web: merge PLK into web

web_plk: remove host: technetium

group_vars/all/vars.yml

@@ -127,11 +127,6 @@ nslcd_base_group: ou=groups,dc=binary-kitchen,dc=de
 nslcd_base_shadow: ou=people,dc=binary-kitchen,dc=de
 nslcd_base_passwd: ou=people,dc=binary-kitchen,dc=de
 
-plk_domain: plk-regensburg.de
-plk_dbuser: plkdbuser
-plk_dbname: plkdb
-plk_dbpass: "{{ vault_plk_dbpass }}"
-
 prometheus_pve_user: prometheus@pve
 prometheus_pve_pass: "{{ vault_prometheus_pve_pass }}"
 

hosts

@@ -27,6 +27,5 @@ krypton.binary-kitchen.net
 yttrium.binary-kitchen.net
 zirconium.binary-kitchen.net
 molybdenum.binary-kitchen.net
-technetium.binary-kitchen.net
 ruthenium.binary-kitchen.net
 barium.binary-kitchen.net

roles/web/files/certs

@@ -41,3 +41,17 @@ www.makerspace-regensburg.de:
   perm: '400'
   format: key
   action: '/usr/sbin/service nginx restart'
+
+www.plk-regensburg.de plk-regensburg.de:
+- path: /etc/nginx/ssl/plk-regensburg.de.key
+  user: root
+  group: root
+  perm: '400'
+  format: key
+  action: '/usr/sbin/service nginx restart'
+- path: /etc/nginx/ssl/plk-regensburg.de.crt
+  user: root
+  group: root
+  perm: '400'
+  format: crt,ca
+  action: '/usr/sbin/service nginx restart'

roles/web/files/vhost

@@ -144,3 +144,33 @@ server {
 
 	default_type text/html;
 }
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name plk-regensburg.de www.plk-regensburg.de;
+
+	location /.well-known/acme-challenge {
+		default_type "text/plain";
+		alias /var/www/acme-challenge;
+	}
+
+	location / {
+		return 301 https://www.plk-regensburg.de$request_uri;
+	}
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+
+	server_name www.plk-regensburg.de;
+
+	ssl_certificate_key /etc/nginx/ssl/www.plk-regensburg.de.key;
+	ssl_certificate /etc/nginx/ssl/www.plk-regensburg.de.crt;
+
+	location / {
+		return 302 https://xn--bauwrts-8wa.de/prinzleokultur/;
+	}
+}

roles/web/tasks/main.yml

@@ -23,6 +23,10 @@
   command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.makerspace-regensburg.de.key -out /etc/nginx/ssl/www.makerspace-regensburg.de.crt -days 730 -subj "/CN=www.makerspace-regensburg.de" creates=/etc/nginx/ssl/www.makerspace-regensburg.de.crt
   notify: Restart nginx
 
+- name: Ensure (PLK) certificates are available
+  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.plk-regensburg.de.key -out /etc/nginx/ssl/www.plk-regensburg.de.crt -days 730 -subj "/CN=www.plk-regensburg.de" creates=/etc/nginx/ssl/www.plk-regensburg.de.crt
+  notify: Restart nginx
+
 - name: Configure certificate manager
   copy: src=certs dest=/etc/acertmgr/www.binary-kitchen.de.conf
   notify: Run acertmgr

roles/web_plk/handlers/main.yml

@@ -1,7 +0,0 @@
----
-
-- name: Restart nginx
-  service: name=nginx state=restarted
-
-- name: Run acertmgr
-  command: /usr/bin/acertmgr

roles/web_plk/meta/main.yml

@@ -1,5 +0,0 @@
----
-
-dependencies:
-- { role: acertmgr }
-- { role: nginx, nginx_ssl: True }

roles/web_plk/tasks/main.yml

@@ -1,52 +0,0 @@
----
-
-- name: Install dependencies
-  apt:
-    name:
-    - exif
-    - imagemagick
-    - imagemagick-common
-    - libsodium23
-    - mariadb-server
-    - php-common
-    - php-curl
-    - php-fpm
-    - php-imagick
-    - php-json
-    - php-mbstring
-    - php-mysql
-    - php-seclib
-    - php-xml
-    - php-zip
-
-- name: Create vhost directory
-  file: path=/var/www/plk state=directory owner=www-data group=www-data
-
-# FIXME mysql_db and mysql_user is currently not working
-# already tried installing python3-pymsql
-# so for now mysql is handled manually
-#- name: Configure MySQL database
-#  mysql_db: name={{ plk_dbname }}
-
-#- name: Configure MySQL user
-#  mysql_user: name={{ plk_dbuser }} password={{ plk_dbpass }} priv={{ plk_dbname }}.*:ALL state=present
-
-- name: Ensure certificates are available
-  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ plk_domain }}.key -out /etc/nginx/ssl/{{ plk_domain }}.crt -days 730 -subj "/CN={{ plk_domain }}" creates=/etc/nginx/ssl/{{ plk_domain }}.crt
-  notify: Restart nginx
-
-- name: Configure certificate manager
-  template: src=certs.j2 dest=/etc/acertmgr/{{ plk_domain }}.conf
-  notify: Run acertmgr
-
-# TODO vhost is configured manually to figure out what is needed for wordpress
-#- name: Configure vhosts
-#  template: src=vhost.j2 dest=/etc/nginx/sites-available/plk
-#  notify: Restart nginx
-
-- name: Enable vhosts
-  file: src=/etc/nginx/sites-available/plk dest=/etc/nginx/sites-enabled/plk state=link
-  notify: Restart nginx
-
-- name: Start php7.3-fpm
-  service: name=php7.3-fpm state=started enabled=yes

roles/web_plk/templates/certs.j2

@@ -1,15 +0,0 @@
----
-
-www.{{ plk_domain }} {{ plk_domain }}:
-- path: /etc/nginx/ssl/{{ plk_domain }}.key
-  user: root
-  group: root
-  perm: '400'
-  format: key
-  action: '/usr/sbin/service nginx restart'
-- path: /etc/nginx/ssl/{{ plk_domain }}.crt
-  user: root
-  group: root
-  perm: '400'
-  format: crt,ca
-  action: '/usr/sbin/service nginx restart'

roles/web_plk/templates/vhost.j2

@@ -1,36 +0,0 @@
-server {
-	listen 80;
-	listen [::]:80;
-
-	server_name {{ plk_domain }};
-
-	location /.well-known/acme-challenge {
-		default_type "text/plain";
-		alias /var/www/acme-challenge;
-	}
-
-	location / {
-		return 301 https://{{ plk_domain }}$request_uri;
-	}
-}
-
-server {
-	listen 443 ssl http2;
-	listen [::]:443 ssl http2;
-
-	server_name {{ plk_domain }};
-
-	ssl_certificate_key /etc/nginx/ssl/{{ plk_domain }}.key;
-	ssl_certificate /etc/nginx/ssl/{{ plk_domain }}.crt;
-
-	root /var/www/plk;
-
-	location ~ \.php(?:$|/) {
-		fastcgi_split_path_info ^(.+\.php)(/.+)$;
-		include fastcgi_params;
-		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-		fastcgi_param PATH_INFO $fastcgi_path_info;
-		fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
-		fastcgi_intercept_errors on;
-	}
-}

site.yml

@@ -7,7 +7,7 @@
   - root_keys
 
 - name: Setup unattended updates
-  hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, bob.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, technetium.binary-kitchen.net, ruthenium.binary-kitchen.net, barium.binary-kitchen.net]
+  hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, bob.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, barium.binary-kitchen.net]
   roles:
   - uau
 
@@ -110,11 +110,6 @@
   roles:
   - grafana
 
-- name: Setup PLK server
-  hosts: technetium.binary-kitchen.net
-  roles:
-  - web_plk
-
 - name: Setup minecraft server
   hosts: ruthenium.binary-kitchen.net
   roles: