Merge remote-tracking branch 'upstream/master'
This commit is contained in:
commit
2cd51da2d7
|
@ -0,0 +1,11 @@
|
|||
# Binary Kitchen Ansible Playbooks
|
||||
|
||||
This repository contains the roles to setup most of the infrastructure related to the hackerspace Binary Kitchen.
|
||||
|
||||
## Using
|
||||
|
||||
TBA
|
||||
|
||||
## Style / Contributing
|
||||
|
||||
TBA/TBD
|
|
@ -14,13 +14,25 @@ dns_axfr_ips:
|
|||
|
||||
dhcp_omapi_key: "{{ vault_dhcp_omapi_key }}"
|
||||
|
||||
drone_admin: moepman
|
||||
drone_domain: drone.binary-kitchen.de
|
||||
drone_dbname: drone
|
||||
drone_dbuser: drone
|
||||
drone_dbpass: "{{ vault_drone_dbpass }}"
|
||||
drone_uipass: "{{ vault_drone_uipass }}"
|
||||
drone_secret: "{{ vault_drone_secret }}"
|
||||
drone_gitea_client: "{{ vault_drone_gitea_client }}"
|
||||
drone_gitea_secret: "{{ vault_drone_gitea_secret }}"
|
||||
|
||||
dss_domain: dss.binary-kitchen.de
|
||||
dss_secret: "{{ vault_dss_secret }}"
|
||||
|
||||
gogs_domain: git.binary-kitchen.de
|
||||
gogs_dbname: gogs
|
||||
gogs_dbuser: gogs
|
||||
gogs_dbpass: "{{ vault_gogs_dbpass }}"
|
||||
gitea_domain: git.binary-kitchen.de
|
||||
gitea_dbname: gogs
|
||||
gitea_dbuser: gogs
|
||||
gitea_dbpass: "{{ vault_gitea_dbpass }}"
|
||||
gitea_secret: "{{ vault_gitea_secret }}"
|
||||
gitea_jwt_secret: "{{ vault_gitea_jwt_secret }}"
|
||||
|
||||
hackmd_domain: pad.binary-kitchen.de
|
||||
hackmd_dbname: hackmd
|
||||
|
@ -97,9 +109,16 @@ nextcloud_dbname: owncloud
|
|||
nextcloud_dbuser: owncloud
|
||||
nextcloud_dbpass: "{{ vault_owncloud_dbpass }}"
|
||||
|
||||
prometheus_pve_user: prometheus@pve
|
||||
prometheus_pve_pass: "{{ vault_prometheus_pve_pass }}"
|
||||
|
||||
prosody_admin: moepman@jabber.binary-kitchen.de
|
||||
prosody_domain: jabber.binary-kitchen.de
|
||||
|
||||
pve_targets:
|
||||
- wurst.binary.kitchen
|
||||
- salat.binary.kitchen
|
||||
|
||||
radius_secret: "{{ vault_radius_secret }}"
|
||||
|
||||
rocketchat_domain: chat.binary-kitchen.de
|
||||
|
|
|
@ -1,38 +1,58 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
31316565653436313436663337323938356535343436663335626534623164323933346132623738
|
||||
3336623562623536366566626338326233643766353963610a363566623666636162653464383363
|
||||
34653566643437383437356131383637303466303433663031376638623634643161306564336536
|
||||
3262626566333632380a313261313837646636336433343839623062316637636535396333656330
|
||||
34316636336236666465396464623162666337613861643536313436366461383365376436303864
|
||||
30636438363166363537333130323638383431623537366234363332633965616232393366623130
|
||||
30313664303961393733653066383663356436336139363234666636633835636663626366306664
|
||||
32653039393732306138316138333138323034363836643436666436613065373162363634616334
|
||||
30633031303166613161623262323866383664353335653566303265363061663636323966653735
|
||||
38386162393532333562306233663534613134633662376135323338613263326163643961363236
|
||||
38323331316633663032376530383862373463323633303739303637646139383561306439353430
|
||||
38323736386334303834346637393933306532393962626635326364363034643236336338623565
|
||||
66346666633935633933636132373730646664303239376532633935626565356238366337306133
|
||||
64626263396538363039326663663934323339303461386538643837383833303264656463306161
|
||||
30663964316438626636653337356630653638616238626563336366646134373461636265343138
|
||||
37396630613033306636306533356462316336333562346633646239646332386138346431303661
|
||||
37336436623963396135336339656337363864666235343832313839313633623632613939636636
|
||||
31613233383366386335376132323635643332643930646137333639656236373766363365313435
|
||||
63653530323532396465386533653836346265353861336331323735316231653335396337643635
|
||||
38373066313037363638333337353430346331396134366136373731333265616662316337373539
|
||||
65383035656334376363613033316133376233333463613963356135366665346530613861636466
|
||||
31656435636661383066303163636364356538343431383636353963306139393864633037326332
|
||||
63343165313464333138393439313235323263633034376530323934326238653366353331343234
|
||||
31313663353534336233363361343065636561653536393036346461656530393739653535623832
|
||||
33626236653965626366346235383163303030623365356536663135353933646266326434336634
|
||||
66373733323831333834303462346536373865343732663762633865343435343361656537336266
|
||||
35326431313961663262393461363932333334653239306132646538383464343461336633336261
|
||||
66313633616464323931393962666133356362383135666338303635353363353639303935336533
|
||||
63383137343136383630333136313361626364383738333563333063336661613436336465326132
|
||||
31383933633632613265363262653365366239343732366166356134646631333461643432333239
|
||||
33633065666531313039303765663138396266356431306636303561386435636365623534396632
|
||||
32346366343665656262663663663934636230323334396332313030386237306633386563396661
|
||||
33643562376530623961383830313065396330333134383736613135636338633432326236383632
|
||||
63643066303665373762656565303265313132313334653336613464396566326335366433303235
|
||||
36363735363734393936646461326230316535616462643933643933373462613063656265666561
|
||||
39393433343437363537626331333534373632663065376636336363306537396263353766626662
|
||||
3633
|
||||
37373233323433356238633036363036633430346330326366336364396337303233633536623061
|
||||
3063666236656134323536656433663266356366333935380a373232663535633864633934373065
|
||||
66346432396336613130333166623436353365326138663562623866643035653636353734633661
|
||||
3864353063363764320a343264643965366638626332323464373737653032366332616661343732
|
||||
36303466623337303437613733393066376534663261643963653866386162393161663936653139
|
||||
32363832346265383736646566326465633662303663666332666635636331313631653064636336
|
||||
62326261366632356361653734383336353933303862376230356335653762613532626666613936
|
||||
62613565383831616632626536303266666161373932316230393730393461363832326431656234
|
||||
31356232386165336438396361626332336233386330326364613331336464383234633038616537
|
||||
33646438373366633263353438386333326661376461633437633734643132343238626638303763
|
||||
37656163373761646164306266623161396437333135616431306165623634613432626439303331
|
||||
61316235636661343132323236386561643339353866306665616631303639343837626335383661
|
||||
32653035656539383963383163343130313039333935336631623438306161393734323361326536
|
||||
66633034383262653262653636393065383235623366623535316630326163393938653165613861
|
||||
35323965646533396539633634386534666266336666393635613039626539313262383263353131
|
||||
61393563643666313336636262393331323934613637333932323265303431626535623864386130
|
||||
64383538363431616230653730653430653764663933343330653963336266383663636135383366
|
||||
62306139323963303639336330326131643732376631656138316630386363623261653538666537
|
||||
35623733336530333164616632323137343463646137396233363935656361376538383766313433
|
||||
62636333633737643235306365343962613565653638343461346331666231333965336534386434
|
||||
32616238333962646639393963663931396433333237616137646365653634316362363034656137
|
||||
30353239383039356466636466616361326565323661633635623566326265646563336135396135
|
||||
66373561303331326562346165663532373465306433653739653835313161326561333533353864
|
||||
34373630326637666164336337373730363535396561623463633963393361613236386234656436
|
||||
38396631363230663737656538326466623339616265343333393661613631303966646338656332
|
||||
36323062333430366566613265623737643830616335626134376563376666393537396238356530
|
||||
31633331653031666461313631316138376539343036646532336633656339643362613663363435
|
||||
66326139386636303630383539393566366561316561353363623630333662363363643630613563
|
||||
38306438326533373665663562306239306636356539306166333830376339356265633861633439
|
||||
38623661323730313939313739336361373464663366643337383039633834643864656430313231
|
||||
38306137396261353465373133316232353134333432366637636232616663646337396535326162
|
||||
35323333623365343262663338356263313734383537623934656132666562346230393535376435
|
||||
31623761333565333239303139376632343631636432373137656633633564396366653163386361
|
||||
31653538636362636231396237323330643330373464303861363832633332646265626536643761
|
||||
36303231393561666564323633393431326634306235653935366232326131656434303738336235
|
||||
62373238613737616133613161333335343534343434336564613232366161623162386137306539
|
||||
32336139363339643236363264316266343035616265666332336133323234353437616632396138
|
||||
31316230336238373935373836643635383637343435316339366164373462373733666162653138
|
||||
33323033646239303830343266623262363537336131613863313834366231353834303435316437
|
||||
33633933656238353535396339323936373637316433646531346334383732363237623663613361
|
||||
61393534613236666133396564333735386561306161383966646635396333336636613932353537
|
||||
66383762313533333034323038613465383134666233303965386139316634316535616464383532
|
||||
31323833656161653361306462633434313765613038653362363863393462623835386331383064
|
||||
31383861353031396430393364386466613937656261653039636262336461363639616536663233
|
||||
64656636303637316333313365633832363934303034626239663233383031363066343163313639
|
||||
33373366363230333665616131333466336666346161353736376434656539643433656261383834
|
||||
32346563373537356133346666666439353632333330373034643565653562653064653133373934
|
||||
32663162373030323931323862313038626135643136336632643034323963643235353235343161
|
||||
37326332323762386235363931663435663934363337626433383936633263373435663866323561
|
||||
33333863633833303336333332313566666633646365353639376163376433613639373731303563
|
||||
38633163353632353936323135353338626462343161366262393034363438383735393737363739
|
||||
61666339326562613131303365306464626663323934623036333461383734616534353031326163
|
||||
30663635333461656366653630383165666466653935666161363732303763643234316132613665
|
||||
32613130643138666230396366303639306536643065353666316638383366626365623436633732
|
||||
31343764636662316438636639393063313430313839646130376233356634336534616463643863
|
||||
38343161336366373630383765616139353761353230343832383664376261336164333830373539
|
||||
3338
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
|
||||
grafana_domain: zelle.binary-kitchen.de
|
||||
|
||||
root_keys_host:
|
||||
- "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAib/9jl5oDkCF0g9Z2m0chruxA779TmQLy9nYFWq5qwxhCrBwgPBsHjyYJoA9vE6o+MB2Uc76hPNHxrY5WqOp+3L6z7B8I7CDww8gUBcvLXWFeQ8Qq5jjvtJfT6ziIRlEfJBHn7mQEZ6ekuOOraWXSt7EVJPYcTtSz/aqbSHNF6/iYLqK/qJQdrzwKF8aMbJk9+68XE5pPTyk+Ak9wpFtiKA+u1b0JAJr2Z0nZGVpe+QlMkgwysjcJik+ZOFfVRplJQSn7lEnG5tkKxySb3ewaTCmk5nkeV40ETiyXs6DGxw0ImVdsAZ2gjBlCVMUhiCgznREzGmlkSTQSPw7f62edw== venti"
|
7
hosts
7
hosts
|
@ -4,11 +4,11 @@ bacon.binary.kitchen ansible_host=172.23.2.3
|
|||
aveta.binary.kitchen ansible_host=172.23.2.4
|
||||
sulis.binary.kitchen ansible_host=172.23.2.5
|
||||
nabia.binary.kitchen ansible_host=172.23.2.6
|
||||
pizza.binary.kitchen ansible_host=172.23.2.33
|
||||
#pizza.binary.kitchen ansible_host=172.23.2.33
|
||||
bob.binary.kitchen ansible_host=172.23.2.37
|
||||
bowle.binary.kitchen ansible_host=172.23.2.62 ansible_python_interpreter=/usr/local/bin/python2.7
|
||||
cerunnos.binary.kitchen ansible_host=172.23.8.23
|
||||
salat.binary.kitchen ansible_host=172.23.9.61
|
||||
[fan-rz]
|
||||
[fan_rz]
|
||||
helium.binary-kitchen.net
|
||||
lithium.binary-kitchen.net
|
||||
beryllium.binary-kitchen.net
|
||||
|
@ -22,3 +22,4 @@ sodium.binary-kitchen.net
|
|||
krypton.binary-kitchen.net
|
||||
yttrium.binary-kitchen.net
|
||||
zirconium.binary-kitchen.net
|
||||
molybdenum.binary-kitchen.net
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
|
||||
acertmgr_version: "{{ lookup('url', 'https://raw.githubusercontent.com/moepman/acertmgr/master/version.txt') | trim }}"
|
|
@ -1,29 +1,37 @@
|
|||
---
|
||||
|
||||
- name: Install dependencies
|
||||
apt: name={{ item }}
|
||||
with_items:
|
||||
- python3-cryptography
|
||||
- python3-dnspython
|
||||
- python3-yaml
|
||||
- python3-pkg-resources
|
||||
|
||||
- name: Find current acertmgr version
|
||||
get_url: url="https://raw.githubusercontent.com/moepman/acertmgr/master/version.txt" dest=/tmp/acertmgr.version
|
||||
vars:
|
||||
ansible_connection: local
|
||||
apt:
|
||||
name:
|
||||
- python3-cryptography
|
||||
- python3-dnspython
|
||||
- python3-yaml
|
||||
- python3-pkg-resources
|
||||
|
||||
- name: Install acertmgr
|
||||
apt: deb="https://github.com/moepman/acertmgr/releases/download/{{ lookup('file', '/tmp/acertmgr.version') }}/python3-acertmgr_{{ lookup('file', '/tmp/acertmgr.version') }}-1_all.deb"
|
||||
apt:
|
||||
deb: "https://github.com/moepman/acertmgr/releases/download/{{ acertmgr_version }}/python3-acertmgr_{{ acertmgr_version }}-1_all.deb"
|
||||
|
||||
- name: Create config directories
|
||||
file: path=/etc/acertmgr state=directory mode=0755
|
||||
file:
|
||||
path: /etc/acertmgr
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: Configure acertmgr
|
||||
template: src=acertmgr.conf.j2 dest=/etc/acertmgr/acertmgr.conf
|
||||
template:
|
||||
src: acertmgr.conf.j2
|
||||
dest: /etc/acertmgr/acertmgr.conf
|
||||
|
||||
- name: Create challenge directory
|
||||
file: path=/var/www/acme-challenge/ owner=root mode=0755 state=directory
|
||||
file:
|
||||
path: /var/www/acme-challenge/
|
||||
owner: root
|
||||
mode: 0755
|
||||
state: directory
|
||||
|
||||
- name: Enable acertmgr cronjob
|
||||
cron: name=certmgr special_time=daily job=/usr/bin/acertmgr
|
||||
cron:
|
||||
name: certmgr
|
||||
special_time: daily
|
||||
job: /usr/bin/acertmgr
|
||||
|
|
|
@ -7,4 +7,4 @@
|
|||
service: name=uwsgi state=restarted
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /opt/acertmgr/acertmgr.py
|
||||
command: /usr/bin/acertmgr
|
||||
|
|
|
@ -1,17 +1,17 @@
|
|||
---
|
||||
|
||||
- name: Install dependencies
|
||||
apt: name={{ item }}
|
||||
with_items:
|
||||
- git
|
||||
- python3-flask
|
||||
- python3-flaskext.wtf
|
||||
- python3-passlib
|
||||
- python3-pyldap
|
||||
- python3-redis
|
||||
- redis-server
|
||||
- uwsgi
|
||||
- uwsgi-plugin-python3
|
||||
apt:
|
||||
name:
|
||||
- git
|
||||
- python3-flask
|
||||
- python3-flaskext.wtf
|
||||
- python3-passlib
|
||||
- python3-pyldap
|
||||
- python3-redis
|
||||
- redis-server
|
||||
- uwsgi
|
||||
- uwsgi-plugin-python3
|
||||
|
||||
- name: Install bk-dss
|
||||
git: repo=https://git.binary-kitchen.de/moepman/bk-dss.git dest=/opt/bk-dss depth=1 version={{ dss_version }}
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
|
||||
- name: Enable docker apt-key
|
||||
apt_key: url='https://download.docker.com/linux/debian/gpg'
|
||||
|
||||
- name: Enable docker repository
|
||||
apt_repository:
|
||||
repo: 'deb https://download.docker.com/linux/debian buster stable'
|
||||
filename: docker
|
||||
|
||||
- name: Install docker
|
||||
apt:
|
||||
name:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
- containerd.io
|
||||
- python-docker
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
|
||||
dependencies:
|
||||
- { role: docker }
|
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
|
||||
- name: Run runner container
|
||||
docker_container:
|
||||
name: runner
|
||||
image: drone/drone-runner-docker:1
|
||||
env:
|
||||
DRONE_RPC_PROTO: "https"
|
||||
DRONE_RPC_HOST: "{{ drone_domain }}"
|
||||
DRONE_RPC_SECRET: "{{ drone_secret }}"
|
||||
DRONE_RUNNER_CAPACITY: "2"
|
||||
DRONE_RUNNER_NAME: "{{ ansible_fqdn }}"
|
||||
DRONE_UI_USERNAME: "admin"
|
||||
DRONE_UI_PASSWORD: "{{ drone_uipass }}"
|
||||
ports:
|
||||
- "3000:3000"
|
||||
restart_policy: unless-stopped
|
||||
state: started
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
|
@ -0,0 +1,14 @@
|
|||
[Unit]
|
||||
Description=drone.io server
|
||||
After=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=drone
|
||||
EnvironmentFile=/etc/default/drone
|
||||
ExecStart=/opt/drone/bin/drone-server
|
||||
Restart=always
|
||||
RestartSec=5s
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
|
||||
- name: Reload systemd
|
||||
systemd: daemon_reload=yes
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /usr/bin/acertmgr
|
||||
|
||||
- name: Restart drone
|
||||
service: name=drone state=restarted
|
||||
|
||||
- name: Restart nginx
|
||||
service: name=nginx state=restarted
|
|
@ -0,0 +1,52 @@
|
|||
---
|
||||
|
||||
- name: Create user
|
||||
user: name=drone
|
||||
|
||||
# TODO install drone to /opt/drone/bin
|
||||
# currently it is manually compiled
|
||||
|
||||
- name: Configure drone
|
||||
template: src=drone.j2 dest=/etc/default/drone
|
||||
notify: Restart drone
|
||||
|
||||
- name: Install PostgreSQL
|
||||
apt:
|
||||
name:
|
||||
- postgresql
|
||||
- python-psycopg2
|
||||
|
||||
- name: Configure PostgreSQL database
|
||||
postgresql_db: name={{ drone_dbname }}
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
- name: Configure PostgreSQL user
|
||||
postgresql_user: db={{ drone_dbname }} name={{ drone_dbuser }} password={{ drone_dbpass }} priv=ALL state=present
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
- name: Ensure certificates are available
|
||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ drone_domain }}.key -out /etc/nginx/ssl/{{ drone_domain }}.crt -days 730 -subj "/CN={{ drone_domain }}" creates=/etc/nginx/ssl/{{ drone_domain }}.crt
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Configure certificate manager for drone
|
||||
template: src=certs.j2 dest=/etc/acertmgr/{{ drone_domain }}.conf
|
||||
notify: Run acertmgr
|
||||
|
||||
- name: Configure vhost
|
||||
template: src=vhost.j2 dest=/etc/nginx/sites-available/drone
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Enable vhost
|
||||
file: src=/etc/nginx/sites-available/drone dest=/etc/nginx/sites-enabled/drone state=link
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Install systemd unit
|
||||
copy: src=drone.service dest=/lib/systemd/system/drone.service
|
||||
notify:
|
||||
- Reload systemd
|
||||
- Restart drone
|
||||
|
||||
- name: Enable drone
|
||||
service: name=drone enabled=yes
|
|
@ -1,13 +1,13 @@
|
|||
---
|
||||
|
||||
{{ gogs_domain }}:
|
||||
- path: /etc/nginx/ssl/{{ gogs_domain }}.key
|
||||
{{ drone_domain }}:
|
||||
- path: /etc/nginx/ssl/{{ drone_domain }}.key
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: key
|
||||
action: '/usr/sbin/service nginx restart'
|
||||
- path: /etc/nginx/ssl/{{ gogs_domain }}.crt
|
||||
- path: /etc/nginx/ssl/{{ drone_domain }}.crt
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
|
@ -0,0 +1,10 @@
|
|||
DRONE_AGENTS_ENABLED=true
|
||||
DRONE_DATABASE_DATASOURCE=postgres://{{ drone_dbuser }}:{{ drone_dbpass }}@127.0.0.1:5432/{{ drone_dbname }}
|
||||
DRONE_DATABASE_DRIVER=postgres
|
||||
DRONE_GITEA_SERVER=https://{{ gitea_domain }}
|
||||
DRONE_GITEA_CLIENT_ID={{ drone_gitea_client }}
|
||||
DRONE_GITEA_CLIENT_SECRET={{ drone_gitea_secret }}
|
||||
DRONE_RPC_SECRET={{ drone_secret }}
|
||||
DRONE_SERVER_HOST={{ drone_domain }}
|
||||
DRONE_SERVER_PROTO=https
|
||||
DRONE_USER_CREATE=username:{{ drone_admin }},admin:true
|
|
@ -0,0 +1,31 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name {{ drone_domain }};
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
default_type "text/plain";
|
||||
alias /var/www/acme-challenge;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://{{ drone_domain }}$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name {{ drone_domain }};
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ drone_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ drone_domain }}.crt;
|
||||
|
||||
location / {
|
||||
client_max_body_size 128M;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://localhost:8080;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
|
||||
gitea_user: gogs
|
||||
gitea_group: gogs
|
||||
|
||||
gitea_checksum: sha256:8ed8bff1f34d8012cab92943214701c10764ffaca102e311a3297edbb8fce940
|
||||
gitea_version: 1.12.5
|
||||
gitea_url: https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64
|
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /usr/bin/acertmgr
|
||||
|
||||
- name: Reload systemd
|
||||
systemd: daemon_reload=yes
|
||||
|
||||
- name: Restart gitea
|
||||
service: name=gitea state=restarted
|
||||
|
||||
- name: Restart nginx
|
||||
service: name=nginx state=restarted
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
|
||||
dependencies:
|
||||
- { role: acertmgr }
|
||||
- { role: nginx, nginx_ssl: True }
|
|
@ -0,0 +1,62 @@
|
|||
---
|
||||
|
||||
- name: Create group
|
||||
group: name={{ gitea_group }}
|
||||
|
||||
- name: Create user
|
||||
user: name={{ gitea_user }} home=/home/{{ gitea_user }} group={{ gitea_group }}
|
||||
|
||||
- name: Create gitea directories
|
||||
file: path={{ item }} state=directory owner={{ gitea_user }}
|
||||
with_items:
|
||||
- /opt/gitea
|
||||
- /opt/gitea/custom
|
||||
- /opt/gitea/custom/conf
|
||||
|
||||
- name: Download gitea binary
|
||||
get_url: url={{ gitea_url }} dest=/opt/gitea/gitea checksum={{ gitea_checksum }} mode=0755
|
||||
notify: Restart gitea
|
||||
|
||||
- name: Configure gitea
|
||||
template: src=app.ini.j2 dest=/opt/gitea/custom/conf/app.ini force=no owner={{ gitea_user }}
|
||||
|
||||
- name: Install systemd unit
|
||||
template: src=gitea.service.j2 dest=/lib/systemd/system/gitea.service
|
||||
notify:
|
||||
- Reload systemd
|
||||
- Restart gitea
|
||||
|
||||
- name: Install PostgreSQL
|
||||
apt:
|
||||
name:
|
||||
- postgresql
|
||||
- python-psycopg2
|
||||
|
||||
- name: Configure PostgreSQL database
|
||||
postgresql_db: name={{ gitea_dbname }}
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
- name: Configure PostgreSQL user
|
||||
postgresql_user: db={{ gitea_dbname }} name={{ gitea_dbuser }} password={{ gitea_dbpass }} priv=ALL state=present
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
- name: Ensure certificates are available
|
||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ gitea_domain }}.key -out /etc/nginx/ssl/{{ gitea_domain }}.crt -days 730 -subj "/CN={{ gitea_domain }}" creates=/etc/nginx/ssl/{{ gitea_domain }}.crt
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Configure certificate manager for gitea
|
||||
template: src=certs.j2 dest=/etc/acertmgr/{{ gitea_domain }}.conf
|
||||
notify: Run acertmgr
|
||||
|
||||
- name: Configure vhost
|
||||
template: src=vhost.j2 dest=/etc/nginx/sites-available/gitea
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Enable vhost
|
||||
file: src=/etc/nginx/sites-available/gitea dest=/etc/nginx/sites-enabled/gitea state=link
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Enable gitea
|
||||
service: name=gitea enabled=yes
|
|
@ -0,0 +1,45 @@
|
|||
APP_NAME = Binary Kitchen Git Service
|
||||
RUN_USER = {{ gitea_user }}
|
||||
RUN_MODE = prod
|
||||
|
||||
[repository]
|
||||
ROOT = /home/{{ gitea_user }}/repositories
|
||||
|
||||
[server]
|
||||
PROTOCOL = http
|
||||
DOMAIN = localhost
|
||||
ROOT_URL = https://{{ gitea_domain }}
|
||||
HTTP_ADDR = 127.0.0.1
|
||||
|
||||
[database]
|
||||
DB_TYPE = postgres
|
||||
HOST = localhost
|
||||
NAME = {{ gitea_dbname }}
|
||||
USER = {{ gitea_dbuser }}
|
||||
PASSWD = {{ gitea_dbpass }}
|
||||
LOG_SQL = false
|
||||
|
||||
[security]
|
||||
INSTALL_LOCK = true
|
||||
SECRET_KEY = {{ gitea_secret }}
|
||||
|
||||
[service]
|
||||
DISABLE_REGISTRATION = true
|
||||
|
||||
[session]
|
||||
PROVIDER = file
|
||||
|
||||
[picture]
|
||||
DISABLE_GRAVATAR = true
|
||||
|
||||
[log]
|
||||
MODE = console,file
|
||||
|
||||
[log.console]
|
||||
LEVEL = error
|
||||
|
||||
[log.file]
|
||||
LEVEL = warn
|
||||
|
||||
[oauth2]
|
||||
JWT_SECRET = {{ gitea_jwt_secret }}
|
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
|
||||
{{ gitea_domain }}:
|
||||
- path: /etc/nginx/ssl/{{ gitea_domain }}.key
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: key
|
||||
action: '/usr/sbin/service nginx restart'
|
||||
- path: /etc/nginx/ssl/{{ gitea_domain }}.crt
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: crt,ca
|
||||
action: '/usr/sbin/service nginx restart'
|
|
@ -0,0 +1,18 @@
|
|||
[Unit]
|
||||
Description=Gitea (Git with a cup of tea)
|
||||
After=syslog.target
|
||||
After=network.target
|
||||
Requires=postgresql.service
|
||||
|
||||
[Service]
|
||||
RestartSec=2s
|
||||
Type=simple
|
||||
User={{ gitea_user }}
|
||||
Group={{ gitea_user }}
|
||||
WorkingDirectory=/opt/gitea/
|
||||
ExecStart=/opt/gitea/gitea web
|
||||
Restart=always
|
||||
Environment=USER={{ gitea_user }} HOME=/home/{{ gitea_user }} GITEA_WORK_DIR=/opt/gitea/
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -2,7 +2,7 @@ server {
|
|||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name {{ gogs_domain }};
|
||||
server_name {{ gitea_domain }};
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
default_type "text/plain";
|
||||
|
@ -10,7 +10,7 @@ server {
|
|||
}
|
||||
|
||||
location / {
|
||||
return 301 https://{{ gogs_domain }}$request_uri;
|
||||
return 301 https://{{ gitea_domain }}$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -18,13 +18,13 @@ server {
|
|||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name {{ gogs_domain }};
|
||||
server_name {{ gitea_domain }};
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ gogs_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ gogs_domain }}.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ gitea_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ gitea_domain }}.crt;
|
||||
|
||||
location / {
|
||||
client_max_body_size 128M;
|
||||
client_max_body_size 1024M;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://localhost:3000;
|
||||
}
|
|
@ -1,45 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Enable https for apt
|
||||
apt: name=apt-transport-https
|
||||
|
||||
- name: Enable gogs apt-key
|
||||
apt_key: url="https://dl.packager.io/srv/pkgr/gogs/key"
|
||||
|
||||
- name: Enable gogs repository
|
||||
apt_repository: repo="deb https://dl.packager.io/srv/deb/gogs/gogs/master/debian 10 main"
|
||||
|
||||
- name: Install gogs
|
||||
apt: name=gogs
|
||||
|
||||
- name: Install PostgreSQL
|
||||
apt: name={{ item }}
|
||||
with_items:
|
||||
- postgresql
|
||||
- python-psycopg2
|
||||
|
||||
- name: Configure PostgreSQL database
|
||||
postgresql_db: name={{ gogs_dbname }}
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
- name: Configure PostgreSQL user
|
||||
postgresql_user: db={{ gogs_dbname }} name={{ gogs_dbuser }} password={{ gogs_dbpass }} priv=ALL state=present
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
- name: Ensure certificates are available
|
||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ gogs_domain }}.key -out /etc/nginx/ssl/{{ gogs_domain }}.crt -days 730 -subj "/CN={{ gogs_domain }}" creates=/etc/nginx/ssl/{{ gogs_domain }}.crt
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Configure certificate manager for gogs
|
||||
template: src=certs.j2 dest=/etc/acertmgr/{{ gogs_domain }}.conf
|
||||
notify: Run acertmgr
|
||||
|
||||
- name: Configure vhost
|
||||
template: src=vhost.j2 dest=/etc/nginx/sites-available/gogs
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Enable vhost
|
||||
file: src=/etc/nginx/sites-available/gogs dest=/etc/nginx/sites-enabled/gogs state=link
|
||||
notify: Restart nginx
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /opt/acertmgr/acertmgr.py
|
||||
command: /usr/bin/acertmgr
|
||||
|
||||
- name: Restart nginx
|
||||
service: name=nginx state=restarted
|
|
@ -18,6 +18,7 @@
|
|||
vars:
|
||||
acme_dnskey_san_domains:
|
||||
- "{{ grafana_domain }}"
|
||||
when: "'kitchen' in group_names"
|
||||
|
||||
- name: Configure certificate manager for grafana
|
||||
template: src=certs.j2 dest=/etc/acertmgr/{{ grafana_domain }}.conf
|
||||
|
@ -32,4 +33,4 @@
|
|||
notify: Restart nginx
|
||||
|
||||
- name: Start grafana
|
||||
service: name=grafana state=started enabled=yes
|
||||
service: name=grafana-server state=started enabled=yes
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
|
||||
{{ grafana_domain }}:
|
||||
- path: /etc/nginx/ssl/{{ grafana_domain }}.key
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: key
|
||||
action: '/usr/sbin/service nginx restart'
|
||||
- path: /etc/nginx/ssl/{{ grafana_domain }}.crt
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: crt,ca
|
||||
action: '/usr/sbin/service nginx restart'
|
|
@ -0,0 +1,31 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name {{ grafana_domain }};
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
default_type "text/plain";
|
||||
alias /var/www/acme-challenge;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://{{ grafana_domain }}$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name {{ grafana_domain }};
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ grafana_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ grafana_domain }}.crt;
|
||||
|
||||
location / {
|
||||
client_max_body_size 1024M;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://localhost:3000;
|
||||
}
|
||||
}
|
|
@ -10,4 +10,4 @@
|
|||
service: name=nginx state=restarted
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /opt/acertmgr/acertmgr.py
|
||||
command: /usr/bin/acertmgr
|
||||
|
|
|
@ -4,4 +4,4 @@
|
|||
service: name=nginx state=restarted
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /opt/acertmgr/acertmgr.py
|
||||
command: /usr/bin/acertmgr
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
service: name=rspamd state=restarted
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /opt/acertmgr/acertmgr.py
|
||||
command: /usr/bin/acertmgr
|
||||
|
||||
- name: Run postmap
|
||||
command: postmap /etc/{{ item }}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /opt/acertmgr/acertmgr.py
|
||||
command: /usr/bin/acertmgr
|
||||
|
||||
- name: Restart matrix-synapse
|
||||
service: name=matrix-synapse state=restarted
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -11,24 +11,33 @@ formatters:
|
|||
precise:
|
||||
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
|
||||
|
||||
filters:
|
||||
context:
|
||||
(): synapse.logging.context.LoggingContextFilter
|
||||
request: ""
|
||||
|
||||
handlers:
|
||||
file:
|
||||
class: logging.handlers.RotatingFileHandler
|
||||
class: logging.handlers.TimedRotatingFileHandler
|
||||
formatter: precise
|
||||
filename: /var/log/matrix-synapse/homeserver.log
|
||||
maxBytes: 104857600
|
||||
backupCount: 10
|
||||
filters: [context]
|
||||
when: midnight
|
||||
backupCount: 3 # Does not include the current log file.
|
||||
encoding: utf8
|
||||
|
||||
# Default to buffering writes to log file for efficiency. This means that
|
||||
# will be a delay for INFO/DEBUG logs to get written, but WARNING/ERROR
|
||||
# logs will still be flushed immediately.
|
||||
buffer:
|
||||
class: logging.handlers.MemoryHandler
|
||||
target: file
|
||||
# The capacity is the number of log lines that are buffered before
|
||||
# being written to disk. Increasing this will lead to better
|
||||
# performance, at the expensive of it taking longer for log lines to
|
||||
# be written to disk.
|
||||
capacity: 10
|
||||
flushLevel: 30 # Flush for WARNING logs as well
|
||||
|
||||
# A handler that writes logs to stderr. Unused by default, but can be used
|
||||
# instead of "buffer" and "file" in the logger handlers.
|
||||
console:
|
||||
class: logging.StreamHandler
|
||||
formatter: precise
|
||||
filters: [context]
|
||||
level: WARN
|
||||
|
||||
loggers:
|
||||
|
@ -37,8 +46,23 @@ loggers:
|
|||
# information such as access tokens.
|
||||
level: INFO
|
||||
|
||||
twisted:
|
||||
# We send the twisted logging directly to the file handler,
|
||||
# to work around https://github.com/matrix-org/synapse/issues/3471
|
||||
# when using "buffer" logger. Use "console" to log to stderr instead.
|
||||
handlers: [file]
|
||||
propagate: false
|
||||
|
||||
root:
|
||||
level: INFO
|
||||
handlers: [file, console]
|
||||
|
||||
# Write logs to the `buffer` handler, which will buffer them together in memory,
|
||||
# then write them to a file.
|
||||
#
|
||||
# Replace "buffer" with "console" to log to stderr instead. (Note that you'll
|
||||
# also need to update the configuation for the `twisted` logger above, in
|
||||
# this case.)
|
||||
#
|
||||
handlers: [buffer]
|
||||
|
||||
disable_existing_loggers: false
|
||||
|
|
|
@ -23,7 +23,7 @@ server {
|
|||
ssl_certificate_key /etc/nginx/ssl/{{ matrix_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ matrix_domain }}.crt;
|
||||
|
||||
client_max_body_size 10M;
|
||||
client_max_body_size 25M;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8008;
|
||||
|
@ -40,7 +40,7 @@ server {
|
|||
ssl_certificate_key /etc/nginx/ssl/{{ matrix_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ matrix_domain }}.crt;
|
||||
|
||||
client_max_body_size 5M;
|
||||
client_max_body_size 25M;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8008;
|
||||
|
|
|
@ -19,7 +19,7 @@ http {
|
|||
tcp_nodelay on;
|
||||
keepalive_timeout 65;
|
||||
types_hash_max_size 2048;
|
||||
# server_tokens off;
|
||||
server_tokens off;
|
||||
|
||||
# server_names_hash_bucket_size 64;
|
||||
# server_name_in_redirect off;
|
||||
|
@ -56,12 +56,12 @@ http {
|
|||
|
||||
gzip on;
|
||||
|
||||
# gzip_vary on;
|
||||
# gzip_proxied any;
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
# gzip_comp_level 6;
|
||||
# gzip_buffers 16 8k;
|
||||
# gzip_http_version 1.1;
|
||||
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||||
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||||
|
||||
##
|
||||
# Virtual Host Configs
|
||||
|
|
|
@ -5,21 +5,21 @@
|
|||
|
||||
- name: Create certificate directory
|
||||
file: path=/etc/nginx/ssl state=directory mode=0750
|
||||
when: nginx_ssl == True
|
||||
when: nginx_ssl
|
||||
|
||||
- name: Ensure certificates are available
|
||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ ansible_fqdn }}.key -out /etc/nginx/ssl/{{ ansible_fqdn }}.crt -days 730 -subj "/CN={{ ansible_fqdn }}" creates=/etc/nginx/ssl/{{ ansible_fqdn }}.crt
|
||||
when: nginx_ssl == True
|
||||
when: nginx_ssl
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Ensure correct certificate permissions
|
||||
file: path=/etc/nginx/ssl/{{ ansible_fqdn }}.key owner=root mode=0400
|
||||
when: nginx_ssl == True
|
||||
when: nginx_ssl
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Create DH parameters
|
||||
command: openssl dhparam -outform PEM -out {{ item }} 2048 creates={{ item }}
|
||||
when: nginx_ssl == True
|
||||
when: nginx_ssl
|
||||
with_items:
|
||||
- /etc/nginx/dhparam.pem
|
||||
|
||||
|
@ -29,7 +29,7 @@
|
|||
|
||||
- name: Configure default vhost
|
||||
template: src=default.j2 dest=/etc/nginx/sites-available/default
|
||||
when: nginx_ssl == True
|
||||
when: nginx_ssl
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Start nginx
|
||||
|
|
|
@ -12,7 +12,7 @@ server {
|
|||
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
|
|
|
@ -4,4 +4,4 @@
|
|||
service: name=nginx state=restarted
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /opt/acertmgr/acertmgr.py
|
||||
command: /usr/bin/acertmgr
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
Description=Prometheus exporter for Proxmox VE
|
||||
Documentation=https://github.com/znerol/prometheus-pve-exporter
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
User=prometheus
|
||||
ExecStart=/opt/prometheus-pve-exporter/bin/pve_exporter /etc/prometheus/pve.yml
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,4 +1,10 @@
|
|||
---
|
||||
|
||||
- name: Reload systemd
|
||||
systemd: daemon_reload=yes
|
||||
|
||||
- name: Restart prometheus
|
||||
service: name=prometheus state=restarted
|
||||
|
||||
- name: Restart prometheus-pve-exporter
|
||||
service: name=prometheus-pve-exporter state=restarted
|
||||
|
|
|
@ -7,9 +7,35 @@
|
|||
- name: Install prometheus
|
||||
apt: name=prometheus
|
||||
|
||||
- name: Install dependencies
|
||||
apt:
|
||||
name:
|
||||
- python-setuptools
|
||||
- python3-setuptools
|
||||
- virtualenv
|
||||
|
||||
- name: Install prometheus-pve-exporter
|
||||
pip:
|
||||
name: git+https://github.com/znerol/prometheus-pve-exporter
|
||||
virtualenv: /opt/prometheus-pve-exporter
|
||||
virtualenv_python: python3
|
||||
|
||||
- name: Systemd unit for prometheus-pve-exporter
|
||||
copy: src=prometheus-pve-exporter.service dest=/etc/systemd/system/prometheus-pve-exporter.service
|
||||
notify:
|
||||
- Reload systemd
|
||||
- Restart prometheus-pve-exporter
|
||||
|
||||
- name: Configure prometheus
|
||||
template: src=prometheus.yml.j2 dest=/etc/prometheus/prometheus.yml
|
||||
notify: Restart prometheus
|
||||
|
||||
- name: Configure prometheus-pve-exporter
|
||||
template: src=pve.yml.j2 dest=/etc/prometheus/pve.yml
|
||||
notify: Restart prometheus-pve-exporter
|
||||
|
||||
- name: Enable prometheus
|
||||
service: name=prometheus state=started enabled=yes
|
||||
|
||||
- name: Enable prometheus-pve-exporter
|
||||
service: name=prometheus-pve-exporter state=started enabled=yes
|
||||
|
|
|
@ -26,10 +26,28 @@ rule_files:
|
|||
# Here it's Prometheus itself.
|
||||
scrape_configs:
|
||||
{% if node_targets is defined %}
|
||||
- job_name: node
|
||||
- job_name: node
|
||||
static_configs:
|
||||
- targets:
|
||||
{% for target in node_targets %}
|
||||
- {{ target }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if pve_targets is defined %}
|
||||
- job_name: pve
|
||||
static_configs:
|
||||
- targets:
|
||||
{% for target in pve_targets %}
|
||||
- {{ target }}
|
||||
{% endfor %}
|
||||
metrics_path: /pve
|
||||
params:
|
||||
module: [default]
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: __param_target
|
||||
- source_labels: [__param_target]
|
||||
target_label: instance
|
||||
- target_label: __address__
|
||||
replacement: 127.0.0.1:9221
|
||||
{% endif %}
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
default:
|
||||
user: {{ prometheus_pve_user }}
|
||||
password: {{ prometheus_pve_pass }}
|
||||
verify_ssl: false
|
|
@ -7,4 +7,4 @@
|
|||
service: name=prosody state=restarted
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /opt/acertmgr/acertmgr.py
|
||||
command: /usr/bin/acertmgr
|
||||
|
|
|
@ -4,4 +4,4 @@
|
|||
service: name=nginx state=restarted
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /opt/acertmgr/acertmgr.py
|
||||
command: /usr/bin/acertmgr
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /opt/acertmgr/acertmgr.py
|
||||
command: /usr/bin/acertmgr
|
||||
|
||||
- name: Restart freeradius
|
||||
service: name=freeradius state=restarted
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /opt/acertmgr/acertmgr.py
|
||||
command: /usr/bin/acertmgr
|
||||
|
||||
- name: Restart slapd
|
||||
service: name=slapd state=restarted
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
---
|
||||
|
||||
- name: Install unattended upgrades
|
||||
apt: name={{ item }}
|
||||
with_items:
|
||||
- unattended-upgrades
|
||||
- debian-goodies
|
||||
apt:
|
||||
name:
|
||||
- unattended-upgrades
|
||||
- debian-goodies
|
||||
|
||||
- name: Configure unattended upgrades
|
||||
template: src={{ item }}.j2 dest=/etc/apt/apt.conf.d/{{ item }}
|
||||
|
|
|
@ -51,14 +51,30 @@ server {
|
|||
rewrite ^/owncloud(/.*)$ https://oc.binary-kitchen.de$1;
|
||||
}
|
||||
|
||||
location /wiki {
|
||||
try_files $uri $uri/ @dokuwiki;
|
||||
}
|
||||
|
||||
location ~ /wiki/(data/|conf/|bin/|inc/|install.php) {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ ^/wiki/lib.*\.(gif|png|ico|jpg)$ {
|
||||
expires 31d;
|
||||
}
|
||||
|
||||
location /static {
|
||||
autoindex on;
|
||||
}
|
||||
|
||||
location @dokuwiki {
|
||||
rewrite ^/wiki/_media/(.*) /wiki/lib/exe/fetch.php?media=$1 last;
|
||||
rewrite ^/wiki/_detail/(.*) /wiki/lib/exe/detail.php?media=$1 last;
|
||||
rewrite ^/wiki/_export/([^/]+)/(.*) /wiki/doku.php?do=export_$1&id=$2 last;
|
||||
rewrite ^/wiki/tag/(.*) /wiki/doku.php?id=tag:$1&do=showtag&tag=tag:$1 last;
|
||||
rewrite ^/wiki/(.*) /wiki/doku.php?id=$1&$args last;
|
||||
}
|
||||
|
||||
location ~ \.php(?:$|/) {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
include fastcgi_params;
|
||||
|
|
|
@ -4,4 +4,4 @@
|
|||
service: name=nginx state=restarted
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /opt/acertmgr/acertmgr.py
|
||||
command: /usr/bin/acertmgr
|
||||
|
|
23
site.yml
23
site.yml
|
@ -5,10 +5,10 @@
|
|||
roles:
|
||||
- common
|
||||
- ntp
|
||||
- root-keys
|
||||
- root_keys
|
||||
|
||||
- name: Setup unattended updates
|
||||
hosts: [sulis.binary.kitchen, nabia.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, krypton.binary-kitchen.net, sodium.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net]
|
||||
hosts: [sulis.binary.kitchen, nabia.binary.kitchen, bob.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, krypton.binary-kitchen.net, sodium.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net]
|
||||
roles:
|
||||
- uau
|
||||
|
||||
|
@ -28,8 +28,8 @@
|
|||
- name: Setup shell server
|
||||
hosts: [sulis.binary.kitchen, oxygen.binary-kitchen.net]
|
||||
roles:
|
||||
- ldap-pam
|
||||
- member-sw
|
||||
- ldap_pam
|
||||
- member_sw
|
||||
|
||||
- name: Setup BK monitoring server
|
||||
hosts: nabia.binary.kitchen
|
||||
|
@ -37,6 +37,11 @@
|
|||
- librenms
|
||||
- prometheus
|
||||
|
||||
- name: Setup drone runner
|
||||
hosts: bob.binary.kitchen
|
||||
roles:
|
||||
- drone-runner
|
||||
|
||||
- name: Setup ldap server
|
||||
hosts: helium.binary-kitchen.net
|
||||
roles:
|
||||
|
@ -53,10 +58,11 @@
|
|||
roles:
|
||||
- web
|
||||
|
||||
- name: Setup gogs server
|
||||
- name: Setup gitea server
|
||||
hosts: boron.binary-kitchen.net
|
||||
roles:
|
||||
- gogs
|
||||
- gitea
|
||||
- drone
|
||||
|
||||
- name: Setup jabber server
|
||||
hosts: carbon.binary-kitchen.net
|
||||
|
@ -93,3 +99,8 @@
|
|||
hosts: zirconium.binary-kitchen.net
|
||||
roles:
|
||||
- jitsi
|
||||
|
||||
- name: Setup zelle server
|
||||
hosts: molybdenum.binary-kitchen.net
|
||||
roles:
|
||||
- grafana
|
||||
|
|
Loading…
Reference in New Issue