Coornhert
c481ebf9e7
- Forgejo + Redis Docker stack (wetgit-forgejo role) - FastAPI + Celery systemd services (wetgit-app role) - Nginx vhosts voor git.wetgit.nl en api.wetgit.nl (wetgit-nginx role) - SSL via Let's Encrypt (certbot webroot) - Backup script (forgejo dump, geen downtime) - Codeberg mirror script - Cron jobs voor backup/mirror/log cleanup - Ansible vault voor secrets (encrypted) Geïsoleerd van dt-platform: eigen poorten, users, directories.
79 lines
2 KiB
YAML
79 lines
2 KiB
YAML
---
|
|
# WetGIT FastAPI application + Celery worker
|
|
# Deploys to /opt/wetgit/backend with own venv and systemd services
|
|
#
|
|
# Directories are created by wetgit-forgejo role (runs first).
|
|
# This role only manages the FastAPI app and Celery worker.
|
|
#
|
|
# NOTE: Services are only enabled when application code exists.
|
|
# On first deploy (no code yet), this role is effectively a no-op.
|
|
|
|
- name: Check if application code exists
|
|
stat:
|
|
path: "{{ app_dir }}/backend/requirements.txt"
|
|
register: app_code
|
|
|
|
- name: Create Python venv
|
|
command: python3 -m venv {{ app_dir }}/backend/venv
|
|
args:
|
|
creates: "{{ app_dir }}/backend/venv/bin/python"
|
|
when: app_code.stat.exists
|
|
|
|
- name: Set venv ownership
|
|
file:
|
|
path: "{{ app_dir }}/backend/venv"
|
|
owner: www-data
|
|
group: www-data
|
|
recurse: yes
|
|
when: app_code.stat.exists
|
|
|
|
- name: Install Python dependencies
|
|
pip:
|
|
requirements: "{{ app_dir }}/backend/requirements.txt"
|
|
virtualenv: "{{ app_dir }}/backend/venv"
|
|
when: app_code.stat.exists
|
|
notify: restart wetgit
|
|
|
|
- name: Deploy environment file
|
|
template:
|
|
src: wetgit.env.j2
|
|
dest: "{{ app_dir }}/backend/.env"
|
|
owner: www-data
|
|
group: www-data
|
|
mode: "0600"
|
|
notify: restart wetgit
|
|
|
|
- name: Deploy WetGIT systemd service
|
|
template:
|
|
src: wetgit.service.j2
|
|
dest: /etc/systemd/system/wetgit.service
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
notify: restart wetgit
|
|
|
|
- name: Deploy Celery worker systemd service
|
|
template:
|
|
src: wetgit-celery.service.j2
|
|
dest: /etc/systemd/system/wetgit-celery.service
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
notify: restart wetgit-celery
|
|
|
|
# Only start services when app code is deployed
|
|
- name: Enable and start WetGIT service
|
|
systemd:
|
|
name: wetgit
|
|
enabled: yes
|
|
state: started
|
|
daemon_reload: yes
|
|
when: app_code.stat.exists
|
|
|
|
- name: Enable and start Celery worker
|
|
systemd:
|
|
name: wetgit-celery
|
|
enabled: yes
|
|
state: started
|
|
daemon_reload: yes
|
|
when: app_code.stat.exists
|