Use Ansible instead of Bash for provisioning

The deployment is not quite working, and I'm unable to test right now:
DigitalOcean is returning 503 for my requests.

As of this commit, I can run =ansible-playbook provider.yml= more than once and
it will actually be idempotent.

Notes:
- SSH fingerprint are now taken from the public key file instead of manually
supplying it in the terraform template using the =digitalocean_ssh_key=
resource;
- use Ansible instead of ad-hoc Bash scripts for provisioning the Droplets
created by Terraform;
- use the =filename.env.extension= to create the concrete files in CI;
- use the =user_data= to add the know SSH key pair to the newly created Droplet;
- add =rotate-ssh-keys.sh= utils;

1 files changed, 78 insertions, 0 deletions

diff --git a/docker-compose.env.yaml b/docker-compose.env.yaml
new file mode 100644
index 0000000..f5acf14
--- /dev/null
+++ b/docker-compose.env.yaml
@@ -0,0 +1,78 @@
+version: '2'
+
+services:
+  proxy:
+    image: jwilder/nginx-proxy
+    container_name: nginx-proxy
+    restart: always
+    ports:
+      - '80:80'
+      - '443:443'
+    volumes:
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+      - /etc/nginx/vhost.d
+      - /usr/share/nginx/html
+      - "${VOLUME_HOME}/docker/certs:/etc/nginx/certs:ro"
+
+  ssl_companion:
+    image: jrcs/letsencrypt-nginx-proxy-companion
+    container_name: ssl-companion
+    restart: always
+    volumes:
+      - "${VOLUME_HOME}/docker/certs:/etc/nginx/certs:rw"
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    volumes_from:
+      - proxy
+    depends_on:
+      - proxy
+
+  static:
+    image: nginx
+    container_name: static-nginx
+    restart: always
+    volumes:
+      - "${VOLUME_HOME}/static:/usr/share/nginx/html"
+    ports:
+      - "${STATIC_PORT}:80"
+    environment:
+      - VIRTUAL_HOST=${STATIC_TLD}
+      - VIRTUAL_PORT=${STATIC_PORT}
+      - LETSENCRYPT_HOST=${STATIC_TLD}
+      - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
+
+  wallabag:
+    image: wallabag/wallabag
+    container_name: wallabag
+    restart: always
+    volumes:
+      - "${VOLUME_HOME}/applications/wallabag/data:/var/www/wallabag/data"
+      - "${VOLUME_HOME}/applications/wallabag/images:/var/www/wallabag/web/assets/images"
+    ports:
+      - "${WALLABAG_PORT}:80"
+    environment:
+      - SYMFONY__ENV__FOSUSER_REGISTRATION=false
+      - SYMFONY__ENV__FOSUSER_CONFIRMATION=false
+      - SYMFONY__ENV__DOMAIN_NAME=https://${WALLABAG_TLD}
+      - VIRTUAL_HOST=${WALLABAG_TLD}
+      - VIRTUAL_PORT=${WALLABAG_PORT}
+      - LETSENCRYPT_HOST=${WALLABAG_TLD}
+      - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
+
+  nextcloud:
+    image: nextcloud:fpm
+    container_name: nextcloud
+    restart: always
+    volumes:
+      - "${VOLUME_HOME}/applications/nextcloud:/var/www/html"
+    ports:
+      - "${NEXTCLOUD_PORT}:9000"
+    environment:
+      - SQLITE_DATABASE=my-nextcloud-database.sqlite
+      - NEXTCLOUD_UPDATE=1
+      - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
+      - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
+      - NEXTCLOUD_TABLE_PREFIX=${NEXTCLOUD_TABLE_PREFIX}
+      - VIRTUAL_HOST=${NEXTCLOUD_TLD}
+      - VIRTUAL_PORT=${NEXTCLOUD_PORT}
+      - LETSENCRYPT_HOST=${NEXTCLOUD_TLD}
+      - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}