199 lines
5.4 KiB
YAML
199 lines
5.4 KiB
YAML
---
|
|
|
|
- name: Create futureporn group
|
|
ansible.builtin.group:
|
|
name: futureporn
|
|
state: present
|
|
|
|
- name: Create futureporn user
|
|
ansible.builtin.user:
|
|
name: futureporn
|
|
group: futureporn
|
|
create_home: true
|
|
home: /home/futureporn
|
|
system: true
|
|
|
|
- name: Ensure futureporn directory exists
|
|
ansible.builtin.file:
|
|
path: /opt/futureporn
|
|
state: directory
|
|
mode: "0755"
|
|
notify:
|
|
- Restart app
|
|
|
|
- name: Ensure config directory exists
|
|
ansible.builtin.file:
|
|
path: /usr/local/etc/futureporn/our
|
|
state: directory
|
|
mode: "0755"
|
|
notify:
|
|
- Restart app
|
|
|
|
- name: Generate .env file
|
|
ansible.builtin.template:
|
|
src: env.j2
|
|
dest: "{{ env_file }}"
|
|
mode: "0600"
|
|
notify:
|
|
- Restart app
|
|
|
|
- name: Download Futureporn source code
|
|
ansible.builtin.git:
|
|
repo: https://gitea.futureporn.net/futureporn/fp
|
|
dest: /opt/futureporn
|
|
version: "{{ our_commit }}"
|
|
update: true
|
|
tags:
|
|
- our
|
|
notify:
|
|
- Restart app
|
|
|
|
- name: Install Our packages based on package.json
|
|
community.general.npm:
|
|
path: "{{ app_dir }}"
|
|
|
|
|
|
- name: Install passlib
|
|
ansible.builtin.pip:
|
|
name: passlib # dependency of Ansible's passwordhash
|
|
state: present
|
|
|
|
- name: Create our-server service
|
|
ansible.builtin.template:
|
|
src: our-server.service.j2
|
|
dest: /etc/systemd/system/our-server.service
|
|
mode: "0644"
|
|
notify:
|
|
- Restart app
|
|
|
|
|
|
|
|
# - name: Template Caddyfile
|
|
# ansible.builtin.template:
|
|
# src: Caddyfile.j2
|
|
# dest: /opt/our/Caddyfile
|
|
# mode: "0600"
|
|
# notify:
|
|
# - Restart caddy
|
|
|
|
# - name: Template Docker Compose file
|
|
# ansible.builtin.template:
|
|
# src: docker-compose.yml.j2
|
|
# dest: /opt/our/docker-compose.yml
|
|
# mode: "0644"
|
|
# notify:
|
|
# - Restart app
|
|
|
|
- name: Set default UFW policy to deny incoming
|
|
community.general.ufw:
|
|
state: enabled
|
|
policy: deny
|
|
direction: incoming
|
|
|
|
- name: Configure firewall
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "{{ item }}"
|
|
proto: tcp
|
|
loop:
|
|
- 443
|
|
- 80
|
|
|
|
|
|
|
|
- name: Allow /20 subnet access
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "{{ item }}"
|
|
proto: tcp
|
|
from: 10.2.112.0/20
|
|
loop:
|
|
- 3000
|
|
|
|
# Bright app Reference
|
|
# ---
|
|
|
|
# # Terraform Vultr provider doesn't have a VFS resource/datasource yet.
|
|
# # This is a workaround for that missing feature.
|
|
# #
|
|
# # @see https://github.com/vultr/terraform-provider-vultr/issues/560
|
|
# - name: Get the VFS id
|
|
# ansible.builtin.uri:
|
|
# url: https://api.vultr.com/v2/vfs
|
|
# method: GET
|
|
# status_code: 200
|
|
# headers:
|
|
# Authorization: "Bearer {{ lookup('dotenv', 'VULTR_API_KEY', file='../.env') }}"
|
|
# register: vfs_list
|
|
|
|
# - name: Get VFS variables
|
|
# ansible.builtin.set_fact:
|
|
# our_vfs_id: "{{ vfs_list.json.vfs | selectattr('label', 'equalto', 'our') | map(attribute='id') | first }}"
|
|
|
|
# - name: Debug the our VFS id
|
|
# ansible.builtin.debug:
|
|
# msg: "The VFS ID for 'our' is {{ our_vfs_id }}"
|
|
|
|
# - name: Attach VFS to Vultr instance
|
|
# ansible.builtin.uri:
|
|
# url: https://api.vultr.com/v2/vfs/{{ our_vfs_id }}/attachments/{{ hostvars[inventory_hostname]['vultr_instance_id'] }}
|
|
# method: PUT
|
|
# status_code:
|
|
# - 200
|
|
# - 201
|
|
# - 409
|
|
# headers:
|
|
# Authorization: "Bearer {{ lookup('dotenv', 'VULTR_API_KEY', file='../.env') }}"
|
|
# register: vfs_attach
|
|
# changed_when:
|
|
# - vfs_attach.json is defined
|
|
# - "'state' in vfs_attach.json"
|
|
# - vfs_attach.json.state == "ATTACHED"
|
|
# notify:
|
|
# - Mount vfs
|
|
# - Restart our
|
|
|
|
# - name: Debug vfs_attach
|
|
# ansible.builtin.debug:
|
|
# var: vfs_attach
|
|
|
|
# - name: Get the VFS mount_tag
|
|
# ansible.builtin.set_fact:
|
|
# vfs_mount_tag: "{{ vfs_attach.json.mount_tag | default('') }}"
|
|
|
|
|
|
# - name: Setup docker container
|
|
# community.docker.docker_container:
|
|
# name: our
|
|
# image: gitea.futureporn.net/futureporn/our:latest
|
|
# pull: always
|
|
# state: started
|
|
# ports:
|
|
# - "4000:4000"
|
|
# volumes:
|
|
# - "/mnt/vfs/futureporn:/mnt/vfs/futureporn"
|
|
# env:
|
|
# DB_HOST: "{{ hostvars['fp-db-0']['internal_ip'] }}"
|
|
# DB_USER: "{{ lookup('dotenv', 'DB_USER', file='../.env') }}"
|
|
# DB_NAME: "our"
|
|
# DB_PORT: "5432"
|
|
# DB_PASS: "{{ lookup('dotenv', 'DB_PASS', file='../.env') }}"
|
|
# MIX_ENV: prod
|
|
# PUBLIC_S3_ENDPOINT: https://futureporn-b2.b-cdn.net
|
|
# PATREON_REDIRECT_URI: https://our.futureporn.net/auth/patreon/callback
|
|
# SITE_URL: https://our.futureporn.net
|
|
# PHX_HOST: our.futureporn.net
|
|
# AWS_BUCKET: futureporn
|
|
# AWS_REGION: us-west-000
|
|
# AWS_HOST: s3.us-west-000.backblazeb2.com
|
|
# SECRET_KEY_BASE: "{{ lookup('dotenv', 'SECRET_KEY_BASE', file='../.env') }}"
|
|
# PATREON_CLIENT_SECRET: "{{ lookup('dotenv', 'PATREON_CLIENT_SECRET', file='../.env') }}"
|
|
# PATREON_CLIENT_ID: "{{ lookup('dotenv', 'PATREON_CLIENT_ID', file='../.env') }}"
|
|
# AWS_ACCESS_KEY_ID: "{{ lookup('dotenv', 'AWS_ACCESS_KEY_ID', file='../.env') }}"
|
|
# AWS_SECRET_ACCESS_KEY: "{{ lookup('dotenv', 'AWS_SECRET_ACCESS_KEY', file='../.env') }}"
|
|
# TRACKER_HELPER_ACCESSLIST_URL: https://tracker.futureporn.net/accesslist
|
|
# TRACKER_HELPER_USERNAME: "{{ lookup('dotenv', 'TRACKER_HELPER_USERNAME', file='../.env') }}"
|
|
# TRACKER_HELPER_PASSWORD: "{{ lookup('dotenv', 'TRACKER_HELPER_PASSWORD', file='../.env') }}"
|
|
# TRACKER_URL: https://tracker.futureporn.net:6969
|
|
# CACHE_DIR: /mnt/vfs/futureporn # we use Vultr File System to share cache among all Phoenix instances
|