From 50959f27ac55a548c50327b5e385c27b4bea39e7 Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Mon, 30 Mar 2020 17:24:33 +0200 Subject: [PATCH] Add dokku specific configurations --- CHECKS | 5 +++ ansible/.vault.sh | 5 +++ ansible/post-deploy.yml | 40 ++++++++++++++++++++++++ ansible/pre-deploy.yml | 46 ++++++++++++++++++++++++++++ ansible/requirements.yml | 6 ++++ ansible/vars/all.yml | 5 +++ ansible/vars/ansible_become_pass.yml | 8 +++++ app.json | 5 +++ requirements.txt | 1 + sbin/encrypt.sh | 15 +++++++++ 10 files changed, 136 insertions(+) create mode 100644 CHECKS create mode 100755 ansible/.vault.sh create mode 100644 ansible/post-deploy.yml create mode 100644 ansible/pre-deploy.yml create mode 100644 ansible/requirements.yml create mode 100644 ansible/vars/all.yml create mode 100644 ansible/vars/ansible_become_pass.yml create mode 100644 app.json create mode 100644 requirements.txt create mode 100755 sbin/encrypt.sh diff --git a/CHECKS b/CHECKS new file mode 100644 index 0000000..49b3aed --- /dev/null +++ b/CHECKS @@ -0,0 +1,5 @@ +WAIT=3 +TIMEOUT=3 +ATTEMPTS=5 + +/ Autonomic diff --git a/ansible/.vault.sh b/ansible/.vault.sh new file mode 100755 index 0000000..8f30d37 --- /dev/null +++ b/ansible/.vault.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +set -eu -o pipefail + +echo $(pass show hosts/autonomic-dokku/vault/password) diff --git a/ansible/post-deploy.yml b/ansible/post-deploy.yml new file mode 100644 index 0000000..e7b31d7 --- /dev/null +++ b/ansible/post-deploy.yml @@ -0,0 +1,40 @@ +--- +- hosts: all + gather_facts: false + tasks: + - name: Load variables + include_vars: + dir: "{{ dokku_lib_root }}/data/ansible/autonomic.zone/vars/" + extensions: + - yml + + - name: Set HTTP 80 port proxy + dokku_ports: + app: autonomic.zone + mappings: + - "http:80:{{ http_port }}" + state: present + + - name: Setup LE certificates + shell: dokku letsencrypt autonomic.zone + args: + creates: /home/dokku/autonomic.zone/letsencrypt/certs + + - name: Setup LE certificates renew cron job + shell: dokku letsencrypt:cron-job --add + args: + creates: /home/dokku/autonomic.zone/letsencrypt/cron-job + + - name: Remove automatically configured ports + dokku_ports: + app: autonomic.zone + mappings: + - "http:4000:4000" + state: absent + + - name: Set HTTP 443 port + dokku_ports: + app: autonomic.zone + mappings: + - "https:443:{{ http_port }}" + state: present diff --git a/ansible/pre-deploy.yml b/ansible/pre-deploy.yml new file mode 100644 index 0000000..2c6e734 --- /dev/null +++ b/ansible/pre-deploy.yml @@ -0,0 +1,46 @@ +--- +- hosts: all + gather_facts: false + tasks: + - name: Load variables + include_vars: + dir: "{{ dokku_lib_root }}/data/ansible/autonomic.zone/vars/" + extensions: + - yml + + - name: Prepare Python system dependencies + become: true + apt: + name: python3-pip + state: present + + - name: Install dns-lexicon[gandi] system wide + become: true + pip: + name: "{{ item }}" + executable: /usr/bin/pip3 + state: present + with_items: + - cryptography==2.8 + - dns-lexicon==3.3.19 + + - name: "Create {{ domain }} DNS entry" + gandi_dns: + gandi_rest_token: "{{ gandi_rest_token }}" + domain: "{{ domain }}" + ipv4: "{{ dokku_domain_ipv4 }}" + state: present + + - name: "Configure the {{ domain }} domain" + dokku_domains: + app: autonomic.zone + domains: + - "{{ domain }}" + state: present + + - name: Configure the dokku app environment + dokku_config: + app: autonomic.zone + restart: false + config: + DOKKU_LETSENCRYPT_EMAIL: "{{ autonomic_admin_mail }}" diff --git a/ansible/requirements.yml b/ansible/requirements.yml new file mode 100644 index 0000000..8b405e3 --- /dev/null +++ b/ansible/requirements.yml @@ -0,0 +1,6 @@ +--- +- src: dokku_bot.ansible_dokku + version: v2020.3.15 + +- src: https://git.autonomic.zone/autonomic-cooperative/autonomic.gandi/archive/0.0.5.tar.gz + name: autonomic.gandi diff --git a/ansible/vars/all.yml b/ansible/vars/all.yml new file mode 100644 index 0000000..87b2855 --- /dev/null +++ b/ansible/vars/all.yml @@ -0,0 +1,5 @@ +--- +autonomic_admin_mail: "helo@autonomic.zone" +dokku_domain_ipv4: "94.130.105.60" +domain: "autonomic.zone" +http_port: "4000" diff --git a/ansible/vars/ansible_become_pass.yml b/ansible/vars/ansible_become_pass.yml new file mode 100644 index 0000000..abb21b9 --- /dev/null +++ b/ansible/vars/ansible_become_pass.yml @@ -0,0 +1,8 @@ +--- +ansible_become_pass: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 34396236353735666531323238656533643465303131663464613162396333313836363630666266 + 6539323631656635333864316166633064633366323936610a656137616334313534333635313232 + 35323561303763366563316631313638363333393763323935343563303963616334336639386462 + 3837383830616637360a373539613630356564363662393836366462666430353439353637303035 + 63396633303166343433313439303539313637306637663137313533316531616434 diff --git a/app.json b/app.json new file mode 100644 index 0000000..3112a9b --- /dev/null +++ b/app.json @@ -0,0 +1,5 @@ +{ + "name": "autonomic.zone", + "description": "Autonomics website on the world wide web", + "repository": "https://git.autonomic.zone/autonomic-cooperative/autonomic.zone" +} diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..130e91f --- /dev/null +++ b/requirements.txt @@ -0,0 +1 @@ +ansible==2.9.6 diff --git a/sbin/encrypt.sh b/sbin/encrypt.sh new file mode 100755 index 0000000..d328761 --- /dev/null +++ b/sbin/encrypt.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +set -eu -o pipefail + +# Usage +# ./encrypt.sh mysecretname mysecretvalue + +declare name="$1" +declare secret="$2" + +ansible-vault \ + encrypt_string \ + --vault-password-file ansible/.vault.sh \ + --name "$name" \ + "$secret"