Add dokku specific configurations
This commit is contained in:
parent
fee2ffd1e1
commit
50959f27ac
5
ansible/.vault.sh
Executable file
5
ansible/.vault.sh
Executable file
@ -0,0 +1,5 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -eu -o pipefail
|
||||||
|
|
||||||
|
echo $(pass show hosts/autonomic-dokku/vault/password)
|
40
ansible/post-deploy.yml
Normal file
40
ansible/post-deploy.yml
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
gather_facts: false
|
||||||
|
tasks:
|
||||||
|
- name: Load variables
|
||||||
|
include_vars:
|
||||||
|
dir: "{{ dokku_lib_root }}/data/ansible/autonomic.zone/vars/"
|
||||||
|
extensions:
|
||||||
|
- yml
|
||||||
|
|
||||||
|
- name: Set HTTP 80 port proxy
|
||||||
|
dokku_ports:
|
||||||
|
app: autonomic.zone
|
||||||
|
mappings:
|
||||||
|
- "http:80:{{ http_port }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Setup LE certificates
|
||||||
|
shell: dokku letsencrypt autonomic.zone
|
||||||
|
args:
|
||||||
|
creates: /home/dokku/autonomic.zone/letsencrypt/certs
|
||||||
|
|
||||||
|
- name: Setup LE certificates renew cron job
|
||||||
|
shell: dokku letsencrypt:cron-job --add
|
||||||
|
args:
|
||||||
|
creates: /home/dokku/autonomic.zone/letsencrypt/cron-job
|
||||||
|
|
||||||
|
- name: Remove automatically configured ports
|
||||||
|
dokku_ports:
|
||||||
|
app: autonomic.zone
|
||||||
|
mappings:
|
||||||
|
- "http:4000:4000"
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: Set HTTP 443 port
|
||||||
|
dokku_ports:
|
||||||
|
app: autonomic.zone
|
||||||
|
mappings:
|
||||||
|
- "https:443:{{ http_port }}"
|
||||||
|
state: present
|
46
ansible/pre-deploy.yml
Normal file
46
ansible/pre-deploy.yml
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
gather_facts: false
|
||||||
|
tasks:
|
||||||
|
- name: Load variables
|
||||||
|
include_vars:
|
||||||
|
dir: "{{ dokku_lib_root }}/data/ansible/autonomic.zone/vars/"
|
||||||
|
extensions:
|
||||||
|
- yml
|
||||||
|
|
||||||
|
- name: Prepare Python system dependencies
|
||||||
|
become: true
|
||||||
|
apt:
|
||||||
|
name: python3-pip
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Install dns-lexicon[gandi] system wide
|
||||||
|
become: true
|
||||||
|
pip:
|
||||||
|
name: "{{ item }}"
|
||||||
|
executable: /usr/bin/pip3
|
||||||
|
state: present
|
||||||
|
with_items:
|
||||||
|
- cryptography==2.8
|
||||||
|
- dns-lexicon==3.3.19
|
||||||
|
|
||||||
|
- name: "Create {{ domain }} DNS entry"
|
||||||
|
gandi_dns:
|
||||||
|
gandi_rest_token: "{{ gandi_rest_token }}"
|
||||||
|
domain: "{{ domain }}"
|
||||||
|
ipv4: "{{ dokku_domain_ipv4 }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: "Configure the {{ domain }} domain"
|
||||||
|
dokku_domains:
|
||||||
|
app: autonomic.zone
|
||||||
|
domains:
|
||||||
|
- "{{ domain }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Configure the dokku app environment
|
||||||
|
dokku_config:
|
||||||
|
app: autonomic.zone
|
||||||
|
restart: false
|
||||||
|
config:
|
||||||
|
DOKKU_LETSENCRYPT_EMAIL: "{{ autonomic_admin_mail }}"
|
6
ansible/requirements.yml
Normal file
6
ansible/requirements.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
- src: dokku_bot.ansible_dokku
|
||||||
|
version: v2020.3.15
|
||||||
|
|
||||||
|
- src: https://git.autonomic.zone/autonomic-cooperative/autonomic.gandi/archive/0.0.5.tar.gz
|
||||||
|
name: autonomic.gandi
|
5
ansible/vars/all.yml
Normal file
5
ansible/vars/all.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
autonomic_admin_mail: "helo@autonomic.zone"
|
||||||
|
dokku_domain_ipv4: "94.130.105.60"
|
||||||
|
domain: "autonomic.zone"
|
||||||
|
http_port: "4000"
|
8
ansible/vars/ansible_become_pass.yml
Normal file
8
ansible/vars/ansible_become_pass.yml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
ansible_become_pass: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
34396236353735666531323238656533643465303131663464613162396333313836363630666266
|
||||||
|
6539323631656635333864316166633064633366323936610a656137616334313534333635313232
|
||||||
|
35323561303763366563316631313638363333393763323935343563303963616334336639386462
|
||||||
|
3837383830616637360a373539613630356564363662393836366462666430353439353637303035
|
||||||
|
63396633303166343433313439303539313637306637663137313533316531616434
|
5
app.json
Normal file
5
app.json
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
{
|
||||||
|
"name": "autonomic.zone",
|
||||||
|
"description": "Autonomics website on the world wide web",
|
||||||
|
"repository": "https://git.autonomic.zone/autonomic-cooperative/autonomic.zone"
|
||||||
|
}
|
1
requirements.txt
Normal file
1
requirements.txt
Normal file
@ -0,0 +1 @@
|
|||||||
|
ansible==2.9.6
|
15
sbin/encrypt.sh
Executable file
15
sbin/encrypt.sh
Executable file
@ -0,0 +1,15 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -eu -o pipefail
|
||||||
|
|
||||||
|
# Usage
|
||||||
|
# ./encrypt.sh mysecretname mysecretvalue
|
||||||
|
|
||||||
|
declare name="$1"
|
||||||
|
declare secret="$2"
|
||||||
|
|
||||||
|
ansible-vault \
|
||||||
|
encrypt_string \
|
||||||
|
--vault-password-file ansible/.vault.sh \
|
||||||
|
--name "$name" \
|
||||||
|
"$secret"
|
Reference in New Issue
Block a user