Refactored native-

This commit is contained in:
Kevin Veen-Birkenbach 2023-09-02 13:13:28 +02:00
parent 1036ad5045
commit 51df7d2a08
169 changed files with 94 additions and 94 deletions

View File

@ -31,12 +31,12 @@ This software allows to setup the docker following applications:
This software shipts the following tools which are natively setup on the server: This software shipts the following tools which are natively setup on the server:
- [Backups Cleanup](./roles/backups-cleanup-timer/README.md) - Cleans up old backups - [Backups Cleanup](./roles/backups-cleanup-timer/README.md) - Cleans up old backups
- [Btrfs Health Check](./roles/native-btrfs-health-check/README.md) - Checks the health of Btrfs file systems - [Btrfs Health Check](./roles/btrfs-health-check/README.md) - Checks the health of Btrfs file systems
- [Docker Health Check](./roles/native-docker-health-check/) - Checks the health of docker containers - [Docker Health Check](./roles/docker-health-check/) - Checks the health of docker containers
- [Docker Reverse Proxy](./roles/native-docker-reverse-proxy/README.md) - Docker Reverse Proxy Solution - [Docker Reverse Proxy](./roles/docker-reverse-proxy/README.md) - Docker Reverse Proxy Solution
- [Docker Volume Backup](./roles/native-docker-volume-backup/) - Backup Solution for Docker Volumes - [Docker Volume Backup](./roles/docker-volume-backup/) - Backup Solution for Docker Volumes
- [Pull Primary Backups](./roles/native-backups-consumer/README.md) - Pulls the backups from another server and stores them - [Pull Primary Backups](./roles/backups-consumer/README.md) - Pulls the backups from another server and stores them
- [Wireguard](./roles/native-wireguard/README.md) - Integrates the server in an wireguard vpn - [Wireguard](./roles/wireguard/README.md) - Integrates the server in an wireguard vpn
### Server Administration ### Server Administration

View File

@ -10,10 +10,10 @@
become: true become: true
roles: roles:
- system-security - system-security
- native-journalctl - journalctl
- native-disc-space-check - disc-space-check
- native-free-disc-space - free-disc-space
- native-btrfs-health-check - btrfs-health-check
# Wireguard Rollen # Wireguard Rollen
- name: setup standard wireguard - name: setup standard wireguard
@ -39,14 +39,14 @@
hosts: homepage hosts: homepage
become: true become: true
roles: roles:
- role: native-homepage - role: homepage
vars: vars:
domain: "{{top_domain}}" domain: "{{top_domain}}"
- name: setup redirect hosts - name: setup redirect hosts
hosts: redirect hosts: redirect
become: true become: true
roles: roles:
- role: native-https-redirect - role: https-redirect
vars: vars:
domain_mappings: "{{redirect_domain_mappings}}" domain_mappings: "{{redirect_domain_mappings}}"
@ -196,7 +196,7 @@
hosts: replica_backup hosts: replica_backup
become: true become: true
roles: roles:
- role: native-backups-consumer - role: backups-consumer
## PC services ## PC services
- name: general host setup - name: general host setup

View File

@ -1,3 +1,3 @@
dependencies: dependencies:
- native-python-pip - python-pip
- systemd_notifier - systemd_notifier

View File

@ -1,4 +1,4 @@
# role native-backups-consumer # role backups-consumer
## goal ## goal
This script allows to pull backups from a remote server. This script allows to pull backups from a remote server.

View File

@ -1,4 +1,4 @@
dependencies: dependencies:
- native-git - git
- systemd_notifier - systemd_notifier
- backups-cleanup-timer - backups-cleanup-timer

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- native-sshd - sshd

View File

@ -1,4 +1,4 @@
# role native-backups-provider-user # role backups-provider-user
User for backups User for backups
## todo ## todo

View File

@ -1,4 +1,4 @@
# role native-backups-provider-host # role backups-provider-host
## todo ## todo
- add full system backup - add full system backup

View File

@ -1,3 +1,3 @@
dependencies: dependencies:
- native-backups-provider-user - backups-provider-user
- backups-cleanup-timer - backups-cleanup-timer

View File

@ -1,3 +1,3 @@
dependencies: dependencies:
- native-nginx - nginx
- systemd_notifier - systemd_notifier

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- native-docker-reverse-proxy - docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: register directory - name: register directory

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- native-docker-reverse-proxy - docker-reverse-proxy

View File

@ -7,13 +7,13 @@
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: template:
src: roles/native-docker-reverse-proxy/templates/domain.conf.j2 src: roles/docker-reverse-proxy/templates/domain.conf.j2
dest: /etc/nginx/conf.d/{{domain}}.conf dest: /etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
#- name: configure {{ mail_interface_domain }}.conf #- name: configure {{ mail_interface_domain }}.conf
# template: # template:
# src: roles/native-docker-reverse-proxy/templates/domain.conf.j2 # src: roles/docker-reverse-proxy/templates/domain.conf.j2
# dest: /etc/nginx/conf.d/{{ mail_interface_domain }}.conf # dest: /etc/nginx/conf.d/{{ mail_interface_domain }}.conf
# vars: # vars:
# http_port: "{{ mail_interface_http_port }}" # http_port: "{{ mail_interface_http_port }}"

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- native-docker-reverse-proxy - docker-reverse-proxy

View File

@ -1,2 +1,2 @@
# native-docker-compose-restart-unhealthy # docker-compose-restart-unhealthy
docker-compose restart for containers which are unhealty or excited docker-compose restart for containers which are unhealty or excited

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- native-docker-reverse-proxy - docker-reverse-proxy

View File

@ -4,7 +4,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: create elasticsearch-sysctl.conf - name: create elasticsearch-sysctl.conf

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- native-docker-reverse-proxy - docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: "create {{docker_compose_path}}" - name: "create {{docker_compose_path}}"

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- native-docker-reverse-proxy - docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}} https - name: configure {{domain}} https
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: "create {{path_docker_compose_folder}}" - name: "create {{path_docker_compose_folder}}"

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- native-docker-reverse-proxy - docker-reverse-proxy

View File

@ -2,7 +2,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: "docker jenkins" - name: "docker jenkins"

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- native-docker-reverse-proxy - docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: "create {{path_docker_compose_folder}}" - name: "create {{path_docker_compose_folder}}"

View File

@ -1,3 +1,3 @@
dependencies: dependencies:
- native-docker-reverse-proxy - docker-reverse-proxy
- systemd_notifier - systemd_notifier

View File

@ -6,7 +6,7 @@
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
vars: vars:
client_max_body_size: "31M" client_max_body_size: "31M"
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: "create {{path_docker_compose_files}}mailu" - name: "create {{path_docker_compose_files}}mailu"

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- native-docker-reverse-proxy - docker-reverse-proxy

View File

@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade {
server { server {
server_name {{domain}}; server_name {{domain}};
{% include 'roles/native-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
keepalive_timeout 70; keepalive_timeout 70;
sendfile on; sendfile on;
@ -23,7 +23,7 @@ server {
add_header Strict-Transport-Security "max-age=31536000"; add_header Strict-Transport-Security "max-age=31536000";
{% include 'roles/native-docker-reverse-proxy/templates/proxy_pass.conf.j2' %} {% include 'roles/docker-reverse-proxy/templates/proxy_pass.conf.j2' %}
location /api/v1/streaming { location /api/v1/streaming {
proxy_set_header Host $host; proxy_set_header Host $host;

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- native-docker-reverse-proxy - docker-reverse-proxy

View File

@ -2,7 +2,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: "docker mediawiki" - name: "docker mediawiki"

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- native-docker-reverse-proxy - docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: create data folder - name: create data folder

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- native-docker-reverse-proxy - docker-reverse-proxy

View File

@ -2,7 +2,7 @@ server
{ {
server_name {{domain}}; server_name {{domain}};
{% include 'roles/native-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
# Remove X-Powered-By, which is an information leak # Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By; fastcgi_hide_header X-Powered-By;
@ -12,7 +12,7 @@ server
client_body_buffer_size 400M; client_body_buffer_size 400M;
fastcgi_buffers 64 4K; fastcgi_buffers 64 4K;
{% include 'roles/native-docker-reverse-proxy/templates/proxy_pass.conf.j2' %} {% include 'roles/docker-reverse-proxy/templates/proxy_pass.conf.j2' %}
location ^~ /.well-known { location ^~ /.well-known {
rewrite ^/\.well-known/host-meta\.json /public.php?service=host-meta-json last; rewrite ^/\.well-known/host-meta\.json /public.php?service=host-meta-json last;

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- native-docker-reverse-proxy - docker-reverse-proxy

View File

@ -6,7 +6,7 @@ upstream backend {
server { server {
server_name {{domain}}; server_name {{domain}};
{% include 'roles/native-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
## ##
# Application # Application

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- native-docker-reverse-proxy - docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: "create {{docker_compose_path}}" - name: "create {{docker_compose_path}}"

View File

@ -1,4 +1,4 @@
# role native-docker-reverse-proxy # role docker-reverse-proxy
Uses nginx as an [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) for local docker applications. Uses nginx as an [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) for local docker applications.

View File

@ -0,0 +1,3 @@
dependencies:
- docker
- https-server

View File

@ -6,7 +6,7 @@ server
client_max_body_size {{ client_max_body_size }}; client_max_body_size {{ client_max_body_size }};
{% endif %} {% endif %}
{% include 'roles/native-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
{% include 'proxy_pass.conf.j2' %} {% include 'proxy_pass.conf.j2' %}

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- native-docker-reverse-proxy - docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: "create {{docker_compose_path}}" - name: "create {{docker_compose_path}}"

View File

@ -0,0 +1,4 @@
dependencies:
- git
- backups-provider
- systemd_notifier

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- native-docker-reverse-proxy - docker-reverse-proxy

View File

@ -7,7 +7,7 @@
vars: vars:
client_max_body_size: "2M" client_max_body_size: "2M"
domain: "{{item}}" domain: "{{item}}"
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{ item }}.conf template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{ item }}.conf
loop: "{{domains}}" loop: "{{domains}}"
notify: restart nginx notify: restart nginx

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- native-docker-reverse-proxy - docker-reverse-proxy

Some files were not shown because too many files have changed in this diff Show More