110 lines
3.3 KiB
YAML
110 lines
3.3 KiB
YAML
---
|
|
# tasks file for role_deploy_reverse-proxy
|
|
- name: Create reverse-proxy network
|
|
containers.podman.podman_network:
|
|
name: reverse-proxy
|
|
become: true
|
|
|
|
- name: Setup volume
|
|
ansible.builtin.include_role:
|
|
name: role_setup_volume
|
|
vars:
|
|
volume: "{{ item }}"
|
|
with_items:
|
|
- name: reverse-proxy_conf
|
|
size: 1
|
|
vol_type: classic
|
|
- name: reverse-proxy_conf_enabled
|
|
size: 1
|
|
vol_type: classic
|
|
- name: reverse-proxy_letsencrypt
|
|
size: 1
|
|
vol_type: classic
|
|
- name: tmp_duplicity_workdir
|
|
size: 20
|
|
vol_type: high-speed
|
|
- name: duplicity_cache
|
|
size: 5
|
|
vol_type: high-speed
|
|
|
|
- name: change ownership of duplicity working directories
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
owner: "{{ LINUX_USERNAME }}"
|
|
group: "{{ LINUX_USERNAME }}"
|
|
become: true
|
|
with_items:
|
|
- "{{ DUPLICITY_WORKDIR }}"
|
|
- "{{ DUPLICITY_ARCHIVE_DIR }}"
|
|
|
|
- name: restore volume backup
|
|
ansible.builtin.command:
|
|
cmd: "duplicity restore --file-to-restore {{ item }}.tar.gz --do-not-restore-ownership --archive-dir {{ DUPLICITY_ARCHIVE_DIR }} swift://backup_ovh1 {{ DUPLICITY_WORKDIR }}/{{ item }}.tar.gz"
|
|
environment:
|
|
SWIFT_USERNAME: "{{ OS_USERNAME }}"
|
|
SWIFT_PASSWORD: "{{ OS_PASSWORD }}"
|
|
SWIFT_AUTHURL: "{{ OS_AUTH_URL }}"
|
|
SWIFT_REGIONNAME: "{{ SWIFT_REGIONNAME }}"
|
|
SWIFT_TENANTNAME: "{{ OS_TENANT_NAME }}"
|
|
SWIFT_AUTHVERSION: "{{ OS_IDENTITY_API_VERSION }}"
|
|
PASSPHRASE: "{{ DUPLICITY_PASSPHRASE}}"
|
|
# /usr/bin/duplicity uses "-s" python argument to prevent loading modules from user's python directory,
|
|
# this variable will override that.
|
|
PYTHONPATH: ".local/lib/python3.9/site-packages"
|
|
register: duplicity_result
|
|
with_items:
|
|
- reverse-proxy_conf
|
|
- reverse-proxy_conf_enabled
|
|
- reverse-proxy_letsencrypt
|
|
failed_when: duplicity_result is failed and (duplicity_result.rc is not defined or duplicity_result.rc != 11)
|
|
changed_when: duplicity_result.rc is defined and duplicity_result.rc == 0
|
|
|
|
- name: Unarchive volume backup
|
|
ansible.builtin.command:
|
|
cmd: "tar -xzvf {{ DUPLICITY_WORKDIR }}/{{ item }}.tar.gz -C /mnt/volumes/{{ item }}/data --strip 2"
|
|
become: true
|
|
with_items:
|
|
- reverse-proxy_conf
|
|
- reverse-proxy_conf_enabled
|
|
- reverse-proxy_letsencrypt
|
|
|
|
- name: Get docker-reverse-proxy repo's last commit
|
|
ansible.builtin.git:
|
|
repo: https://github.com/yohan-b/docker-reverse-proxy.git
|
|
clone: no
|
|
update: no
|
|
version: master
|
|
register: git
|
|
|
|
- name: Set fact commit
|
|
set_fact:
|
|
commit: "{{ git.after[0:10] }}"
|
|
|
|
- name: Build reverse-proxy image
|
|
containers.podman.podman_image:
|
|
name: reverse-proxy
|
|
path: https://github.com/yohan-b/docker-reverse-proxy.git
|
|
force: true
|
|
build:
|
|
force_rm: true
|
|
annotation:
|
|
git_commit: "{{ commit }}"
|
|
become: true
|
|
register: image
|
|
|
|
- name: Create reverse-proxy container
|
|
containers.podman.podman_container:
|
|
name: reverse-proxy
|
|
image: reverse-proxy
|
|
recreate: "{{ image is changed }}"
|
|
network:
|
|
- reverse-proxy
|
|
ports:
|
|
- 80:80/tcp
|
|
- 443:443/tcp
|
|
volume:
|
|
- /mnt/volumes/reverse-proxy_conf/data:/etc/apache2/sites-available:Z
|
|
- /mnt/volumes/reverse-proxy_conf_enabled/data:/etc/apache2/sites-enabled:Z
|
|
- /mnt/volumes/reverse-proxy_letsencrypt/data:/etc/letsencrypt:Z
|
|
become: true
|