Added drone role
This commit is contained in:
parent
ea6986a7a2
commit
bdccc430ad
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: common
|
||||
- role: docker
|
|
@ -0,0 +1,34 @@
|
|||
---
|
||||
- name: add drone http site
|
||||
template:
|
||||
src: etc/apache2/sites-available/ci_domain.conf.j2
|
||||
dest: /etc/apache2/sites-available/{{ ci_domain}}.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
- name: disable default site and enable drone site
|
||||
block:
|
||||
- name: disable default site
|
||||
command:
|
||||
cmd: a2dissite 000-default.conf
|
||||
- name: enable drone site
|
||||
command:
|
||||
cmd: a2ensite {{ ci_domain }}.conf
|
||||
- name: run certbot
|
||||
command:
|
||||
cmd: certbot --apache --non-interactive --keep-until-expiring --no-eff-mail --email {{ admin_mail }} --redirect --renew-with-new-domains --agree-tos -d {{ ci_domain }}
|
||||
when: ansible_domain != 'dev'
|
||||
- include: ssl-dev.yml
|
||||
when ansible_domain == 'dev'
|
||||
- name: add drone https site
|
||||
template:
|
||||
src: etc/apache2/sites-available/ci_domain-le-ssl.conf.j2
|
||||
dest: /etc/apache2/sites-available/{{ ci_domain }}-le-ssl.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
- name: enable drone https site
|
||||
command:
|
||||
cmd: a2ensite {{ ci_domain }}-le-ssl.conf
|
||||
notify: restart apache
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
-
|
|
@ -0,0 +1,27 @@
|
|||
---
|
||||
- name: Ensure python OpenSSL dependencies are installed.
|
||||
pip:
|
||||
name: pyOpenSSL
|
||||
state: present
|
||||
|
||||
- name: Ensure directory exists for local self-signed TLS certs.
|
||||
file:
|
||||
path: /etc/letsencrypt/live/{{ ci_domain }}
|
||||
state: directory
|
||||
|
||||
- name: Generate an OpenSSL private key.
|
||||
openssl_privatekey:
|
||||
path: /etc/letsencrypt/live/{{ ci_domain }}/privkey.pem
|
||||
|
||||
- name: Generate an OpenSSL CSR.
|
||||
openssl_csr:
|
||||
path: /etc/ssl/private/{{ ci_domain }}.csr
|
||||
privatekey_path: /etc/letsencrypt/live/{{ ci_domain }}/privkey.pem
|
||||
common_name: "{{ ci_domain }}"
|
||||
|
||||
- name: Generate a Self Signed OpenSSL certificate.
|
||||
openssl_certificate:
|
||||
path: /etc/letsencrypt/live/{{ ci_domain }}/fullchain.pem
|
||||
privatekey_path: /etc/letsencrypt/live/{{ ci_domain }}/privkey.pem
|
||||
csr_path: /etc/ssl/private/{{ ci_domain }}.csr
|
||||
provider: selfsigned
|
|
@ -0,0 +1,21 @@
|
|||
<IfModule mod_ssl.c>
|
||||
<VirtualHost *:443>
|
||||
ServerName {{ ci_domain }}
|
||||
ServerAdmin {{ admin_mail }}
|
||||
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||
|
||||
SSLCertificateFile /etc/letsencrypt/live/{{ ci_domain }}/fullchain.pem
|
||||
SSLCertificateKeyFile /etc/letsencrypt/live/{{ ci_domain }}/privkey.pem
|
||||
Include /etc/letsencrypt/options-ssl-apache.conf
|
||||
|
||||
# Encoded slashes need to be allowed
|
||||
AllowEncodedSlashes NoDecode
|
||||
|
||||
# keep the host
|
||||
ProxyPreserveHost On
|
||||
ProxyPass / http://127.0.0.1:8000/
|
||||
ProxyPassReverse / http://127.0.0.1:8000/
|
||||
|
||||
</VirtualHost>
|
||||
</IfModule>
|
|
@ -0,0 +1,6 @@
|
|||
<VirtualHost *:80>
|
||||
ServerName {{ ci_domain }}
|
||||
ServerAdmin {{ admin_mail }}
|
||||
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||
</VirtualHost>
|
|
@ -0,0 +1,22 @@
|
|||
version: '2'
|
||||
|
||||
services:
|
||||
drone-server:
|
||||
image: drone/drone:1
|
||||
|
||||
ports:
|
||||
- 8000:8000
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /var/lib/drone:/data
|
||||
restart: always
|
||||
environment:
|
||||
- DRONE_SERVER_HOST={{ ci_domain }}
|
||||
- DRONE_SERVER_PROTO=http
|
||||
- DRONE_RUNNER_CAPACITY=2
|
||||
- DRONE_USER_CREATE=username:{{ gitea_user }},admin:true
|
||||
- DRONE_GITEA_SERVER={{ gitea_url }}
|
||||
- DRONE_GITEA_CLIENT_ID={{ gitea_client_id }}
|
||||
- DRONE_GITEA_CLIENT_SECRET={{ gitea_client_secret }}
|
||||
- LC_ALL=C.UTF-8
|
||||
- LANG=C.UTF-8
|
Loading…
Reference in New Issue