1
0
forked from infra/ansible

web: merge PLK into web

web_plk: remove host: technetium
This commit is contained in:
Markus 2021-10-11 22:40:19 +02:00
parent cb2887adff
commit 8e8b2be194
11 changed files with 49 additions and 127 deletions

View File

@ -127,11 +127,6 @@ nslcd_base_group: ou=groups,dc=binary-kitchen,dc=de
nslcd_base_shadow: ou=people,dc=binary-kitchen,dc=de nslcd_base_shadow: ou=people,dc=binary-kitchen,dc=de
nslcd_base_passwd: ou=people,dc=binary-kitchen,dc=de nslcd_base_passwd: ou=people,dc=binary-kitchen,dc=de
plk_domain: plk-regensburg.de
plk_dbuser: plkdbuser
plk_dbname: plkdb
plk_dbpass: "{{ vault_plk_dbpass }}"
prometheus_pve_user: prometheus@pve prometheus_pve_user: prometheus@pve
prometheus_pve_pass: "{{ vault_prometheus_pve_pass }}" prometheus_pve_pass: "{{ vault_prometheus_pve_pass }}"

1
hosts
View File

@ -27,6 +27,5 @@ krypton.binary-kitchen.net
yttrium.binary-kitchen.net yttrium.binary-kitchen.net
zirconium.binary-kitchen.net zirconium.binary-kitchen.net
molybdenum.binary-kitchen.net molybdenum.binary-kitchen.net
technetium.binary-kitchen.net
ruthenium.binary-kitchen.net ruthenium.binary-kitchen.net
barium.binary-kitchen.net barium.binary-kitchen.net

View File

@ -41,3 +41,17 @@ www.makerspace-regensburg.de:
perm: '400' perm: '400'
format: key format: key
action: '/usr/sbin/service nginx restart' action: '/usr/sbin/service nginx restart'
www.plk-regensburg.de plk-regensburg.de:
- path: /etc/nginx/ssl/plk-regensburg.de.key
user: root
group: root
perm: '400'
format: key
action: '/usr/sbin/service nginx restart'
- path: /etc/nginx/ssl/plk-regensburg.de.crt
user: root
group: root
perm: '400'
format: crt,ca
action: '/usr/sbin/service nginx restart'

View File

@ -144,3 +144,33 @@ server {
default_type text/html; default_type text/html;
} }
server {
listen 80;
listen [::]:80;
server_name plk-regensburg.de www.plk-regensburg.de;
location /.well-known/acme-challenge {
default_type "text/plain";
alias /var/www/acme-challenge;
}
location / {
return 301 https://www.plk-regensburg.de$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.plk-regensburg.de;
ssl_certificate_key /etc/nginx/ssl/www.plk-regensburg.de.key;
ssl_certificate /etc/nginx/ssl/www.plk-regensburg.de.crt;
location / {
return 302 https://xn--bauwrts-8wa.de/prinzleokultur/;
}
}

View File

@ -23,6 +23,10 @@
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.makerspace-regensburg.de.key -out /etc/nginx/ssl/www.makerspace-regensburg.de.crt -days 730 -subj "/CN=www.makerspace-regensburg.de" creates=/etc/nginx/ssl/www.makerspace-regensburg.de.crt command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.makerspace-regensburg.de.key -out /etc/nginx/ssl/www.makerspace-regensburg.de.crt -days 730 -subj "/CN=www.makerspace-regensburg.de" creates=/etc/nginx/ssl/www.makerspace-regensburg.de.crt
notify: Restart nginx notify: Restart nginx
- name: Ensure (PLK) certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.plk-regensburg.de.key -out /etc/nginx/ssl/www.plk-regensburg.de.crt -days 730 -subj "/CN=www.plk-regensburg.de" creates=/etc/nginx/ssl/www.plk-regensburg.de.crt
notify: Restart nginx
- name: Configure certificate manager - name: Configure certificate manager
copy: src=certs dest=/etc/acertmgr/www.binary-kitchen.de.conf copy: src=certs dest=/etc/acertmgr/www.binary-kitchen.de.conf
notify: Run acertmgr notify: Run acertmgr

View File

@ -1,7 +0,0 @@
---
- name: Restart nginx
service: name=nginx state=restarted
- name: Run acertmgr
command: /usr/bin/acertmgr

View File

@ -1,5 +0,0 @@
---
dependencies:
- { role: acertmgr }
- { role: nginx, nginx_ssl: True }

View File

@ -1,52 +0,0 @@
---
- name: Install dependencies
apt:
name:
- exif
- imagemagick
- imagemagick-common
- libsodium23
- mariadb-server
- php-common
- php-curl
- php-fpm
- php-imagick
- php-json
- php-mbstring
- php-mysql
- php-seclib
- php-xml
- php-zip
- name: Create vhost directory
file: path=/var/www/plk state=directory owner=www-data group=www-data
# FIXME mysql_db and mysql_user is currently not working
# already tried installing python3-pymsql
# so for now mysql is handled manually
#- name: Configure MySQL database
# mysql_db: name={{ plk_dbname }}
#- name: Configure MySQL user
# mysql_user: name={{ plk_dbuser }} password={{ plk_dbpass }} priv={{ plk_dbname }}.*:ALL state=present
- name: Ensure certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ plk_domain }}.key -out /etc/nginx/ssl/{{ plk_domain }}.crt -days 730 -subj "/CN={{ plk_domain }}" creates=/etc/nginx/ssl/{{ plk_domain }}.crt
notify: Restart nginx
- name: Configure certificate manager
template: src=certs.j2 dest=/etc/acertmgr/{{ plk_domain }}.conf
notify: Run acertmgr
# TODO vhost is configured manually to figure out what is needed for wordpress
#- name: Configure vhosts
# template: src=vhost.j2 dest=/etc/nginx/sites-available/plk
# notify: Restart nginx
- name: Enable vhosts
file: src=/etc/nginx/sites-available/plk dest=/etc/nginx/sites-enabled/plk state=link
notify: Restart nginx
- name: Start php7.3-fpm
service: name=php7.3-fpm state=started enabled=yes

View File

@ -1,15 +0,0 @@
---
www.{{ plk_domain }} {{ plk_domain }}:
- path: /etc/nginx/ssl/{{ plk_domain }}.key
user: root
group: root
perm: '400'
format: key
action: '/usr/sbin/service nginx restart'
- path: /etc/nginx/ssl/{{ plk_domain }}.crt
user: root
group: root
perm: '400'
format: crt,ca
action: '/usr/sbin/service nginx restart'

View File

@ -1,36 +0,0 @@
server {
listen 80;
listen [::]:80;
server_name {{ plk_domain }};
location /.well-known/acme-challenge {
default_type "text/plain";
alias /var/www/acme-challenge;
}
location / {
return 301 https://{{ plk_domain }}$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ plk_domain }};
ssl_certificate_key /etc/nginx/ssl/{{ plk_domain }}.key;
ssl_certificate /etc/nginx/ssl/{{ plk_domain }}.crt;
root /var/www/plk;
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_intercept_errors on;
}
}

View File

@ -7,7 +7,7 @@
- root_keys - root_keys
- name: Setup unattended updates - name: Setup unattended updates
hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, bob.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, technetium.binary-kitchen.net, ruthenium.binary-kitchen.net, barium.binary-kitchen.net] hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, bob.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, barium.binary-kitchen.net]
roles: roles:
- uau - uau
@ -110,11 +110,6 @@
roles: roles:
- grafana - grafana
- name: Setup PLK server
hosts: technetium.binary-kitchen.net
roles:
- web_plk
- name: Setup minecraft server - name: Setup minecraft server
hosts: ruthenium.binary-kitchen.net hosts: ruthenium.binary-kitchen.net
roles: roles: