diff --git a/README.md b/README.md index ec75651..1cc3d94 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,5 @@ Currently the following hosts are installed: | argentum.binary-kitchen.net | Debian 12 | Event Web * | | cadmium.binary-kitchen.net | Debian 12 | Event NetBox * | | indium.binary-kitchen.net | Debian 12 | Igel CAM * | -| barium.binary-kitchen.net | Debian 12 | Workadventure | \*: The main application is not managed by ansible but manually installed diff --git a/hosts b/hosts index bb69bc1..13a2334 100644 --- a/hosts +++ b/hosts @@ -40,4 +40,3 @@ palladium.binary-kitchen.net argentum.binary-kitchen.net cadmium.binary-kitchen.net indium.binary-kitchen.net -barium.binary-kitchen.net diff --git a/roles/workadventure/handlers/main.yml b/roles/workadventure/handlers/main.yml deleted file mode 100644 index 8eba7bd..0000000 --- a/roles/workadventure/handlers/main.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- - -- name: Run acertmgr - command: /usr/bin/acertmgr - -- name: Reload systemd - systemd: daemon_reload=yes - -- name: Restart nginx - service: name=nginx state=restarted - -- name: Restart workadventure - service: name=workadventure state=restarted diff --git a/roles/workadventure/meta/main.yml b/roles/workadventure/meta/main.yml deleted file mode 100644 index 8fcf724..0000000 --- a/roles/workadventure/meta/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -dependencies: -- { role: acertmgr } -- { role: nginx, nginx_ssl: True } diff --git a/roles/workadventure/tasks/main.yml b/roles/workadventure/tasks/main.yml deleted file mode 100644 index b8b8a6a..0000000 --- a/roles/workadventure/tasks/main.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- - -# TODO -# source code is not yet checked out from git - -- name: Install docker-compose - apt: name=docker-compose - -- name: Install git - apt: name=git - -- name: Create workadventure group - group: name=workadventure - -- name: Create workadventure user - user: - name: workadventure - home: /opt/workadventure - shell: /bin/zsh - group: workadventure - groups: docker - -- name: Install systemd unit - template: src=workadventure.service.j2 dest=/lib/systemd/system/workadventure.service - notify: - - Reload systemd - - Restart workadventure - -- name: Ensure certificates are available - command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ workadventure_domain }}.key -out /etc/nginx/ssl/{{ workadventure_domain }}.crt -days 730 -subj "/CN={{ workadventure_domain }}" creates=/etc/nginx/ssl/{{ workadventure_domain }}.crt - notify: Restart nginx - -- name: Configure certificate manager for workadventure - template: src=certs.j2 dest=/etc/acertmgr/{{ workadventure_domain }}.conf - notify: Run acertmgr - -- name: Configure vhost - template: src=vhost.j2 dest=/etc/nginx/sites-available/workadventure - notify: Restart nginx - -- name: Enable vhost - file: src=/etc/nginx/sites-available/workadventure dest=/etc/nginx/sites-enabled/workadventure state=link - notify: Restart nginx - -- name: Enable workadventure - service: name=workadventure enabled=yes - -- name: Enable monitoring - include_role: name=icinga-monitor tasks_from=http - vars: - vhost: "{{ workadventure_domain }}" diff --git a/roles/workadventure/templates/certs.j2 b/roles/workadventure/templates/certs.j2 deleted file mode 100644 index d741e5e..0000000 --- a/roles/workadventure/templates/certs.j2 +++ /dev/null @@ -1,15 +0,0 @@ ---- - -{{ workadventure_domain }} play.{{ workadventure_domain }} pusher.{{ workadventure_domain }} uploader.{{ workadventure_domain }}: -- path: /etc/nginx/ssl/{{ workadventure_domain }}.key - user: root - group: root - perm: '400' - format: key - action: '/usr/sbin/service nginx restart' -- path: /etc/nginx/ssl/{{ workadventure_domain }}.crt - user: root - group: root - perm: '400' - format: crt,ca - action: '/usr/sbin/service nginx restart' diff --git a/roles/workadventure/templates/vhost.j2 b/roles/workadventure/templates/vhost.j2 deleted file mode 100644 index b8eda73..0000000 --- a/roles/workadventure/templates/vhost.j2 +++ /dev/null @@ -1,76 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name {{ workadventure_domain }} play.{{ workadventure_domain }} pusher.{{ workadventure_domain }} uploader.{{ workadventure_domain }}; - - location /.well-known/acme-challenge { - default_type "text/plain"; - alias /var/www/acme-challenge; - } - - location / { - return 301 https://$host$request_uri; - } -} - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name {{ workadventure_domain }}; - - ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key; - ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt; - - location / { - root /opt/workadventure/source/landing/dist; - } -} - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name play.{{ workadventure_domain }}; - - ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key; - ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt; - - location / { - root /opt/workadventure/source/src/front/dist; - try_files $uri uri/ /index.html?$args; - } -} - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name pusher.{{ workadventure_domain }}; - - ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key; - ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt; - - location / { - proxy_pass http://localhost:8002; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - } -} - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name uploader.{{ workadventure_domain }}; - - ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key; - ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt; - - location / { - proxy_pass http://localhost:8005; - } -} diff --git a/roles/workadventure/templates/workadventure.service.j2 b/roles/workadventure/templates/workadventure.service.j2 deleted file mode 100644 index 769c38d..0000000 --- a/roles/workadventure/templates/workadventure.service.j2 +++ /dev/null @@ -1,28 +0,0 @@ -[Unit] -Description=WorkAdventure service using docker compose -Requires=docker.service -After=docker.service -Before=nginx.service - -[Service] -Type=simple - -User=workadventure -Group=workadventure - -Restart=always -TimeoutStartSec=1200 - -WorkingDirectory=/opt/workadventure/source/ - -# Make sure no old containers are running -ExecStartPre=/usr/bin/docker-compose down -v - -# Compose up -ExecStart=/usr/bin/docker-compose up - -# Compose down, remove containers and volumes -ExecStop=/usr/bin/docker-compose down -v - -[Install] -WantedBy=multi-user.target diff --git a/site.yml b/site.yml index 1a4b662..942fcc7 100644 --- a/site.yml +++ b/site.yml @@ -7,7 +7,7 @@ - root_keys - name: Setup unattended updates - hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, aluminium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, palladium.binary-kitchen.net, argentum.binary-kitchen.net, cadmium.binary-kitchen.net, indium.binary-kitchen.net, barium.binary-kitchen.net] + hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, aluminium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, palladium.binary-kitchen.net, argentum.binary-kitchen.net, cadmium.binary-kitchen.net, indium.binary-kitchen.net] roles: - uau @@ -172,8 +172,3 @@ hosts: argentum.binary-kitchen.net roles: - event_web - -- name: Setup WorkAdventure server - hosts: barium.binary-kitchen.net - roles: - - workadventure