admin/vps-ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
Peter Meier
2025-10-16 22:54:40 +02:00
parent d80ca5979e
commit 5e6faaffcf
23 changed files with 1608 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
playbooks/01-install-docker.yml Normal file
View File

@@ -0,0 +1,78 @@
---
# Docker installation tasks
- name: Update apt cache
apt:
update_cache: yes
cache_valid_time: 3600
- name: Install required system packages
apt:
name: "{{ system_packages }}"
state: present
- name: Add Docker GPG key
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: Add Docker repository
apt_repository:
repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
state: present
update_cache: yes
- name: Install Docker
apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin
state: present
- name: Start and enable Docker service
systemd:
name: docker
state: started
enabled: yes
- name: Install Python Docker SDK
command: python3 -m pip install docker --break-system-packages
when: not ansible_check_mode
- name: Add current user to docker group
user:
name: "{{ ansible_user }}"
groups: docker
append: yes
- name: Install Docker Compose (standalone)
get_url:
url: "https://github.com/docker/compose/releases/download/v{{ docker_compose_version }}/docker-compose-linux-x86_64"
dest: /usr/local/bin/docker-compose
mode: '0755'
- name: Create docker-compose symlink
file:
src: /usr/local/bin/docker-compose
dest: /usr/bin/docker-compose
state: link
- name: Verify Docker installation
command: docker --version
register: docker_version
changed_when: false
- name: Verify Docker Compose installation
command: docker-compose --version
register: docker_compose_version_output
changed_when: false
- name: Display Docker version
debug:
msg: "Docker installed: {{ docker_version.stdout }}"
- name: Display Docker Compose version
debug:
msg: "Docker Compose installed: {{ docker_compose_version_output.stdout }}"

56
playbooks/02-install-nginx.yml Normal file
View File

@@ -0,0 +1,56 @@
---
# Nginx installation and configuration tasks
- name: Install Nginx
apt:
name: nginx
state: present
update_cache: yes
- name: Start and enable Nginx service
systemd:
name: nginx
state: started
enabled: yes
- name: Remove default Nginx site
file:
path: /etc/nginx/sites-enabled/default
state: absent
- name: Create SSL directory
file:
path: "{{ nginx_ssl_path }}"
state: directory
mode: '0755'
- name: Create Nginx configuration for {{ trillium_domain }}
template:
src: nginx-site.conf.j2
dest: "{{ nginx_config_path }}/{{ trillium_domain }}"
- name: Verify Nginx configuration file exists
stat:
path: "{{ nginx_config_path }}/{{ trillium_domain }}"
register: nginx_config_stat
- name: Enable Nginx site
file:
src: "{{ nginx_config_path }}/{{ trillium_domain }}"
dest: "/etc/nginx/sites-enabled/{{ trillium_domain }}"
state: link
when: nginx_config_stat.stat.exists
- name: Test Nginx configuration
command: nginx -t
register: nginx_test
changed_when: false
- name: Display Nginx test result
debug:
msg: "{{ nginx_test.stdout }}"
- name: Restart Nginx if configuration changed
systemd:
name: nginx
state: restarted
when: nginx_test.stdout is defined

79
playbooks/03-setup-certbot.yml Normal file
View File

@@ -0,0 +1,79 @@
---
# Certbot SSL certificate setup tasks
- name: Install Certbot and Nginx plugin
apt:
name:
- certbot
- python3-certbot-nginx
state: present
update_cache: yes
- name: Create web root directory
file:
path: /var/www/html
state: directory
mode: '0755'
- name: Create initial web page for ACME challenge
copy:
content: |
<!DOCTYPE html>
<html>
<head>
<title>ACME Challenge</title>
</head>
<body>
<h1>ACME Challenge Page</h1>
<p>This page is used for SSL certificate validation.</p>
</body>
</html>
dest: /var/www/html/index.html
mode: '0644'
- name: Stop Nginx temporarily for initial certificate request
systemd:
name: nginx
state: stopped
- name: Obtain SSL certificate using standalone mode
command: >
certbot certonly
--standalone
--non-interactive
--agree-tos
--email {{ ssl_email }}
--domains {{ trillium_domain }}
register: certbot_result
changed_when: certbot_result.rc == 0
failed_when: certbot_result.rc != 0 and "already exists" not in certbot_result.stderr
- name: Start Nginx service
systemd:
name: nginx
state: started
- name: Setup automatic certificate renewal
cron:
name: "Certbot renewal"
job: "/usr/bin/certbot renew --quiet --post-hook 'systemctl reload nginx'"
minute: "0"
hour: "2"
user: root
- name: Test certificate renewal
command: certbot renew --dry-run
register: certbot_test
changed_when: false
- name: Display certificate renewal test result
debug:
msg: "{{ certbot_test.stdout }}"
- name: Verify SSL certificate exists
stat:
path: "/etc/letsencrypt/live/{{ trillium_domain }}/fullchain.pem"
register: ssl_cert
- name: Display SSL certificate status
debug:
msg: "SSL certificate for {{ trillium_domain }}: {{ 'exists' if ssl_cert.stat.exists else 'not found' }}"

82
playbooks/04-deploy-trillium.yml Normal file
View File

@@ -0,0 +1,82 @@
---
# Trillium Notes deployment tasks
- name: Create Trillium data directory
file:
path: "{{ trillium_data_path }}"
state: directory
mode: '0755'
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
- name: Create Docker Compose file for Trillium
template:
src: docker-compose.yml.j2
dest: "/opt/trillium/docker-compose.yml"
mode: '0644'
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
- name: Create Trillium startup script
template:
src: start-trillium.sh.j2
dest: "/opt/trillium/start-trillium.sh"
mode: '0755'
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
- name: Check if docker-compose is available
command: docker-compose --version
register: docker_compose_check
failed_when: false
changed_when: false
when: not ansible_check_mode
- name: Stop existing Trillium container if running
shell: docker-compose -f /opt/trillium/docker-compose.yml down
args:
chdir: /opt/trillium
ignore_errors: yes
when: not ansible_check_mode and docker_compose_check.rc == 0
- name: Start Trillium Notes container
shell: docker-compose -f /opt/trillium/docker-compose.yml up -d
args:
chdir: /opt/trillium
when: not ansible_check_mode and docker_compose_check.rc == 0
- name: Display warning if docker-compose not available
debug:
msg: "WARNING: docker-compose not found. Please run with --tags docker first to install Docker and Docker Compose."
when: not ansible_check_mode and docker_compose_check.rc != 0
- name: Wait for Trillium to be ready
uri:
url: "http://localhost:{{ trillium_port }}"
method: GET
status_code: 200
register: trillium_ready
retries: 30
delay: 10
until: trillium_ready.status == 200
when: not ansible_check_mode
- name: Display Trillium status
debug:
msg: "Trillium Notes is running and accessible on http://localhost:{{ trillium_port }}"
- name: Create systemd service for Trillium
template:
src: trillium.service.j2
dest: "/etc/systemd/system/trillium.service"
mode: '0644'
- name: Reload systemd daemon
systemd:
daemon_reload: yes
- name: Enable Trillium service
systemd:
name: trillium
enabled: yes
state: started
when: not ansible_check_mode

86
playbooks/05-deploy-gitea.yml Normal file
View File

@@ -0,0 +1,86 @@
---
# Gitea deployment tasks
- name: Create Gitea data directories
file:
path: "{{ item }}"
state: directory
mode: '0755'
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
loop:
- "{{ gitea_data_path }}"
- "{{ gitea_config_path }}"
- "{{ gitea_git_path }}"
- name: Create Docker Compose file for Gitea
template:
src: gitea-docker-compose.yml.j2
dest: "/opt/gitea/docker-compose.yml"
mode: '0644'
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
- name: Create Gitea startup script
template:
src: start-gitea.sh.j2
dest: "/opt/gitea/start-gitea.sh"
mode: '0755'
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
- name: Check if docker-compose is available
command: docker-compose --version
register: docker_compose_check
failed_when: false
changed_when: false
when: not ansible_check_mode
- name: Stop existing Gitea container if running
shell: docker-compose -f /opt/gitea/docker-compose.yml down
args:
chdir: /opt/gitea
ignore_errors: yes
when: not ansible_check_mode and docker_compose_check.rc == 0
- name: Start Gitea container
shell: docker-compose -f /opt/gitea/docker-compose.yml up -d
args:
chdir: /opt/gitea
when: not ansible_check_mode and docker_compose_check.rc == 0
- name: Display warning if docker-compose not available
debug:
msg: "WARNING: docker-compose not found. Please run with --tags docker first to install Docker and Docker Compose."
when: not ansible_check_mode and docker_compose_check.rc != 0
- name: Wait for Gitea to be ready
uri:
url: "http://localhost:{{ gitea_port }}"
method: GET
status_code: 200
register: gitea_ready
retries: 30
delay: 10
until: gitea_ready.status == 200
when: not ansible_check_mode
- name: Display Gitea status
debug:
msg: "Gitea is running and accessible on http://localhost:{{ gitea_port }}"
- name: Create systemd service for Gitea
template:
src: gitea.service.j2
dest: "/etc/systemd/system/gitea.service"
mode: '0644'
- name: Reload systemd daemon
systemd:
daemon_reload: yes
- name: Enable Gitea service
systemd:
name: gitea
enabled: yes
state: started
when: not ansible_check_mode

33
playbooks/06-configure-gitea-nginx.yml Normal file
View File

@@ -0,0 +1,33 @@
---
# Nginx configuration for Gitea tasks
- name: Create Nginx configuration for {{ gitea_domain }}
template:
src: gitea-nginx-site.conf.j2
dest: "{{ nginx_config_path }}/{{ gitea_domain }}"
- name: Verify Nginx configuration file exists
stat:
path: "{{ nginx_config_path }}/{{ gitea_domain }}"
register: gitea_nginx_config_stat
- name: Enable Gitea Nginx site
file:
src: "{{ nginx_config_path }}/{{ gitea_domain }}"
dest: "/etc/nginx/sites-enabled/{{ gitea_domain }}"
state: link
when: gitea_nginx_config_stat.stat.exists
- name: Test Nginx configuration
command: nginx -t
register: nginx_test
changed_when: false
- name: Display Nginx test result
debug:
msg: "{{ nginx_test.stdout }}"
- name: Restart Nginx if configuration changed
systemd:
name: nginx
state: restarted
when: gitea_nginx_config_stat.stat.exists

43
playbooks/07-setup-gitea-certbot.yml Normal file
View File

@@ -0,0 +1,43 @@
---
# Certbot SSL certificate setup for Gitea tasks
- name: Stop Nginx temporarily for initial certificate request
systemd:
name: nginx
state: stopped
when: not ansible_check_mode
- name: Obtain SSL certificate for Gitea using standalone mode
command: >
certbot certonly
--standalone
--non-interactive
--agree-tos
--email {{ ssl_email }}
--domains {{ gitea_domain }}
register: gitea_certbot_result
changed_when: gitea_certbot_result.rc == 0
failed_when: gitea_certbot_result.rc != 0 and "already exists" not in gitea_certbot_result.stderr
when: not ansible_check_mode
- name: Start Nginx service
systemd:
name: nginx
state: started
- name: Test certificate renewal for Gitea
command: certbot renew --dry-run
register: gitea_certbot_test
changed_when: false
- name: Display certificate renewal test result for Gitea
debug:
msg: "{{ gitea_certbot_test.stdout }}"
- name: Verify SSL certificate exists for Gitea
stat:
path: "/etc/letsencrypt/live/{{ gitea_domain }}/fullchain.pem"
register: gitea_ssl_cert
- name: Display SSL certificate status for Gitea
debug:
msg: "SSL certificate for {{ gitea_domain }}: {{ 'exists' if gitea_ssl_cert.stat.exists else 'not found' }}"