kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

THE HUGE REFACTORING CALENDER WEEK 33; Optimized Matrix and during this updated variables, and implemented better reset and cleanup mode handling, also solved some initial setup bugs

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-08-15 15:15:48 +02:00
parent 0228014d34
commit 022800425d
271 changed files with 1098 additions and 916 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
group_vars/all/00_general.yml
View File

@@ -29,7 +29,7 @@ WEB_PORT: "{{ 443 if WEB_PROTOCOL == 'https' else 80 }}" # Defaul
# Domain
PRIMARY_DOMAIN: "localhost" # Primary Domain of the server
PRIMARY_DOMAIN_tld: "{{ (PRIMARY_DOMAIN == 'localhost') | ternary('localhost', PRIMARY_DOMAIN.split('.')[-1]) }}" # Top Level Domain of the server
PRIMARY_DOMAIN_TLD: "{{ (PRIMARY_DOMAIN == 'localhost') | ternary('localhost', PRIMARY_DOMAIN.split('.')[-1]) }}" # Top Level Domain of the server
PRIMARY_DOMAIN_SLD: "{{ (PRIMARY_DOMAIN == 'localhost') | ternary('localhost', PRIMARY_DOMAIN.split('.')[-2]) }}" # Second Level Domain of the server
# Server Tact Variables

4
group_vars/all/01_modes.yml
View File

@@ -1,9 +1,9 @@
# Mode
# The following modes can be combined with each other
MODE_RESET: false # Cleans up all Infinito.Nexus files. It's necessary to run to whole playbook and not particial roles when using this function.
MODE_TEST: false # Executes test routines instead of productive routines
MODE_UPDATE: true # Executes updates
MODE_BACKUP: true # Activates the backup before the update procedure
MODE_CLEANUP: true # Cleanup unused files and configurations
MODE_DEBUG: false # This enables debugging in ansible and in the apps, You SHOULD NOT enable this on production servers
MODE_DEBUG: false # This enables debugging in ansible and in the apps, You SHOULD NOT enable this on production servers
MODE_RESET: false # Cleans up all Infinito.Nexus files. It's necessary to run to whole playbook and not particial roles when using this function.

51
group_vars/all/06_nginx.yml
View File

@@ -1,27 +1,32 @@
# Webserver Configuration
# Helper
_nginx_www_dir: /var/www/
_nginx_www_dir: "{{ applications | get_app_conf('svc-prx-openresty','docker.volumes.www') }}"
_nginx_dir: "{{ applications | get_app_conf('svc-prx-openresty','docker.volumes.nginx') }}"
_nginx_conf_dir: "{{ _nginx_dir }}conf.d/"
_nginx_http_dir: "{{ _nginx_conf_dir }}http/"
## Nginx-Specific Path Configurations
nginx:
files:
configuration: "/etc/nginx/nginx.conf"
directories:
configuration: "/etc/nginx/conf.d/" # Configuration directory
http:
global: "/etc/nginx/conf.d/http/global/" # Contains global configurations which will be loaded into the http block
servers: "/etc/nginx/conf.d/http/servers/" # Contains one configuration per domain
maps: "/etc/nginx/conf.d/http/maps/" # Contains mappings
streams: "/etc/nginx/conf.d/streams/" # Contains streams configuration e.g. for ldaps
data:
www: "{{ _nginx_www_dir }}"
well_known: "/usr/share/nginx/well-known/" # Path where well-known files are stored
html: "{{ _nginx_www_dir }}public_html/" # Path where the static homepage files are stored
files: "{{ _nginx_www_dir }}public_files/" # Path where the web accessable files are stored
cdn: "{{ _nginx_www_dir }}public_cdn/" # Contains files which will be accessable via the content delivery network
global: "{{ _nginx_www_dir }}global/" # Directory containing files which will be globaly accessable
cache:
general: "/tmp/cache_nginx_general/" # Directory which nginx uses to cache general data
image: "/tmp/cache_nginx_image/" # Directory which nginx uses to cache images
user: "http" # Default nginx user in ArchLinux
NGINX:
FILES:
CONFIGURATION: "{{ _nginx_dir }}nginx.conf"
DIRECTORIES:
CONFIGURATION: "{{ _nginx_conf_dir }}" # Configuration directory
HTTP:
GLOBAL: "{{ _nginx_http_dir }}global/" # Contains global configurations which will be loaded into the http block
SERVERS: "{{ _nginx_http_dir }}servers/" # Contains one configuration per domain
MAPS: "{{ _nginx_http_dir }}maps/" # Contains mappings
STREAMS: "{{ _nginx_conf_dir }}streams/" # Contains streams configuration e.g. for ldaps
DATA:
WWW: "{{ _nginx_www_dir }}"
WELL_KNOWN: "/usr/share/nginx/well-known/" # Path where well-known files are stored
HTML: "{{ _nginx_www_dir }}public_html/" # Path where the static homepage files are stored
FILES: "{{ _nginx_www_dir }}public_files/" # Path where the web accessable files are stored
CDN: "{{ _nginx_www_dir }}public_cdn/" # Contains files which will be accessable via the content delivery network
GLOBAL: "{{ _nginx_www_dir }}global/" # Directory containing files which will be globaly accessable, @Todo remove this when css migrated to CDN
CACHE:
GENERAL: "/tmp/cache_nginx_general/" # Directory which nginx uses to cache general data
IMAGE: "/tmp/cache_nginx_image/" # Directory which nginx uses to cache images
USER: "http" # Default nginx user in ArchLinux
# @todo It propably makes sense to distinguish between target and source mount path, so that the config files can be stored in the openresty volumes folder

8
group_vars/all/07_paths.yml
View File

@@ -1,6 +1,6 @@
# Path Variables for Key Directories and Scripts
path_administrator_home: "/home/administrator/"
path_administrator_scripts: "/opt/scripts/"
path_docker_compose_instances: "/opt/docker/"
path_system_lock_script: "/opt/scripts/sys-lock.py"
PATH_ADMINISTRATOR_HOME: "/home/administrator/"
PATH_ADMINISTRATOR_SCRIPTS: "/opt/scripts/"
PATH_DOCKER_COMPOSE_INSTANCES: "/opt/docker/"
PATH_SYSTEM_LOCK_SCRIPT: "/opt/scripts/sys-lock.py"

12
group_vars/all/13_ldap.yml
View File

@@ -5,7 +5,7 @@
# Helper Variables:
# Keep in mind to mapp this variables if there is ever the possibility for the user to define them in the inventory
_ldap_dn_base: "dc={{PRIMARY_DOMAIN_SLD}},dc={{PRIMARY_DOMAIN_tld}}"
LDAP_DN_BASE: "dc={{ PRIMARY_DOMAIN_SLD }},dc={{ PRIMARY_DOMAIN_TLD }}"
_ldap_docker_network_enabled: "{{ applications | get_app_conf('svc-db-openldap', 'network.docker') }}"
_ldap_protocol: "{{ 'ldap' if _ldap_docker_network_enabled else 'ldaps' }}"
_ldap_server_port: "{{ ports.localhost[_ldap_protocol]['svc-db-openldap'] }}"
@@ -22,14 +22,14 @@ ldap:
# This is the top-level naming context for your directory, used as the
# default search base for most operations (e.g. adding users, groups).
# Example: “dc=example,dc=com”
root: "{{_ldap_dn_base}}"
root: "{{ LDAP_DN_BASE }}"
administrator:
# -------------------------------------------------------------------------
# Data-Tree Administrator Bind DN
# The DN used to authenticate for regular directory operations under
# the data tree (adding users, modifying attributes, creating OUs, etc.).
# Typically: “cn=admin,dc=example,dc=com”
data: "cn={{ applications['svc-db-openldap'].users.administrator.username }},{{ _ldap_dn_base }}"
data: "cn={{ applications['svc-db-openldap'].users.administrator.username }},{{ LDAP_DN_BASE }}"
# -------------------------------------------------------------------------
# Config-Tree Administrator Bind DN
@@ -47,9 +47,9 @@ ldap:
# groups: Contains organizational or business groups (e.g., departments, teams).
# roles: Contains application-specific RBAC roles
# (e.g., "cn=app1-user", "cn=yourls-admin").
users: "ou=users,{{ _ldap_dn_base }}"
groups: "ou=groups,{{ _ldap_dn_base }}"
roles: "ou=roles,{{ _ldap_dn_base }}"
users: "ou=users,{{ LDAP_DN_BASE }}"
groups: "ou=groups,{{ LDAP_DN_BASE }}"
roles: "ou=roles,{{ LDAP_DN_BASE }}"
# -------------------------------------------------------------------------
# Additional Notes