diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index ea2cbd2..acc815f 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -2,7 +2,7 @@ name: Deploy on: push: - branches: [dev] + branches: [master] env: REGISTRY: gitea.d3m0k1d.ru @@ -16,11 +16,13 @@ jobs: - name: Setup SSH run: | mkdir -p ~/.ssh - echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa + echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_rsa - name: Install Ansible - run: apt update && apt install -y ansible + run: | + apt update && apt install -y ansible + ansible-galaxy install -r infra/ansible/requirements.yml - name: Login to registry run: echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login $REGISTRY -u "${{ secrets.REGISTRY_USER }}" --password-stdin @@ -35,8 +37,5 @@ jobs: - name: Deploy run: | echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > .vault_pass - ansible-playbook -i infra/ansible/inventory/hosts.yml infra/ansible/playbook.yml \ - --vault-password-file .vault_pass \ - -e registry=$REGISTRY \ - -e tag=latest + ansible-playbook -i infra/ansible/inventory/hosts.yml infra/ansible/playbook.yml --vault-password-file .vault_pass rm .vault_pass diff --git a/infra/ansible/inventory/hosts.yml b/infra/ansible/inventory/hosts.yml index acea417..c84a418 100644 --- a/infra/ansible/inventory/hosts.yml +++ b/infra/ansible/inventory/hosts.yml @@ -1,6 +1,13 @@ -all: - hosts: - prod: - ansible_host: - ansible_user: root - ansible_port: 22 +$ANSIBLE_VAULT;1.1;AES256 +63663666653739363337653532643363626133303030323462363762316364633838623636626636 +3163343137366530326139353638316466663037663935340a386362666236633237313939366639 +34626337346365663033386631366362366261366163646438646461376662666665363635396333 +3533626234383564390a663966376163366530643965306563363565326438313465383866343138 +66633432663430373339326365303033323133383365656231373736323234386435626431383639 +63396366333433343039343165633436633839666330646261633338666435353035656230313932 +33333630343535646338303539356532306632373433643536393537383463396330366634393962 +36356139616432336664613139623038373434643562353565353866303130323938383439396131 +30316139333733356462366464653964313264646632336566616536643438326433623363643465 +63343430373666356634323761363433666463366431343537613635363239636131643837353935 +64316633663334663536656137666330393034666661383165376365666633303764643439366461 +33386433643034643466 diff --git a/infra/ansible/playbook.yml b/infra/ansible/playbook.yml index 5468699..db63d6d 100644 --- a/infra/ansible/playbook.yml +++ b/infra/ansible/playbook.yml @@ -1,32 +1,47 @@ --- - name: Deploy Frontend hosts: prod - vars: - deploy_path: /opt/app + pre_tasks: + - name: Install docker + ansible.builtin.include_role: + name: geerlingguy.docker + + - name: Configure ufw + community.general.ufw: + rule: allow + port: "{{ item }}" + loop: + - "80" + - "443" + - "2222" + + - name: Enable ufw + community.general.ufw: + state: enabled tasks: - - name: Ensure deployment directory + - name: Ensure directory ansible.builtin.file: - path: "{{ deploy_path }}" + path: /opt/aegisfront state: directory - - name: Copy docker-compose + - name: Copy compose ansible.builtin.copy: src: "{{ playbook_dir }}/../docker-compose.yml" - dest: "{{ deploy_path }}/docker-compose.yml" + dest: /opt/aegisfront/docker-compose.yml - - name: Pull images + - name: Pull image ansible.builtin.shell: cmd: docker compose pull - chdir: "{{ deploy_path }}" + chdir: /opt/aegisfront environment: - REGISTRY: "{{ registry }}" - TAG: "{{ tag }}" + REGISTRY: gitea.d3m0k1d.ru + TAG: latest - - name: Start services + - name: Start ansible.builtin.shell: cmd: docker compose up -d --remove-orphans - chdir: "{{ deploy_path }}" + chdir: /opt/aegisfront environment: - REGISTRY: "{{ registry }}" - TAG: "{{ tag }}" + REGISTRY: gitea.d3m0k1d.ru + TAG: latest diff --git a/infra/ansible/requirements.yml b/infra/ansible/requirements.yml index 9bb092f..f643953 100644 --- a/infra/ansible/requirements.yml +++ b/infra/ansible/requirements.yml @@ -1,4 +1,6 @@ --- -roles: [] +roles: + - geerlingguy.docker -collections: [] +collections: + - community.general