added env file
This commit is contained in:
parent
5adf1806df
commit
db2767e89d
5 changed files with 36 additions and 17 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1 +1,2 @@
|
|||
ansible/inventory
|
||||
ansible/passwords/
|
||||
|
|
|
@ -22,14 +22,28 @@
|
|||
file: path={{item.path}} state=directory
|
||||
with_items:
|
||||
- { path: '/lemmy/' }
|
||||
- { path: '/lemmy/volumes/' }
|
||||
- { path: '/var/www/certbot' }
|
||||
|
||||
- name: add all template files
|
||||
template: src={{item.src}} dest={{item.dest}}
|
||||
with_items:
|
||||
- { src: '../docker/prod/docker-compose.yml', dest: '/lemmy/docker-compose.yml' }
|
||||
- { src: 'nginx.conf', dest: '/lemmy/nginx.conf' }
|
||||
- { src: 'templates/env', dest: '/lemmy/.env' }
|
||||
- { src: 'templates/docker-compose.yml', dest: '/lemmy/docker-compose.yml' }
|
||||
- { src: 'templates/nginx.conf', dest: '/lemmy/nginx.conf' }
|
||||
vars:
|
||||
postgres_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postgres chars=ascii_letters,digits') }}"
|
||||
jwt_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/jwt chars=ascii_letters,digits') }}"
|
||||
|
||||
- name: request letsencrypt certificates
|
||||
- name: set env file permissions
|
||||
file:
|
||||
path: "/lemmy/.env"
|
||||
state: touch
|
||||
mode: 0600
|
||||
access_time: preserve
|
||||
modification_time: preserve
|
||||
|
||||
- name: request initial letsencrypt certificate
|
||||
command: certbot certonly --standalone --agree-tos -d '{{ domain }}' -m '{{ letsencrypt_contact_email }}'
|
||||
args:
|
||||
creates: '/etc/letsencrypt/live/{{domain}}/privkey.pem'
|
||||
|
@ -46,9 +60,9 @@
|
|||
state: present
|
||||
pull: yes
|
||||
|
||||
- name: renew certbot certificates
|
||||
- name: certbot renewal cronjob
|
||||
cron:
|
||||
special_time=daily
|
||||
name=certbot-renew
|
||||
user=root
|
||||
job="certbot certonly --webroot --webroot-path=/peertube/volumes/certbot/ -d '{{ domain }}' --deploy-hook 'docker-compose -f /peertube/docker-compose.yml exec nginx nginx -s reload'"
|
||||
job="certbot certonly --webroot --webroot-path=/var/www/certbot -d '{{ domain }}' --deploy-hook 'docker-compose -f /peertube/docker-compose.yml exec nginx nginx -s reload'"
|
||||
|
|
|
@ -1,32 +1,32 @@
|
|||
version: '2.4'
|
||||
|
||||
services:
|
||||
|
||||
db:
|
||||
image: postgres:12-alpine
|
||||
restart: always
|
||||
environment:
|
||||
POSTGRES_USER: rrr
|
||||
POSTGRES_PASSWORD: rrr
|
||||
POSTGRES_DB: rrr
|
||||
POSTGRES_USER=lemmy
|
||||
POSTGRES_PASSWORD=${DATABASE_PASSWORD}
|
||||
POSTGRES_DB=lemmy
|
||||
volumes:
|
||||
- db:/var/lib/postgresql/data
|
||||
- ./volumes/db:/var/lib/postgresql/data
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -U rrr"]
|
||||
test: ["CMD-SHELL", "pg_isready -U lemmy"]
|
||||
interval: 5s
|
||||
timeout: 5s
|
||||
retries: 20
|
||||
|
||||
lemmy:
|
||||
image: dessalines/lemmy:v0.0.7.3
|
||||
restart: always
|
||||
ports:
|
||||
- "8536:8536"
|
||||
environment:
|
||||
LEMMY_FRONT_END_DIR: /app/dist
|
||||
DATABASE_URL: postgres://rrr:rrr@db:5432/rrr
|
||||
JWT_SECRET: changeme
|
||||
HOSTNAME: rrr
|
||||
restart: always
|
||||
LEMMY_FRONT_END_DIR=/app/dist
|
||||
DATABASE_URL=postgres://rrr:rrr@db:5432/rrr
|
||||
JWT_SECRET=${JWT_SECRET}
|
||||
HOSTNAME=${DOMAIN}
|
||||
depends_on:
|
||||
db:
|
||||
condition: service_healthy
|
||||
volumes:
|
||||
db:
|
4
ansible/templates/env
Normal file
4
ansible/templates/env
Normal file
|
@ -0,0 +1,4 @@
|
|||
DOMAIN={{ domain }}
|
||||
DATABASE_PASSWORD={{ postgres_password }}
|
||||
DATABASE_URL=postgres://lemmy:${DATABASE_PASSWORD}@db:5432/lemmy
|
||||
JWT_SECRET={{ jwt_password }}
|
Reference in a new issue