From 76e9e6cac59f5f4fddada7a0d4d05bd7bd6b92c7 Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Fri, 31 Jul 2020 21:38:33 +0200 Subject: [PATCH] new host: molybdenum (Telefonzelle) --- host_vars/molybdenum.binary-kitchen.net | 6 +++++ hosts | 1 + roles/grafana/handlers/main.yml | 7 ++++++ roles/grafana/tasks/main.yml | 3 ++- roles/grafana/templates/certs.j2 | 15 ++++++++++++ roles/grafana/templates/vhost.j2 | 31 +++++++++++++++++++++++++ site.yml | 7 +++++- 7 files changed, 68 insertions(+), 2 deletions(-) create mode 100644 host_vars/molybdenum.binary-kitchen.net create mode 100644 roles/grafana/handlers/main.yml create mode 100644 roles/grafana/templates/certs.j2 create mode 100644 roles/grafana/templates/vhost.j2 diff --git a/host_vars/molybdenum.binary-kitchen.net b/host_vars/molybdenum.binary-kitchen.net new file mode 100644 index 0000000..4ba1a7c --- /dev/null +++ b/host_vars/molybdenum.binary-kitchen.net @@ -0,0 +1,6 @@ +--- + +grafana_domain: zelle.binary-kitchen.de + +root_keys_host: +- "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAib/9jl5oDkCF0g9Z2m0chruxA779TmQLy9nYFWq5qwxhCrBwgPBsHjyYJoA9vE6o+MB2Uc76hPNHxrY5WqOp+3L6z7B8I7CDww8gUBcvLXWFeQ8Qq5jjvtJfT6ziIRlEfJBHn7mQEZ6ekuOOraWXSt7EVJPYcTtSz/aqbSHNF6/iYLqK/qJQdrzwKF8aMbJk9+68XE5pPTyk+Ak9wpFtiKA+u1b0JAJr2Z0nZGVpe+QlMkgwysjcJik+ZOFfVRplJQSn7lEnG5tkKxySb3ewaTCmk5nkeV40ETiyXs6DGxw0ImVdsAZ2gjBlCVMUhiCgznREzGmlkSTQSPw7f62edw== venti" diff --git a/hosts b/hosts index 01c568b..05510e6 100644 --- a/hosts +++ b/hosts @@ -22,3 +22,4 @@ sodium.binary-kitchen.net krypton.binary-kitchen.net yttrium.binary-kitchen.net zirconium.binary-kitchen.net +molybdenum.binary-kitchen.net diff --git a/roles/grafana/handlers/main.yml b/roles/grafana/handlers/main.yml new file mode 100644 index 0000000..d707d25 --- /dev/null +++ b/roles/grafana/handlers/main.yml @@ -0,0 +1,7 @@ +--- + +- name: Run acertmgr + command: /usr/bin/acertmgr + +- name: Restart nginx + service: name=nginx state=restarted diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml index bc380f6..8c5dc14 100644 --- a/roles/grafana/tasks/main.yml +++ b/roles/grafana/tasks/main.yml @@ -18,6 +18,7 @@ vars: acme_dnskey_san_domains: - "{{ grafana_domain }}" + when: "'kitchen' in group_names" - name: Configure certificate manager for grafana template: src=certs.j2 dest=/etc/acertmgr/{{ grafana_domain }}.conf @@ -32,4 +33,4 @@ notify: Restart nginx - name: Start grafana - service: name=grafana state=started enabled=yes + service: name=grafana-server state=started enabled=yes diff --git a/roles/grafana/templates/certs.j2 b/roles/grafana/templates/certs.j2 new file mode 100644 index 0000000..aec0513 --- /dev/null +++ b/roles/grafana/templates/certs.j2 @@ -0,0 +1,15 @@ +--- + +{{ grafana_domain }}: +- path: /etc/nginx/ssl/{{ grafana_domain }}.key + user: root + group: root + perm: '400' + format: key + action: '/usr/sbin/service nginx restart' +- path: /etc/nginx/ssl/{{ grafana_domain }}.crt + user: root + group: root + perm: '400' + format: crt,ca + action: '/usr/sbin/service nginx restart' diff --git a/roles/grafana/templates/vhost.j2 b/roles/grafana/templates/vhost.j2 new file mode 100644 index 0000000..2a11c10 --- /dev/null +++ b/roles/grafana/templates/vhost.j2 @@ -0,0 +1,31 @@ +server { + listen 80; + listen [::]:80; + + server_name {{ grafana_domain }}; + + location /.well-known/acme-challenge { + default_type "text/plain"; + alias /var/www/acme-challenge; + } + + location / { + return 301 https://{{ grafana_domain }}$request_uri; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name {{ grafana_domain }}; + + ssl_certificate_key /etc/nginx/ssl/{{ grafana_domain }}.key; + ssl_certificate /etc/nginx/ssl/{{ grafana_domain }}.crt; + + location / { + client_max_body_size 1024M; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://localhost:3000; + } +} diff --git a/site.yml b/site.yml index f86cc0e..5423b30 100644 --- a/site.yml +++ b/site.yml @@ -8,7 +8,7 @@ - root-keys - name: Setup unattended updates - hosts: [sulis.binary.kitchen, nabia.binary.kitchen, bob.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, krypton.binary-kitchen.net, sodium.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net] + hosts: [sulis.binary.kitchen, nabia.binary.kitchen, bob.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, krypton.binary-kitchen.net, sodium.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net] roles: - uau @@ -99,3 +99,8 @@ hosts: zirconium.binary-kitchen.net roles: - jitsi + +- name: Setup zelle server + hosts: molybdenum.binary-kitchen.net + roles: + - grafana