-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathloglist.yml
More file actions
136 lines (121 loc) · 4.28 KB
/
loglist.yml
File metadata and controls
136 lines (121 loc) · 4.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# SPDX-FileCopyrightText: 2025 Friedrich von Never <friedrich@fornever.me>
#
# SPDX-License-Identifier: MIT
---
- name: Application service for loglist.xyz
hosts: xmpp2
become: true
vars:
# Container versions:
postgresql_version: 9.3
loglist_version: 2.0.1
# Paths on host:
host_db_init_scripts_dir: /opt/codingteam/loglist/init_db_scripts
host_data_dir: /opt/codingteam/loglist/data
host_config_dir: /opt/codingteam/loglist/config
# Paths in containers:
container_data_dir: /data
vars_files:
- secrets.yml
handlers:
- name: Prune Docker
community.docker.docker_prune:
containers: true
images: true
images_filters:
dangling: false
networks: true
volumes: true
builder_cache: true
- name: Reload nginx
ansible.builtin.service:
name: nginx
state: reloaded
tasks:
- name: Create read-only directories
ansible.builtin.file:
path: '{{ item }}'
state: directory
mode: 'u=rx,go='
owner: root
group: root
loop:
- '{{ host_db_init_scripts_dir }}'
- '{{ host_config_dir }}'
- name: Create read/write directories
ansible.builtin.file:
path: '{{ item }}'
state: directory
mode: 'u=rwx,go='
# NOTE: we use 999:999 here because these are hardcoded in the
# PostgreSQL Dockerfile, see this for details:
# https://stackoverflow.com/q/56188573/2684760
owner: 999
group: 999
loop:
- '{{ host_data_dir }}'
- name: Create the Docker network
community.docker.docker_network:
name: loglist
- name: Copy the database initialization script
ansible.builtin.copy:
src: loglist/init_db.sql
dest: '{{ host_db_init_scripts_dir }}/init_db.sql'
mode: 'u=rx,go='
- name: Set up the database container
community.docker.docker_container:
name: loglist.postgresql
image_name_mismatch: recreate
image: postgres:{{ postgresql_version }}
published_ports:
- '5423'
env:
POSTGRES_DB: loglist
POSTGRES_USER: loglist
POSTGRES_PASSWORD: '{{ loglist_secrets.db_password }}'
PGDATA: '{{ container_data_dir }}'
volumes:
- '{{ host_db_init_scripts_dir }}/:/docker-entrypoint-initdb.d/'
- '{{ host_data_dir }}/:/{{ container_data_dir }}/'
networks:
- name: loglist
default_host_ip: ''
restart_policy: unless-stopped
notify: Prune Docker
- name: Copy the application configuration file
ansible.builtin.copy:
src: loglist/application.conf
dest: '{{ host_config_dir }}/application.conf'
mode: 'u=r,go='
- name: Set up the application container
community.docker.docker_container:
name: loglist.app
image_name_mismatch: recreate
image: codingteam/loglist:{{ loglist_version }}
published_ports:
- '9000:9000'
env:
APPLY_EVOLUTIONS_SILENTLY: 'true'
APPROVAL_EMAIL: '{{ loglist_secrets.approval_email.name }}'
APPROVAL_EMAIL_PASSWORD: '{{ loglist_secrets.approval_email.password }}'
APPROVAL_SMTP_HOST: '{{ loglist_secrets.approval_email.smtp_host }}'
BASIC_AUTH_PASSWORD: '{{ loglist_secrets.basic_auth.password }}'
BASIC_AUTH_USERNAME: '{{ loglist_secrets.basic_auth.username }}'
DATABASE_URL: 'jdbc:postgresql://loglist.postgresql/loglist?user=loglist&password={{ loglist_secrets.db_password }}'
JAVA_OPTS: '-Xmx200m -Xss512k -XX:+UseCompressedOops'
RECAPTCHA_PRIVATE_KEY: '{{ loglist_secrets.recaptcha.private_key }}'
RECAPTCHA_PUBLIC_KEY: '{{ loglist_secrets.recaptcha.public_key }}'
HTTP_SECRET_KEY: '{{ loglist_secrets.http_secret_key }}'
volumes:
- '{{ host_config_dir }}/application.conf:/app/conf/application.conf'
networks:
- name: loglist
default_host_ip: ''
restart_policy: unless-stopped
notify: Prune Docker
- name: Set up the nginx configuration file
ansible.builtin.copy:
src: nginx/conf.d/loglist.conf
dest: /etc/nginx/conf.d/loglist.conf
mode: 'u=rx,go='
notify: Reload nginx