new host for drone.io

fix path of acertmgr handler
This commit is contained in:
Markus 2020-06-07 15:12:45 +02:00
parent 9bb3111efc
commit 86bf87405a
11 changed files with 193 additions and 40 deletions

View File

@ -14,6 +14,12 @@ dns_axfr_ips:
dhcp_omapi_key: "{{ vault_dhcp_omapi_key }}"
drone_domain: drone.binary-kitchen.de
drone_dbname: drone
drone_dbuser: drone
drone_dbpass: "{{ vault_drone_dbpass }}"
drone_secret: "{{ vault_drone_secret }}"
dss_domain: dss.binary-kitchen.de
dss_secret: "{{ vault_dss_secret }}"

View File

@ -1,40 +1,44 @@
$ANSIBLE_VAULT;1.1;AES256
65386365643062373630613165666663396337336335653562663134376664306466663463613637
3364303661616431613138653162333536343234633839310a306366646266346238333538326633
35633264353932633361616531623336386331663038363832363038373833356139313065383065
6462356264373862650a313166323366623963643839643564613462366232653361393331353430
32393936636161653339393531363761643137306639376564613134643763333861653764373563
65656364353964343033326266353062396330363934633933646632303236666130303838623332
37333237316235343430333762346534636636353332363332323433666262333833636638623862
66343239656461336138356334666363653039353861656363363963383831373962613637376631
38323432396435373433653165386634306332323137326365643764353161616330663638376163
64646438323331633138343932653038636638386639623433636139623266376465373266653137
36313138396230616335653334653233333430366631383835363231393333663661646133313732
61303430393933326432626135333637666135616634643430633433633832373435663338643130
30666664623435303462376363313666353633313766353631343939313862356139643164333865
38306237613735663565346266363263656161303164626632366465653939363932373631623938
30633762376432353231323437303638313939613034303235336261303530646333656432393661
38616366353461323839643465663039363339356330336262616539373032353466613633653662
32373733326266323335386365633232383732383432333265333066623463616165376539356234
63326438653530336264326437386164303139383036383361333737343861646133353464366533
63343731366535343330616162333465633966383262313531636430383735343135306233616138
61656432343938363430363636373533373832363565353538356462366663633639356630653331
32386533303366353262643464653831383937333736366239633030323432653234656536393435
63376564623361653864316462613434323932666561356532646536636130616534376231373563
64393365653163336635366663323239363436363064353461326261363837323663623162323234
36643436316331643331383133393830373838363865393130333864383136323064383731353065
64633236613437646138373635396563666533393533333464633062326337623037616266636664
31633435353266323163356434353461633763396261393762313437353162373464313534383638
30616665623831653565613764313237333333343034326437323436323139613637333161623031
39636238306464643635613836623361396562623366653263396633653132643937646139353261
31623432633965643031346530336333353130666534303162373731376461353237633863303933
30376331663833353233383161663066373965646536663461323236373466636334353235386530
38306636666364343732393735383535333866656663613533336439636431323938633739383363
38366665323339363966636533623635383464393831396431323161626563383432313433353035
61356362333930653866616635333438353138353532323465633765613466646638646131316531
34626430643066313461393535323830666266323462373331346261393130353463336362663263
32333465653237326636306636333265643463363630626238333564613138383132393462616338
34343237316239653362383831666233613033623964363030313731653532323831376365656535
34653538313135623362343637663733636366646534373538303331323433653135303936336664
31373062653338626234653537663136356537663665613864623462623130336363343862636465
646238313932313833303933643432346133
30386437633139313730633863633362386233316337653461616364623334323339626533333939
6466623963336361343337333831646635383437376435620a363836386664623430303836366666
64356564333864643030636438636364646666633662306236666131653962653235623961376436
6534623031633033360a343535653032366130343132646430393734613838303364613632366434
36646438316131386536363834356438353034636362316535613362383362326133353937356437
63643731333738653232613961663831663339333935393562656665343035343039636132346438
32646633353238346335353436633363363365376564663736316365396330383337663030616165
64313534346261663238613663356637363161663639386364366531623837633163616438326138
37306134326165346238343535666336353931646236373364303866623335653330336364353536
32393138656165393939323937633038633336653162666566623932333864383733656235633561
32366364363463316665653835363063386138303866393065633637373936623433356565376130
66323464656534386462663835373661326139356666353031363164393564323563326637626639
37306336616533383235326433326631303463313665356431636366306533623438383566346463
61363732316465643432376465356363356165383833666432353235363737303634626166366465
33373332373166646365343232323962343531303565656165333662613238363731376264663130
61316662646431633135633531646538616435323835346566623839336638333930333066663734
62616166643362626565643566313161656265323561666533623664666263613034653038336465
66326639323135333435326230663432656662386439653635303832386262373263306132383463
36656535336231316462366636646564633835306331663466363165383564313838396264316637
64336464636537653962366563303164623964366536633938366130353064303737363533656362
63326663383438613264373635303864353237623436333631353337383865623162656265633930
37653466393831303761386434363563313939313234623434633865356134663831376666656262
33353265376138623834643430643139336566666634333834333839383234663964306636356365
36643763353831376136636164373133303939373062643335316264396137363234383835383936
38383630373432616131303231303662396132313562356532613538303234376235313330303734
36323464373533336637393566626334343764336536323337643930393137643636346639656435
61626465383436303131646436643437633836366265316437306331663537616236633336353236
30386230633930356231376264313263646135306537353932656663643432363637316132303666
66613531393562353735613136396432303430636131373163376562383066326430313639383038
35643031613934663966343437616566346464336263326566353565346432633762646439373636
36336232363261313862353465336332623432656239646331393661613730396163626166643233
38636138663432313965613831333730626532376261636239303366383463633138393431616433
62636333373765366436343663666637643032373662616166363634653430346361646535323834
66393437363635393564353131343361373232336638633164396262366135643766653432303566
34313432343965653138653634373966343337623865303937613363303237383632313334363532
61393061616237623064333263373634373764313963396636633661623764363332333837613661
35373730316463383835303837663136616262316161626362353437343661346266313937623931
30316235626236383861333931353333383237623233373135613465623865313339373533323631
35386337646539326531396438613233636561326231643030633536333635626132393463663032
66343235626266333739366637336434306331626163316335633231656232343763323836396331
65366434346635373865313562663666653166393631373864363934653535653265653534656266
65303336653439336430373864343962396430623531623262326136616164633532616432663034
363338326234396132643564306665303937

1
hosts
View File

@ -22,3 +22,4 @@ sodium.binary-kitchen.net
krypton.binary-kitchen.net
yttrium.binary-kitchen.net
zirconium.binary-kitchen.net
molybdenum.binary-kitchen.net

View File

@ -0,0 +1,14 @@
[Unit]
Description=drone.io server
After=network-online.target
[Service]
Type=simple
User=drone
EnvironmentFile=/etc/default/drone
ExecStart=/opt/drone/bin/drone-server
Restart=always
RestartSec=5s
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,13 @@
---
- name: Run acertmgr
command: /usr/bin/acertmgr
- name: Restart drone
service: name=drone state=restarted
- name: Restart nginx
service: name=nginx state=restarted
- name: Reload systemd
command: systemctl daemon-reload

View File

@ -0,0 +1,5 @@
---
dependencies:
- { role: acertmgr }
- { role: nginx, nginx_ssl: True }

View File

@ -0,0 +1,52 @@
---
- name: Create user
user: name=drone
# TODO install drone to /opt/drone/bin
# currently it is manually compiled
- name: Configure drone
template: src=drone.j2 dest=/etc/default/drone
notify: Restart drone
- name: Install PostgreSQL
apt: name={{ item }}
with_items:
- postgresql
- python-psycopg2
- name: Configure PostgreSQL database
postgresql_db: name={{ drone_dbname }}
become: true
become_user: postgres
- name: Configure PostgreSQL user
postgresql_user: db={{ drone_dbname }} name={{ drone_dbuser }} password={{ drone_dbpass }} priv=ALL state=present
become: true
become_user: postgres
- name: Ensure certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ drone_domain }}.key -out /etc/nginx/ssl/{{ drone_domain }}.crt -days 730 -subj "/CN={{ drone_domain }}" creates=/etc/nginx/ssl/{{ drone_domain }}.crt
notify: Restart nginx
- name: Configure certificate manager for drone
template: src=certs.j2 dest=/etc/acertmgr/{{ drone_domain }}.conf
notify: Run acertmgr
- name: Configure vhost
template: src=vhost.j2 dest=/etc/nginx/sites-available/drone
notify: Restart nginx
- name: Enable vhost
file: src=/etc/nginx/sites-available/drone dest=/etc/nginx/sites-enabled/drone state=link
notify: Restart nginx
- name: Install systemd unit
copy: src=drone.service dest=/lib/systemd/system/drone.service
notify:
- Reload systemd
- Restart drone
- name: Enable drone
service: name=drone enabled=yes

View File

@ -0,0 +1,15 @@
---
{{ drone_domain }}:
- path: /etc/nginx/ssl/{{ drone_domain }}.key
user: root
group: root
perm: '400'
format: key
action: '/usr/sbin/service nginx restart'
- path: /etc/nginx/ssl/{{ drone_domain }}.crt
user: root
group: root
perm: '400'
format: crt,ca
action: '/usr/sbin/service nginx restart'

View File

@ -0,0 +1,7 @@
DRONE_AGENTS_ENABLED=true
DRONE_DATABASE_DATASOURCE=postgres://{{ drone_dbuser }}:{{ drone_dbpass }}@127.0.0.1:5432/{{ drone_dbname }}
DRONE_DATABASE_DRIVER=postgres
DRONE_GOGS_SERVER=https://{{ gogs_domain }}
DRONE_RPC_SECRET={{ drone_secret }}
DRONE_SERVER_HOST={{ drone_domain }}
DRONE_SERVER_PROTO=https

View File

@ -0,0 +1,31 @@
server {
listen 80;
listen [::]:80;
server_name {{ drone_domain }};
location /.well-known/acme-challenge {
default_type "text/plain";
alias /var/www/acme-challenge;
}
location / {
return 301 https://{{ drone_domain }}$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ drone_domain }};
ssl_certificate_key /etc/nginx/ssl/{{ drone_domain }}.key;
ssl_certificate /etc/nginx/ssl/{{ drone_domain }}.crt;
location / {
client_max_body_size 128M;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:8080;
}
}

View File

@ -8,7 +8,7 @@
- root-keys
- name: Setup unattended updates
hosts: [sulis.binary.kitchen, nabia.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, krypton.binary-kitchen.net, sodium.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net]
hosts: [sulis.binary.kitchen, nabia.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, krypton.binary-kitchen.net, sodium.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net]
roles:
- uau
@ -93,3 +93,8 @@
hosts: zirconium.binary-kitchen.net
roles:
- jitsi
- name: Setup drone server
hosts: molybdenum.binary-kitchen.net
roles:
- drone