Start work on adding a role for mediaserver.

4 years ago · db3e668191
parent f175b6fef0
commit db3e668191
5 changed files with 179 additions and 0 deletions
--- a/ansible/roles/mediaserver/tasks/main.yml
+++ b/ansible/roles/mediaserver/tasks/main.yml
@ -0,0 +1,75 @@
+---
+# deploy a media server from scratch.
+
+# boot strap server
+- name: Install aptitude using apt
+  apt: name=aptitude state=latest update_cache=yes force_apt_get=yes
+
+- name: Install required system packages for docker install
+  apt: name={{ item }} state=latest update_cache=yes
+  loop: [ 'apt-transport-https', 'ca-certificates', 'software-properties-common' ]
+
+- name: Add Docker GPG apt Key
+  apt_key:
+    url: https://download.docker.com/linux/debian/gpg
+    state: present
+
+- name: Add Docker Repository
+  apt_repository:
+    repo: deb https://download.docker.com/linux/ubuntu bionic stable
+    state: present
+
+- name: Update apt
+  apt: update_cache=yes
+
+- name: Install required system packages
+  apt: name={{ sys_packages }} state=latest
+
+- name: add 'josiah' to docker group
+  user:
+    name='josiah'
+    groups=docker
+    append=yes
+
+
+# set up mediaserver specific bullshit.
+- name: ensure traefik config directory exists
+  file: state=directory path=/home/josiah/apps/traefik/ owner=josiah group=josiah mode=0700
+
+- name: ensure traefik.log exists
+  file: state=file path=/home/josiah/apps/traefik/traefik.log owner=josiah group=josiah mode=0700  
+
+- name: allow for pretty json errors
+  pip:
+    name: jsondiff
+    
+- name: Create deploy configs dir if it does not exist
+  file:
+    path: /home/josiah/deploys/mediaserver
+    state: directory
+    mode: '0755'
+
+- name: copy over mediaserver config files
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0777
+  with_items:
+    - {src: 'traefik-compose.yml', dest: '/home/josiah/apps/traefik/traefik-compose.yml'}
+    - {src: 'traefik.toml', dest: '/home/josiah/apps/traefik/traefik.toml'}
+    - {src: 'traefik.yml', dest: '/home/josiah/apps/traefik/traefik.yml'}  
+
+- name: Deploy network
+  docker_stack:
+    state: present
+    name: traefik
+    compose:
+      - /home/josiah/apps/traefik/traefik.yml
+
+
+- name: Deploy traefik service
+  docker_stack:
+    state: present
+    name: traefik-app
+    compose:
+      - /home/josiah/apps/traefik/traefik-compose.yml
--- a/ansible/roles/mediaserver/templates/traefik-compose.yml
+++ b/ansible/roles/mediaserver/templates/traefik-compose.yml
@ -0,0 +1,45 @@
+version: '3'
+
+services:
+  traefik:
+    image: traefik:alpine
+    command: |-
+      --entryPoints="Name:http Address::80 Redirect.EntryPoint:https"
+      --entryPoints="Name:https Address::443 TLS"
+      --defaultentrypoints="http,https"
+      --accesslogsfile="/var/log/access.log"
+      --acme 
+      --acme.acmelogging="true"
+      # Change this to an actual email address
+      --acme.email="me@jowj.net"
+      --acme.entrypoint="https"
+      --acme.storage="/acme/acme.json"
+      --acme.onhostrule="true"
+      --docker
+      --docker.swarmmode
+      # Change this to your primary domain
+      --docker.domain="home.jowj.net"
+      --docker.watch
+      --web
+    ports:
+      - 80:80
+      - 443:443
+      - 8080:8080
+    networks:
+      - traefik_public
+    volumes:
+      - traefik_acme:/acme/
+      - traefik_logs:/var/log/access.log
+      - /var/run/docker.sock:/var/run/docker.sock
+    deploy:
+      placement:
+        constraints:
+          - node.role == manager
+
+volumes:
+  traefik_acme:
+  traefik_logs:
+
+networks:
+  traefik_public:
+    external: true
--- a/ansible/roles/mediaserver/templates/traefik.toml
+++ b/ansible/roles/mediaserver/templates/traefik.toml
@ -0,0 +1,36 @@
+checkNewVersion = true
+defaultEntryPoints = ["http", "https"]
+
+# This section enable LetsEncrypt automatic certificate generation / renewal
+[acme]
+email = "me@jowj.net"
+storage = "acme.json" # or "traefik/acme/account" if using KV store
+entryPoint = "https"
+acmeLogging = true
+onDemand = true
+OnHostRule = true
+
+# Request wildcard certificates per https://docs.traefik.io/configuration/acme/#wildcard-domains
+[[acme.domains]]
+  main = "hatchery.jowj.net"
+  sans = ["jowj.net"]
+
+# Redirect all HTTP to HTTPS (why wouldn't you?)
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+    [entryPoints.http.redirect]
+      entryPoint = "https"
+  [entryPoints.https]
+  address = ":443"
+    [entryPoints.https.tls]
+
+[web]
+address = ":8080"
+watch = true
+
+[docker]
+endpoint = "tcp://127.0.0.1:2375"
+domain = "home.jowj.net"
+watch = true
+swarmmode = true
--- a/ansible/roles/mediaserver/templates/traefik.yml
+++ b/ansible/roles/mediaserver/templates/traefik.yml
@ -0,0 +1,22 @@
+version: "3.2"
+
+# What is this?
+#
+# This stack exists solely to deploy the traefik_public overlay network, so that
+# other stacks (including traefik-app) can attach to it
+
+services:
+  scratch:
+    image: scratch
+    deploy:
+      replicas: 0
+    networks:
+      - public
+
+networks:
+  public:
+    driver: overlay
+    attachable: true
+    ipam:
+      config:
+        - subnet: 172.16.200.0/24
--- a/ansible/roles/mediaserver/vars/main.yml
+++ b/ansible/roles/mediaserver/vars/main.yml
@ -0,0 +1 @@
+sys_packages: [ 'curl', 'vim', 'git', 'emacs', 'build-essential', 'mosh', 'python', 'python-pip' ]
				`@ -0,0 +1 @@`
				`sys_packages: [ 'curl', 'vim', 'git', 'emacs', 'build-essential', 'mosh', 'python', 'python-pip' ]`