path: root/docker.yml

---
- name: Docker apps
  hosts: tamriel
  remote_user: ansible_worker
  vars:
    docker_compose_dir: "~/compose"
  vars_files:
  - domains.yml
  - secrets.yml
  tasks:
  - name: Remove old config
    file:
      path: "{{docker_compose_dir}}"
      state: absent
  - name: Synchronize docker-compose files
    synchronize:
      src: compose/
      dest: "{{docker_compose_dir}}"
  - name: Generate nginx conf
    template:
      src: templates/nginx.conf.j2
      dest: "{{docker_compose_dir}}/nginx/conf.d/{{item.key}}.conf"
    vars:
      server: "{{item.value}}"
      short_name: "{{item.key}}"
    with_items: "{{domains | dict2items}}"

  - name: Counter app
    docker_service:
      project_name: app
      build: yes
      definition:
        version: '3'
        services:
          web:
            build: "{{docker_compose_dir}}/app"
            ports:
             - "127.0.0.1:{{domains.cnt.proxy.port}}:5000"
            restart: always
          redis:
            image: "redis:alpine"
            restart: always
  - name: nginx
    docker_service:
      project_name: nginx
      build: yes
      definition:
        version: '3'
        services:
          main:
            build: "{{docker_compose_dir}}/nginx"
            network_mode: host
            volumes:
            - "/etc/letsencrypt/live/dybiec.info:/etc/letsencrypt/live/dybiec.info:ro"
            - "/etc/letsencrypt/archive/dybiec.info:/etc/letsencrypt/archive/dybiec.info:ro"
            restart: always

  - name: gitea
    docker_service:
      project_name: gitea
      restarted: true
      definition:
        version: '2'
        volumes:
          data:
            external:
              name: gitea_data
          db:
            external:
              name: gitea_db
        networks:
          gitea:
            external: false
        services:
          web:
            image: gitea/gitea:latest
            volumes:
              - data:/data
            ports:
              - "127.0.0.1:{{domains.git.proxy.port}}:3000"
              - "2022:22"
            environment:
              - DB_TYPE=postgres
              - DB_HOST=db:5432
              - DB_NAME=gitea
              - DB_USER=gitea
              - "DB_PASSW={{gitea_db_password}}"
              - HTTP_PORT=3000
              - "ROOT_URL=https://{{domains.git.name}}"
              - SSH_DOMAIN=git.dybiec.info
              - SSH_PORT=2022
              - "APP_NAME={{domains.git.name}}"
              - DISABLE_REGISTRATION=true
              - INSTALL_LOCK=true
              - RUN_MODE=prod
              - OFFLINE_MODE=true
            networks:
              - gitea
            depends_on:
              - db
            restart: always
          redis:
            image: "redis:alpine"
            restart: always
            networks:
            - gitea
          db:
            image: postgres:11
            restart: always
            environment:
              - POSTGRES_USER=gitea
              - "POSTGRES_PASSWORD={{gitea_db_password}}"
              - POSTGRES_DB=gitea
            networks:
              - gitea
            volumes:
              - db/:/var/lib/postgresql/data
  - name: grafana
    docker_service:
      project_name: monitoring
      restarted: true
      definition:
        version: '3'
        volumes:
          grafana-storage:
            external:
              name: grafana_storage
        services:
          grafana:
            image: grafana/grafana
            ports:
            - "127.0.0.1:{{domains.grafana.proxy.port}}:3000"
            environment:
            - "GF_SERVER_ROOT_URL=http://{{domains.grafana.name}}"
            - "GF_SECURITY_ADMIN_PASSWORD={{grafana_admin_password}}"
            volumes:
            - "grafana-storage:/var/lib/grafana"
            restart: always
          prometheus:
            image: prom/prometheus
            extra_hosts:
            - "dockerhost:172.17.0.1"
            volumes:
              - "{{docker_compose_dir}}/monitoring/prometheus:/etc/prometheus/:ro"
            restart: always
          cadvisor:
            image: google/cadvisor
            expose: [8080]
            volumes:
              - "/:/rootfs:ro"
              - "/var/run:/var/run:ro"
              - "/sys:/sys:ro"
              - "/var/lib/docker:/var/lib/docker:ro"
              - "/dev/disk:/dev/disk:ro"
            restart: always
  - name: registry
    docker_service:
      project_name: registry
      definition:
        version: '3'
        volumes:
          registry:
            external:
              name: registry
        services:
          registry:
            ports:
              - "127.0.0.1:{{domains.registry.proxy.port}}:5000"
            image: registry:2
            volumes:
              - "registry:/var/lib/registry"
            environment:
              REGISTRY_STORAGE_MAINTENANCE: |-
                readonly:
                  enabled: true
            restart: always

  - name: vpn
    docker_service:
      project_name: vpn
      definition:
        version: '3'
        volumes:
          openvpn-certs:
            external:
              name: openvpn-pawel
        services:
          openvpn:
            image: kylemanna/openvpn
            network_mode: host
            volumes:
              - "openvpn-certs:/etc/openvpn"
            privileged: true