forked from infra/ansible
workadventure: remove role (decommission barium.binary-kitchen.net)
This commit is contained in:
parent
a3dddac6d0
commit
7a82e453e9
@ -64,6 +64,5 @@ Currently the following hosts are installed:
|
||||
| argentum.binary-kitchen.net | Debian 12 | Event Web * |
|
||||
| cadmium.binary-kitchen.net | Debian 12 | Event NetBox * |
|
||||
| indium.binary-kitchen.net | Debian 12 | Igel CAM * |
|
||||
| barium.binary-kitchen.net | Debian 12 | Workadventure |
|
||||
|
||||
\*: The main application is not managed by ansible but manually installed
|
||||
|
1
hosts
1
hosts
@ -40,4 +40,3 @@ palladium.binary-kitchen.net
|
||||
argentum.binary-kitchen.net
|
||||
cadmium.binary-kitchen.net
|
||||
indium.binary-kitchen.net
|
||||
barium.binary-kitchen.net
|
||||
|
@ -1,13 +0,0 @@
|
||||
---
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /usr/bin/acertmgr
|
||||
|
||||
- name: Reload systemd
|
||||
systemd: daemon_reload=yes
|
||||
|
||||
- name: Restart nginx
|
||||
service: name=nginx state=restarted
|
||||
|
||||
- name: Restart workadventure
|
||||
service: name=workadventure state=restarted
|
@ -1,5 +0,0 @@
|
||||
---
|
||||
|
||||
dependencies:
|
||||
- { role: acertmgr }
|
||||
- { role: nginx, nginx_ssl: True }
|
@ -1,51 +0,0 @@
|
||||
---
|
||||
|
||||
# TODO
|
||||
# source code is not yet checked out from git
|
||||
|
||||
- name: Install docker-compose
|
||||
apt: name=docker-compose
|
||||
|
||||
- name: Install git
|
||||
apt: name=git
|
||||
|
||||
- name: Create workadventure group
|
||||
group: name=workadventure
|
||||
|
||||
- name: Create workadventure user
|
||||
user:
|
||||
name: workadventure
|
||||
home: /opt/workadventure
|
||||
shell: /bin/zsh
|
||||
group: workadventure
|
||||
groups: docker
|
||||
|
||||
- name: Install systemd unit
|
||||
template: src=workadventure.service.j2 dest=/lib/systemd/system/workadventure.service
|
||||
notify:
|
||||
- Reload systemd
|
||||
- Restart workadventure
|
||||
|
||||
- name: Ensure certificates are available
|
||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ workadventure_domain }}.key -out /etc/nginx/ssl/{{ workadventure_domain }}.crt -days 730 -subj "/CN={{ workadventure_domain }}" creates=/etc/nginx/ssl/{{ workadventure_domain }}.crt
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Configure certificate manager for workadventure
|
||||
template: src=certs.j2 dest=/etc/acertmgr/{{ workadventure_domain }}.conf
|
||||
notify: Run acertmgr
|
||||
|
||||
- name: Configure vhost
|
||||
template: src=vhost.j2 dest=/etc/nginx/sites-available/workadventure
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Enable vhost
|
||||
file: src=/etc/nginx/sites-available/workadventure dest=/etc/nginx/sites-enabled/workadventure state=link
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Enable workadventure
|
||||
service: name=workadventure enabled=yes
|
||||
|
||||
- name: Enable monitoring
|
||||
include_role: name=icinga-monitor tasks_from=http
|
||||
vars:
|
||||
vhost: "{{ workadventure_domain }}"
|
@ -1,15 +0,0 @@
|
||||
---
|
||||
|
||||
{{ workadventure_domain }} play.{{ workadventure_domain }} pusher.{{ workadventure_domain }} uploader.{{ workadventure_domain }}:
|
||||
- path: /etc/nginx/ssl/{{ workadventure_domain }}.key
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: key
|
||||
action: '/usr/sbin/service nginx restart'
|
||||
- path: /etc/nginx/ssl/{{ workadventure_domain }}.crt
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: crt,ca
|
||||
action: '/usr/sbin/service nginx restart'
|
@ -1,76 +0,0 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name {{ workadventure_domain }} play.{{ workadventure_domain }} pusher.{{ workadventure_domain }} uploader.{{ workadventure_domain }};
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
default_type "text/plain";
|
||||
alias /var/www/acme-challenge;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name {{ workadventure_domain }};
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
|
||||
|
||||
location / {
|
||||
root /opt/workadventure/source/landing/dist;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name play.{{ workadventure_domain }};
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
|
||||
|
||||
location / {
|
||||
root /opt/workadventure/source/src/front/dist;
|
||||
try_files $uri uri/ /index.html?$args;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name pusher.{{ workadventure_domain }};
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8002;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name uploader.{{ workadventure_domain }};
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8005;
|
||||
}
|
||||
}
|
@ -1,28 +0,0 @@
|
||||
[Unit]
|
||||
Description=WorkAdventure service using docker compose
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
Before=nginx.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
|
||||
User=workadventure
|
||||
Group=workadventure
|
||||
|
||||
Restart=always
|
||||
TimeoutStartSec=1200
|
||||
|
||||
WorkingDirectory=/opt/workadventure/source/
|
||||
|
||||
# Make sure no old containers are running
|
||||
ExecStartPre=/usr/bin/docker-compose down -v
|
||||
|
||||
# Compose up
|
||||
ExecStart=/usr/bin/docker-compose up
|
||||
|
||||
# Compose down, remove containers and volumes
|
||||
ExecStop=/usr/bin/docker-compose down -v
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
7
site.yml
7
site.yml
@ -7,7 +7,7 @@
|
||||
- root_keys
|
||||
|
||||
- name: Setup unattended updates
|
||||
hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, aluminium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, palladium.binary-kitchen.net, argentum.binary-kitchen.net, cadmium.binary-kitchen.net, indium.binary-kitchen.net, barium.binary-kitchen.net]
|
||||
hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, aluminium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, palladium.binary-kitchen.net, argentum.binary-kitchen.net, cadmium.binary-kitchen.net, indium.binary-kitchen.net]
|
||||
roles:
|
||||
- uau
|
||||
|
||||
@ -172,8 +172,3 @@
|
||||
hosts: argentum.binary-kitchen.net
|
||||
roles:
|
||||
- event_web
|
||||
|
||||
- name: Setup WorkAdventure server
|
||||
hosts: barium.binary-kitchen.net
|
||||
roles:
|
||||
- workadventure
|
||||
|
Loading…
Reference in New Issue
Block a user