admin/authser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
74aec1f1c97484652e1b2b13f032b72c5b4e38af
authser/ansible/deploy.yml
Serreau Jovann 74aec1f1c9 Fix Caddy sites directory path (sites, not site) 
The target server uses /etc/caddy/sites/ (plural) for per-site
config files, not /etc/caddy/site/.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 15:52:47 +02:00

166 lines
5.1 KiB
YAML
Raw Blame History

---
# =============================================================
# ecosplay-auth deploy playbook (local execution on the server)
#
# Assumes:
# - This repo is cloned at {{ deploy_dir }} (default /var/www/e-auth)
# and the playbook is invoked from inside ansible/.
# - Caddy is already installed on the server with the
# caddy-dns/cloudflare plugin and loads per-site files from
# /etc/caddy/sites/*.conf.
# - The user running `ansible-playbook` has passwordless sudo.
#
# Usage:
# cd /var/www/e-auth/ansible
# ansible-playbook deploy.yml
# =============================================================
- name: Deploy ecosplay-auth (Keycloak + Caddy vhost)
hosts: localhost
connection: local
become: true
gather_facts: true
vars:
# Root of the repo (the parent of the ansible/ directory).
deploy_dir: "{{ playbook_dir | dirname }}"
tasks:
# ---------------------------------------------------------
# System prerequisites
# ---------------------------------------------------------
- name: Install base packages
ansible.builtin.apt:
name:
- ca-certificates
- curl
- gnupg
- python3-apt
- rsync
update_cache: yes
state: present
# ---------------------------------------------------------
# Docker Engine + compose plugin (idempotent)
# ---------------------------------------------------------
- name: Ensure /etc/apt/keyrings exists
ansible.builtin.file:
path: /etc/apt/keyrings
state: directory
mode: "0755"
- name: Add Docker GPG key
ansible.builtin.get_url:
url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
dest: /etc/apt/keyrings/docker.asc
mode: "0644"
- name: Add Docker apt repository
ansible.builtin.apt_repository:
repo: >-
deb [arch={{ ansible_architecture |
replace('x86_64', 'amd64') |
replace('aarch64', 'arm64') }}
signed-by=/etc/apt/keyrings/docker.asc]
https://download.docker.com/linux/{{ ansible_distribution | lower }}
{{ ansible_distribution_release }} stable
state: present
filename: docker
update_cache: yes
- name: Install Docker Engine + compose plugin
ansible.builtin.apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin
state: present
- name: Ensure Docker service is running
ansible.builtin.systemd:
name: docker
state: started
enabled: yes
# ---------------------------------------------------------
# Repo files (already present at {{ deploy_dir }})
# ---------------------------------------------------------
- name: Ensure deploy directory exists
ansible.builtin.file:
path: "{{ deploy_dir }}"
state: directory
mode: "0755"
- name: Ensure init/sync.sh is executable
ansible.builtin.file:
path: "{{ deploy_dir }}/init/sync.sh"
mode: "0755"
# ---------------------------------------------------------
# Caddy vhost for auth.e-cosplay.fr
# ---------------------------------------------------------
- name: Ensure /etc/caddy/sites directory exists
ansible.builtin.file:
path: /etc/caddy/sites
state: directory
mode: "0755"
owner: root
group: root
- name: Ensure /var/log/caddy directory exists
ansible.builtin.file:
path: /var/log/caddy
state: directory
mode: "0755"
owner: caddy
group: caddy
ignore_errors: true
- name: Deploy Caddy vhost for {{ auth_domain }}
ansible.builtin.template:
src: e-auth.conf.j2
dest: "{{ caddy_site_file }}"
mode: "0644"
owner: root
group: root
notify: Reload caddy
- name: Validate Caddy configuration
ansible.builtin.command: caddy validate --config /etc/caddy/Caddyfile
register: caddy_validate
changed_when: false
failed_when: caddy_validate.rc != 0
# ---------------------------------------------------------
# Bring up the docker-compose stack
# ---------------------------------------------------------
- name: Pull docker images
ansible.builtin.command: docker compose pull
args:
chdir: "{{ deploy_dir }}"
changed_when: false
- name: Start docker-compose stack
ansible.builtin.command: docker compose up -d --remove-orphans
args:
chdir: "{{ deploy_dir }}"
register: compose_up
changed_when: >-
'Started' in (compose_up.stderr | default(''))
or 'Created' in (compose_up.stderr | default(''))
or 'Recreated' in (compose_up.stderr | default(''))
- name: Show compose output
ansible.builtin.debug:
var: compose_up.stderr_lines
when: compose_up.stderr_lines is defined
handlers:
- name: Reload caddy
ansible.builtin.systemd:
name: caddy
state: reloaded
Reference in New Issue View Git Blame Copy Permalink