105 lines
3.5 KiB
YAML
105 lines
3.5 KiB
YAML
---
|
|
- name: "Heimdall"
|
|
hosts: heimdall # Targeted via your inventory
|
|
become: true
|
|
|
|
vars:
|
|
stack_dir: "/opt/stacks/heimdall"
|
|
chester_user: "chester"
|
|
# Replace with Heimdall's actual static IP
|
|
heimdall_ip: "10.0.0.145"
|
|
cf_token: "{{ secrets.CF_HIEMDALL }}"
|
|
|
|
tasks:
|
|
- name: "Gate -2: Install Docker & Tools (Ubuntu)"
|
|
apt:
|
|
name: [curl, git, jq, docker.io, docker-compose-v2, python3-pip]
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: "Gate -1: Add chester to docker group"
|
|
user:
|
|
name: "{{ chester_user }}"
|
|
groups: docker
|
|
append: true
|
|
|
|
- name: "Gate 0: Infrastructure Setup"
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: "{{ chester_user }}"
|
|
group: "{{ chester_user }}"
|
|
mode: '0755'
|
|
loop:
|
|
- "{{ stack_dir }}"
|
|
- "{{ stack_dir }}/traefik-certs"
|
|
- "{{ stack_dir }}/redis-data"
|
|
- "{{ stack_dir }}/runner-data"
|
|
|
|
- name: "Gate 1: Deploy Heimdall Stack"
|
|
copy:
|
|
dest: "{{ stack_dir }}/docker-compose.yml"
|
|
owner: "{{ chester_user }}"
|
|
group: "{{ chester_user }}"
|
|
mode: '0644'
|
|
content: |
|
|
services:
|
|
redis:
|
|
image: redis:7-alpine
|
|
container_name: redis
|
|
restart: unless-stopped
|
|
volumes:
|
|
- ./redis-data:/data
|
|
command: redis-server --appendonly yes
|
|
healthcheck:
|
|
test: ["CMD", "redis-cli", "ping"]
|
|
|
|
traefik:
|
|
image: traefik:v3.0
|
|
container_name: traefik
|
|
restart: unless-stopped
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "8080:8080"
|
|
environment:
|
|
- CF_DNS_API_TOKEN=${CF_TOKEN}
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- ./traefik-certs:/letsencrypt
|
|
command:
|
|
- "--api.dashboard=true"
|
|
- "--providers.docker=true"
|
|
- "--providers.redis=true"
|
|
- "--providers.redis.endpoints=redis:6379"
|
|
- "--entrypoints.web.address=:80"
|
|
- "--entrypoints.websecure.address=:443"
|
|
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare"
|
|
- "--certificatesresolvers.myresolver.acme.email=admin@castaldifamily.com"
|
|
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
|
|
|
|
traefik-kop:
|
|
image: ghcr.io/jittering/traefik-kop:latest
|
|
container_name: traefik-kop-edge
|
|
restart: unless-stopped
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
environment:
|
|
- REDIS_ADDR=redis:6379
|
|
- BIND_IP={{ heimdall_ip }} # reports Beelink's IP
|
|
|
|
gitea-runner:
|
|
image: gitea/act_runner:latest
|
|
container_name: gitea-runner-heimdall
|
|
restart: always
|
|
volumes:
|
|
- ./runner-data:/data
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
environment:
|
|
- GITEA_INSTANCE_URL=https://git.castaldifamily.com
|
|
- GITEA_RUNNER_REGISTRATION_TOKEN={{ secrets.HEIMDALL_GITEA_TOKEN }}
|
|
|
|
- name: "Gate 2: Launch Stack"
|
|
community.docker.docker_compose_v2:
|
|
project_src: "{{ stack_dir }}"
|
|
state: present |