move

playbooks/basic-setup.yml

@@ -0,0 +1,86 @@
+---
+- name: Basic Server setup
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Install docker
+      ansible.builtin.apt:
+        name: "{{ item }}"
+        state: present
+      with_items:
+        - docker.io
+        - docker-compose
+    - name: Install fish
+      ansible.builtin.apt:
+        name: "fish"
+        state: present
+    - name: "Change root's shell to fish"
+      ansible.builtin.user:
+        name: root
+        shell: /usr/bin/fish
+    - name: Install useful tools
+      ansible.builtin.apt:
+        name: "{{ item }}"
+        state: present
+      with_items:
+        - htop
+    - name: Install keyring packages
+      ansible.builtin.apt:
+        name: "{{ item }}"
+      with_items:
+        - debian-keyring
+        - debian-archive-keyring
+        - apt-transport-https
+    - name: Add caddy keyrings
+      ansible.builtin.shell: |
+        set -euo pipefail
+
+        sudo rm /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+        curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+        curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
+
+        # todo: show ok/changed
+      args:
+        executable: /bin/bash
+    - name: Install caddy
+      ansible.builtin.apt:
+        name: caddy
+        state: present
+      args:
+        update_cache: true
+    - name: Ensure caddy is started
+      ansible.builtin.service:
+        name: caddy
+        state: started
+    - name: Create debug html root
+      ansible.builtin.file:
+        path: /var/www/html/debug
+        state: directory
+        mode: u=rwx,g=rx,o=rx
+    - name: Create debug webserver file
+      ansible.builtin.copy:
+        dest: /var/www/html/debug/index.html
+        src: "../debug.html"
+        mode: u=rw,g=r,o=r
+    - name: Copy Caddyfile
+      ansible.builtin.copy:
+        dest: /etc/caddy/Caddyfile
+        src: "../vps2/Caddyfile" # TODO: Choose the right caddyfile depending on the server.
+        mode: "u=rw,g=r,o=r"
+      notify:
+        - "Caddyfile changed"
+    - name: Create /apps
+      ansible.builtin.file:
+        path: /apps
+        state: directory
+        mode: u=rwx,g=rx,o=rx
+    - name: Copy docker-compose
+      ansible.builtin.copy:
+        dest: /apps/docker-compose.yml
+        src: "../vps2/docker-compose.yml" # TODO: choose the right directory
+        mode: "u=r,g=r,o=r"
+  handlers:
+    - name: "Caddyfile changed"
+      ansible.builtin.service:
+        name: caddy
+        state: reloaded

playbooks/vps2.yml

@@ -0,0 +1,82 @@
+---
+- name: Generic setup
+  ansible.builtin.import_playbook: ./basic-setup.yml
+- name: VPS 2 setup
+  hosts: vps2
+  gather_facts: false
+  tasks:
+    - name: Install htpasswd
+      ansible.builtin.apt:
+        name: apache2-utils
+    #####
+    # APP: docker registry, /apps/registry
+    #####
+    - name: Create /apps/registry
+      ansible.builtin.file:
+        path: /apps/registry
+        state: directory
+        mode: u=rwx,g=rx,o=rx
+    - name: Create /apps/registry/data
+      ansible.builtin.file:
+        path: /apps/registry/data
+        state: directory
+        mode: u=rwx,g=rx,o=rx
+    - name: Copy over registry config.yml
+      ansible.builtin.copy:
+        dest: /apps/registry/config.yml
+        src: ../apps/registry/config.yml
+        mode: u=r,g=r,o=r # readonly
+    #####
+    # APP: widetom, /apps/widetom
+    #####
+    - name: Create /apps/widetom
+      ansible.builtin.file:
+        path: /apps/widetom
+        state: directory
+        mode: u=rwx,g=rx,o=rx
+    #####
+    # APP: killua bot, /apps/killua
+    #####
+    - name: Create /apps/killua
+      ansible.builtin.file:
+        path: /apps/killua
+        state: directory
+        mode: u=rwx,g=rx,o=rx
+    #####
+    # APP: karin bot, /apps/karin-bot
+    #####
+    - name: Create /apps/karin-bot
+      ansible.builtin.file:
+        path: /apps/karin-bot
+        state: directory
+        mode: u=rwx,g=rx,o=rx
+    #####
+    # APP: cors-school, /apps/cors-school
+    #####
+    - name: Create /apps/cors-school
+      ansible.builtin.file:
+        path: /apps/cors-school
+        state: directory
+        mode: u=rwx,g=rx,o=rx
+    #####
+    # APP: bisect-rustc-servce, /apps/bisect-rustc-service
+    #####
+    - name: Create /apps/bisect-rustc-service
+      ansible.builtin.file:
+        path: /apps/bisect-rustc-service
+        state: directory
+        mode: u=rwx,g=rx,o=rx
+    - name: SQLite DB permissions for bisect-rustc-servce
+      ansible.builtin.file:
+        path: /apps/bisect-rustc-service/db.sqlite
+        state: touch
+        mode: u=rw,g=rw,o=rw
+    #####
+    # END: docker compose up!
+    #####
+      # We want this to be last so that all app-specific config has been done.
+    - name: Docker compose up! 🚀
+      community.docker.docker_compose:
+        project_src: /apps
+        state: present
+        restarted: true