add first app without compose

Author: TheRealPad

.github/workflows/deploy.yml

@@ -0,0 +1,63 @@
+name: Deploy Node.js App with Ansible
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment: dev
+
+    env:
+      IMAGE_NAME: docker.io/therealpad/my-node-app
+      CONTAINER_NAME: my-node-app
+      PORT: 3000
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build Docker image
+        run: |
+          docker build -t $IMAGE_NAME:latest ./server
+
+      - name: Push Docker image
+        run: |
+          docker push $IMAGE_NAME:latest
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.x"
+
+      - name: Install Ansible
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible
+
+      - name: Set up SSH
+        uses: webfactory/ssh-agent@v0.9.0
+        with:
+          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+
+      - name: Add target host to known_hosts
+        run: |
+          HOST_IP=$(grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' inventory.ini | head -n 1)
+          ssh-keyscan $HOST_IP >> ~/.ssh/known_hosts
+
+      - name: Run Ansible Playbook
+        run: |
+          ansible-playbook -i inventory.ini setup.yml \
+            --extra-vars "node_username=${{ secrets.NODE_USERNAME }} \
+                          node_password=${{ secrets.NODE_PASSWORD }} \
+                          secret_message='${{ secrets.SECRET_MESSAGE }}'"
+        env:
+          ANSIBLE_HOST_KEY_CHECKING: "False"

.gitignore

@@ -0,0 +1,2 @@
+.env
+node_modules/

inventory.ini

@@ -0,0 +1,2 @@
+[webservers]
+164.92.164.107 ansible_user=root ansible_python_interpreter=/usr/bin/python3 ansible_ssh_private_key_file="/Users/pierre-alexandredelgado/.ssh/id_ed25519_test_1"

roles/app/tasks/main.yml

@@ -0,0 +1,63 @@
+---
+- name: Clone the repository
+  git:
+    repo: "{{ app_repo }}"
+    dest: "{{ app_path }}"
+    version: main
+    force: yes
+
+- name: Dummy build step
+  command: npm install
+  args:
+    chdir: "{{ app_path }}/server"
+
+- name: Pull server image
+  community.docker.docker_image:
+    name: therealpad/my-node-app
+    source: pull
+
+- name: Build image and with build args
+  community.docker.docker_image:
+    name: "{{ app_name }}"
+    build:
+      path: "{{ app_path }}/server"
+    source: build
+
+- name: Create systemd service to run Node.js Docker container
+  copy:
+    dest: "/etc/systemd/system/{{ app_name }}.service"
+    content: |
+      [Unit]
+      Description=Docker Container {{ app_name }}
+      After=docker.service
+      Requires=docker.service
+
+      [Service]
+      Restart=always
+      RestartSec=5
+      ExecStartPre=-/usr/bin/docker stop {{ app_name }}
+      ExecStartPre=-/usr/bin/docker rm {{ app_name }}
+      ExecStart=/usr/bin/docker run \
+        -p 3000:3000 \
+        -e USERNAME={{ node_username }} \
+        -e PASSWORD={{ node_password }} \
+        -e SECRET_MESSAGE='{{ secret_message }}' \
+        {{ app_name }}
+      ExecStop=/usr/bin/docker stop {{ app_name }}
+
+      [Install]
+      WantedBy=multi-user.target
+
+- name: Reload systemd to pick up new service
+  command: systemctl daemon-reload
+
+- name: Enable and start the Node.js Docker container service
+  systemd:
+    name: "{{ app_name }}"
+    enabled: yes
+    state: started
+
+- name: Restart Node.js Docker container service to load new code
+  systemd:
+    name: "{{ app_name }}"
+    state: restarted

roles/app/vars/main.yml

@@ -0,0 +1,7 @@
+app_name: nodejs-service
+app_repo: "https://github.com/DevOps-PA-resume/Multi-Container-Application"
+app_path: "/var/www/nodejs-service"
+node_app_port: 3000
+node_username: "admin"
+node_password: "password"
+secret_message: "c kool ansible (multi container application)"

roles/base/tasks/main.yml

@@ -0,0 +1,18 @@
+---
+- name: Update APT packages
+  apt:
+    update_cache: yes
+    upgrade: dist
+
+- name: Install useful packages
+  apt:
+    name:
+      - curl
+      - git
+      - ufw
+      - fail2ban
+      - nodejs
+      - npm
+      - docker.io
+    state: present
+

roles/nginx/tasks/main.yml

@@ -0,0 +1,35 @@
+---
+- name: Install Nginx
+  apt:
+    name: nginx
+    state: present
+
+- name: Copy Nginx configuration
+  template:
+    src: nginx.conf.j2
+    dest: /etc/nginx/sites-available/mysite.conf
+    mode: '0644'
+
+- name: Enable Nginx site
+  file:
+    src: /etc/nginx/sites-available/mysite.conf
+    dest: /etc/nginx/sites-enabled/mysite.conf
+    state: link
+    force: yes
+
+- name: Remove default Nginx site
+  file:
+    path: /etc/nginx/sites-enabled/default
+    state: absent
+
+- name: Test Nginx configuration
+  command: nginx -t
+  register: nginx_test
+  changed_when: false
+  failed_when: nginx_test.rc != 0
+
+- name: Reload Nginx
+  systemd:
+    name: nginx
+    state: reloaded
+

roles/nginx/templates/nginx.conf.j2

@@ -0,0 +1,13 @@
+server {
+    listen 80;
+    server_name yourdomain.com;   # or your server's IP if you don't have a domain
+
+    location / {
+        proxy_pass http://127.0.0.1:3000;  # send requests to your Node.js app
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_cache_bypass $http_upgrade;
+    }
+}

roles/ssh/files/id_ed25519_test_1.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmOLYq0aniAjx1b9QQj7i9bK97k+rVktbhHbTD1MzPF delgadopierrealexandre@gmail.com

roles/ssh/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+- name: Ensure .ssh directory exists
+  become: yes
+  file:
+    path: /home/ubuntu/.ssh
+    state: directory
+    owner: root
+    group: root
+    mode: '0700'
+
+- name: Add public SSH key
+  become: yes
+  authorized_key:
+    user: root
+    state: present
+    key: "{{ lookup('file', 'id_ed25519_test_1.pub') }}"
+