Refactored native-

This commit is contained in:
Kevin Veen-Birkenbach 2023-09-02 13:13:28 +02:00
parent c11333be9a
commit 96b0d10ea8
169 changed files with 94 additions and 94 deletions

View File

@ -31,12 +31,12 @@ This software allows to setup the docker following applications:
This software shipts the following tools which are natively setup on the server:
- [Backups Cleanup](./roles/backups-cleanup-timer/README.md) - Cleans up old backups
- [Btrfs Health Check](./roles/native-btrfs-health-check/README.md) - Checks the health of Btrfs file systems
- [Docker Health Check](./roles/native-docker-health-check/) - Checks the health of docker containers
- [Docker Reverse Proxy](./roles/native-docker-reverse-proxy/README.md) - Docker Reverse Proxy Solution
- [Docker Volume Backup](./roles/native-docker-volume-backup/) - Backup Solution for Docker Volumes
- [Pull Primary Backups](./roles/native-backups-consumer/README.md) - Pulls the backups from another server and stores them
- [Wireguard](./roles/native-wireguard/README.md) - Integrates the server in an wireguard vpn
- [Btrfs Health Check](./roles/btrfs-health-check/README.md) - Checks the health of Btrfs file systems
- [Docker Health Check](./roles/docker-health-check/) - Checks the health of docker containers
- [Docker Reverse Proxy](./roles/docker-reverse-proxy/README.md) - Docker Reverse Proxy Solution
- [Docker Volume Backup](./roles/docker-volume-backup/) - Backup Solution for Docker Volumes
- [Pull Primary Backups](./roles/backups-consumer/README.md) - Pulls the backups from another server and stores them
- [Wireguard](./roles/wireguard/README.md) - Integrates the server in an wireguard vpn
### Server Administration

View File

@ -10,10 +10,10 @@
become: true
roles:
- system-security
- native-journalctl
- native-disc-space-check
- native-free-disc-space
- native-btrfs-health-check
- journalctl
- disc-space-check
- free-disc-space
- btrfs-health-check
# Wireguard Rollen
- name: setup standard wireguard
@ -39,14 +39,14 @@
hosts: homepage
become: true
roles:
- role: native-homepage
- role: homepage
vars:
domain: "{{top_domain}}"
- name: setup redirect hosts
hosts: redirect
become: true
roles:
- role: native-https-redirect
- role: https-redirect
vars:
domain_mappings: "{{redirect_domain_mappings}}"
@ -196,7 +196,7 @@
hosts: replica_backup
become: true
roles:
- role: native-backups-consumer
- role: backups-consumer
## PC services
- name: general host setup

View File

@ -1,3 +1,3 @@
dependencies:
- native-python-pip
- python-pip
- systemd_notifier

View File

@ -1,4 +1,4 @@
# role native-backups-consumer
# role backups-consumer
## goal
This script allows to pull backups from a remote server.

View File

@ -1,4 +1,4 @@
dependencies:
- native-git
- git
- systemd_notifier
- backups-cleanup-timer

View File

@ -1,2 +1,2 @@
dependencies:
- native-sshd
- sshd

View File

@ -1,4 +1,4 @@
# role native-backups-provider-user
# role backups-provider-user
User for backups
## todo

View File

@ -1,4 +1,4 @@
# role native-backups-provider-host
# role backups-provider-host
## todo
- add full system backup

View File

@ -1,3 +1,3 @@
dependencies:
- native-backups-provider-user
- backups-provider-user
- backups-cleanup-timer

View File

@ -1,3 +1,3 @@
dependencies:
- native-nginx
- nginx
- systemd_notifier

View File

@ -1,2 +1,2 @@
dependencies:
- native-docker-reverse-proxy
- docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: register directory

View File

@ -1,2 +1,2 @@
dependencies:
- native-docker-reverse-proxy
- docker-reverse-proxy

View File

@ -7,13 +7,13 @@
- name: configure {{domain}}.conf
template:
src: roles/native-docker-reverse-proxy/templates/domain.conf.j2
src: roles/docker-reverse-proxy/templates/domain.conf.j2
dest: /etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
#- name: configure {{ mail_interface_domain }}.conf
# template:
# src: roles/native-docker-reverse-proxy/templates/domain.conf.j2
# src: roles/docker-reverse-proxy/templates/domain.conf.j2
# dest: /etc/nginx/conf.d/{{ mail_interface_domain }}.conf
# vars:
# http_port: "{{ mail_interface_http_port }}"

View File

@ -1,2 +1,2 @@
dependencies:
- native-docker-reverse-proxy
- docker-reverse-proxy

View File

@ -1,2 +1,2 @@
# native-docker-compose-restart-unhealthy
# docker-compose-restart-unhealthy
docker-compose restart for containers which are unhealty or excited

View File

@ -1,2 +1,2 @@
dependencies:
- native-docker-reverse-proxy
- docker-reverse-proxy

View File

@ -4,7 +4,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: create elasticsearch-sysctl.conf

View File

@ -1,2 +1,2 @@
dependencies:
- native-docker-reverse-proxy
- docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: "create {{docker_compose_path}}"

View File

@ -1,2 +1,2 @@
dependencies:
- native-docker-reverse-proxy
- docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}} https
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: "create {{path_docker_compose_folder}}"

View File

@ -1,2 +1,2 @@
dependencies:
- native-docker-reverse-proxy
- docker-reverse-proxy

View File

@ -2,7 +2,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: "docker jenkins"

View File

@ -1,2 +1,2 @@
dependencies:
- native-docker-reverse-proxy
- docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: "create {{path_docker_compose_folder}}"

View File

@ -1,3 +1,3 @@
dependencies:
- native-docker-reverse-proxy
- docker-reverse-proxy
- systemd_notifier

View File

@ -6,7 +6,7 @@
- name: configure {{domain}}.conf
vars:
client_max_body_size: "31M"
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: "create {{path_docker_compose_files}}mailu"

View File

@ -1,2 +1,2 @@
dependencies:
- native-docker-reverse-proxy
- docker-reverse-proxy

View File

@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade {
server {
server_name {{domain}};
{% include 'roles/native-letsencrypt/templates/ssl_header.j2' %}
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
keepalive_timeout 70;
sendfile on;
@ -23,7 +23,7 @@ server {
add_header Strict-Transport-Security "max-age=31536000";
{% include 'roles/native-docker-reverse-proxy/templates/proxy_pass.conf.j2' %}
{% include 'roles/docker-reverse-proxy/templates/proxy_pass.conf.j2' %}
location /api/v1/streaming {
proxy_set_header Host $host;

View File

@ -1,2 +1,2 @@
dependencies:
- native-docker-reverse-proxy
- docker-reverse-proxy

View File

@ -2,7 +2,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: "docker mediawiki"

View File

@ -1,2 +1,2 @@
dependencies:
- native-docker-reverse-proxy
- docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: create data folder

View File

@ -1,2 +1,2 @@
dependencies:
- native-docker-reverse-proxy
- docker-reverse-proxy

View File

@ -2,7 +2,7 @@ server
{
server_name {{domain}};
{% include 'roles/native-letsencrypt/templates/ssl_header.j2' %}
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
@ -12,7 +12,7 @@ server
client_body_buffer_size 400M;
fastcgi_buffers 64 4K;
{% include 'roles/native-docker-reverse-proxy/templates/proxy_pass.conf.j2' %}
{% include 'roles/docker-reverse-proxy/templates/proxy_pass.conf.j2' %}
location ^~ /.well-known {
rewrite ^/\.well-known/host-meta\.json /public.php?service=host-meta-json last;

View File

@ -1,2 +1,2 @@
dependencies:
- native-docker-reverse-proxy
- docker-reverse-proxy

View File

@ -6,7 +6,7 @@ upstream backend {
server {
server_name {{domain}};
{% include 'roles/native-letsencrypt/templates/ssl_header.j2' %}
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
##
# Application

View File

@ -1,2 +1,2 @@
dependencies:
- native-docker-reverse-proxy
- docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: "create {{docker_compose_path}}"

View File

@ -1,4 +1,4 @@
# role native-docker-reverse-proxy
# role docker-reverse-proxy
Uses nginx as an [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) for local docker applications.

View File

@ -0,0 +1,3 @@
dependencies:
- docker
- https-server

View File

@ -6,7 +6,7 @@ server
client_max_body_size {{ client_max_body_size }};
{% endif %}
{% include 'roles/native-letsencrypt/templates/ssl_header.j2' %}
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
{% include 'proxy_pass.conf.j2' %}

View File

@ -1,2 +1,2 @@
dependencies:
- native-docker-reverse-proxy
- docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: "create {{docker_compose_path}}"

View File

@ -0,0 +1,4 @@
dependencies:
- git
- backups-provider
- systemd_notifier

View File

@ -1,2 +1,2 @@
dependencies:
- native-docker-reverse-proxy
- docker-reverse-proxy

View File

@ -7,7 +7,7 @@
vars:
client_max_body_size: "2M"
domain: "{{item}}"
template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{ item }}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{ item }}.conf
loop: "{{domains}}"
notify: restart nginx

View File

@ -1,2 +1,2 @@
dependencies:
- native-docker-reverse-proxy
- docker-reverse-proxy

Some files were not shown because too many files have changed in this diff Show More