gitea/lemmy-ansible
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
lemmy-ansible/lemmy-almalinux.yml
Sanat Sathaye 1178eed471 Fix debian playbook running on non-debian system
2023-12-04 01:43:57 +05:30

297 lines
9.1 KiB
YAML
Raw Permalink Blame History

---
- name: Install Lemmy
hosts: all
gather_facts: true
vars_files:
- "inventory/host_vars/{{ domain }}/vars.yml"
pre_tasks:
- name: Assert that Ansible version is >= 2.11.0
delegate_to: localhost
ansible.builtin.assert:
that:
- "ansible_version.full is version('2.11.0', '>=')"
fail_msg: "This playbook requires Ansible 2.11.0 or higher"
become: false
# This is not needed for this playbook as it predates its existence
# But we're keeping it for funsies :)
- name: Check lemmy_base_dir
ansible.builtin.fail:
msg: "`lemmy_base_dir` is unset. if you are upgrading from an older version, add `lemmy_base_dir=/lemmy` to your inventory file."
when: lemmy_base_dir is not defined
- name: Check for legacy passwords/postgres file
delegate_to: localhost
ansible.builtin.stat:
path: "inventory/host_vars/{{ domain }}/passwords/postgres"
register: postgres_password_file
become: false
- name: Legacy use of passwords/postgres file
delegate_to: localhost
ansible.builtin.fail:
msg: >-
In current versions of the Lemmy Ansible playbooks, the passwords/postgres file must be renamed to passwords/postgres.psk.
See https://github.com/LemmyNet/lemmy-ansible#upgrading
when: postgres_password_file.stat.exists
become: false
- name: Check for vars.yml file
delegate_to: localhost
ansible.builtin.stat:
path: "inventory/host_vars/{{ domain }}/vars.yml"
register: vars_file
become: false
- name: Missing vars.yml file
delegate_to: localhost
ansible.builtin.fail:
msg: >-
Missing vars.yml file, please refer to the installations instructions. See https://github.com/LemmyNet/lemmy-ansible#install
and https://github.com/LemmyNet/lemmy-ansible#upgrading
when: not vars_file.stat.exists
become: false
handlers:
- name: Reload nginx
ansible.builtin.systemd:
name: nginx
state: reloaded
- name: Reload firewalld
ansible.builtin.systemd:
name: firewalld
state: reloaded
vars:
lemmy_port: "{{ 32767 | random(start=1024) }}"
tasks:
- name: Ensure target system is >= EL9
ansible.builtin.assert:
that:
- ansible_distribution in ['AlmaLinux', 'CentOS', 'RedHat', 'Rocky']
- ansible_distribution_major_version | int >= 9
fail_msg: "This playbook requires Enterprise Linux 9 or greater on the target server"
tags:
- always
- name: Enable CRB repository
ansible.builtin.yum_repository:
name: almalinux-crb
description: AlmaLinux $releasever - CRB
mirrorlist: https://mirrors.almalinux.org/mirrorlist/$releasever/crb
gpgcheck: true
gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9
enabled: true
tags:
- dependencies
- name: Install epel-release
ansible.builtin.dnf:
state: present
name: epel-release
tags:
- dependencies
- name: Install dependencies
ansible.builtin.dnf:
state: present
name:
- certbot
- curl
- nginx
- podman
- podman-compose
- podman-docker
- python3-certbot-nginx
- python3-docker
- python3-pip
- python3-podman
- python3-virtualenv
- python3-setuptools
tags:
- dependencies
- name: Gather service facts
ansible.builtin.service_facts:
tags:
- firewalld
- name: Allow http/httpd traffic to public zone in firewalld
ansible.posix.firewalld:
service: "{{ item }}"
state: enabled
zone: public
permanent: true
immediate: true
loop:
- http
- https
when: "'firewalld.service' in ansible_facts.services and ansible_facts.services['firewalld.service'].state == 'running'"
tags:
- firewalld
# TODO: certbot logic needs to be re-worked
- name: Request initial letsencrypt certificate
ansible.builtin.command: certbot certonly --nginx --agree-tos --cert-name '{{ domain }}' -d '{{ domain }}' -m '{{ letsencrypt_contact_email }}'
args:
creates: "/etc/letsencrypt/live/{{ domain }}/privkey.pem"
tags:
- certbot
- certbot_initial
- ssl
- name: Create lemmy folder
ansible.builtin.file:
path: "{{ item.path }}"
owner: "{{ item.owner }}"
state: directory
mode: "0755"
loop:
- path: "{{ lemmy_base_dir }}/{{ domain }}/"
owner: "root"
- path: "{{ lemmy_base_dir }}/{{ domain }}/volumes/"
owner: "root"
- path: "{{ lemmy_base_dir }}/{{ domain }}/volumes/pictrs/"
owner: "991" # Matches docker-compose UID in docker-compose.yml
- name: Set lemmy_port fact
ansible.builtin.set_fact:
lemmy_port: "{{ 32767 | random(start=1024) }}"
tags:
- always
- name: Distribute docker/podman templates
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- src: "templates/docker-compose.yml"
dest: "{{ lemmy_base_dir }}/{{ domain }}/docker-compose.yml"
mode: "0600"
- src: "templates/nginx_internal.conf"
dest: "{{ lemmy_base_dir }}/{{ domain }}/nginx_internal.conf"
mode: "0644"
vars:
lemmy_docker_image: "docker.io/dessalines/lemmy:{{ lemmy_version | default(lookup('file', 'VERSION')) }}"
lemmy_docker_ui_image: "docker.io/dessalines/lemmy-ui:{{ lemmy_ui_version | default(lemmy_version | default(lookup('file', 'VERSION'))) }}"
tags:
- docker
- podman
# TODO: Move to templates/, keeping consistent with upstream currently
# to ensure documentation is accurate
- name: Add the config.hjson
ansible.builtin.template:
# src: "templates/{{ domain }}/config.hjson"
src: "inventory/host_vars/{{ domain }}/config.hjson"
dest: "{{ lemmy_base_dir }}/{{ domain }}/lemmy.hjson"
mode: "0600"
owner: "1000" # Match UID in container
group: "1000" # Match GID in container
tags:
- configs
# TODO: Move to files/, keeping consistent with upstream currently
# to ensure documentation is accurate
- name: Add the customPostgresql.conf
ansible.builtin.template:
# src: "files/{{ domain }}/customPostgresql.conf"
src: "inventory/host_vars/{{ domain }}/customPostgresql.conf"
dest: "{{ lemmy_base_dir }}/{{ domain }}/customPostgresql.conf"
mode: "0644"
owner: root
group: root
tags:
- configs
- postgresql
- name: Distribute nginx proxy_params configuration
ansible.builtin.copy:
src: files/proxy_params
dest: "{{ lemmy_base_dir }}/{{ domain }}/proxy_params"
owner: root
group: root
mode: "0644"
tags:
- nginx
- name: Distribute nginx site templates
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- src: "templates/nginx.conf"
dest: "/etc/nginx/conf.d/{{ domain }}.conf"
mode: "0644"
notify: Reload nginx
tags:
- nginx
# TODO: Check if this is necessary with EL & podman
# - name: Copy docker config
# ansible.builtin.copy:
# src: "{{ ansible_playbook }}/files/docker-daemon.json"
# dest: /etc/docker/daemon.json
# mode: '0644'
# TODO: podman-compose should wrap this safely
# TODO: This was an incorrect assumption, module uses docker python module, not cli
# - name: Run podman-compose
# docker_compose:
# project_src: "{{ lemmy_base_dir }}/{{ domain }}"
# state: present
# pull: yes
# remove_orphans: yes
# tags:
# - docker
# - docker_compose
# - podman
# - podman_compose
- name: Start and enable podman service
ansible.builtin.systemd:
name: podman.service
state: started
enabled: true
tags:
- docker
- podman
- name: Run podman-compose pull
ansible.builtin.command: podman-compose pull
args:
chdir: "{{ lemmy_base_dir }}/{{ domain }}"
changed_when: true
tags:
- docker
- podman
- name: Run podman-compose up
ansible.builtin.command: podman-compose up -d
args:
chdir: "{{ lemmy_base_dir }}/{{ domain }}"
changed_when: true
tags:
- docker
- podman
# This isn't using any jinja2 templating currently
- name: Distribute /etc/sysconfig/certbot
ansible.builtin.template:
src: "templates/sysconfig-certbot.j2"
dest: "/etc/sysconfig/certbot"
mode: "0644"
tags:
- certbot
- ssl
- name: Enable certbot-renew.timer
ansible.builtin.systemd:
name: certbot-renew.timer
state: started
enabled: true
tags:
- certbot
- ssl
Reference in a new issue View git blame Copy permalink