install woodpecker agent

made caddy config modular
2023-12-30 16:51:31 +01:00 · 2023-12-30 11:25:58 +01:00
17 changed files with 165 additions and 30 deletions
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@ -15,3 +15,6 @@ ansible_become_pass: !vault |
          36343435646561643662373138613237626461373330346566356132636366623731643838383633
          3765666163656264340a663138623535626161376666323862373131383637356231323737313564
          6430
+
+woodpecker_server: 'ci.rustybever.be:9000'
+woodpecker_secret: "{{ vault_woodpecker_secret }}"
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@ -1,6 +1,10 @@
 $ANSIBLE_VAULT;1.1;AES256
-37303338366435366664333235623930303461666537326463613536303263353233303631653061
-3365613139333035616434376464386436653863366338650a366363336438313364646432626335
-32396334643064326531393930666263643163636163316430616434363139316665323262616538
-3665633530616432350a326439636231383765666365386433313432373432373938656638373636
-34323166343965616330366265353462626132356565316637313430343462363163
+65396664323038303134303832613939623230323365613162313835623462663137623231643466
+3661303536326134636662636237326337653535613565380a643035326434656334363432633037
+31626233633935616234376334336138353833613962653632313639383932613638316238636436
+3066656463396530340a356634316630363866373834393035336663373264613031646231666538
+63366666336236313236653831316433346335356430366364303739666532623835373931376636
+63386434346265626331306461393330316164396632383462613537343664616266643938646632
+66316362623730313039666161353232313265613463653762666533356532633333616631343235
+66646339643366663365323165383830353562643266353935386334383134623933353162653666
+6432
--- a/nas.yml
+++ b/nas.yml
@ -41,3 +41,10 @@
  roles:
    - rclone
  tags: rclone
+
+- name: Install Woodpecker agent
+  hosts: nas
+  become: yes
+  roles:
+    - woodpecker
+  tags: woodpecker
--- a/roles/caddy/files/Caddyfile
+++ b/roles/caddy/files/Caddyfile
@ -8,9 +8,7 @@
 # this machine's public IP, then replace ":80" below with your
 # domain name.

-media.roosens.me {
-	reverse_proxy localhost:8096
-}
+import *.Caddyfile

 # Refer to the Caddy docs for more information:
 # https://caddyserver.com/docs/caddyfile
--- a/roles/caddy/handlers/main.yml
+++ b/roles/caddy/handlers/main.yml
@ -1,5 +1,5 @@
 ---
- name: reload-caddy
+- name: caddy-reload
  service:
    name: caddy
    state: reloaded
--- a/roles/caddy/tasks/main.yml
+++ b/roles/caddy/tasks/main.yml
@ -25,7 +25,7 @@
    owner: root
    group: root
    mode: '644'
-  notify: reload-caddy
+  notify: caddy-reload

 - name: Ensure Caddy service is running & enabled
  service:
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -1,10 +1,13 @@
- name: Install packages
+- name: Ensure common packages are installed
  apt:
    name:
      # Needed for handling GPG keys for repositories
      - debian-keyring
      - debian-archive-keyring
      - apt-transport-https
+      - ca-certificates
+      - lsb-release
+      - gnupg

      # Easy to edit files
      - vim
@ -16,9 +19,24 @@

      # Disk monitoring
      - smartmontools
+
+      # Periodic tasks
+      - cron
    state: present

- name: Install Vim config
+- name: Ensure cron service is enabled
+  service:
+    name: cron
+    state: started
+    enabled: true
+
+- name: Ensure fail2ban service is enabled
+  service:
+    name: fail2ban
+    state: started
+    enabled: true
+
+- name: Ensure Vim config is present
  get_url:
    url: 'https://r8r.be/vim'
    dest: '{{ item.dest }}'
@ -30,9 +48,3 @@
      dest: "/home/debian/.vimrc"
    - user: root
      dest: "/root/.vimrc"
-
- name: Enable fail2ban
-  service:
-    name: fail2ban
-    state: started
-    enabled: true
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@ -9,15 +9,6 @@
      - runc
    state: absent

- name: Install Docker PPA dependencies.
-  apt:
-    name:
-      - apt-transport-https
-      - ca-certificates
-      - gnupg
-      - lsb-release
-    state: present
-
 - name: Add Docker GPG key.
  apt_key:
    url: https://download.docker.com/linux/ubuntu/gpg
@ -26,7 +17,7 @@
 - name: Add Docker PPA.
  apt_repository:
    # https://gist.github.com/rbq/886587980894e98b23d0eee2a1d84933
-    repo: deb [arch=amd64] https://download.docker.com/{{ ansible_system | lower }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
+    repo: deb [arch=arm64] https://download.docker.com/{{ ansible_system | lower }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
    state: present

 - name: Install Docker, docker-compose & cron.
@ -50,4 +41,4 @@
    name: Prune the Docker system.
    hour: 4
    minute: 0
-    job: docker system prune -f
+    job: docker system prune -af
--- a/roles/jellyfin/files/jellyfin.Caddyfile
+++ b/roles/jellyfin/files/jellyfin.Caddyfile
@ -0,0 +1,3 @@
+media.roosens.me {
+	reverse_proxy localhost:8096
+}
--- a/roles/jellyfin/meta/main.yml
+++ b/roles/jellyfin/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: caddy
--- a/roles/jellyfin/tasks/main.yml
+++ b/roles/jellyfin/tasks/main.yml
@ -50,3 +50,11 @@
    state: started
    enabled: true

+- name: Ensure Jellyfin Caddyfile is present
+  copy:
+    src: 'jellyfin.Caddyfile'
+    dest: '/etc/caddy/jellyfin.Caddyfile'
+    owner: root
+    group: root
+    mode: '0644'
+  notify: caddy-reload
--- a/roles/samba/handlers/main.yml
+++ b/roles/samba/handlers/main.yml
@ -7,4 +7,4 @@
 - name: smbpasswd-lambroek
  shell:
    cmd: "smbpasswd -sa lambroek"
-    stdin: "{{ lambroek_password }}\n{{ lambroek_password }}"
+    stdin: "{{ lambroek_password }}\n{{ lambroek_password }}\n"
--- a/roles/woodpecker/files/woodpecker-agent.service
+++ b/roles/woodpecker/files/woodpecker-agent.service
@ -0,0 +1,16 @@
+[Unit]
+Description=Woodpecker Agent
+Documentation=https://woodpecker-ci.org/
+After=network.target network-online.target
+Requires=network-online.target
+
+[Service]
+Type=exec
+User=woodpecker
+Group=woodpecker
+ExecStart=/usr/local/bin/woodpecker-agent
+Restart=always
+EnvironmentFile=/etc/woodpecker/woodpecker-agent.env
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/woodpecker/handlers/main.yml
+++ b/roles/woodpecker/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: woodpecker-agent-restart
+  ansible.builtin.service:
+    name: 'woodpecker-agent'
+    state: 'restarted'
--- a/roles/woodpecker/meta/main.yml
+++ b/roles/woodpecker/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: docker
--- a/roles/woodpecker/tasks/main.yml
+++ b/roles/woodpecker/tasks/main.yml
@ -0,0 +1,78 @@
+---
+- name: Create download directory
+  ansible.builtin.file:
+    path: '/home/debian/woodpecker-agent-1.0.1'
+    state: directory
+    mode: '0755'
+
+- name: Download agent tarball
+  ansible.builtin.unarchive:
+    src: 'https://github.com/woodpecker-ci/woodpecker/releases/download/v1.0.1/woodpecker-agent_linux_arm64.tar.gz'
+    remote_src: true
+    dest: '/home/debian/woodpecker-agent-1.0.1'
+    creates: '/home/debian/woodpecker-agent-1.0.1/woodpecker-agent'
+    include:
+      - 'woodpecker-agent'
+  register: res
+
+- name: Move binary to correct location
+  ansible.builtin.copy:
+    src: '/home/debian/woodpecker-agent-1.0.1/woodpecker-agent'
+    remote_src: true
+    dest: '/usr/local/bin/woodpecker-agent'
+    owner: 'root'
+    group: 'root'
+    mode: '0755'
+  when: 'res.changed'
+
+- name: Ensure system group exists
+  group:
+    name: 'woodpecker'
+    gid: 200
+    system: true
+    state: present
+
+- name: Ensure system user exists
+  user:
+    name: 'woodpecker'
+    group: 'woodpecker'
+    uid: 200
+    system: true
+    create_home: false
+
+- name: Ensure woodpecker directory is present
+  file:
+    path: '/etc/woodpecker'
+    state: directory
+    mode: '0755'
+    owner: 'woodpecker'
+    group: 'woodpecker'
+
+- name: Ensure agent environment file is present
+  template:
+    src: 'woodpecker-agent.env.j2'
+    dest: '/etc/woodpecker/woodpecker-agent.env'
+    owner: 'woodpecker'
+    group: 'woodpecker'
+    mode: '0644'
+  notify: woodpecker-agent-restart
+
+- name: Ensure service file is present
+  copy:
+    src: 'woodpecker-agent.service'
+    dest: '/lib/systemd/system/woodpecker-agent.service'
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+  register: res
+
+- name: systemd-reload
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+  when: 'res.changed'
+
+- name: Ensure agent service is enabled
+  ansible.builtin.service:
+    name: 'woodpecker-agent'
+    state: started
+    enabled: true
--- a/roles/woodpecker/templates/woodpecker-agent.env.j2
+++ b/roles/woodpecker/templates/woodpecker-agent.env.j2
@ -0,0 +1,4 @@
+WOODPECKER_SERVER={{ woodpecker_server }}
+WOODPECKER_AGENT_SECRET={{ woodpecker_secret }}
+WOODPECKER_AGENT_CONFIG_FILE=/etc/woodpecker/woodpecker-agent.conf
+WOODPECKER_BACKEND=docker
Author	SHA1	Message	Date
Jef Roosens	fef9b0866f	install woodpecker agent	2023-12-30 16:51:31 +01:00
Jef Roosens	e6409a0a0e	made caddy config modular	2023-12-30 11:25:58 +01:00