gitea/lemmy-ansible
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
lemmy-ansible/lemmy.yml
Sanat Sathaye 1178eed471 Fix debian playbook running on non-debian system
2023-12-04 01:43:57 +05:30

270 lines
9.7 KiB
YAML
Raw Permalink Blame History

---
- name: Install Lemmy
hosts: all
# Install python if required
# https://www.josharcher.uk/code/ansible-python-connection-failure-ubuntu-server-1604/
gather_facts: false
vars_files:
- "inventory/host_vars/{{ domain }}/vars.yml"
pre_tasks:
- name: Assert that Ansible version is >= 2.11.0
delegate_to: localhost
ansible.builtin.assert:
that:
- "ansible_version.full is version('2.11.0', '>=')"
fail_msg: "This playbook requires Ansible 2.11.0 or higher"
become: false
- name: Check lemmy_base_dir
ansible.builtin.fail:
msg: "`lemmy_base_dir` is unset. if you are upgrading from an older version, add `lemmy_base_dir=/lemmy` to your inventory file."
when: lemmy_base_dir is not defined
- name: Check for legacy passwords/postgres file
delegate_to: localhost
ansible.builtin.stat:
path: "inventory/host_vars/{{ domain }}/passwords/postgres"
register: postgres_password_file
become: false
- name: Legacy use of passwords/postgres file
delegate_to: localhost
ansible.builtin.fail:
msg: >-
In current versions of the Lemmy Ansible playbooks, the passwords/postgres file must be renamed to passwords/postgres.psk.
See https://github.com/LemmyNet/lemmy-ansible#upgrading
when: postgres_password_file.stat.exists
become: false
- name: Check for vars.yml file
delegate_to: localhost
ansible.builtin.stat:
path: "inventory/host_vars/{{ domain }}/vars.yml"
register: vars_file
become: false
- name: Missing vars.yml file
delegate_to: localhost
ansible.builtin.fail:
msg: >-
Missing vars.yml file, please refer to the installations instructions. See https://github.com/LemmyNet/lemmy-ansible#install
and https://github.com/LemmyNet/lemmy-ansible#upgrading
when: not vars_file.stat.exists
become: false
- name: Install python for Ansible
# python2-minimal instead of python-minimal for ubuntu 20.04 and up
ansible.builtin.raw: test -e /usr/bin/python || test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal python3-setuptools)
args:
executable: /bin/bash
register: output
changed_when: output.stdout != ''
- name: Gather facts
ansible.builtin.setup:
handlers:
- name: Reload nginx
ansible.builtin.systemd:
name: nginx
state: reloaded
tasks:
- name: Ensure target system is Debian or Ubuntu
ansible.builtin.assert:
that:
- ansible_distribution in ['Debian', 'Ubuntu']
fail_msg: "This playbook requires Debian or Ubuntu on the target server"
- name: Install aptitude
ansible.builtin.apt:
name: aptitude
state: present
update_cache: true
- name: Install dependencies
ansible.builtin.apt:
state: present
update_cache: true
pkg:
- "nginx"
- "certbot"
- "python3-certbot-nginx"
- "apt-transport-https"
- "ca-certificates"
- "curl"
- "gnupg"
- "software-properties-common"
- "python3-pip"
- "virtualenv"
- "python3-setuptools"
- name: Configure Docker apt repo for Ubuntu < 22.04
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version < '22.04'
block:
- name: Add Docker GPG apt Key
ansible.builtin.apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: Add Docker Repository
ansible.builtin.apt_repository:
repo: deb https://download.docker.com/linux/ubuntu focal stable
state: present
- name: Get architecture using dpkg
when: (ansible_distribution == 'Debian') or
(ansible_distribution == 'Ubuntu' and ansible_distribution_version >= '22.04')
ansible.builtin.command: dpkg --print-architecture
register: dpkg_output
changed_when: false
# based on https://docs.docker.com/engine/install/debian/
# and https://docs.docker.com/engine/install/ubuntu/
# note that Debian and Ubuntu use the same key
- name: Configure Docker apt repo for Debian or Ubuntu >= 22.04
when: (ansible_distribution == 'Debian') or
(ansible_distribution == 'Ubuntu' and ansible_distribution_version >= '22.04')
block:
- name: Download Docker GPG Key
ansible.builtin.get_url:
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
dest: /etc/apt/trusted.gpg.d/docker.asc
checksum: sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570
mode: "0644"
- name: Add Docker apt repo
ansible.builtin.apt_repository:
repo: >-
deb [arch={{ dpkg_output.stdout }} signed-by=/etc/apt/trusted.gpg.d/docker.asc]
https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
state: present
- name: Install docker-ce and docker-compose
ansible.builtin.apt:
name:
- docker-ce
- docker-compose
state: present
update_cache: true
- name: Copy docker config
ansible.builtin.copy:
src: files/docker-daemon.json
dest: /etc/docker/daemon.json
mode: "0644"
- name: Request initial letsencrypt certificate
ansible.builtin.command: certbot certonly --nginx --agree-tos --cert-name '{{ domain }}' -d '{{ domain }}' -m '{{ letsencrypt_contact_email }}'
args:
creates: "/etc/letsencrypt/live/{{ domain }}/privkey.pem"
- name: Create lemmy folder
ansible.builtin.file:
path: "{{ item.path }}"
owner: "{{ item.owner }}"
state: directory
mode: "0755"
loop:
- path: "{{ lemmy_base_dir }}/{{ domain }}/"
owner: "root"
- path: "{{ lemmy_base_dir }}/{{ domain }}/volumes/"
owner: "root"
- path: "{{ lemmy_base_dir }}/{{ domain }}/volumes/pictrs/"
owner: "991"
- name: Deploy configuration files
block:
- name: Generate random port for lemmy service
ansible.builtin.set_fact:
lemmy_port: "{{ 32767 | random(start=1024) }}"
- name: Distribute nginx proxy_params configuration
ansible.builtin.copy:
src: files/proxy_params
dest: "{{ lemmy_base_dir }}/{{ domain }}/proxy_params"
owner: root
group: root
mode: "0644"
notify: Reload nginx
- name: Add template files
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- src: "templates/docker-compose.yml"
dest: "{{ lemmy_base_dir }}/{{ domain }}/docker-compose.yml"
mode: "0600"
- src: "templates/nginx_internal.conf"
dest: "{{ lemmy_base_dir }}/{{ domain }}/nginx_internal.conf"
mode: "0644"
- src: "templates/nginx.conf"
dest: "/etc/nginx/sites-available/{{ domain }}.conf"
mode: "0644"
notify: Reload nginx
vars:
lemmy_docker_image: "dessalines/lemmy:{{ lemmy_version | default(lookup('file', 'VERSION')) }}"
lemmy_docker_ui_image: "dessalines/lemmy-ui:{{ lemmy_ui_version | default(lemmy_version | default(lookup('file', 'VERSION'))) }}"
- name: Set up nginx sites-enabled symlink
notify: Reload nginx
block:
- name: Gather stats on site enabled config
ansible.builtin.stat:
path: "/etc/nginx/sites-enabled/{{ domain }}.conf"
register: reg_enabled
- name: Remove if regular file (legacy) instead of symlink
ansible.builtin.file:
path: "/etc/nginx/sites-enabled/{{ domain }}.conf"
state: absent
when: reg_enabled.stat.exists and reg_enabled.stat.isreg
- name: Enable nginx site
ansible.builtin.file:
src: "../sites-available/{{ domain }}.conf"
dest: "/etc/nginx/sites-enabled/{{ domain }}.conf"
state: link
- name: Add the config.hjson
ansible.builtin.template:
src: "inventory/host_vars/{{ domain }}/config.hjson"
dest: "{{ lemmy_base_dir }}/{{ domain }}/lemmy.hjson"
mode: "0600"
owner: "1000"
group: "1000"
- name: Add the customPostgresql.conf
ansible.builtin.template:
src: "inventory/host_vars/{{ domain }}/customPostgresql.conf"
dest: "{{ lemmy_base_dir }}/{{ domain }}/customPostgresql.conf"
mode: "0644"
owner: root
group: root
- name: Enable and start docker service
ansible.builtin.systemd:
name: docker
enabled: true
state: started
# - name: Change the working directory to /opt
# ansible.builtin.shell:
# cmd: find . # To list files under /opt directory
# chdir: /opt # changes to /opt directory
# register: shell_output
# - debug: var=shell_output
- name: Start docker-compose
community.docker.docker_compose:
project_src: "{{ lemmy_base_dir }}/{{ domain }}"
state: present
pull: true
remove_orphans: true
- name: Certbot renewal cronjob
ansible.builtin.cron:
special_time: daily
name: certbot-renew-lemmy
user: root
job: "certbot certonly --nginx --cert-name '{{ domain }}' -d '{{ domain }}' --deploy-hook 'nginx -s reload'"
Reference in a new issue View git blame Copy permalink