From 3425fdeac9e43680023f27d9efc27c53f2c35b05 Mon Sep 17 00:00:00 2001 From: Kishi85 Date: Mon, 17 Dec 2018 19:22:30 +0100 Subject: [PATCH] new host: magnesium (partdb/partkeepr) --- hosts | 1 + roles/partdb/files/certs | 14 ++++++++++++ roles/partdb/files/vhost | 40 ++++++++++++++++++++++++++++++++++ roles/partdb/handlers/main.yml | 7 ++++++ roles/partdb/meta/main.yml | 5 +++++ roles/partdb/tasks/main.yml | 31 ++++++++++++++++++++++++++ site.yml | 6 +++++ 7 files changed, 104 insertions(+) create mode 100644 roles/partdb/files/certs create mode 100644 roles/partdb/files/vhost create mode 100644 roles/partdb/handlers/main.yml create mode 100644 roles/partdb/meta/main.yml create mode 100644 roles/partdb/tasks/main.yml diff --git a/hosts b/hosts index c4f5ac9..8140f1c 100644 --- a/hosts +++ b/hosts @@ -20,3 +20,4 @@ oxygen.binary-kitchen.net fluorine.binary-kitchen.net neon.binary-kitchen.net sodium.binary-kitchen.net +magnesium.binary-kitchen.net diff --git a/roles/partdb/files/certs b/roles/partdb/files/certs new file mode 100644 index 0000000..808a7a6 --- /dev/null +++ b/roles/partdb/files/certs @@ -0,0 +1,14 @@ +--- +partdb.binary-kitchen.de: +- path: /etc/nginx/ssl/partdb.binary-kitchen.de.crt + user: root + group: root + perm: '400' + format: crt,ca + action: '/usr/sbin/service nginx restart' +- path: /etc/nginx/ssl/partdb.binary-kitchen.de.key + user: root + group: root + perm: '400' + format: key + action: '/usr/sbin/service nginx restart' diff --git a/roles/partdb/files/vhost b/roles/partdb/files/vhost new file mode 100644 index 0000000..87505b6 --- /dev/null +++ b/roles/partdb/files/vhost @@ -0,0 +1,40 @@ +server { + listen 80; + listen [::]:80; + + server_name partdb.binary-kitchen.de; + + location /.well-known/acme-challenge { + default_type "text/plain"; + alias /var/www/acme-challenge; + } + + location / { + return 301 https://partdb.binary-kitchen.de$request_uri; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name partdb.binary-kitchen.de; + + ssl_certificate_key /etc/nginx/ssl/partdb.binary-kitchen.de.key; + ssl_certificate /etc/nginx/ssl/partdb.binary-kitchen.de.crt; + + root /var/www/partdb; + + client_max_body_size 32M; + + index index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + fastcgi_intercept_errors on; + } +} diff --git a/roles/partdb/handlers/main.yml b/roles/partdb/handlers/main.yml new file mode 100644 index 0000000..9735dcd --- /dev/null +++ b/roles/partdb/handlers/main.yml @@ -0,0 +1,7 @@ +--- + +- name: Restart nginx + service: name=nginx state=restarted + +- name: Run certmgr + command: /opt/acertmgr/acertmgr.py diff --git a/roles/partdb/meta/main.yml b/roles/partdb/meta/main.yml new file mode 100644 index 0000000..8d2c010 --- /dev/null +++ b/roles/partdb/meta/main.yml @@ -0,0 +1,5 @@ +--- + +dependencies: +- { role: certmgr } +- { role: nginx, nginx_ssl: True } diff --git a/roles/partdb/tasks/main.yml b/roles/partdb/tasks/main.yml new file mode 100644 index 0000000..68a7a89 --- /dev/null +++ b/roles/partdb/tasks/main.yml @@ -0,0 +1,31 @@ +--- + +- name: Install dependencies + apt: name={{ item }} + with_items: + - php7.0-fpm + - php7.0-ldap + - php7.0-sqlite3 + - php7.0-xml + +- name: Create vhost directory + file: path=/var/www/partdb state=directory owner=www-data group=www-data + +- name: Ensure partdb certificates are available + command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/partdb.binary-kitchen.de.key -out /etc/nginx/ssl/partdb.binary-kitchen.de.crt -days 730 -subj "/CN=partdb.binary-kitchen.de" creates=/etc/nginx/ssl/partdb.binary-kitchen.de.crt + notify: Restart nginx + +- name: Configure certificate manager + copy: src=certs dest=/etc/acme/domains.d/partdb.binary-kitchen.de.conf + notify: Run certmgr + +- name: Configure vhosts + copy: src=vhost dest=/etc/nginx/sites-available/www + notify: Restart nginx + +- name: Enable vhosts + file: src=/etc/nginx/sites-available/www dest=/etc/nginx/sites-enabled/www state=link + notify: Restart nginx + +- name: Start php7.0-fpm + service: name=php7.0-fpm state=started enabled=yes diff --git a/site.yml b/site.yml index 87f40fc..9b9de47 100644 --- a/site.yml +++ b/site.yml @@ -93,3 +93,9 @@ hosts: sodium.binary-kitchen.net roles: - uau + +- name: Setup partdb server + hosts: magnesium.binary-kitchen.net + roles: + - partdb + - uau