added env file

author Felix Ableitner <me@nutomic.com>

Sat, 17 Aug 2019 22:54:58 +0000 (00:54 +0200)

committer Felix Ableitner <me@nutomic.com>

Tue, 20 Aug 2019 17:38:10 +0000 (19:38 +0200)
author Felix Ableitner <me@nutomic.com>
Sat, 17 Aug 2019 22:54:58 +0000 (00:54 +0200)
committer Felix Ableitner <me@nutomic.com>
Tue, 20 Aug 2019 17:38:10 +0000 (19:38 +0200)
diff --git a/.gitignore b/.gitignore

index 6d0e0ba46cf00101c2dd06550d426d091ef0e8a7..2feec03c144427d3b1bdc0cce2411e44372bfe40 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
  ansible/inventory
+ansible/passwords/
diff --git a/ansible/lemmy.yml b/ansible/lemmy.yml

index 8830f2034eab58e980781c502d99ffa94d90ab14..144479a65e9bea206683e25c6fbaf1533c6f93d7 100644 (file)
--- a/ansible/lemmy.yml
+++ b/ansible/lemmy.yml
@@ -22,14 +22,28 @@
      file: path={{item.path}} state=directory
      with_items:
        - { path: '/lemmy/' }
+      - { path: '/lemmy/volumes/' }
+      - { path: '/var/www/certbot' }
  
    - name:  add all template files
      template: src={{item.src}} dest={{item.dest}}
      with_items:
-      - { src: '../docker/prod/docker-compose.yml', dest: '/lemmy/docker-compose.yml' }
-      - { src: 'nginx.conf', dest: '/lemmy/nginx.conf' }
+      - { src: 'templates/env', dest: '/lemmy/.env' }
+      - { src: 'templates/docker-compose.yml', dest: '/lemmy/docker-compose.yml' }
+      - { src: 'templates/nginx.conf', dest: '/lemmy/nginx.conf' }
+    vars:
+      postgres_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postgres chars=ascii_letters,digits') }}"
+      jwt_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/jwt chars=ascii_letters,digits') }}"
  
-  - name: request letsencrypt certificates
+  - name: set env file permissions
+    file:
+      path: "/lemmy/.env"
+      state: touch
+      mode: 0600
+      access_time: preserve
+      modification_time: preserve
+
+  - name: request initial letsencrypt certificate
      command: certbot certonly --standalone --agree-tos -d '{{ domain }}' -m '{{ letsencrypt_contact_email }}'
      args:
        creates: '/etc/letsencrypt/live/{{domain}}/privkey.pem'
@@ -46,9 +60,9 @@
        state: present
        pull: yes
  
-  - name: renew certbot certificates
+  - name: certbot renewal cronjob
      cron:
        special_time=daily
        name=certbot-renew
        user=root
-      job="certbot certonly --webroot --webroot-path=/peertube/volumes/certbot/ -d '{{ domain }}' --deploy-hook 'docker-compose -f /peertube/docker-compose.yml exec nginx nginx -s reload'"
+      job="certbot certonly --webroot --webroot-path=/var/www/certbot -d '{{ domain }}' --deploy-hook 'docker-compose -f /peertube/docker-compose.yml exec nginx nginx -s reload'"
diff --git a/docker/prod/docker-compose.yml b/ansible/templates/docker-compose.yml

similarity index 52%

rename from docker/prod/docker-compose.yml

rename to ansible/templates/docker-compose.yml

index 271054fd5d9d0d6d78e135645cbdb7014a09e339..6904e6b2ef84ac214608f24fee89e08e915e541b 100644 (file)
--- a/docker/prod/docker-compose.yml
+++ b/ansible/templates/docker-compose.yml
@@ -1,32 +1,32 @@
  version: '2.4'
  
  services:
+
    db:
      image: postgres:12-alpine
      restart: always
      environment:
-      POSTGRES_USER: rrr
-      POSTGRES_PASSWORD: rrr
-      POSTGRES_DB: rrr
+      POSTGRES_USER=lemmy
+      POSTGRES_PASSWORD=${DATABASE_PASSWORD}
+      POSTGRES_DB=lemmy
      volumes:
-      - db:/var/lib/postgresql/data
+      - ./volumes/db:/var/lib/postgresql/data
      healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U rrr"]
+      test: ["CMD-SHELL", "pg_isready -U lemmy"]
        interval: 5s
        timeout: 5s
        retries: 20
+
    lemmy:
      image: dessalines/lemmy:v0.0.7.3
+    restart: always
      ports:
        - "8536:8536"
      environment:
-      LEMMY_FRONT_END_DIR: /app/dist
-      DATABASE_URL: postgres://rrr:rrr@db:5432/rrr
-      JWT_SECRET: changeme
-      HOSTNAME: rrr
-    restart: always
+      LEMMY_FRONT_END_DIR=/app/dist
+      DATABASE_URL=postgres://rrr:rrr@db:5432/rrr
+      JWT_SECRET=${JWT_SECRET}
+      HOSTNAME=${DOMAIN}
      depends_on: 
        db: 
          condition: service_healthy 
-volumes:
-  db:
diff --git a/ansible/templates/env b/ansible/templates/env

new file mode 100644 (file)

index 0000000..e97aeef
--- /dev/null
+++ b/ansible/templates/env
@@ -0,0 +1,4 @@
+DOMAIN={{ domain }}
+DATABASE_PASSWORD={{ postgres_password }}
+DATABASE_URL=postgres://lemmy:${DATABASE_PASSWORD}@db:5432/lemmy
+JWT_SECRET={{ jwt_password }}
diff --git a/ansible/nginx.conf b/ansible/templates/nginx.conf

similarity index 100%

rename from ansible/nginx.conf

rename to ansible/templates/nginx.conf
author	Felix Ableitner <me@nutomic.com>
	Sat, 17 Aug 2019 22:54:58 +0000 (00:54 +0200)
committer	Felix Ableitner <me@nutomic.com>
	Tue, 20 Aug 2019 17:38:10 +0000 (19:38 +0200)
.gitignore		patch \| blob \| history
ansible/lemmy.yml		patch \| blob \| history
ansible/templates/docker-compose.yml	[moved from docker/prod/docker-compose.yml with 52% similarity]	patch \| blob \| history
ansible/templates/env	[new file with mode: 0644]	patch \| blob
ansible/templates/nginx.conf	[moved from ansible/nginx.conf with 100% similarity]	patch \| blob \| history