-
Notifications
You must be signed in to change notification settings - Fork 4
/
bootstrap.yml
79 lines (65 loc) · 2.27 KB
/
bootstrap.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# Inspired from https://github.com/5car1z/ansible-debian-provisioning
- name: "ogcapi Ubuntu Server Setup"
hosts: all
become: true
gather_facts: yes
vars_files:
- vars/vars.yml
roles:
# https://github.com/sansible/users_and_groups
- name: sansible.users_and_groups
tags: users
sansible_users_and_groups_users:
- name: "{{ my_admin_user }}"
system: yes
shell: /bin/bash
ssh_key: "{{ my_ssh_pubkey_file }}"
append: yes
sansible_users_and_groups_sudoers:
- name: "{{ my_admin_user }}"
user: "%{{ my_admin_user }}"
runas: "ALL=(ALL)"
commands: "NOPASSWD: ALL"
append: yes
- name: justb4.ubuntu-base
tags: ubuntu-base
- name: justb4.ubuntu-ntp
tags: ubuntu-ntp
- name: geerlingguy.pip
tags: pip
# https://github.com/geerlingguy/ansible-role-docker
# defaults: https://github.com/geerlingguy/ansible-role-docker/blob/master/defaults/main.yml
- name: geerlingguy.docker
tags: docker
docker_users:
- "{{ my_admin_user }}"
tasks:
- name: "Set global env vars"
lineinfile:
dest: /etc/environment
state: present
regexp: '^EMAIL'
line: 'EMAIL={{ my_email }}'
# https://www.jeffgeerling.com/blog/2018/cloning-private-github-repositories-ansible-on-remote-server-through-ssh
- name: "Clone Git Repo"
git:
dest: "{{ my_git_home }}"
repo: "{{ my_github_repo }}"
clone: "yes"
update: "yes"
accept_hostkey: "yes"
force: "yes"
- name: "Ensure ownership to admin user of git dir"
ansible.builtin.file:
path: "{{ my_git_home }}"
owner: "{{ my_admin_user }}"
group: "{{ my_admin_user }}"
- name: "Build Docker Images"
shell: "cd {{ services_home }} && ./build.sh"
# https://stackoverflow.com/questions/35984151/how-to-create-new-system-service-by-ansible-playbook
- name: "Service | Create Unit file"
template: src=templates/systemd.service.j2 dest=/lib/systemd/system/ogcapi.service mode=644
- name: "reload systemctl"
shell: "systemctl daemon-reload"
- name: "Service | Start ogcapi"
service: name=ogcapi.service state=started enabled=yes