infra/ansible
4
5
Fork 5
Code Issues 6 Pull Requests 2 Activity

web_plk: new role (on technetium.binary-kitchen.net)

Browse Source
This commit is contained in:
Markus 2020-11-13 17:32:43 +01:00
parent 5492048623
commit 364d9428d8
10 changed files with 184 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
group_vars/all/vars.yml
View File

@ -109,6 +109,11 @@ nextcloud_dbname: owncloud
nextcloud_dbuser: owncloud
nextcloud_dbpass: "{{ vault_owncloud_dbpass }}"
plk_domain: plk-regensburg.de
plk_dbuser: plkdbuser
plk_dbname: plkdb
plk_dbpass: "{{ vault_plk_dbpass }}"
prometheus_pve_user: prometheus@pve
prometheus_pve_pass: "{{ vault_prometheus_pve_pass }}"

115
group_vars/all/vault.yml
View File

@ -1,58 +1,59 @@
$ANSIBLE_VAULT;1.1;AES256
37373233323433356238633036363036633430346330326366336364396337303233633536623061
3063666236656134323536656433663266356366333935380a373232663535633864633934373065
66346432396336613130333166623436353365326138663562623866643035653636353734633661
3864353063363764320a343264643965366638626332323464373737653032366332616661343732
36303466623337303437613733393066376534663261643963653866386162393161663936653139
32363832346265383736646566326465633662303663666332666635636331313631653064636336
62326261366632356361653734383336353933303862376230356335653762613532626666613936
62613565383831616632626536303266666161373932316230393730393461363832326431656234
31356232386165336438396361626332336233386330326364613331336464383234633038616537
33646438373366633263353438386333326661376461633437633734643132343238626638303763
37656163373761646164306266623161396437333135616431306165623634613432626439303331
61316235636661343132323236386561643339353866306665616631303639343837626335383661
32653035656539383963383163343130313039333935336631623438306161393734323361326536
66633034383262653262653636393065383235623366623535316630326163393938653165613861
35323965646533396539633634386534666266336666393635613039626539313262383263353131
61393563643666313336636262393331323934613637333932323265303431626535623864386130
64383538363431616230653730653430653764663933343330653963336266383663636135383366
62306139323963303639336330326131643732376631656138316630386363623261653538666537
35623733336530333164616632323137343463646137396233363935656361376538383766313433
62636333633737643235306365343962613565653638343461346331666231333965336534386434
32616238333962646639393963663931396433333237616137646365653634316362363034656137
30353239383039356466636466616361326565323661633635623566326265646563336135396135
66373561303331326562346165663532373465306433653739653835313161326561333533353864
34373630326637666164336337373730363535396561623463633963393361613236386234656436
38396631363230663737656538326466623339616265343333393661613631303966646338656332
36323062333430366566613265623737643830616335626134376563376666393537396238356530
31633331653031666461313631316138376539343036646532336633656339643362613663363435
66326139386636303630383539393566366561316561353363623630333662363363643630613563
38306438326533373665663562306239306636356539306166333830376339356265633861633439
38623661323730313939313739336361373464663366643337383039633834643864656430313231
38306137396261353465373133316232353134333432366637636232616663646337396535326162
35323333623365343262663338356263313734383537623934656132666562346230393535376435
31623761333565333239303139376632343631636432373137656633633564396366653163386361
31653538636362636231396237323330643330373464303861363832633332646265626536643761
36303231393561666564323633393431326634306235653935366232326131656434303738336235
62373238613737616133613161333335343534343434336564613232366161623162386137306539
32336139363339643236363264316266343035616265666332336133323234353437616632396138
31316230336238373935373836643635383637343435316339366164373462373733666162653138
33323033646239303830343266623262363537336131613863313834366231353834303435316437
33633933656238353535396339323936373637316433646531346334383732363237623663613361
61393534613236666133396564333735386561306161383966646635396333336636613932353537
66383762313533333034323038613465383134666233303965386139316634316535616464383532
31323833656161653361306462633434313765613038653362363863393462623835386331383064
31383861353031396430393364386466613937656261653039636262336461363639616536663233
64656636303637316333313365633832363934303034626239663233383031363066343163313639
33373366363230333665616131333466336666346161353736376434656539643433656261383834
32346563373537356133346666666439353632333330373034643565653562653064653133373934
32663162373030323931323862313038626135643136336632643034323963643235353235343161
37326332323762386235363931663435663934363337626433383936633263373435663866323561
33333863633833303336333332313566666633646365353639376163376433613639373731303563
38633163353632353936323135353338626462343161366262393034363438383735393737363739
61666339326562613131303365306464626663323934623036333461383734616534353031326163
30663635333461656366653630383165666466653935666161363732303763643234316132613665
32613130643138666230396366303639306536643065353666316638383366626365623436633732
31343764636662316438636639393063313430313839646130376233356634336534616463643863
38343161336366373630383765616139353761353230343832383664376261336164333830373539
3338
37303932343462623335393066643531373533636435356462326537373532613534353266396435
3636666364306637306266393933383963633032383265650a656563303332303134323135353239
34633863333930316564633632313939643664373163373833636139366537646530383736343130
6239373931306234620a353966346262646538306631656461613431636230333430663931643933
31316362353439393838363666613932313635313864333135636530653238653162353033356437
33353063363639346266313631393463623864636133623264613865336536613536343365386230
65396263393862626139396430623134316632313637623631623762656139623664356331623066
30323430613963313162616135303164663364336634326533346438373635366238356531613461
30333736633965333163616437303566666239313962353531393530613265363833396136646262
62633662666532396535316361303934613138373365633161393664313234663533363736323335
38613762376234663564333333386265633138613839636132346638313430653639636339336239
38633564333831326331326166666362353364303933393532643936313564386565643162623435
36356437356631666137323039316430656566613436623062656562666139383635653039636463
35393438323765303431333737356339343730303531333834306239366533393537626239376163
31663332343136323264376234363264343136623365383833666638656531306362663462383033
31633838643562613762363634653865353361303666363139636337386439626235336462653036
30376461643839313665383430386534656265626139313034646438323861653530383637316139
35313539636137303561646564616362313435666262343137616263396465356434363862323137
38626464383039386139343665363538326539613837366437623362336639336133323463666235
36346333356434363838363634343233323363333762653264333062656133623434666162356433
37623862653862643335333931663063623166353534636430323230663838653532356335306632
33646265343834363839653565326538353930663061376461646534386637376234646264343933
65653763343236653630396238333232633461663333646531323337626235396231383931663264
34363564366134663036643332346238373639646336396261316133326235636265323636663335
35363537346466396432396162383131306438396431336138666663633132646662316165643333
64633434623166343262623038623431343631333962663566303566393761653536303638643037
63363963306139336235363537396432383131303763643966313937353537333739393031616439
35343361646234663062633631323238656137373464386561656439313636613630323632616332
39346239666266623038363066643865373762633532323431373431373165643662663661633365
35353361383339623535336362313430616139396561623934346264323462663663383566393165
35366637313861386465333530613530623832643333616538336436356134313832306139336361
32393162373235356236343332363038393631626534643237383232323735633265333562633231
61613164363962323236666365353830346664643263393532343562383736336535353364343638
62386465323331653565306234646664393164666334383765336630346438633636353264636138
31316231326236313839353465353230353935363330393035373234393039386134366534653636
63323730383931353763383739393330316335373563393039366166313031373664636335363363
38363131363565326431636361316562313037373664306333313366646336333162663664306539
64636530363561393037373766383937616435313333653836363835383231633130396133663635
36613531323732623264646666656139333766656562623430313964366236373663626135383437
31643663663637613762313465656636396264623362643538323166356636303430613133383664
66383332326437333638663562376665386237313533303437623765353661393561373338636130
30383665333366643331366536646330633133643566393962633164643563613536363434393234
66323931316535353632356432373262623962616264383430623436303637616165386433326231
38633730636633643634343833313964653530663034333063313334636134646634363437346161
32613061363032383732323263303830363532326239316538393739313730383530633862313039
37653865303932313635656332663039376331393161623731623039653865623436363061626538
32383934613335363534666461343135303235373262343634306130633536323839393139346662
31623265323138353963623938616665383765366230656461383835346230346261623866366630
65303965353432386136373562306434623739666262356663656266346439356435613362333563
34366539353366346636376662363837303332373866323434366261326164633033353930383038
36666433656365366663326163343034306439653262353733323232373133386436333637346563
32626533336530633731336631333334353366306538663936643637346335303965626631316562
33333061656234393661363766663630316662613764333231326434383465666234653238393965
31636561396665383063613433653837363634623337623330666466353532633434383864343464
38303436306165353433356536326466306530373635616531393462666336666435633235613937
37343832333864643636366632623062363234633365326635386663376439383332306333653161
34353830396165366534313334616161323461613066383561343563393330613464373862623062
3536303066343262636636393861313539616636643339353562

4
host_vars/technetium.binary-kitchen.net Normal file
View File

@ -0,0 +1,4 @@
---
root_keys_host:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDcoIXTF0RtzM2vDir8axegFpLKNxGJyYNLj2triQm59GIvNRPHG/nBoaDcUwRT5b6Ew91KMw6iT1eI0n9oKbTMHZHvdSLLUmNmZT4z4JQOQm0n415ZW9m1r3R3S8sAxiLQ+5U91xnbHlzfuBKvpI56RLZNbkhAcqw9kS/UasO0UAFpdGL5CBnbJt0KPb4C9cYUM6H4clZFpWVDdK3+6gh+/Jx9QPmpPv0wfWI7z0fvQYUcXDFLjPh8CFK7BOcPZcv4V4bl5Tq1dTURMLaueTD0F5Ygn7cxKaDNvql4EIPDZaRCEz3cIvFB7435emRgZC54YmhWIYC+oJrLTlMCrYKhISLtWg92EcE/aCUNL0V+n1EK5dkds+AY/eDiyP58ArAHNsopXmcHiko3goyZyEK5Y0tJ5sA9L4Q0mgLz/rW1CsZHcpiYU9yKpDRscbf3DDlFMzMYG8O9JufgcyF+GFhxIhXesfjJ4gDNepaYhd/qutwThip027cKtoczLAMR2xbT6bUYr7KKmxvXVlP7Epkfi3N2cj/Wx9gAm1qIs1yjcWCe71k1QMC+dTNTV+T9Ch5d1lji7lGOKDl70rB/WytdISVlEJr8TviBk27oldCuC1WCPGjRxWeGv5uVxE9O7nQh0dxox+HFssa7ENuDR9LEd9O6Zvuf09pzDASB0PjFyw== bedah@binary-kitchen.de"

1
hosts
View File

@ -23,3 +23,4 @@ krypton.binary-kitchen.net
yttrium.binary-kitchen.net
zirconium.binary-kitchen.net
molybdenum.binary-kitchen.net
technetium.binary-kitchen.net

7
roles/web_plk/handlers/main.yml Normal file
View File

@ -0,0 +1,7 @@
---
- name: Restart nginx
service: name=nginx state=restarted
- name: Run acertmgr
command: /usr/bin/acertmgr

5
roles/web_plk/meta/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
dependencies:
- { role: acertmgr }
- { role: nginx, nginx_ssl: True }

48
roles/web_plk/tasks/main.yml Normal file
View File

@ -0,0 +1,48 @@
---
- name: Install dependencies
apt:
name:
- exif
- imagemagick
- imagemagick-common
- libsodium23
- mariadb-server
- php-common
- php-curl
- php-fpm
- php-imagick
- php-json
- php-mbstring
- php-mysql
- php-seclib
- php-xml
- php-zip
- name: Create vhost directory
file: path=/var/www/plk state=directory owner=www-data group=www-data
- name: Configure MySQL database
mysql_db: name={{ plk_dbname }}
- name: Configure MySQL user
mysql_user: name={{ plk_dbuser }} password={{ plk_dbpass }} priv={{ plk_dbname }}.*:ALL state=present
- name: Ensure certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ plk_domain }}.key -out /etc/nginx/ssl/{{ plk_domain }}.crt -days 730 -subj "/CN={{ plk_domain }}" creates=/etc/nginx/ssl/{{ plk_domain }}.crt
notify: Restart nginx
- name: Configure certificate manager
template: src=certs.j2 dest=/etc/acertmgr/{{ plk_domain }}.conf
notify: Run acertmgr
- name: Configure vhosts
template: src=vhost.j2 dest=/etc/nginx/sites-available/plk
notify: Restart nginx
- name: Enable vhosts
file: src=/etc/nginx/sites-available/plk dest=/etc/nginx/sites-enabled/plk state=link
notify: Restart nginx
- name: Start php7.3-fpm
service: name=php7.3-fpm state=started enabled=yes

15
roles/web_plk/templates/certs.j2 Normal file
View File

@ -0,0 +1,15 @@
---
{{ plk_domain }}:
- path: /etc/nginx/ssl/{{ plk_domain }}.key
user: root
group: root
perm: '400'
format: key
action: '/usr/sbin/service nginx restart'
- path: /etc/nginx/ssl/{{ plk_domain }}.crt
user: root
group: root
perm: '400'
format: crt,ca
action: '/usr/sbin/service nginx restart'

36
roles/web_plk/templates/vhost.j2 Normal file
View File

@ -0,0 +1,36 @@
server {
listen 80;
listen [::]:80;
server_name {{ plk_domain }};
location /.well-known/acme-challenge {
default_type "text/plain";
alias /var/www/acme-challenge;
}
location / {
return 301 https://{{ plk_domain }}$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ plk_domain }};
ssl_certificate_key /etc/nginx/ssl/{{ plk_domain }}.key;
ssl_certificate /etc/nginx/ssl/{{ plk_domain }}.crt;
root /var/www/plk;
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_intercept_errors on;
}
}

5
site.yml
View File

@ -104,3 +104,8 @@
hosts: molybdenum.binary-kitchen.net
roles:
- grafana
- name: Setup PLK server
hosts: technetium.binary-kitchen.net
roles:
- web_plk