2 files changed, 115 insertions, 1 deletions

diff --git a/ansible/numquam.yml b/ansible/numquam.yml
index 0c8ac03..35fff62 100644
--- a/ansible/numquam.yml
+++ b/ansible/numquam.yml
@@ -1,4 +1,3 @@
----
 - hosts:
     - numquam
   roles:
@@ -8,6 +7,9 @@
       tags: lusers
     - role: superusers
       tags: superusers
+    - role: apt-repos
+      tags: apt-repos
+      become: yes
     - role: unattended-upgrades
       tags: unattended-upgrades
     - role: postgresql-server
@@ -16,3 +18,67 @@
     - role: rosin
       tags: rosin
       become: yes
+
+- hosts:
+    - numquam
+  handlers:
+    - name: reload nginx
+      become: yes
+      service:
+        name: nginx
+        state: reloaded
+  tasks:
+    - become: yes
+      apt:
+        name:
+          - docker-ce
+          - docker-ce-cli
+        install_recommends: no
+      tags: packages
+    - become: yes
+      systemd:
+        unit: docker.service
+        enabled: yes
+        state: started
+
+    - become: yes
+      copy:
+        dest: /etc/nginx/sites-enabled/odoo.trygvis.io
+        content: |
+          # Managed by Ansible
+
+          server {
+              server_name odoo.trygvis.io;
+
+              listen 443 ssl; # managed by Certbot
+              ssl_certificate /etc/letsencrypt/live/odoo.trygvis.io/fullchain.pem; # managed by Certbot
+              ssl_certificate_key /etc/letsencrypt/live/odoo.trygvis.io/privkey.pem; # managed by Certbot
+              include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+              ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+              location / {
+                  try_files $uri @proxy;
+              }
+
+              location @proxy {
+                  proxy_set_header Host $host;
+                  # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                  # proxy_set_header X-Forwarded-Proto $scheme;
+                  proxy_pass http://127.0.0.1:8069;
+                  proxy_connect_timeout 10s;
+                  proxy_read_timeout 300s;
+                  proxy_send_timeout 300s;
+              }
+          }
+
+          server {
+              if ($host = odoo.trygvis.io) {
+                  return 301 https://$host$request_uri;
+              }
+
+              server_name odoo.trygvis.io;
+              listen 80;
+              return 404;
+          }
+      tags: x
+      notify: reload nginx
diff --git a/ansible/odoo/odoo.yml b/ansible/odoo/odoo.yml
new file mode 100644
index 0000000..0097294
--- /dev/null
+++ b/ansible/odoo/odoo.yml
@@ -0,0 +1,48 @@
+- hosts:
+    - numquam
+  tasks:
+    - become: yes
+      copy:
+        dest: /etc/systemd/system/docker.odoo.service
+        content: |
+          [Unit]
+          After=docker.service
+          Requires=docker.service
+
+          [Service]
+          TimeoutStartSec=0
+          Restart=always
+          ExecStartPre=-/usr/bin/docker stop odoo
+          ExecStartPre=-/usr/bin/docker rm odoo
+          ExecStartPre=/usr/bin/docker pull odoo
+          ExecStart=/usr/bin/docker run \
+            -e HOST=172.17.0.1 \
+            -e PORT=5432 \
+            -e USER=odoo \
+            -e PASSWORD=odoo \
+            -p 8069:8069 \
+            --name odoo -t \
+            odoo
+
+          [Install]
+          WantedBy=multi-user.target
+      register: service_file
+
+    - become: yes
+      systemd:
+        daemon_reload: yes
+      when: service_file.changed
+
+    - become: yes
+      systemd:
+        unit: docker.odoo.service
+        enabled: yes
+        state: started
+      when: not service_file.changed
+
+    - become: yes
+      systemd:
+        unit: docker.odoo.service
+        enabled: yes
+        state: restarted
+      when: service_file.changed