testing

The beginning of a revamp of FRITA infrastructure into containers

.gitignore

@@ -1,8 +1,4 @@
-# Vagrant files
+environments
+.playbook
 .vagrant
-
-# Unneeded ansible file
-*.retry
-
-# Custom environments
-/environments/
+.vscode

README.md

@@ -1,22 +1,26 @@
-# Free I.T. Athen’s Infrastructure
-Ansible code used to deploy and maintain websites and services used by Free I.T. Athens.
+# Free I.T. Athen's Infrastructure
+This project is used to develop Ansible for deploying and maintaining websites
+and services operated by Free I.T. Athens.
 
-## Getting Started
-frita-infra is developed in Ansible 2.7.5 using Vagrant 2.2.2 + vagrant-libvirt as a test environment.
+- Requires Ansible and Vagrant on the host
 
-Check it out by simply typing: `vagrant up`
-
-## Versioning
-We use [SemVer](http://semver.org/) for versioning. For the versions available, see the tags on this repository. 
+## Quick Start
+1. Clone this project
+2. Run `vagrant up` to provision a Debian 11 base box
 
 ## Authors
-* **Kris Lamoureux** - *Project Founder* - [krislamo](https://github.com/krislamo)
+* **Kris Lamoureux** - *Project Founder* - @[krislamo](https://github.com/krislamo)
 
 ## Copyrights and Licenses
-Copyright (C) 2019  Free I.T. Athens
+Copyright (C) 2019, 2020, 2022  Free I.T. Athens
 
-This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
+This program is free software: you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free Software
+Foundation, version 3 of the License.
 
-This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+This program is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 
-You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.
+You should have received a copy of the GNU General Public License along with
+this program. If not, see <https://www.gnu.org/licenses/>.

Vagrantfile

@@ -1,28 +1,24 @@
-# Copyright (C) 2019  Free I.T. Athens
-# 
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, version 3 of the License.
-# 
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-
 # vi: set ft=ruby :
 
+# Set PLAYBOOK shell var for ./dev/playbook.yml
+PLAYBOOK=ENV["PLAYBOOK"]
+if !PLAYBOOK
+  if File.exist?('.playbook')
+    PLAYBOOK = IO.read('.playbook').split("\n")[0]
+  end
+
+  if !PLAYBOOK || PLAYBOOK.empty?
+    PLAYBOOK = "webserver"
+  end
+else
+  File.write(".playbook", PLAYBOOK)
+end
+
+# Debian 11
 Vagrant.configure("2") do |config|
-
-  # Debian Stable box
-  config.vm.box = "debian/stretch64"
+  config.vm.box = "debian/bullseye64"
   config.vm.synced_folder ".", "/vagrant", disabled: true
-
-  # Set static IP
-  config.vm.network "private_network", ip: "192.168.121.2"
+  config.vm.network "private_network", type: "dhcp"
 
   # Machine Name
   config.vm.define :frita do |frita| #
@@ -35,9 +31,9 @@ Vagrant.configure("2") do |config|
 
   # Provision with Ansible
   config.vm.provision "ansible" do |ansible|
+    ENV['ANSIBLE_ROLES_PATH'] = File.dirname(__FILE__) + "/roles"
     ansible.compatibility_mode = "2.0"
-    ansible.playbook = "site.yml"
+    ansible.playbook = "dev/" + PLAYBOOK + ".yml"
   end
 
 end
-

ansible.cfg

@@ -1,7 +1,6 @@
 [defaults]
 inventory = ./environments/development
-interpreter_python = /usr/bin/python
+interpreter_python = /usr/bin/python3
 
 [ssh_connection]
 pipelining=True
-

dev/vars/webserver.yml

@@ -0,0 +1,5 @@
+docker_users:
+  - vagrant
+
+webserver_env:
+  TRAEFIK_DOMAIN: traefik.local.freeitathens.org

dev/webserver.yml

@@ -0,0 +1,8 @@
+- name: Install FRITA Web Server
+  hosts: all
+  become: true
+  vars_files:
+    - vars/webserver.yml
+  roles:
+    - docker
+    - webserver

group_vars/all

@@ -1,46 +0,0 @@
-### WordPress Configuration ###
-
-# Domain
-wp_domain: www.freeitathens.org
-wp_admin_email: contact@freeitathens.org
-
-# Version of WordPress to deploy
-wp_version: 5.1.1
-wp_sha1_hash: f1bff89cc360bf5ef7086594e8a9b68b4cbf2192
-
-# WordPress Home Directory
-# Note: value is a directory without trailing '/'
-wp_dir: /var/www/wordpress
-
-# WordPress Database Settings
-wp_db_host: localhost
-wp_db_name: wordpress
-wp_db_user: wordpress_user
-wp_db_pass: Password1
-wp_db_table_prefix: wp_
-
-
-### Nextcloud Configuration ###
-
-# Domain
-nc_domain: cloud.freeitathens.org
-nc_admin_email: contact@freeitathens.org
-
-# Version of Nextcloud to deploy
-nc_version: 15.0.2
-nc_sha256_hash: c1f4cc33e39994ddbe6777370b62c30b7ae52136a0530c0b9922770803ca0fea
-
-# Nextcloud Home Directory
-# Note: value is a directory without trailing '/'
-nc_dir: /var/www/nextcloud
-
-# Nextcloud Database Settings
-nc_db_host: localhost
-nc_db_name: nextcloud
-nc_db_user: nextcloud_user
-nc_db_pass: Password1
-
-# Nextcloud Admin
-nc_admin: admin
-nc_admin_pass: Password1
-

roles/ansible/tasks/main.yml

@@ -1,22 +0,0 @@
-- name: 'Install Ansible dependency: python-apt'
-  shell: 'apt-get update && apt-get install python-apt -y'
-  args:
-    creates: /usr/lib/python2.7/dist-packages/apt
-    warn: false
-
-- name: 'Install Ansible dependency: aptitude'
-  apt:
-    name: 'aptitude'
-    state: present
-    force_apt_get: true
-
-- name: 'Install Ansible dependency: python-docker'
-  apt:
-    name: python-docker
-    state: present
-
-- name: Create Ansible's temporary directory
-  file:
-    path: /root/.ansible/tmp
-    state: directory
-    mode: '0700'

roles/docker/defaults/main.yml

@@ -0,0 +1,3 @@
+docker_compose_root: /var/lib/compose
+docker_compose: /usr/bin/docker-compose
+docker_compose_service: compose

roles/docker/tasks/main.yml

@@ -0,0 +1,25 @@
+- name: Install Docker
+  ansible.builtin.apt:
+    name: ['docker.io', 'docker-compose']
+    state: present
+    update_cache: true
+
+- name: Create docker-compose root
+  ansible.builtin.file:
+    path: "{{ docker_compose_root }}"
+    state: directory
+    mode: 0600
+
+- name: Add users to docker group
+  ansible.builtin.user:
+    name: "{{ item }}"
+    groups: docker
+    append: true
+  loop: "{{ docker_users }}"
+  when: docker_users is defined
+
+- name: Start Docker and enable on boot
+  ansible.builtin.service:
+    name: docker
+    state: started
+    enabled: true

roles/mediawiki/tasks/main.yml

@@ -1,82 +0,0 @@
-- name: Install MySQL Support for Python
-  apt:
-    name: python-pymysql
-    state: present
-
-- name: Create Database
-  mysql_db:
-    name: "{{ mw_db_name }}"
-    state: present
-    login_unix_socket: /var/run/mysqld/mysqld.sock
-
-- name: Create Database User
-  mysql_user:
-    name: "{{ mw_db_user }}"
-    password: "{{ mw_db_pass }}"
-    priv: "{{ mw_db_name }}.*:ALL,GRANT"
-    state: present
-    login_unix_socket: /var/run/mysqld/mysqld.sock
-
-- name: Install PHP Modules
-  apt:
-    name: ['php-xml', 'php-mbstring']
-    state: present
-  notify: Reload Apache2
-
-- name: Create Public HTML Directory
-  file:
-    path: "{{ mw_dir }}/public_html"
-    state: directory
-
-# https://www.mediawiki.org/wiki/Manual:Short_URL#Moving_a_wiki_from_/wiki_to_/w
-- name: Create Directory /w for Short URLs
-  file:
-    path: "{{ mw_dir }}/public_html/w"
-    state: directory
-
-- name: Create Logs Directory
-  file:
-    path: "{{ mw_dir }}/logs"
-    state: directory
-
-- name: Download MediaWiki
-  get_url:
-    url: "https://releases.wikimedia.org/mediawiki/\
-          {{ mw_version | regex_replace('\\.\\d+$', '') }}/\
-          mediawiki-{{ mw_version }}.tar.gz"
-    dest: /tmp/mediawiki-{{ mw_version }}.tar.gz
-
-- name: Extract MediaWiki
-  unarchive:
-    src: /tmp/mediawiki-{{ mw_version }}.tar.gz
-    dest: "{{ mw_dir }}/public_html/w"
-    owner: www-data
-    group: www-data
-    extra_opts: [--strip-components=1]
-    remote_src: yes
-
-- name: Install MediaWiki
-  command: |
-    php maintenance/install.php --dbname="{{ mw_db_name }}" \
-    --dbuser="{{ mw_db_user }}" --dbpass="{{ mw_db_pass }}" \
-    --pass="{{ mw_admin_pass }}" "{{ mw_namespace }}" admin
-  args:
-    chdir: "{{ mw_dir }}/public_html/w"
-    creates: "{{ mw_dir }}/public_html/w/LocalSettings.php"
-
-- name: "Enable Apache Module: rewrite"
-  apache2_module:
-    name: rewrite
-    state: present
-
-- name: Apply Apache Configuration
-  template:
-    src: mediawiki.conf.j2
-    dest: /etc/apache2/sites-available/{{ mw_domain }}.conf
-  notify: Reload Apache2
-
-- name: Enable Apache Website
-  shell: a2ensite {{ mw_domain }}
-  args:
-    creates: /etc/apache2/sites-enabled/{{ mw_domain }}.conf
-  notify: Reload Apache2

roles/mediawiki/templates/LocalSettings.php.j2

@@ -1,186 +0,0 @@
-<?php
-# This file was automatically generated by the MediaWiki 1.33.0
-# installer. If you make manual changes, please keep track in case you
-# need to recreate them later.
-#
-# See includes/DefaultSettings.php for all configurable settings
-# and their default values, but don't forget to make changes in _this_
-# file, not there.
-#
-# Further documentation for configuration settings may be found at:
-# https://www.mediawiki.org/wiki/Manual:Configuration_settings
-
-# Protect against web entry
-if ( !defined( 'MEDIAWIKI' ) ) {
-	exit;
-}
-
-
-## Uncomment this to disable output compression
-# $wgDisableOutputCompression = true;
-
-$wgSitename = "{{ mw_sitename }}";
-$wgMetaNamespace = "{{ mw_namespace }}";
-
-## The URL base path to the directory containing the wiki;
-## defaults for all runtime URL paths are based off of this.
-## For more information on customizing the URLs
-## (like /w/index.php/Page_title to /wiki/Page_title) please see:
-## https://www.mediawiki.org/wiki/Manual:Short_URL
-
-$wgScriptPath = "/w";
-$wgScriptExtension = ".php";
-$wgArticlePath = "/wiki/$1";
-
-## The protocol and server name to use in fully-qualified URLs
-$wgServer = "http://{{ mw_domain }}";
-
-## The URL path to static resources (images, scripts, etc.)
-$wgResourceBasePath = $wgScriptPath;
-
-## The URL path to the logo.  Make sure you change this from the default,
-## or else you'll overwrite your logo when you upgrade!
-$wgLogo = "$wgResourceBasePath/resources/assets/wiki.png";
-#$wgLogo = "/logo.png";
-
-## UPO means: this is also a user preference option
-
-$wgEnableEmail = false;
-$wgEnableUserEmail = true; # UPO
-
-$wgEmergencyContact = "apache@{{ mw_domain }}";
-$wgPasswordSender = "apache@{{ mw_domain }}";
-
-$wgEnotifUserTalk = false; # UPO
-$wgEnotifWatchlist = false; # UPO
-$wgEmailAuthentication = true;
-
-## Database settings
-$wgDBtype = "mysql";
-$wgDBserver = "{{ mw_db_host }}";
-$wgDBname = "{{ mw_db_name }}";
-$wgDBuser = "{{ mw_db_user }}";
-$wgDBpassword = "{{ mw_db_pass }}";
-
-# MySQL specific settings
-$wgDBprefix = "";
-
-# MySQL table options to use during installation or update
-$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary";
-
-## Shared memory settings
-$wgMainCacheType = CACHE_ACCEL;
-$wgMemCachedServers = [];
-
-## To enable image uploads, make sure the 'images' directory
-## is writable, then set this to true:
-$wgEnableUploads = true;
-$wgGenerateThumbnailOnParse = false;
-$wgUseImageMagick = true;
-$wgImageMagickConvertCommand = "/usr/bin/convert";
-
-# InstantCommons allows wiki to use images from https://commons.wikimedia.org
-$wgUseInstantCommons = true;
-
-# Periodically send a pingback to https://www.mediawiki.org/ with basic data
-# about this MediaWiki instance. The Wikimedia Foundation shares this data
-# with MediaWiki developers to help guide future development efforts.
-$wgPingback = true;
-
-## If you use ImageMagick (or any other shell command) on a
-## Linux server, this will need to be set to the name of an
-## available UTF-8 locale
-$wgShellLocale = "C.UTF-8";
-
-## Set $wgCacheDirectory to a writable directory on the web server
-## to make your wiki go slightly faster. The directory should not
-## be publicly accessible from the web.
-#$wgCacheDirectory = "$IP/cache";
-
-# Site language code, should be one of the list in ./languages/data/Names.php
-$wgLanguageCode = "en";
-
-$wgSecretKey = "{{ lookup('password', '/dev/null length=64 chars=hexdigits') }}";
-
-# Changing this will log out all existing sessions.
-$wgAuthenticationTokenVersion = "{{ lookup('password', '/dev/null length=64 chars=hexdigits') }}";
-
-# Site upgrade key. Must be set to a string (default provided) to turn on the
-# web installer while LocalSettings.php is in place
-$wgUpgradeKey = "{{ lookup('password', '/dev/null length=16 chars=hexdigits') }}";
-
-## For attaching licensing metadata to pages, and displaying an
-## appropriate copyright notice / icon. GNU Free Documentation
-## License and Creative Commons licenses are supported so far.
-$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
-$wgRightsUrl = "https://creativecommons.org/licenses/by-sa/4.0/";
-$wgRightsText = "Creative Commons Attribution-ShareAlike";
-$wgRightsIcon = "$wgResourceBasePath/resources/assets/licenses/cc-by-sa.png";
-
-# Path to the GNU diff3 utility. Used for conflict resolution.
-$wgDiff3 = "/usr/bin/diff3";
-
-## Default skin: you can change the default skin. Use the internal symbolic
-## names, ie 'vector', 'monobook':
-$wgDefaultSkin = "vector";
-
-# Enabled skins.
-# The following skins were automatically enabled:
-wfLoadSkin( 'MonoBook' );
-wfLoadSkin( 'Timeless' );
-wfLoadSkin( 'Vector' );
-
-
-# Enabled extensions. Most of the extensions are enabled by adding
-# wfLoadExtensions('ExtensionName');
-# to LocalSettings.php. Check specific extension documentation for more details.
-# The following extensions were automatically enabled:
-wfLoadExtension( 'CodeEditor' );
-wfLoadExtension( 'ConfirmEdit' );
-wfLoadExtension( 'MultimediaViewer' );
-wfLoadExtension( 'PdfHandler' );
-wfLoadExtension( 'SpamBlacklist' );
-wfLoadExtension( 'TitleBlacklist' );
-wfLoadExtension( 'WikiEditor' );
-
-
-# End of automatically generated settings.
-# Add more configuration options below.
-
-
-# IP restictions
-if ($_SERVER['REMOTE_ADDR'] != '{{ mw_iplock }}') {
-	$wgGroupPermissions['*']['createaccount'] = false;
-	$wgGroupPermissions['*']['edit'] = false;
-}
-
-
-# MobileFrontend
-#wfLoadExtension( 'MobileFrontend' );
-#wfLoadSkin( 'Vector' );
-#$wgMFDefaultSkinClass = 'SkinVector';
-
-# VisualEditor
-#wfLoadExtension( 'VisualEditor' );
-
-# Syntax highlighting
-#wfLoadExtension( 'SyntaxHighlight_GeSHi' );
-
-// Enable by default for everybody
-$wgDefaultUserOptions['visualeditor-enable'] = 1;
-
-// Optional: Set VisualEditor as the default for anonymous users
-// otherwise they will have to switch to VE
-// $wgDefaultUserOptions['visualeditor-editor'] = "visualeditor";
-
-// Don't allow users to disable it
-$wgHiddenPrefs[] = 'visualeditor-enable';
-
-// OPTIONAL: Enable VisualEditor's experimental code features
-// #$wgDefaultUserOptions['visualeditor-enable-experimental'] = 1;
-
-$wgVirtualRestConfig['modules']['parsoid'] = [
-	'url' => 'http://localhost:8142',
-];
-
-$wgShowExceptionDetails = true;

roles/mediawiki/templates/mediawiki.conf.j2

@@ -1,23 +0,0 @@
-<VirtualHost *:80>
-  ServerName {{ mw_domain }}
-
-  ServerAdmin {{ mw_admin_email }}
-  DocumentRoot {{ mw_dir }}/public_html
-
-  RewriteEngine On
-  RewriteRule ^/?wiki(/.*)?$ %{DOCUMENT_ROOT}/w/index.php [L]
-  RewriteRule ^/?$ %{DOCUMENT_ROOT}/w/index.php [L]
-
-  RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
-  RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
-  RewriteRule ^/?w/images/thumb/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ %{DOCUMENT_ROOT}/w/thumb.php?f=$1&width=$2 [L,QSA,B]
-
-  RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
-  RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
-  RewriteRule ^/?w/images/thumb/archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ %{DOCUMENT_ROOT}/w/thumb.php?f=$1&width=$2&archived=1 [L,QSA,B]
-
-  ErrorLog {{ mw_dir }}/logs/error.log
-  CustomLog {{ mw_dir }}/logs/access.log combined
-</VirtualHost>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

roles/webserver/defaults/main.yml

@@ -0,0 +1 @@
+webserver_root: "{{ docker_compose_root }}/webserver"

roles/webserver/files/docker-compose.yml

@@ -0,0 +1,56 @@
+version: '3.5'
+
+volumes:
+  wordpress:
+
+networks:
+  traefik:
+    name: traefik
+
+services:
+  traefik:
+    image: traefik:${TRAEFIK_VERSION:-latest}
+    restart: always
+    command:
+      - --api.dashboard=${TRAEFIK_DASHBOARD:-true}
+      - --api.debug=${TRAEFIK_DEBUG:-true}
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=${TRAEFIK_EXPOSED_DEFAULT:-false}
+      - --entrypoints.web.address=:80
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
+      - --entrypoints.web.http.redirections.entrypoint.scheme=https
+      - --entrypoints.web.http.redirections.entrypoint.permanent=true
+      - --entrypoints.websecure.address=:443
+      - --entrypoints.local.address=:8443
+    ports:
+      - 80:80
+      - 443:443
+      - "127.0.0.1:8443:8443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    labels:
+      traefik.http.routers.api.rule: Host(`${TRAEFIK_DOMAIN:-traefik.local.freeitathens.org}`)
+      traefik.http.routers.api.entrypoints: local
+      traefik.http.routers.api.service: api@internal
+      traefik.http.routers.api.tls: true
+      traefik.enable: true
+    networks:
+      - traefik
+
+  wordpress:
+    image: wordpress:${WORDPRESS_VERSION:-latest}
+    restart: always
+    environment:
+      WORDPRESS_DB_HOST: asdf
+      WORDPRESS_DB_USER: asdf
+      WORDPRESS_DB_PASSWORD: ASDFASDF
+      WORDPRESS_DB_NAME: ASDFA
+    labels:
+      traefik.http.routers.wordpress.rule: Host(`${WORDPRESS_DOMAIN:-www.local.freeitathens.org}`)
+      traefik.http.routers.wordpress.entrypoints: websecure
+      traefik.http.routers.wordpress.tls.certresolver: letsencrypt
+      traefik.docker.network: traefik
+      traefik.enable: true
+
+    volumes:
+      - wordpress:/var/www/html

roles/webserver/handlers/main.yml

@@ -1,18 +1,5 @@
-# Copyright (C) 2019  Free I.T. Athens
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, version 3 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-
-- name: Reload Apache2
-  service: name=apache2 state=reloaded
-
+- name: Compose up on webserver stack
+  ansible.builtin.command: "docker-compose up -d"
+  args:
+    chdir: "{{ webserver_root }}"
+  listen: composeup_webserver

roles/webserver/tasks/main.yml

@@ -1,40 +1,24 @@
-# Copyright (C) 2019  Free I.T. Athens
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, version 3 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-
-- name: Install Apache2 Web Server
-  apt:
-    name: apache2
-    state: present
-
-- name: Start Apache2 Web Server
-  service:
-    name: apache2
-    state: started
-
-- name: Install PHP
-  apt:
-    name: php
-    state: present
-
-- name: Install PHP MySQL Extension
-  apt:
-    name: php-mysql
-    state: present
-  notify: Reload Apache2
-
 - name: Install MariaDB Server
-  apt:
+  ansible.builtin.apt:
     name: mariadb-server
     state: present
+
+- name: Create webserver docker-compose directory
+  ansible.builtin.file:
+    path: "{{ webserver_root }}"
+    state: directory
+    mode: 0600
+
+- name: Install webserver docker-compose.yml
+  ansible.builtin.copy:
+    src: docker-compose.yml
+    dest: "{{ webserver_root }}/docker-compose.yml"
+    mode: 0600
+  notify: composeup_webserver
+
+- name: Install docker-compose .env
+  ansible.builtin.template:
+    src: compose-env.j2
+    dest: "{{ webserver_root }}/.env"
+    mode: 0600
+  notify: composeup_webserver

roles/webserver/templates/compose-env.j2

@@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+{% for key, value in webserver_env.items() %}
+{{ key }}={{ value }}
+{% endfor %}

update-hosts.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+COMMENT="FRITA-infra"
+DOMAIN="local.freeitathens.org"
+HOST[0]="traefik.${DOMAIN}"
+HOST[1]="www.${DOMAIN}"
+
+# Get Vagrantbox guest IP
+VAGRANT_OUTPUT=$(vagrant ssh -c "hostname -I | cut -d' ' -f1" 2>/dev/null)
+
+# Remove ^M from the end
+[ ${#VAGRANT_OUTPUT} -gt 1 ] && IP=${VAGRANT_OUTPUT::-1}
+
+echo "Purging project addresses from /etc/hosts"
+sudo sed -i "s/# $COMMENT//g" /etc/hosts
+for address in "${HOST[@]}"; do
+  sudo sed -i "/$address/d" /etc/hosts
+done
+
+# Remove trailing newline
+sudo sed -i '${/^$/d}' /etc/hosts
+
+if [ -n "$IP" ]; then
+  echo -e "Adding new addresses...\n"
+  echo -e "# $COMMENT" | sudo tee -a /etc/hosts
+  for address in "${HOST[@]}"; do
+    echo -e "$IP\t$address" | sudo tee -a /etc/hosts
+  done
+else
+  echo "Cannot find address. Is the Vagrant box running?"
+fi

webserver.yml

@@ -1,25 +1,6 @@
-# Copyright (C) 2019  Free I.T. Athens
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, version 3 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-
 - name: Install FRITA Web Server
   hosts: all
-  become: yes
+  become: true
   roles:
-    - ansible
+    - docker
     - webserver
-    #- wordpress
-    #- nextcloud
-    #- timetrex
-    - mediawiki