[INFO] Ajouter la pipeline et le playbook ansible

.ansible/.gitignore

@@ -0,0 +1,26 @@
+# ---> Vim
+# Swap
+[._]*.s[a-v][a-z]
+!*.svg  # comment out if you don't need vector files
+[._]*.sw[a-p]
+[._]s[a-rt-v][a-z]
+[._]ss[a-gi-z]
+[._]sw[a-p]
+
+# Session
+Session.vim
+Sessionx.vim
+
+# Temporary
+.netrwhist
+*~
+# Auto-generated tag files
+tags
+# Persistent undo
+[._]*.un~
+
+# ---> Ansible
+*.retry
+
+# roles
+roles/

.ansible/group_vars/all.yml

@@ -0,0 +1,27 @@
+---
+
+app_name: www.ykn.fr
+app_url: https://{{ app_name }}/
+
+gitea_api_base_url: https://gitea.ykn.fr/api/v1
+gitea_api_repository: pulsar/www.ykn.fr
+
+# BEGIN role_hugo
+hugo_os: Linux
+hugo_architecture: ARM64
+hugo_latest_url: https://api.github.com/repos/gohugoio/hugo/releases/latest
+hugo_version: 0.92.2
+hugo_base_url: "{{ app_url }}"
+hugo_binary_path: .
+# END role_hugo
+
+# BEGIN role_nginx
+nginx_allowed_ips:
+  - 192.168.50.5
+  - fd00:ff50::d005
+  - 192.168.50.3
+  - fd00:ff50::d003
+nginx_real_ips: "{{ nginx_allowed_ips }}"
+nginx_vhosts:
+  - docroot: /var/www/www.ykn.fr
+# END role_nginx

.ansible/requirements.yml

@@ -0,0 +1,11 @@
+---
+
+- name: hugo
+  scm: git
+  src: https://gitea.ykn.fr/ansible/role_hugo.git
+  version: master
+
+- name: nginx
+  scm: git
+  src: https://gitea.ykn.fr/ansible/role_nginx.git
+  version: master

.ansible/run.yml

@@ -0,0 +1,153 @@
+---
+
+- hosts: all
+  gather_facts: false
+  connection: local
+  tags:
+    - check_targets
+    - deploy
+    - clean_cache
+    - deploy_nginx
+  tasks:
+    - name: Vérifier qu'une limite est fournie
+      ansible.builtin.fail:
+        msg: Merci d'exécuter la commande \"ansible-playbook\" avec l'option \"--limit\"
+      when: play_hosts == groups.all
+      run_once: true
+
+- hosts: all
+  gather_facts: false
+  connection: local
+  tags: check_targets
+  tasks:
+    - name: Attendre que le port SSH soit ouvert
+      ansible.builtin.wait_for:
+        host: "{{ inventory_hostname }}"
+        port: "{{ ssh_port }}"
+        search_regex: OpenSSH
+        delay: 3
+
+- hosts: 127.0.0.1
+  gather_facts: false
+  connection: local
+  tags: install_hugo
+  roles:
+    - name: hugo
+
+- hosts: 127.0.0.1
+  gather_facts: false
+  connection: local
+  tags: build
+  tasks:
+    - name: Générer les fichiers statiques
+      ansible.builtin.command:
+        cmd: >-
+          {{ playbook_dir }}/hugo --quiet --cleanDestinationDir
+          --destination '{{ playbook_dir }}/{{ app_name }}'
+          --baseURL '{{ app_url }}'
+      args:
+        chdir: ..
+
+- hosts: 127.0.0.1
+  gather_facts: false
+  connection: local
+  tags: upload
+  tasks:
+    - name: Déterminer des faits
+      ansible.builtin.set_fact:
+        release_name: "{{ version }}-build{{ build }}"
+        archive_name: "{{ app_name }}.tar.gz"
+      vars:
+        build: "{{ lookup('env', 'DRONE_BUILD_NUMBER') }}"
+        version: "{{ lookup('pipe', 'date +%Y.%j') }}"
+
+    - name: Créer une archive des fichiers statiques
+      community.general.archive:
+        path: "{{ playbook_dir }}/{{ app_name }}"
+        dest: "{{ playbook_dir }}/{{ archive_name }}"
+        format: gz
+        mode: u=rw,g=r,o=r
+      register: make_archive
+
+    - name: Créer la version
+      ansible.builtin.uri:
+        url: "{{ gitea_api_base_url }}/repos/{{ gitea_api_repository }}/releases"
+        method: POST
+        headers:
+          Content-Type: application/json
+        body_format: json
+        body:
+          name: "{{ release_name }}"
+          body: Téléversé via *ansible*
+          tag_name: "{{ release_name }}"
+          draft: false
+          prerelease: true
+        status_code: 201
+      register: make_release
+
+    - name: Téléverser l'archive
+      ansible.builtin.command:
+        cmd: >-
+          curl -X 'POST'
+          "{{ gitea_api_base_url }}/repos/{{ gitea_api_repository }}/releases/{{ release_id }}/assets"
+          -H 'accept: application/json'
+          -H 'Content-Type: multipart/form-data'
+          -F 'attachment=@{{ make_archive.dest }};type=application/gzip'
+      vars:
+        release_id: "{{ make_release.json.id }}"
+
+    - name: Lister les pré-version
+      ansible.builtin.uri:
+        url: "{{ gitea_api_base_url }}/repos/{{ gitea_api_repository }}/releases?pre-release=true"
+        method: GET
+        headers:
+          Content-Type: application/json
+      register: get_releases
+
+    - name: Conserver uniquement les trois dernières pré-versions
+      ansible.builtin.uri:
+        url: "{{ gitea_api_base_url }}/repos/{{ gitea_api_repository }}/releases/{{ item.id }}"
+        method: DELETE
+        headers:
+          Content-Type: application/json
+        status_code: 204
+      when:
+        - get_releases.json | length > 0
+        - item | length > 0
+      loop_control:
+        label: "{{ item.name }}"
+      loop: "{{ get_releases.json[3:] }}"
+
+- hosts: all
+  gather_facts: false
+  connection: local
+  tags: deploy_nginx
+  roles:
+    - name: nginx
+
+- hosts: all
+  gather_facts: false
+  connection: local
+  tags: deploy
+  tasks:
+    - name: Déployer l'application
+      ansible.posix.synchronize:
+        src: "{{ playbook_dir }}/{{ app_name }}"
+        dest: /var/www
+        archive: true
+        delete: true
+      tags: deploy
+      become: true
+      diff: false
+
+- hosts: all
+  gather_facts: false
+  connection: local
+  tags: clean_cache
+  tasks:
+    - name: Vider le cache de l'application
+      ansible.builtin.file:
+        path: /var/cache/nginx/{{ app_name }}
+        state: absent
+      become: true
+      diff: false

.drone.yml

@@ -0,0 +1,76 @@
+kind: pipeline
+type: exec
+name: default
+
+trigger:
+  event:
+    - cron
+    - custom
+    - promote
+    - push
+
+platform:
+  os: linux
+  arch: arm64
+
+concurrency:
+  limit: 1
+
+steps:
+  - name: ansible-inventory
+    commands:
+      - git clone -b alpha https://gitea.ykn.fr/ansible/inventory.git .ansible/configuration
+ 
+  - name: ansible-vault
+    environment:
+      ANSIBLE_VAULT_PASSWORD:
+        from_secret: ANSIBLE_VAULT_PASSWORD
+    commands:
+      - echo $ANSIBLE_VAULT_PASSWORD > .ansible/configuration/vault-password
+
+  - name: ansible-galaxy
+    commands:
+      - sed -i 's#ssh://gitea@git.ykn.fr:12393#https://gitea.ykn.fr#g' .ansible/requirements.yml
+      - ansible-galaxy install -r .ansible/requirements.yml -p .ansible/roles 
+
+  - name: ansible-playbook/check
+    environment:
+      ANSIBLE_CONFIG: .ansible/configuration/ansible.cfg
+    commands:
+      - ansible-playbook .ansible/run.yml --tags check_targets --limit 'ykn-www-2245.nyx.ykn.local,nyx_rproxies'
+
+  - name: ansible-playbook/hugo
+    environment:
+      ANSIBLE_CONFIG: .ansible/configuration/ansible.cfg
+    commands:
+      - ansible-playbook .ansible/run.yml --tags install_hugo
+
+  - name: ansible-playbook/build
+    environment:
+      ANSIBLE_CONFIG: .ansible/configuration/ansible.cfg
+    commands:
+      - ansible-playbook .ansible/run.yml --tags build
+
+  - name: ansible-playbook/upload
+    environment:
+      ANSIBLE_CONFIG: .ansible/configuration/ansible.cfg
+    commands:
+      - ansible-playbook .ansible/run.yml --tags upload
+
+  - name: ansible-playbook/nginx
+    environment:
+      ANSIBLE_CONFIG: .ansible/configuration/ansible.cfg
+    commands:
+      - ansible-playbook .ansible/run.yml --tags deploy_nginx --limit 'ykn-www-2245.nyx.ykn.local'
+
+  - name: ansible-playbook/deploy
+    environment:
+      ANSIBLE_CONFIG: .ansible/configuration/ansible.cfg
+    commands:
+      - ansible-playbook .ansible/run.yml --tags deploy --limit 'ykn-www-2245.nyx.ykn.local'
+
+  - name: ansible-playbook/cache
+    environment:
+      ANSIBLE_CONFIG: .ansible/configuration/ansible.cfg
+    commands:
+      - ansible-playbook .ansible/run.yml --tags clean_cache --limit 'nyx_rproxies'

meta/main.yml

@@ -1,15 +0,0 @@
-galaxy_info:
-  namespace: ykn
-  author: pulsar89.5
-  description: Rôle modèle
-
-  license: GPL-3.0-or-later
-
-  min_ansible_version: '2.1'
-
-  platforms:
-    - name: Debian
-      versions:
-        - all
-
-dependencies: []