diff --git a/ansible/deploy_home.yml b/ansible/deploy_home.yml index dbb9a1e..1d7303a 100644 --- a/ansible/deploy_home.yml +++ b/ansible/deploy_home.yml @@ -8,6 +8,6 @@ - role: podman - role: ssl #- role: pihole - - role: drone + #- role: drone - role: graylog - role: http diff --git a/ansible/roles/drone/defaults/main.yml b/ansible/roles/drone/defaults/main.yml deleted file mode 100644 index 2476ded..0000000 --- a/ansible/roles/drone/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -drone_server_proto: "https" -drone_runner_capacity: "1" diff --git a/ansible/roles/drone/handlers/main.yml b/ansible/roles/drone/handlers/main.yml deleted file mode 100644 index 2de51a2..0000000 --- a/ansible/roles/drone/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: restorecon drone - become: true - ansible.builtin.command: sh -c 'restorecon -Firv /var/lib/drone' diff --git a/ansible/roles/drone/meta/main.yml b/ansible/roles/drone/meta/main.yml deleted file mode 100644 index 258ca27..0000000 --- a/ansible/roles/drone/meta/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -dependencies: - - role: http - - role: graylog diff --git a/ansible/roles/drone/tasks/main.yml b/ansible/roles/drone/tasks/main.yml deleted file mode 100644 index c44b8ef..0000000 --- a/ansible/roles/drone/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- import_tasks: drone.yml -- import_tasks: selinux.yml diff --git a/ansible/roles/drone/tasks/selinux.yml b/ansible/roles/drone/tasks/selinux.yml deleted file mode 100644 index 433b50d..0000000 --- a/ansible/roles/drone/tasks/selinux.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: selinux context for drone directory - become: true - community.general.sefcontext: - target: "/var/lib/drone(/.*)?" - setype: svirt_sandbox_file_t - state: present - notify: restorecon drone - tags: selinux diff --git a/ansible/roles/podman/defaults/main.yml b/ansible/roles/podman/defaults/main.yml index 16de3a6..46438b1 100644 --- a/ansible/roles/podman/defaults/main.yml +++ b/ansible/roles/podman/defaults/main.yml @@ -1,3 +1,7 @@ --- -partkeepr_path: "{{ podman_volumes }}/partkeepr" +drone_path: "{{ podman_volumes }}/drone" hass_path: "{{ podman_volumes }}/hass" +partkeepr_path: "{{ podman_volumes }}/partkeepr" + +drone_server_proto: "https" +drone_runner_capacity: "4" diff --git a/ansible/roles/podman/files/automations.yaml b/ansible/roles/podman/files/hass/automations.yaml similarity index 100% rename from ansible/roles/podman/files/automations.yaml rename to ansible/roles/podman/files/hass/automations.yaml diff --git a/ansible/roles/podman/files/configuration.yaml b/ansible/roles/podman/files/hass/configuration.yaml similarity index 100% rename from ansible/roles/podman/files/configuration.yaml rename to ansible/roles/podman/files/hass/configuration.yaml diff --git a/ansible/roles/drone/tasks/drone.yml b/ansible/roles/podman/tasks/container-drone.yml similarity index 56% rename from ansible/roles/drone/tasks/drone.yml rename to ansible/roles/podman/tasks/container-drone.yml index 314cb46..0a13608 100644 --- a/ansible/roles/drone/tasks/drone.yml +++ b/ansible/roles/podman/tasks/container-drone.yml @@ -1,18 +1,30 @@ --- +- name: create required drone volumes + become: true + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: "{{ podman_user }}" + group: "{{ podman_user }}" + mode: 0755 + notify: restorecon podman + with_items: + - "{{ drone_path }}/data" + tags: drone + +- meta: flush_handlers + tags: drone + - name: create drone-ci server container - diff: false - community.general.docker_container: + become: true + become_user: "{{ podman_user }}" + containers.podman.podman_container: name: drone - image: drone/drone:latest + image: docker.io/drone/drone:latest recreate: false restart: true restart_policy: on-failure - restart_retries: 3 - log_driver: syslog - log_options: - syslog-address: "udp://localhost:{{ syslog_udp_default }}" - syslog-facility: daemon - tag: "docker/{{'{{'}}.Name{{'}}'}}" + log_driver: journald env: DRONE_GITHUB_CLIENT_ID: "{{ drone_gh_client_id }}" DRONE_GITHUB_CLIENT_SECRET: "{{ drone_gh_client_sec }}" @@ -22,32 +34,28 @@ DRONE_SERVER_PROTO: "{{ drone_server_proto }}" DRONE_USER_FILTER: "{{ drone_user_filter }}" volumes: - - /var/lib/drone:/data + - "{{ drone_path }}/data:/data" ports: - "8080:80" tags: drone - name: create drone-ci worker container - diff: false - community.general.docker_container: + become: true + become_user: "{{ podman_user }}" + containers.podman.podman_container: name: drone-runner - image: drone/drone-runner-docker:latest + image: docker.io/80x86/drone-runner-podman:latest recreate: false restart: true restart_policy: on-failure - restart_retries: 3 - log_driver: syslog - log_options: - syslog-address: "udp://localhost:{{ syslog_udp_default }}" - syslog-facility: daemon - tag: "docker/{{'{{'}} .Name {{'}}'}}" + log_driver: journald env: DRONE_RPC_SECRET: "{{ drone_rpc_secret }}" DRONE_RPC_HOST: "{{ ci_server_name }}" DRONE_RPC_PROTO: "{{ drone_server_proto }}" DRONE_RUNNER_CAPACITY: "{{ drone_runner_capacity }}" volumes: - - /var/run/docker.sock:/var/run/docker.sock + - /run/user/1002/podman/podman.sock:/run/podman/podman.sock ports: - "3000:3000" tags: drone diff --git a/ansible/roles/podman/tasks/container-hass.yml b/ansible/roles/podman/tasks/container-hass.yml index ff47807..3d02408 100644 --- a/ansible/roles/podman/tasks/container-hass.yml +++ b/ansible/roles/podman/tasks/container-hass.yml @@ -16,7 +16,7 @@ - name: copy configuration and automations become: true ansible.builtin.copy: - src: "files/{{ item }}" + src: "files/hass/{{ item }}" dest: "{{ hass_path }}/config/{{ item }}" owner: "{{ podman_user }}" group: "{{ podman_user }}" diff --git a/ansible/roles/podman/tasks/main.yml b/ansible/roles/podman/tasks/main.yml index 1f0468a..c617c22 100644 --- a/ansible/roles/podman/tasks/main.yml +++ b/ansible/roles/podman/tasks/main.yml @@ -1,5 +1,6 @@ --- - import_tasks: podman.yml - import_tasks: container-awsddns.yml -- import_tasks: container-partkeepr.yml +- import_tasks: container-drone.yml - import_tasks: container-hass.yml +- import_tasks: container-partkeepr.yml