From a217582dc1b293048330db5f45adefb4e78d58ca Mon Sep 17 00:00:00 2001 From: Nilstrieb <48135649+Nilstrieb@users.noreply.github.com> Date: Sat, 26 Aug 2023 21:25:31 +0200 Subject: [PATCH] docker compose --- new/README.md | 4 +-- {registry => new/apps/registry}/config.yml | 7 ++++ new/docker-compose-2.yml | 33 ------------------- new/playbooks/basic-setup.yml | 15 ++++++++- new/playbooks/vps2.yml | 37 ++++++++++++++++++++++ new/run.sh | 2 +- new/vps2/Caddyfile | 13 +++++--- new/vps2/docker-compose.yml | 15 +++++++++ 8 files changed, 83 insertions(+), 43 deletions(-) rename {registry => new/apps/registry}/config.yml (65%) delete mode 100644 new/docker-compose-2.yml create mode 100644 new/playbooks/vps2.yml create mode 100644 new/vps2/docker-compose.yml diff --git a/new/README.md b/new/README.md index 3573e45..ac9ad8b 100644 --- a/new/README.md +++ b/new/README.md @@ -1,8 +1,6 @@ # exciting new stuff!! -https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-ansible-on-ubuntu-18-04 - ## server?? -Each VPS has an nginx running _on the host_, not inside docker. It's the entrypoint to the stuff. +Each VPS has a caddy running _on the host_, not inside docker. It's the entrypoint to the stuff. Everything else runs in a docker container via docker compose. diff --git a/registry/config.yml b/new/apps/registry/config.yml similarity index 65% rename from registry/config.yml rename to new/apps/registry/config.yml index 6b8724b..5da3c1a 100644 --- a/registry/config.yml +++ b/new/apps/registry/config.yml @@ -17,3 +17,10 @@ http: draintimeout: 60s headers: X-Content-Type-Options: [nosniff] + tls: + certificate: /etc/certs/vps2.nilstrieb.dev.crt + key: /etc/certs/vps2.nilstrieb.dev.key +auth: + htpasswd: + realm: nilstrieb-registry + path: /htpasswd diff --git a/new/docker-compose-2.yml b/new/docker-compose-2.yml deleted file mode 100644 index a6c90e2..0000000 --- a/new/docker-compose-2.yml +++ /dev/null @@ -1,33 +0,0 @@ -version: '3.3' -services: - nginx: - container_name: nginx - restart: always - image: nginx:latest - ports: - - "80:80" - volumes: - - "${NGINX_CONF_PATH}:/etc/nginx/nginx.conf:ro" - - "/etc/letsencrypt:/etc/nginx/certs:ro" - networks: - - internal - registry: - container_name: registry-c - restart: always - image: registry:2 - volumes: - - "${REGISTRY_CONF_DIR}/config.yml:/etc/docker/registry/config.yml" - - "/var/lib/docker/registry:/var/lib/registry" - - "/etc/letsencrypt:/etc/letsencrypt" - environment: - - REGISTRY_HTTP_TLS_CERTIFICATE=/etc/letsencrypt/live/nilstrieb.dev/fullchain.pem - - REGISTRY_HTTP_TLS_KEY=/etc/letsencrypt/live/nilstrieb.dev/privkey.pem - - REGISTRY_AUTH=htpasswd - - REGISTRY_AUTH_HTPASSWD_REALM=Realm - - REGISTRY_AUTH_HTPASSWD_PATH=/htpasswd - - "/etc/htpasswd:/htpasswd" - networks: - - internal - -networks: - internal: \ No newline at end of file diff --git a/new/playbooks/basic-setup.yml b/new/playbooks/basic-setup.yml index 72b19ea..741da9c 100644 --- a/new/playbooks/basic-setup.yml +++ b/new/playbooks/basic-setup.yml @@ -5,8 +5,11 @@ tasks: - name: Install docker ansible.builtin.apt: - name: docker.io + name: "{{ item }}" state: present + with_items: + - docker.io + - docker-compose - name: Install keyring packages ansible.builtin.apt: name: "{{ item }}" @@ -52,6 +55,16 @@ mode: "u=rw,g=r,o=r" notify: - "Caddyfile changed" + - name: Create /apps + ansible.builtin.file: + path: /apps + state: directory + mode: u=rwx,g=rx,o=rx + - name: Copy docker-compose + ansible.builtin.copy: + dest: /apps/docker-compose.yml + src: "../vps2/docker-compose.yml" # TODO: choose the right directory + mode: "u=r,g=r,o=r" handlers: - name: "Caddyfile changed" ansible.builtin.service: diff --git a/new/playbooks/vps2.yml b/new/playbooks/vps2.yml new file mode 100644 index 0000000..76728bb --- /dev/null +++ b/new/playbooks/vps2.yml @@ -0,0 +1,37 @@ +--- +- name: Generic setup + ansible.builtin.import_playbook: ./basic-setup.yml +- name: VPS 2 setup + hosts: vps2 + gather_facts: false + tasks: + - name: Install htpasswd + ansible.builtin.apt: + name: apache2-utils + ##### + # APP: docker registry, /apps/registry + ##### + - name: Create /apps/registry + ansible.builtin.file: + path: /apps/registry + state: directory + mode: u=rwx,g=rx,o=rx + - name: Create /apps/registry/data + ansible.builtin.file: + path: /apps/registry/data + state: directory + mode: u=rwx,g=rx,o=rx + - name: Copy over registry config.yml + ansible.builtin.copy: + dest: /apps/registry/config.yml + src: ../apps/registry/config.yml + mode: u=r,g=r,o=r # readonly + + ##### + # END: docker compose up! + ##### + # We want this to be last so that all app-specific config has been done. + - name: Docker compose up! 🚀 + community.docker.docker_compose: + project_src: /apps + state: present diff --git a/new/run.sh b/new/run.sh index 24dd65f..b13699f 100755 --- a/new/run.sh +++ b/new/run.sh @@ -1,3 +1,3 @@ #!/usr/bin/env bash -ansible-playbook -i inventory.yml playbooks/basic-setup.yml -u root +ansible-playbook -i inventory.yml playbooks/vps2.yml -u root diff --git a/new/vps2/Caddyfile b/new/vps2/Caddyfile index 2bd1936..c139ee9 100644 --- a/new/vps2/Caddyfile +++ b/new/vps2/Caddyfile @@ -1,10 +1,13 @@ { email nilstrieb@gmail.com - acme_ca https://acme-staging-v02.api.letsencrypt.org/directory - debug + # acme_ca https://api.letsencrypt.org/directory } -vps2.nilstrieb.dev +vps2.nilstrieb.dev { + root * /var/www/html/debug + file_server +} -root * /var/www/html/debug -file_server +docker.nilstrieb.dev { + reverse_proxy * localhost:5000 +} diff --git a/new/vps2/docker-compose.yml b/new/vps2/docker-compose.yml new file mode 100644 index 0000000..cea5f8d --- /dev/null +++ b/new/vps2/docker-compose.yml @@ -0,0 +1,15 @@ +version: '3.8' +services: + registry: + container_name: registry + restart: always + image: registry:2 + volumes: + - "/apps/registry/config.yml:/etc/docker/registry/config.yml" + - "/apps/registry/data:/var/lib/registry" + - "/apps/registry/htpasswd:/htpasswd" + - "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/vps2.nilstrieb.dev:/etc/certs" + ports: + - "5000:5000" + +# TODO: create an internal network and move caddy there as well.