vps/playbooks/vps2.yml

---
- name: VPS 2 setup
  hosts: vps2
  gather_facts: false
  tasks:
    - name: Copy backup file
      ansible.builtin.copy:
        src: "../vps2/backup.sh"
        dest: "/apps/backup.sh"
        mode: "u=rx,g=rx,o=rx"
    - name: Configure backup cron
      ansible.builtin.cron:
        name: Daily backup
        minute: "5"
        hour: "7"
        job: "/apps/backup.sh"
    - name: Copy over some fun files
      ansible.builtin.copy:
        dest: /var/www/html/nora/
        src: "../vps2/nora/"
        mode: "u=rw,g=r,o=r"
    #####
    # APP: prometheus, /apps/prometheus
    - name: Create /apps/prometheus
      ansible.builtin.file:
        path: "/apps/prometheus"
        state: directory
        mode: "u=rwx,g=rx,o=rx"
    - name: Copy Prometheus config
      ansible.builtin.copy:
        dest: /apps/prometheus/prometheus.yml
        src: ../apps/prometheus/prometheus.yml
        mode: "u=r,g=r,o=r"
        owner: 1001
    - name: Create /apps/prometheus/data
      ansible.builtin.file:
        path: "/apps/prometheus/data"
        state: directory
        mode: "u=rwx,g=rx,o="
        owner: 1001
    #####
    #####
    # APP: docker registry, /apps/registry
    #####
    - name: Create /apps/registry
      ansible.builtin.file:
        path: "/apps/registry"
        state: directory
        mode: "u=rwx,g=rx,o=rx"
    - name: Create /apps/registry/data
      ansible.builtin.file:
        path: "/apps/registry/data"
        state: directory
        mode: "u=rwx,g=rx,o=rx"
    - name: Copy over registry config.yml
      ansible.builtin.copy:
        dest: /apps/registry/config.yml
        src: ../apps/registry/config.yml
        mode: "u=r,g=r,o=r"
    - name: Copy secrets user file
      ansible.builtin.copy:
        dest: "/apps/registry/htpasswd"
        src: "../secrets/registry/htpasswd"
        mode: "u=r,g=r,o=r"
    #####
    # APP: killua bot, /apps/killua
    #####
    - name: Create /apps/killua
      ansible.builtin.file:
        path: /apps/killua
        state: directory
        mode: "u=rwx,g=rx,o=rx"
    #####
    # APP: karin bot, /apps/karin-bot
    #####
    - name: Create /apps/karin-bot
      ansible.builtin.file:
        path: /apps/karin-bot
        state: directory
        mode: "u=rwx,g=rx,o=rx"
    - name: "Copy karin .env secret"
      ansible.builtin.copy:
        dest: "/apps/karin-bot/.env"
        src: "../secrets/karin-bot/.env"
        mode: "u=r,g=r,o=r"
      # TODO: Mount a volume in the karin-db to this directory
    #####
    # APP: cors-school, /apps/cors-school
    #####
    - name: Create /apps/cors-school
      ansible.builtin.file:
        path: /apps/cors-school
        state: directory
        mode: "u=rwx,g=rx,o=rx"
    - name: Copy secret envs
      ansible.builtin.copy:
        dest: "/apps/cors-school/{{ item }}"
        src: "../secrets/cors-school/{{ item }}"
        mode: "u=r,g=r,o=r"
      with_items:
        - bot.env
        - db.env
        - server.env
    #####
    # APP: hugo-chat, /apps/hugo-chat
    #####
    - name: Create /apps/hugo-chat
      ansible.builtin.file:
        path: /apps/hugo-chat
        state: directory
        mode: "u=rwx,g=rx,o=rx"
    #####
    # APP: bisect-rustc-servce, /apps/bisect-rustc-service
    #####
    - name: Create /apps/bisect-rustc-service
      ansible.builtin.file:
        path: /apps/bisect-rustc-service
        state: directory
        mode: "u=rwx,g=rx,o=rx"
    - name: SQLite DB permissions for bisect-rustc-servce
      ansible.builtin.file:
        path: /apps/bisect-rustc-service/db.sqlite
        state: touch
        mode: "u=rw,g=rw,o=rw"
    #####
    # APP: minecraft server, /apps/minecraft
    #####
    - name: Create /apps/minecraft
      ansible.builtin.file:
        path: /apps/minecraft
        state: directory
        mode: "u=rwx,g=rx,o=rx"
    - name: Copy minecraft secrets
      ansible.builtin.copy:
        dest: "/apps/minecraft/.env"
        src: "../secrets/minecraft/.env"
        mode: "u=r,g=r,o=r"
    #####
    # APP: openolat, /apps/openolat
    #####
    - name: Create /apps/openolat
      ansible.builtin.file:
        path: /apps/openolat
        state: directory
        mode: "u=rwx,g=rx,o=rx"
    - name: Copy extra properties
      ansible.builtin.copy:
        dest: /apps/openolat/extra-properties.properties
        src: ../apps/openolat/extra-properties.properties
        mode: "u=r,g=r,o=r"
    - name: Olat data file permissions # TODO: a bit hacky.
      ansible.builtin.file:
        path: /apps/openolat/olatdata
        state: directory
        mode: "u=rwx,g=rwx,o=rwx"
    #####
    # APP: uptime, /apps/uptime
    #####
    - name: Create /apps/uptime
      ansible.builtin.file:
        path: /apps/uptime
        state: directory
        mode: "u=rwx,g=rx,o=rx"
    - name: Copy uptime.json
      ansible.builtin.copy:
        dest: /apps/uptime/uptime.json
        src: ../apps/uptime/uptime.json
        mode: "u=r,g=r,o=r"
    #####
    # END: docker compose up!
    #####
      # We want this to be last so that all app-specific config has been done.
    - name: Copy .env
      ansible.builtin.copy:
        dest: "/apps/.env"
        src: "../secrets/vps2.env"
        mode: "u=r,g=r,o=r"
    - name: Docker compose up! 🚀
      community.docker.docker_compose_v2:
        project_src: /apps
        state: "present"
    #####
    # POST: things after starting up
    #####
    - name: Run CORS db migrations
      ansible.builtin.shell: |
        docker exec -w /app/server cors-school-server diesel migration run