--- # Ultra-einfaches Netcup Deployment (Port-Konflikt behoben) - name: Deploy App to Netcup VPS (Debian Clean) hosts: all become: yes vars_files: - inventory/group_vars.yml tasks: - name: Clean up any existing Docker repositories file: path: "{{ item }}" state: absent loop: - /etc/apt/sources.list.d/docker.list - /etc/apt/sources.list.d/download_docker_com_linux_debian.list - /etc/apt/keyrings/docker.gpg - /etc/apt/keyrings/docker.asc ignore_errors: yes - name: Remove any Docker GPG keys from apt-key shell: apt-key del 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 || true ignore_errors: yes - name: Update apt cache after cleanup apt: update_cache: yes - name: Install basic packages first apt: name: - nginx - certbot - python3-certbot-nginx - git - curl - rsync - ca-certificates - gnupg - lsb-release state: present - name: Create keyrings directory file: path: /etc/apt/keyrings state: directory mode: '0755' - name: Add Docker GPG key (new method) shell: | curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg chmod a+r /etc/apt/keyrings/docker.gpg args: creates: /etc/apt/keyrings/docker.gpg - name: Add Docker repository (new method) shell: | echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null args: creates: /etc/apt/sources.list.d/docker.list - name: Update apt cache apt: update_cache: yes - name: Install Docker apt: name: - docker-ce - docker-ce-cli - containerd.io - docker-buildx-plugin - docker-compose-plugin state: present - name: Start and enable Docker systemd: name: docker state: started enabled: yes - name: Add user to docker group user: name: "{{ ansible_user }}" groups: docker append: yes - name: Stop nginx temporarily (to avoid port conflicts) systemd: name: nginx state: stopped ignore_errors: yes - name: Deploy webapp include_role: name: webapp - name: Configure Nginx reverse proxy template: src: roles/webapp/templates/nginx-site.conf.j2 dest: /etc/nginx/sites-available/{{ domain }} backup: yes notify: reload nginx - name: Enable site file: src: /etc/nginx/sites-available/{{ domain }} dest: /etc/nginx/sites-enabled/{{ domain }} state: link notify: reload nginx - name: Remove default site file: path: /etc/nginx/sites-enabled/default state: absent notify: reload nginx - name: Test nginx configuration command: nginx -t register: nginx_test - name: Start nginx systemd: name: nginx state: started enabled: yes - name: Generate SSL certificate command: > certbot --nginx -d {{ domain }} --non-interactive --agree-tos --email {{ ssl_email }} args: creates: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem" - name: Setup SSL renewal cron: name: "Renew SSL" minute: "0" hour: "3" job: "certbot renew --quiet" - name: Wait for app to be ready wait_for: port: 80 delay: 10 timeout: 60 - name: Health check uri: url: "https://{{ domain }}" method: GET status_code: [200, 301, 302] retries: 5 delay: 10 ignore_errors: yes handlers: - name: reload nginx systemd: name: nginx state: reloaded