mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2024-12-22 18:35:03 +01:00
Refactored native-
This commit is contained in:
parent
c11333be9a
commit
96b0d10ea8
12
README.md
12
README.md
@ -31,12 +31,12 @@ This software allows to setup the docker following applications:
|
||||
|
||||
This software shipts the following tools which are natively setup on the server:
|
||||
- [Backups Cleanup](./roles/backups-cleanup-timer/README.md) - Cleans up old backups
|
||||
- [Btrfs Health Check](./roles/native-btrfs-health-check/README.md) - Checks the health of Btrfs file systems
|
||||
- [Docker Health Check](./roles/native-docker-health-check/) - Checks the health of docker containers
|
||||
- [Docker Reverse Proxy](./roles/native-docker-reverse-proxy/README.md) - Docker Reverse Proxy Solution
|
||||
- [Docker Volume Backup](./roles/native-docker-volume-backup/) - Backup Solution for Docker Volumes
|
||||
- [Pull Primary Backups](./roles/native-backups-consumer/README.md) - Pulls the backups from another server and stores them
|
||||
- [Wireguard](./roles/native-wireguard/README.md) - Integrates the server in an wireguard vpn
|
||||
- [Btrfs Health Check](./roles/btrfs-health-check/README.md) - Checks the health of Btrfs file systems
|
||||
- [Docker Health Check](./roles/docker-health-check/) - Checks the health of docker containers
|
||||
- [Docker Reverse Proxy](./roles/docker-reverse-proxy/README.md) - Docker Reverse Proxy Solution
|
||||
- [Docker Volume Backup](./roles/docker-volume-backup/) - Backup Solution for Docker Volumes
|
||||
- [Pull Primary Backups](./roles/backups-consumer/README.md) - Pulls the backups from another server and stores them
|
||||
- [Wireguard](./roles/wireguard/README.md) - Integrates the server in an wireguard vpn
|
||||
|
||||
### Server Administration
|
||||
|
||||
|
14
playbook.yml
14
playbook.yml
@ -10,10 +10,10 @@
|
||||
become: true
|
||||
roles:
|
||||
- system-security
|
||||
- native-journalctl
|
||||
- native-disc-space-check
|
||||
- native-free-disc-space
|
||||
- native-btrfs-health-check
|
||||
- journalctl
|
||||
- disc-space-check
|
||||
- free-disc-space
|
||||
- btrfs-health-check
|
||||
|
||||
# Wireguard Rollen
|
||||
- name: setup standard wireguard
|
||||
@ -39,14 +39,14 @@
|
||||
hosts: homepage
|
||||
become: true
|
||||
roles:
|
||||
- role: native-homepage
|
||||
- role: homepage
|
||||
vars:
|
||||
domain: "{{top_domain}}"
|
||||
- name: setup redirect hosts
|
||||
hosts: redirect
|
||||
become: true
|
||||
roles:
|
||||
- role: native-https-redirect
|
||||
- role: https-redirect
|
||||
vars:
|
||||
domain_mappings: "{{redirect_domain_mappings}}"
|
||||
|
||||
@ -196,7 +196,7 @@
|
||||
hosts: replica_backup
|
||||
become: true
|
||||
roles:
|
||||
- role: native-backups-consumer
|
||||
- role: backups-consumer
|
||||
|
||||
## PC services
|
||||
- name: general host setup
|
||||
|
@ -1,3 +1,3 @@
|
||||
dependencies:
|
||||
- native-python-pip
|
||||
- python-pip
|
||||
- systemd_notifier
|
||||
|
@ -1,4 +1,4 @@
|
||||
# role native-backups-consumer
|
||||
# role backups-consumer
|
||||
|
||||
## goal
|
||||
This script allows to pull backups from a remote server.
|
@ -1,4 +1,4 @@
|
||||
dependencies:
|
||||
- native-git
|
||||
- git
|
||||
- systemd_notifier
|
||||
- backups-cleanup-timer
|
@ -1,2 +1,2 @@
|
||||
dependencies:
|
||||
- native-sshd
|
||||
- sshd
|
@ -1,4 +1,4 @@
|
||||
# role native-backups-provider-user
|
||||
# role backups-provider-user
|
||||
User for backups
|
||||
|
||||
## todo
|
@ -1,4 +1,4 @@
|
||||
# role native-backups-provider-host
|
||||
# role backups-provider-host
|
||||
|
||||
## todo
|
||||
- add full system backup
|
@ -1,3 +1,3 @@
|
||||
dependencies:
|
||||
- native-backups-provider-user
|
||||
- backups-provider-user
|
||||
- backups-cleanup-timer
|
@ -1,3 +1,3 @@
|
||||
dependencies:
|
||||
- native-nginx
|
||||
- nginx
|
||||
- systemd_notifier
|
@ -1,2 +1,2 @@
|
||||
dependencies:
|
||||
- native-docker-reverse-proxy
|
||||
- docker-reverse-proxy
|
||||
|
@ -3,7 +3,7 @@
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: register directory
|
||||
|
@ -1,2 +1,2 @@
|
||||
dependencies:
|
||||
- native-docker-reverse-proxy
|
||||
- docker-reverse-proxy
|
||||
|
@ -7,13 +7,13 @@
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template:
|
||||
src: roles/native-docker-reverse-proxy/templates/domain.conf.j2
|
||||
src: roles/docker-reverse-proxy/templates/domain.conf.j2
|
||||
dest: /etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
#- name: configure {{ mail_interface_domain }}.conf
|
||||
# template:
|
||||
# src: roles/native-docker-reverse-proxy/templates/domain.conf.j2
|
||||
# src: roles/docker-reverse-proxy/templates/domain.conf.j2
|
||||
# dest: /etc/nginx/conf.d/{{ mail_interface_domain }}.conf
|
||||
# vars:
|
||||
# http_port: "{{ mail_interface_http_port }}"
|
||||
|
@ -1,2 +1,2 @@
|
||||
dependencies:
|
||||
- native-docker-reverse-proxy
|
||||
- docker-reverse-proxy
|
||||
|
@ -1,2 +1,2 @@
|
||||
# native-docker-compose-restart-unhealthy
|
||||
# docker-compose-restart-unhealthy
|
||||
docker-compose restart for containers which are unhealty or excited
|
@ -1,2 +1,2 @@
|
||||
dependencies:
|
||||
- native-docker-reverse-proxy
|
||||
- docker-reverse-proxy
|
||||
|
@ -4,7 +4,7 @@
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: create elasticsearch-sysctl.conf
|
||||
|
@ -1,2 +1,2 @@
|
||||
dependencies:
|
||||
- native-docker-reverse-proxy
|
||||
- docker-reverse-proxy
|
||||
|
@ -3,7 +3,7 @@
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: "create {{docker_compose_path}}"
|
||||
|
@ -1,2 +1,2 @@
|
||||
dependencies:
|
||||
- native-docker-reverse-proxy
|
||||
- docker-reverse-proxy
|
||||
|
@ -3,7 +3,7 @@
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}} https
|
||||
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: "create {{path_docker_compose_folder}}"
|
||||
|
@ -1,2 +1,2 @@
|
||||
dependencies:
|
||||
- native-docker-reverse-proxy
|
||||
- docker-reverse-proxy
|
||||
|
@ -2,7 +2,7 @@
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: "docker jenkins"
|
||||
|
@ -1,2 +1,2 @@
|
||||
dependencies:
|
||||
- native-docker-reverse-proxy
|
||||
- docker-reverse-proxy
|
||||
|
@ -3,7 +3,7 @@
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: "create {{path_docker_compose_folder}}"
|
||||
|
@ -1,3 +1,3 @@
|
||||
dependencies:
|
||||
- native-docker-reverse-proxy
|
||||
- docker-reverse-proxy
|
||||
- systemd_notifier
|
||||
|
@ -6,7 +6,7 @@
|
||||
- name: configure {{domain}}.conf
|
||||
vars:
|
||||
client_max_body_size: "31M"
|
||||
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: "create {{path_docker_compose_files}}mailu"
|
||||
|
@ -1,2 +1,2 @@
|
||||
dependencies:
|
||||
- native-docker-reverse-proxy
|
||||
- docker-reverse-proxy
|
||||
|
@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade {
|
||||
server {
|
||||
server_name {{domain}};
|
||||
|
||||
{% include 'roles/native-letsencrypt/templates/ssl_header.j2' %}
|
||||
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
||||
|
||||
keepalive_timeout 70;
|
||||
sendfile on;
|
||||
@ -23,7 +23,7 @@ server {
|
||||
|
||||
add_header Strict-Transport-Security "max-age=31536000";
|
||||
|
||||
{% include 'roles/native-docker-reverse-proxy/templates/proxy_pass.conf.j2' %}
|
||||
{% include 'roles/docker-reverse-proxy/templates/proxy_pass.conf.j2' %}
|
||||
|
||||
location /api/v1/streaming {
|
||||
proxy_set_header Host $host;
|
||||
|
@ -1,2 +1,2 @@
|
||||
dependencies:
|
||||
- native-docker-reverse-proxy
|
||||
- docker-reverse-proxy
|
||||
|
@ -2,7 +2,7 @@
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: "docker mediawiki"
|
||||
|
@ -1,2 +1,2 @@
|
||||
dependencies:
|
||||
- native-docker-reverse-proxy
|
||||
- docker-reverse-proxy
|
||||
|
@ -3,7 +3,7 @@
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: create data folder
|
||||
|
@ -1,2 +1,2 @@
|
||||
dependencies:
|
||||
- native-docker-reverse-proxy
|
||||
- docker-reverse-proxy
|
||||
|
@ -2,7 +2,7 @@ server
|
||||
{
|
||||
server_name {{domain}};
|
||||
|
||||
{% include 'roles/native-letsencrypt/templates/ssl_header.j2' %}
|
||||
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
@ -12,7 +12,7 @@ server
|
||||
client_body_buffer_size 400M;
|
||||
fastcgi_buffers 64 4K;
|
||||
|
||||
{% include 'roles/native-docker-reverse-proxy/templates/proxy_pass.conf.j2' %}
|
||||
{% include 'roles/docker-reverse-proxy/templates/proxy_pass.conf.j2' %}
|
||||
|
||||
location ^~ /.well-known {
|
||||
rewrite ^/\.well-known/host-meta\.json /public.php?service=host-meta-json last;
|
||||
|
@ -1,2 +1,2 @@
|
||||
dependencies:
|
||||
- native-docker-reverse-proxy
|
||||
- docker-reverse-proxy
|
||||
|
@ -6,7 +6,7 @@ upstream backend {
|
||||
server {
|
||||
server_name {{domain}};
|
||||
|
||||
{% include 'roles/native-letsencrypt/templates/ssl_header.j2' %}
|
||||
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
||||
|
||||
##
|
||||
# Application
|
||||
|
@ -1,2 +1,2 @@
|
||||
dependencies:
|
||||
- native-docker-reverse-proxy
|
||||
- docker-reverse-proxy
|
||||
|
@ -3,7 +3,7 @@
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: "create {{docker_compose_path}}"
|
||||
|
@ -1,4 +1,4 @@
|
||||
# role native-docker-reverse-proxy
|
||||
# role docker-reverse-proxy
|
||||
|
||||
Uses nginx as an [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) for local docker applications.
|
||||
|
3
roles/docker-reverse-proxy/meta/main.yml
Normal file
3
roles/docker-reverse-proxy/meta/main.yml
Normal file
@ -0,0 +1,3 @@
|
||||
dependencies:
|
||||
- docker
|
||||
- https-server
|
@ -6,7 +6,7 @@ server
|
||||
client_max_body_size {{ client_max_body_size }};
|
||||
{% endif %}
|
||||
|
||||
{% include 'roles/native-letsencrypt/templates/ssl_header.j2' %}
|
||||
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
||||
|
||||
{% include 'proxy_pass.conf.j2' %}
|
||||
|
@ -1,2 +1,2 @@
|
||||
dependencies:
|
||||
- native-docker-reverse-proxy
|
||||
- docker-reverse-proxy
|
||||
|
@ -3,7 +3,7 @@
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: "create {{docker_compose_path}}"
|
||||
|
4
roles/docker-volume-backup/meta/main.yml
Normal file
4
roles/docker-volume-backup/meta/main.yml
Normal file
@ -0,0 +1,4 @@
|
||||
dependencies:
|
||||
- git
|
||||
- backups-provider
|
||||
- systemd_notifier
|
@ -1,2 +1,2 @@
|
||||
dependencies:
|
||||
- native-docker-reverse-proxy
|
||||
- docker-reverse-proxy
|
||||
|
@ -7,7 +7,7 @@
|
||||
vars:
|
||||
client_max_body_size: "2M"
|
||||
domain: "{{item}}"
|
||||
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{ item }}.conf
|
||||
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{ item }}.conf
|
||||
loop: "{{domains}}"
|
||||
notify: restart nginx
|
||||
|
||||
|
@ -1,2 +1,2 @@
|
||||
dependencies:
|
||||
- native-docker-reverse-proxy
|
||||
- docker-reverse-proxy
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user