Compare commits

..

6 Commits

49 changed files with 438 additions and 85 deletions

View File

@ -152,7 +152,7 @@ Focuses on web server roles and applications, covering SSL certificates, Nginx c
- **[Nginx-Https](./roles/nginx-https/)**: Enables HTTPS configuration for Nginx. - **[Nginx-Https](./roles/nginx-https/)**: Enables HTTPS configuration for Nginx.
- **[Nginx-Matomo-Tracking](./roles/nginx-matomo-tracking/)**: Integrates Matomo tracking with Nginx. - **[Nginx-Matomo-Tracking](./roles/nginx-matomo-tracking/)**: Integrates Matomo tracking with Nginx.
- **[Nginx-Redirect](./roles/nginx-domain-redirect/)**: Manages URL redirects in Nginx. - **[Nginx-Redirect](./roles/nginx-domain-redirect/)**: Manages URL redirects in Nginx.
- **[Certbot Nginx](./roles/certbot-nginx/)**: Integrates Certbot with Nginx for SSL certificates. - **[Certbot Nginx](./roles/nginx-certbot/)**: Integrates Certbot with Nginx for SSL certificates.
- **[Postfix](./roles/postfix/)**: Setup for the Postfix mail transfer agent. - **[Postfix](./roles/postfix/)**: Setup for the Postfix mail transfer agent.
#### Docker and Containerization #### Docker and Containerization

View File

@ -50,9 +50,10 @@ domain_mailu: "mail.{{top_domain}}"
domain_mastodon: "microblog.{{top_domain}}" domain_mastodon: "microblog.{{top_domain}}"
domains_mastodon_alternates: [] domains_mastodon_alternates: []
domain_matomo: "matomo.{{top_domain}}" domain_matomo: "matomo.{{top_domain}}"
domain_matrix: "chat.{{top_domain}}"
domain_mediawiki: "wiki.{{top_domain}}" domain_mediawiki: "wiki.{{top_domain}}"
domain_nextcloud: "cloud.{{top_domain}}" domain_nextcloud: "cloud.{{top_domain}}"
domain_pixelfed: "pictures.{{top_domain}}" domain_pixelfed: "pictures.{{top_domain}}"
domains_pixelfed: [] domains_pixelfed: []
domain_peertube: "videos.{{top_domain}}" domain_peertube: "videos.{{top_domain}}"
domains_peertube: [] domains_peertube: []
@ -73,6 +74,7 @@ redirect_domain_mappings:
- { source: "peertube.{{top_domain}}", target: "videos.{{top_domain}}" } - { source: "peertube.{{top_domain}}", target: "videos.{{top_domain}}" }
- { source: "funkwhale.{{top_domain}}", target: "music.{{top_domain}}" } - { source: "funkwhale.{{top_domain}}", target: "music.{{top_domain}}" }
- { source: "pixelfed.{{top_domain}}", target: "pictures.{{top_domain}}" } - { source: "pixelfed.{{top_domain}}", target: "pictures.{{top_domain}}" }
- { source: "matrix.{{top_domain}}", target: "chat.{{top_domain}}" }
nginx_configuration_directory: "/etc/nginx/conf.d/" nginx_configuration_directory: "/etc/nginx/conf.d/"
nginx_servers_directory: "{{nginx_configuration_directory}}servers/" nginx_servers_directory: "{{nginx_configuration_directory}}servers/"

View File

@ -200,6 +200,15 @@
domains: "{{domains_discourse}}" domains: "{{domains_discourse}}"
http_port: 8020 http_port: 8020
- name: setup matrix
hosts: matrix
become: true
roles:
- role: docker-matrix
vars:
domain: "{{domain_matrix}}"
http_port: 8021
- name: setup akaunting hosts - name: setup akaunting hosts
hosts: akaunting hosts: akaunting
become: true become: true

View File

@ -4,6 +4,7 @@
- lsof - lsof
- python-pandas - python-pandas
state: present state: present
when: run_once_backup_docker_to_local is not defined
- name: pull backup-docker-to-local.git - name: pull backup-docker-to-local.git
git: git:
@ -12,23 +13,26 @@
update: yes update: yes
register: git_result register: git_result
ignore_errors: true ignore_errors: true
when: run_once_backup_docker_to_local is not defined
- name: Warn if repo is not reachable - name: Warn if repo is not reachable
debug: debug:
msg: "Warning: Repository is not reachable." msg: "Warning: Repository is not reachable."
when: git_result.failed when: git_result is defined and git_result.failed is defined and run_once_cleanup_failed_docker_backups is not defined
- name: configure backup-docker-to-local.service - name: configure backup-docker-to-local.service
template: template:
src: backup-docker-to-local.service.j2 src: backup-docker-to-local.service.j2
dest: /etc/systemd/system/backup-docker-to-local.service dest: /etc/systemd/system/backup-docker-to-local.service
notify: reload backup-docker-to-local.service notify: reload backup-docker-to-local.service
when: run_once_backup_docker_to_local is not defined
- name: configure backup-docker-to-local.timer.tpl - name: configure backup-docker-to-local.timer.tpl
template: src=backup-docker-to-local.timer.j2 dest=/etc/systemd/system/backup-docker-to-local.timer template: src=backup-docker-to-local.timer.j2 dest=/etc/systemd/system/backup-docker-to-local.timer
register: backup_docker_to_local_timer register: backup_docker_to_local_timer
changed_when: backup_docker_to_local_timer.changed or activate_all_timers | default(false) | bool changed_when: backup_docker_to_local_timer.changed or activate_all_timers | default(false) | bool
notify: restart backup-docker-to-local.timer notify: restart backup-docker-to-local.timer
when: run_once_backup_docker_to_local is not defined
- name: create {{backup_docker_to_local_folder}}databases.csv - name: create {{backup_docker_to_local_folder}}databases.csv
copy: copy:
@ -36,3 +40,9 @@
dest: "{{backup_docker_to_local_folder}}databases.csv" dest: "{{backup_docker_to_local_folder}}databases.csv"
owner: root owner: root
group: root group: root
when: run_once_backup_docker_to_local is not defined
- name: run the backup_docker_to_local tasks once
set_fact:
run_once_backup_docker_to_local: true
when: run_once_backup_docker_to_local is not defined

View File

@ -2,6 +2,7 @@
user: user:
name: backup name: backup
create_home: yes create_home: yes
when: run_once_backups_provider_user is not defined
- name: create .ssh directory - name: create .ssh directory
file: file:
@ -10,6 +11,7 @@
owner: backup owner: backup
group: backup group: backup
mode: '0700' mode: '0700'
when: run_once_backups_provider_user is not defined
- name: create /home/backup/.ssh/authorized_keys - name: create /home/backup/.ssh/authorized_keys
template: template:
@ -18,6 +20,7 @@
owner: backup owner: backup
group: backup group: backup
mode: '0644' mode: '0644'
when: run_once_backups_provider_user is not defined
- name: create /home/backup/ssh-wrapper.sh - name: create /home/backup/ssh-wrapper.sh
copy: copy:
@ -26,6 +29,7 @@
owner: backup owner: backup
group: backup group: backup
mode: '0700' mode: '0700'
when: run_once_backups_provider_user is not defined
- name: grant backup sudo rights - name: grant backup sudo rights
copy: copy:
@ -35,3 +39,9 @@
owner: root owner: root
group: root group: root
notify: sshd restart notify: sshd restart
when: run_once_backups_provider_user is not defined
- name: run the backups_provider_user tasks once
set_fact:
run_once_backups_provider_user: true
when: run_once_backups_provider_user is not defined

View File

@ -4,20 +4,29 @@
- lsof - lsof
- python-psutil - python-psutil
state: present state: present
when: run_once_cleanup_backups_service is not defined
- name: "create {{docker_cleanup_backups}}" - name: "create {{docker_cleanup_backups}}"
file: file:
path: "{{docker_cleanup_backups}}" path: "{{docker_cleanup_backups}}"
state: directory state: directory
mode: 0755 mode: 0755
when: run_once_cleanup_backups_service is not defined
- name: create cleanup-backups.py - name: create cleanup-backups.py
copy: copy:
src: "cleanup-backups.py" src: "cleanup-backups.py"
dest: "{{docker_cleanup_backups}}cleanup-backups.py" dest: "{{docker_cleanup_backups}}cleanup-backups.py"
when: run_once_cleanup_backups_service is not defined
- name: create cleanup-backups.service - name: create cleanup-backups.service
template: template:
src: "cleanup-backups.service.j2" src: "cleanup-backups.service.j2"
dest: "/etc/systemd/system/cleanup-backups.service" dest: "/etc/systemd/system/cleanup-backups.service"
notify: reload cleanup-backups.service notify: reload cleanup-backups.service
when: run_once_cleanup_backups_service is not defined
- name: run the cleanup_backups_service tasks once
set_fact:
run_once_cleanup_backups_service: true
when: run_once_cleanup_backups_service is not defined

View File

@ -4,3 +4,9 @@
state: restarted state: restarted
enabled: yes enabled: yes
daemon_reload: yes daemon_reload: yes
when: run_once_cleanup_backup_timer is not defined
- name: run the cleanup_backup_timer tasks once
set_fact:
run_once_cleanup_backup_timer: true
when: run_once_cleanup_backup_timer is not defined

View File

@ -5,3 +5,9 @@
register: cleanup_backups_timer register: cleanup_backups_timer
changed_when: cleanup_backups_timer.changed or activate_all_timers | default(false) | bool changed_when: cleanup_backups_timer.changed or activate_all_timers | default(false) | bool
notify: restart cleanup-backups.timer notify: restart cleanup-backups.timer
when: run_once_cleanup_backups_timer is not defined
- name: run the cleanup_backups_timer tasks once
set_fact:
run_once_cleanup_backups_timer: true
when: run_once_cleanup_backups_timer is not defined

View File

@ -5,14 +5,21 @@
update: yes update: yes
register: git_result register: git_result
ignore_errors: true ignore_errors: true
when: run_once_cleanup_failed_docker_backups is not defined
- name: Warn if repo is not reachable - name: Warn if repo is not reachable
debug: debug:
msg: "Warning: Repository is not reachable." msg: "Warning: Repository is not reachable."
when: git_result.failed when: git_result is defined and git_result.failed is defined and run_once_cleanup_failed_docker_backups is not defined
- name: configure cleanup-failed-docker-backups.service - name: configure cleanup-failed-docker-backups.service
template: template:
src: cleanup-failed-docker-backups.service.j2 src: cleanup-failed-docker-backups.service.j2
dest: /etc/systemd/system/cleanup-failed-docker-backups.service dest: /etc/systemd/system/cleanup-failed-docker-backups.service
notify: reload cleanup-failed-docker-backups.service daemon notify: reload cleanup-failed-docker-backups.service daemon
when: run_once_cleanup_failed_docker_backups is not defined
- name: run the cleanup_failed_docker_backups tasks once
set_fact:
run_once_cleanup_failed_docker_backups: true
when: run_once_cleanup_failed_docker_backups is not defined

View File

@ -99,6 +99,16 @@ hooks:
cd: $home/plugins cd: $home/plugins
cmd: cmd:
- git clone https://github.com/discourse/docker_manager.git - git clone https://github.com/discourse/docker_manager.git
- git clone https://github.com/discourse/discourse-activity-pub.git
- git clone https://github.com/discourse/discourse-calendar.git
- git clone https://github.com/discourse/discourse-akismet.git
- git clone https://github.com/discourse/discourse-cakeday.git
- git clone https://github.com/discourse/discourse-solved.git
- git clone https://github.com/discourse/discourse-voting.git
- git clone https://github.com/gdpelican/retort.git
- git clone https://github.com/discourse/discourse-oauth2-basic.git
- git clone https://github.com/discourse/discourse-openid-connect.git
- git clone https://github.com/jonmbake/discourse-ldap-auth
## Any custom commands to run after building ## Any custom commands to run after building
run: run:

View File

@ -6,7 +6,7 @@ services:
env_file: .env env_file: .env
environment: environment:
- "POSTGRES_HOST_AUTH_METHOD=trust" - "POSTGRES_HOST_AUTH_METHOD=trust"
image: postgres:15-alpine image: postgres:alpine
volumes: volumes:
- database:/var/lib/postgresql/data - database:/var/lib/postgresql/data

View File

@ -1,7 +1,3 @@
# NOTE: This docker-compose.yml is meant to be just an example guideline
# on how you can achieve the same. It is not intented to run out of the box
# and you must edit the below configurations to suit your needs.
version: "3.7" version: "3.7"
x-application-defaults: &application-defaults x-application-defaults: &application-defaults
@ -15,7 +11,7 @@ x-application-defaults: &application-defaults
- TZ=Etc/UTC - TZ=Etc/UTC
x-database-defaults: &database-defaults x-database-defaults: &database-defaults
image: postgres:13-alpine image: postgres:alpine
ports: ports:
- "9432:5432" - "9432:5432"
networks: networks:

View File

@ -2,7 +2,7 @@ version: '3'
services: services:
database: database:
restart: always restart: always
image: postgres:14-alpine image: postgres:alpine
shm_size: 256mb shm_size: 256mb
networks: networks:
- internal_network - internal_network

View File

View File

@ -0,0 +1,8 @@
---
- name: recreate matrix
command:
cmd: docker-compose up -d --force-recreate
chdir: "{{docker_compose_instance_directory}}"
environment:
COMPOSE_HTTP_TIMEOUT: 600
DOCKER_CLIENT_TIMEOUT: 600

View File

@ -0,0 +1,2 @@
dependencies:
- nginx-docker-reverse-proxy

View File

@ -0,0 +1,33 @@
---
- name: "include tasks nginx-docker-proxy-domain.yml"
include_tasks: nginx-docker-proxy-domain.yml
- name: "create {{docker_compose_instance_directory}}"
file:
path: "{{docker_compose_instance_directory}}"
state: directory
mode: 0755
- name: add homeserver.yaml
template:
src: "homeserver.yaml.j2"
dest: "{{docker_compose_instance_directory}}homeserver.yaml"
notify: recreate matrix
- name: add log.config
template:
src: "log.config.j2"
dest: "{{docker_compose_instance_directory}}{{domain}}.log.config"
notify: recreate matrix
# https://github.com/matrix-org/synapse/issues/6303
- name: set correct folder permissions
command:
cmd: "docker run --rm --mount type=volume,src=matrix_data,dst=/data -e SYNAPSE_SERVER_NAME={{domain}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'"
chdir: "{{path_docker_compose_instances}}baserow/"
- name: add docker-compose.yml
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose_instance_directory}}docker-compose.yml"
notify: recreate matrix

View File

@ -0,0 +1,45 @@
version: '3.1'
services:
application:
image: matrixdotorg/synapse:latest
restart: unless-stopped
logging:
driver: journald
volumes:
- data:/data
- ./homeserver.yaml:/data/homeserver.yaml:ro
- ./{{domain}}.log.config:/data/{{domain}}.log.config:ro
environment:
- SYNAPSE_SERVER_NAME={{domain}}
- SYNAPSE_REPORT_STATS=no
ports:
- "127.0.0.1:{{http_port}}:8008"
depends_on:
- database
database:
logging:
driver: journald
image: postgres:alpine
restart: unless-stopped
volumes:
- database:/var/lib/postgresql/data
environment:
- POSTGRES_DB=matrix
- POSTGRES_USER=matrix
- POSTGRES_PASSWORD={{matrix_database_password}}
- POSTGRES_INITDB_ARGS='--encoding=UTF-8 --lc-collate=C --lc-ctype=C'
healthcheck:
test: ["CMD-SHELL", "pg_isready -U matrix"]
interval: 10s
timeout: 5s
retries: 6
volumes:
database:
data:
networks:
default:
driver: bridge

View File

@ -0,0 +1,28 @@
server_name: "{{domain}}"
pid_file: /data/homeserver.pid
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
resources:
- names: [client, federation]
compress: false
database:
name: psycopg2
args:
user: matrix
password: {{matrix_database_password}}
database: matrix
host: database
cp_min: 5
cp_max: 10
log_config: "/data/{{domain}}.log.config"
media_store_path: /data/media_store
registration_shared_secret: "{{matrix_registration_shared_secret}}"
report_stats: true
macaroon_secret_key: "{{matrix_macaroon_secret_key}}"
form_secret: "{{matrix_form_secret}}"
signing_key_path: "/data/{{domain}}.signing.key"
trusted_key_servers:
- server_name: "matrix.org"

View File

@ -0,0 +1,25 @@
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
handlers:
file:
class: logging.handlers.RotatingFileHandler
formatter: precise
filename: /data/{{ domain }}.homeserver.log
maxBytes: 10485760
backupCount: 3
console:
class: logging.StreamHandler
formatter: precise
loggers:
synapse:
level: INFO
handlers: [file, console]
root:
level: INFO
handlers: [file, console]

View File

@ -0,0 +1,2 @@
---
docker_compose_instance_directory: "{{path_docker_compose_instances}}matrix/"

View File

@ -34,10 +34,15 @@ services:
POSTGRES_DB: mybb POSTGRES_DB: mybb
POSTGRES_PASSWORD: "{{mybb_database_password}}" POSTGRES_PASSWORD: "{{mybb_database_password}}"
POSTGRES_USER: mybb POSTGRES_USER: mybb
image: postgres:14-alpine image: postgres:alpine
volumes: volumes:
- database:/var/lib/postgresql/data:rw - database:/var/lib/postgresql/data:rw
restart: always restart: always
healthcheck:
test: ["CMD-SHELL", "pg_isready -U mybb"]
interval: 10s
timeout: 5s
retries: 6
volumes: volumes:
database: database:
data: data:

View File

@ -17,14 +17,19 @@ services:
- redis - redis
restart: "always" restart: "always"
database: database:
image: postgres:13-alpine image: postgres:alpine
env_file: env_file:
- .env - .env
volumes: volumes:
- database:/var/lib/postgresql/data - database:/var/lib/postgresql/data
restart: "always" restart: "always"
healthcheck:
test: ["CMD-SHELL", "pg_isready -U peertube"]
interval: 10s
timeout: 5s
retries: 6
redis: redis:
image: redis:6-alpine image: redis:alpine
volumes: volumes:
- redis:/data - redis:/data
restart: "always" restart: "always"

View File

@ -5,6 +5,7 @@
name: ['docker','docker-compose'] name: ['docker','docker-compose']
state: present state: present
notify: docker restart notify: docker restart
when: run_once_docker is not defined
- name: "create {{path_docker_compose_instances}}" - name: "create {{path_docker_compose_instances}}"
file: file:
@ -13,6 +14,7 @@
mode: 0700 mode: 0700
owner: administrator owner: administrator
group: administrator group: administrator
when: run_once_docker is not defined
- name: "create {{path_docker_volumes}}" - name: "create {{path_docker_volumes}}"
file: file:
@ -21,6 +23,13 @@
mode: 0700 mode: 0700
owner: administrator owner: administrator
group: administrator group: administrator
when: run_once_docker is not defined
- name: flush docker service - name: flush docker service
meta: flush_handlers meta: flush_handlers
when: run_once_docker is not defined
- name: run the docker tasks once
set_fact:
run_once_docker: true
when: run_once_docker is not defined

View File

@ -1,2 +1,8 @@
- name: install git - name: install git
pacman: name=git state=present pacman: name=git state=present
when: run_once_git is not defined
- name: run the git tasks once
set_fact:
run_once_git: true
when: run_once_git is not defined

View File

@ -3,17 +3,20 @@
path: "{{heal_docker}}" path: "{{heal_docker}}"
state: directory state: directory
mode: 0755 mode: 0755
when: run_once_heal_docker is not defined
- name: create heal-docker.py - name: create heal-docker.py
copy: copy:
src: heal-docker.py src: heal-docker.py
dest: "{{heal_docker}}heal-docker.py" dest: "{{heal_docker}}heal-docker.py"
when: run_once_heal_docker is not defined
- name: create heal-docker.service - name: create heal-docker.service
template: template:
src: heal-docker.service.j2 src: heal-docker.service.j2
dest: /etc/systemd/system/heal-docker.service dest: /etc/systemd/system/heal-docker.service
notify: reload heal-docker.service notify: reload heal-docker.service
when: run_once_heal_docker is not defined
- name: create heal-docker.timer - name: create heal-docker.timer
template: template:
@ -22,3 +25,9 @@
register: heal_docker_timer register: heal_docker_timer
changed_when: heal_docker_timer.changed or activate_all_timers | default(false) | bool changed_when: heal_docker_timer.changed or activate_all_timers | default(false) | bool
notify: restart heal-docker.timer notify: restart heal-docker.timer
when: run_once_heal_docker is not defined
- name: run the heal_docker tasks once
set_fact:
run_once_heal_docker: true
when: run_once_heal_docker is not defined

View File

@ -3,15 +3,18 @@
path: "{{health_docker_container_folder}}" path: "{{health_docker_container_folder}}"
state: directory state: directory
mode: 0755 mode: 0755
when: run_once_health_docker_container is not defined
- name: create health-docker-container.sh - name: create health-docker-container.sh
copy: copy:
src: health-docker-container.sh src: health-docker-container.sh
dest: "{{health_docker_container_folder}}health-docker-container.sh" dest: "{{health_docker_container_folder}}health-docker-container.sh"
when: run_once_health_docker_container is not defined
- name: create health-docker-container.service - name: create health-docker-container.service
template: src=health-docker-container.service.j2 dest=/etc/systemd/system/health-docker-container.service template: src=health-docker-container.service.j2 dest=/etc/systemd/system/health-docker-container.service
notify: reload health-docker-container.service notify: reload health-docker-container.service
when: run_once_health_docker_container is not defined
- name: create health-docker-container.timer - name: create health-docker-container.timer
template: template:
@ -20,3 +23,9 @@
register: health_docker_container_timer register: health_docker_container_timer
changed_when: health_docker_container_timer.changed or activate_all_timers | default(false) | bool changed_when: health_docker_container_timer.changed or activate_all_timers | default(false) | bool
notify: restart health-docker-container.timer notify: restart health-docker-container.timer
when: run_once_health_docker_container is not defined
- name: run the health_docker_container tasks once
set_fact:
run_once_health_docker_container: true
when: run_once_health_docker_container is not defined

View File

@ -3,15 +3,18 @@
path: "{{health_docker_volumes_folder}}" path: "{{health_docker_volumes_folder}}"
state: directory state: directory
mode: 0755 mode: 0755
when: run_once_health_docker_volumes is not defined
- name: create health-docker-volumes.sh - name: create health-docker-volumes.sh
copy: copy:
src: health-docker-volumes.sh src: health-docker-volumes.sh
dest: "{{health_docker_volumes_folder}}health-docker-volumes.sh" dest: "{{health_docker_volumes_folder}}health-docker-volumes.sh"
when: run_once_health_docker_volumes is not defined
- name: create health-docker-volumes.service - name: create health-docker-volumes.service
template: src=health-docker-volumes.service.j2 dest=/etc/systemd/system/health-docker-volumes.service template: src=health-docker-volumes.service.j2 dest=/etc/systemd/system/health-docker-volumes.service
notify: reload health-docker-volumes.service notify: reload health-docker-volumes.service
when: run_once_health_docker_volumes is not defined
- name: create health-docker-volumes.timer - name: create health-docker-volumes.timer
template: template:
@ -20,3 +23,9 @@
register: health_docker_volumes_timer register: health_docker_volumes_timer
changed_when: health_docker_volumes_timer.changed or activate_all_timers | default(false) | bool changed_when: health_docker_volumes_timer.changed or activate_all_timers | default(false) | bool
notify: restart health-docker-volumes.timer notify: restart health-docker-volumes.timer
when: run_once_health_docker_volumes is not defined
- name: run the health_docker_volumes tasks once
set_fact:
run_once_health_docker_volumes: true
when: run_once_health_docker_volumes is not defined

View File

@ -1,58 +0,0 @@
import os
import requests
import sys
import re
# Set up argument parser
parser = argparse.ArgumentParser(description='Check if domains of nginx configuration files respond with the correct status code.')
parser.add_argument('config_path', help='Path to the nginx configuration directory')
args = parser.parse_args()
# Use the provided argument for the config path
config_path = args.config_path
# Initialize the error counter
error_counter = 0
# Regex pattern to match domain.tld or subdomain.domain.tld
pattern = re.compile(r"^(?:[\w-]+\.)?[\w-]+\.[\w-]+\.conf$")
# Iterate over each file in the configuration directory
for filename in os.listdir(config_path):
if filename.endswith('.conf') and pattern.match(filename):
# Extract the domain and subdomain from the filename
name = filename.replace('.conf', '')
parts = name.split('.')
# Prepare the URL and expected status codes
url = f"https://{name}"
# Default: Expect status code 200 for a domain
expected_statuses = [200]
# Determine expected status codes based on subdomain
if len(parts) == 3:
if parts[0] == 'listmonk':
expected_statuses = [401]
elif parts[0] == 'www':
expected_statuses = [200,301]
elif parts[0] == 's':
expected_statuses = [403]
try:
# Send a HEAD request to get only the response header
response = requests.head(url, allow_redirects=True)
# Check if the status code matches the expected statuses
if response.status_code in expected_statuses:
print(f"{name}: ok")
else:
print(f"{name}: error")
error_counter += 1
except requests.RequestException as e:
# Handle exceptions for requests like connection errors
print(f"{name}: error due to {e}")
error_counter += 1
# Exit the script with the number of errors as the exit code
sys.exit(error_counter)

View File

@ -2,23 +2,27 @@
pacman: pacman:
name: python-requests name: python-requests
state: present state: present
when: run_once_health_nginx is not defined
- name: "create {{ health_nginx_folder }}" - name: "create {{ health_nginx_folder }}"
file: file:
path: "{{ health_nginx_folder }}" path: "{{ health_nginx_folder }}"
state: directory state: directory
mode: 0755 mode: 0755
when: run_once_health_nginx is not defined
- name: create health-nginx.py - name: create health-nginx.py
copy: template:
src: health-nginx.py src: health-nginx.py.j2
dest: "{{ health_nginx_folder }}health-nginx.py" dest: "{{ health_nginx_folder }}health-nginx.py"
when: run_once_health_nginx is not defined
- name: create health-nginx.service - name: create health-nginx.service
template: template:
src: health-nginx.service.j2 src: health-nginx.service.j2
dest: /etc/systemd/system/health-nginx.service dest: /etc/systemd/system/health-nginx.service
notify: reload health-nginx.service notify: reload health-nginx.service
when: run_once_health_nginx is not defined
- name: create health-nginx.timer - name: create health-nginx.timer
template: template:
@ -27,3 +31,10 @@
register: health_nginx_timer register: health_nginx_timer
changed_when: health_nginx_timer.changed or activate_all_timers | default(false) | bool changed_when: health_nginx_timer.changed or activate_all_timers | default(false) | bool
notify: restart health-nginx.timer notify: restart health-nginx.timer
when: run_once_health_nginx is not defined
- name: run the health_nginx tasks once
set_fact:
run_once_health_nginx: true
when: run_once_health_nginx is not defined

View File

@ -0,0 +1,60 @@
import os
import requests
import sys
import re
# file in which fqdn server configs are deposit
config_path = '{{nginx_servers_directory}}'
# Initialize the error counter
error_counter = 0
# Regex pattern to match domain.tld or *.domain.tld
pattern = re.compile(r"^(?:[\w-]+\.)*[\w-]+\.[\w-]+\.conf$")
# Iterate over each file in the configuration directory
for filename in os.listdir(config_path):
if filename.endswith('.conf') and pattern.match(filename):
# Extract the domain and subdomain from the filename
domain = filename.replace('.conf', '')
parts = domain.split('.')
# Prepare the URL and expected status codes
url = f"https://{domain}"
# Default: Expect status code 200 or 302 for a domain
expected_statuses = [200,302]
redirected_domains = [domain['source'] for domain in {{redirect_domain_mappings}}]
redirected_domains.append("{{domain_mailu}}")
# Determine expected status codes based on the domain
if domain == '{{domain_listmonk}}':
expected_statuses = [401]
{% if nginx_matomo_tracking | bool %}
elif parts[0] == 'www' or domain in redirected_domains:
expected_statuses = [301]
{% endif %}
elif domain == '{{domain_yourls}}':
expected_statuses = [403]
try:
# Send a HEAD request to get only the response header
response = requests.head(url)
# Check if the status code matches the expected statuses
if response.status_code in expected_statuses:
print(f"{domain}: OK")
else:
print(f"{domain}: ERROR: Expected {expected_statuses}. Got {response.status_code}.")
error_counter += 1
except requests.RequestException as e:
# Handle exceptions for requests like connection errors
print(f"{domain}: error due to {e}")
error_counter += 1
if error_counter > 0:
print(f"Warning: {error_counter} domains responded with an unexpected https status code.")
# Exit the script with the number of errors as the exit code
sys.exit(error_counter)

View File

@ -4,4 +4,4 @@ OnFailure=systemd-notifier@%n.service
[Service] [Service]
Type=oneshot Type=oneshot
ExecStart=/usr/bin/python3 {{ health_nginx_folder }}health-nginx.py {{nginx_servers_directory}} ExecStart=/usr/bin/python3 {{ health_nginx_folder }}health-nginx.py

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- certbot-nginx - nginx-certbot

View File

@ -1,6 +1,13 @@
- name: create nginx letsencrypt config file - name: create nginx letsencrypt config file
template: src=letsencrypt.conf.j2 dest={{nginx_servers_directory}}letsencrypt.conf template: src=letsencrypt.conf.j2 dest={{nginx_servers_directory}}letsencrypt.conf
notify: restart nginx notify: restart nginx
when: run_once_letsencrypt is not defined
- name: flush nginx service - name: flush nginx service
meta: flush_handlers meta: flush_handlers
when: run_once_letsencrypt is not defined
- name: run the letsencrypt logic just once
set_fact:
run_once_letsencrypt: true
when: run_once_letsencrypt is not defined

View File

@ -2,12 +2,14 @@
pacman: pacman:
name: [certbot,certbot-nginx] name: [certbot,certbot-nginx]
state: present state: present
when: run_once_nginx_certbot is not defined
- name: configure certbot.service.tpl - name: configure certbot.service.tpl
template: template:
src: certbot.service.j2 src: certbot.service.j2
dest: /etc/systemd/system/certbot.service dest: /etc/systemd/system/certbot.service
notify: reload certbot service notify: reload certbot service
when: run_once_nginx_certbot is not defined
- name: configure certbot.timer.tpl - name: configure certbot.timer.tpl
template: template:
@ -16,3 +18,9 @@
register: certbot_timer register: certbot_timer
changed_when: certbot_timer.changed or activate_all_timers | default(false) | bool changed_when: certbot_timer.changed or activate_all_timers | default(false) | bool
notify: restart certbot timer notify: restart certbot timer
when: run_once_nginx_certbot is not defined
- name: run the nginx_certbot tasks once
set_fact:
run_once_nginx_certbot: true
when: run_once_nginx_certbot is not defined

View File

@ -7,20 +7,17 @@
- name: Filter domain names and remove .conf extension and path - name: Filter domain names and remove .conf extension and path
set_fact: set_fact:
filtered_domains: "{{ conf_files.files | map(attribute='path') | map('regex_search', domain_regex) | select('string') | map('regex_replace', '^{{nginx_servers_directory}}', '') | map('regex_replace', '.conf$', '') | list }}" filtered_domains: "{{ conf_files.files | map(attribute='path') | map('regex_search', domain_regex) | select('string') | map('regex_replace', path_regex, '') | map('regex_replace', '.conf$', '') | list }}"
vars: vars:
domain_regex: '^{{nginx_servers_directory}}(?!www\.)[^/]+\.conf$' domain_regex: "^{{ nginx_servers_directory }}(?!www\\.)[^/]+\\.conf$"
path_regex: "^{{ nginx_servers_directory }}"
- name: The domains for which a www. redirect will be implemented - name: The domains for which a www. redirect will be implemented
debug: debug:
var: filtered_domains var: filtered_domains
- name: Prepare redirect domain mappings
set_fact:
redirect_domain_mappings: "{{ filtered_domains | map('regex_replace', '^(.*)$', '{ source: \"www.\\1\", target: \"\\1\" }') | map('from_yaml') | list }}"
- name: Include nginx-domain-redirect role with dynamic domain mappings - name: Include nginx-domain-redirect role with dynamic domain mappings
include_role: include_role:
name: nginx-domain-redirect name: nginx-domain-redirect
vars: vars:
domain_mappings: "{{ redirect_domain_mappings }}" domain_mappings: "{{ filtered_domains | map('regex_replace', '^(.*)$', '{ source: \"www.\\1\", target: \"\\1\" }') | map('from_yaml') | list }}"

View File

@ -2,6 +2,7 @@
- name: install nginx - name: install nginx
pacman: name=nginx state=present pacman: name=nginx state=present
notify: restart nginx notify: restart nginx
when: run_once_nginx is not defined
- name: Ensure nginx configuration directories are present - name: Ensure nginx configuration directories are present
file: file:
@ -12,10 +13,18 @@
- "{{nginx_servers_directory}}" - "{{nginx_servers_directory}}"
- "{{nginx_maps_directory}}" - "{{nginx_maps_directory}}"
- "{{nginx_upstreams_directory}}" - "{{nginx_upstreams_directory}}"
when: run_once_nginx is not defined
- name: create nginx config file - name: create nginx config file
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
notify: restart nginx notify: restart nginx
when: run_once_nginx is not defined
- name: flush nginx service - name: flush nginx service
meta: flush_handlers meta: flush_handlers
when: run_once_nginx is not defined
- name: run the nginx tasks once
set_fact:
run_once_nginx: true
when: run_once_nginx is not defined

View File

@ -3,3 +3,9 @@
pacman: pacman:
name: python-pip name: python-pip
state: present state: present
when: run_once_python_pip is not defined
- name: run the python_pip tasks once
set_fact:
run_once_python_pip: true
when: run_once_python_pip is not defined

View File

@ -6,3 +6,9 @@
group: root group: root
mode: '0644' mode: '0644'
notify: sshd restart notify: sshd restart
when: run_once_sshd is not defined
- name: run the sshd tasks once
set_fact:
run_once_sshd: true
when: run_once_sshd is not defined

View File

@ -2,3 +2,9 @@
package: package:
name: sudo name: sudo
state: present state: present
when: run_once_sudo is not defined
- name: run the sudo tasks once
set_fact:
run_once_sudo: true
when: run_once_sudo is not defined

View File

@ -1,18 +1,28 @@
- name: install smtp-forwarder - name: install smtp-forwarder
pacman: name=smtp-forwarder state=present pacman: name=smtp-forwarder state=present
when: run_once_systemd_notifier_email is not defined
- name: configure msmtprc.conf.j2 - name: configure msmtprc.conf.j2
template: src=msmtprc.conf.j2 dest=/root/.msmtprc template: src=msmtprc.conf.j2 dest=/root/.msmtprc
when: run_once_systemd_notifier_email is not defined
- name: "create {{systemd_notifier_email_folder}}" - name: "create {{systemd_notifier_email_folder}}"
file: file:
path: "{{systemd_notifier_email_folder}}" path: "{{systemd_notifier_email_folder}}"
state: directory state: directory
mode: 0755 mode: 0755
when: run_once_systemd_notifier_email is not defined
- name: configure systemd-notifier-email.sh - name: configure systemd-notifier-email.sh
template: src=systemd-notifier-email.sh.j2 dest={{systemd_notifier_email_folder}}systemd-notifier-email.sh template: src=systemd-notifier-email.sh.j2 dest={{systemd_notifier_email_folder}}systemd-notifier-email.sh
when: run_once_systemd_notifier_email is not defined
- name: configure systemd-notifier-email.service - name: configure systemd-notifier-email.service
template: src=systemd-notifier-email@.service.j2 dest=/etc/systemd/system/systemd-notifier-email@.service template: src=systemd-notifier-email@.service.j2 dest=/etc/systemd/system/systemd-notifier-email@.service
notify: restart systemd-notifier-email service notify: restart systemd-notifier-email service
when: run_once_systemd_notifier_email is not defined
- name: run the systemd_notifier_email tasks once
set_fact:
run_once_systemd_notifier_email: true
when: run_once_systemd_notifier_email is not defined

View File

@ -2,20 +2,29 @@
pacman: pacman:
name: curl name: curl
state: present state: present
when: run_once_systemd_notifier_telegram is not defined
- name: Create a directory with a subdirectory - name: Create a directory with a subdirectory
ansible.builtin.file: ansible.builtin.file:
path: "{{systemd_telegram_folder}}" path: "{{systemd_telegram_folder}}"
state: directory state: directory
mode: '0755' mode: '0755'
when: run_once_systemd_notifier_telegram is not defined
- name: configure systemd-notifier-telegram.sh - name: configure systemd-notifier-telegram.sh
template: template:
src: systemd-notifier-telegram.sh.j2 src: systemd-notifier-telegram.sh.j2
dest: "{{ systemd_telegram_script }}" dest: "{{ systemd_telegram_script }}"
when: run_once_systemd_notifier_telegram is not defined
- name: configure systemd-notifier-telegram.service - name: configure systemd-notifier-telegram.service
template: template:
src: systemd-notifier-telegram@.service.j2 src: systemd-notifier-telegram@.service.j2
dest: "/etc/systemd/system/systemd-notifier-telegram@.service" dest: "/etc/systemd/system/systemd-notifier-telegram@.service"
notify: "restart systemd-notifier-telegram service" notify: "restart systemd-notifier-telegram service"
when: run_once_systemd_notifier_telegram is not defined
- name: run the systemd_notifier_telegram tasks once
set_fact:
run_once_systemd_notifier_telegram: true
when: run_once_systemd_notifier_telegram is not defined

View File

@ -2,3 +2,9 @@
systemd: systemd:
name: systemd-notifier.service name: systemd-notifier.service
daemon_reload: yes daemon_reload: yes
when: run_once_systemd_notifier_service is not defined
- name: run the systemd_notifier_service tasks once
set_fact:
run_once_systemd_notifier_service: true
when: run_once_systemd_notifier_service is not defined

View File

@ -4,3 +4,9 @@
src: systemd-notifier@.service.j2 src: systemd-notifier@.service.j2
dest: "/etc/systemd/system/systemd-notifier@.service" dest: "/etc/systemd/system/systemd-notifier@.service"
notify: "restart systemd-notifier service" notify: "restart systemd-notifier service"
when: run_once_systemd_notifier_service is not defined
- name: run the systemd_notifier_service tasks once
set_fact:
run_once_systemd_notifier_service: true
when: run_once_systemd_notifier_service is not defined

View File

@ -7,6 +7,7 @@
generate_ssh_key: yes generate_ssh_key: yes
ssh_key_type: rsa ssh_key_type: rsa
ssh_key_bits: 8192 ssh_key_bits: 8192
when: run_once_user_administrator is not defined
- name: "create {{path_administrator_scripts}}" - name: "create {{path_administrator_scripts}}"
file: file:
@ -15,6 +16,7 @@
owner: administrator owner: administrator
group: administrator group: administrator
mode: 0700 mode: 0700
when: run_once_user_administrator is not defined
- name: create {{path_administrator_home}}.ssh/authorized_keys - name: create {{path_administrator_home}}.ssh/authorized_keys
copy: copy:
@ -23,6 +25,7 @@
owner: administrator owner: administrator
group: administrator group: administrator
mode: '0644' mode: '0644'
when: run_once_user_administrator is not defined
- name: grant administrator sudo rights with password - name: grant administrator sudo rights with password
copy: copy:
@ -32,6 +35,7 @@
owner: root owner: root
group: root group: root
notify: sshd restart notify: sshd restart
when: run_once_user_administrator is not defined
- name: "create {{path_administrator_home}}volumes/" - name: "create {{path_administrator_home}}volumes/"
file: file:
@ -40,3 +44,9 @@
owner: administrator owner: administrator
group: administrator group: administrator
mode: 0700 mode: 0700
when: run_once_user_administrator is not defined
- name: run the user_administrator tasks once
set_fact:
run_once_user_administrator: true
when: run_once_user_administrator is not defined