From e13d4b448efd7174b1b4c8723cbc8be845470c60 Mon Sep 17 00:00:00 2001
From: clarkzjw <i@jinwei.me>
Date: Sun, 1 Jan 2023 21:08:22 -0800
Subject: stash

---
 photo.jinwei.me/config/ansible.cfg                 | 14 +++++
 photo.jinwei.me/config/inventory/aws_ec2.yaml      |  7 +++
 photo.jinwei.me/config/requirements.yaml           | 10 +++
 photo.jinwei.me/config/role.yaml                   |  3 +
 .../config/roles/debian_init/defaults/main.yaml    |  1 +
 .../config/roles/debian_init/tasks/main.yaml       | 72 ++++++++++++++++++++++
 photo.jinwei.me/config/roles/wordpress/Dockerfile  |  5 ++
 photo.jinwei.me/config/roles/wordpress/build.sh    |  5 ++
 .../config/roles/wordpress/defaults/main.yaml      |  4 ++
 .../config/roles/wordpress/tasks/main.yaml         | 16 +++++
 .../wordpress/templates/docker-compose.yaml.j2     | 22 +++++++
 photo.jinwei.me/config/roles/wordpress/uploads.ini |  5 ++
 photo.jinwei.me/config/site.yaml                   |  3 +
 13 files changed, 167 insertions(+)
 create mode 100644 photo.jinwei.me/config/ansible.cfg
 create mode 100644 photo.jinwei.me/config/inventory/aws_ec2.yaml
 create mode 100644 photo.jinwei.me/config/requirements.yaml
 create mode 100644 photo.jinwei.me/config/role.yaml
 create mode 100644 photo.jinwei.me/config/roles/debian_init/defaults/main.yaml
 create mode 100644 photo.jinwei.me/config/roles/debian_init/tasks/main.yaml
 create mode 100644 photo.jinwei.me/config/roles/wordpress/Dockerfile
 create mode 100755 photo.jinwei.me/config/roles/wordpress/build.sh
 create mode 100644 photo.jinwei.me/config/roles/wordpress/defaults/main.yaml
 create mode 100644 photo.jinwei.me/config/roles/wordpress/tasks/main.yaml
 create mode 100644 photo.jinwei.me/config/roles/wordpress/templates/docker-compose.yaml.j2
 create mode 100644 photo.jinwei.me/config/roles/wordpress/uploads.ini
 create mode 100644 photo.jinwei.me/config/site.yaml

(limited to 'photo.jinwei.me/config')

diff --git a/photo.jinwei.me/config/ansible.cfg b/photo.jinwei.me/config/ansible.cfg
new file mode 100644
index 0000000..9345045
--- /dev/null
+++ b/photo.jinwei.me/config/ansible.cfg
@@ -0,0 +1,14 @@
+[defaults]
+host_key_checking = False
+transport = ssh
+remote_user = admin
+roles_path = roles
+inventory = inventory
+force_color = True
+interpreter_python = auto_silent
+
+[connection]
+pipelining = True
+
+[privilege_escalation]
+become = True
diff --git a/photo.jinwei.me/config/inventory/aws_ec2.yaml b/photo.jinwei.me/config/inventory/aws_ec2.yaml
new file mode 100644
index 0000000..c35e172
--- /dev/null
+++ b/photo.jinwei.me/config/inventory/aws_ec2.yaml
@@ -0,0 +1,7 @@
+plugin: aws_ec2
+regions:
+  - eu-central-1
+hostnames:
+  - tag:Name
+compose:
+  ansible_host: public_ip_address
diff --git a/photo.jinwei.me/config/requirements.yaml b/photo.jinwei.me/config/requirements.yaml
new file mode 100644
index 0000000..5229cc7
--- /dev/null
+++ b/photo.jinwei.me/config/requirements.yaml
@@ -0,0 +1,10 @@
+---
+collections:
+  - name: amazon.aws
+    version: 3.2.0
+  - name: community.general
+    version: 4.7.0
+  - name: ansible.posix
+    version: 1.3.0
+  - name: community.docker
+    version: 3.2.1
diff --git a/photo.jinwei.me/config/role.yaml b/photo.jinwei.me/config/role.yaml
new file mode 100644
index 0000000..ab3fca5
--- /dev/null
+++ b/photo.jinwei.me/config/role.yaml
@@ -0,0 +1,3 @@
+- hosts: "{{ target }}"
+  roles:
+    - role: "{{ role }}"
diff --git a/photo.jinwei.me/config/roles/debian_init/defaults/main.yaml b/photo.jinwei.me/config/roles/debian_init/defaults/main.yaml
new file mode 100644
index 0000000..685f0b6
--- /dev/null
+++ b/photo.jinwei.me/config/roles/debian_init/defaults/main.yaml
@@ -0,0 +1 @@
+user_home: /home/clarkzjw
diff --git a/photo.jinwei.me/config/roles/debian_init/tasks/main.yaml b/photo.jinwei.me/config/roles/debian_init/tasks/main.yaml
new file mode 100644
index 0000000..19b0ed8
--- /dev/null
+++ b/photo.jinwei.me/config/roles/debian_init/tasks/main.yaml
@@ -0,0 +1,72 @@
+- name: Disable unattended-upgrades
+  ansible.builtin.systemd:
+    name: unattended-upgrades
+    state: stopped
+    enabled: false
+
+- name: install packages
+  apt:
+    update_cache: true
+    name:
+      - apt-transport-https
+      - build-essential
+      - ca-certificates
+      - mariadb-client
+      - lsb-release
+      - python3
+      - python3-dev
+      - python3-pip
+      - unzip
+      - gnupg
+      - htop
+      - curl
+      - tree
+      - zip
+      - vim
+      - zsh
+      - git
+
+- name: add user
+  user:
+    name: clarkzjw
+    shell: /usr/bin/zsh
+    home: "{{ user_home }}"
+    system: true
+
+- name: Add Docker GPG apt Key
+  apt_key:
+    url: https://download.docker.com/linux/debian/gpg
+    keyring: /etc/apt/trusted.gpg.d/docker.gpg
+    state: present
+
+- name: Add Docker Repository
+  apt_repository:
+    repo: deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/docker.gpg] https://download.docker.com/linux/debian {{ ansible_distribution_release | lower }} stable
+    state: present
+
+- name: Update apt and install docker-ce
+  apt:
+    name:
+    - docker-ce
+    - docker-ce-cli
+    - containerd.io
+    - docker-compose-plugin
+    state: latest
+    update_cache: true
+
+- name: Install Docker Module for Python
+  pip:
+    name:
+    - docker
+    - docker-compose
+
+- name: enable docker service
+  systemd:
+    name: docker
+    enabled: true
+    daemon_reload: true
+
+- name: Clean unneeded packages
+  ansible.builtin.apt:
+    autoremove: true
+    purge: true
diff --git a/photo.jinwei.me/config/roles/wordpress/Dockerfile b/photo.jinwei.me/config/roles/wordpress/Dockerfile
new file mode 100644
index 0000000..34704c0
--- /dev/null
+++ b/photo.jinwei.me/config/roles/wordpress/Dockerfile
@@ -0,0 +1,5 @@
+FROM wordpress:apache
+
+RUN apt-get update -y && apt-get install -y libgmp-dev && docker-php-ext-install gmp
+
+ADD uploads.ini /usr/local/etc/php/conf.d/uploads.ini
diff --git a/photo.jinwei.me/config/roles/wordpress/build.sh b/photo.jinwei.me/config/roles/wordpress/build.sh
new file mode 100755
index 0000000..55d7c0e
--- /dev/null
+++ b/photo.jinwei.me/config/roles/wordpress/build.sh
@@ -0,0 +1,5 @@
+docker_repo=docker.io/clarkzjw
+docker_image=wordpress
+docker_image_tag=$(date -u +%Y%m%d)
+sudo docker build -t $docker_repo/$docker_image:"$docker_image_tag" .
+sudo docker push $docker_repo/$docker_image:"$docker_image_tag"
diff --git a/photo.jinwei.me/config/roles/wordpress/defaults/main.yaml b/photo.jinwei.me/config/roles/wordpress/defaults/main.yaml
new file mode 100644
index 0000000..250e0a5
--- /dev/null
+++ b/photo.jinwei.me/config/roles/wordpress/defaults/main.yaml
@@ -0,0 +1,4 @@
+wordpress_image: clarkzjw/wordpress
+wordpress_image_tag: 20221211
+wordpress_port: 30080
+wordpress_home: /opt/wordpress
diff --git a/photo.jinwei.me/config/roles/wordpress/tasks/main.yaml b/photo.jinwei.me/config/roles/wordpress/tasks/main.yaml
new file mode 100644
index 0000000..3835145
--- /dev/null
+++ b/photo.jinwei.me/config/roles/wordpress/tasks/main.yaml
@@ -0,0 +1,16 @@
+- name: Pull wordpress Docker image
+  community.docker.docker_image:
+    name: "{{ wordpress_image }}:{{ wordpress_image_tag }}"
+    source: pull
+
+- name: render config file
+  template:
+    src: docker-compose.yaml.j2
+    dest: "{{ wordpress_home }}/docker-compose.yaml"
+    mode: 0644
+
+- name: Start wordpress container using docker-compose
+  community.docker.docker_compose:
+    project_name: wordpress
+    project_src: "{{ wordpress_home }}"
+  register: output
diff --git a/photo.jinwei.me/config/roles/wordpress/templates/docker-compose.yaml.j2 b/photo.jinwei.me/config/roles/wordpress/templates/docker-compose.yaml.j2
new file mode 100644
index 0000000..447b80b
--- /dev/null
+++ b/photo.jinwei.me/config/roles/wordpress/templates/docker-compose.yaml.j2
@@ -0,0 +1,22 @@
+version: '3'
+services:
+    cloudflared:
+        image: cloudflare/cloudflared
+        container_name: cloudflare-tunnel
+        network_mode: host
+        restart: always
+        command: tunnel run
+        environment:
+        - TUNNEL_TOKEN={{ lookup('aws_ssm', '/jinwei-me/cloudflare/tunnel_token') }}
+    wordpress:
+        image: "{{ wordpress_image }}:{{ wordpress_image_tag }}"
+        volumes:
+        - "{{ wordpress_home }}/wp-content:/var/www/html/wp-content"
+        restart: always
+        ports:
+        - 30081:80
+        environment:
+        - WORDPRESS_DB_HOST={{ lookup('aws_ssm', '/jinwei-me/mysql/host') }}:{{ lookup('aws_ssm', '/jinwei-me/mysql/port') }}
+        - WORDPRESS_DB_USER={{ lookup('aws_ssm', '/jinwei-me/mysql/username') }}
+        - WORDPRESS_DB_PASSWORD={{ lookup('aws_ssm', '/jinwei-me/mysql/password') }}
+        - WORDPRESS_DB_NAME={{ lookup('aws_ssm', '/jinwei-me/mysql/name') }}
diff --git a/photo.jinwei.me/config/roles/wordpress/uploads.ini b/photo.jinwei.me/config/roles/wordpress/uploads.ini
new file mode 100644
index 0000000..cd6e86c
--- /dev/null
+++ b/photo.jinwei.me/config/roles/wordpress/uploads.ini
@@ -0,0 +1,5 @@
+file_uploads = On
+post_max_size = 100M
+upload_max_filesize = 100M
+memory_limit = 512M
+max_execution_time = 600
diff --git a/photo.jinwei.me/config/site.yaml b/photo.jinwei.me/config/site.yaml
new file mode 100644
index 0000000..3dbcc71
--- /dev/null
+++ b/photo.jinwei.me/config/site.yaml
@@ -0,0 +1,3 @@
+- hosts: jinwei-me
+  roles:
+    - role: debian_init
-- 
cgit v1.2.3