update maybe working

:erge branch 'main' of https://dns.s-martika.com/smartika/Wordpress-Ansible

.gitea/workflows/yamllint.yml

@@ -1,7 +1,7 @@
 ---
 name: CI/CD Pipeline
 
-on:
+"on":
   push:
     branches: [main, flip_dev]
 
@@ -39,20 +39,32 @@ jobs:
           pip3 install --upgrade pip
           pip3 install ansible
       
-      - name: Setup SSH key with passphrase
+      - name: Setup SSH
+        shell: bash
+        env:
+          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+          SSH_PASSPHRASE: ${{ secrets.SSH_PASSPHRASE }}
         run: |
+          set -euo pipefail
+
           mkdir -p ~/.ssh
-          printf "%s\n" "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
+          chmod 700 ~/.ssh
-          chmod 600 ~/.ssh/id_rsa
+
+          echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+
           ssh-keyscan -H 213.95.90.157 >> ~/.ssh/known_hosts
+
           eval "$(ssh-agent -s)"
-          ssh-add ~/.ssh/id_rsa <<< "${{ secrets.SSH_PASSPHRASE }}"
+          if [ -n "${SSH_PASSPHRASE:-}" ]; then
-
+            echo "$SSH_PASSPHRASE" | ssh-add ~/.ssh/id_ed25519
-
+          else
-      - name: Run Ansible deployment
+            ssh-add ~/.ssh/id_ed25519
-        run: |
-          if [ -n "$SSH_PASSPHRASE" ]; then
-            eval "$(ssh-agent -s)"
-            ssh-add ~/.ssh/id_rsa <<< "$SSH_PASSPHRASE"
           fi
-          ansible-playbook -i ansible/inventory.yaml site.yaml
+
+          ssh -o BatchMode=yes root@213.95.90.157 true
+
+      - name: Run Ansible
+        run: |
+          ansible-playbook -i ansible/inventory.yaml site.yaml
+  

ansible.cfg

@@ -2,3 +2,5 @@
 [defaults]
 inventory = ansible/inventory.yaml
 roles_path = ./roles
+[ssh_connection]
+ssh_args = -o BatchMode=yes -o PreferredAuthentications=publickey

ansible/inventory.yaml

@@ -4,4 +4,3 @@ all:
     server1:
       ansible_host: 213.95.90.157
       ansible_user: root
-      ansible_ssh_private_key_file: /Users/sotos/.ssh/id_rsa

ansible/playbooks/apps.yaml

@@ -1,24 +1,8 @@
----
 - hosts: all
   become: true
-  roles:
-    - docker/snake
   vars:
     app_dir: /opt/docker/snake
+    snake_image: dns.s-martika.com/smartika/snake-game:2.0
 
-  tasks:
+  roles:
-    - name: Create app directory
+    - role: docker/snake
-      file:
-        path: "{{ app_dir }}"
-        state: directory 
-
-    - name: Copy compose file
-      copy:
-        src: "{{ playbook_dir }}/roles/docker/snake/files/docker-compose.yaml"
-        dest: "{{ app_dir }}/docker-compose.yaml"
-
-
-    - name: Start snake container
-      command: docker compose up -d
-      args:
-        chdir: "{{ app_dir }}"

ansible/playbooks/roles/docker/snake/defaults/main.yaml

@@ -3,7 +3,7 @@
 gitea_user: smartika
 gitea_token: "idNu783r4ub7ZXi"
 
-snake_image: dns.s-martika.com/smartika/snake-game
+snake_image: dns.s-martika.com/smartika/snake-game:2.0
-snake_tag: "1.0"
+app_dir: /opt/docker/snake 
 snake_container_name: snake-game
 snake_port: 8080

ansible/playbooks/roles/docker/snake/files/docker-compose.yaml

@@ -2,7 +2,7 @@
 version: "3.8"
 services:
   snake:
-    image: dns.s-martika.com/smartika/snake-game:1.0
+    image: dns.s-martika.com/smartika/snake-game:2.0
     container_name: snake-game777
     restart: unless-stopped
     ports:

ansible/playbooks/roles/docker/snake/tasks/main.yaml

@@ -1,22 +1,36 @@
 ---
+
+- name: Ensure app directory exists
+  file:
+    path: "{{ app_dir }}"
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+
+# Login to private registry
 - name: Login to private registry
   docker_login:
     registry_url: dns.s-martika.com
     username: "{{ gitea_user }}"
     password: "{{ gitea_token }}"
 
+# Pull latest image
 - name: Pull snake-game image
   docker_image:
-    name: dns.s-martika.com/smartika/snake-game
+    name: "{{ snake_image }}"
-    tag: "1.0"
     source: pull
 
-
+# Run container
 - name: Run snake-game container
   docker_container:
     name: snake-game
-    image: dns.s-martika.com/smartika/snake-game:1.0
+    image: "{{ snake_image }}"
     state: started
-    restart_policy: always
+    restart_policy: unless-stopped
     ports:
-      - "8080:80"
+      - "8080:80"  # host port → container port
+    pull: yes
+
+
+

docker/monitoring/docker-compose.yaml

@@ -4,13 +4,25 @@ services:
   prometheus:
     image: prom/prometheus:latest
     volumes:
-      - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
+      - ./prometheus.yaml:/etc/prometheus/prometheus.yml:ro
     ports:
       - "9090:9090"
     networks:
       - snake_net
     restart: unless-stopped
 
+  nginx-prometheus-exporter:
+    image: nginx/nginx-prometheus-exporter:latest
+    container_name: nginx-prometheus-exporter
+    ports:
+      - "9113:9113"
+    environment:
+      - NGINX_STATUS_URL=http://nginx:8080/metrics
+    networks:
+      - snake_net
+
+
+
   grafana:
     image: grafana/grafana:latest
     volumes:

docker/monitoring/grafana/dashboards/home.json

@@ -1,9 +1,9 @@
 {
 
-  "uid": "node-exporter-home",
+"uid": "node-exporter-home",
-  "title": "Node Exporter Full",
+"title": "Node Exporter Full",
-  "schemaVersion": 38,
+"schemaVersion": 38,
-  "version": 1,
+"version": 1,
 
   "__requires": [
     {

docker/monitoring/grafana/provisioning/dashboards.yaml

@@ -1,10 +0,0 @@
----
-apiVersion: 1
-
-providers:
-  - name: 'default'
-    folder: 'Home'
-    type: file
-    editable: true
-    options:
-      path: /var/lib/grafana/dashboards

docker/monitoring/grafana/provisioning/datasources.yaml

@@ -1,9 +0,0 @@
----
-apiVersion: 1
-
-datasources:
-  - name: Prometheus
-    type: prometheus
-    access: proxy
-    url: http://prometheus:9090
-    isDefault: true

docker/monitoring/prometheus.yaml

@@ -6,3 +6,7 @@ scrape_configs:
   - job_name: "prometheus"
     static_configs:
       - targets: ["localhost:9090"]
+
+  - job_name: 'nginx'
+    static_configs:
+      - targets: ['nginx-prometheus-exporter:9113']