270 lines
9.7 KiB
YAML
270 lines
9.7 KiB
YAML
---
|
|
- name: Install Lemmy
|
|
hosts: all
|
|
|
|
# Install python if required
|
|
# https://www.josharcher.uk/code/ansible-python-connection-failure-ubuntu-server-1604/
|
|
gather_facts: false
|
|
vars_files:
|
|
- "inventory/host_vars/{{ domain }}/vars.yml"
|
|
pre_tasks:
|
|
- name: Assert that Ansible version is >= 2.11.0
|
|
delegate_to: localhost
|
|
ansible.builtin.assert:
|
|
that:
|
|
- "ansible_version.full is version('2.11.0', '>=')"
|
|
fail_msg: "This playbook requires Ansible 2.11.0 or higher"
|
|
become: false
|
|
|
|
- name: Check lemmy_base_dir
|
|
ansible.builtin.fail:
|
|
msg: "`lemmy_base_dir` is unset. if you are upgrading from an older version, add `lemmy_base_dir=/lemmy` to your inventory file."
|
|
when: lemmy_base_dir is not defined
|
|
|
|
- name: Check for legacy passwords/postgres file
|
|
delegate_to: localhost
|
|
ansible.builtin.stat:
|
|
path: "inventory/host_vars/{{ domain }}/passwords/postgres"
|
|
register: postgres_password_file
|
|
become: false
|
|
|
|
- name: Legacy use of passwords/postgres file
|
|
delegate_to: localhost
|
|
ansible.builtin.fail:
|
|
msg: >-
|
|
In current versions of the Lemmy Ansible playbooks, the passwords/postgres file must be renamed to passwords/postgres.psk.
|
|
See https://github.com/LemmyNet/lemmy-ansible#upgrading
|
|
when: postgres_password_file.stat.exists
|
|
become: false
|
|
|
|
- name: Check for vars.yml file
|
|
delegate_to: localhost
|
|
ansible.builtin.stat:
|
|
path: "inventory/host_vars/{{ domain }}/vars.yml"
|
|
register: vars_file
|
|
become: false
|
|
|
|
- name: Missing vars.yml file
|
|
delegate_to: localhost
|
|
ansible.builtin.fail:
|
|
msg: >-
|
|
Missing vars.yml file, please refer to the installations instructions. See https://github.com/LemmyNet/lemmy-ansible#install
|
|
and https://github.com/LemmyNet/lemmy-ansible#upgrading
|
|
when: not vars_file.stat.exists
|
|
become: false
|
|
|
|
- name: Install python for Ansible
|
|
# python2-minimal instead of python-minimal for ubuntu 20.04 and up
|
|
ansible.builtin.raw: test -e /usr/bin/python || test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal python3-setuptools)
|
|
args:
|
|
executable: /bin/bash
|
|
register: output
|
|
changed_when: output.stdout != ''
|
|
|
|
- name: Gather facts
|
|
ansible.builtin.setup:
|
|
handlers:
|
|
- name: Reload nginx
|
|
ansible.builtin.systemd:
|
|
name: nginx
|
|
state: reloaded
|
|
tasks:
|
|
- name: Ensure target system is Debian or Ubuntu
|
|
ansible.builtin.assert:
|
|
that:
|
|
- ansible_distribution in ['Debian', 'Ubuntu']
|
|
fail_msg: "This playbook requires Debian or Ubuntu on the target server"
|
|
|
|
- name: Install aptitude
|
|
ansible.builtin.apt:
|
|
name: aptitude
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: Install dependencies
|
|
ansible.builtin.apt:
|
|
state: present
|
|
update_cache: true
|
|
pkg:
|
|
- "nginx"
|
|
- "certbot"
|
|
- "python3-certbot-nginx"
|
|
- "apt-transport-https"
|
|
- "ca-certificates"
|
|
- "curl"
|
|
- "gnupg"
|
|
- "software-properties-common"
|
|
- "python3-pip"
|
|
- "virtualenv"
|
|
- "python3-setuptools"
|
|
|
|
- name: Configure Docker apt repo for Ubuntu < 22.04
|
|
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version < '22.04'
|
|
block:
|
|
- name: Add Docker GPG apt Key
|
|
ansible.builtin.apt_key:
|
|
url: https://download.docker.com/linux/ubuntu/gpg
|
|
state: present
|
|
- name: Add Docker Repository
|
|
ansible.builtin.apt_repository:
|
|
repo: deb https://download.docker.com/linux/ubuntu focal stable
|
|
state: present
|
|
|
|
- name: Get architecture using dpkg
|
|
when: (ansible_distribution == 'Debian') or
|
|
(ansible_distribution == 'Ubuntu' and ansible_distribution_version >= '22.04')
|
|
ansible.builtin.command: dpkg --print-architecture
|
|
register: dpkg_output
|
|
changed_when: false
|
|
|
|
# based on https://docs.docker.com/engine/install/debian/
|
|
# and https://docs.docker.com/engine/install/ubuntu/
|
|
# note that Debian and Ubuntu use the same key
|
|
- name: Configure Docker apt repo for Debian or Ubuntu >= 22.04
|
|
when: (ansible_distribution == 'Debian') or
|
|
(ansible_distribution == 'Ubuntu' and ansible_distribution_version >= '22.04')
|
|
block:
|
|
- name: Download Docker GPG Key
|
|
ansible.builtin.get_url:
|
|
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
|
|
dest: /etc/apt/trusted.gpg.d/docker.asc
|
|
checksum: sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570
|
|
mode: "0644"
|
|
- name: Add Docker apt repo
|
|
ansible.builtin.apt_repository:
|
|
repo: >-
|
|
deb [arch={{ dpkg_output.stdout }} signed-by=/etc/apt/trusted.gpg.d/docker.asc]
|
|
https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
|
|
state: present
|
|
|
|
- name: Install docker-ce and docker-compose
|
|
ansible.builtin.apt:
|
|
name:
|
|
- docker-ce
|
|
- docker-compose
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: Copy docker config
|
|
ansible.builtin.copy:
|
|
src: files/docker-daemon.json
|
|
dest: /etc/docker/daemon.json
|
|
mode: "0644"
|
|
|
|
- name: Request initial letsencrypt certificate
|
|
ansible.builtin.command: certbot certonly --nginx --agree-tos --cert-name '{{ domain }}' -d '{{ domain }}' -m '{{ letsencrypt_contact_email }}'
|
|
args:
|
|
creates: "/etc/letsencrypt/live/{{ domain }}/privkey.pem"
|
|
|
|
- name: Create lemmy folder
|
|
ansible.builtin.file:
|
|
path: "{{ item.path }}"
|
|
owner: "{{ item.owner }}"
|
|
state: directory
|
|
mode: "0755"
|
|
loop:
|
|
- path: "{{ lemmy_base_dir }}/{{ domain }}/"
|
|
owner: "root"
|
|
- path: "{{ lemmy_base_dir }}/{{ domain }}/volumes/"
|
|
owner: "root"
|
|
- path: "{{ lemmy_base_dir }}/{{ domain }}/volumes/pictrs/"
|
|
owner: "991"
|
|
|
|
- name: Deploy configuration files
|
|
block:
|
|
- name: Generate random port for lemmy service
|
|
ansible.builtin.set_fact:
|
|
lemmy_port: "{{ 32767 | random(start=1024) }}"
|
|
|
|
- name: Distribute nginx proxy_params configuration
|
|
ansible.builtin.copy:
|
|
src: files/proxy_params
|
|
dest: "{{ lemmy_base_dir }}/{{ domain }}/proxy_params"
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
notify: Reload nginx
|
|
|
|
- name: Add template files
|
|
ansible.builtin.template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
mode: "{{ item.mode }}"
|
|
loop:
|
|
- src: "templates/docker-compose.yml"
|
|
dest: "{{ lemmy_base_dir }}/{{ domain }}/docker-compose.yml"
|
|
mode: "0600"
|
|
- src: "templates/nginx_internal.conf"
|
|
dest: "{{ lemmy_base_dir }}/{{ domain }}/nginx_internal.conf"
|
|
mode: "0644"
|
|
- src: "templates/nginx.conf"
|
|
dest: "/etc/nginx/sites-available/{{ domain }}.conf"
|
|
mode: "0644"
|
|
notify: Reload nginx
|
|
vars:
|
|
lemmy_docker_image: "dessalines/lemmy:{{ lemmy_version | default(lookup('file', 'VERSION')) }}"
|
|
lemmy_docker_ui_image: "dessalines/lemmy-ui:{{ lemmy_ui_version | default(lemmy_version | default(lookup('file', 'VERSION'))) }}"
|
|
|
|
- name: Set up nginx sites-enabled symlink
|
|
notify: Reload nginx
|
|
block:
|
|
- name: Gather stats on site enabled config
|
|
ansible.builtin.stat:
|
|
path: "/etc/nginx/sites-enabled/{{ domain }}.conf"
|
|
register: reg_enabled
|
|
|
|
- name: Remove if regular file (legacy) instead of symlink
|
|
ansible.builtin.file:
|
|
path: "/etc/nginx/sites-enabled/{{ domain }}.conf"
|
|
state: absent
|
|
when: reg_enabled.stat.exists and reg_enabled.stat.isreg
|
|
|
|
- name: Enable nginx site
|
|
ansible.builtin.file:
|
|
src: "../sites-available/{{ domain }}.conf"
|
|
dest: "/etc/nginx/sites-enabled/{{ domain }}.conf"
|
|
state: link
|
|
|
|
- name: Add the config.hjson
|
|
ansible.builtin.template:
|
|
src: "inventory/host_vars/{{ domain }}/config.hjson"
|
|
dest: "{{ lemmy_base_dir }}/{{ domain }}/lemmy.hjson"
|
|
mode: "0600"
|
|
owner: "1000"
|
|
group: "1000"
|
|
|
|
- name: Add the customPostgresql.conf
|
|
ansible.builtin.template:
|
|
src: "inventory/host_vars/{{ domain }}/customPostgresql.conf"
|
|
dest: "{{ lemmy_base_dir }}/{{ domain }}/customPostgresql.conf"
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Enable and start docker service
|
|
ansible.builtin.systemd:
|
|
name: docker
|
|
enabled: true
|
|
state: started
|
|
|
|
# - name: Change the working directory to /opt
|
|
# ansible.builtin.shell:
|
|
# cmd: find . # To list files under /opt directory
|
|
# chdir: /opt # changes to /opt directory
|
|
# register: shell_output
|
|
# - debug: var=shell_output
|
|
|
|
- name: Start docker-compose
|
|
community.docker.docker_compose:
|
|
project_src: "{{ lemmy_base_dir }}/{{ domain }}"
|
|
state: present
|
|
pull: true
|
|
remove_orphans: true
|
|
|
|
- name: Certbot renewal cronjob
|
|
ansible.builtin.cron:
|
|
special_time: daily
|
|
name: certbot-renew-lemmy
|
|
user: root
|
|
job: "certbot certonly --nginx --cert-name '{{ domain }}' -d '{{ domain }}' --deploy-hook 'nginx -s reload'"
|