git.autonomic.zone/ansible/post-deploy.yml

---
- hosts: all
  gather_facts: false
  tasks:
    - name: Load variables
      include_vars:
        dir: "{{ dokku_lib_root }}/data/ansible/gitea/vars/"
        extensions:
          - yml

    - name: Set HTTP 80 port proxy
      dokku_ports:
        app: gitea
        mappings:
          - "http:80:3000"
          - "http:222:2222"
        state: present

    - name: Setup LE certificates
      shell: dokku letsencrypt gitea
      args:
        creates: /home/dokku/gitea/letsencrypt/certs

    - name: Setup LE certificates renew cron job
      shell: dokku letsencrypt:cron-job --add
      args:
        creates: /home/dokku/gitea/letsencrypt/cron-job

    - name: Remove automatically configured ports
      dokku_ports:
        app: gitea
        mappings:
          - "http:3000:3000"
          - "http:2222:2222"
        state: absent

    - name: Set HTTP 443 port
      dokku_ports:
        app: gitea
        mappings:
          - "https:443:3000"
        state: present

    - name: Ensure jq package is installed
      apt:
        name: jq
        state: present

    - name: Retrieve application container IP address
      shell: "dokku ps:inspect gitea | jq -r .[0].NetworkSettings.IPAddress"
      register: dokku_ps_inspect

    - name: Setup the SSH passthrough script
      vars:
        ssh_listen_port: "{{ ssh_listen_port }}"
        dokku_container_ip: "{{ dokku_ps_inspect.stdout }}"
      template:
        src: gitea.j2
        dest: /app/gitea/gitea
        owner: git
        group: git
        mode: "+x"
        force: true
      become: true

    # TODO(decentral1se): make this work...
    # - name: Set authorized_keys file for git user
    #   lineinfile:
    #     path: /var/lib/gitea/git/.ssh/authorized_keys
    #     regexp: "^{{ lookup('file', '/home/git/.ssh/id_rsa.pub') }}"
    #     line: "{{ lookup('file', '/home/git/.ssh/id_rsa.pub') }}{{ lookup('file', '/var/lib/gitea/git/.ssh/authorized_keys') }}"
    #     state: present
    #     insertbefore: BOF
    #     create: true
    #   become: true

    - name: Symlink the authorized keys configuration
      file:
        src: /var/lib/gitea/git/.ssh/authorized_keys
        dest: /home/git/.ssh/authorized_keys
        state: link
        force: true
        owner: git
      become: true
Clean up and add header marker 2020-03-19 00:57:09 +00:00			`---`
Ansible plugin attempts 2020-03-19 00:46:09 +00:00			`- hosts: all`
Shuffle perms and don't gather facts 2020-03-22 11:26:48 +00:00			`gather_facts: false`
Ansible plugin attempts 2020-03-19 00:46:09 +00:00			`tasks:`
New vars, new tasks, new app! 2020-03-22 10:53:49 +00:00			`- name: Load variables`
			`include_vars:`
			`dir: "{{ dokku_lib_root }}/data/ansible/gitea/vars/"`
			`extensions:`
Fix extension 2020-03-22 10:54:58 +00:00			`- yml`
New vars, new tasks, new app! 2020-03-22 10:53:49 +00:00
			`- name: Set HTTP 80 port proxy`
			`dokku_ports:`
			`app: gitea`
			`mappings:`
			`- "http:80:3000"`
Fix SSH port 2020-03-23 15:38:48 +00:00			`- "http:222:2222"`
New vars, new tasks, new app! 2020-03-22 10:53:49 +00:00			`state: present`

			`- name: Setup LE certificates`
			`shell: dokku letsencrypt gitea`
			`args:`
			`creates: /home/dokku/gitea/letsencrypt/certs`

Add cron and domain 2020-03-22 11:39:40 +00:00			`- name: Setup LE certificates renew cron job`
			`shell: dokku letsencrypt:cron-job --add`
			`args:`
			`creates: /home/dokku/gitea/letsencrypt/cron-job`

New vars, new tasks, new app! 2020-03-22 10:53:49 +00:00			`- name: Remove automatically configured ports`
			`dokku_ports:`
			`app: gitea`
			`mappings:`
			`- "http:3000:3000"`
Open up SSH ports 2020-03-23 14:14:51 +00:00			`- "http:2222:2222"`
New vars, new tasks, new app! 2020-03-22 10:53:49 +00:00			`state: absent`
Actually, provision that port 2020-03-22 11:31:09 +00:00
			`- name: Set HTTP 443 port`
			`dokku_ports:`
			`app: gitea`
			`mappings:`
			`- "https:443:3000"`
			`state: present`
Switch to system git user 2020-03-23 15:21:12 +00:00
Wire up the SSH passthrough 2020-03-23 17:07:49 +00:00			`- name: Ensure jq package is installed`
			`apt:`
			`name: jq`
			`state: present`

			`- name: Retrieve application container IP address`
Get without quotes and always replace 2020-03-23 17:20:19 +00:00			`shell: "dokku ps:inspect gitea \| jq -r .[0].NetworkSettings.IPAddress"`
Don't overwrite vars 2020-03-23 17:17:29 +00:00			`register: dokku_ps_inspect`
Wire up the SSH passthrough 2020-03-23 17:07:49 +00:00
Run template after we get the vars 2020-03-23 17:11:02 +00:00			`- name: Setup the SSH passthrough script`
Wire up the SSH passthrough 2020-03-23 17:07:49 +00:00			`vars:`
			`ssh_listen_port: "{{ ssh_listen_port }}"`
Don't overwrite vars 2020-03-23 17:17:29 +00:00			`dokku_container_ip: "{{ dokku_ps_inspect.stdout }}"`
Run template after we get the vars 2020-03-23 17:11:02 +00:00			`template:`
			`src: gitea.j2`
			`dest: /app/gitea/gitea`
			`owner: git`
			`group: git`
			`mode: "+x"`
Get without quotes and always replace 2020-03-23 17:20:19 +00:00			`force: true`
Run template after we get the vars 2020-03-23 17:11:02 +00:00			`become: true`

Put this on hold for now 2020-03-23 20:24:37 +00:00			`# TODO(decentral1se): make this work...`
			`# - name: Set authorized_keys file for git user`
			`# lineinfile:`
			`# path: /var/lib/gitea/git/.ssh/authorized_keys`
			`# regexp: "^{{ lookup('file', '/home/git/.ssh/id_rsa.pub') }}"`
			`# line: "{{ lookup('file', '/home/git/.ssh/id_rsa.pub') }}{{ lookup('file', '/var/lib/gitea/git/.ssh/authorized_keys') }}"`
			`# state: present`
			`# insertbefore: BOF`
			`# create: true`
			`# become: true`
Add authorized_keys check 2020-03-23 19:03:54 +00:00
Run template after we get the vars 2020-03-23 17:11:02 +00:00			`- name: Symlink the authorized keys configuration`
Switch to system git user 2020-03-23 15:21:12 +00:00			`file:`
			`src: /var/lib/gitea/git/.ssh/authorized_keys`
			`dest: /home/git/.ssh/authorized_keys`
			`state: link`
			`force: true`
			`owner: git`
Use root perms 2020-03-23 15:23:09 +00:00			`become: true`