mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2024-11-26 06:31:04 +01:00
Compare commits
No commits in common. "db6da43fc6747bdd890ceb23336b1b76ee5292a4" and "a78af5032ece6f679e6d04876d8efe42940890f0" have entirely different histories.
db6da43fc6
...
a78af5032e
@ -152,7 +152,7 @@ Focuses on web server roles and applications, covering SSL certificates, Nginx c
|
|||||||
- **[Nginx-Https](./roles/nginx-https/)**: Enables HTTPS configuration for Nginx.
|
- **[Nginx-Https](./roles/nginx-https/)**: Enables HTTPS configuration for Nginx.
|
||||||
- **[Nginx-Matomo-Tracking](./roles/nginx-matomo-tracking/)**: Integrates Matomo tracking with Nginx.
|
- **[Nginx-Matomo-Tracking](./roles/nginx-matomo-tracking/)**: Integrates Matomo tracking with Nginx.
|
||||||
- **[Nginx-Redirect](./roles/nginx-domain-redirect/)**: Manages URL redirects in Nginx.
|
- **[Nginx-Redirect](./roles/nginx-domain-redirect/)**: Manages URL redirects in Nginx.
|
||||||
- **[Certbot Nginx](./roles/nginx-certbot/)**: Integrates Certbot with Nginx for SSL certificates.
|
- **[Certbot Nginx](./roles/certbot-nginx/)**: Integrates Certbot with Nginx for SSL certificates.
|
||||||
- **[Postfix](./roles/postfix/)**: Setup for the Postfix mail transfer agent.
|
- **[Postfix](./roles/postfix/)**: Setup for the Postfix mail transfer agent.
|
||||||
|
|
||||||
#### Docker and Containerization
|
#### Docker and Containerization
|
||||||
|
@ -50,10 +50,9 @@ domain_mailu: "mail.{{top_domain}}"
|
|||||||
domain_mastodon: "microblog.{{top_domain}}"
|
domain_mastodon: "microblog.{{top_domain}}"
|
||||||
domains_mastodon_alternates: []
|
domains_mastodon_alternates: []
|
||||||
domain_matomo: "matomo.{{top_domain}}"
|
domain_matomo: "matomo.{{top_domain}}"
|
||||||
domain_matrix: "chat.{{top_domain}}"
|
|
||||||
domain_mediawiki: "wiki.{{top_domain}}"
|
domain_mediawiki: "wiki.{{top_domain}}"
|
||||||
domain_nextcloud: "cloud.{{top_domain}}"
|
domain_nextcloud: "cloud.{{top_domain}}"
|
||||||
domain_pixelfed: "pictures.{{top_domain}}"
|
domain_pixelfed: "pictures.{{top_domain}}"
|
||||||
domains_pixelfed: []
|
domains_pixelfed: []
|
||||||
domain_peertube: "videos.{{top_domain}}"
|
domain_peertube: "videos.{{top_domain}}"
|
||||||
domains_peertube: []
|
domains_peertube: []
|
||||||
@ -74,7 +73,6 @@ redirect_domain_mappings:
|
|||||||
- { source: "peertube.{{top_domain}}", target: "videos.{{top_domain}}" }
|
- { source: "peertube.{{top_domain}}", target: "videos.{{top_domain}}" }
|
||||||
- { source: "funkwhale.{{top_domain}}", target: "music.{{top_domain}}" }
|
- { source: "funkwhale.{{top_domain}}", target: "music.{{top_domain}}" }
|
||||||
- { source: "pixelfed.{{top_domain}}", target: "pictures.{{top_domain}}" }
|
- { source: "pixelfed.{{top_domain}}", target: "pictures.{{top_domain}}" }
|
||||||
- { source: "matrix.{{top_domain}}", target: "chat.{{top_domain}}" }
|
|
||||||
|
|
||||||
nginx_configuration_directory: "/etc/nginx/conf.d/"
|
nginx_configuration_directory: "/etc/nginx/conf.d/"
|
||||||
nginx_servers_directory: "{{nginx_configuration_directory}}servers/"
|
nginx_servers_directory: "{{nginx_configuration_directory}}servers/"
|
||||||
|
@ -200,15 +200,6 @@
|
|||||||
domains: "{{domains_discourse}}"
|
domains: "{{domains_discourse}}"
|
||||||
http_port: 8020
|
http_port: 8020
|
||||||
|
|
||||||
- name: setup matrix
|
|
||||||
hosts: matrix
|
|
||||||
become: true
|
|
||||||
roles:
|
|
||||||
- role: docker-matrix
|
|
||||||
vars:
|
|
||||||
domain: "{{domain_matrix}}"
|
|
||||||
http_port: 8021
|
|
||||||
|
|
||||||
- name: setup akaunting hosts
|
- name: setup akaunting hosts
|
||||||
hosts: akaunting
|
hosts: akaunting
|
||||||
become: true
|
become: true
|
||||||
|
@ -4,7 +4,6 @@
|
|||||||
- lsof
|
- lsof
|
||||||
- python-pandas
|
- python-pandas
|
||||||
state: present
|
state: present
|
||||||
when: run_once_backup_docker_to_local is not defined
|
|
||||||
|
|
||||||
- name: pull backup-docker-to-local.git
|
- name: pull backup-docker-to-local.git
|
||||||
git:
|
git:
|
||||||
@ -13,26 +12,23 @@
|
|||||||
update: yes
|
update: yes
|
||||||
register: git_result
|
register: git_result
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
when: run_once_backup_docker_to_local is not defined
|
|
||||||
|
|
||||||
- name: Warn if repo is not reachable
|
- name: Warn if repo is not reachable
|
||||||
debug:
|
debug:
|
||||||
msg: "Warning: Repository is not reachable."
|
msg: "Warning: Repository is not reachable."
|
||||||
when: git_result is defined and git_result.failed is defined and run_once_cleanup_failed_docker_backups is not defined
|
when: git_result.failed
|
||||||
|
|
||||||
- name: configure backup-docker-to-local.service
|
- name: configure backup-docker-to-local.service
|
||||||
template:
|
template:
|
||||||
src: backup-docker-to-local.service.j2
|
src: backup-docker-to-local.service.j2
|
||||||
dest: /etc/systemd/system/backup-docker-to-local.service
|
dest: /etc/systemd/system/backup-docker-to-local.service
|
||||||
notify: reload backup-docker-to-local.service
|
notify: reload backup-docker-to-local.service
|
||||||
when: run_once_backup_docker_to_local is not defined
|
|
||||||
|
|
||||||
- name: configure backup-docker-to-local.timer.tpl
|
- name: configure backup-docker-to-local.timer.tpl
|
||||||
template: src=backup-docker-to-local.timer.j2 dest=/etc/systemd/system/backup-docker-to-local.timer
|
template: src=backup-docker-to-local.timer.j2 dest=/etc/systemd/system/backup-docker-to-local.timer
|
||||||
register: backup_docker_to_local_timer
|
register: backup_docker_to_local_timer
|
||||||
changed_when: backup_docker_to_local_timer.changed or activate_all_timers | default(false) | bool
|
changed_when: backup_docker_to_local_timer.changed or activate_all_timers | default(false) | bool
|
||||||
notify: restart backup-docker-to-local.timer
|
notify: restart backup-docker-to-local.timer
|
||||||
when: run_once_backup_docker_to_local is not defined
|
|
||||||
|
|
||||||
- name: create {{backup_docker_to_local_folder}}databases.csv
|
- name: create {{backup_docker_to_local_folder}}databases.csv
|
||||||
copy:
|
copy:
|
||||||
@ -40,9 +36,3 @@
|
|||||||
dest: "{{backup_docker_to_local_folder}}databases.csv"
|
dest: "{{backup_docker_to_local_folder}}databases.csv"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
when: run_once_backup_docker_to_local is not defined
|
|
||||||
|
|
||||||
- name: run the backup_docker_to_local tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_backup_docker_to_local: true
|
|
||||||
when: run_once_backup_docker_to_local is not defined
|
|
||||||
|
@ -2,7 +2,6 @@
|
|||||||
user:
|
user:
|
||||||
name: backup
|
name: backup
|
||||||
create_home: yes
|
create_home: yes
|
||||||
when: run_once_backups_provider_user is not defined
|
|
||||||
|
|
||||||
- name: create .ssh directory
|
- name: create .ssh directory
|
||||||
file:
|
file:
|
||||||
@ -11,7 +10,6 @@
|
|||||||
owner: backup
|
owner: backup
|
||||||
group: backup
|
group: backup
|
||||||
mode: '0700'
|
mode: '0700'
|
||||||
when: run_once_backups_provider_user is not defined
|
|
||||||
|
|
||||||
- name: create /home/backup/.ssh/authorized_keys
|
- name: create /home/backup/.ssh/authorized_keys
|
||||||
template:
|
template:
|
||||||
@ -20,7 +18,6 @@
|
|||||||
owner: backup
|
owner: backup
|
||||||
group: backup
|
group: backup
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
when: run_once_backups_provider_user is not defined
|
|
||||||
|
|
||||||
- name: create /home/backup/ssh-wrapper.sh
|
- name: create /home/backup/ssh-wrapper.sh
|
||||||
copy:
|
copy:
|
||||||
@ -29,7 +26,6 @@
|
|||||||
owner: backup
|
owner: backup
|
||||||
group: backup
|
group: backup
|
||||||
mode: '0700'
|
mode: '0700'
|
||||||
when: run_once_backups_provider_user is not defined
|
|
||||||
|
|
||||||
- name: grant backup sudo rights
|
- name: grant backup sudo rights
|
||||||
copy:
|
copy:
|
||||||
@ -39,9 +35,3 @@
|
|||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
notify: sshd restart
|
notify: sshd restart
|
||||||
when: run_once_backups_provider_user is not defined
|
|
||||||
|
|
||||||
- name: run the backups_provider_user tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_backups_provider_user: true
|
|
||||||
when: run_once_backups_provider_user is not defined
|
|
@ -2,14 +2,12 @@
|
|||||||
pacman:
|
pacman:
|
||||||
name: [certbot,certbot-nginx]
|
name: [certbot,certbot-nginx]
|
||||||
state: present
|
state: present
|
||||||
when: run_once_nginx_certbot is not defined
|
|
||||||
|
|
||||||
- name: configure certbot.service.tpl
|
- name: configure certbot.service.tpl
|
||||||
template:
|
template:
|
||||||
src: certbot.service.j2
|
src: certbot.service.j2
|
||||||
dest: /etc/systemd/system/certbot.service
|
dest: /etc/systemd/system/certbot.service
|
||||||
notify: reload certbot service
|
notify: reload certbot service
|
||||||
when: run_once_nginx_certbot is not defined
|
|
||||||
|
|
||||||
- name: configure certbot.timer.tpl
|
- name: configure certbot.timer.tpl
|
||||||
template:
|
template:
|
||||||
@ -18,9 +16,3 @@
|
|||||||
register: certbot_timer
|
register: certbot_timer
|
||||||
changed_when: certbot_timer.changed or activate_all_timers | default(false) | bool
|
changed_when: certbot_timer.changed or activate_all_timers | default(false) | bool
|
||||||
notify: restart certbot timer
|
notify: restart certbot timer
|
||||||
when: run_once_nginx_certbot is not defined
|
|
||||||
|
|
||||||
- name: run the nginx_certbot tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_nginx_certbot: true
|
|
||||||
when: run_once_nginx_certbot is not defined
|
|
@ -4,29 +4,20 @@
|
|||||||
- lsof
|
- lsof
|
||||||
- python-psutil
|
- python-psutil
|
||||||
state: present
|
state: present
|
||||||
when: run_once_cleanup_backups_service is not defined
|
|
||||||
|
|
||||||
- name: "create {{docker_cleanup_backups}}"
|
- name: "create {{docker_cleanup_backups}}"
|
||||||
file:
|
file:
|
||||||
path: "{{docker_cleanup_backups}}"
|
path: "{{docker_cleanup_backups}}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
when: run_once_cleanup_backups_service is not defined
|
|
||||||
|
|
||||||
- name: create cleanup-backups.py
|
- name: create cleanup-backups.py
|
||||||
copy:
|
copy:
|
||||||
src: "cleanup-backups.py"
|
src: "cleanup-backups.py"
|
||||||
dest: "{{docker_cleanup_backups}}cleanup-backups.py"
|
dest: "{{docker_cleanup_backups}}cleanup-backups.py"
|
||||||
when: run_once_cleanup_backups_service is not defined
|
|
||||||
|
|
||||||
- name: create cleanup-backups.service
|
- name: create cleanup-backups.service
|
||||||
template:
|
template:
|
||||||
src: "cleanup-backups.service.j2"
|
src: "cleanup-backups.service.j2"
|
||||||
dest: "/etc/systemd/system/cleanup-backups.service"
|
dest: "/etc/systemd/system/cleanup-backups.service"
|
||||||
notify: reload cleanup-backups.service
|
notify: reload cleanup-backups.service
|
||||||
when: run_once_cleanup_backups_service is not defined
|
|
||||||
|
|
||||||
- name: run the cleanup_backups_service tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_cleanup_backups_service: true
|
|
||||||
when: run_once_cleanup_backups_service is not defined
|
|
||||||
|
@ -4,9 +4,3 @@
|
|||||||
state: restarted
|
state: restarted
|
||||||
enabled: yes
|
enabled: yes
|
||||||
daemon_reload: yes
|
daemon_reload: yes
|
||||||
when: run_once_cleanup_backup_timer is not defined
|
|
||||||
|
|
||||||
- name: run the cleanup_backup_timer tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_cleanup_backup_timer: true
|
|
||||||
when: run_once_cleanup_backup_timer is not defined
|
|
@ -5,9 +5,3 @@
|
|||||||
register: cleanup_backups_timer
|
register: cleanup_backups_timer
|
||||||
changed_when: cleanup_backups_timer.changed or activate_all_timers | default(false) | bool
|
changed_when: cleanup_backups_timer.changed or activate_all_timers | default(false) | bool
|
||||||
notify: restart cleanup-backups.timer
|
notify: restart cleanup-backups.timer
|
||||||
when: run_once_cleanup_backups_timer is not defined
|
|
||||||
|
|
||||||
- name: run the cleanup_backups_timer tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_cleanup_backups_timer: true
|
|
||||||
when: run_once_cleanup_backups_timer is not defined
|
|
||||||
|
@ -5,21 +5,14 @@
|
|||||||
update: yes
|
update: yes
|
||||||
register: git_result
|
register: git_result
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
when: run_once_cleanup_failed_docker_backups is not defined
|
|
||||||
|
|
||||||
- name: Warn if repo is not reachable
|
- name: Warn if repo is not reachable
|
||||||
debug:
|
debug:
|
||||||
msg: "Warning: Repository is not reachable."
|
msg: "Warning: Repository is not reachable."
|
||||||
when: git_result is defined and git_result.failed is defined and run_once_cleanup_failed_docker_backups is not defined
|
when: git_result.failed
|
||||||
|
|
||||||
- name: configure cleanup-failed-docker-backups.service
|
- name: configure cleanup-failed-docker-backups.service
|
||||||
template:
|
template:
|
||||||
src: cleanup-failed-docker-backups.service.j2
|
src: cleanup-failed-docker-backups.service.j2
|
||||||
dest: /etc/systemd/system/cleanup-failed-docker-backups.service
|
dest: /etc/systemd/system/cleanup-failed-docker-backups.service
|
||||||
notify: reload cleanup-failed-docker-backups.service daemon
|
notify: reload cleanup-failed-docker-backups.service daemon
|
||||||
when: run_once_cleanup_failed_docker_backups is not defined
|
|
||||||
|
|
||||||
- name: run the cleanup_failed_docker_backups tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_cleanup_failed_docker_backups: true
|
|
||||||
when: run_once_cleanup_failed_docker_backups is not defined
|
|
@ -99,16 +99,6 @@ hooks:
|
|||||||
cd: $home/plugins
|
cd: $home/plugins
|
||||||
cmd:
|
cmd:
|
||||||
- git clone https://github.com/discourse/docker_manager.git
|
- git clone https://github.com/discourse/docker_manager.git
|
||||||
- git clone https://github.com/discourse/discourse-activity-pub.git
|
|
||||||
- git clone https://github.com/discourse/discourse-calendar.git
|
|
||||||
- git clone https://github.com/discourse/discourse-akismet.git
|
|
||||||
- git clone https://github.com/discourse/discourse-cakeday.git
|
|
||||||
- git clone https://github.com/discourse/discourse-solved.git
|
|
||||||
- git clone https://github.com/discourse/discourse-voting.git
|
|
||||||
- git clone https://github.com/gdpelican/retort.git
|
|
||||||
- git clone https://github.com/discourse/discourse-oauth2-basic.git
|
|
||||||
- git clone https://github.com/discourse/discourse-openid-connect.git
|
|
||||||
- git clone https://github.com/jonmbake/discourse-ldap-auth
|
|
||||||
|
|
||||||
## Any custom commands to run after building
|
## Any custom commands to run after building
|
||||||
run:
|
run:
|
||||||
|
@ -6,7 +6,7 @@ services:
|
|||||||
env_file: .env
|
env_file: .env
|
||||||
environment:
|
environment:
|
||||||
- "POSTGRES_HOST_AUTH_METHOD=trust"
|
- "POSTGRES_HOST_AUTH_METHOD=trust"
|
||||||
image: postgres:alpine
|
image: postgres:15-alpine
|
||||||
volumes:
|
volumes:
|
||||||
- database:/var/lib/postgresql/data
|
- database:/var/lib/postgresql/data
|
||||||
|
|
||||||
|
@ -1,3 +1,7 @@
|
|||||||
|
# NOTE: This docker-compose.yml is meant to be just an example guideline
|
||||||
|
# on how you can achieve the same. It is not intented to run out of the box
|
||||||
|
# and you must edit the below configurations to suit your needs.
|
||||||
|
|
||||||
version: "3.7"
|
version: "3.7"
|
||||||
|
|
||||||
x-application-defaults: &application-defaults
|
x-application-defaults: &application-defaults
|
||||||
@ -11,7 +15,7 @@ x-application-defaults: &application-defaults
|
|||||||
- TZ=Etc/UTC
|
- TZ=Etc/UTC
|
||||||
|
|
||||||
x-database-defaults: &database-defaults
|
x-database-defaults: &database-defaults
|
||||||
image: postgres:alpine
|
image: postgres:13-alpine
|
||||||
ports:
|
ports:
|
||||||
- "9432:5432"
|
- "9432:5432"
|
||||||
networks:
|
networks:
|
||||||
|
@ -2,7 +2,7 @@ version: '3'
|
|||||||
services:
|
services:
|
||||||
database:
|
database:
|
||||||
restart: always
|
restart: always
|
||||||
image: postgres:alpine
|
image: postgres:14-alpine
|
||||||
shm_size: 256mb
|
shm_size: 256mb
|
||||||
networks:
|
networks:
|
||||||
- internal_network
|
- internal_network
|
||||||
|
@ -1,8 +0,0 @@
|
|||||||
---
|
|
||||||
- name: recreate matrix
|
|
||||||
command:
|
|
||||||
cmd: docker-compose up -d --force-recreate
|
|
||||||
chdir: "{{docker_compose_instance_directory}}"
|
|
||||||
environment:
|
|
||||||
COMPOSE_HTTP_TIMEOUT: 600
|
|
||||||
DOCKER_CLIENT_TIMEOUT: 600
|
|
@ -1,2 +0,0 @@
|
|||||||
dependencies:
|
|
||||||
- nginx-docker-reverse-proxy
|
|
@ -1,33 +0,0 @@
|
|||||||
---
|
|
||||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
|
||||||
include_tasks: nginx-docker-proxy-domain.yml
|
|
||||||
|
|
||||||
- name: "create {{docker_compose_instance_directory}}"
|
|
||||||
file:
|
|
||||||
path: "{{docker_compose_instance_directory}}"
|
|
||||||
state: directory
|
|
||||||
mode: 0755
|
|
||||||
|
|
||||||
- name: add homeserver.yaml
|
|
||||||
template:
|
|
||||||
src: "homeserver.yaml.j2"
|
|
||||||
dest: "{{docker_compose_instance_directory}}homeserver.yaml"
|
|
||||||
notify: recreate matrix
|
|
||||||
|
|
||||||
- name: add log.config
|
|
||||||
template:
|
|
||||||
src: "log.config.j2"
|
|
||||||
dest: "{{docker_compose_instance_directory}}{{domain}}.log.config"
|
|
||||||
notify: recreate matrix
|
|
||||||
|
|
||||||
# https://github.com/matrix-org/synapse/issues/6303
|
|
||||||
- name: set correct folder permissions
|
|
||||||
command:
|
|
||||||
cmd: "docker run --rm --mount type=volume,src=matrix_data,dst=/data -e SYNAPSE_SERVER_NAME={{domain}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'"
|
|
||||||
chdir: "{{path_docker_compose_instances}}baserow/"
|
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
|
||||||
template:
|
|
||||||
src: "docker-compose.yml.j2"
|
|
||||||
dest: "{{docker_compose_instance_directory}}docker-compose.yml"
|
|
||||||
notify: recreate matrix
|
|
@ -1,45 +0,0 @@
|
|||||||
version: '3.1'
|
|
||||||
|
|
||||||
services:
|
|
||||||
|
|
||||||
application:
|
|
||||||
image: matrixdotorg/synapse:latest
|
|
||||||
restart: unless-stopped
|
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
volumes:
|
|
||||||
- data:/data
|
|
||||||
- ./homeserver.yaml:/data/homeserver.yaml:ro
|
|
||||||
- ./{{domain}}.log.config:/data/{{domain}}.log.config:ro
|
|
||||||
environment:
|
|
||||||
- SYNAPSE_SERVER_NAME={{domain}}
|
|
||||||
- SYNAPSE_REPORT_STATS=no
|
|
||||||
ports:
|
|
||||||
- "127.0.0.1:{{http_port}}:8008"
|
|
||||||
depends_on:
|
|
||||||
- database
|
|
||||||
|
|
||||||
database:
|
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
image: postgres:alpine
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- database:/var/lib/postgresql/data
|
|
||||||
environment:
|
|
||||||
- POSTGRES_DB=matrix
|
|
||||||
- POSTGRES_USER=matrix
|
|
||||||
- POSTGRES_PASSWORD={{matrix_database_password}}
|
|
||||||
- POSTGRES_INITDB_ARGS='--encoding=UTF-8 --lc-collate=C --lc-ctype=C'
|
|
||||||
healthcheck:
|
|
||||||
test: ["CMD-SHELL", "pg_isready -U matrix"]
|
|
||||||
interval: 10s
|
|
||||||
timeout: 5s
|
|
||||||
retries: 6
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
database:
|
|
||||||
data:
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
driver: bridge
|
|
@ -1,28 +0,0 @@
|
|||||||
server_name: "{{domain}}"
|
|
||||||
pid_file: /data/homeserver.pid
|
|
||||||
listeners:
|
|
||||||
- port: 8008
|
|
||||||
tls: false
|
|
||||||
type: http
|
|
||||||
x_forwarded: true
|
|
||||||
resources:
|
|
||||||
- names: [client, federation]
|
|
||||||
compress: false
|
|
||||||
database:
|
|
||||||
name: psycopg2
|
|
||||||
args:
|
|
||||||
user: matrix
|
|
||||||
password: {{matrix_database_password}}
|
|
||||||
database: matrix
|
|
||||||
host: database
|
|
||||||
cp_min: 5
|
|
||||||
cp_max: 10
|
|
||||||
log_config: "/data/{{domain}}.log.config"
|
|
||||||
media_store_path: /data/media_store
|
|
||||||
registration_shared_secret: "{{matrix_registration_shared_secret}}"
|
|
||||||
report_stats: true
|
|
||||||
macaroon_secret_key: "{{matrix_macaroon_secret_key}}"
|
|
||||||
form_secret: "{{matrix_form_secret}}"
|
|
||||||
signing_key_path: "/data/{{domain}}.signing.key"
|
|
||||||
trusted_key_servers:
|
|
||||||
- server_name: "matrix.org"
|
|
@ -1,25 +0,0 @@
|
|||||||
version: 1
|
|
||||||
|
|
||||||
formatters:
|
|
||||||
precise:
|
|
||||||
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
|
|
||||||
|
|
||||||
handlers:
|
|
||||||
file:
|
|
||||||
class: logging.handlers.RotatingFileHandler
|
|
||||||
formatter: precise
|
|
||||||
filename: /data/{{ domain }}.homeserver.log
|
|
||||||
maxBytes: 10485760
|
|
||||||
backupCount: 3
|
|
||||||
console:
|
|
||||||
class: logging.StreamHandler
|
|
||||||
formatter: precise
|
|
||||||
|
|
||||||
loggers:
|
|
||||||
synapse:
|
|
||||||
level: INFO
|
|
||||||
handlers: [file, console]
|
|
||||||
|
|
||||||
root:
|
|
||||||
level: INFO
|
|
||||||
handlers: [file, console]
|
|
@ -1,2 +0,0 @@
|
|||||||
---
|
|
||||||
docker_compose_instance_directory: "{{path_docker_compose_instances}}matrix/"
|
|
@ -34,15 +34,10 @@ services:
|
|||||||
POSTGRES_DB: mybb
|
POSTGRES_DB: mybb
|
||||||
POSTGRES_PASSWORD: "{{mybb_database_password}}"
|
POSTGRES_PASSWORD: "{{mybb_database_password}}"
|
||||||
POSTGRES_USER: mybb
|
POSTGRES_USER: mybb
|
||||||
image: postgres:alpine
|
image: postgres:14-alpine
|
||||||
volumes:
|
volumes:
|
||||||
- database:/var/lib/postgresql/data:rw
|
- database:/var/lib/postgresql/data:rw
|
||||||
restart: always
|
restart: always
|
||||||
healthcheck:
|
|
||||||
test: ["CMD-SHELL", "pg_isready -U mybb"]
|
|
||||||
interval: 10s
|
|
||||||
timeout: 5s
|
|
||||||
retries: 6
|
|
||||||
volumes:
|
volumes:
|
||||||
database:
|
database:
|
||||||
data:
|
data:
|
||||||
|
@ -17,19 +17,14 @@ services:
|
|||||||
- redis
|
- redis
|
||||||
restart: "always"
|
restart: "always"
|
||||||
database:
|
database:
|
||||||
image: postgres:alpine
|
image: postgres:13-alpine
|
||||||
env_file:
|
env_file:
|
||||||
- .env
|
- .env
|
||||||
volumes:
|
volumes:
|
||||||
- database:/var/lib/postgresql/data
|
- database:/var/lib/postgresql/data
|
||||||
restart: "always"
|
restart: "always"
|
||||||
healthcheck:
|
|
||||||
test: ["CMD-SHELL", "pg_isready -U peertube"]
|
|
||||||
interval: 10s
|
|
||||||
timeout: 5s
|
|
||||||
retries: 6
|
|
||||||
redis:
|
redis:
|
||||||
image: redis:alpine
|
image: redis:6-alpine
|
||||||
volumes:
|
volumes:
|
||||||
- redis:/data
|
- redis:/data
|
||||||
restart: "always"
|
restart: "always"
|
||||||
|
@ -5,7 +5,6 @@
|
|||||||
name: ['docker','docker-compose']
|
name: ['docker','docker-compose']
|
||||||
state: present
|
state: present
|
||||||
notify: docker restart
|
notify: docker restart
|
||||||
when: run_once_docker is not defined
|
|
||||||
|
|
||||||
- name: "create {{path_docker_compose_instances}}"
|
- name: "create {{path_docker_compose_instances}}"
|
||||||
file:
|
file:
|
||||||
@ -14,7 +13,6 @@
|
|||||||
mode: 0700
|
mode: 0700
|
||||||
owner: administrator
|
owner: administrator
|
||||||
group: administrator
|
group: administrator
|
||||||
when: run_once_docker is not defined
|
|
||||||
|
|
||||||
- name: "create {{path_docker_volumes}}"
|
- name: "create {{path_docker_volumes}}"
|
||||||
file:
|
file:
|
||||||
@ -23,13 +21,6 @@
|
|||||||
mode: 0700
|
mode: 0700
|
||||||
owner: administrator
|
owner: administrator
|
||||||
group: administrator
|
group: administrator
|
||||||
when: run_once_docker is not defined
|
|
||||||
|
|
||||||
- name: flush docker service
|
- name: flush docker service
|
||||||
meta: flush_handlers
|
meta: flush_handlers
|
||||||
when: run_once_docker is not defined
|
|
||||||
|
|
||||||
- name: run the docker tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_docker: true
|
|
||||||
when: run_once_docker is not defined
|
|
||||||
|
@ -1,8 +1,2 @@
|
|||||||
- name: install git
|
- name: install git
|
||||||
pacman: name=git state=present
|
pacman: name=git state=present
|
||||||
when: run_once_git is not defined
|
|
||||||
|
|
||||||
- name: run the git tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_git: true
|
|
||||||
when: run_once_git is not defined
|
|
@ -3,20 +3,17 @@
|
|||||||
path: "{{heal_docker}}"
|
path: "{{heal_docker}}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
when: run_once_heal_docker is not defined
|
|
||||||
|
|
||||||
- name: create heal-docker.py
|
- name: create heal-docker.py
|
||||||
copy:
|
copy:
|
||||||
src: heal-docker.py
|
src: heal-docker.py
|
||||||
dest: "{{heal_docker}}heal-docker.py"
|
dest: "{{heal_docker}}heal-docker.py"
|
||||||
when: run_once_heal_docker is not defined
|
|
||||||
|
|
||||||
- name: create heal-docker.service
|
- name: create heal-docker.service
|
||||||
template:
|
template:
|
||||||
src: heal-docker.service.j2
|
src: heal-docker.service.j2
|
||||||
dest: /etc/systemd/system/heal-docker.service
|
dest: /etc/systemd/system/heal-docker.service
|
||||||
notify: reload heal-docker.service
|
notify: reload heal-docker.service
|
||||||
when: run_once_heal_docker is not defined
|
|
||||||
|
|
||||||
- name: create heal-docker.timer
|
- name: create heal-docker.timer
|
||||||
template:
|
template:
|
||||||
@ -25,9 +22,3 @@
|
|||||||
register: heal_docker_timer
|
register: heal_docker_timer
|
||||||
changed_when: heal_docker_timer.changed or activate_all_timers | default(false) | bool
|
changed_when: heal_docker_timer.changed or activate_all_timers | default(false) | bool
|
||||||
notify: restart heal-docker.timer
|
notify: restart heal-docker.timer
|
||||||
when: run_once_heal_docker is not defined
|
|
||||||
|
|
||||||
- name: run the heal_docker tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_heal_docker: true
|
|
||||||
when: run_once_heal_docker is not defined
|
|
@ -3,18 +3,15 @@
|
|||||||
path: "{{health_docker_container_folder}}"
|
path: "{{health_docker_container_folder}}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
when: run_once_health_docker_container is not defined
|
|
||||||
|
|
||||||
- name: create health-docker-container.sh
|
- name: create health-docker-container.sh
|
||||||
copy:
|
copy:
|
||||||
src: health-docker-container.sh
|
src: health-docker-container.sh
|
||||||
dest: "{{health_docker_container_folder}}health-docker-container.sh"
|
dest: "{{health_docker_container_folder}}health-docker-container.sh"
|
||||||
when: run_once_health_docker_container is not defined
|
|
||||||
|
|
||||||
- name: create health-docker-container.service
|
- name: create health-docker-container.service
|
||||||
template: src=health-docker-container.service.j2 dest=/etc/systemd/system/health-docker-container.service
|
template: src=health-docker-container.service.j2 dest=/etc/systemd/system/health-docker-container.service
|
||||||
notify: reload health-docker-container.service
|
notify: reload health-docker-container.service
|
||||||
when: run_once_health_docker_container is not defined
|
|
||||||
|
|
||||||
- name: create health-docker-container.timer
|
- name: create health-docker-container.timer
|
||||||
template:
|
template:
|
||||||
@ -23,9 +20,3 @@
|
|||||||
register: health_docker_container_timer
|
register: health_docker_container_timer
|
||||||
changed_when: health_docker_container_timer.changed or activate_all_timers | default(false) | bool
|
changed_when: health_docker_container_timer.changed or activate_all_timers | default(false) | bool
|
||||||
notify: restart health-docker-container.timer
|
notify: restart health-docker-container.timer
|
||||||
when: run_once_health_docker_container is not defined
|
|
||||||
|
|
||||||
- name: run the health_docker_container tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_health_docker_container: true
|
|
||||||
when: run_once_health_docker_container is not defined
|
|
||||||
|
@ -3,18 +3,15 @@
|
|||||||
path: "{{health_docker_volumes_folder}}"
|
path: "{{health_docker_volumes_folder}}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
when: run_once_health_docker_volumes is not defined
|
|
||||||
|
|
||||||
- name: create health-docker-volumes.sh
|
- name: create health-docker-volumes.sh
|
||||||
copy:
|
copy:
|
||||||
src: health-docker-volumes.sh
|
src: health-docker-volumes.sh
|
||||||
dest: "{{health_docker_volumes_folder}}health-docker-volumes.sh"
|
dest: "{{health_docker_volumes_folder}}health-docker-volumes.sh"
|
||||||
when: run_once_health_docker_volumes is not defined
|
|
||||||
|
|
||||||
- name: create health-docker-volumes.service
|
- name: create health-docker-volumes.service
|
||||||
template: src=health-docker-volumes.service.j2 dest=/etc/systemd/system/health-docker-volumes.service
|
template: src=health-docker-volumes.service.j2 dest=/etc/systemd/system/health-docker-volumes.service
|
||||||
notify: reload health-docker-volumes.service
|
notify: reload health-docker-volumes.service
|
||||||
when: run_once_health_docker_volumes is not defined
|
|
||||||
|
|
||||||
- name: create health-docker-volumes.timer
|
- name: create health-docker-volumes.timer
|
||||||
template:
|
template:
|
||||||
@ -23,9 +20,3 @@
|
|||||||
register: health_docker_volumes_timer
|
register: health_docker_volumes_timer
|
||||||
changed_when: health_docker_volumes_timer.changed or activate_all_timers | default(false) | bool
|
changed_when: health_docker_volumes_timer.changed or activate_all_timers | default(false) | bool
|
||||||
notify: restart health-docker-volumes.timer
|
notify: restart health-docker-volumes.timer
|
||||||
when: run_once_health_docker_volumes is not defined
|
|
||||||
|
|
||||||
- name: run the health_docker_volumes tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_health_docker_volumes: true
|
|
||||||
when: run_once_health_docker_volumes is not defined
|
|
||||||
|
58
roles/health-nginx/files/health-nginx.py
Normal file
58
roles/health-nginx/files/health-nginx.py
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
import os
|
||||||
|
import requests
|
||||||
|
import sys
|
||||||
|
import re
|
||||||
|
|
||||||
|
# Set up argument parser
|
||||||
|
parser = argparse.ArgumentParser(description='Check if domains of nginx configuration files respond with the correct status code.')
|
||||||
|
parser.add_argument('config_path', help='Path to the nginx configuration directory')
|
||||||
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
# Use the provided argument for the config path
|
||||||
|
config_path = args.config_path
|
||||||
|
|
||||||
|
# Initialize the error counter
|
||||||
|
error_counter = 0
|
||||||
|
|
||||||
|
# Regex pattern to match domain.tld or subdomain.domain.tld
|
||||||
|
pattern = re.compile(r"^(?:[\w-]+\.)?[\w-]+\.[\w-]+\.conf$")
|
||||||
|
|
||||||
|
# Iterate over each file in the configuration directory
|
||||||
|
for filename in os.listdir(config_path):
|
||||||
|
if filename.endswith('.conf') and pattern.match(filename):
|
||||||
|
# Extract the domain and subdomain from the filename
|
||||||
|
name = filename.replace('.conf', '')
|
||||||
|
parts = name.split('.')
|
||||||
|
|
||||||
|
# Prepare the URL and expected status codes
|
||||||
|
url = f"https://{name}"
|
||||||
|
|
||||||
|
# Default: Expect status code 200 for a domain
|
||||||
|
expected_statuses = [200]
|
||||||
|
|
||||||
|
# Determine expected status codes based on subdomain
|
||||||
|
if len(parts) == 3:
|
||||||
|
if parts[0] == 'listmonk':
|
||||||
|
expected_statuses = [401]
|
||||||
|
elif parts[0] == 'www':
|
||||||
|
expected_statuses = [200,301]
|
||||||
|
elif parts[0] == 's':
|
||||||
|
expected_statuses = [403]
|
||||||
|
|
||||||
|
try:
|
||||||
|
# Send a HEAD request to get only the response header
|
||||||
|
response = requests.head(url, allow_redirects=True)
|
||||||
|
|
||||||
|
# Check if the status code matches the expected statuses
|
||||||
|
if response.status_code in expected_statuses:
|
||||||
|
print(f"{name}: ok")
|
||||||
|
else:
|
||||||
|
print(f"{name}: error")
|
||||||
|
error_counter += 1
|
||||||
|
except requests.RequestException as e:
|
||||||
|
# Handle exceptions for requests like connection errors
|
||||||
|
print(f"{name}: error due to {e}")
|
||||||
|
error_counter += 1
|
||||||
|
|
||||||
|
# Exit the script with the number of errors as the exit code
|
||||||
|
sys.exit(error_counter)
|
@ -2,27 +2,23 @@
|
|||||||
pacman:
|
pacman:
|
||||||
name: python-requests
|
name: python-requests
|
||||||
state: present
|
state: present
|
||||||
when: run_once_health_nginx is not defined
|
|
||||||
|
|
||||||
- name: "create {{ health_nginx_folder }}"
|
- name: "create {{ health_nginx_folder }}"
|
||||||
file:
|
file:
|
||||||
path: "{{ health_nginx_folder }}"
|
path: "{{ health_nginx_folder }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
when: run_once_health_nginx is not defined
|
|
||||||
|
|
||||||
- name: create health-nginx.py
|
- name: create health-nginx.py
|
||||||
template:
|
copy:
|
||||||
src: health-nginx.py.j2
|
src: health-nginx.py
|
||||||
dest: "{{ health_nginx_folder }}health-nginx.py"
|
dest: "{{ health_nginx_folder }}health-nginx.py"
|
||||||
when: run_once_health_nginx is not defined
|
|
||||||
|
|
||||||
- name: create health-nginx.service
|
- name: create health-nginx.service
|
||||||
template:
|
template:
|
||||||
src: health-nginx.service.j2
|
src: health-nginx.service.j2
|
||||||
dest: /etc/systemd/system/health-nginx.service
|
dest: /etc/systemd/system/health-nginx.service
|
||||||
notify: reload health-nginx.service
|
notify: reload health-nginx.service
|
||||||
when: run_once_health_nginx is not defined
|
|
||||||
|
|
||||||
- name: create health-nginx.timer
|
- name: create health-nginx.timer
|
||||||
template:
|
template:
|
||||||
@ -31,10 +27,3 @@
|
|||||||
register: health_nginx_timer
|
register: health_nginx_timer
|
||||||
changed_when: health_nginx_timer.changed or activate_all_timers | default(false) | bool
|
changed_when: health_nginx_timer.changed or activate_all_timers | default(false) | bool
|
||||||
notify: restart health-nginx.timer
|
notify: restart health-nginx.timer
|
||||||
when: run_once_health_nginx is not defined
|
|
||||||
|
|
||||||
- name: run the health_nginx tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_health_nginx: true
|
|
||||||
when: run_once_health_nginx is not defined
|
|
||||||
|
|
||||||
|
@ -1,60 +0,0 @@
|
|||||||
import os
|
|
||||||
import requests
|
|
||||||
import sys
|
|
||||||
import re
|
|
||||||
|
|
||||||
# file in which fqdn server configs are deposit
|
|
||||||
config_path = '{{nginx_servers_directory}}'
|
|
||||||
|
|
||||||
# Initialize the error counter
|
|
||||||
error_counter = 0
|
|
||||||
|
|
||||||
# Regex pattern to match domain.tld or *.domain.tld
|
|
||||||
pattern = re.compile(r"^(?:[\w-]+\.)*[\w-]+\.[\w-]+\.conf$")
|
|
||||||
|
|
||||||
# Iterate over each file in the configuration directory
|
|
||||||
for filename in os.listdir(config_path):
|
|
||||||
if filename.endswith('.conf') and pattern.match(filename):
|
|
||||||
# Extract the domain and subdomain from the filename
|
|
||||||
domain = filename.replace('.conf', '')
|
|
||||||
parts = domain.split('.')
|
|
||||||
|
|
||||||
# Prepare the URL and expected status codes
|
|
||||||
url = f"https://{domain}"
|
|
||||||
|
|
||||||
# Default: Expect status code 200 or 302 for a domain
|
|
||||||
expected_statuses = [200,302]
|
|
||||||
|
|
||||||
redirected_domains = [domain['source'] for domain in {{redirect_domain_mappings}}]
|
|
||||||
redirected_domains.append("{{domain_mailu}}")
|
|
||||||
|
|
||||||
# Determine expected status codes based on the domain
|
|
||||||
if domain == '{{domain_listmonk}}':
|
|
||||||
expected_statuses = [401]
|
|
||||||
{% if nginx_matomo_tracking | bool %}
|
|
||||||
elif parts[0] == 'www' or domain in redirected_domains:
|
|
||||||
expected_statuses = [301]
|
|
||||||
{% endif %}
|
|
||||||
elif domain == '{{domain_yourls}}':
|
|
||||||
expected_statuses = [403]
|
|
||||||
|
|
||||||
try:
|
|
||||||
# Send a HEAD request to get only the response header
|
|
||||||
response = requests.head(url)
|
|
||||||
|
|
||||||
# Check if the status code matches the expected statuses
|
|
||||||
if response.status_code in expected_statuses:
|
|
||||||
print(f"{domain}: OK")
|
|
||||||
else:
|
|
||||||
print(f"{domain}: ERROR: Expected {expected_statuses}. Got {response.status_code}.")
|
|
||||||
error_counter += 1
|
|
||||||
except requests.RequestException as e:
|
|
||||||
# Handle exceptions for requests like connection errors
|
|
||||||
print(f"{domain}: error due to {e}")
|
|
||||||
error_counter += 1
|
|
||||||
|
|
||||||
if error_counter > 0:
|
|
||||||
print(f"Warning: {error_counter} domains responded with an unexpected https status code.")
|
|
||||||
|
|
||||||
# Exit the script with the number of errors as the exit code
|
|
||||||
sys.exit(error_counter)
|
|
@ -4,4 +4,4 @@ OnFailure=systemd-notifier@%n.service
|
|||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
ExecStart=/usr/bin/python3 {{ health_nginx_folder }}health-nginx.py
|
ExecStart=/usr/bin/python3 {{ health_nginx_folder }}health-nginx.py {{nginx_servers_directory}}
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- nginx-certbot
|
- certbot-nginx
|
||||||
|
@ -1,13 +1,6 @@
|
|||||||
- name: create nginx letsencrypt config file
|
- name: create nginx letsencrypt config file
|
||||||
template: src=letsencrypt.conf.j2 dest={{nginx_servers_directory}}letsencrypt.conf
|
template: src=letsencrypt.conf.j2 dest={{nginx_servers_directory}}letsencrypt.conf
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
when: run_once_letsencrypt is not defined
|
|
||||||
|
|
||||||
- name: flush nginx service
|
- name: flush nginx service
|
||||||
meta: flush_handlers
|
meta: flush_handlers
|
||||||
when: run_once_letsencrypt is not defined
|
|
||||||
|
|
||||||
- name: run the letsencrypt logic just once
|
|
||||||
set_fact:
|
|
||||||
run_once_letsencrypt: true
|
|
||||||
when: run_once_letsencrypt is not defined
|
|
||||||
|
@ -7,17 +7,20 @@
|
|||||||
|
|
||||||
- name: Filter domain names and remove .conf extension and path
|
- name: Filter domain names and remove .conf extension and path
|
||||||
set_fact:
|
set_fact:
|
||||||
filtered_domains: "{{ conf_files.files | map(attribute='path') | map('regex_search', domain_regex) | select('string') | map('regex_replace', path_regex, '') | map('regex_replace', '.conf$', '') | list }}"
|
filtered_domains: "{{ conf_files.files | map(attribute='path') | map('regex_search', domain_regex) | select('string') | map('regex_replace', '^{{nginx_servers_directory}}', '') | map('regex_replace', '.conf$', '') | list }}"
|
||||||
vars:
|
vars:
|
||||||
domain_regex: "^{{ nginx_servers_directory }}(?!www\\.)[^/]+\\.conf$"
|
domain_regex: '^{{nginx_servers_directory}}(?!www\.)[^/]+\.conf$'
|
||||||
path_regex: "^{{ nginx_servers_directory }}"
|
|
||||||
|
|
||||||
- name: The domains for which a www. redirect will be implemented
|
- name: The domains for which a www. redirect will be implemented
|
||||||
debug:
|
debug:
|
||||||
var: filtered_domains
|
var: filtered_domains
|
||||||
|
|
||||||
|
- name: Prepare redirect domain mappings
|
||||||
|
set_fact:
|
||||||
|
redirect_domain_mappings: "{{ filtered_domains | map('regex_replace', '^(.*)$', '{ source: \"www.\\1\", target: \"\\1\" }') | map('from_yaml') | list }}"
|
||||||
|
|
||||||
- name: Include nginx-domain-redirect role with dynamic domain mappings
|
- name: Include nginx-domain-redirect role with dynamic domain mappings
|
||||||
include_role:
|
include_role:
|
||||||
name: nginx-domain-redirect
|
name: nginx-domain-redirect
|
||||||
vars:
|
vars:
|
||||||
domain_mappings: "{{ filtered_domains | map('regex_replace', '^(.*)$', '{ source: \"www.\\1\", target: \"\\1\" }') | map('from_yaml') | list }}"
|
domain_mappings: "{{ redirect_domain_mappings }}"
|
||||||
|
@ -2,7 +2,6 @@
|
|||||||
- name: install nginx
|
- name: install nginx
|
||||||
pacman: name=nginx state=present
|
pacman: name=nginx state=present
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
when: run_once_nginx is not defined
|
|
||||||
|
|
||||||
- name: Ensure nginx configuration directories are present
|
- name: Ensure nginx configuration directories are present
|
||||||
file:
|
file:
|
||||||
@ -13,18 +12,10 @@
|
|||||||
- "{{nginx_servers_directory}}"
|
- "{{nginx_servers_directory}}"
|
||||||
- "{{nginx_maps_directory}}"
|
- "{{nginx_maps_directory}}"
|
||||||
- "{{nginx_upstreams_directory}}"
|
- "{{nginx_upstreams_directory}}"
|
||||||
when: run_once_nginx is not defined
|
|
||||||
|
|
||||||
- name: create nginx config file
|
- name: create nginx config file
|
||||||
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
|
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
when: run_once_nginx is not defined
|
|
||||||
|
|
||||||
- name: flush nginx service
|
- name: flush nginx service
|
||||||
meta: flush_handlers
|
meta: flush_handlers
|
||||||
when: run_once_nginx is not defined
|
|
||||||
|
|
||||||
- name: run the nginx tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_nginx: true
|
|
||||||
when: run_once_nginx is not defined
|
|
||||||
|
@ -3,9 +3,3 @@
|
|||||||
pacman:
|
pacman:
|
||||||
name: python-pip
|
name: python-pip
|
||||||
state: present
|
state: present
|
||||||
when: run_once_python_pip is not defined
|
|
||||||
|
|
||||||
- name: run the python_pip tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_python_pip: true
|
|
||||||
when: run_once_python_pip is not defined
|
|
||||||
|
@ -6,9 +6,3 @@
|
|||||||
group: root
|
group: root
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
notify: sshd restart
|
notify: sshd restart
|
||||||
when: run_once_sshd is not defined
|
|
||||||
|
|
||||||
- name: run the sshd tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_sshd: true
|
|
||||||
when: run_once_sshd is not defined
|
|
||||||
|
@ -2,9 +2,3 @@
|
|||||||
package:
|
package:
|
||||||
name: sudo
|
name: sudo
|
||||||
state: present
|
state: present
|
||||||
when: run_once_sudo is not defined
|
|
||||||
|
|
||||||
- name: run the sudo tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_sudo: true
|
|
||||||
when: run_once_sudo is not defined
|
|
@ -1,28 +1,18 @@
|
|||||||
- name: install smtp-forwarder
|
- name: install smtp-forwarder
|
||||||
pacman: name=smtp-forwarder state=present
|
pacman: name=smtp-forwarder state=present
|
||||||
when: run_once_systemd_notifier_email is not defined
|
|
||||||
|
|
||||||
- name: configure msmtprc.conf.j2
|
- name: configure msmtprc.conf.j2
|
||||||
template: src=msmtprc.conf.j2 dest=/root/.msmtprc
|
template: src=msmtprc.conf.j2 dest=/root/.msmtprc
|
||||||
when: run_once_systemd_notifier_email is not defined
|
|
||||||
|
|
||||||
- name: "create {{systemd_notifier_email_folder}}"
|
- name: "create {{systemd_notifier_email_folder}}"
|
||||||
file:
|
file:
|
||||||
path: "{{systemd_notifier_email_folder}}"
|
path: "{{systemd_notifier_email_folder}}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
when: run_once_systemd_notifier_email is not defined
|
|
||||||
|
|
||||||
- name: configure systemd-notifier-email.sh
|
- name: configure systemd-notifier-email.sh
|
||||||
template: src=systemd-notifier-email.sh.j2 dest={{systemd_notifier_email_folder}}systemd-notifier-email.sh
|
template: src=systemd-notifier-email.sh.j2 dest={{systemd_notifier_email_folder}}systemd-notifier-email.sh
|
||||||
when: run_once_systemd_notifier_email is not defined
|
|
||||||
|
|
||||||
- name: configure systemd-notifier-email.service
|
- name: configure systemd-notifier-email.service
|
||||||
template: src=systemd-notifier-email@.service.j2 dest=/etc/systemd/system/systemd-notifier-email@.service
|
template: src=systemd-notifier-email@.service.j2 dest=/etc/systemd/system/systemd-notifier-email@.service
|
||||||
notify: restart systemd-notifier-email service
|
notify: restart systemd-notifier-email service
|
||||||
when: run_once_systemd_notifier_email is not defined
|
|
||||||
|
|
||||||
- name: run the systemd_notifier_email tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_systemd_notifier_email: true
|
|
||||||
when: run_once_systemd_notifier_email is not defined
|
|
||||||
|
@ -2,29 +2,20 @@
|
|||||||
pacman:
|
pacman:
|
||||||
name: curl
|
name: curl
|
||||||
state: present
|
state: present
|
||||||
when: run_once_systemd_notifier_telegram is not defined
|
|
||||||
|
|
||||||
- name: Create a directory with a subdirectory
|
- name: Create a directory with a subdirectory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{systemd_telegram_folder}}"
|
path: "{{systemd_telegram_folder}}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
when: run_once_systemd_notifier_telegram is not defined
|
|
||||||
|
|
||||||
- name: configure systemd-notifier-telegram.sh
|
- name: configure systemd-notifier-telegram.sh
|
||||||
template:
|
template:
|
||||||
src: systemd-notifier-telegram.sh.j2
|
src: systemd-notifier-telegram.sh.j2
|
||||||
dest: "{{ systemd_telegram_script }}"
|
dest: "{{ systemd_telegram_script }}"
|
||||||
when: run_once_systemd_notifier_telegram is not defined
|
|
||||||
|
|
||||||
- name: configure systemd-notifier-telegram.service
|
- name: configure systemd-notifier-telegram.service
|
||||||
template:
|
template:
|
||||||
src: systemd-notifier-telegram@.service.j2
|
src: systemd-notifier-telegram@.service.j2
|
||||||
dest: "/etc/systemd/system/systemd-notifier-telegram@.service"
|
dest: "/etc/systemd/system/systemd-notifier-telegram@.service"
|
||||||
notify: "restart systemd-notifier-telegram service"
|
notify: "restart systemd-notifier-telegram service"
|
||||||
when: run_once_systemd_notifier_telegram is not defined
|
|
||||||
|
|
||||||
- name: run the systemd_notifier_telegram tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_systemd_notifier_telegram: true
|
|
||||||
when: run_once_systemd_notifier_telegram is not defined
|
|
@ -2,9 +2,3 @@
|
|||||||
systemd:
|
systemd:
|
||||||
name: systemd-notifier.service
|
name: systemd-notifier.service
|
||||||
daemon_reload: yes
|
daemon_reload: yes
|
||||||
when: run_once_systemd_notifier_service is not defined
|
|
||||||
|
|
||||||
- name: run the systemd_notifier_service tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_systemd_notifier_service: true
|
|
||||||
when: run_once_systemd_notifier_service is not defined
|
|
||||||
|
@ -4,9 +4,3 @@
|
|||||||
src: systemd-notifier@.service.j2
|
src: systemd-notifier@.service.j2
|
||||||
dest: "/etc/systemd/system/systemd-notifier@.service"
|
dest: "/etc/systemd/system/systemd-notifier@.service"
|
||||||
notify: "restart systemd-notifier service"
|
notify: "restart systemd-notifier service"
|
||||||
when: run_once_systemd_notifier_service is not defined
|
|
||||||
|
|
||||||
- name: run the systemd_notifier_service tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_systemd_notifier_service: true
|
|
||||||
when: run_once_systemd_notifier_service is not defined
|
|
@ -7,7 +7,6 @@
|
|||||||
generate_ssh_key: yes
|
generate_ssh_key: yes
|
||||||
ssh_key_type: rsa
|
ssh_key_type: rsa
|
||||||
ssh_key_bits: 8192
|
ssh_key_bits: 8192
|
||||||
when: run_once_user_administrator is not defined
|
|
||||||
|
|
||||||
- name: "create {{path_administrator_scripts}}"
|
- name: "create {{path_administrator_scripts}}"
|
||||||
file:
|
file:
|
||||||
@ -16,7 +15,6 @@
|
|||||||
owner: administrator
|
owner: administrator
|
||||||
group: administrator
|
group: administrator
|
||||||
mode: 0700
|
mode: 0700
|
||||||
when: run_once_user_administrator is not defined
|
|
||||||
|
|
||||||
- name: create {{path_administrator_home}}.ssh/authorized_keys
|
- name: create {{path_administrator_home}}.ssh/authorized_keys
|
||||||
copy:
|
copy:
|
||||||
@ -25,7 +23,6 @@
|
|||||||
owner: administrator
|
owner: administrator
|
||||||
group: administrator
|
group: administrator
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
when: run_once_user_administrator is not defined
|
|
||||||
|
|
||||||
- name: grant administrator sudo rights with password
|
- name: grant administrator sudo rights with password
|
||||||
copy:
|
copy:
|
||||||
@ -35,7 +32,6 @@
|
|||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
notify: sshd restart
|
notify: sshd restart
|
||||||
when: run_once_user_administrator is not defined
|
|
||||||
|
|
||||||
- name: "create {{path_administrator_home}}volumes/"
|
- name: "create {{path_administrator_home}}volumes/"
|
||||||
file:
|
file:
|
||||||
@ -44,9 +40,3 @@
|
|||||||
owner: administrator
|
owner: administrator
|
||||||
group: administrator
|
group: administrator
|
||||||
mode: 0700
|
mode: 0700
|
||||||
when: run_once_user_administrator is not defined
|
|
||||||
|
|
||||||
- name: run the user_administrator tasks once
|
|
||||||
set_fact:
|
|
||||||
run_once_user_administrator: true
|
|
||||||
when: run_once_user_administrator is not defined
|
|
Loading…
Reference in New Issue
Block a user