chef-recipes/containers/drone-server/tasks.yml

# code: language=ansible

---
- hosts: all
  name: Drone CI server coordinator
  tasks:
    - name: Stop running containers
      become_user: containers
      become: true
      ansible.builtin.systemd:
        scope: user
        name: container-{{ item }}.service
        state: stopped
      loop:
        - drone-server

    - name: Create podman volumes
      containers.podman.podman_volume:
        state: present
        name: "{{ item }}"
      become_user: containers
      become: true
      loop:
        - drone

    - name: Create podman networks
      containers.podman.podman_network:
        name: "{{ item }}"
        recreate: false
        state: "present"
      become_user: containers
      become: true
      loop:
        - traefik-drone
        - gitea-drone

    - name: Pull container images
      become_user: containers
      become: true
      containers.podman.podman_image:
        name: docker.io/{{ item }}
      loop:
        - drone/drone:latest

    - name: Add a drone-server container
      become_user: containers
      become: true
      containers.podman.podman_container:
        name: drone-server
        image: docker.io/drone/drone:latest
        state: present
        network:
          - traefik-drone
          - gitea-drone
        volume:
          - drone:/data:Z
        label:
          io.containers.autoupdate: "registry"
          traefik.enable: "true"
          traefik.http.routers.drone-server.entrypoints: "https"
          traefik.http.routers.drone-server.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/drone/`) || Path(`/drone`))"
          traefik.http.routers.drone-server.tls: "true"
          traefik.http.routers.drone-server.tls.certresolver: "wildcard"
          traefik.http.routers.drone-server.service: "drone-server"
          traefik.http.routers.drone-server.middlewares: "force-trailing-slash@file,drone-server-prefixstrip@docker"
          traefik.http.middlewares.drone-server-prefixstrip.stripprefix.prefixes: "/drone"
          traefik.http.services.drone-server.loadbalancer.server.port: "80"
          traefik.docker.network: "traefik-drone"
        env:
          # https://docs.drone.io/server/reference/
          DRONE_GITEA_CLIENT_ID: "{{ vault_drone_gitea_client_id }}"
          DRONE_GITEA_CLIENT_SECRET: "{{ vault_drone_gitea_cliet_secret }}"
          DRONE_GITEA_SERVER: "https://{{ inventory_hostname }}/git"
          DRONE_GIT_ALWAYS_AUTH: "false"
          DRONE_RPC_SECRET: "{{ vault_drone_rpc_secret }}"
          DRONE_SERVER_HOST: "{{ inventory_hostname }}/drone"
          DRONE_SERVER_PROTO: "https"
          DRONE_AGENTS_ENABLED: "true"
          DRONE_LOGS_TEXT: "true"
          DRONE_LOGS_PRETTY: "true"
          DRONE_LOGS_COLOR: "true"
          DRONE_LOGS_DEBUG: "true"
          # DRONE_DEBUG: "true"
        generate_systemd:
          path: /home/containers/.config/systemd/user/
          restart_policy: on-failure
          names: true
          new: true

    - name: Start containers at boot
      become_user: containers
      become: true
      ansible.builtin.systemd:
        scope: user
        name: container-{{ item }}.service
        enabled: true
        state: started
        daemon_reload: true
      loop:
        - drone-server