workadventure: remove role (decommission barium.binary-kitchen.net)

This commit is contained in:
Markus 2024-11-11 18:24:35 +01:00
parent a3dddac6d0
commit 7a82e453e9
9 changed files with 1 additions and 196 deletions

View File

@ -64,6 +64,5 @@ Currently the following hosts are installed:
| argentum.binary-kitchen.net | Debian 12 | Event Web * |
| cadmium.binary-kitchen.net | Debian 12 | Event NetBox * |
| indium.binary-kitchen.net | Debian 12 | Igel CAM * |
| barium.binary-kitchen.net | Debian 12 | Workadventure |
\*: The main application is not managed by ansible but manually installed

1
hosts
View File

@ -40,4 +40,3 @@ palladium.binary-kitchen.net
argentum.binary-kitchen.net
cadmium.binary-kitchen.net
indium.binary-kitchen.net
barium.binary-kitchen.net

View File

@ -1,13 +0,0 @@
---
- name: Run acertmgr
command: /usr/bin/acertmgr
- name: Reload systemd
systemd: daemon_reload=yes
- name: Restart nginx
service: name=nginx state=restarted
- name: Restart workadventure
service: name=workadventure state=restarted

View File

@ -1,5 +0,0 @@
---
dependencies:
- { role: acertmgr }
- { role: nginx, nginx_ssl: True }

View File

@ -1,51 +0,0 @@
---
# TODO
# source code is not yet checked out from git
- name: Install docker-compose
apt: name=docker-compose
- name: Install git
apt: name=git
- name: Create workadventure group
group: name=workadventure
- name: Create workadventure user
user:
name: workadventure
home: /opt/workadventure
shell: /bin/zsh
group: workadventure
groups: docker
- name: Install systemd unit
template: src=workadventure.service.j2 dest=/lib/systemd/system/workadventure.service
notify:
- Reload systemd
- Restart workadventure
- name: Ensure certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ workadventure_domain }}.key -out /etc/nginx/ssl/{{ workadventure_domain }}.crt -days 730 -subj "/CN={{ workadventure_domain }}" creates=/etc/nginx/ssl/{{ workadventure_domain }}.crt
notify: Restart nginx
- name: Configure certificate manager for workadventure
template: src=certs.j2 dest=/etc/acertmgr/{{ workadventure_domain }}.conf
notify: Run acertmgr
- name: Configure vhost
template: src=vhost.j2 dest=/etc/nginx/sites-available/workadventure
notify: Restart nginx
- name: Enable vhost
file: src=/etc/nginx/sites-available/workadventure dest=/etc/nginx/sites-enabled/workadventure state=link
notify: Restart nginx
- name: Enable workadventure
service: name=workadventure enabled=yes
- name: Enable monitoring
include_role: name=icinga-monitor tasks_from=http
vars:
vhost: "{{ workadventure_domain }}"

View File

@ -1,15 +0,0 @@
---
{{ workadventure_domain }} play.{{ workadventure_domain }} pusher.{{ workadventure_domain }} uploader.{{ workadventure_domain }}:
- path: /etc/nginx/ssl/{{ workadventure_domain }}.key
user: root
group: root
perm: '400'
format: key
action: '/usr/sbin/service nginx restart'
- path: /etc/nginx/ssl/{{ workadventure_domain }}.crt
user: root
group: root
perm: '400'
format: crt,ca
action: '/usr/sbin/service nginx restart'

View File

@ -1,76 +0,0 @@
server {
listen 80;
listen [::]:80;
server_name {{ workadventure_domain }} play.{{ workadventure_domain }} pusher.{{ workadventure_domain }} uploader.{{ workadventure_domain }};
location /.well-known/acme-challenge {
default_type "text/plain";
alias /var/www/acme-challenge;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ workadventure_domain }};
ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
location / {
root /opt/workadventure/source/landing/dist;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name play.{{ workadventure_domain }};
ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
location / {
root /opt/workadventure/source/src/front/dist;
try_files $uri uri/ /index.html?$args;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name pusher.{{ workadventure_domain }};
ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
location / {
proxy_pass http://localhost:8002;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name uploader.{{ workadventure_domain }};
ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
location / {
proxy_pass http://localhost:8005;
}
}

View File

@ -1,28 +0,0 @@
[Unit]
Description=WorkAdventure service using docker compose
Requires=docker.service
After=docker.service
Before=nginx.service
[Service]
Type=simple
User=workadventure
Group=workadventure
Restart=always
TimeoutStartSec=1200
WorkingDirectory=/opt/workadventure/source/
# Make sure no old containers are running
ExecStartPre=/usr/bin/docker-compose down -v
# Compose up
ExecStart=/usr/bin/docker-compose up
# Compose down, remove containers and volumes
ExecStop=/usr/bin/docker-compose down -v
[Install]
WantedBy=multi-user.target

View File

@ -7,7 +7,7 @@
- root_keys
- name: Setup unattended updates
hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, aluminium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, palladium.binary-kitchen.net, argentum.binary-kitchen.net, cadmium.binary-kitchen.net, indium.binary-kitchen.net, barium.binary-kitchen.net]
hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, aluminium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, palladium.binary-kitchen.net, argentum.binary-kitchen.net, cadmium.binary-kitchen.net, indium.binary-kitchen.net]
roles:
- uau
@ -172,8 +172,3 @@
hosts: argentum.binary-kitchen.net
roles:
- event_web
- name: Setup WorkAdventure server
hosts: barium.binary-kitchen.net
roles:
- workadventure