service: + name: "gitea" + state: started diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml new file mode 100644 index 0000000..aaf671e --- /dev/null +++ b/roles/gitea/tasks/install.yml @@ -0,0 +1,12 @@ +--- +- name: install | create directory {{ gitea_docker_compose_directory }} + file: + path: "{{ gitea_docker_compose_directory }}" + state: directory + mode: 0755 + +- name: install | set compose file + template: + src: opt/gitea/docker-compose.yml.j2 + dest: "{{ gitea_docker_compose_directory }}/docker-compose.yml" + notify: 'restart gitea' diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml new file mode 100644 index 0000000..7d4bc94 --- /dev/null +++ b/roles/gitea/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include_tasks: "{{ gitea_state }}.yml" diff --git a/roles/gitea/tasks/present.yml b/roles/gitea/tasks/present.yml new file mode 100644 index 0000000..ce43d0f --- /dev/null +++ b/roles/gitea/tasks/present.yml @@ -0,0 +1,4 @@ +--- +- include_tasks: "install.yml" +- include_tasks: "configure.yml" +- include_tasks: "start.yml" diff --git a/roles/gitea/tasks/start.yml b/roles/gitea/tasks/start.yml new file mode 100644 index 0000000..d0de7ee --- /dev/null +++ b/roles/gitea/tasks/start.yml @@ -0,0 +1,14 @@ +--- +- name: start | ensure gitea is up and running + service: + name: gitea + state: started + +- name: start | wait for gitea up and running + command: "docker ps" + register: result + retries: 60 + changed_when: no + until: "'gitea/gitea:{{ gitea_version}}' in result.stdout" + tags: + - skip_ansible_lint diff --git a/roles/gitea/tasks/stop.yml b/roles/gitea/tasks/stop.yml new file mode 100644 index 0000000..270cdbd --- /dev/null +++ b/roles/gitea/tasks/stop.yml @@ -0,0 +1,5 @@ +--- +- name: stop | ensure gitea is up and running + service: + name: gitea + state: stopped diff --git a/roles/gitea/templates/etc/systemd/system/gitea.service.j2 b/roles/gitea/templates/etc/systemd/system/gitea.service.j2 new file mode 100644 index 0000000..5bb9713 --- /dev/null +++ b/roles/gitea/templates/etc/systemd/system/gitea.service.j2 @@ -0,0 +1,11 @@ +# {{ ansible_managed }} +[Unit] +Description=gitea + +[Service] +Restart=always +ExecStart=/usr/local/bin/docker-compose -f "{{ gitea_docker_compose_directory }}/docker-compose.yml" up +ExecStop=/usr/local/bin/docker-compose -f "{{ gitea_docker_compose_directory }}/docker-compose.yml" stop + +[Install] +WantedBy=local.target diff --git a/roles/gitea/templates/opt/gitea/docker-compose.yml.j2 b/roles/gitea/templates/opt/gitea/docker-compose.yml.j2 new file mode 100644 index 0000000..9a6e33d --- /dev/null +++ b/roles/gitea/templates/opt/gitea/docker-compose.yml.j2 @@ -0,0 +1,29 @@ +# {{ ansible_managed }} + +version: '3.2' +services: + gitea: + image: gitea/gitea:{{ gitea_version }} + environment: + - ROOT_URL="http://{{ gitea_url }}" + - DISABLE_SSH=true + - DISABLE_REGISTRATION=true + - REQUIRE_SIGNIN_VIEW=true + restart: always + labels: + - traefik.enable=true + - traefik.docker.network=traefik_network + - traefik.backend=gitea + - traefik.port=3000 + - traefik.frontend.rule=Host:{{ gitea_url }} + networks: + - traefik_network + volumes: + - gitea:/data +volumes: + gitea: + driver: local + +networks: + traefik_network: + external: true \ No newline at end of file diff --git a/roles/traefik/defaults/main.yml b/roles/traefik/defaults/main.yml new file mode 100644 index 0000000..0e0f8c3 --- /dev/null +++ b/roles/traefik/defaults/main.yml @@ -0,0 +1,9 @@ +--- +traefik_state: present +traefik_version: v1.7.28 +traefik_docker_compose_directory: /opt/traefik +traefik_use_configuration_file: false +traefik_docker_domain: docker.localhost +traefik_docker_log_level: ERROR +traefik_acme_enabled: true +traefik_dashboard_enabled: false diff --git a/roles/traefik/handlers/main.yml b/roles/traefik/handlers/main.yml new file mode 100644 index 0000000..2d8193b --- /dev/null +++ b/roles/traefik/handlers/main.yml @@ -0,0 +1,7 @@ +--- +- name: restart traefik + service: + name: traefik + state: restarted + daemon_reload: True + enabled: True diff --git a/roles/traefik/tasks/configure.yml b/roles/traefik/tasks/configure.yml new file mode 100644 index 0000000..4439596 --- /dev/null +++ b/roles/traefik/tasks/configure.yml @@ -0,0 +1,35 @@ +--- +- name: configure | deploy systemd configuration + template: + src: etc/systemd/system/traefik.service.j2 + dest: /etc/systemd/system/traefik.service + owner: root + group: root + mode: 0644 + notify: "restart traefik" + +- name: configure | deploy traefik configuration + template: + src: opt/traefik/traefik.toml.j2 + dest: "{{ traefik_docker_compose_directory }}/traefik.toml" + owner: root + group: root + mode: 0644 + notify: "restart traefik" + +- name: configure | create acme.json + file: + path: "{{ traefik_docker_compose_directory }}/acme.json" + owner: root + group: root + state: touch + mode: 0600 + changed_when: no + +- name: configure | create network traefik_network + command: docker network create traefik_network + ignore_errors: yes + changed_when: no + +- name: configure | flush handlers + meta: flush_handlers diff --git a/roles/traefik/tasks/install.yml b/roles/traefik/tasks/install.yml new file mode 100644 index 0000000..c95ef1f --- /dev/null +++ b/roles/traefik/tasks/install.yml @@ -0,0 +1,12 @@ +--- +- name: install | create directory {{ traefik_docker_compose_directory }} + file: + path: "{{ traefik_docker_compose_directory }}" + state: directory + mode: 0755 + +- name: install | set compose file + template: + src: opt/traefik/docker-compose.yml.j2 + dest: "{{ traefik_docker_compose_directory }}/docker-compose.yml" + notify: 'restart traefik' diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml new file mode 100644 index 0000000..bd16446 --- /dev/null +++ b/roles/traefik/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include_tasks: "{{ traefik_state }}.yml" diff --git a/roles/traefik/tasks/present.yml b/roles/traefik/tasks/present.yml new file mode 100644 index 0000000..ce43d0f --- /dev/null +++ b/roles/traefik/tasks/present.yml @@ -0,0 +1,4 @@ +--- +- include_tasks: "install.yml" +- include_tasks: "configure.yml" +- include_tasks: "start.yml" diff --git a/roles/traefik/tasks/start.yml b/roles/traefik/tasks/start.yml new file mode 100644 index 0000000..98356d7 --- /dev/null +++ b/roles/traefik/tasks/start.yml @@ -0,0 +1,10 @@ +--- +- name: start | ensure traefik is up and running + service: + name: traefik + state: started + +- name: start | wait for traefik up and running + wait_for: + port: 443 + delay: 10 diff --git a/roles/traefik/tasks/stop.yml b/roles/traefik/tasks/stop.yml new file mode 100644 index 0000000..a9c87da --- /dev/null +++ b/roles/traefik/tasks/stop.yml @@ -0,0 +1,5 @@ +--- +- name: stop | ensure traefik is up and running + service: + name: traefik + state: stopped diff --git a/roles/traefik/templates/etc/systemd/system/traefik.service.j2 b/roles/traefik/templates/etc/systemd/system/traefik.service.j2 new file mode 100644 index 0000000..e9ae607 --- /dev/null +++ b/roles/traefik/templates/etc/systemd/system/traefik.service.j2 @@ -0,0 +1,13 @@ +# {{ ansible_managed }} +[Unit] +Description=Traefik +Wants=docker.service +After=docker.service + +[Service] +Restart=always +ExecStart=/usr/local/bin/docker-compose -f "{{ traefik_docker_compose_directory }}/docker-compose.yml" up +ExecStop=/usr/local/bin/docker-compose -f "{{ traefik_docker_compose_directory }}/docker-compose.yml" down + +[Install] +WantedBy=multi-user.target diff --git a/roles/traefik/templates/opt/traefik/docker-compose.yml.j2 b/roles/traefik/templates/opt/traefik/docker-compose.yml.j2 new file mode 100644 index 0000000..8defd82 --- /dev/null +++ b/roles/traefik/templates/opt/traefik/docker-compose.yml.j2 @@ -0,0 +1,27 @@ +--- +# {{ ansible_managed }} +version: '3.2' +services: + traefik: + image: traefik:{{ traefik_version }} + restart: always + command: --api --docker # Enables the web UI and tells Traefik to listen to docker + ports: + - "80:80" # The HTTP port + - "443:443" # The HTTPS ports +{% if traefik_dashboard_enabled %} + - "8080:8080" # Dashboard port +{% endif %} + volumes: + - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events + - {{ traefik_docker_compose_directory }}/traefik.toml:/traefik.toml + - {{ traefik_docker_compose_directory }}/acme.json:/acme.json + labels: + - traefik.enable=true + - traefik.docker.network=traefik_network + networks: + - traefik_network + +networks: + traefik_network: + external: true \ No newline at end of file diff --git a/roles/traefik/templates/opt/traefik/traefik.toml.j2 b/roles/traefik/templates/opt/traefik/traefik.toml.j2 new file mode 100755 index 0000000..554ec64 --- /dev/null +++ b/roles/traefik/templates/opt/traefik/traefik.toml.j2 @@ -0,0 +1,43 @@ +# {{ ansible_managed }} +###Traefik.toml### + +logLevel = "{{ traefik_docker_log_level }}" +defaultEntryPoints = ["http","https"] + +[entryPoints] + [entryPoints.http] + address = ":80" + [entryPoints.http.redirect] + entryPoint = "https" + [entryPoints.https] + address = ":443" + [entryPoints.https.tls] +{% if not traefik_acme_enabled %} + [[entryPoints.https.tls.certificate]] + certFile = "/certs/local-cert.pem" + keyFile = "/certs/local-key.pem" +{% endif %} + +{% if traefik_dashboard_enabled %} +[api] + # With this you enable the web UI + insecure = true + dashboard = true +{% endif %} + +{% if traefik_acme_enabled %} +[acme] +email = "etienne.besson@gmail.com" +storage = "acme.json" +onHostRule = true +entryPoint = "https" + [acme.tlsChallenge] +{% endif %} + +# Enable Docker configuration backend +[docker] + endpoint = "unix:///var/run/docker.sock" + domain = "{{ traefik_docker_domain }}" + watch = true + exposedByDefault = false + diff --git a/site.yml b/site.yml new file mode 100755 index 0000000..ec09955 --- /dev/null +++ b/site.yml @@ -0,0 +1,23 @@ +--- +- hosts: all + gather_facts: False + tasks: + - name: Install python for Ansible + raw: test -e /usr/bin/python || (apt -y update && apt install -y python2.7 python-minimal sudo) + changed_when: False + + +- hosts: middleware + become: True + roles: + - geerlingguy.docker + - traefik + tags: + - traefik + +- hosts: gitea + become: True + roles: + - gitea + tags: + - gitea diff --git a/tox.ini b/tox.ini new file mode 100644 index 0000000..ab07c4d --- /dev/null +++ b/tox.ini @@ -0,0 +1,20 @@ +[tox] +recreate = true +skipsdist = true +envlist = py{3}-ansible + +[testenv] +passenv = * +deps = + ansible==2.9.* + pytest-testinfra==6.0.* + molecule==3.2.* + molecule-vagrant==0.6.* + python-vagrant==0.5.* + paramiko==2.6.0 + ansible-lint==4.3.* + +[testenv:ci] +passenv = * + ansible-galaxy install -r requirements.yml --ignore-errors -p roles-dependencies --force + molecule lint \ No newline at end of file diff --git a/venv.sh b/venv.sh new file mode 100644 index 0000000..9ac679c --- /dev/null +++ b/venv.sh @@ -0,0 +1,4 @@ +tox +source .tox/py3-ansible/bin/activate +rm -Rf roles-dependencies || true +ansible-galaxy install -r requirements.yml --ignore-errors -p roles-dependencies --force