mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2024-11-25 22:21:04 +01:00
Compare commits
6 Commits
a78af5032e
...
db6da43fc6
Author | SHA1 | Date | |
---|---|---|---|
db6da43fc6 | |||
b5db93f390 | |||
0b3cce900e | |||
4d3a6128c9 | |||
ca96808208 | |||
28b9e741e4 |
@ -152,7 +152,7 @@ Focuses on web server roles and applications, covering SSL certificates, Nginx c
|
|||||||
- **[Nginx-Https](./roles/nginx-https/)**: Enables HTTPS configuration for Nginx.
|
- **[Nginx-Https](./roles/nginx-https/)**: Enables HTTPS configuration for Nginx.
|
||||||
- **[Nginx-Matomo-Tracking](./roles/nginx-matomo-tracking/)**: Integrates Matomo tracking with Nginx.
|
- **[Nginx-Matomo-Tracking](./roles/nginx-matomo-tracking/)**: Integrates Matomo tracking with Nginx.
|
||||||
- **[Nginx-Redirect](./roles/nginx-domain-redirect/)**: Manages URL redirects in Nginx.
|
- **[Nginx-Redirect](./roles/nginx-domain-redirect/)**: Manages URL redirects in Nginx.
|
||||||
- **[Certbot Nginx](./roles/certbot-nginx/)**: Integrates Certbot with Nginx for SSL certificates.
|
- **[Certbot Nginx](./roles/nginx-certbot/)**: Integrates Certbot with Nginx for SSL certificates.
|
||||||
- **[Postfix](./roles/postfix/)**: Setup for the Postfix mail transfer agent.
|
- **[Postfix](./roles/postfix/)**: Setup for the Postfix mail transfer agent.
|
||||||
|
|
||||||
#### Docker and Containerization
|
#### Docker and Containerization
|
||||||
|
@ -50,9 +50,10 @@ domain_mailu: "mail.{{top_domain}}"
|
|||||||
domain_mastodon: "microblog.{{top_domain}}"
|
domain_mastodon: "microblog.{{top_domain}}"
|
||||||
domains_mastodon_alternates: []
|
domains_mastodon_alternates: []
|
||||||
domain_matomo: "matomo.{{top_domain}}"
|
domain_matomo: "matomo.{{top_domain}}"
|
||||||
|
domain_matrix: "chat.{{top_domain}}"
|
||||||
domain_mediawiki: "wiki.{{top_domain}}"
|
domain_mediawiki: "wiki.{{top_domain}}"
|
||||||
domain_nextcloud: "cloud.{{top_domain}}"
|
domain_nextcloud: "cloud.{{top_domain}}"
|
||||||
domain_pixelfed: "pictures.{{top_domain}}"
|
domain_pixelfed: "pictures.{{top_domain}}"
|
||||||
domains_pixelfed: []
|
domains_pixelfed: []
|
||||||
domain_peertube: "videos.{{top_domain}}"
|
domain_peertube: "videos.{{top_domain}}"
|
||||||
domains_peertube: []
|
domains_peertube: []
|
||||||
@ -73,6 +74,7 @@ redirect_domain_mappings:
|
|||||||
- { source: "peertube.{{top_domain}}", target: "videos.{{top_domain}}" }
|
- { source: "peertube.{{top_domain}}", target: "videos.{{top_domain}}" }
|
||||||
- { source: "funkwhale.{{top_domain}}", target: "music.{{top_domain}}" }
|
- { source: "funkwhale.{{top_domain}}", target: "music.{{top_domain}}" }
|
||||||
- { source: "pixelfed.{{top_domain}}", target: "pictures.{{top_domain}}" }
|
- { source: "pixelfed.{{top_domain}}", target: "pictures.{{top_domain}}" }
|
||||||
|
- { source: "matrix.{{top_domain}}", target: "chat.{{top_domain}}" }
|
||||||
|
|
||||||
nginx_configuration_directory: "/etc/nginx/conf.d/"
|
nginx_configuration_directory: "/etc/nginx/conf.d/"
|
||||||
nginx_servers_directory: "{{nginx_configuration_directory}}servers/"
|
nginx_servers_directory: "{{nginx_configuration_directory}}servers/"
|
||||||
|
@ -200,6 +200,15 @@
|
|||||||
domains: "{{domains_discourse}}"
|
domains: "{{domains_discourse}}"
|
||||||
http_port: 8020
|
http_port: 8020
|
||||||
|
|
||||||
|
- name: setup matrix
|
||||||
|
hosts: matrix
|
||||||
|
become: true
|
||||||
|
roles:
|
||||||
|
- role: docker-matrix
|
||||||
|
vars:
|
||||||
|
domain: "{{domain_matrix}}"
|
||||||
|
http_port: 8021
|
||||||
|
|
||||||
- name: setup akaunting hosts
|
- name: setup akaunting hosts
|
||||||
hosts: akaunting
|
hosts: akaunting
|
||||||
become: true
|
become: true
|
||||||
|
@ -4,6 +4,7 @@
|
|||||||
- lsof
|
- lsof
|
||||||
- python-pandas
|
- python-pandas
|
||||||
state: present
|
state: present
|
||||||
|
when: run_once_backup_docker_to_local is not defined
|
||||||
|
|
||||||
- name: pull backup-docker-to-local.git
|
- name: pull backup-docker-to-local.git
|
||||||
git:
|
git:
|
||||||
@ -12,23 +13,26 @@
|
|||||||
update: yes
|
update: yes
|
||||||
register: git_result
|
register: git_result
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
when: run_once_backup_docker_to_local is not defined
|
||||||
|
|
||||||
- name: Warn if repo is not reachable
|
- name: Warn if repo is not reachable
|
||||||
debug:
|
debug:
|
||||||
msg: "Warning: Repository is not reachable."
|
msg: "Warning: Repository is not reachable."
|
||||||
when: git_result.failed
|
when: git_result is defined and git_result.failed is defined and run_once_cleanup_failed_docker_backups is not defined
|
||||||
|
|
||||||
- name: configure backup-docker-to-local.service
|
- name: configure backup-docker-to-local.service
|
||||||
template:
|
template:
|
||||||
src: backup-docker-to-local.service.j2
|
src: backup-docker-to-local.service.j2
|
||||||
dest: /etc/systemd/system/backup-docker-to-local.service
|
dest: /etc/systemd/system/backup-docker-to-local.service
|
||||||
notify: reload backup-docker-to-local.service
|
notify: reload backup-docker-to-local.service
|
||||||
|
when: run_once_backup_docker_to_local is not defined
|
||||||
|
|
||||||
- name: configure backup-docker-to-local.timer.tpl
|
- name: configure backup-docker-to-local.timer.tpl
|
||||||
template: src=backup-docker-to-local.timer.j2 dest=/etc/systemd/system/backup-docker-to-local.timer
|
template: src=backup-docker-to-local.timer.j2 dest=/etc/systemd/system/backup-docker-to-local.timer
|
||||||
register: backup_docker_to_local_timer
|
register: backup_docker_to_local_timer
|
||||||
changed_when: backup_docker_to_local_timer.changed or activate_all_timers | default(false) | bool
|
changed_when: backup_docker_to_local_timer.changed or activate_all_timers | default(false) | bool
|
||||||
notify: restart backup-docker-to-local.timer
|
notify: restart backup-docker-to-local.timer
|
||||||
|
when: run_once_backup_docker_to_local is not defined
|
||||||
|
|
||||||
- name: create {{backup_docker_to_local_folder}}databases.csv
|
- name: create {{backup_docker_to_local_folder}}databases.csv
|
||||||
copy:
|
copy:
|
||||||
@ -36,3 +40,9 @@
|
|||||||
dest: "{{backup_docker_to_local_folder}}databases.csv"
|
dest: "{{backup_docker_to_local_folder}}databases.csv"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
when: run_once_backup_docker_to_local is not defined
|
||||||
|
|
||||||
|
- name: run the backup_docker_to_local tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_backup_docker_to_local: true
|
||||||
|
when: run_once_backup_docker_to_local is not defined
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
user:
|
user:
|
||||||
name: backup
|
name: backup
|
||||||
create_home: yes
|
create_home: yes
|
||||||
|
when: run_once_backups_provider_user is not defined
|
||||||
|
|
||||||
- name: create .ssh directory
|
- name: create .ssh directory
|
||||||
file:
|
file:
|
||||||
@ -10,6 +11,7 @@
|
|||||||
owner: backup
|
owner: backup
|
||||||
group: backup
|
group: backup
|
||||||
mode: '0700'
|
mode: '0700'
|
||||||
|
when: run_once_backups_provider_user is not defined
|
||||||
|
|
||||||
- name: create /home/backup/.ssh/authorized_keys
|
- name: create /home/backup/.ssh/authorized_keys
|
||||||
template:
|
template:
|
||||||
@ -18,6 +20,7 @@
|
|||||||
owner: backup
|
owner: backup
|
||||||
group: backup
|
group: backup
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
|
when: run_once_backups_provider_user is not defined
|
||||||
|
|
||||||
- name: create /home/backup/ssh-wrapper.sh
|
- name: create /home/backup/ssh-wrapper.sh
|
||||||
copy:
|
copy:
|
||||||
@ -26,6 +29,7 @@
|
|||||||
owner: backup
|
owner: backup
|
||||||
group: backup
|
group: backup
|
||||||
mode: '0700'
|
mode: '0700'
|
||||||
|
when: run_once_backups_provider_user is not defined
|
||||||
|
|
||||||
- name: grant backup sudo rights
|
- name: grant backup sudo rights
|
||||||
copy:
|
copy:
|
||||||
@ -35,3 +39,9 @@
|
|||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
notify: sshd restart
|
notify: sshd restart
|
||||||
|
when: run_once_backups_provider_user is not defined
|
||||||
|
|
||||||
|
- name: run the backups_provider_user tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_backups_provider_user: true
|
||||||
|
when: run_once_backups_provider_user is not defined
|
@ -4,20 +4,29 @@
|
|||||||
- lsof
|
- lsof
|
||||||
- python-psutil
|
- python-psutil
|
||||||
state: present
|
state: present
|
||||||
|
when: run_once_cleanup_backups_service is not defined
|
||||||
|
|
||||||
- name: "create {{docker_cleanup_backups}}"
|
- name: "create {{docker_cleanup_backups}}"
|
||||||
file:
|
file:
|
||||||
path: "{{docker_cleanup_backups}}"
|
path: "{{docker_cleanup_backups}}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
when: run_once_cleanup_backups_service is not defined
|
||||||
|
|
||||||
- name: create cleanup-backups.py
|
- name: create cleanup-backups.py
|
||||||
copy:
|
copy:
|
||||||
src: "cleanup-backups.py"
|
src: "cleanup-backups.py"
|
||||||
dest: "{{docker_cleanup_backups}}cleanup-backups.py"
|
dest: "{{docker_cleanup_backups}}cleanup-backups.py"
|
||||||
|
when: run_once_cleanup_backups_service is not defined
|
||||||
|
|
||||||
- name: create cleanup-backups.service
|
- name: create cleanup-backups.service
|
||||||
template:
|
template:
|
||||||
src: "cleanup-backups.service.j2"
|
src: "cleanup-backups.service.j2"
|
||||||
dest: "/etc/systemd/system/cleanup-backups.service"
|
dest: "/etc/systemd/system/cleanup-backups.service"
|
||||||
notify: reload cleanup-backups.service
|
notify: reload cleanup-backups.service
|
||||||
|
when: run_once_cleanup_backups_service is not defined
|
||||||
|
|
||||||
|
- name: run the cleanup_backups_service tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_cleanup_backups_service: true
|
||||||
|
when: run_once_cleanup_backups_service is not defined
|
||||||
|
@ -4,3 +4,9 @@
|
|||||||
state: restarted
|
state: restarted
|
||||||
enabled: yes
|
enabled: yes
|
||||||
daemon_reload: yes
|
daemon_reload: yes
|
||||||
|
when: run_once_cleanup_backup_timer is not defined
|
||||||
|
|
||||||
|
- name: run the cleanup_backup_timer tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_cleanup_backup_timer: true
|
||||||
|
when: run_once_cleanup_backup_timer is not defined
|
@ -5,3 +5,9 @@
|
|||||||
register: cleanup_backups_timer
|
register: cleanup_backups_timer
|
||||||
changed_when: cleanup_backups_timer.changed or activate_all_timers | default(false) | bool
|
changed_when: cleanup_backups_timer.changed or activate_all_timers | default(false) | bool
|
||||||
notify: restart cleanup-backups.timer
|
notify: restart cleanup-backups.timer
|
||||||
|
when: run_once_cleanup_backups_timer is not defined
|
||||||
|
|
||||||
|
- name: run the cleanup_backups_timer tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_cleanup_backups_timer: true
|
||||||
|
when: run_once_cleanup_backups_timer is not defined
|
||||||
|
@ -5,14 +5,21 @@
|
|||||||
update: yes
|
update: yes
|
||||||
register: git_result
|
register: git_result
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
when: run_once_cleanup_failed_docker_backups is not defined
|
||||||
|
|
||||||
- name: Warn if repo is not reachable
|
- name: Warn if repo is not reachable
|
||||||
debug:
|
debug:
|
||||||
msg: "Warning: Repository is not reachable."
|
msg: "Warning: Repository is not reachable."
|
||||||
when: git_result.failed
|
when: git_result is defined and git_result.failed is defined and run_once_cleanup_failed_docker_backups is not defined
|
||||||
|
|
||||||
- name: configure cleanup-failed-docker-backups.service
|
- name: configure cleanup-failed-docker-backups.service
|
||||||
template:
|
template:
|
||||||
src: cleanup-failed-docker-backups.service.j2
|
src: cleanup-failed-docker-backups.service.j2
|
||||||
dest: /etc/systemd/system/cleanup-failed-docker-backups.service
|
dest: /etc/systemd/system/cleanup-failed-docker-backups.service
|
||||||
notify: reload cleanup-failed-docker-backups.service daemon
|
notify: reload cleanup-failed-docker-backups.service daemon
|
||||||
|
when: run_once_cleanup_failed_docker_backups is not defined
|
||||||
|
|
||||||
|
- name: run the cleanup_failed_docker_backups tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_cleanup_failed_docker_backups: true
|
||||||
|
when: run_once_cleanup_failed_docker_backups is not defined
|
@ -99,6 +99,16 @@ hooks:
|
|||||||
cd: $home/plugins
|
cd: $home/plugins
|
||||||
cmd:
|
cmd:
|
||||||
- git clone https://github.com/discourse/docker_manager.git
|
- git clone https://github.com/discourse/docker_manager.git
|
||||||
|
- git clone https://github.com/discourse/discourse-activity-pub.git
|
||||||
|
- git clone https://github.com/discourse/discourse-calendar.git
|
||||||
|
- git clone https://github.com/discourse/discourse-akismet.git
|
||||||
|
- git clone https://github.com/discourse/discourse-cakeday.git
|
||||||
|
- git clone https://github.com/discourse/discourse-solved.git
|
||||||
|
- git clone https://github.com/discourse/discourse-voting.git
|
||||||
|
- git clone https://github.com/gdpelican/retort.git
|
||||||
|
- git clone https://github.com/discourse/discourse-oauth2-basic.git
|
||||||
|
- git clone https://github.com/discourse/discourse-openid-connect.git
|
||||||
|
- git clone https://github.com/jonmbake/discourse-ldap-auth
|
||||||
|
|
||||||
## Any custom commands to run after building
|
## Any custom commands to run after building
|
||||||
run:
|
run:
|
||||||
|
@ -6,7 +6,7 @@ services:
|
|||||||
env_file: .env
|
env_file: .env
|
||||||
environment:
|
environment:
|
||||||
- "POSTGRES_HOST_AUTH_METHOD=trust"
|
- "POSTGRES_HOST_AUTH_METHOD=trust"
|
||||||
image: postgres:15-alpine
|
image: postgres:alpine
|
||||||
volumes:
|
volumes:
|
||||||
- database:/var/lib/postgresql/data
|
- database:/var/lib/postgresql/data
|
||||||
|
|
||||||
|
@ -1,7 +1,3 @@
|
|||||||
# NOTE: This docker-compose.yml is meant to be just an example guideline
|
|
||||||
# on how you can achieve the same. It is not intented to run out of the box
|
|
||||||
# and you must edit the below configurations to suit your needs.
|
|
||||||
|
|
||||||
version: "3.7"
|
version: "3.7"
|
||||||
|
|
||||||
x-application-defaults: &application-defaults
|
x-application-defaults: &application-defaults
|
||||||
@ -15,7 +11,7 @@ x-application-defaults: &application-defaults
|
|||||||
- TZ=Etc/UTC
|
- TZ=Etc/UTC
|
||||||
|
|
||||||
x-database-defaults: &database-defaults
|
x-database-defaults: &database-defaults
|
||||||
image: postgres:13-alpine
|
image: postgres:alpine
|
||||||
ports:
|
ports:
|
||||||
- "9432:5432"
|
- "9432:5432"
|
||||||
networks:
|
networks:
|
||||||
|
@ -2,7 +2,7 @@ version: '3'
|
|||||||
services:
|
services:
|
||||||
database:
|
database:
|
||||||
restart: always
|
restart: always
|
||||||
image: postgres:14-alpine
|
image: postgres:alpine
|
||||||
shm_size: 256mb
|
shm_size: 256mb
|
||||||
networks:
|
networks:
|
||||||
- internal_network
|
- internal_network
|
||||||
|
0
roles/docker-matrix/README.md
Normal file
0
roles/docker-matrix/README.md
Normal file
8
roles/docker-matrix/handlers/main.yml
Normal file
8
roles/docker-matrix/handlers/main.yml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
- name: recreate matrix
|
||||||
|
command:
|
||||||
|
cmd: docker-compose up -d --force-recreate
|
||||||
|
chdir: "{{docker_compose_instance_directory}}"
|
||||||
|
environment:
|
||||||
|
COMPOSE_HTTP_TIMEOUT: 600
|
||||||
|
DOCKER_CLIENT_TIMEOUT: 600
|
2
roles/docker-matrix/meta/main.yml
Normal file
2
roles/docker-matrix/meta/main.yml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
dependencies:
|
||||||
|
- nginx-docker-reverse-proxy
|
33
roles/docker-matrix/tasks/main.yml
Normal file
33
roles/docker-matrix/tasks/main.yml
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
---
|
||||||
|
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||||
|
include_tasks: nginx-docker-proxy-domain.yml
|
||||||
|
|
||||||
|
- name: "create {{docker_compose_instance_directory}}"
|
||||||
|
file:
|
||||||
|
path: "{{docker_compose_instance_directory}}"
|
||||||
|
state: directory
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: add homeserver.yaml
|
||||||
|
template:
|
||||||
|
src: "homeserver.yaml.j2"
|
||||||
|
dest: "{{docker_compose_instance_directory}}homeserver.yaml"
|
||||||
|
notify: recreate matrix
|
||||||
|
|
||||||
|
- name: add log.config
|
||||||
|
template:
|
||||||
|
src: "log.config.j2"
|
||||||
|
dest: "{{docker_compose_instance_directory}}{{domain}}.log.config"
|
||||||
|
notify: recreate matrix
|
||||||
|
|
||||||
|
# https://github.com/matrix-org/synapse/issues/6303
|
||||||
|
- name: set correct folder permissions
|
||||||
|
command:
|
||||||
|
cmd: "docker run --rm --mount type=volume,src=matrix_data,dst=/data -e SYNAPSE_SERVER_NAME={{domain}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'"
|
||||||
|
chdir: "{{path_docker_compose_instances}}baserow/"
|
||||||
|
|
||||||
|
- name: add docker-compose.yml
|
||||||
|
template:
|
||||||
|
src: "docker-compose.yml.j2"
|
||||||
|
dest: "{{docker_compose_instance_directory}}docker-compose.yml"
|
||||||
|
notify: recreate matrix
|
45
roles/docker-matrix/templates/docker-compose.yml.j2
Normal file
45
roles/docker-matrix/templates/docker-compose.yml.j2
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
version: '3.1'
|
||||||
|
|
||||||
|
services:
|
||||||
|
|
||||||
|
application:
|
||||||
|
image: matrixdotorg/synapse:latest
|
||||||
|
restart: unless-stopped
|
||||||
|
logging:
|
||||||
|
driver: journald
|
||||||
|
volumes:
|
||||||
|
- data:/data
|
||||||
|
- ./homeserver.yaml:/data/homeserver.yaml:ro
|
||||||
|
- ./{{domain}}.log.config:/data/{{domain}}.log.config:ro
|
||||||
|
environment:
|
||||||
|
- SYNAPSE_SERVER_NAME={{domain}}
|
||||||
|
- SYNAPSE_REPORT_STATS=no
|
||||||
|
ports:
|
||||||
|
- "127.0.0.1:{{http_port}}:8008"
|
||||||
|
depends_on:
|
||||||
|
- database
|
||||||
|
|
||||||
|
database:
|
||||||
|
logging:
|
||||||
|
driver: journald
|
||||||
|
image: postgres:alpine
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- database:/var/lib/postgresql/data
|
||||||
|
environment:
|
||||||
|
- POSTGRES_DB=matrix
|
||||||
|
- POSTGRES_USER=matrix
|
||||||
|
- POSTGRES_PASSWORD={{matrix_database_password}}
|
||||||
|
- POSTGRES_INITDB_ARGS='--encoding=UTF-8 --lc-collate=C --lc-ctype=C'
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD-SHELL", "pg_isready -U matrix"]
|
||||||
|
interval: 10s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 6
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
database:
|
||||||
|
data:
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
driver: bridge
|
28
roles/docker-matrix/templates/homeserver.yaml.j2
Normal file
28
roles/docker-matrix/templates/homeserver.yaml.j2
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
server_name: "{{domain}}"
|
||||||
|
pid_file: /data/homeserver.pid
|
||||||
|
listeners:
|
||||||
|
- port: 8008
|
||||||
|
tls: false
|
||||||
|
type: http
|
||||||
|
x_forwarded: true
|
||||||
|
resources:
|
||||||
|
- names: [client, federation]
|
||||||
|
compress: false
|
||||||
|
database:
|
||||||
|
name: psycopg2
|
||||||
|
args:
|
||||||
|
user: matrix
|
||||||
|
password: {{matrix_database_password}}
|
||||||
|
database: matrix
|
||||||
|
host: database
|
||||||
|
cp_min: 5
|
||||||
|
cp_max: 10
|
||||||
|
log_config: "/data/{{domain}}.log.config"
|
||||||
|
media_store_path: /data/media_store
|
||||||
|
registration_shared_secret: "{{matrix_registration_shared_secret}}"
|
||||||
|
report_stats: true
|
||||||
|
macaroon_secret_key: "{{matrix_macaroon_secret_key}}"
|
||||||
|
form_secret: "{{matrix_form_secret}}"
|
||||||
|
signing_key_path: "/data/{{domain}}.signing.key"
|
||||||
|
trusted_key_servers:
|
||||||
|
- server_name: "matrix.org"
|
25
roles/docker-matrix/templates/log.config.j2
Normal file
25
roles/docker-matrix/templates/log.config.j2
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
version: 1
|
||||||
|
|
||||||
|
formatters:
|
||||||
|
precise:
|
||||||
|
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
file:
|
||||||
|
class: logging.handlers.RotatingFileHandler
|
||||||
|
formatter: precise
|
||||||
|
filename: /data/{{ domain }}.homeserver.log
|
||||||
|
maxBytes: 10485760
|
||||||
|
backupCount: 3
|
||||||
|
console:
|
||||||
|
class: logging.StreamHandler
|
||||||
|
formatter: precise
|
||||||
|
|
||||||
|
loggers:
|
||||||
|
synapse:
|
||||||
|
level: INFO
|
||||||
|
handlers: [file, console]
|
||||||
|
|
||||||
|
root:
|
||||||
|
level: INFO
|
||||||
|
handlers: [file, console]
|
2
roles/docker-matrix/vars/main.yml
Normal file
2
roles/docker-matrix/vars/main.yml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
---
|
||||||
|
docker_compose_instance_directory: "{{path_docker_compose_instances}}matrix/"
|
@ -34,10 +34,15 @@ services:
|
|||||||
POSTGRES_DB: mybb
|
POSTGRES_DB: mybb
|
||||||
POSTGRES_PASSWORD: "{{mybb_database_password}}"
|
POSTGRES_PASSWORD: "{{mybb_database_password}}"
|
||||||
POSTGRES_USER: mybb
|
POSTGRES_USER: mybb
|
||||||
image: postgres:14-alpine
|
image: postgres:alpine
|
||||||
volumes:
|
volumes:
|
||||||
- database:/var/lib/postgresql/data:rw
|
- database:/var/lib/postgresql/data:rw
|
||||||
restart: always
|
restart: always
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD-SHELL", "pg_isready -U mybb"]
|
||||||
|
interval: 10s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 6
|
||||||
volumes:
|
volumes:
|
||||||
database:
|
database:
|
||||||
data:
|
data:
|
||||||
|
@ -17,14 +17,19 @@ services:
|
|||||||
- redis
|
- redis
|
||||||
restart: "always"
|
restart: "always"
|
||||||
database:
|
database:
|
||||||
image: postgres:13-alpine
|
image: postgres:alpine
|
||||||
env_file:
|
env_file:
|
||||||
- .env
|
- .env
|
||||||
volumes:
|
volumes:
|
||||||
- database:/var/lib/postgresql/data
|
- database:/var/lib/postgresql/data
|
||||||
restart: "always"
|
restart: "always"
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD-SHELL", "pg_isready -U peertube"]
|
||||||
|
interval: 10s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 6
|
||||||
redis:
|
redis:
|
||||||
image: redis:6-alpine
|
image: redis:alpine
|
||||||
volumes:
|
volumes:
|
||||||
- redis:/data
|
- redis:/data
|
||||||
restart: "always"
|
restart: "always"
|
||||||
|
@ -5,6 +5,7 @@
|
|||||||
name: ['docker','docker-compose']
|
name: ['docker','docker-compose']
|
||||||
state: present
|
state: present
|
||||||
notify: docker restart
|
notify: docker restart
|
||||||
|
when: run_once_docker is not defined
|
||||||
|
|
||||||
- name: "create {{path_docker_compose_instances}}"
|
- name: "create {{path_docker_compose_instances}}"
|
||||||
file:
|
file:
|
||||||
@ -13,6 +14,7 @@
|
|||||||
mode: 0700
|
mode: 0700
|
||||||
owner: administrator
|
owner: administrator
|
||||||
group: administrator
|
group: administrator
|
||||||
|
when: run_once_docker is not defined
|
||||||
|
|
||||||
- name: "create {{path_docker_volumes}}"
|
- name: "create {{path_docker_volumes}}"
|
||||||
file:
|
file:
|
||||||
@ -21,6 +23,13 @@
|
|||||||
mode: 0700
|
mode: 0700
|
||||||
owner: administrator
|
owner: administrator
|
||||||
group: administrator
|
group: administrator
|
||||||
|
when: run_once_docker is not defined
|
||||||
|
|
||||||
- name: flush docker service
|
- name: flush docker service
|
||||||
meta: flush_handlers
|
meta: flush_handlers
|
||||||
|
when: run_once_docker is not defined
|
||||||
|
|
||||||
|
- name: run the docker tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_docker: true
|
||||||
|
when: run_once_docker is not defined
|
||||||
|
@ -1,2 +1,8 @@
|
|||||||
- name: install git
|
- name: install git
|
||||||
pacman: name=git state=present
|
pacman: name=git state=present
|
||||||
|
when: run_once_git is not defined
|
||||||
|
|
||||||
|
- name: run the git tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_git: true
|
||||||
|
when: run_once_git is not defined
|
@ -3,17 +3,20 @@
|
|||||||
path: "{{heal_docker}}"
|
path: "{{heal_docker}}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
when: run_once_heal_docker is not defined
|
||||||
|
|
||||||
- name: create heal-docker.py
|
- name: create heal-docker.py
|
||||||
copy:
|
copy:
|
||||||
src: heal-docker.py
|
src: heal-docker.py
|
||||||
dest: "{{heal_docker}}heal-docker.py"
|
dest: "{{heal_docker}}heal-docker.py"
|
||||||
|
when: run_once_heal_docker is not defined
|
||||||
|
|
||||||
- name: create heal-docker.service
|
- name: create heal-docker.service
|
||||||
template:
|
template:
|
||||||
src: heal-docker.service.j2
|
src: heal-docker.service.j2
|
||||||
dest: /etc/systemd/system/heal-docker.service
|
dest: /etc/systemd/system/heal-docker.service
|
||||||
notify: reload heal-docker.service
|
notify: reload heal-docker.service
|
||||||
|
when: run_once_heal_docker is not defined
|
||||||
|
|
||||||
- name: create heal-docker.timer
|
- name: create heal-docker.timer
|
||||||
template:
|
template:
|
||||||
@ -22,3 +25,9 @@
|
|||||||
register: heal_docker_timer
|
register: heal_docker_timer
|
||||||
changed_when: heal_docker_timer.changed or activate_all_timers | default(false) | bool
|
changed_when: heal_docker_timer.changed or activate_all_timers | default(false) | bool
|
||||||
notify: restart heal-docker.timer
|
notify: restart heal-docker.timer
|
||||||
|
when: run_once_heal_docker is not defined
|
||||||
|
|
||||||
|
- name: run the heal_docker tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_heal_docker: true
|
||||||
|
when: run_once_heal_docker is not defined
|
@ -3,15 +3,18 @@
|
|||||||
path: "{{health_docker_container_folder}}"
|
path: "{{health_docker_container_folder}}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
when: run_once_health_docker_container is not defined
|
||||||
|
|
||||||
- name: create health-docker-container.sh
|
- name: create health-docker-container.sh
|
||||||
copy:
|
copy:
|
||||||
src: health-docker-container.sh
|
src: health-docker-container.sh
|
||||||
dest: "{{health_docker_container_folder}}health-docker-container.sh"
|
dest: "{{health_docker_container_folder}}health-docker-container.sh"
|
||||||
|
when: run_once_health_docker_container is not defined
|
||||||
|
|
||||||
- name: create health-docker-container.service
|
- name: create health-docker-container.service
|
||||||
template: src=health-docker-container.service.j2 dest=/etc/systemd/system/health-docker-container.service
|
template: src=health-docker-container.service.j2 dest=/etc/systemd/system/health-docker-container.service
|
||||||
notify: reload health-docker-container.service
|
notify: reload health-docker-container.service
|
||||||
|
when: run_once_health_docker_container is not defined
|
||||||
|
|
||||||
- name: create health-docker-container.timer
|
- name: create health-docker-container.timer
|
||||||
template:
|
template:
|
||||||
@ -20,3 +23,9 @@
|
|||||||
register: health_docker_container_timer
|
register: health_docker_container_timer
|
||||||
changed_when: health_docker_container_timer.changed or activate_all_timers | default(false) | bool
|
changed_when: health_docker_container_timer.changed or activate_all_timers | default(false) | bool
|
||||||
notify: restart health-docker-container.timer
|
notify: restart health-docker-container.timer
|
||||||
|
when: run_once_health_docker_container is not defined
|
||||||
|
|
||||||
|
- name: run the health_docker_container tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_health_docker_container: true
|
||||||
|
when: run_once_health_docker_container is not defined
|
||||||
|
@ -3,15 +3,18 @@
|
|||||||
path: "{{health_docker_volumes_folder}}"
|
path: "{{health_docker_volumes_folder}}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
when: run_once_health_docker_volumes is not defined
|
||||||
|
|
||||||
- name: create health-docker-volumes.sh
|
- name: create health-docker-volumes.sh
|
||||||
copy:
|
copy:
|
||||||
src: health-docker-volumes.sh
|
src: health-docker-volumes.sh
|
||||||
dest: "{{health_docker_volumes_folder}}health-docker-volumes.sh"
|
dest: "{{health_docker_volumes_folder}}health-docker-volumes.sh"
|
||||||
|
when: run_once_health_docker_volumes is not defined
|
||||||
|
|
||||||
- name: create health-docker-volumes.service
|
- name: create health-docker-volumes.service
|
||||||
template: src=health-docker-volumes.service.j2 dest=/etc/systemd/system/health-docker-volumes.service
|
template: src=health-docker-volumes.service.j2 dest=/etc/systemd/system/health-docker-volumes.service
|
||||||
notify: reload health-docker-volumes.service
|
notify: reload health-docker-volumes.service
|
||||||
|
when: run_once_health_docker_volumes is not defined
|
||||||
|
|
||||||
- name: create health-docker-volumes.timer
|
- name: create health-docker-volumes.timer
|
||||||
template:
|
template:
|
||||||
@ -20,3 +23,9 @@
|
|||||||
register: health_docker_volumes_timer
|
register: health_docker_volumes_timer
|
||||||
changed_when: health_docker_volumes_timer.changed or activate_all_timers | default(false) | bool
|
changed_when: health_docker_volumes_timer.changed or activate_all_timers | default(false) | bool
|
||||||
notify: restart health-docker-volumes.timer
|
notify: restart health-docker-volumes.timer
|
||||||
|
when: run_once_health_docker_volumes is not defined
|
||||||
|
|
||||||
|
- name: run the health_docker_volumes tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_health_docker_volumes: true
|
||||||
|
when: run_once_health_docker_volumes is not defined
|
||||||
|
@ -1,58 +0,0 @@
|
|||||||
import os
|
|
||||||
import requests
|
|
||||||
import sys
|
|
||||||
import re
|
|
||||||
|
|
||||||
# Set up argument parser
|
|
||||||
parser = argparse.ArgumentParser(description='Check if domains of nginx configuration files respond with the correct status code.')
|
|
||||||
parser.add_argument('config_path', help='Path to the nginx configuration directory')
|
|
||||||
args = parser.parse_args()
|
|
||||||
|
|
||||||
# Use the provided argument for the config path
|
|
||||||
config_path = args.config_path
|
|
||||||
|
|
||||||
# Initialize the error counter
|
|
||||||
error_counter = 0
|
|
||||||
|
|
||||||
# Regex pattern to match domain.tld or subdomain.domain.tld
|
|
||||||
pattern = re.compile(r"^(?:[\w-]+\.)?[\w-]+\.[\w-]+\.conf$")
|
|
||||||
|
|
||||||
# Iterate over each file in the configuration directory
|
|
||||||
for filename in os.listdir(config_path):
|
|
||||||
if filename.endswith('.conf') and pattern.match(filename):
|
|
||||||
# Extract the domain and subdomain from the filename
|
|
||||||
name = filename.replace('.conf', '')
|
|
||||||
parts = name.split('.')
|
|
||||||
|
|
||||||
# Prepare the URL and expected status codes
|
|
||||||
url = f"https://{name}"
|
|
||||||
|
|
||||||
# Default: Expect status code 200 for a domain
|
|
||||||
expected_statuses = [200]
|
|
||||||
|
|
||||||
# Determine expected status codes based on subdomain
|
|
||||||
if len(parts) == 3:
|
|
||||||
if parts[0] == 'listmonk':
|
|
||||||
expected_statuses = [401]
|
|
||||||
elif parts[0] == 'www':
|
|
||||||
expected_statuses = [200,301]
|
|
||||||
elif parts[0] == 's':
|
|
||||||
expected_statuses = [403]
|
|
||||||
|
|
||||||
try:
|
|
||||||
# Send a HEAD request to get only the response header
|
|
||||||
response = requests.head(url, allow_redirects=True)
|
|
||||||
|
|
||||||
# Check if the status code matches the expected statuses
|
|
||||||
if response.status_code in expected_statuses:
|
|
||||||
print(f"{name}: ok")
|
|
||||||
else:
|
|
||||||
print(f"{name}: error")
|
|
||||||
error_counter += 1
|
|
||||||
except requests.RequestException as e:
|
|
||||||
# Handle exceptions for requests like connection errors
|
|
||||||
print(f"{name}: error due to {e}")
|
|
||||||
error_counter += 1
|
|
||||||
|
|
||||||
# Exit the script with the number of errors as the exit code
|
|
||||||
sys.exit(error_counter)
|
|
@ -2,23 +2,27 @@
|
|||||||
pacman:
|
pacman:
|
||||||
name: python-requests
|
name: python-requests
|
||||||
state: present
|
state: present
|
||||||
|
when: run_once_health_nginx is not defined
|
||||||
|
|
||||||
- name: "create {{ health_nginx_folder }}"
|
- name: "create {{ health_nginx_folder }}"
|
||||||
file:
|
file:
|
||||||
path: "{{ health_nginx_folder }}"
|
path: "{{ health_nginx_folder }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
when: run_once_health_nginx is not defined
|
||||||
|
|
||||||
- name: create health-nginx.py
|
- name: create health-nginx.py
|
||||||
copy:
|
template:
|
||||||
src: health-nginx.py
|
src: health-nginx.py.j2
|
||||||
dest: "{{ health_nginx_folder }}health-nginx.py"
|
dest: "{{ health_nginx_folder }}health-nginx.py"
|
||||||
|
when: run_once_health_nginx is not defined
|
||||||
|
|
||||||
- name: create health-nginx.service
|
- name: create health-nginx.service
|
||||||
template:
|
template:
|
||||||
src: health-nginx.service.j2
|
src: health-nginx.service.j2
|
||||||
dest: /etc/systemd/system/health-nginx.service
|
dest: /etc/systemd/system/health-nginx.service
|
||||||
notify: reload health-nginx.service
|
notify: reload health-nginx.service
|
||||||
|
when: run_once_health_nginx is not defined
|
||||||
|
|
||||||
- name: create health-nginx.timer
|
- name: create health-nginx.timer
|
||||||
template:
|
template:
|
||||||
@ -27,3 +31,10 @@
|
|||||||
register: health_nginx_timer
|
register: health_nginx_timer
|
||||||
changed_when: health_nginx_timer.changed or activate_all_timers | default(false) | bool
|
changed_when: health_nginx_timer.changed or activate_all_timers | default(false) | bool
|
||||||
notify: restart health-nginx.timer
|
notify: restart health-nginx.timer
|
||||||
|
when: run_once_health_nginx is not defined
|
||||||
|
|
||||||
|
- name: run the health_nginx tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_health_nginx: true
|
||||||
|
when: run_once_health_nginx is not defined
|
||||||
|
|
||||||
|
60
roles/health-nginx/templates/health-nginx.py.j2
Normal file
60
roles/health-nginx/templates/health-nginx.py.j2
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
import os
|
||||||
|
import requests
|
||||||
|
import sys
|
||||||
|
import re
|
||||||
|
|
||||||
|
# file in which fqdn server configs are deposit
|
||||||
|
config_path = '{{nginx_servers_directory}}'
|
||||||
|
|
||||||
|
# Initialize the error counter
|
||||||
|
error_counter = 0
|
||||||
|
|
||||||
|
# Regex pattern to match domain.tld or *.domain.tld
|
||||||
|
pattern = re.compile(r"^(?:[\w-]+\.)*[\w-]+\.[\w-]+\.conf$")
|
||||||
|
|
||||||
|
# Iterate over each file in the configuration directory
|
||||||
|
for filename in os.listdir(config_path):
|
||||||
|
if filename.endswith('.conf') and pattern.match(filename):
|
||||||
|
# Extract the domain and subdomain from the filename
|
||||||
|
domain = filename.replace('.conf', '')
|
||||||
|
parts = domain.split('.')
|
||||||
|
|
||||||
|
# Prepare the URL and expected status codes
|
||||||
|
url = f"https://{domain}"
|
||||||
|
|
||||||
|
# Default: Expect status code 200 or 302 for a domain
|
||||||
|
expected_statuses = [200,302]
|
||||||
|
|
||||||
|
redirected_domains = [domain['source'] for domain in {{redirect_domain_mappings}}]
|
||||||
|
redirected_domains.append("{{domain_mailu}}")
|
||||||
|
|
||||||
|
# Determine expected status codes based on the domain
|
||||||
|
if domain == '{{domain_listmonk}}':
|
||||||
|
expected_statuses = [401]
|
||||||
|
{% if nginx_matomo_tracking | bool %}
|
||||||
|
elif parts[0] == 'www' or domain in redirected_domains:
|
||||||
|
expected_statuses = [301]
|
||||||
|
{% endif %}
|
||||||
|
elif domain == '{{domain_yourls}}':
|
||||||
|
expected_statuses = [403]
|
||||||
|
|
||||||
|
try:
|
||||||
|
# Send a HEAD request to get only the response header
|
||||||
|
response = requests.head(url)
|
||||||
|
|
||||||
|
# Check if the status code matches the expected statuses
|
||||||
|
if response.status_code in expected_statuses:
|
||||||
|
print(f"{domain}: OK")
|
||||||
|
else:
|
||||||
|
print(f"{domain}: ERROR: Expected {expected_statuses}. Got {response.status_code}.")
|
||||||
|
error_counter += 1
|
||||||
|
except requests.RequestException as e:
|
||||||
|
# Handle exceptions for requests like connection errors
|
||||||
|
print(f"{domain}: error due to {e}")
|
||||||
|
error_counter += 1
|
||||||
|
|
||||||
|
if error_counter > 0:
|
||||||
|
print(f"Warning: {error_counter} domains responded with an unexpected https status code.")
|
||||||
|
|
||||||
|
# Exit the script with the number of errors as the exit code
|
||||||
|
sys.exit(error_counter)
|
@ -4,4 +4,4 @@ OnFailure=systemd-notifier@%n.service
|
|||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
ExecStart=/usr/bin/python3 {{ health_nginx_folder }}health-nginx.py {{nginx_servers_directory}}
|
ExecStart=/usr/bin/python3 {{ health_nginx_folder }}health-nginx.py
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- certbot-nginx
|
- nginx-certbot
|
||||||
|
@ -1,6 +1,13 @@
|
|||||||
- name: create nginx letsencrypt config file
|
- name: create nginx letsencrypt config file
|
||||||
template: src=letsencrypt.conf.j2 dest={{nginx_servers_directory}}letsencrypt.conf
|
template: src=letsencrypt.conf.j2 dest={{nginx_servers_directory}}letsencrypt.conf
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
when: run_once_letsencrypt is not defined
|
||||||
|
|
||||||
- name: flush nginx service
|
- name: flush nginx service
|
||||||
meta: flush_handlers
|
meta: flush_handlers
|
||||||
|
when: run_once_letsencrypt is not defined
|
||||||
|
|
||||||
|
- name: run the letsencrypt logic just once
|
||||||
|
set_fact:
|
||||||
|
run_once_letsencrypt: true
|
||||||
|
when: run_once_letsencrypt is not defined
|
||||||
|
@ -2,12 +2,14 @@
|
|||||||
pacman:
|
pacman:
|
||||||
name: [certbot,certbot-nginx]
|
name: [certbot,certbot-nginx]
|
||||||
state: present
|
state: present
|
||||||
|
when: run_once_nginx_certbot is not defined
|
||||||
|
|
||||||
- name: configure certbot.service.tpl
|
- name: configure certbot.service.tpl
|
||||||
template:
|
template:
|
||||||
src: certbot.service.j2
|
src: certbot.service.j2
|
||||||
dest: /etc/systemd/system/certbot.service
|
dest: /etc/systemd/system/certbot.service
|
||||||
notify: reload certbot service
|
notify: reload certbot service
|
||||||
|
when: run_once_nginx_certbot is not defined
|
||||||
|
|
||||||
- name: configure certbot.timer.tpl
|
- name: configure certbot.timer.tpl
|
||||||
template:
|
template:
|
||||||
@ -16,3 +18,9 @@
|
|||||||
register: certbot_timer
|
register: certbot_timer
|
||||||
changed_when: certbot_timer.changed or activate_all_timers | default(false) | bool
|
changed_when: certbot_timer.changed or activate_all_timers | default(false) | bool
|
||||||
notify: restart certbot timer
|
notify: restart certbot timer
|
||||||
|
when: run_once_nginx_certbot is not defined
|
||||||
|
|
||||||
|
- name: run the nginx_certbot tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_nginx_certbot: true
|
||||||
|
when: run_once_nginx_certbot is not defined
|
@ -7,20 +7,17 @@
|
|||||||
|
|
||||||
- name: Filter domain names and remove .conf extension and path
|
- name: Filter domain names and remove .conf extension and path
|
||||||
set_fact:
|
set_fact:
|
||||||
filtered_domains: "{{ conf_files.files | map(attribute='path') | map('regex_search', domain_regex) | select('string') | map('regex_replace', '^{{nginx_servers_directory}}', '') | map('regex_replace', '.conf$', '') | list }}"
|
filtered_domains: "{{ conf_files.files | map(attribute='path') | map('regex_search', domain_regex) | select('string') | map('regex_replace', path_regex, '') | map('regex_replace', '.conf$', '') | list }}"
|
||||||
vars:
|
vars:
|
||||||
domain_regex: '^{{nginx_servers_directory}}(?!www\.)[^/]+\.conf$'
|
domain_regex: "^{{ nginx_servers_directory }}(?!www\\.)[^/]+\\.conf$"
|
||||||
|
path_regex: "^{{ nginx_servers_directory }}"
|
||||||
|
|
||||||
- name: The domains for which a www. redirect will be implemented
|
- name: The domains for which a www. redirect will be implemented
|
||||||
debug:
|
debug:
|
||||||
var: filtered_domains
|
var: filtered_domains
|
||||||
|
|
||||||
- name: Prepare redirect domain mappings
|
|
||||||
set_fact:
|
|
||||||
redirect_domain_mappings: "{{ filtered_domains | map('regex_replace', '^(.*)$', '{ source: \"www.\\1\", target: \"\\1\" }') | map('from_yaml') | list }}"
|
|
||||||
|
|
||||||
- name: Include nginx-domain-redirect role with dynamic domain mappings
|
- name: Include nginx-domain-redirect role with dynamic domain mappings
|
||||||
include_role:
|
include_role:
|
||||||
name: nginx-domain-redirect
|
name: nginx-domain-redirect
|
||||||
vars:
|
vars:
|
||||||
domain_mappings: "{{ redirect_domain_mappings }}"
|
domain_mappings: "{{ filtered_domains | map('regex_replace', '^(.*)$', '{ source: \"www.\\1\", target: \"\\1\" }') | map('from_yaml') | list }}"
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
- name: install nginx
|
- name: install nginx
|
||||||
pacman: name=nginx state=present
|
pacman: name=nginx state=present
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
when: run_once_nginx is not defined
|
||||||
|
|
||||||
- name: Ensure nginx configuration directories are present
|
- name: Ensure nginx configuration directories are present
|
||||||
file:
|
file:
|
||||||
@ -12,10 +13,18 @@
|
|||||||
- "{{nginx_servers_directory}}"
|
- "{{nginx_servers_directory}}"
|
||||||
- "{{nginx_maps_directory}}"
|
- "{{nginx_maps_directory}}"
|
||||||
- "{{nginx_upstreams_directory}}"
|
- "{{nginx_upstreams_directory}}"
|
||||||
|
when: run_once_nginx is not defined
|
||||||
|
|
||||||
- name: create nginx config file
|
- name: create nginx config file
|
||||||
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
|
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
when: run_once_nginx is not defined
|
||||||
|
|
||||||
- name: flush nginx service
|
- name: flush nginx service
|
||||||
meta: flush_handlers
|
meta: flush_handlers
|
||||||
|
when: run_once_nginx is not defined
|
||||||
|
|
||||||
|
- name: run the nginx tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_nginx: true
|
||||||
|
when: run_once_nginx is not defined
|
||||||
|
@ -3,3 +3,9 @@
|
|||||||
pacman:
|
pacman:
|
||||||
name: python-pip
|
name: python-pip
|
||||||
state: present
|
state: present
|
||||||
|
when: run_once_python_pip is not defined
|
||||||
|
|
||||||
|
- name: run the python_pip tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_python_pip: true
|
||||||
|
when: run_once_python_pip is not defined
|
||||||
|
@ -6,3 +6,9 @@
|
|||||||
group: root
|
group: root
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
notify: sshd restart
|
notify: sshd restart
|
||||||
|
when: run_once_sshd is not defined
|
||||||
|
|
||||||
|
- name: run the sshd tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_sshd: true
|
||||||
|
when: run_once_sshd is not defined
|
||||||
|
@ -2,3 +2,9 @@
|
|||||||
package:
|
package:
|
||||||
name: sudo
|
name: sudo
|
||||||
state: present
|
state: present
|
||||||
|
when: run_once_sudo is not defined
|
||||||
|
|
||||||
|
- name: run the sudo tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_sudo: true
|
||||||
|
when: run_once_sudo is not defined
|
@ -1,18 +1,28 @@
|
|||||||
- name: install smtp-forwarder
|
- name: install smtp-forwarder
|
||||||
pacman: name=smtp-forwarder state=present
|
pacman: name=smtp-forwarder state=present
|
||||||
|
when: run_once_systemd_notifier_email is not defined
|
||||||
|
|
||||||
- name: configure msmtprc.conf.j2
|
- name: configure msmtprc.conf.j2
|
||||||
template: src=msmtprc.conf.j2 dest=/root/.msmtprc
|
template: src=msmtprc.conf.j2 dest=/root/.msmtprc
|
||||||
|
when: run_once_systemd_notifier_email is not defined
|
||||||
|
|
||||||
- name: "create {{systemd_notifier_email_folder}}"
|
- name: "create {{systemd_notifier_email_folder}}"
|
||||||
file:
|
file:
|
||||||
path: "{{systemd_notifier_email_folder}}"
|
path: "{{systemd_notifier_email_folder}}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
when: run_once_systemd_notifier_email is not defined
|
||||||
|
|
||||||
- name: configure systemd-notifier-email.sh
|
- name: configure systemd-notifier-email.sh
|
||||||
template: src=systemd-notifier-email.sh.j2 dest={{systemd_notifier_email_folder}}systemd-notifier-email.sh
|
template: src=systemd-notifier-email.sh.j2 dest={{systemd_notifier_email_folder}}systemd-notifier-email.sh
|
||||||
|
when: run_once_systemd_notifier_email is not defined
|
||||||
|
|
||||||
- name: configure systemd-notifier-email.service
|
- name: configure systemd-notifier-email.service
|
||||||
template: src=systemd-notifier-email@.service.j2 dest=/etc/systemd/system/systemd-notifier-email@.service
|
template: src=systemd-notifier-email@.service.j2 dest=/etc/systemd/system/systemd-notifier-email@.service
|
||||||
notify: restart systemd-notifier-email service
|
notify: restart systemd-notifier-email service
|
||||||
|
when: run_once_systemd_notifier_email is not defined
|
||||||
|
|
||||||
|
- name: run the systemd_notifier_email tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_systemd_notifier_email: true
|
||||||
|
when: run_once_systemd_notifier_email is not defined
|
||||||
|
@ -2,20 +2,29 @@
|
|||||||
pacman:
|
pacman:
|
||||||
name: curl
|
name: curl
|
||||||
state: present
|
state: present
|
||||||
|
when: run_once_systemd_notifier_telegram is not defined
|
||||||
|
|
||||||
- name: Create a directory with a subdirectory
|
- name: Create a directory with a subdirectory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{systemd_telegram_folder}}"
|
path: "{{systemd_telegram_folder}}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
|
when: run_once_systemd_notifier_telegram is not defined
|
||||||
|
|
||||||
- name: configure systemd-notifier-telegram.sh
|
- name: configure systemd-notifier-telegram.sh
|
||||||
template:
|
template:
|
||||||
src: systemd-notifier-telegram.sh.j2
|
src: systemd-notifier-telegram.sh.j2
|
||||||
dest: "{{ systemd_telegram_script }}"
|
dest: "{{ systemd_telegram_script }}"
|
||||||
|
when: run_once_systemd_notifier_telegram is not defined
|
||||||
|
|
||||||
- name: configure systemd-notifier-telegram.service
|
- name: configure systemd-notifier-telegram.service
|
||||||
template:
|
template:
|
||||||
src: systemd-notifier-telegram@.service.j2
|
src: systemd-notifier-telegram@.service.j2
|
||||||
dest: "/etc/systemd/system/systemd-notifier-telegram@.service"
|
dest: "/etc/systemd/system/systemd-notifier-telegram@.service"
|
||||||
notify: "restart systemd-notifier-telegram service"
|
notify: "restart systemd-notifier-telegram service"
|
||||||
|
when: run_once_systemd_notifier_telegram is not defined
|
||||||
|
|
||||||
|
- name: run the systemd_notifier_telegram tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_systemd_notifier_telegram: true
|
||||||
|
when: run_once_systemd_notifier_telegram is not defined
|
@ -2,3 +2,9 @@
|
|||||||
systemd:
|
systemd:
|
||||||
name: systemd-notifier.service
|
name: systemd-notifier.service
|
||||||
daemon_reload: yes
|
daemon_reload: yes
|
||||||
|
when: run_once_systemd_notifier_service is not defined
|
||||||
|
|
||||||
|
- name: run the systemd_notifier_service tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_systemd_notifier_service: true
|
||||||
|
when: run_once_systemd_notifier_service is not defined
|
||||||
|
@ -4,3 +4,9 @@
|
|||||||
src: systemd-notifier@.service.j2
|
src: systemd-notifier@.service.j2
|
||||||
dest: "/etc/systemd/system/systemd-notifier@.service"
|
dest: "/etc/systemd/system/systemd-notifier@.service"
|
||||||
notify: "restart systemd-notifier service"
|
notify: "restart systemd-notifier service"
|
||||||
|
when: run_once_systemd_notifier_service is not defined
|
||||||
|
|
||||||
|
- name: run the systemd_notifier_service tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_systemd_notifier_service: true
|
||||||
|
when: run_once_systemd_notifier_service is not defined
|
@ -7,6 +7,7 @@
|
|||||||
generate_ssh_key: yes
|
generate_ssh_key: yes
|
||||||
ssh_key_type: rsa
|
ssh_key_type: rsa
|
||||||
ssh_key_bits: 8192
|
ssh_key_bits: 8192
|
||||||
|
when: run_once_user_administrator is not defined
|
||||||
|
|
||||||
- name: "create {{path_administrator_scripts}}"
|
- name: "create {{path_administrator_scripts}}"
|
||||||
file:
|
file:
|
||||||
@ -15,6 +16,7 @@
|
|||||||
owner: administrator
|
owner: administrator
|
||||||
group: administrator
|
group: administrator
|
||||||
mode: 0700
|
mode: 0700
|
||||||
|
when: run_once_user_administrator is not defined
|
||||||
|
|
||||||
- name: create {{path_administrator_home}}.ssh/authorized_keys
|
- name: create {{path_administrator_home}}.ssh/authorized_keys
|
||||||
copy:
|
copy:
|
||||||
@ -23,6 +25,7 @@
|
|||||||
owner: administrator
|
owner: administrator
|
||||||
group: administrator
|
group: administrator
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
|
when: run_once_user_administrator is not defined
|
||||||
|
|
||||||
- name: grant administrator sudo rights with password
|
- name: grant administrator sudo rights with password
|
||||||
copy:
|
copy:
|
||||||
@ -32,6 +35,7 @@
|
|||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
notify: sshd restart
|
notify: sshd restart
|
||||||
|
when: run_once_user_administrator is not defined
|
||||||
|
|
||||||
- name: "create {{path_administrator_home}}volumes/"
|
- name: "create {{path_administrator_home}}volumes/"
|
||||||
file:
|
file:
|
||||||
@ -40,3 +44,9 @@
|
|||||||
owner: administrator
|
owner: administrator
|
||||||
group: administrator
|
group: administrator
|
||||||
mode: 0700
|
mode: 0700
|
||||||
|
when: run_once_user_administrator is not defined
|
||||||
|
|
||||||
|
- name: run the user_administrator tasks once
|
||||||
|
set_fact:
|
||||||
|
run_once_user_administrator: true
|
||||||
|
when: run_once_user_administrator is not defined
|
Loading…
Reference in New Issue
Block a user