nanopenguin/bachelor-thesis
Archived
1
0
Fork 0
Code Actions
This repository has been archived on 2025-09-29. You can view files and clone it, but cannot push or open issues or pull requests.
bachelor-thesis/webserver/base/sandbox/playbook.yml
Benedikt Galbavy d2b80d93e1 Further cleanup
2025-04-10 22:16:16 +02:00

160 lines
4.3 KiB
YAML
Raw Blame History

---
- hosts: all
become: true
vars:
container_count: 1
default_container_name: docker
default_container_image: hello-world
default_container_command: sleep 1
tasks:
- name: Install required system packages
apt:
pkg:
- apt-transport-https
- ca-certificates
- curl
- software-properties-common
- virtualenv
state: latest
update_cache: true
- name: Copy nginx conf
copy:
src: /vagrant/sandbox/nginx.conf
dest: /home/vagrant/nginx.conf
- name: Copy docker compose
copy:
src: /vagrant/sandbox/docker-compose.yml
dest: /home/vagrant/docker-compose.yml
- name: Ensure certs directory exists
file:
path: /home/vagrant/nginx/certs
state: directory
mode: '0755'
- name: Install mkcert dependencies
apt:
pkg:
- libnss3-tools
- ca-certificates
state: present
update_cache: yes
- name: Download mkcert binary
get_url:
url: https://github.com/FiloSottile/mkcert/releases/latest/download/mkcert-v1.4.4-linux-amd64
dest: /usr/local/bin/mkcert
mode: '0755'
register: mkcert_download
- name: Ensure mkcert CAROOT directory exists
file:
path: /home/vagrant/.local/share/mkcert
state: directory
mode: '0755'
- name: Initialize mkcert CA
command: mkcert -install
environment:
XDG_DATA_HOME: /home/vagrant/.local/share
CAROOT: /home/vagrant/.local/share/mkcert
args:
creates: /home/vagrant/.local/share/mkcert/rootCA.pem
- name: Generate cert for gitea.vm.local
command: >
mkcert
-cert-file /home/vagrant/nginx/certs/gitea.vm.local.pem
-key-file /home/vagrant/nginx/certs/gitea.vm.local-key.pem
gitea.vm.local
args:
creates: /home/vagrant/nginx/certs/gitea.vm.local.pem
- name: Generate cert for bitwarden.vm.local
command: >
mkcert
-cert-file /home/vagrant/nginx/certs/bitwarden.vm.local.pem
-key-file /home/vagrant/nginx/certs/bitwarden.vm.local-key.pem
bitwarden.vm.local
args:
creates: /home/vagrant/nginx/certs/bitwarden.vm.local.pem
- name: Ensure export directory exists
file:
path: /vagrant/shared/ca
state: directory
mode: '0755'
- name: Copy mkcert rootCA.pem to shared directory
copy:
src: /home/vagrant/.local/share/mkcert/rootCA.pem
dest: /vagrant/shared/ca/rootCA.pem
remote_src: yes
- name: Add Docker GPG apt Key
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: Add Docker Repository
apt_repository:
repo: deb https://download.docker.com/linux/ubuntu focal stable
state: present
- name: Update apt and install docker-ce
apt:
pkg:
- docker-ce
- docker-compose-plugin
state: latest
update_cache: true
- name: Add 'vagrant' and 'git' users to docker group
user:
name: "{{ item }}"
groups: docker
append: yes
loop:
- vagrant
- git
- name: Create git user
user:
name: git
shell: /home/git/docker-shell
home: /home/git
create_home: yes
- name: Deploy docker passthrough shell
copy:
dest: /home/git/docker-shell
content: |
#!/bin/sh
exec /usr/bin/docker exec -i -u git --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" gitea sh "$@"
mode: '0755'
- name: Update SSH config for git user
blockinfile:
path: /etc/ssh/sshd_config
block: |
Match User git
AuthorizedKeysCommandUser git
AuthorizedKeysCommand /usr/bin/docker exec -i -u git gitea /usr/local/bin/gitea keys -c /data/gitea/conf/app.ini -e git -u %u -t %t -k %k
- name: Restart SSH
service:
name: ssh
state: restarted
- name: Ensure Docker service is running
service:
name: docker
state: started
enabled: true
- name: Run docker compose up -d
command: docker compose up -d
args:
chdir: /home/vagrant
View Git Blame Copy Permalink