feat(nexus): add ansible role and playbook

README.md

@@ -10,6 +10,7 @@ proxies and artifact registries.
 
 - [`jenkins`](roles/jenkins/README.md): Deploy [jenkins](https://jenkins.io), the self-proclaimed 'leading open source automation server'.
 - [`jenkins_inbound_agent`](roles/jenkins_inbound_agent/README.md): Deploy Jenkins 'inbound agent', formerly known as 'JNLP agent'.
+= [`nexus`](roles/nexus/README.md): Deploy Nexus, a caching proxy and repository manager
 
 ## License
 

galaxy.yml

@@ -16,3 +16,5 @@ tags:
   - cicd
   - ci
   - cd
+  - jenkins
+  - nexus

playbooks/nexus.yml

@@ -0,0 +1,40 @@
+---
+- import_playbook: finallycoffee.base.lego_certificate
+  vars:
+    target_domains: "{{ nexus_lego_cert_domains }}"
+    target_acme_zone: "{{ acme_domain }}"
+    target_acme_account_email: "{{ nexus_lego_acme_account_email }}"
+    target_dns_server: "{{ dns_server }}"
+    target_dns_tsig_key: "{{ dns_tsig_keydata }}"
+    target_dns_additional_records: "{{ nexus_dns_records }}"
+    target_hosts: >-2
+      {{ nexus_lego_hosts | default(nexus_hosts | default('nexus')) }}
+    target_become: >-2
+      {{ nexus_lego_become | default(nexus_become | default(false)) }}
+    target_gather_facts: "{{ nexus_lego_gather_facts | default(false) }}"
+  tags:
+    - nexus
+    - nexus-lego
+
+- name: Install nexus
+  hosts: "{{ nexus_hosts | default('nexus') }}"
+  become: "{{ nexus_become | default(false) }}"
+  gather_facts: "{{ nexus_gather_facts | default(false) }}"
+  roles:
+    - role: finallycoffee.cicd.nexus
+      tags:
+        - nexus
+
+- import_playbook: finallycoffee.base.caddy_reverse_proxy
+  when: nexus_configure_caddy_reverse_proxy | default(false)
+  vars:
+    caddy_site_name: "{{ nexus_domain }}"
+    caddy_site_config_override: "{{ nexus_http_routing }}"
+    target_hosts: >-2
+      {{ nexus_caddy_hosts | default(nexus_hosts | default('nexus')) }}
+    target_become: >-2
+      {{ nexus_caddy_become | default(nexus_become | default(true, true)) }}
+    target_gather_facts: >-2
+      {{ nexus_caddy_gather_facts | default(false) }}
+  tags:
+    - nexus-caddy

roles/nexus/README.md

@@ -0,0 +1,4 @@
+# `finallycoffee.cicd.nexus` ansible role
+
+Ansible role to deploy [Sonatype Nexus OSS](https://www.sonatype.com/products/sonatype-nexus-repository),
+a caching/proxy repository manager.

roles/nexus/defaults/main/container.yml

@@ -0,0 +1,44 @@
+---
+nexus_container_image_registry: "docker.io"
+nexus_container_image_namespace: "sonatype"
+nexus_container_image_repository: "nexus3"
+nexus_container_image_flavour: "java17"
+nexus_container_image_tag: ~
+nexus_container_image_name: >-2
+  {{ [
+    nexus_container_image_registry | default([], true),
+    nexus_container_image_namespace | default([], true),
+    nexus_container_image_repository
+  ] | flatten | join('/') }}
+nexus_container_image_source: pull
+nexus_container_image_force_source: >-2
+  {{ nexus_container_image_tag | ansible.builtin.type_debug != 'NoneType' }}
+nexus_container_image_pull: >-2
+  {{ nexus_container_image_source == 'pull' }}
+nexus_container_image_force_pull: >-2
+  {{ nexus_container_image_force_source and nexus_container_image_pull }}
+nexus_container_image_qualifier: >-2
+  {{ (nexus_container_image_tag | ansible.builtin.type_debug != 'NoneType') | ternary(
+      nexus_container_image_tag,
+      [ nexus_version, nexus_container_image_flavour ] | join('-')
+    ) }}
+nexus_container_image: >-2
+  {{ nexus_container_image_name }}:{{ nexus_container_image_qualifier }}
+nexus_container_image_state: "{{ nexus_state }}"
+
+nexus_container_name: "nexus"
+nexus_container_env: ~
+nexus_container_user: ~
+nexus_container_ports: ~
+nexus_container_labels: ~
+nexus_container_volumes: ~
+nexus_container_networks: ~
+nexus_container_etc_hosts: ~
+nexus_container_restart_policy: "on-failure"
+nexus_container_default_volumes:
+  - "{{ nexus_base_path }}:/nexus-data:z"
+nexus_container_all_volumes: >-2
+  {{ nexus_container_default_volumes | default([], true)
+  + nexus_container_volumes | default([], true) }}
+nexus_container_state: >-2
+  {{ nexus_state_is_present | ternary('started', 'absent') }}

roles/nexus/defaults/main/main.yml

@@ -0,0 +1,6 @@
+---
+nexus_version: "3.69.0"
+nexus_base_path: "/var/lib/nexus"
+
+nexus_state: "present"
+nexus_deployment_method: "docker"

roles/nexus/meta/main.yml

@@ -0,0 +1,9 @@
+---
+allow_duplicates: true
+dependencies: []
+galaxy_info:
+  role_name: nexus
+  description: Ansible role to deploy sonatype nexus
+  galaxy_tags:
+    - nexus
+    - nexus3

roles/nexus/tasks/deploy-docker.yml

@@ -0,0 +1,25 @@
+---
+- name: Ensure container image '{{ nexus_container_image }}' is {{ nexus_container_image_state }}
+  community.docker.docker_image:
+    name: "{{ nexus_container_image }}"
+    state: "{{ nexus_container_image_state }}"
+    source: "{{ nexus_container_image_source }}"
+    force_source: "{{ nexus_container_image_force_source }}"
+  register: nexus_container_image_info
+  until: nexus_container_image_info is success
+  retries: 5
+  delay: 3
+
+- name: Ensure container '{{ nexus_container_name }}' is {{ nexus_container_state }}
+  community.docker.docker_container:
+    name: "{{ nexus_container_name }}"
+    image: "{{ nexus_container_image }}"
+    state: "{{ nexus_container_state }}"
+    env: "{{ nexus_container_env | default(omit, true) }}"
+    user: "{{ nexus_container_user | default(omit, true) }}"
+    ports: "{{ nexus_container_ports | default(omit, true) }}"
+    labels: "{{ nexus_container_labels | default(omit, true) }}"
+    volumes: "{{ nexus_container_all_volumes }}"  
+    networks: "{{ nexus_container_networks | default(omit, true) }}"
+    etc_hosts: "{{ nexus_container_etc_hosts | default(omit, true) }}"
+    restart_policy: "{{ nexus_container_restart_policy | default(omit, true) }}"

roles/nexus/tasks/deploy-podman.yml

@@ -0,0 +1,25 @@
+---
+- name: Ensure container image '{{ nexus_container_image }}' is {{ nexus_container_image_state }}
+  containers.podman.podman_image:
+    name: "{{ nexus_container_image }}"
+    state: "{{ nexus_container_image_state }}"
+    pull: "{{ nexus_container_image_pull }}"
+    force_pull: "{{ nexus_container_image_force_pull }}"
+  register: nexus_container_image_info
+  until: nexus_container_image_info is success
+  retries: 5
+  delay: 3
+
+- name: Ensure container '{{ nexus_container_name }}' is {{ nexus_container_state }}
+  containers.podman.podman_container:
+    name: "{{ nexus_container_name }}"
+    image: "{{ nexus_container_image }}"
+    state: "{{ nexus_container_state }}"
+    env: "{{ nexus_container_env | default(omit, true) }}"
+    user: "{{ nexus_container_user | default(omit, true) }}"
+    ports: "{{ nexus_container_ports | default(omit, true) }}"
+    labels: "{{ nexus_container_labels | default(omit, true) }}"
+    volumes: "{{ nexus_container_all_volumes }}"  
+    networks: "{{ nexus_container_networks | default(omit, true) }}"
+    etc_hosts: "{{ nexus_container_etc_hosts | default(omit, true) }}"
+    restart_policy: "{{ nexus_container_restart_policy | default(omit, true) }}"

roles/nexus/tasks/main.yml

@@ -0,0 +1,24 @@
+---
+- name: Ensure state is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported nexus_state '{{ nexus_state }}'! Supported
+      states are {{ nexus_states | join(', ') }}
+  when: nexus_state not in nexus_states
+
+- name: Ensure deployment method is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported nexus_deployment_method '{{ nexus_deployment_method }}'!
+      Supported deployment methods are {{ nexus_deployment_methods | join(', ') }}
+  when: nexus_deployment_method not in nexus_deployment_methods
+
+- name: Ensure nexus base path is {{ nexus_state }}
+  ansible.builtin.file:
+    path: "{{ nexus_base_path }}"
+    state: "{{ nexus_state_is_present | ternary('directory', 'absent') }}"
+    mode: "0750"
+
+- name: Deploy nexus using {{ nexus_deployment_method }}
+  ansible.builtin.include_tasks:
+    file: "deploy-{{ nexus_deployment_method }}.yml"

roles/nexus/vars/main.yml

@@ -0,0 +1,10 @@
+---
+nexus_states:
+  - "present"
+  - "absent"
+nexus_state_is_present: >-2
+  {{ nexus_state == 'present' }}
+
+nexus_deployment_methods:
+  - "docker"
+  - "podman"