111 lines
3.0 KiB
YAML
111 lines
3.0 KiB
YAML
---
|
|
- hosts: all
|
|
become: true
|
|
vars:
|
|
container_count: 1
|
|
default_container_name: docker
|
|
default_container_image: hello-world
|
|
default_container_command: sleep 1
|
|
tasks:
|
|
- name: Install required system packages
|
|
apt:
|
|
pkg:
|
|
- apt-transport-https
|
|
- ca-certificates
|
|
- curl
|
|
- software-properties-common
|
|
- virtualenv
|
|
state: latest
|
|
update_cache: true
|
|
|
|
- name: Ensure certs directory exists
|
|
file:
|
|
path: /home/vagrant/nginx/certs
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Generate self-signed cert for gitea.vm.local
|
|
command: >
|
|
openssl req -x509 -nodes -days 365
|
|
-newkey rsa:2048
|
|
-keyout /home/vagrant/nginx/certs/gitea.vm.local.key
|
|
-out /home/vagrant/nginx/certs/gitea.vm.local.crt
|
|
-subj "/CN=gitea.vm.local"
|
|
args:
|
|
creates: /home/vagrant/nginx/certs/gitea.vm.local.crt
|
|
|
|
- name: Generate self-signed cert for bitwarden.vm.local
|
|
command: >
|
|
openssl req -x509 -nodes -days 365
|
|
-newkey rsa:2048
|
|
-keyout /home/vagrant/nginx/certs/bitwarden.vm.local.key
|
|
-out /home/vagrant/nginx/certs/bitwarden.vm.local.crt
|
|
-subj "/CN=bitwarden.vm.local"
|
|
args:
|
|
creates: /home/vagrant/nginx/certs/bitwarden.vm.local.crt
|
|
|
|
- name: Add Docker GPG apt Key
|
|
apt_key:
|
|
url: https://download.docker.com/linux/ubuntu/gpg
|
|
state: present
|
|
|
|
- name: Add Docker Repository
|
|
apt_repository:
|
|
repo: deb https://download.docker.com/linux/ubuntu focal stable
|
|
state: present
|
|
|
|
- name: Update apt and install docker-ce
|
|
apt:
|
|
pkg:
|
|
- docker-ce
|
|
- docker-compose-plugin
|
|
state: latest
|
|
update_cache: true
|
|
|
|
- name: Add 'vagrant' and 'git' users to docker group
|
|
user:
|
|
name: "{{ item }}"
|
|
groups: docker
|
|
append: yes
|
|
loop:
|
|
- vagrant
|
|
- git
|
|
|
|
- name: Create git user
|
|
user:
|
|
name: git
|
|
shell: /home/git/docker-shell
|
|
home: /home/git
|
|
create_home: yes
|
|
|
|
- name: Deploy docker passthrough shell
|
|
copy:
|
|
dest: /home/git/docker-shell
|
|
content: |
|
|
#!/bin/sh
|
|
exec /usr/bin/docker exec -i -u git --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" gitea sh "$@"
|
|
mode: '0755'
|
|
|
|
- name: Update SSH config for git user
|
|
blockinfile:
|
|
path: /etc/ssh/sshd_config
|
|
block: |
|
|
Match User git
|
|
AuthorizedKeysCommandUser git
|
|
AuthorizedKeysCommand /usr/bin/docker exec -i -u git gitea /usr/local/bin/gitea keys -c /data/gitea/conf/app.ini -e git -u %u -t %t -k %k
|
|
|
|
- name: Restart SSH
|
|
service:
|
|
name: ssh
|
|
state: restarted
|
|
|
|
- name: Ensure Docker service is running
|
|
service:
|
|
name: docker
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Run docker compose up -d
|
|
command: docker compose up -d
|
|
args:
|
|
chdir: /home/vagrant |