From 177c281fff38d56a8f3aa76c688d28f73737fe68 Mon Sep 17 00:00:00 2001
From: William <work@suppo.fr>
Date: Sat, 2 Jul 2022 16:22:50 +0200
Subject: [PATCH] Playbook d'installation du serveur.

---
 README.md                               | 21 ++++++
 playbooks/setup.yml                     | 87 +++++++++++++++++++++++++
 templates/traefik-docker-compose.yml.j2 | 27 ++++++++
 templates/traefik.yml.j2                | 31 +++++++++
 4 files changed, 166 insertions(+)
 create mode 100644 playbooks/setup.yml
 create mode 100644 templates/traefik-docker-compose.yml.j2
 create mode 100644 templates/traefik.yml.j2

diff --git a/README.md b/README.md
index a34748c..d176c65 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,27 @@
 
 This playbook installs app from repository and bind Traefik on defined host.
 
+## Setup server
+
+First create a file `vars.json` who contain :
+
+```json
+{
+  "working_dir": "/srv/apps",  
+  "with_dashboard": "yes",
+  "with_https": "yes",
+  "acme_email": "admin@example.com",
+  "log_level": "INFO"
+}
+```
+
+Then run setup playbook:
+
+```bash
+HOSTNAME=vps.example.com
+$ ansible-playbook -i $HOSTNAME, -e ansible_python_interpreter=/usr/bin/python3 -e @vars.json playbooks/setup.yml
+```
+
 ## Manage app
 
 Available playbooks:
diff --git a/playbooks/setup.yml b/playbooks/setup.yml
new file mode 100644
index 0000000..352a6dc
--- /dev/null
+++ b/playbooks/setup.yml
@@ -0,0 +1,87 @@
+---
+- name: Setup server
+  hosts: all
+  become: yes
+
+  tasks:
+    - name: Install required system packages
+      apt:
+        name: [
+            'apt-transport-https',
+            'ca-certificates',
+            'software-properties-common',
+            'python3-pip',
+        ]
+        state: present
+        update_cache: yes
+
+    - name: Add Docker GPG apt Key
+      apt_key:
+        url: https://download.docker.com/linux/ubuntu/gpg
+        state: present
+
+    - name: Add Docker Repository
+      apt_repository:
+        repo: "deb [arch=amd64] https://download.docker.com/{{ ansible_system | lower }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
+        state: present
+
+    - name: Update apt and install Docker
+      apt:
+        name: [
+            'docker-ce',
+            'docker-ce-cli',
+            'containerd.io',
+        ]
+        state: latest
+        update_cache: yes
+
+    - name: Add the Python client for Docker
+      pip:
+        name: [
+            'docker',
+            'docker-compose'
+        ]
+
+    - name: Install docker-compose
+      get_url:
+        url : https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64
+        dest: /usr/local/bin/docker-compose
+        mode: 'u+x,g+x'
+        group: docker
+
+    - name: Create Traefik directory
+      file:
+        path: "{{ working_dir }}/traefik"
+        state: directory
+
+    - name: Create Acme file
+      file:
+        path: "{{ working_dir }}/traefik/acme.json"
+        state: touch
+        mode: 0600
+
+    - name: Build Traefik config file
+      template:
+        src: ../templates/traefik.yml.j2
+        dest: "{{ working_dir }}/traefik/traefik.yml"
+
+    - name: Create global network
+      docker_network:
+        name: web
+
+    - name: Build Traefik docker-compose file
+      template:
+        src: ../templates/traefik-docker-compose.yml.j2
+        dest: '{{ working_dir }}/traefik/docker-compose.yml'
+
+    - name: Run Traefik container
+      community.docker.docker_compose:
+        project_src: "{{ working_dir }}/traefik"
+        build: yes
+        files:
+          - docker-compose.yml
+        restarted: yes
+      register: output
+
+    - debug:
+        var: output
diff --git a/templates/traefik-docker-compose.yml.j2 b/templates/traefik-docker-compose.yml.j2
new file mode 100644
index 0000000..fd0428b
--- /dev/null
+++ b/templates/traefik-docker-compose.yml.j2
@@ -0,0 +1,27 @@
+version: '3'
+
+networks:
+  web:
+    external: true
+
+services:
+  traefik:
+    image: "traefik:v2.7"
+    container_name: "traefik"
+    restart: unless-stopped
+    networks:
+      - "web"
+    ports:
+      - "80:80"
+{% if with_https == 'yes' %}
+      - "443:443"
+{% endif %}
+{% if with_dashboard == 'yes' %}
+      - "8080:8080"
+{% endif %}
+    volumes:
+      - "{{ working_dir }}/traefik/traefik.yml:/etc/traefik/traefik.yml"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+{% if with_https == 'yes' %}
+      - "{{ working_dir }}/traefik/acme.json:/acme.json"
+{% endif %}
diff --git a/templates/traefik.yml.j2 b/templates/traefik.yml.j2
new file mode 100644
index 0000000..78d1540
--- /dev/null
+++ b/templates/traefik.yml.j2
@@ -0,0 +1,31 @@
+entryPoints:
+  http:
+    address: ":80"
+{% if with_https == 'yes' %}
+  https:
+    address: ":443"
+{% endif %}
+
+log:
+  level: {{ log_level }}
+
+{% if with_dashboard == 'yes' %}
+api:
+  dashboard: true
+  insecure: true
+{% endif %}
+
+providers:
+  docker:
+    network: "web"
+    endpoint: "unix:///var/run/docker.sock"
+
+{% if with_https == 'yes' %}
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: "{{ acme_email }}"
+      storage = "acme.json"
+      httpChallenge:
+        entryPoint: "http"
+{% endif %}