diff --git a/docker/kan/docker-compose.yml b/docker/kan/docker-compose.yml new file mode 100644 index 0000000..117b566 --- /dev/null +++ b/docker/kan/docker-compose.yml @@ -0,0 +1,12 @@ +services: + web: + image: ghcr.io/kanbn/kan:latest + container_name: kan-web + ports: + - "7070:3000" + environment: + NEXT_PUBLIC_BASE_URL: http://localhost:3000 + BETTER_AUTH_SECRET: your_auth_secret + POSTGRES_URL: postgresql://kan:password@10.89.0.102:5432/kan + NEXT_PUBLIC_ALLOW_CREDENTIALS: true + restart: unless-stopped \ No newline at end of file diff --git a/hosts.yml b/hosts.yml index c23549d..aa2fbbf 100755 --- a/hosts.yml +++ b/hosts.yml @@ -21,3 +21,5 @@ all: ansible_host: 10.89.0.106 streaming: ansible_host: 10.89.0.107 + apps: + ansible_host: 10.89.0.108 diff --git a/playbooks/apps/kan.yml b/playbooks/apps/kan.yml new file mode 100644 index 0000000..70db0c5 --- /dev/null +++ b/playbooks/apps/kan.yml @@ -0,0 +1,23 @@ +--- +- name: Deploy Kan.bn app + hosts: apps + become: true + roles: + - role: app/database + vars: + app_name: kan + tasks: + - name: Create kan-web container with correct ports + community.docker.docker_container: + name: kan-web + image: ghcr.io/kanbn/kan:latest + pull: true + state: started + restart_policy: unless-stopped + ports: + - "7070:3000" + env: + NEXT_PUBLIC_BASE_URL: "https://tasks.thegrind.dev" + BETTER_AUTH_SECRET: "your_auth_secret" + POSTGRES_URL: "postgresql://kan:password@10.89.0.102:5432/kan" + NEXT_PUBLIC_ALLOW_CREDENTIALS: "true" \ No newline at end of file diff --git a/playbooks/server/base.yml b/playbooks/server/base.yml index 4ad323a..e477d6f 100755 --- a/playbooks/server/base.yml +++ b/playbooks/server/base.yml @@ -6,4 +6,4 @@ - role: docker/install - role: docker/portainer - role: server/setup/sshkey - - role: server/setup/webmin + # - role: server/setup/webmin # Currently not working but fix eventually diff --git a/databases.yml b/roles/app/docker-compose/defaults/main.yml old mode 100755 new mode 100644 similarity index 100% rename from databases.yml rename to roles/app/docker-compose/defaults/main.yml diff --git a/roles/app/docker-compose/tasks/main.yml b/roles/app/docker-compose/tasks/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/docker/install/tasks/main.yml b/roles/docker/install/tasks/main.yml index e69de29..86b2c7c 100755 --- a/roles/docker/install/tasks/main.yml +++ b/roles/docker/install/tasks/main.yml @@ -0,0 +1,45 @@ +--- +- name: Update apt cache + ansible.builtin.apt: + update_cache: yes + +- name: Install prerequisite packages + ansible.builtin.apt: + name: + - ca-certificates + - curl + state: present + +- name: Create apt keyrings directory + ansible.builtin.file: + path: /etc/apt/keyrings + state: directory + mode: '0755' + +- name: Download Docker GPG key + ansible.builtin.get_url: + url: "https://download.docker.com/linux/ubuntu/gpg" + dest: /etc/apt/keyrings/docker.asc + mode: '0644' + +- name: Add Docker apt repository + ansible.builtin.apt_repository: + repo: "deb [arch={{ docker_arch }} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" + filename: docker + state: present + vars: + docker_arch: "{{ ansible_architecture | regex_replace('x86_64', 'amd64') }}" + +- name: Update apt cache after adding Docker repository + ansible.builtin.apt: + update_cache: true + +- name: Install Docker packages + ansible.builtin.apt: + name: + - docker-ce + - docker-ce-cli + - containerd.io + - docker-buildx-plugin + - docker-compose-plugin + state: present \ No newline at end of file diff --git a/roles/docker/portainer/tasks/main.yml b/roles/docker/portainer/tasks/main.yml index e69de29..a18e91d 100755 --- a/roles/docker/portainer/tasks/main.yml +++ b/roles/docker/portainer/tasks/main.yml @@ -0,0 +1,22 @@ +- name: Pull Portainer Agent image + become: true + community.docker.docker_image: + name: portainer/agent + tag: latest + source: pull + +- name: Deploy Portainer Agent container + become: true + community.docker.docker_container: + name: portainer_agent + image: portainer/agent + pull: false # we already pulled above + state: started + restart_policy: always + ports: + - "9001:9001" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /var/lib/docker/volumes:/var/lib/docker/volumes + - /:/host + timeout: 120 # wait up to 2m for it to come up diff --git a/roles/postgres/priviledges/tasks/main.yml b/roles/postgres/priviledges/tasks/main.yml index 7825c35..b47041a 100755 --- a/roles/postgres/priviledges/tasks/main.yml +++ b/roles/postgres/priviledges/tasks/main.yml @@ -1,4 +1,18 @@ --- +- name: Grant database-level privileges on "{{ database }}" + delegate_to: localhost + community.postgresql.postgresql_privs: + db: "{{ database }}" + type: database + objs: "{{ database }}" + privs: "CREATE" + role: "{{ user }}" + state: present + login_host: "{{ pg_host }}" + login_port: "{{ pg_port }}" + login_user: "{{ pg_user }}" + login_password: "{{ pg_password }}" + - name: Give user full priviledges on database delegate_to: localhost community.postgresql.postgresql_privs: diff --git a/roles/server/setup/webmin/defaults/main.yml b/roles/server/setup/webmin/defaults/main.yml index e69de29..3dfd68b 100755 --- a/roles/server/setup/webmin/defaults/main.yml +++ b/roles/server/setup/webmin/defaults/main.yml @@ -0,0 +1,8 @@ +# roles/webmin/defaults/main.yml +webmin_repo_url: https://download.webmin.com +webmin_dist: stable +webmin_section: contrib + +# Optional HTTP auth +webmin_auth_user: javi +webmin_auth_pass: password diff --git a/roles/server/setup/webmin/tasks/main.yml b/roles/server/setup/webmin/tasks/main.yml index 48f0d21..fa4d5a8 100755 --- a/roles/server/setup/webmin/tasks/main.yml +++ b/roles/server/setup/webmin/tasks/main.yml @@ -1,40 +1,66 @@ --- -- name: Install required dependencies +- name: Remove any old/malformed Webmin sources list + ansible.builtin.file: + path: /etc/apt/sources.list.d/webmin.list + state: absent + +- name: Remove any old Webmin keyring + ansible.builtin.file: + path: /usr/share/keyrings/webmin-archive-keyring.gpg + state: absent + +- name: Install Webmin GPG key into its own keyring + ansible.builtin.apt_key: + url: https://download.webmin.com/developers-key.asc + keyring: /usr/share/keyrings/webmin-archive-keyring.gpg + state: present + +- name: Add Webmin APT repository + ansible.builtin.apt_repository: + filename: webmin + repo: >- + deb [signed-by=/usr/share/keyrings/webmin-archive-keyring.gpg] + https://download.webmin.com/download/repository + sarge contrib + state: present + +- name: Ensure apt prerequisites are installed ansible.builtin.apt: name: - - wget + - curl + - gnupg - apt-transport-https - - software-properties-common + - ca-certificates state: present update_cache: true -- name: Add Webmin repository +- name: Configure APT HTTP auth for Webmin + when: webmin_auth_user is defined and webmin_auth_pass is defined ansible.builtin.copy: - dest: /etc/apt/sources.list.d/webmin.list - content: "deb http://download.webmin.com/download/repository sarge contrib" - owner: javi - group: javi - mode: '0777' + dest: /etc/apt/auth.conf.d/webmin.conf + mode: '0600' + content: | + machine {{ webmin_repo_url | regex_replace('^https?://','') }} + login {{ webmin_auth_user }} + password {{ webmin_auth_pass }} -- name: Add Webmin GPG key - ansible.builtin.apt_key: - url: https://www.webmin.com/jcameron-key.asc - state: present +- name: Remove old Webmin preference file + ansible.builtin.file: + path: /etc/apt/preferences.d/webmin-stable-package-priority + state: absent -- name: Update apt cache +- name: Refresh apt cache ansible.builtin.apt: update_cache: true -- name: Install Webmin with recommended packages +- name: Install Webmin ansible.builtin.apt: name: - webmin state: present - update_cache: true - install_recommends: true -- name: Ensure Webmin service is enabled and running - ansible.builtin.systemd: +- name: Ensure Webmin service is enabled & started + ansible.builtin.service: name: webmin + state: started enabled: true - state: started \ No newline at end of file