Fix gpaste service file

.woodpecker.yml

@@ -8,7 +8,6 @@ pipeline:
       - echo $SSH_KEY | base64 -d > env/ssh_key
       - ansible-runner run `pwd`
     secrets: [ssh_key]
-
     when:
       branch: master
       event: push

README.md

@@ -7,5 +7,9 @@ Ansible playbooks for stuff in NREC.
 
 ## Roles
 
+* Common
+* Docker
 * Vault
-
+* Registry
+* Traefik
+* Gitea

inventory/hosts.yml

@@ -1,4 +1,5 @@
 all:
   hosts:
+    docker1.t-juice.club:
     docker2.t-juice.club:
-    docker1.t-juice.club:
+    docker3.t-juice.club:

project/main.yml

@@ -4,9 +4,19 @@
     - name: Ping hosts
       ansible.builtin.ping:
 
+- hosts: all
+  roles:
+    - common
+    - docker
+
 - hosts: docker2.t-juice.club
   roles:
     - vault
     - traefik
     - registry
-    - gitea
+    - gitea
+    - gpaste
+
+- hosts: docker3.t-juice.club
+  roles:
+    - traefik

project/roles/common/tasks/main.yml

@@ -0,0 +1,3 @@
+---
+- name: Ensure packages are installed
+  import_tasks: packages.yml

project/roles/common/tasks/packages.yml

@@ -0,0 +1,17 @@
+---
+- name: Ensure common packages are installed
+  ansible.builtin.package:
+    name:
+      - zsh
+      - htop
+      - xfsprogs
+      - iotop
+    state: present
+
+- name: Ensure debian-specific packages are installed
+  import_tasks: packages_debian.yml
+  when: ansible_facts['os_family'] == 'Debian'
+
+- name: Ensure rhel-specific packages are installed
+  import_tasks: packages_redhat.yml
+  when: ansible_facts['os_family'] == 'RedHat'

project/roles/common/tasks/packages_debian.yml

@@ -0,0 +1,7 @@
+---
+- name: Ensure debian-specific packages are installed
+  ansible.builtin.apt:
+    name:
+      - vim
+    state: present
+    update_cache: yes

project/roles/common/tasks/packages_redhat.yml

@@ -0,0 +1,7 @@
+---
+- name: Ensure redhat-specific packages are installed
+  ansible.builtin.package:
+    name:
+      - vim-enhanced
+      - yum-cron
+    state: present

project/roles/docker/files/docker-ce.repo

@@ -0,0 +1,20 @@
+[docker-ce-stable]
+name=Docker CE Stable - $basearch
+baseurl=https://download.docker.com/linux/centos/7/$basearch/stable
+enabled=1
+gpgcheck=1
+gpgkey=https://download.docker.com/linux/centos/gpg
+
+[docker-ce-stable-debuginfo]
+name=Docker CE Stable - Debuginfo $basearch
+baseurl=https://download.docker.com/linux/centos/7/debug-$basearch/stable
+enabled=0
+gpgcheck=1
+gpgkey=https://download.docker.com/linux/centos/gpg
+
+[docker-ce-stable-source]
+name=Docker CE Stable - Sources
+baseurl=https://download.docker.com/linux/centos/7/source/stable
+enabled=0
+gpgcheck=1
+gpgkey=https://download.docker.com/linux/centos/gpg

project/roles/docker/files/docker.list

@@ -0,0 +1 @@
+deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian   bullseye stable

project/roles/docker/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+- name: Install debian packages
+  import_tasks: packages_debian.yml
+  when: ansible_facts['os_family'] == 'Debian'
+
+- name: Install rhel packages
+  import_tasks: packages_redhat.yml
+  when: ansible_facts['os_family'] == 'RedHat'
+
+- name: Ensure service is started and enabled
+  ansible.builtin.systemd:
+    name: docker
+    state: started
+    enabled: yes

project/roles/docker/tasks/packages_debian.yml

@@ -0,0 +1,30 @@
+---
+- name: Remove unwanted packages
+  ansible.builtin.apt:
+    name:
+      - docker
+      - docker-engine
+      - docker.io
+      - containerd
+      - runc
+    state: absent
+
+- name: Add docker repo signing key
+  ansible.builtin.copy:
+    src: docker-archive-keyring.gpg
+    dest: /usr/share/keyrings/docker-archive-keyring.gpg
+
+- name: Add docker repo
+  ansible.builtin.copy:
+    src: docker.list
+    dest: /etc/apt/sources.list.d/docker.list
+  
+- name: Install docker packages
+  ansible.builtin.apt:
+    name:
+      - docker-ce-cli
+      - docker-ce-rootless-extras
+      - docker-ce
+      - docker-scan-plugin
+    state: present
+    update_cache: yes

project/roles/docker/tasks/packages_redhat.yml

@@ -0,0 +1,26 @@
+---
+- name: Remove unwanted packages
+  ansible.builtin.yum:
+    name:
+      - docker
+      - docker-client
+      - docker-client-latest
+      - docker-common
+      - docker-latest
+      - docker-latest-logrotate
+      - docker-logrotate
+      - docker-engine
+    state: absent
+
+- name: Add repo
+  ansible.builtin.copy:
+    src: docker-ce.repo
+    dest: /etc/yum.repos.d/docker-ce.repo
+
+- name: Install packages
+  ansible.builtin.yum:
+    name:
+      - docker-ce
+      - docker-ce-cli
+      - docker-ce-rootless-extras
+      - docker-scan-plugin

project/roles/gpaste/handlers/main.yml

@@ -0,0 +1,9 @@
+---
+- name: Reload systemd
+  ansible.builtin.systemd:
+    daemon_reload: yes
+
+- name: Restart gpaste
+  ansible.builtin.systemd:
+    name: gpaste
+    state: restarted

project/roles/gpaste/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+- name: Create gpaste.service
+  ansible.builtin.template:
+    src: gpaste.service.j2
+    dest: /etc/systemd/system/gpaste.service
+  notify:
+    - Reload systemd
+    - Restart gpaste
+
+- name: Flush handlers
+  meta: flush_handlers
+
+- name: Ensure service is started
+  ansible.builtin.systemd:
+    state: started
+    name: gpaste 
+
+- name: Ensure service is enabled
+  ansible.builtin.systemd:
+    enabled: yes
+    name: gpaste

project/roles/gpaste/templates/gpaste.service.j2

@@ -0,0 +1,22 @@
+
+[Unit]
+Description=Gpaste Container
+After=docker.service
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker stop gpaste
+ExecStartPre=-/usr/bin/docker rm gpaste
+ExecStartPre=-/usr/bin/docker pull registry.t-juice.club/gpaste:latest
+ExecStart=/usr/bin/docker run \
+  -l "traefik.enable=true" \
+  -l "traefik.http.routers.gpaste.rule=Host(`paste.t-juice.club`)" \
+  -l "traefik.http.routers.gpaste.tls=true" \
+  -l "traefik.http.routers.gpaste.tls.certresolver=le" \
+  --network proxy \
+  --name gpaste registry.t-juice.club/gpaste:latest
+
+[Install]
+WantedBy=multi-user.target