forked from infra/ansible
workadventure: new role for workadventure
This commit is contained in:
parent
41a94d7142
commit
3be8cce6d8
@ -150,3 +150,5 @@ root_keys:
|
||||
slapd_root_hash: "{SSHA}OB75kTfH6JRyX0dA0fM8/8ldP89qyzb+"
|
||||
slapd_root_pass: "{{ vault_slapd_root_pass }}"
|
||||
slapd_san: ldap.binary.kitchen
|
||||
|
||||
workadventure_domain: wa.binary-kitchen.de
|
||||
|
2
host_vars/barium.binary-kitchen.net
Normal file
2
host_vars/barium.binary-kitchen.net
Normal file
@ -0,0 +1,2 @@
|
||||
root_keys_host:
|
||||
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMJDyq3veSnK+6hSw+Ml6lvTQTPC6vRFqtDXvPBnOtId8F9+/N0ADcPa5UTesnTkQgSAY7WpSoN5D6clYzdcPR55e5WZwZfMSkX14D7v7mrGxUcE4HshTorfEYv5XBd11Tvu0ruMdxlFQ+VFHkZIF305xgyx32INA3zUfnhzHJlKEdIAy8iSbERUV+X5kB59aep6xSpitCHJtsTT5Ky+EsvAhndKB5hDBuwVVr0+Sg5PypeTQ4zzWFyR6DFBEvyEj6bs/pQff9WxSRIXEuLffXOXdRLGHWqX7PfhWcH9WNH55WT7ZKCMGVuG4kYLkZ633c296ISg9q0eNKn99oHuwvzVg/wV3wndHINE+iUKKJjaRUpDUwd9DftFqMbFGATpf8en6KPs/7bgZUGACIfDO6Uy59V75cntiMFZc+BnnpV2qLVBFFD5ClRBCRdqH5D0px+jpuQFo9EUhggL4jzlj9wQf26zv0E4zSGTqbM1jfO3zcXlxSjg3H3Og2GAO5fCQiodpsqkW9Hby/p4s5l+P97tlVlgapnZlSA/1em4lmYshmRk/9scN8PMSXfW9uhncv9qXqp0ypEqEuNfj5u/1Eu8zmayIA9V23xyPn92LMT6MP2BB1kC7jeAXfXHdKBhTYW6bLQJKMs9nypH6RODK1fb9JlIrB61ZDJ9L5K++o2Q== noby"
|
13
roles/workadventure/handlers/main.yml
Normal file
13
roles/workadventure/handlers/main.yml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /usr/bin/acertmgr
|
||||
|
||||
- name: Reload systemd
|
||||
systemd: daemon_reload=yes
|
||||
|
||||
- name: Restart nginx
|
||||
service: name=nginx state=restarted
|
||||
|
||||
- name: Restart workadventure
|
||||
service: name=workadventure state=restarted
|
6
roles/workadventure/meta/main.yml
Normal file
6
roles/workadventure/meta/main.yml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
|
||||
dependencies:
|
||||
- { role: acertmgr }
|
||||
- { role: docker }
|
||||
- { role: nginx, nginx_ssl: True }
|
29
roles/workadventure/tasks/main.yml
Normal file
29
roles/workadventure/tasks/main.yml
Normal file
@ -0,0 +1,29 @@
|
||||
---
|
||||
|
||||
# TODO
|
||||
# source code is not yet checked out from git
|
||||
|
||||
- name: Install systemd unit
|
||||
template: src=workadventure.service.j2 dest=/lib/systemd/system/workadventure.service
|
||||
notify:
|
||||
- Reload systemd
|
||||
- Restart workadventure
|
||||
|
||||
- name: Ensure certificates are available
|
||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ workadventure_domain }}.key -out /etc/nginx/ssl/{{ workadventure_domain }}.crt -days 730 -subj "/CN={{ workadventure_domain }}" creates=/etc/nginx/ssl/{{ workadventure_domain }}.crt
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Configure certificate manager for workadventure
|
||||
template: src=certs.j2 dest=/etc/acertmgr/{{ workadventure_domain }}.conf
|
||||
notify: Run acertmgr
|
||||
|
||||
- name: Configure vhost
|
||||
template: src=vhost.j2 dest=/etc/nginx/sites-available/workadventure
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Enable vhost
|
||||
file: src=/etc/nginx/sites-available/workadventure dest=/etc/nginx/sites-enabled/workadventure state=link
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Enable workadventure
|
||||
service: name=workadventure enabled=yes
|
15
roles/workadventure/templates/certs.j2
Normal file
15
roles/workadventure/templates/certs.j2
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
|
||||
{{ workadventure_domain }} play.{{ workadventure_domain }} pusher.{{ workadventure_domain }} uploader.{{ workadventure_domain }}:
|
||||
- path: /etc/nginx/ssl/{{ workadventure_domain }}.key
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: key
|
||||
action: '/usr/sbin/service nginx restart'
|
||||
- path: /etc/nginx/ssl/{{ workadventure_domain }}.crt
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: crt,ca
|
||||
action: '/usr/sbin/service nginx restart'
|
76
roles/workadventure/templates/vhost.j2
Normal file
76
roles/workadventure/templates/vhost.j2
Normal file
@ -0,0 +1,76 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name {{ workadventure_domain }} play.{{ workadventure_domain }} pusher.{{ workadventure_domain }} uploader.{{ workadventure_domain }};
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
default_type "text/plain";
|
||||
alias /var/www/acme-challenge;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name {{ workadventure_domain }};
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
|
||||
|
||||
location / {
|
||||
root /opt/workadventure/source/landing/dist;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name play.{{ workadventure_domain }};
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
|
||||
|
||||
location / {
|
||||
root /opt/workadventure/source/front/dist;
|
||||
try_files $uri uri/ /index.html?$args;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name pusher.{{ workadventure_domain }};
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8002;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name uploader.{{ workadventure_domain }};
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8005;
|
||||
}
|
||||
}
|
27
roles/workadventure/templates/workadventure.service.j2
Normal file
27
roles/workadventure/templates/workadventure.service.j2
Normal file
@ -0,0 +1,27 @@
|
||||
[Unit]
|
||||
Description=WorkAdventure service using docker compose
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
|
||||
User=workadventure
|
||||
Group=workadventure
|
||||
|
||||
Restart=always
|
||||
TimeoutStartSec=1200
|
||||
|
||||
WorkingDirectory=/opt/workadventure/source/
|
||||
|
||||
# Make sure no old containers are running
|
||||
ExecStartPre=/usr/bin/docker-compose -f docker-compose.bk.yaml down -v
|
||||
|
||||
# Compose up
|
||||
ExecStart=/usr/bin/docker-compose -f docker-compose.bk.yaml up
|
||||
|
||||
# Compose down, remove containers and volumes
|
||||
ExecStop=/usr/bin/docker-compose -f docker-compose.bk.yaml down -v
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
x
Reference in New Issue
Block a user