kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2024-11-24 13:41:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: kevinveenbirkenbach:f1160a6ef080435765af9394968363940c4d66da
Branches Tags
kevinveenbirkenbach:master
..
compare: kevinveenbirkenbach:fcaaa16c64ddac692e6e7f58df33820f3f240321
Branches Tags
kevinveenbirkenbach:master

5 Commits
f1160a6ef0 ... fcaaa16c64

Author SHA1 Message Date
Kevin Veen-Birkenbach
fcaaa16c64 refactored roles. Not fully tested yet. Testrun will be done tomorrow., 2023-12-06 17:59:57 +01:00
Kevin Veen-Birkenbach
9509534109 refactored playbooks, tracking and implemented multi domain for mybb 2023-12-06 16:29:34 +01:00
Kevin Veen-Birkenbach
68a2bd4421 refactored wordpress role 2023-12-06 14:40:18 +01:00
Kevin Veen-Birkenbach
15090dd75d Raised limits 2023-12-06 13:44:57 +01:00
Kevin Veen-Birkenbach
709c741a5b optimized healh-nginx logic 2023-12-06 12:31:39 +01:00
33 changed files with 324 additions and 315 deletions
Show Stats Expand all files Collapse all files

61
playbook-common.yml Normal file
View File

@ -0,0 +1,61 @@
---
# general setup
- name: general setup
hosts: all
become: true
tasks:
roles:
- role: update
when: execute_updates is true
- name: setup standard wireguard
hosts: wireguard_server
become: true
roles:
- wireguard
# vpn setup
- name: setup wireguard client behind firewall\nat
hosts: wireguard_behind_firewall
become: true
roles:
- client-wireguard-behind-firewall
- name: setup wireguard client
hosts: wireguard_client
become: true
roles:
- client-wireguard
## backup setup
- name: setup replica backup hosts
hosts: replica_backup
become: true
roles:
- role: backup-remote-to-local
- name: setup backup to swappable
hosts: backup_to_usb
become: true
roles:
- backup-data-to-usb
## driver setup
- name: driver-intel
hosts: intel
become: true
roles:
- driver-intel
- name: setup multiprinter hosts
hosts: epson_multiprinter
become: true
roles:
- driver-epson-multiprinter
## system setup
- name: setup swapfile hosts
hosts: swapfile
become: false
roles:
- system-swapfile

102
playbook-pcs.yml Normal file
View File

@ -0,0 +1,102 @@
---
- import_playbook: playbook-common.yml
## pc applications
- name: general host setup
hosts: personal_computers
become: true
roles:
- pc-administrator-tools
- driver-non-free
- name: pc-office
hosts: collection_officetools
become: true
roles:
- pc-office
- name: personal computer for business
hosts: business_personal_computer
become: true
roles:
- pc-gnucash
- name: pc-designer-tools
hosts: collection_designer
become: true
roles:
- pc-designer-tools
- name: pc-qbittorrent
hosts: collection_torrent
become: true
roles:
- pc-qbittorrent
- name: pc-streaming-tools
hosts: collection_streamer
become: true
roles:
- pc-streaming-tools
- name: pc-bluray-player-tools
hosts: collection_bluray_player
become: true
roles:
- pc-bluray-player-tools
- name: pc-latex
hosts: latex
become: true
roles:
- pc-latex
- name: GNOME setup
hosts: gnome
become: true
roles:
- pc-gnome
- name: setup ssh client
hosts: ssh
become: false
roles:
- pc-ssh
- name: setup gaming hosts
hosts: gaming
become: true
roles:
- pc-games
- name: setup entertainment hosts
hosts: entertainment
become: true
roles:
- pc-spotify
- name: setup torbrowser hosts
hosts: torbrowser
become: true
roles:
- pc-torbrowser
- name: setup nextcloud
hosts: nextcloud_client
become: true
roles:
- pc-nextcloud
- name: setup docker
hosts: docker
become: true
roles:
- pc-docker
# driver
- name: setup msi rgb keyboard
hosts: msi_perkeyrgb
become: true
roles:
- driver-msi-keyboard-color

195
playbook.yml → playbook-servers.yml
View File

@ -1,11 +1,6 @@
--- ---
- name: general setup
hosts: all - import_playbook: playbook-common.yml
become: true
tasks:
roles:
- role: update
when: execute_updates is true
- name: servers host setup - name: servers host setup
hosts: servers hosts: servers
@ -17,25 +12,6 @@
- cleanup-disc-space - cleanup-disc-space
- health-btrfs - health-btrfs
# Wireguard Rollen
- name: setup standard wireguard
hosts: wireguard_server
become: true
roles:
- wireguard
- name: setup wireguard client behind firewall\nat
hosts: wireguard_behind_firewall
become: true
roles:
- client-wireguard-behind-firewall
- name: setup wireguard client
hosts: wireguard_client
become: true
roles:
- client-wireguard
# Native Webserver Roles # Native Webserver Roles
- name: setup nginx-homepages - name: setup nginx-homepages
hosts: homepage hosts: homepage
@ -61,6 +37,7 @@
vars: vars:
domain: cloud.{{top_domain}} domain: cloud.{{top_domain}}
http_port: 8001 http_port: 8001
- name: setup gitea hosts - name: setup gitea hosts
hosts: gitea hosts: gitea
become: true become: true
@ -71,19 +48,16 @@
http_port: 8002 http_port: 8002
ssh_port: 2201 ssh_port: 2201
run_mode: prod run_mode: prod
- name: setup wordpress hosts - name: setup wordpress hosts
hosts: wordpress hosts: wordpress
become: true become: true
tasks: roles:
- name: Include docker-wordpress role for each domain - role: docker-wordpress
include_role: vars:
name: docker-wordpress domains: "{{wordpress_domains}}"
vars: http_port: 8003
domain: "{{ item }}"
http_port: 8003
loop: "{{ wordpress_domains }}"
loop_control:
loop_var: item
- name: setup mediawiki hosts - name: setup mediawiki hosts
hosts: mediawiki hosts: mediawiki
become: true become: true
@ -92,14 +66,16 @@
vars: vars:
domain: wiki.{{top_domain}} domain: wiki.{{top_domain}}
http_port: 8004 http_port: 8004
- name: setup mybb hosts - name: setup mybb hosts
hosts: mybb hosts: mybb
become: true become: true
roles: roles:
- role: docker-mybb - role: docker-mybb
vars: vars:
domain: forum.{{top_domain}} domains: "{{mybb_domains}}"
http_port: 8005 http_port: 8005
- name: setup yourls hosts - name: setup yourls hosts
hosts: yourls hosts: yourls
become: true become: true
@ -108,6 +84,7 @@
vars: vars:
domain: s.{{top_domain}} domain: s.{{top_domain}}
http_port: 8006 http_port: 8006
- name: setup mailu hosts - name: setup mailu hosts
hosts: mailu hosts: mailu
become: true become: true
@ -116,6 +93,7 @@
vars: vars:
domain: "mail.{{top_domain}}" domain: "mail.{{top_domain}}"
http_port: 8007 http_port: 8007
- name: setup elk hosts - name: setup elk hosts
hosts: elk hosts: elk
become: true become: true
@ -124,6 +102,7 @@
vars: vars:
domain: "elk.{{top_domain}}" domain: "elk.{{top_domain}}"
http_port: 8008 http_port: 8008
- name: setup mastodon hosts - name: setup mastodon hosts
hosts: mastodon hosts: mastodon
become: true become: true
@ -133,6 +112,7 @@
domain: "mastodon.{{top_domain}}" domain: "mastodon.{{top_domain}}"
http_port: 8009 http_port: 8009
stream_port: 4001 stream_port: 4001
- name: setup pixelfed hosts - name: setup pixelfed hosts
hosts: pixelfed hosts: pixelfed
become: true become: true
@ -141,6 +121,7 @@
vars: vars:
domain: pixelfed.{{top_domain}} domain: pixelfed.{{top_domain}}
http_port: 8010 http_port: 8010
- name: setup peertube hosts - name: setup peertube hosts
hosts: peertube hosts: peertube
become: true become: true
@ -149,6 +130,7 @@
vars: vars:
domain: peertube.{{top_domain}} domain: peertube.{{top_domain}}
http_port: 8011 http_port: 8011
- name: setup bigbluebutton hosts - name: setup bigbluebutton hosts
hosts: bigbluebutton hosts: bigbluebutton
become: true become: true
@ -164,6 +146,7 @@
vars: vars:
domain: funkwhale.{{top_domain}} domain: funkwhale.{{top_domain}}
http_port: 8012 http_port: 8012
- name: setup roulette-wheel hosts - name: setup roulette-wheel hosts
hosts: roulette_wheel hosts: roulette_wheel
become: true become: true
@ -172,14 +155,16 @@
vars: vars:
domain: roulette.{{top_domain}} domain: roulette.{{top_domain}}
http_port: 8013 http_port: 8013
- name: setup joomla hosts - name: setup joomla hosts
hosts: joomla hosts: joomla
become: true become: true
roles: roles:
- role: docker-joomla - role: docker-joomla
vars: vars:
domain: "joomla.{{top_domain}}" domain: "{{joomla_domains}}"
http_port: 8014 http_port: 8014
- name: setup attendize - name: setup attendize
hosts: attendize hosts: attendize
become: true become: true
@ -189,6 +174,7 @@
domain: "tickets.{{top_domain}}" domain: "tickets.{{top_domain}}"
http_port: 8015 http_port: 8015
mail_interface_http_port: 8016 mail_interface_http_port: 8016
- name: setup baserow hosts - name: setup baserow hosts
hosts: baserow hosts: baserow
become: true become: true
@ -197,6 +183,7 @@
vars: vars:
domain: baserow.{{top_domain}} domain: baserow.{{top_domain}}
http_port: 8017 http_port: 8017
- name: setup matomo hosts - name: setup matomo hosts
hosts: matomo hosts: matomo
become: true become: true
@ -205,6 +192,7 @@
vars: vars:
domain: matomo.{{top_domain}} domain: matomo.{{top_domain}}
http_port: 8018 http_port: 8018
- name: setup listmonk - name: setup listmonk
hosts: listmonk hosts: listmonk
become: true become: true
@ -213,6 +201,7 @@
vars: vars:
domain: listmonk.{{top_domain}} domain: listmonk.{{top_domain}}
http_port: 8019 http_port: 8019
- name: setup akaunting hosts - name: setup akaunting hosts
hosts: akaunting hosts: akaunting
become: true become: true
@ -221,133 +210,3 @@
vars: vars:
domain: akaunting.{{top_domain}} domain: akaunting.{{top_domain}}
http_port: 8080 http_port: 8080
# Backup Roles
- name: setup replica backup hosts
hosts: replica_backup
become: true
roles:
- role: backup-remote-to-local
## PC services
- name: general host setup
hosts: personal_computers
become: true
roles:
- pc-administrator-tools
- driver-non-free
- name: pc-office
hosts: collection_officetools
become: true
roles:
- pc-office
- name: personal computer for business
hosts: business_personal_computer
become: true
roles:
- pc-gnucash
- name: pc-designer-tools
hosts: collection_designer
become: true
roles:
- pc-designer-tools
- name: pc-qbittorrent
hosts: collection_torrent
become: true
roles:
- pc-qbittorrent
- name: pc-streaming-tools
hosts: collection_streamer
become: true
roles:
- pc-streaming-tools
- name: pc-bluray-player-tools
hosts: collection_bluray_player
become: true
roles:
- pc-bluray-player-tools
- name: driver-intel
hosts: intel
become: true
roles:
- driver-intel
- name: pc-latex
hosts: latex
become: true
roles:
- pc-latex
- name: GNOME setup
hosts: gnome
become: true
roles:
- pc-gnome
- name: setup msi rgb keyboard
hosts: msi_perkeyrgb
become: true
roles:
- driver-msi-keyboard-color
- name: setup ssh hosts
hosts: ssh
become: false
roles:
- pc-ssh
- name: setup swapfile hosts
hosts: swapfile
become: false
roles:
- system-swapfile
- name: setup gaming hosts
hosts: gaming
become: true
roles:
- pc-games
- name: setup entertainment hosts
hosts: entertainment
become: true
roles:
- pc-spotify
- name: setup multiprinter hosts
hosts: epson_multiprinter
become: true
roles:
- driver-epson-multiprinter
- name: setup torbrowser hosts
hosts: torbrowser
become: true
roles:
- pc-torbrowser
- name: setup nextcloud
hosts: nextcloud_client
become: true
roles:
- pc-nextcloud
- name: setup docker
hosts: docker
become: true
roles:
- pc-docker
- name: setup backup to swappable
hosts: backup_to_usb
become: true
roles:
- backup-data-to-usb

8
roles/docker-akaunting/tasks/main.yml
View File

@ -1,10 +1,6 @@
--- ---
- name: recieve {{domain}} certificate - name: "include tasks nginx-docker-proxy-domain.yml"
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} include_tasks: nginx-docker-proxy-domain.yml
- name: configure {{domain}}.conf
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: register directory - name: register directory
stat: stat:

8
roles/docker-baserow/tasks/main.yml
View File

@ -1,10 +1,6 @@
--- ---
- name: recieve {{domain}} certificate - name: "include tasks nginx-docker-proxy-domain.yml"
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} include_tasks: nginx-docker-proxy-domain.yml
- name: configure {{domain}}.conf
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: "create {{docker_compose_instance_directory}}" - name: "create {{docker_compose_instance_directory}}"
file: file:

4
roles/docker-bigbluebutton/tasks/main.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: recieve {{domain}} certificate - name: "include task certbot-matomo.yml"
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} include_tasks: certbot-matomo.yml
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=templates/nginx-proxy.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=templates/nginx-proxy.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf

8
roles/docker-elk/tasks/main.yml
View File

@ -1,11 +1,7 @@
--- ---
- name: recieve {{domain}} certificate - name: "include tasks nginx-docker-proxy-domain.yml"
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} include_tasks: nginx-docker-proxy-domain.yml
- name: configure {{domain}}.conf
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: create elasticsearch-sysctl.conf - name: create elasticsearch-sysctl.conf
copy: copy:

8
roles/docker-funkwhale/tasks/main.yml
View File

@ -1,10 +1,6 @@
--- ---
- name: recieve {{domain}} certificate - name: "include tasks nginx-docker-proxy-domain.yml"
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} include_tasks: nginx-docker-proxy-domain.yml
- name: configure {{domain}}.conf
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: "create {{docker_compose_instance_directory}}" - name: "create {{docker_compose_instance_directory}}"
file: file:

8
roles/docker-gitea/tasks/main.yml
View File

@ -1,10 +1,6 @@
--- ---
- name: recieve {{domain}} certificate - name: "include tasks nginx-docker-proxy-domain.yml"
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} include_tasks: nginx-docker-proxy-domain.yml
- name: configure {{domain}} https
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: "create {{docker_compose_instance_directory}}" - name: "create {{docker_compose_instance_directory}}"
file: file:

8
roles/docker-jenkins/tasks/main.yml
View File

@ -1,9 +1,5 @@
- name: recieve {{domain}} certificate - name: "include tasks nginx-docker-proxy-domain.yml"
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} include_tasks: nginx-docker-proxy-domain.yml
- name: configure {{domain}}.conf
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: "docker jenkins" - name: "docker jenkins"
docker_compose: docker_compose:

11
roles/docker-joomla/tasks/main.yml
View File

@ -1,10 +1,9 @@
--- ---
- name: recieve {{domain}} certificate - name: "include tasks nginx-docker-proxy-domain.yml"
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} include_tasks: nginx-docker-proxy-domain.yml
loop: "{{ domains }}"
- name: configure {{domain}}.conf loop_control:
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf loop_var: domain
notify: restart nginx
- name: "create {{docker_compose_instance_directory}}" - name: "create {{docker_compose_instance_directory}}"
file: file:

10
roles/docker-listmonk/tasks/main.yml
View File

@ -1,12 +1,6 @@
--- ---
- name: recieve {{domain}} certificate - name: "include tasks nginx-docker-proxy-domain.yml"
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} include_tasks: nginx-docker-proxy-domain.yml
- name: configure {{domain}}.conf
template:
src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2"
dest: "/etc/nginx/conf.d/{{domain}}.conf"
notify: restart nginx
- name: "create {{docker_compose_instance_directory}}" - name: "create {{docker_compose_instance_directory}}"
file: file:

9
roles/docker-mailu/tasks/main.yml
View File

@ -1,13 +1,8 @@
--- ---
- name: "include tasks nginx-docker-proxy-domain.yml"
- name: recieve {{domain}} certificate include_tasks: nginx-docker-proxy-domain.yml
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf
vars: vars:
client_max_body_size: "31M" client_max_body_size: "31M"
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: "create {{path_docker_compose_files}}mailu" - name: "create {{path_docker_compose_files}}mailu"
file: file:

4
roles/docker-mastodon/tasks/main.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: recieve {{domain}} certificate - name: "include task certbot-matomo.yml"
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} include_tasks: certbot-matomo.yml
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=templates/mastodon.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=templates/mastodon.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf

10
roles/docker-matomo/tasks/main.yml
View File

@ -1,12 +1,6 @@
--- ---
- name: recieve {{domain}} certificate - name: "include tasks nginx-docker-proxy-domain.yml"
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} include_tasks: nginx-docker-proxy-domain.yml
- name: configure {{domain}}.conf
template:
src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2"
dest: "/etc/nginx/conf.d/{{domain}}.conf"
notify: restart nginx
- name: "create {{docker_compose_instance_directory}}" - name: "create {{docker_compose_instance_directory}}"
file: file:

8
roles/docker-mediawiki/tasks/main.yml
View File

@ -1,9 +1,5 @@
- name: recieve {{domain}} certificate - name: "include tasks nginx-docker-proxy-domain.yml"
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} include_tasks: nginx-docker-proxy-domain.yml
- name: configure {{domain}}.conf
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: "docker mediawiki" - name: "docker mediawiki"
docker_compose: docker_compose:

17
roles/docker-mybb/tasks/main.yml
View File

@ -1,16 +1,13 @@
--- ---
- name: recieve {{domain}} certificate - name: "include tasks nginx-docker-proxy-domain.yml"
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} include_tasks: nginx-docker-proxy-domain.yml
loop: "{{ domains }}"
loop_control:
loop_var: domain
- name: configure {{domain}}.conf - name: "create {{conf_d_server_directory}} and parent directories"
template:
src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2"
dest: "/etc/nginx/conf.d/{{domain}}.conf"
notify: restart nginx
- name: "create {{conf_d_docker_directory}} and parent directories"
file: file:
path: "{{conf_d_docker_directory}}" path: "{{conf_d_server_directory}}"
state: directory state: directory
mode: 0755 mode: 0755
recurse: yes recurse: yes

8
roles/docker-mybb/templates/default.conf
View File

@ -7,6 +7,7 @@ server {
error_log stderr debug; error_log stderr debug;
root /var/www/html; root /var/www/html;
index index.html index.php; index index.html index.php;
worker_processes auto;
location / { location / {
try_files $uri $uri/ /index.php?$args; try_files $uri $uri/ /index.php?$args;
@ -29,6 +30,13 @@ server {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
# client timeout
keepalive_timeout 60s;
client_header_timeout 60s;
client_body_timeout 60s;
send_timeout 300s;
reset_timedout_connection on;
# proxy timeouts # proxy timeouts
proxy_connect_timeout 300s; proxy_connect_timeout 300s;
proxy_send_timeout 300s; proxy_send_timeout 300s;

4
roles/docker-nextcloud/tasks/main.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: recieve {{domain}} certificate - name: "include task certbot-matomo.yml"
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} include_tasks: certbot-matomo.yml
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: template:

8
roles/docker-peertube/tasks/main.yml
View File

@ -1,10 +1,6 @@
--- ---
- name: recieve {{domain}} certificate - name: "include task certbot-matomo.yml"
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} include_tasks: certbot-matomo.yml
- name: configure {{domain}}.conf
template: src=templates/peertube.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: "create {{docker_compose_instance_directory}}" - name: "create {{docker_compose_instance_directory}}"
file: file:

8
roles/docker-pixelfed/tasks/main.yml
View File

@ -1,10 +1,6 @@
--- ---
- name: recieve {{domain}} certificate - name: "include tasks nginx-docker-proxy-domain.yml"
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} include_tasks: nginx-docker-proxy-domain.yml
- name: configure {{domain}}.conf
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: "create {{docker_compose_instance_directory}}" - name: "create {{docker_compose_instance_directory}}"
file: file:

8
roles/docker-roulette-wheel/tasks/main.yml
View File

@ -1,10 +1,6 @@
--- ---
- name: recieve {{domain}} certificate - name: "include tasks nginx-docker-proxy-domain.yml"
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} include_tasks: nginx-docker-proxy-domain.yml
- name: configure {{domain}}.conf
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx
- name: "create {{docker_compose_instance_directory}}" - name: "create {{docker_compose_instance_directory}}"
file: file:

15
roles/docker-wordpress/tasks/main.yml
View File

@ -1,17 +1,12 @@
--- ---
- name: recieve wordpress certificates for {{domain}}
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: Activate NGINX matomo tracking for {{domain}} - name: "include tasks nginx-docker-proxy-domain.yml"
include_role: include_tasks: nginx-docker-proxy-domain.yml
name: nginx-matomo-tracking loop: "{{ domains }}"
when: nginx_matomo_tracking_active loop_control:
loop_var: domain
- name: configure wordpress nginx configurations
vars: vars:
client_max_body_size: "{{wordpress_max_upload_size}}" client_max_body_size: "{{wordpress_max_upload_size}}"
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{ domain }}.conf
notify: restart nginx
- name: "create {{docker_compose_instance_directory}}" - name: "create {{docker_compose_instance_directory}}"
file: file:

10
roles/docker-yourls/tasks/main.yml
View File

@ -1,12 +1,6 @@
--- ---
- name: recieve {{domain}} certificate - name: "include tasks nginx-docker-proxy-domain.yml"
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} include_tasks: nginx-docker-proxy-domain.yml
- name: configure {{domain}}.conf
template:
src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2"
dest: "/etc/nginx/conf.d/{{domain}}.conf"
notify: restart nginx
- name: "create {{docker_compose_instance_directory}}" - name: "create {{docker_compose_instance_directory}}"
file: file:

42
roles/health-nginx/README.md
View File

@ -1,7 +1,41 @@
# health-nginx # health-nginx
Sends a health report for nginx configurations. This role was created with the help of ChatGPT. The conversation you will find [here](https://chat.openai.com/share/4033be29-12a6-40a3-bf3c-fc5d57dba8cb). ## Overview
`health-nginx` is an Ansible role designed to send health reports for nginx configurations. It leverages Python scripting to check the status of nginx server configurations and reports back any issues. This role is especially useful for maintaining the health of nginx servers in a dynamic environment.
## see ## Requirements
- https://nginx.org/en/docs/ - Ansible
- https://docs.ansible.com/ansible/latest/modules/uri_module.html - Python with the `requests` module
- Access to the nginx configuration files
## Role Variables
- `health_nginx_folder`: The folder where the `health-nginx` script and related files are stored. Defaults to `"{{ path_administrator_scripts }}health-nginx/"`.
## Dependencies
This role depends on:
- `python-pip`: For installing Python packages.
- `systemd-notifier`: For notifying systemd in case of any failures.
## Example Playbook
```yaml
- hosts: servers
roles:
- { role: health-nginx }
```
## Usage
1. **Installation of Python Modules**: The role installs the required Python `requests` module.
2. **File and Directory Management**: It creates the necessary directories and files, including the `health-nginx.py` script.
3. **Service and Timer Templates**: Templates for `health-nginx.service` and `health-nginx.timer` are set up to automate the health checks.
4. **Running the Health Check**: The `health-nginx.py` script is executed to perform the health check. It iterates over nginx configuration files and sends a HEAD request to each domain/subdomain to verify its status. The script considers different expected status codes based on the domain or subdomain.
## Handler Details
- **reload health-nginx.service**: Reloads the `health-nginx.service` if there are any changes to the service file.
- **restart health-nginx.timer**: Restarts and enables the `health-nginx.timer` to schedule regular health checks.
## Additional Information
- For more details on nginx configurations, visit [nginx documentation](https://nginx.org/en/docs/).
- Learn more about Ansible's `uri_module` [here](https://docs.ansible.com/ansible/latest/modules/uri_module.html).
## Contributions
This role was created with the assistance of ChatGPT. The conversation can be found [here](https://chat.openai.com/share/4033be29-12a6-40a3-bf3c-fc5d57dba8cb) and [here](https://chat.openai.com/share/7f3766d1-9db7-4976-8fe9-68d1142c0a78).

22
roles/health-nginx/files/health-nginx.py
View File

@ -20,19 +20,19 @@ for filename in os.listdir(config_path):
parts = name.split('.') parts = name.split('.')
# Prepare the URL and expected status codes # Prepare the URL and expected status codes
url = f"http://{name}" url = f"https://{name}"
# Default: Expect status code 200 for a domain
expected_statuses = [200]
# Determine expected status codes based on subdomain # Determine expected status codes based on subdomain
if len(parts) == 3 and parts[0] == 'www': if len(parts) == 3:
expected_statuses = [200,301] if parts[0] == 'listmonk':
elif len(parts) == 3 and parts[0] == 's': expected_statuses = [401]
expected_statuses = [403] elif parts[0] == 'www':
elif len(parts) <= 3: expected_statuses = [200,301]
# For domain.tld where no specific subdomain is present elif parts[0] == 's':
expected_statuses = [200, 301] expected_statuses = [403]
else:
# Skip files that don't match the schema
continue
try: try:
# Send a HEAD request to get only the response header # Send a HEAD request to get only the response header

7
roles/nginx-homepage/tasks/main.yml
View File

@ -1,10 +1,11 @@
---
- name: "include task certbot-matomo.yml"
include_tasks: certbot-matomo.yml
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=homepage.nginx.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=homepage.nginx.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: recieve {{domain}} certificate
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: nginx-homepage repo git - name: nginx-homepage repo git
git: git:
repo: "{{nginx_homepage_repository_address}}" repo: "{{nginx_homepage_repository_address}}"

5
roles/nginx/tasks/main.yml
View File

@ -9,11 +9,6 @@
state: directory state: directory
mode: 0755 mode: 0755
- name: Activate NGINX matomo tracking
include_role:
name: nginx-matomo-tracking
when: nginx_matomo_tracking_active and domain is defined
- name: create nginx config file - name: create nginx config file
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
notify: restart nginx notify: restart nginx

5
tasks/certbot-matomo.yml Normal file
View File

@ -0,0 +1,5 @@
- name: "include task receive certbot certificate"
include_tasks: recieve-certbot-certificate.yml
- name: "include task implement-matomo-tracking.yml"
include_tasks: implement-matomo-tracking.yml

5
tasks/create-domain-conf.yml Normal file
View File

@ -0,0 +1,5 @@
- name: configure {{domain}}.conf
template:
src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2"
dest: "/etc/nginx/conf.d/{{domain}}.conf"
notify: restart nginx

4
tasks/implement-matomo-tracking.yml Normal file
View File

@ -0,0 +1,4 @@
- name: Activate NGINX matomo tracking
include_role:
name: nginx-matomo-tracking
when: nginx_matomo_tracking_active and domain is defined

5
tasks/nginx-docker-proxy-domain.yml Normal file
View File

@ -0,0 +1,5 @@
- name: "include task certbot-matomo.yml"
include_tasks: certbot-matomo.yml
- name: "include task create-domain-conf.yml"
include_tasks: create-domain-conf.yml

2
tasks/recieve-certbot-certificate.yml Normal file
View File

@ -0,0 +1,2 @@
- name: recieve certbot certificate for {{domain}}
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}