diff --git a/.github/workflows/infra.yaml b/.github/workflows/infra.yaml index 149494b..a21dd87 100644 --- a/.github/workflows/infra.yaml +++ b/.github/workflows/infra.yaml @@ -29,7 +29,7 @@ jobs: apt update apt install -y python3-pip pip3 install -r requirements.txt - ansible-galaxy collection install community.general infisical.vault + ansible-galaxy collection install community.general community.docker infisical.vault --force - name: Check playbooks run: | diff --git a/infra/music/0003_music_playbook.yaml b/infra/music/0003_music_playbook.yaml index 532e885..8ec3de2 100644 --- a/infra/music/0003_music_playbook.yaml +++ b/infra/music/0003_music_playbook.yaml @@ -7,46 +7,39 @@ - name: Wait for connection ansible.builtin.wait_for_connection: timeout: 300 - - name: Get user - ansible.builtin.user: - name: debian - register: user - name: Docker compose down - ansible.builtin.command: docker compose down - args: - chdir: "{{ user.home }}/{{ app }}" - ignore_errors: true + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" + state: absent - name: Copy project ansible.builtin.copy: src: "./{{ app }}" - dest: "{{ user.home }}" + dest: "$HOME" mode: "0744" - - name: Replace LastFM API key secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "LASTFM_APIKEY_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='LASTFM_APIKEY')['value'] }}" - name: Replace LastFM secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "LASTFM_SECRET_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='LASTFM_SECRET')['value'] }}" - name: Replace Mongo Password secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "SPOTIFY_ID_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='SPOTIFY_ID')['value'] }}" - name: Replace SMTP Password secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "SPOTIFY_SECRET_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='SPOTIFY_SECRET')['value'] }}" - - name: Docker compose up -d - ansible.builtin.command: docker compose up -d - args: - chdir: "{{ user.home }}/{{ app }}" + - name: Docker compose up + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" - name: Update data permissions ansible.builtin.file: diff --git a/infra/photos/0003_immich_playbook.yaml b/infra/photos/0003_immich_playbook.yaml index 6335431..4a4bbf8 100644 --- a/infra/photos/0003_immich_playbook.yaml +++ b/infra/photos/0003_immich_playbook.yaml @@ -1,5 +1,5 @@ - name: Deploy app - hosts: photos + hosts: photos gather_facts: false vars: app: immich @@ -7,31 +7,25 @@ - name: Wait for connection ansible.builtin.wait_for_connection: timeout: 300 - - name: Get user - ansible.builtin.user: - name: debian - register: user - name: Docker compose down - ansible.builtin.command: docker compose down - args: - chdir: "{{ user.home }}/{{ app }}" - ignore_errors: true + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" + state: absent - name: Copy project ansible.builtin.copy: src: "./{{ app }}" - dest: "{{ user.home }}" + dest: "$HOME" mode: "0744" - name: Replace Typesense secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "TYPESENSE_API_KEY_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='TYPESENSE_API_KEY')['value'] }}" - name: Replace DB secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "DB_PASSWORD_VALUE" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='DB_PASSWORD')['value'] }}" - name: Docker compose up -d - ansible.builtin.command: docker compose up -d - args: - chdir: "{{ user.home }}/{{ app }}" + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" diff --git a/infra/samba/0003_samba_playbook.yaml b/infra/samba/0003_samba_playbook.yaml index 1df1e72..5393a68 100644 --- a/infra/samba/0003_samba_playbook.yaml +++ b/infra/samba/0003_samba_playbook.yaml @@ -7,32 +7,25 @@ - name: Wait for connection ansible.builtin.wait_for_connection: timeout: 300 - - name: Get user - ansible.builtin.user: - name: debian - register: user - - name: Docker compose down - ansible.builtin.command: docker compose down - args: - chdir: "{{ user.home }}/{{ app }}" - ignore_errors: true + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" + state: absent - name: Copy project ansible.builtin.copy: src: "./{{ app }}" - dest: "{{ user.home }}" + dest: "$HOME" mode: "0744" - name: Replace KVK Password secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/config.yml" + path: "$HOME/{{ app }}/config.yml" regexp: "KVK_PASSWORD" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/samba', secret_name='KVK_PASSWORD')['value'] }}" - - name: Docker compose up -d - ansible.builtin.command: docker compose up -d - args: - chdir: "{{ user.home }}/{{ app }}" + - name: Docker compose up + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" - name: Update samba permissions ansible.builtin.file: diff --git a/infra/secrets/0003_infiscal_playbook.yaml b/infra/secrets/0003_infiscal_playbook.yaml index 20b4e18..899acc6 100644 --- a/infra/secrets/0003_infiscal_playbook.yaml +++ b/infra/secrets/0003_infiscal_playbook.yaml @@ -7,43 +7,37 @@ - name: Wait for connection ansible.builtin.wait_for_connection: timeout: 300 - - name: Get user - ansible.builtin.user: - name: debian - register: user - name: Docker compose down - ansible.builtin.command: docker compose down - args: - chdir: "{{ user.home }}/{{ app }}" - ignore_errors: true + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}" + state: absent - name: Copy project ansible.builtin.copy: src: "./{{ app }}" - dest: "{{ user.home }}" + dest: "$HOME" mode: "0744" - name: Replace Encryption Key secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "ENCRYPTION_KEY_VALUE" replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_ENCRYPTION_KEY') }}" - name: Replace Auth secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "AUTH_SECRET_VALUE" replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_AUTH_SECRET') }}" - name: Replace Mongo Password secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "MONGO_PASSWORD_VALUE" replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_MONGO_PASSWORD') }}" - name: Replace SMTP Password secret ansible.builtin.replace: - path: "{{ user.home }}/{{ app }}/.env" + path: "$HOME/{{ app }}/.env" regexp: "SMTP_PASSWORD_VALUE" replace: "{{ lookup('ansible.builtin.env', 'SMTP_PASSWORD') }}" - name: Docker compose up -d - ansible.builtin.command: docker compose up -d - args: - chdir: "{{ user.home }}/{{ app }}" + community.docker.docker_compose_v2: + project_src: "$HOME/{{ app }}"