forked from infra/ansible
new host for drone.io
fix path of acertmgr handler
This commit is contained in:
parent
9bb3111efc
commit
86bf87405a
@ -14,6 +14,12 @@ dns_axfr_ips:
|
|||||||
|
|
||||||
dhcp_omapi_key: "{{ vault_dhcp_omapi_key }}"
|
dhcp_omapi_key: "{{ vault_dhcp_omapi_key }}"
|
||||||
|
|
||||||
|
drone_domain: drone.binary-kitchen.de
|
||||||
|
drone_dbname: drone
|
||||||
|
drone_dbuser: drone
|
||||||
|
drone_dbpass: "{{ vault_drone_dbpass }}"
|
||||||
|
drone_secret: "{{ vault_drone_secret }}"
|
||||||
|
|
||||||
dss_domain: dss.binary-kitchen.de
|
dss_domain: dss.binary-kitchen.de
|
||||||
dss_secret: "{{ vault_dss_secret }}"
|
dss_secret: "{{ vault_dss_secret }}"
|
||||||
|
|
||||||
|
@ -1,40 +1,44 @@
|
|||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
65386365643062373630613165666663396337336335653562663134376664306466663463613637
|
30386437633139313730633863633362386233316337653461616364623334323339626533333939
|
||||||
3364303661616431613138653162333536343234633839310a306366646266346238333538326633
|
6466623963336361343337333831646635383437376435620a363836386664623430303836366666
|
||||||
35633264353932633361616531623336386331663038363832363038373833356139313065383065
|
64356564333864643030636438636364646666633662306236666131653962653235623961376436
|
||||||
6462356264373862650a313166323366623963643839643564613462366232653361393331353430
|
6534623031633033360a343535653032366130343132646430393734613838303364613632366434
|
||||||
32393936636161653339393531363761643137306639376564613134643763333861653764373563
|
36646438316131386536363834356438353034636362316535613362383362326133353937356437
|
||||||
65656364353964343033326266353062396330363934633933646632303236666130303838623332
|
63643731333738653232613961663831663339333935393562656665343035343039636132346438
|
||||||
37333237316235343430333762346534636636353332363332323433666262333833636638623862
|
32646633353238346335353436633363363365376564663736316365396330383337663030616165
|
||||||
66343239656461336138356334666363653039353861656363363963383831373962613637376631
|
64313534346261663238613663356637363161663639386364366531623837633163616438326138
|
||||||
38323432396435373433653165386634306332323137326365643764353161616330663638376163
|
37306134326165346238343535666336353931646236373364303866623335653330336364353536
|
||||||
64646438323331633138343932653038636638386639623433636139623266376465373266653137
|
32393138656165393939323937633038633336653162666566623932333864383733656235633561
|
||||||
36313138396230616335653334653233333430366631383835363231393333663661646133313732
|
32366364363463316665653835363063386138303866393065633637373936623433356565376130
|
||||||
61303430393933326432626135333637666135616634643430633433633832373435663338643130
|
66323464656534386462663835373661326139356666353031363164393564323563326637626639
|
||||||
30666664623435303462376363313666353633313766353631343939313862356139643164333865
|
37306336616533383235326433326631303463313665356431636366306533623438383566346463
|
||||||
38306237613735663565346266363263656161303164626632366465653939363932373631623938
|
61363732316465643432376465356363356165383833666432353235363737303634626166366465
|
||||||
30633762376432353231323437303638313939613034303235336261303530646333656432393661
|
33373332373166646365343232323962343531303565656165333662613238363731376264663130
|
||||||
38616366353461323839643465663039363339356330336262616539373032353466613633653662
|
61316662646431633135633531646538616435323835346566623839336638333930333066663734
|
||||||
32373733326266323335386365633232383732383432333265333066623463616165376539356234
|
62616166643362626565643566313161656265323561666533623664666263613034653038336465
|
||||||
63326438653530336264326437386164303139383036383361333737343861646133353464366533
|
66326639323135333435326230663432656662386439653635303832386262373263306132383463
|
||||||
63343731366535343330616162333465633966383262313531636430383735343135306233616138
|
36656535336231316462366636646564633835306331663466363165383564313838396264316637
|
||||||
61656432343938363430363636373533373832363565353538356462366663633639356630653331
|
64336464636537653962366563303164623964366536633938366130353064303737363533656362
|
||||||
32386533303366353262643464653831383937333736366239633030323432653234656536393435
|
63326663383438613264373635303864353237623436333631353337383865623162656265633930
|
||||||
63376564623361653864316462613434323932666561356532646536636130616534376231373563
|
37653466393831303761386434363563313939313234623434633865356134663831376666656262
|
||||||
64393365653163336635366663323239363436363064353461326261363837323663623162323234
|
33353265376138623834643430643139336566666634333834333839383234663964306636356365
|
||||||
36643436316331643331383133393830373838363865393130333864383136323064383731353065
|
36643763353831376136636164373133303939373062643335316264396137363234383835383936
|
||||||
64633236613437646138373635396563666533393533333464633062326337623037616266636664
|
38383630373432616131303231303662396132313562356532613538303234376235313330303734
|
||||||
31633435353266323163356434353461633763396261393762313437353162373464313534383638
|
36323464373533336637393566626334343764336536323337643930393137643636346639656435
|
||||||
30616665623831653565613764313237333333343034326437323436323139613637333161623031
|
61626465383436303131646436643437633836366265316437306331663537616236633336353236
|
||||||
39636238306464643635613836623361396562623366653263396633653132643937646139353261
|
30386230633930356231376264313263646135306537353932656663643432363637316132303666
|
||||||
31623432633965643031346530336333353130666534303162373731376461353237633863303933
|
66613531393562353735613136396432303430636131373163376562383066326430313639383038
|
||||||
30376331663833353233383161663066373965646536663461323236373466636334353235386530
|
35643031613934663966343437616566346464336263326566353565346432633762646439373636
|
||||||
38306636666364343732393735383535333866656663613533336439636431323938633739383363
|
36336232363261313862353465336332623432656239646331393661613730396163626166643233
|
||||||
38366665323339363966636533623635383464393831396431323161626563383432313433353035
|
38636138663432313965613831333730626532376261636239303366383463633138393431616433
|
||||||
61356362333930653866616635333438353138353532323465633765613466646638646131316531
|
62636333373765366436343663666637643032373662616166363634653430346361646535323834
|
||||||
34626430643066313461393535323830666266323462373331346261393130353463336362663263
|
66393437363635393564353131343361373232336638633164396262366135643766653432303566
|
||||||
32333465653237326636306636333265643463363630626238333564613138383132393462616338
|
34313432343965653138653634373966343337623865303937613363303237383632313334363532
|
||||||
34343237316239653362383831666233613033623964363030313731653532323831376365656535
|
61393061616237623064333263373634373764313963396636633661623764363332333837613661
|
||||||
34653538313135623362343637663733636366646534373538303331323433653135303936336664
|
35373730316463383835303837663136616262316161626362353437343661346266313937623931
|
||||||
31373062653338626234653537663136356537663665613864623462623130336363343862636465
|
30316235626236383861333931353333383237623233373135613465623865313339373533323631
|
||||||
646238313932313833303933643432346133
|
35386337646539326531396438613233636561326231643030633536333635626132393463663032
|
||||||
|
66343235626266333739366637336434306331626163316335633231656232343763323836396331
|
||||||
|
65366434346635373865313562663666653166393631373864363934653535653265653534656266
|
||||||
|
65303336653439336430373864343962396430623531623262326136616164633532616432663034
|
||||||
|
363338326234396132643564306665303937
|
||||||
|
1
hosts
1
hosts
@ -22,3 +22,4 @@ sodium.binary-kitchen.net
|
|||||||
krypton.binary-kitchen.net
|
krypton.binary-kitchen.net
|
||||||
yttrium.binary-kitchen.net
|
yttrium.binary-kitchen.net
|
||||||
zirconium.binary-kitchen.net
|
zirconium.binary-kitchen.net
|
||||||
|
molybdenum.binary-kitchen.net
|
||||||
|
14
roles/drone/files/drone.service
Normal file
14
roles/drone/files/drone.service
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=drone.io server
|
||||||
|
After=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
User=drone
|
||||||
|
EnvironmentFile=/etc/default/drone
|
||||||
|
ExecStart=/opt/drone/bin/drone-server
|
||||||
|
Restart=always
|
||||||
|
RestartSec=5s
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
13
roles/drone/handlers/main.yml
Normal file
13
roles/drone/handlers/main.yml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Run acertmgr
|
||||||
|
command: /usr/bin/acertmgr
|
||||||
|
|
||||||
|
- name: Restart drone
|
||||||
|
service: name=drone state=restarted
|
||||||
|
|
||||||
|
- name: Restart nginx
|
||||||
|
service: name=nginx state=restarted
|
||||||
|
|
||||||
|
- name: Reload systemd
|
||||||
|
command: systemctl daemon-reload
|
5
roles/drone/meta/main.yml
Normal file
5
roles/drone/meta/main.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
dependencies:
|
||||||
|
- { role: acertmgr }
|
||||||
|
- { role: nginx, nginx_ssl: True }
|
52
roles/drone/tasks/main.yml
Normal file
52
roles/drone/tasks/main.yml
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Create user
|
||||||
|
user: name=drone
|
||||||
|
|
||||||
|
# TODO install drone to /opt/drone/bin
|
||||||
|
# currently it is manually compiled
|
||||||
|
|
||||||
|
- name: Configure drone
|
||||||
|
template: src=drone.j2 dest=/etc/default/drone
|
||||||
|
notify: Restart drone
|
||||||
|
|
||||||
|
- name: Install PostgreSQL
|
||||||
|
apt: name={{ item }}
|
||||||
|
with_items:
|
||||||
|
- postgresql
|
||||||
|
- python-psycopg2
|
||||||
|
|
||||||
|
- name: Configure PostgreSQL database
|
||||||
|
postgresql_db: name={{ drone_dbname }}
|
||||||
|
become: true
|
||||||
|
become_user: postgres
|
||||||
|
|
||||||
|
- name: Configure PostgreSQL user
|
||||||
|
postgresql_user: db={{ drone_dbname }} name={{ drone_dbuser }} password={{ drone_dbpass }} priv=ALL state=present
|
||||||
|
become: true
|
||||||
|
become_user: postgres
|
||||||
|
|
||||||
|
- name: Ensure certificates are available
|
||||||
|
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ drone_domain }}.key -out /etc/nginx/ssl/{{ drone_domain }}.crt -days 730 -subj "/CN={{ drone_domain }}" creates=/etc/nginx/ssl/{{ drone_domain }}.crt
|
||||||
|
notify: Restart nginx
|
||||||
|
|
||||||
|
- name: Configure certificate manager for drone
|
||||||
|
template: src=certs.j2 dest=/etc/acertmgr/{{ drone_domain }}.conf
|
||||||
|
notify: Run acertmgr
|
||||||
|
|
||||||
|
- name: Configure vhost
|
||||||
|
template: src=vhost.j2 dest=/etc/nginx/sites-available/drone
|
||||||
|
notify: Restart nginx
|
||||||
|
|
||||||
|
- name: Enable vhost
|
||||||
|
file: src=/etc/nginx/sites-available/drone dest=/etc/nginx/sites-enabled/drone state=link
|
||||||
|
notify: Restart nginx
|
||||||
|
|
||||||
|
- name: Install systemd unit
|
||||||
|
copy: src=drone.service dest=/lib/systemd/system/drone.service
|
||||||
|
notify:
|
||||||
|
- Reload systemd
|
||||||
|
- Restart drone
|
||||||
|
|
||||||
|
- name: Enable drone
|
||||||
|
service: name=drone enabled=yes
|
15
roles/drone/templates/certs.j2
Normal file
15
roles/drone/templates/certs.j2
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
{{ drone_domain }}:
|
||||||
|
- path: /etc/nginx/ssl/{{ drone_domain }}.key
|
||||||
|
user: root
|
||||||
|
group: root
|
||||||
|
perm: '400'
|
||||||
|
format: key
|
||||||
|
action: '/usr/sbin/service nginx restart'
|
||||||
|
- path: /etc/nginx/ssl/{{ drone_domain }}.crt
|
||||||
|
user: root
|
||||||
|
group: root
|
||||||
|
perm: '400'
|
||||||
|
format: crt,ca
|
||||||
|
action: '/usr/sbin/service nginx restart'
|
7
roles/drone/templates/drone.j2
Normal file
7
roles/drone/templates/drone.j2
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
DRONE_AGENTS_ENABLED=true
|
||||||
|
DRONE_DATABASE_DATASOURCE=postgres://{{ drone_dbuser }}:{{ drone_dbpass }}@127.0.0.1:5432/{{ drone_dbname }}
|
||||||
|
DRONE_DATABASE_DRIVER=postgres
|
||||||
|
DRONE_GOGS_SERVER=https://{{ gogs_domain }}
|
||||||
|
DRONE_RPC_SECRET={{ drone_secret }}
|
||||||
|
DRONE_SERVER_HOST={{ drone_domain }}
|
||||||
|
DRONE_SERVER_PROTO=https
|
31
roles/drone/templates/vhost.j2
Normal file
31
roles/drone/templates/vhost.j2
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
|
||||||
|
server_name {{ drone_domain }};
|
||||||
|
|
||||||
|
location /.well-known/acme-challenge {
|
||||||
|
default_type "text/plain";
|
||||||
|
alias /var/www/acme-challenge;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 301 https://{{ drone_domain }}$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
|
server_name {{ drone_domain }};
|
||||||
|
|
||||||
|
ssl_certificate_key /etc/nginx/ssl/{{ drone_domain }}.key;
|
||||||
|
ssl_certificate /etc/nginx/ssl/{{ drone_domain }}.crt;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
client_max_body_size 128M;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_pass http://localhost:8080;
|
||||||
|
}
|
||||||
|
}
|
7
site.yml
7
site.yml
@ -8,7 +8,7 @@
|
|||||||
- root-keys
|
- root-keys
|
||||||
|
|
||||||
- name: Setup unattended updates
|
- name: Setup unattended updates
|
||||||
hosts: [sulis.binary.kitchen, nabia.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, krypton.binary-kitchen.net, sodium.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net]
|
hosts: [sulis.binary.kitchen, nabia.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, krypton.binary-kitchen.net, sodium.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net]
|
||||||
roles:
|
roles:
|
||||||
- uau
|
- uau
|
||||||
|
|
||||||
@ -93,3 +93,8 @@
|
|||||||
hosts: zirconium.binary-kitchen.net
|
hosts: zirconium.binary-kitchen.net
|
||||||
roles:
|
roles:
|
||||||
- jitsi
|
- jitsi
|
||||||
|
|
||||||
|
- name: Setup drone server
|
||||||
|
hosts: molybdenum.binary-kitchen.net
|
||||||
|
roles:
|
||||||
|
- drone
|
||||||
|
Loading…
Reference in New Issue
Block a user