diff --git a/.ansible/.gitignore b/.ansible/.gitignore new file mode 100644 index 0000000..b19ec65 --- /dev/null +++ b/.ansible/.gitignore @@ -0,0 +1,26 @@ +# ---> Vim +# Swap +[._]*.s[a-v][a-z] +!*.svg # comment out if you don't need vector files +[._]*.sw[a-p] +[._]s[a-rt-v][a-z] +[._]ss[a-gi-z] +[._]sw[a-p] + +# Session +Session.vim +Sessionx.vim + +# Temporary +.netrwhist +*~ +# Auto-generated tag files +tags +# Persistent undo +[._]*.un~ + +# ---> Ansible +*.retry + +# roles +roles/ diff --git a/.ansible/group_vars/all.yml b/.ansible/group_vars/all.yml new file mode 100644 index 0000000..3d31318 --- /dev/null +++ b/.ansible/group_vars/all.yml @@ -0,0 +1,27 @@ +--- + +app_name: www.ykn.fr +app_url: https://{{ app_name }}/ + +gitea_api_base_url: https://gitea.ykn.fr/api/v1 +gitea_api_repository: pulsar/www.ykn.fr + +# BEGIN role_hugo +hugo_os: Linux +hugo_architecture: ARM64 +hugo_latest_url: https://api.github.com/repos/gohugoio/hugo/releases/latest +hugo_version: 0.92.2 +hugo_base_url: "{{ app_url }}" +hugo_binary_path: . +# END role_hugo + +# BEGIN role_nginx +nginx_allowed_ips: + - 192.168.50.5 + - fd00:ff50::d005 + - 192.168.50.3 + - fd00:ff50::d003 +nginx_real_ips: "{{ nginx_allowed_ips }}" +nginx_vhosts: + - docroot: /var/www/www.ykn.fr +# END role_nginx diff --git a/.ansible/requirements.yml b/.ansible/requirements.yml new file mode 100644 index 0000000..d6cc71e --- /dev/null +++ b/.ansible/requirements.yml @@ -0,0 +1,11 @@ +--- + +- name: hugo + scm: git + src: https://gitea.ykn.fr/ansible/role_hugo.git + version: master + +- name: nginx + scm: git + src: https://gitea.ykn.fr/ansible/role_nginx.git + version: master diff --git a/.ansible/run.yml b/.ansible/run.yml new file mode 100644 index 0000000..88abb5d --- /dev/null +++ b/.ansible/run.yml @@ -0,0 +1,153 @@ +--- + +- hosts: all + gather_facts: false + connection: local + tags: + - check_targets + - deploy + - clean_cache + - deploy_nginx + tasks: + - name: Vérifier qu'une limite est fournie + ansible.builtin.fail: + msg: Merci d'exécuter la commande \"ansible-playbook\" avec l'option \"--limit\" + when: play_hosts == groups.all + run_once: true + +- hosts: all + gather_facts: false + connection: local + tags: check_targets + tasks: + - name: Attendre que le port SSH soit ouvert + ansible.builtin.wait_for: + host: "{{ inventory_hostname }}" + port: "{{ ssh_port }}" + search_regex: OpenSSH + delay: 3 + +- hosts: 127.0.0.1 + gather_facts: false + connection: local + tags: install_hugo + roles: + - name: hugo + +- hosts: 127.0.0.1 + gather_facts: false + connection: local + tags: build + tasks: + - name: Générer les fichiers statiques + ansible.builtin.command: + cmd: >- + {{ playbook_dir }}/hugo --quiet --cleanDestinationDir + --destination '{{ playbook_dir }}/{{ app_name }}' + --baseURL '{{ app_url }}' + args: + chdir: .. + +- hosts: 127.0.0.1 + gather_facts: false + connection: local + tags: upload + tasks: + - name: Déterminer des faits + ansible.builtin.set_fact: + release_name: "{{ version }}-build{{ build }}" + archive_name: "{{ app_name }}.tar.gz" + vars: + build: "{{ lookup('env', 'DRONE_BUILD_NUMBER') }}" + version: "{{ lookup('pipe', 'date +%Y.%j') }}" + + - name: Créer une archive des fichiers statiques + community.general.archive: + path: "{{ playbook_dir }}/{{ app_name }}" + dest: "{{ playbook_dir }}/{{ archive_name }}" + format: gz + mode: u=rw,g=r,o=r + register: make_archive + + - name: Créer la version + ansible.builtin.uri: + url: "{{ gitea_api_base_url }}/repos/{{ gitea_api_repository }}/releases" + method: POST + headers: + Content-Type: application/json + body_format: json + body: + name: "{{ release_name }}" + body: Téléversé via *ansible* + tag_name: "{{ release_name }}" + draft: false + prerelease: true + status_code: 201 + register: make_release + + - name: Téléverser l'archive + ansible.builtin.command: + cmd: >- + curl -X 'POST' + "{{ gitea_api_base_url }}/repos/{{ gitea_api_repository }}/releases/{{ release_id }}/assets" + -H 'accept: application/json' + -H 'Content-Type: multipart/form-data' + -F 'attachment=@{{ make_archive.dest }};type=application/gzip' + vars: + release_id: "{{ make_release.json.id }}" + + - name: Lister les pré-version + ansible.builtin.uri: + url: "{{ gitea_api_base_url }}/repos/{{ gitea_api_repository }}/releases?pre-release=true" + method: GET + headers: + Content-Type: application/json + register: get_releases + + - name: Conserver uniquement les trois dernières pré-versions + ansible.builtin.uri: + url: "{{ gitea_api_base_url }}/repos/{{ gitea_api_repository }}/releases/{{ item.id }}" + method: DELETE + headers: + Content-Type: application/json + status_code: 204 + when: + - get_releases.json | length > 0 + - item | length > 0 + loop_control: + label: "{{ item.name }}" + loop: "{{ get_releases.json[3:] }}" + +- hosts: all + gather_facts: false + connection: local + tags: deploy_nginx + roles: + - name: nginx + +- hosts: all + gather_facts: false + connection: local + tags: deploy + tasks: + - name: Déployer l'application + ansible.posix.synchronize: + src: "{{ playbook_dir }}/{{ app_name }}" + dest: /var/www + archive: true + delete: true + tags: deploy + become: true + diff: false + +- hosts: all + gather_facts: false + connection: local + tags: clean_cache + tasks: + - name: Vider le cache de l'application + ansible.builtin.file: + path: /var/cache/nginx/{{ app_name }} + state: absent + become: true + diff: false diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..dc277c9 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,76 @@ +kind: pipeline +type: exec +name: default + +trigger: + event: + - cron + - custom + - promote + - push + +platform: + os: linux + arch: arm64 + +concurrency: + limit: 1 + +steps: + - name: ansible-inventory + commands: + - git clone -b alpha https://gitea.ykn.fr/ansible/inventory.git .ansible/configuration + + - name: ansible-vault + environment: + ANSIBLE_VAULT_PASSWORD: + from_secret: ANSIBLE_VAULT_PASSWORD + commands: + - echo $ANSIBLE_VAULT_PASSWORD > .ansible/configuration/vault-password + + - name: ansible-galaxy + commands: + - sed -i 's#ssh://gitea@git.ykn.fr:12393#https://gitea.ykn.fr#g' .ansible/requirements.yml + - ansible-galaxy install -r .ansible/requirements.yml -p .ansible/roles + + - name: ansible-playbook/check + environment: + ANSIBLE_CONFIG: .ansible/configuration/ansible.cfg + commands: + - ansible-playbook .ansible/run.yml --tags check_targets --limit 'ykn-www-2245.nyx.ykn.local,nyx_rproxies' + + - name: ansible-playbook/hugo + environment: + ANSIBLE_CONFIG: .ansible/configuration/ansible.cfg + commands: + - ansible-playbook .ansible/run.yml --tags install_hugo + + - name: ansible-playbook/build + environment: + ANSIBLE_CONFIG: .ansible/configuration/ansible.cfg + commands: + - ansible-playbook .ansible/run.yml --tags build + + - name: ansible-playbook/upload + environment: + ANSIBLE_CONFIG: .ansible/configuration/ansible.cfg + commands: + - ansible-playbook .ansible/run.yml --tags upload + + - name: ansible-playbook/nginx + environment: + ANSIBLE_CONFIG: .ansible/configuration/ansible.cfg + commands: + - ansible-playbook .ansible/run.yml --tags deploy_nginx --limit 'ykn-www-2245.nyx.ykn.local' + + - name: ansible-playbook/deploy + environment: + ANSIBLE_CONFIG: .ansible/configuration/ansible.cfg + commands: + - ansible-playbook .ansible/run.yml --tags deploy --limit 'ykn-www-2245.nyx.ykn.local' + + - name: ansible-playbook/cache + environment: + ANSIBLE_CONFIG: .ansible/configuration/ansible.cfg + commands: + - ansible-playbook .ansible/run.yml --tags clean_cache --limit 'nyx_rproxies' diff --git a/meta/main.yml b/meta/main.yml deleted file mode 100644 index c58bebf..0000000 --- a/meta/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -galaxy_info: - namespace: ykn - author: pulsar89.5 - description: Rôle modèle - - license: GPL-3.0-or-later - - min_ansible_version: '2.1' - - platforms: - - name: Debian - versions: - - all - -dependencies: []