diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 822e5d0..ea91439 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,26 +1,38 @@ $ANSIBLE_VAULT;1.1;AES256 -34633138346432303237333963303466366164373662623533336335303030643137303363616466 -6631383863383262313537393762306233653234323734330a633966366166373835333165396432 -32326565373637356530623061353431306464316531623632663934653238376265636230613462 -3266353262313031310a353630303530303866643539333563363733343261663838343363646638 -35363535336133336136323430666134326435343734643061366132383362636132306638643239 -65313733393265363535306635396432366664663933333966653933373635653035363865386365 -31333536343463626165316434636530323663393636353739306633353462623264386531373566 -34633963643466323463383532646163393461653764646434643863643437373132343262306532 -66383362393133663165393263623435396461356164613930353938333830383536666139366365 -35376331333733343739646164623839623336386630323965333536353938303962376662386666 -37313366366436646663353135623534666661353633383161376632386130353337333861623730 -31666462643934633337373937653035663931386464303838323034633563313562633439303430 -31306365356633366564313464633164343662366364366235633430313166376537633337303231 -32393139616264323531393032626336613237613033363666396134626238626663343338666630 -39633838653138313230313732663035376566653532363965326465623231646363643631636530 -34376634306134346534356665326633366331666662613266643966646135363333336431343863 -64663863623936353734626162343937356239626565316135626534386161393064373264646164 -36323636363163353432373532363561643863616431653536373537653536363062326263316161 -32363639306235613466393836346561643930383564316638383264303263366364663364343534 -34373635383033333166636137363363393937366335326562336232386566343430373664666465 -63373531336237323465396538343465363061623663656630663566613233326132313333316430 -65363936303134303463383761326163383830326263336339383434623561336534363565303937 -33363164316466343764353738366437626634376233633137303939616364363739326161666336 -66346333613532366438363630636266326633386130323134626265363561363366313264643636 -3366 +30616130383135316563356661666430316236656436663961303633643539656631656339306335 +3636663936306536373161666235306165353935393132630a383930646665616161626136383138 +31623336323035303933346439313234343261306530656131346139656439636465646239623863 +6237323831623132640a316566383633396637383437303537356536333363386262333032623231 +63333139626462376464303933363832303638323235383063353763313531366264613133613532 +63656666333330633238366330306435323336373063316232366332643639303537663934366166 +62373464333238636436663530653931646433646437393635633533643262633963346333316132 +64396136383239306435663961383136613064363934343036336162663264653562313063666237 +31356237656166353536316533653833636537326430376264396531656534646366366363396466 +61653730633463306666383332666536303133633061333131306261383930663762353239643863 +61326538353864333733636135356562386261323130346331323435376262643839653237613066 +36343637666338383635306638626437363739393431393961323931383461363439363833313434 +64393665663137373031366361373835306436333533363933663932663235383166643063633831 +35646537336436663461386365616433353964306434343162316530643737373665386165303634 +33323434373763623131306135303837373332313238313265623034333638653938393431613539 +63656164333130396130343763353365393636383233363139326436363839353232613866346165 +33383065656432333430323263613932303834323630323530343535633534666636313830653364 +33666466326162653237306463636439313739643833656638353136386238323461353432336633 +32363662616364306230633466616434373139373833346632326563653439613062353833663836 +30656464383537323566303237646465303935663935626238363063313732343132393235663133 +65663039376466653162643465633731643562663863653065323731303466613966386463393434 +30636362656131333638383630333737623736333534646461336430656138396132346432633163 +64346632353134643361653337306633393931333664366234636261663263306162373466353965 +63323563343165663965636665643236633830303036393731613633313264323265323166353339 +33353364623130323762643537346134646238626633303333303934666438366239623735383339 +35666366316333373935333864366337643164353538366332373163623730633865316638666364 +66616162656432616563623536343365383265666130656139663362323636363336383339323164 +33653666356138633464326337643538323532636632656632636438343434636433663630633464 +39386662313035383532343439323061653131313932626564386361666637333862363535333963 +32623538336464306239643265623031386563343233373765653466326236393139316130393866 +31633137633138306266313832623666316534643132323765613432373133376336313130333864 +39623062376339316130386432373463336662356265636263393166313839353836363963643439 +31373735316265313235313862616531313538643131616332336232643137643833333063366332 +36363730633434646239653335373263383861643165646532323063613932363334393665656462 +39386461396338666539336339646137636230303537613464323233656366356430326536333830 +66306231316464343863616661393230363035323032653133636262363565613765343762393739 +63613763356236646236316630363064326266316430323730323662636232343334 diff --git a/roles/server/drone.io/runner/defaults/main.yml b/roles/server/drone.io/runner/defaults/main.yml new file mode 100644 index 0000000..bae02fc --- /dev/null +++ b/roles/server/drone.io/runner/defaults/main.yml @@ -0,0 +1,9 @@ +--- + +instance_name: "drone-runner" # must be unique if multiple runners deployed to machine +docker_image: "drone/drone-runner-docker:1" + +# drone_server_host: ci.example.com +drone_rpc_secret: "{{ lookup('file', 'credentials/' + drone_server_host + '/rpc_secret') }}" # sync with server/drone.io/server, because must be known to all runners +drone_runner_capacity: 4 +drone_runner_name: "{{ inventory_hostname }}" diff --git a/roles/server/drone.io/runner/meta/main.yml b/roles/server/drone.io/runner/meta/main.yml new file mode 100644 index 0000000..64372da --- /dev/null +++ b/roles/server/drone.io/runner/meta/main.yml @@ -0,0 +1,6 @@ +--- + +allow_duplicates: yes + +dependencies: + - role: docker/application diff --git a/roles/server/drone.io/runner/tasks/main.yml b/roles/server/drone.io/runner/tasks/main.yml new file mode 100644 index 0000000..5ea2d30 --- /dev/null +++ b/roles/server/drone.io/runner/tasks/main.yml @@ -0,0 +1,21 @@ +--- + +- name: Start drone runner using docker-compose + docker_compose: + state: present + project_name: "{{ instance_name }}" + definition: + version: '2' + services: + drone-runner: + image: "{{ docker_image }}" + restart: always + environment: + DRONE_RPC_PROTO: https + DRONE_RPC_HOST: "{{ drone_server_host }}" + DRONE_RPC_SECRET: "{{ drone_rpc_secret }}" + DRONE_RUNER_CAPACITY: "{{ drone_runner_capacity }}" + DRONE_RUNNER_NAME: "{{ drone_runner_name }}" + DOCKER_API_VERSION: "1.39" + volumes: + - "/var/run/docker.sock:/var/run/docker.sock" diff --git a/roles/server/drone.io/server/defaults/main.yml b/roles/server/drone.io/server/defaults/main.yml new file mode 100644 index 0000000..53814e6 --- /dev/null +++ b/roles/server/drone.io/server/defaults/main.yml @@ -0,0 +1,21 @@ +--- + +# domain: ci.example.com +docker_image: "drone/drone:1" + +# TODO Bind to socket path +# bind_port +#!socket_directory: "{{ user_directory }}/socket" +#!socket_path: "{{ socket_directory }}/socket" + +# gitea_server_url: https://git.example.com/gitea +# gitea_client_id generated by gitea +# gitea_client_secret generated by gitea + +instance_directory: "{{ global_webservers_directory }}/{{ domain }}" +data_directory: "{{ instance_directory }}/data" +drone_data_directory: "{{ data_directory }}/drone_volume" + +drone_admin_user: "{{ global_username }}" +drone_rpc_secret: "{{ lookup('password', 'credentials/' + domain + '/rpc_secret chars=digits,ascii_letters length=80') }}" # sync with server/drone.io/runner, because must be known to all runners +drone_database_secret: "{{ lookup('password', 'credentials/' + domain + '/database_secret length=32 chars=0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f') }}" diff --git a/roles/server/drone.io/server/meta/main.yml b/roles/server/drone.io/server/meta/main.yml new file mode 100644 index 0000000..798ad66 --- /dev/null +++ b/roles/server/drone.io/server/meta/main.yml @@ -0,0 +1,15 @@ +--- + +allow_duplicates: yes + +dependencies: + - role: docker/application + - role: misc/backup_files + # domain + backup_directory: "{{ data_directory }}" + - role: misc/hdd_dir + # domain + hdd_source_dir: "{{ data_directory }}" + - role: nginx/proxy + # domain + backend_port: "{{ bind_port }}" diff --git a/roles/server/drone.io/server/tasks/main.yml b/roles/server/drone.io/server/tasks/main.yml new file mode 100644 index 0000000..bd46a0a --- /dev/null +++ b/roles/server/drone.io/server/tasks/main.yml @@ -0,0 +1,47 @@ +--- + +- name: Create instance directory + file: + state: directory + path: "{{ instance_directory }}" + owner: root + group: root + mode: u=rwx,g=rx,o= + +- name: Create general data directory + file: + state: directory + path: "{{ data_directory }}" + owner: root + group: root + mode: u=rwx,g=rx,o= + +- name: Create data directory for drone volume + file: + state: directory + path: "{{ drone_data_directory }}" + # let docker/drone.io manage control permissions + +- name: Start drone server using docker-compose + docker_compose: + state: present + project_name: "{{ domain }}" + definition: + version: '2' + services: + drone-server: + image: "{{ docker_image }}" + restart: always + environment: + DRONE_DATABASE_SECRET: "{{ drone_database_secret }}" + DRONE_GITEA_SERVER: "{{ gitea_server_url }}" + DRONE_GITEA_CLIENT_ID: "{{ gitea_client_id }}" + DRONE_GITEA_CLIENT_SECRET: "{{ gitea_client_secret }}" + DRONE_RPC_SECRET: "{{ drone_rpc_secret }}" + DRONE_SERVER_HOST: "{{ domain }}" + DRONE_SERVER_PROTO: https + DRONE_USER_CREATE: "username:{{ drone_admin_user }},admin:true" + ports: + - "127.0.0.1:{{ bind_port }}:80" # for nginx reverse proxy + volumes: + - "{{ data_directory }}:/data"