forked from infra/ansible
web: merge PLK into web
web_plk: remove host: technetium
This commit is contained in:
parent
cb2887adff
commit
8e8b2be194
@ -127,11 +127,6 @@ nslcd_base_group: ou=groups,dc=binary-kitchen,dc=de
|
||||
nslcd_base_shadow: ou=people,dc=binary-kitchen,dc=de
|
||||
nslcd_base_passwd: ou=people,dc=binary-kitchen,dc=de
|
||||
|
||||
plk_domain: plk-regensburg.de
|
||||
plk_dbuser: plkdbuser
|
||||
plk_dbname: plkdb
|
||||
plk_dbpass: "{{ vault_plk_dbpass }}"
|
||||
|
||||
prometheus_pve_user: prometheus@pve
|
||||
prometheus_pve_pass: "{{ vault_prometheus_pve_pass }}"
|
||||
|
||||
|
1
hosts
1
hosts
@ -27,6 +27,5 @@ krypton.binary-kitchen.net
|
||||
yttrium.binary-kitchen.net
|
||||
zirconium.binary-kitchen.net
|
||||
molybdenum.binary-kitchen.net
|
||||
technetium.binary-kitchen.net
|
||||
ruthenium.binary-kitchen.net
|
||||
barium.binary-kitchen.net
|
||||
|
@ -41,3 +41,17 @@ www.makerspace-regensburg.de:
|
||||
perm: '400'
|
||||
format: key
|
||||
action: '/usr/sbin/service nginx restart'
|
||||
|
||||
www.plk-regensburg.de plk-regensburg.de:
|
||||
- path: /etc/nginx/ssl/plk-regensburg.de.key
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: key
|
||||
action: '/usr/sbin/service nginx restart'
|
||||
- path: /etc/nginx/ssl/plk-regensburg.de.crt
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: crt,ca
|
||||
action: '/usr/sbin/service nginx restart'
|
||||
|
@ -144,3 +144,33 @@ server {
|
||||
|
||||
default_type text/html;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name plk-regensburg.de www.plk-regensburg.de;
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
default_type "text/plain";
|
||||
alias /var/www/acme-challenge;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://www.plk-regensburg.de$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name www.plk-regensburg.de;
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/www.plk-regensburg.de.key;
|
||||
ssl_certificate /etc/nginx/ssl/www.plk-regensburg.de.crt;
|
||||
|
||||
location / {
|
||||
return 302 https://xn--bauwrts-8wa.de/prinzleokultur/;
|
||||
}
|
||||
}
|
||||
|
@ -23,6 +23,10 @@
|
||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.makerspace-regensburg.de.key -out /etc/nginx/ssl/www.makerspace-regensburg.de.crt -days 730 -subj "/CN=www.makerspace-regensburg.de" creates=/etc/nginx/ssl/www.makerspace-regensburg.de.crt
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Ensure (PLK) certificates are available
|
||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.plk-regensburg.de.key -out /etc/nginx/ssl/www.plk-regensburg.de.crt -days 730 -subj "/CN=www.plk-regensburg.de" creates=/etc/nginx/ssl/www.plk-regensburg.de.crt
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Configure certificate manager
|
||||
copy: src=certs dest=/etc/acertmgr/www.binary-kitchen.de.conf
|
||||
notify: Run acertmgr
|
||||
|
@ -1,7 +0,0 @@
|
||||
---
|
||||
|
||||
- name: Restart nginx
|
||||
service: name=nginx state=restarted
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /usr/bin/acertmgr
|
@ -1,5 +0,0 @@
|
||||
---
|
||||
|
||||
dependencies:
|
||||
- { role: acertmgr }
|
||||
- { role: nginx, nginx_ssl: True }
|
@ -1,52 +0,0 @@
|
||||
---
|
||||
|
||||
- name: Install dependencies
|
||||
apt:
|
||||
name:
|
||||
- exif
|
||||
- imagemagick
|
||||
- imagemagick-common
|
||||
- libsodium23
|
||||
- mariadb-server
|
||||
- php-common
|
||||
- php-curl
|
||||
- php-fpm
|
||||
- php-imagick
|
||||
- php-json
|
||||
- php-mbstring
|
||||
- php-mysql
|
||||
- php-seclib
|
||||
- php-xml
|
||||
- php-zip
|
||||
|
||||
- name: Create vhost directory
|
||||
file: path=/var/www/plk state=directory owner=www-data group=www-data
|
||||
|
||||
# FIXME mysql_db and mysql_user is currently not working
|
||||
# already tried installing python3-pymsql
|
||||
# so for now mysql is handled manually
|
||||
#- name: Configure MySQL database
|
||||
# mysql_db: name={{ plk_dbname }}
|
||||
|
||||
#- name: Configure MySQL user
|
||||
# mysql_user: name={{ plk_dbuser }} password={{ plk_dbpass }} priv={{ plk_dbname }}.*:ALL state=present
|
||||
|
||||
- name: Ensure certificates are available
|
||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ plk_domain }}.key -out /etc/nginx/ssl/{{ plk_domain }}.crt -days 730 -subj "/CN={{ plk_domain }}" creates=/etc/nginx/ssl/{{ plk_domain }}.crt
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Configure certificate manager
|
||||
template: src=certs.j2 dest=/etc/acertmgr/{{ plk_domain }}.conf
|
||||
notify: Run acertmgr
|
||||
|
||||
# TODO vhost is configured manually to figure out what is needed for wordpress
|
||||
#- name: Configure vhosts
|
||||
# template: src=vhost.j2 dest=/etc/nginx/sites-available/plk
|
||||
# notify: Restart nginx
|
||||
|
||||
- name: Enable vhosts
|
||||
file: src=/etc/nginx/sites-available/plk dest=/etc/nginx/sites-enabled/plk state=link
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Start php7.3-fpm
|
||||
service: name=php7.3-fpm state=started enabled=yes
|
@ -1,15 +0,0 @@
|
||||
---
|
||||
|
||||
www.{{ plk_domain }} {{ plk_domain }}:
|
||||
- path: /etc/nginx/ssl/{{ plk_domain }}.key
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: key
|
||||
action: '/usr/sbin/service nginx restart'
|
||||
- path: /etc/nginx/ssl/{{ plk_domain }}.crt
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: crt,ca
|
||||
action: '/usr/sbin/service nginx restart'
|
@ -1,36 +0,0 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name {{ plk_domain }};
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
default_type "text/plain";
|
||||
alias /var/www/acme-challenge;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://{{ plk_domain }}$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name {{ plk_domain }};
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ plk_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ plk_domain }}.crt;
|
||||
|
||||
root /var/www/plk;
|
||||
|
||||
location ~ \.php(?:$|/) {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
|
||||
fastcgi_intercept_errors on;
|
||||
}
|
||||
}
|
7
site.yml
7
site.yml
@ -7,7 +7,7 @@
|
||||
- root_keys
|
||||
|
||||
- name: Setup unattended updates
|
||||
hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, bob.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, technetium.binary-kitchen.net, ruthenium.binary-kitchen.net, barium.binary-kitchen.net]
|
||||
hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, bob.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, barium.binary-kitchen.net]
|
||||
roles:
|
||||
- uau
|
||||
|
||||
@ -110,11 +110,6 @@
|
||||
roles:
|
||||
- grafana
|
||||
|
||||
- name: Setup PLK server
|
||||
hosts: technetium.binary-kitchen.net
|
||||
roles:
|
||||
- web_plk
|
||||
|
||||
- name: Setup minecraft server
|
||||
hosts: ruthenium.binary-kitchen.net
|
||||
roles:
|
||||
|
Loading…
x
Reference in New Issue
Block a user