docker compose

new/README.md

@@ -1,8 +1,6 @@
 # exciting new stuff!!
 
-https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-ansible-on-ubuntu-18-04
-
 ## server??
 
-Each VPS has an nginx running _on the host_, not inside docker. It's the entrypoint to the stuff.
+Each VPS has a caddy running _on the host_, not inside docker. It's the entrypoint to the stuff.
 Everything else runs in a docker container via docker compose.

new/apps/registry/config.yml

@@ -17,3 +17,10 @@ http:
   draintimeout: 60s
   headers:
     X-Content-Type-Options: [nosniff]
+  tls:
+    certificate: /etc/certs/vps2.nilstrieb.dev.crt
+    key: /etc/certs/vps2.nilstrieb.dev.key
+auth:
+  htpasswd:
+    realm: nilstrieb-registry
+    path: /htpasswd

new/docker-compose-2.yml

@@ -1,33 +0,0 @@
-version: '3.3'
-services:
-  nginx:
-    container_name: nginx
-    restart: always
-    image: nginx:latest
-    ports:
-      - "80:80"
-    volumes:
-      - "${NGINX_CONF_PATH}:/etc/nginx/nginx.conf:ro"
-      - "/etc/letsencrypt:/etc/nginx/certs:ro"
-    networks:
-      - internal
-  registry:
-    container_name: registry-c
-    restart: always
-    image: registry:2
-    volumes:
-      - "${REGISTRY_CONF_DIR}/config.yml:/etc/docker/registry/config.yml"
-      - "/var/lib/docker/registry:/var/lib/registry"
-      - "/etc/letsencrypt:/etc/letsencrypt"
-    environment:
-      - REGISTRY_HTTP_TLS_CERTIFICATE=/etc/letsencrypt/live/nilstrieb.dev/fullchain.pem
-      - REGISTRY_HTTP_TLS_KEY=/etc/letsencrypt/live/nilstrieb.dev/privkey.pem
-      - REGISTRY_AUTH=htpasswd
-      - REGISTRY_AUTH_HTPASSWD_REALM=Realm
-      - REGISTRY_AUTH_HTPASSWD_PATH=/htpasswd
-      - "/etc/htpasswd:/htpasswd"
-    networks:
-      - internal
-
-networks:
-  internal:

new/playbooks/basic-setup.yml

@@ -5,8 +5,11 @@
   tasks:
     - name: Install docker
       ansible.builtin.apt:
-        name: docker.io
+        name: "{{ item }}"
         state: present
+      with_items:
+        - docker.io
+        - docker-compose
     - name: Install keyring packages
       ansible.builtin.apt:
         name: "{{ item }}"
@@ -52,6 +55,16 @@
         mode: "u=rw,g=r,o=r"
       notify:
         - "Caddyfile changed"
+    - name: Create /apps
+      ansible.builtin.file:
+        path: /apps
+        state: directory
+        mode: u=rwx,g=rx,o=rx
+    - name: Copy docker-compose
+      ansible.builtin.copy:
+        dest: /apps/docker-compose.yml
+        src: "../vps2/docker-compose.yml" # TODO: choose the right directory
+        mode: "u=r,g=r,o=r"
   handlers:
     - name: "Caddyfile changed"
       ansible.builtin.service:

new/playbooks/vps2.yml

@@ -0,0 +1,37 @@
+---
+- name: Generic setup
+  ansible.builtin.import_playbook: ./basic-setup.yml
+- name: VPS 2 setup
+  hosts: vps2
+  gather_facts: false
+  tasks:
+    - name: Install htpasswd
+      ansible.builtin.apt:
+        name: apache2-utils
+    #####
+    # APP: docker registry, /apps/registry
+    #####
+    - name: Create /apps/registry
+      ansible.builtin.file:
+        path: /apps/registry
+        state: directory
+        mode: u=rwx,g=rx,o=rx
+    - name: Create /apps/registry/data
+      ansible.builtin.file:
+        path: /apps/registry/data
+        state: directory
+        mode: u=rwx,g=rx,o=rx
+    - name: Copy over registry config.yml
+      ansible.builtin.copy:
+        dest: /apps/registry/config.yml
+        src: ../apps/registry/config.yml
+        mode: u=r,g=r,o=r # readonly
+
+    #####
+    # END: docker compose up!
+    #####
+      # We want this to be last so that all app-specific config has been done.
+    - name: Docker compose up! 🚀
+      community.docker.docker_compose:
+        project_src: /apps
+        state: present

new/run.sh

@@ -1,3 +1,3 @@
 #!/usr/bin/env bash
 
-ansible-playbook -i inventory.yml playbooks/basic-setup.yml -u root
+ansible-playbook -i inventory.yml playbooks/vps2.yml -u root

new/vps2/Caddyfile

@@ -1,10 +1,13 @@
 {
 	email nilstrieb@gmail.com
-	acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
-	debug
+	# acme_ca https://api.letsencrypt.org/directory
 }
 
-vps2.nilstrieb.dev
+vps2.nilstrieb.dev {
+	root * /var/www/html/debug
+	file_server
+}
 
-root * /var/www/html/debug
-file_server
+docker.nilstrieb.dev {
+	reverse_proxy * localhost:5000
+}

new/vps2/docker-compose.yml

@@ -0,0 +1,15 @@
+version: '3.8'
+services:
+  registry:
+    container_name: registry
+    restart: always
+    image: registry:2
+    volumes:
+      - "/apps/registry/config.yml:/etc/docker/registry/config.yml"
+      - "/apps/registry/data:/var/lib/registry"
+      - "/apps/registry/htpasswd:/htpasswd"
+      - "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/vps2.nilstrieb.dev:/etc/certs"
+    ports:
+      - "5000:5000"
+
+# TODO: create an internal network and move caddy there as well.