dabo/dabo-ansible.yml
2024-02-07 14:43:12 +01:00

160 lines
4.8 KiB
YAML

---
- name: dabo
hosts: all
tasks:
- name: Create /home/docker/dabo.{{inventory_hostname}} dir
ansible.builtin.file:
path: /home/docker/dabo.{{inventory_hostname}}
owner: root
group: docker
state: directory
mode: '0550'
- name: Git checkout
ansible.builtin.git:
repo: 'https://gitea.ds9.dedyn.io/olli/dabo.git'
dest: /home/docker/dabo.{{inventory_hostname}}
force: true
notify: Restart dabo
- name: /home/docker/dabo.{{inventory_hostname}}/genpw.sh (generate Random PW for Gitea and DB)
blockinfile:
path: /home/docker/dabo.{{inventory_hostname}}/genpw.sh
create: yes
mode: 0550
owner: root
group: docker
marker: "# {mark} ANSIBLE MANAGED BLOCK"
block: |
cd /home/docker/dabo.{{inventory_hostname}}
if [ -f env ]
then
. ./env
echo "${WEBPASSWDCRYPT}"
else
webpassword=$(pwgen -s 32 1)
webuser=bot
webpasswordcrypted=$(htpasswd -nb ${webuser} ${webpassword})
echo "WEBUSER=${webuser}
WEBPASSWD=${webpassword}
WEBPASSWDCRYPT=${webpasswordcrypted}
" >env
chmod 440 env
chown root:docker env
echo "${webpasswordcrypted}"
fi
if ! [ -d home/.ssh ]
then
mkdir -p home/.ssh
ssh-keygen -f home/.ssh/id_ed25519 -N "" -t ed25519 >/dev/null
chmod 700 home/.ssh
fi
[ -f watch-assets.csv ] || cp dabo/watch-assets.csv watch-assets.csv
chown -R 10000:10000 dabo data home strategies dabo-bot.conf watch-assets.csv
backup: yes
validate: /bin/bash -n %s
- name: /home/docker/dabo.{{inventory_hostname}}/genpw.sh shebang
lineinfile:
path: /home/docker/dabo.{{inventory_hostname}}/genpw.sh
insertbefore: BOF
line: "#!/bin/bash -e"
- name: Basic dabo config
blockinfile:
path: /home/docker/dabo.{{inventory_hostname}}/dabo-bot.conf
create: yes
mode: 0440
owner: 10000
group: 10000
marker: "# {mark} ANSIBLE MANAGED BLOCK"
block: |
URL=dabo.{{inventory_hostname}}
validate: /bin/bash -n %s
backup: yes
notify:
- Restart dabo
- name: Get crypted PW
shell: bash /home/docker/dabo.{{inventory_hostname}}/genpw.sh
register: cryptpw
changed_when: false
- name: /home/docker/dabo.{{inventory_hostname}}/docker-compose.override.yml Container Configuration
blockinfile:
path: /home/docker/dabo.{{inventory_hostname}}/docker-compose.override.yml
create: yes
mode: 0440
owner: root
group: docker
marker: "# {mark} ANSIBLE MANAGED BLOCK"
block: |
version: '3.6'
services:
dabo-bot:
networks:
- traefik
- dabo-network
dabo-web:
labels:
- traefik.enable=true
# HTTPS
- traefik.http.routers.dabo.rule=Host(`dabo.{{inventory_hostname}}`)
- traefik.http.routers.dabo.entrypoints=https
- traefik.http.routers.dabo.tls=true
# Proxy to service-port
- traefik.http.services.dabo.loadbalancer.server.port=80
- traefik.http.routers.dabo.service=dabo
# cert via letsencrypt
- traefik.http.routers.dabo.tls.certresolver=letsencrypt
# activate secHeaders@file
- traefik.http.routers.dabo.middlewares=secHeaders@file,dabo-basicauth
- traefik.http.middlewares.dabo-basicauth.basicauth.users={{ cryptpw.stdout }}
# Traefik network
- traefik.docker.network=traefik
networks:
- traefik
networks:
dabo-network:
driver: bridge
driver_opts:
com.docker.network.bridge.name: br-dabo
traefik:
external: true
backup: yes
notify: Restart dabo
- name: Build dabo-bot
ansible.builtin.shell: docker -l warn compose --ansi never build --progress=plain --pull --no-cache --force-rm
args:
chdir: /home/docker/dabo.{{inventory_hostname}}
creates: /home/docker/dabo.{{inventory_hostname}}/data/botdata/MARKET_PERFORMANCE
handlers:
- name: run genpw.sh
ansible.builtin.shell: ./genpw.sh
args:
chdir: /home/docker/dabo.{{inventory_hostname}}
notify: Restart dabo
- name: Restart dabo
ansible.builtin.shell: docker compose up -d --force-recreate
args:
chdir: /home/docker/dabo.{{inventory_hostname}}