docker_compose_v2 ansible (instead of shell)

This commit is contained in:
Gleb Koval 2024-01-30 12:37:37 +00:00
parent 1a0114fa34
commit 2aa297e901
Signed by: cyclane
GPG Key ID: 15E168A8B332382C
5 changed files with 39 additions and 65 deletions

View File

@ -29,7 +29,7 @@ jobs:
apt update apt update
apt install -y python3-pip apt install -y python3-pip
pip3 install -r requirements.txt pip3 install -r requirements.txt
ansible-galaxy collection install community.general infisical.vault ansible-galaxy collection install community.general community.docker infisical.vault --force
- name: Check playbooks - name: Check playbooks
run: | run: |

View File

@ -7,46 +7,39 @@
- name: Wait for connection - name: Wait for connection
ansible.builtin.wait_for_connection: ansible.builtin.wait_for_connection:
timeout: 300 timeout: 300
- name: Get user
ansible.builtin.user:
name: debian
register: user
- name: Docker compose down - name: Docker compose down
ansible.builtin.command: docker compose down community.docker.docker_compose_v2:
args: project_src: "$HOME/{{ app }}"
chdir: "{{ user.home }}/{{ app }}" state: absent
ignore_errors: true
- name: Copy project - name: Copy project
ansible.builtin.copy: ansible.builtin.copy:
src: "./{{ app }}" src: "./{{ app }}"
dest: "{{ user.home }}" dest: "$HOME"
mode: "0744" mode: "0744"
- name: Replace LastFM API key secret - name: Replace LastFM API key secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env" path: "$HOME/{{ app }}/.env"
regexp: "LASTFM_APIKEY_VALUE" regexp: "LASTFM_APIKEY_VALUE"
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='LASTFM_APIKEY')['value'] }}" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='LASTFM_APIKEY')['value'] }}"
- name: Replace LastFM secret - name: Replace LastFM secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env" path: "$HOME/{{ app }}/.env"
regexp: "LASTFM_SECRET_VALUE" regexp: "LASTFM_SECRET_VALUE"
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='LASTFM_SECRET')['value'] }}" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='LASTFM_SECRET')['value'] }}"
- name: Replace Mongo Password secret - name: Replace Mongo Password secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env" path: "$HOME/{{ app }}/.env"
regexp: "SPOTIFY_ID_VALUE" regexp: "SPOTIFY_ID_VALUE"
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='SPOTIFY_ID')['value'] }}" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='SPOTIFY_ID')['value'] }}"
- name: Replace SMTP Password secret - name: Replace SMTP Password secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env" path: "$HOME/{{ app }}/.env"
regexp: "SPOTIFY_SECRET_VALUE" regexp: "SPOTIFY_SECRET_VALUE"
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='SPOTIFY_SECRET')['value'] }}" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='SPOTIFY_SECRET')['value'] }}"
- name: Docker compose up -d - name: Docker compose up
ansible.builtin.command: docker compose up -d community.docker.docker_compose_v2:
args: project_src: "$HOME/{{ app }}"
chdir: "{{ user.home }}/{{ app }}"
- name: Update data permissions - name: Update data permissions
ansible.builtin.file: ansible.builtin.file:

View File

@ -1,5 +1,5 @@
- name: Deploy app - name: Deploy app
hosts: photos hosts: photos
gather_facts: false gather_facts: false
vars: vars:
app: immich app: immich
@ -7,31 +7,25 @@
- name: Wait for connection - name: Wait for connection
ansible.builtin.wait_for_connection: ansible.builtin.wait_for_connection:
timeout: 300 timeout: 300
- name: Get user
ansible.builtin.user:
name: debian
register: user
- name: Docker compose down - name: Docker compose down
ansible.builtin.command: docker compose down community.docker.docker_compose_v2:
args: project_src: "$HOME/{{ app }}"
chdir: "{{ user.home }}/{{ app }}" state: absent
ignore_errors: true
- name: Copy project - name: Copy project
ansible.builtin.copy: ansible.builtin.copy:
src: "./{{ app }}" src: "./{{ app }}"
dest: "{{ user.home }}" dest: "$HOME"
mode: "0744" mode: "0744"
- name: Replace Typesense secret - name: Replace Typesense secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env" path: "$HOME/{{ app }}/.env"
regexp: "TYPESENSE_API_KEY_VALUE" regexp: "TYPESENSE_API_KEY_VALUE"
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='TYPESENSE_API_KEY')['value'] }}" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='TYPESENSE_API_KEY')['value'] }}"
- name: Replace DB secret - name: Replace DB secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env" path: "$HOME/{{ app }}/.env"
regexp: "DB_PASSWORD_VALUE" regexp: "DB_PASSWORD_VALUE"
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='DB_PASSWORD')['value'] }}" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='DB_PASSWORD')['value'] }}"
- name: Docker compose up -d - name: Docker compose up -d
ansible.builtin.command: docker compose up -d community.docker.docker_compose_v2:
args: project_src: "$HOME/{{ app }}"
chdir: "{{ user.home }}/{{ app }}"

View File

@ -7,32 +7,25 @@
- name: Wait for connection - name: Wait for connection
ansible.builtin.wait_for_connection: ansible.builtin.wait_for_connection:
timeout: 300 timeout: 300
- name: Get user
ansible.builtin.user:
name: debian
register: user
- name: Docker compose down - name: Docker compose down
ansible.builtin.command: docker compose down community.docker.docker_compose_v2:
args: project_src: "$HOME/{{ app }}"
chdir: "{{ user.home }}/{{ app }}" state: absent
ignore_errors: true
- name: Copy project - name: Copy project
ansible.builtin.copy: ansible.builtin.copy:
src: "./{{ app }}" src: "./{{ app }}"
dest: "{{ user.home }}" dest: "$HOME"
mode: "0744" mode: "0744"
- name: Replace KVK Password secret - name: Replace KVK Password secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/config.yml" path: "$HOME/{{ app }}/config.yml"
regexp: "KVK_PASSWORD" regexp: "KVK_PASSWORD"
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/samba', secret_name='KVK_PASSWORD')['value'] }}" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/samba', secret_name='KVK_PASSWORD')['value'] }}"
- name: Docker compose up -d - name: Docker compose up
ansible.builtin.command: docker compose up -d community.docker.docker_compose_v2:
args: project_src: "$HOME/{{ app }}"
chdir: "{{ user.home }}/{{ app }}"
- name: Update samba permissions - name: Update samba permissions
ansible.builtin.file: ansible.builtin.file:

View File

@ -7,43 +7,37 @@
- name: Wait for connection - name: Wait for connection
ansible.builtin.wait_for_connection: ansible.builtin.wait_for_connection:
timeout: 300 timeout: 300
- name: Get user
ansible.builtin.user:
name: debian
register: user
- name: Docker compose down - name: Docker compose down
ansible.builtin.command: docker compose down community.docker.docker_compose_v2:
args: project_src: "$HOME/{{ app }}"
chdir: "{{ user.home }}/{{ app }}" state: absent
ignore_errors: true
- name: Copy project - name: Copy project
ansible.builtin.copy: ansible.builtin.copy:
src: "./{{ app }}" src: "./{{ app }}"
dest: "{{ user.home }}" dest: "$HOME"
mode: "0744" mode: "0744"
- name: Replace Encryption Key secret - name: Replace Encryption Key secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env" path: "$HOME/{{ app }}/.env"
regexp: "ENCRYPTION_KEY_VALUE" regexp: "ENCRYPTION_KEY_VALUE"
replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_ENCRYPTION_KEY') }}" replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_ENCRYPTION_KEY') }}"
- name: Replace Auth secret - name: Replace Auth secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env" path: "$HOME/{{ app }}/.env"
regexp: "AUTH_SECRET_VALUE" regexp: "AUTH_SECRET_VALUE"
replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_AUTH_SECRET') }}" replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_AUTH_SECRET') }}"
- name: Replace Mongo Password secret - name: Replace Mongo Password secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env" path: "$HOME/{{ app }}/.env"
regexp: "MONGO_PASSWORD_VALUE" regexp: "MONGO_PASSWORD_VALUE"
replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_MONGO_PASSWORD') }}" replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_MONGO_PASSWORD') }}"
- name: Replace SMTP Password secret - name: Replace SMTP Password secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env" path: "$HOME/{{ app }}/.env"
regexp: "SMTP_PASSWORD_VALUE" regexp: "SMTP_PASSWORD_VALUE"
replace: "{{ lookup('ansible.builtin.env', 'SMTP_PASSWORD') }}" replace: "{{ lookup('ansible.builtin.env', 'SMTP_PASSWORD') }}"
- name: Docker compose up -d - name: Docker compose up -d
ansible.builtin.command: docker compose up -d community.docker.docker_compose_v2:
args: project_src: "$HOME/{{ app }}"
chdir: "{{ user.home }}/{{ app }}"