164 lines
4.1 KiB
YAML
164 lines
4.1 KiB
YAML
---
|
|
# Ultra-einfaches Netcup Deployment (Port-Konflikt behoben)
|
|
|
|
- name: Deploy App to Netcup VPS (Debian Clean)
|
|
hosts: all
|
|
become: yes
|
|
vars_files:
|
|
- inventory/group_vars.yml
|
|
|
|
tasks:
|
|
- name: Clean up any existing Docker repositories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
loop:
|
|
- /etc/apt/sources.list.d/docker.list
|
|
- /etc/apt/sources.list.d/download_docker_com_linux_debian.list
|
|
- /etc/apt/keyrings/docker.gpg
|
|
- /etc/apt/keyrings/docker.asc
|
|
ignore_errors: yes
|
|
|
|
- name: Remove any Docker GPG keys from apt-key
|
|
shell: apt-key del 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 || true
|
|
ignore_errors: yes
|
|
|
|
- name: Update apt cache after cleanup
|
|
apt:
|
|
update_cache: yes
|
|
|
|
- name: Install basic packages first
|
|
apt:
|
|
name:
|
|
- nginx
|
|
- certbot
|
|
- python3-certbot-nginx
|
|
- git
|
|
- curl
|
|
- rsync
|
|
- ca-certificates
|
|
- gnupg
|
|
- lsb-release
|
|
state: present
|
|
|
|
- name: Create keyrings directory
|
|
file:
|
|
path: /etc/apt/keyrings
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Add Docker GPG key (new method)
|
|
shell: |
|
|
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
|
chmod a+r /etc/apt/keyrings/docker.gpg
|
|
args:
|
|
creates: /etc/apt/keyrings/docker.gpg
|
|
|
|
- name: Add Docker repository (new method)
|
|
shell: |
|
|
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
|
|
args:
|
|
creates: /etc/apt/sources.list.d/docker.list
|
|
|
|
- name: Update apt cache
|
|
apt:
|
|
update_cache: yes
|
|
|
|
- name: Install Docker
|
|
apt:
|
|
name:
|
|
- docker-ce
|
|
- docker-ce-cli
|
|
- containerd.io
|
|
- docker-buildx-plugin
|
|
- docker-compose-plugin
|
|
state: present
|
|
|
|
- name: Start and enable Docker
|
|
systemd:
|
|
name: docker
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: Add user to docker group
|
|
user:
|
|
name: "{{ ansible_user }}"
|
|
groups: docker
|
|
append: yes
|
|
|
|
- name: Stop nginx temporarily (to avoid port conflicts)
|
|
systemd:
|
|
name: nginx
|
|
state: stopped
|
|
ignore_errors: yes
|
|
|
|
- name: Deploy webapp
|
|
include_role:
|
|
name: webapp
|
|
|
|
- name: Configure Nginx reverse proxy
|
|
template:
|
|
src: roles/webapp/templates/nginx-site.conf.j2
|
|
dest: /etc/nginx/sites-available/{{ domain }}
|
|
backup: yes
|
|
notify: reload nginx
|
|
|
|
- name: Enable site
|
|
file:
|
|
src: /etc/nginx/sites-available/{{ domain }}
|
|
dest: /etc/nginx/sites-enabled/{{ domain }}
|
|
state: link
|
|
notify: reload nginx
|
|
|
|
- name: Remove default site
|
|
file:
|
|
path: /etc/nginx/sites-enabled/default
|
|
state: absent
|
|
notify: reload nginx
|
|
|
|
- name: Test nginx configuration
|
|
command: nginx -t
|
|
register: nginx_test
|
|
|
|
- name: Start nginx
|
|
systemd:
|
|
name: nginx
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: Generate SSL certificate
|
|
command: >
|
|
certbot --nginx -d {{ domain }}
|
|
--non-interactive --agree-tos
|
|
--email {{ ssl_email }}
|
|
args:
|
|
creates: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
|
|
|
|
- name: Setup SSL renewal
|
|
cron:
|
|
name: "Renew SSL"
|
|
minute: "0"
|
|
hour: "3"
|
|
job: "certbot renew --quiet"
|
|
|
|
- name: Wait for app to be ready
|
|
wait_for:
|
|
port: 80
|
|
delay: 10
|
|
timeout: 60
|
|
|
|
- name: Health check
|
|
uri:
|
|
url: "https://{{ domain }}"
|
|
method: GET
|
|
status_code: [200, 301, 302]
|
|
retries: 5
|
|
delay: 10
|
|
ignore_errors: yes
|
|
|
|
handlers:
|
|
- name: reload nginx
|
|
systemd:
|
|
name: nginx
|
|
state: reloaded
|