refactored roles. Not fully tested yet. Testrun will be done tomorrow.,

refactored playbooks, tracking and implemented multi domain for mybb
refactored wordpress role
2024-11-24 05:31:04 +01:00 · 2023-12-06 17:59:57 +01:00 · 2023-12-06 16:29:34 +01:00 · 2023-12-06 14:40:18 +01:00 · 2023-12-06 13:44:57 +01:00 · 2023-12-06 12:31:39 +01:00
33 changed files with 324 additions and 315 deletions
--- a/playbook-common.yml
+++ b/playbook-common.yml
@ -0,0 +1,61 @@
+---
+# general setup
+- name: general setup
+  hosts:  all
+  become: true
+  tasks:
+  roles:
+    - role: update
+      when: execute_updates is true
+
+- name: setup standard wireguard
+  hosts: wireguard_server
+  become: true
+  roles:
+    - wireguard
+
+# vpn setup
+- name: setup wireguard client behind firewall\nat
+  hosts: wireguard_behind_firewall
+  become: true
+  roles:
+    - client-wireguard-behind-firewall
+
+- name: setup wireguard client
+  hosts: wireguard_client
+  become: true
+  roles:
+    - client-wireguard
+
+## backup setup
+- name: setup replica backup hosts
+  hosts: replica_backup
+  become: true
+  roles:
+    - role: backup-remote-to-local
+
+- name: setup backup to swappable
+  hosts: backup_to_usb
+  become: true
+  roles:
+    - backup-data-to-usb
+
+## driver setup
+- name: driver-intel
+  hosts: intel
+  become: true
+  roles:
+    - driver-intel
+
+- name: setup multiprinter hosts
+  hosts: epson_multiprinter
+  become: true
+  roles:
+    - driver-epson-multiprinter
+
+## system setup 
+- name: setup swapfile hosts
+  hosts: swapfile
+  become: false
+  roles:
+    - system-swapfile
--- a/playbook-pcs.yml
+++ b/playbook-pcs.yml
@ -0,0 +1,102 @@
+---
+
+- import_playbook: playbook-common.yml
+
+## pc applications
+- name: general host setup
+  hosts: personal_computers
+  become: true
+  roles:
+    - pc-administrator-tools
+    - driver-non-free
+
+- name: pc-office
+  hosts: collection_officetools
+  become: true
+  roles:
+    - pc-office
+
+- name: personal computer for business
+  hosts: business_personal_computer
+  become: true
+  roles:
+    - pc-gnucash
+
+- name: pc-designer-tools
+  hosts: collection_designer
+  become: true
+  roles:
+    - pc-designer-tools
+
+- name: pc-qbittorrent
+  hosts: collection_torrent
+  become: true
+  roles:
+    - pc-qbittorrent
+
+- name: pc-streaming-tools
+  hosts: collection_streamer
+  become: true
+  roles:
+    - pc-streaming-tools
+
+- name: pc-bluray-player-tools
+  hosts: collection_bluray_player
+  become: true
+  roles:
+    - pc-bluray-player-tools
+
+- name: pc-latex
+  hosts: latex
+  become: true
+  roles:
+    - pc-latex
+
+- name: GNOME setup
+  hosts: gnome
+  become: true
+  roles:
+    - pc-gnome
+
+- name: setup ssh client
+  hosts: ssh
+  become: false
+  roles:
+    - pc-ssh
+
+- name: setup gaming hosts
+  hosts: gaming
+  become: true
+  roles:
+    - pc-games
+
+- name: setup entertainment hosts
+  hosts: entertainment
+  become: true
+  roles:
+    - pc-spotify
+
+- name: setup torbrowser hosts
+  hosts: torbrowser
+  become: true
+  roles:
+    - pc-torbrowser
+
+- name: setup nextcloud
+  hosts: nextcloud_client
+  become: true
+  roles:
+    - pc-nextcloud
+
+- name: setup docker
+  hosts: docker
+  become: true
+  roles:
+    - pc-docker
+
+# driver 
+- name: setup msi rgb keyboard
+  hosts: msi_perkeyrgb
+  become: true
+  roles:
+    - driver-msi-keyboard-color
--- a/playbook-servers.yml
+++ b/playbook-servers.yml
@ -1,11 +1,6 @@
 ---
- name: general setup
-  hosts:  all
-  become: true
-  tasks:
-  roles:
-    - role: update
-      when: execute_updates is true
+
+- import_playbook: playbook-common.yml

 - name: servers host setup
  hosts: servers
@ -17,25 +12,6 @@
    - cleanup-disc-space
    - health-btrfs

-# Wireguard Rollen
- name: setup standard wireguard
-  hosts: wireguard_server
-  become: true
-  roles:
-    - wireguard
-
- name: setup wireguard client behind firewall\nat
-  hosts: wireguard_behind_firewall
-  become: true
-  roles:
-    - client-wireguard-behind-firewall
-
- name: setup wireguard client
-  hosts: wireguard_client
-  become: true
-  roles:
-    - client-wireguard
-
 # Native Webserver Roles
 - name: setup nginx-homepages
  hosts: homepage
@ -61,6 +37,7 @@
      vars:
        domain: cloud.{{top_domain}}
        http_port: 8001
+
 - name: setup gitea hosts
  hosts: gitea
  become: true
@ -71,19 +48,16 @@
        http_port: 8002
        ssh_port:  2201
        run_mode: prod
+
 - name: setup wordpress hosts
  hosts: wordpress
  become: true
-  tasks:
-    - name: Include docker-wordpress role for each domain
-      include_role:
-        name: docker-wordpress
-      vars:
-        domain: "{{ item }}"
-        http_port: 8003
-      loop: "{{ wordpress_domains }}"
-      loop_control:
-        loop_var: item
+  roles:
+  - role: docker-wordpress
+    vars:
+      domains: "{{wordpress_domains}}"
+      http_port: 8003
+
 - name: setup mediawiki hosts
  hosts: mediawiki
  become: true
@ -92,14 +66,16 @@
      vars:
        domain: wiki.{{top_domain}}
        http_port: 8004
+
 - name: setup mybb hosts
  hosts: mybb
  become: true
  roles:
   -  role: docker-mybb
      vars:
-        domain: forum.{{top_domain}}
+        domains: "{{mybb_domains}}"
        http_port: 8005
+
 - name: setup yourls hosts
  hosts: yourls
  become: true
@ -108,6 +84,7 @@
      vars:
        domain: s.{{top_domain}}
        http_port: 8006
+
 - name: setup mailu hosts
  hosts: mailu
  become: true
@ -116,6 +93,7 @@
      vars:
        domain: "mail.{{top_domain}}"
        http_port: 8007
+
 - name: setup elk hosts
  hosts: elk
  become: true
@ -124,6 +102,7 @@
      vars:
        domain: "elk.{{top_domain}}"
        http_port: 8008
+
 - name: setup mastodon hosts
  hosts: mastodon
  become: true
@ -133,6 +112,7 @@
        domain: "mastodon.{{top_domain}}"
        http_port: 8009
        stream_port: 4001
+
 - name: setup pixelfed hosts
  hosts: pixelfed
  become: true
@ -141,6 +121,7 @@
      vars:
        domain: pixelfed.{{top_domain}}
        http_port: 8010
+
 - name: setup peertube hosts
  hosts: peertube
  become: true
@ -149,6 +130,7 @@
      vars:
        domain: peertube.{{top_domain}}
        http_port: 8011
+
 - name: setup bigbluebutton hosts
  hosts: bigbluebutton
  become: true
@ -164,6 +146,7 @@
      vars:
        domain: funkwhale.{{top_domain}}
        http_port: 8012
+
 - name: setup roulette-wheel hosts
  hosts: roulette_wheel
  become: true
@ -172,14 +155,16 @@
      vars:
        domain: roulette.{{top_domain}}
        http_port: 8013
+
 - name: setup joomla hosts
  hosts: joomla
  become: true
  roles:
   -  role: docker-joomla
      vars:
-        domain: "joomla.{{top_domain}}"
+        domain: "{{joomla_domains}}"
        http_port: 8014
+
 - name: setup attendize
  hosts: attendize
  become: true
@ -189,6 +174,7 @@
        domain: "tickets.{{top_domain}}"
        http_port: 8015
        mail_interface_http_port: 8016
+
 - name: setup baserow hosts
  hosts: baserow
  become: true
@ -197,6 +183,7 @@
      vars:
        domain: baserow.{{top_domain}}
        http_port: 8017
+
 - name: setup matomo hosts
  hosts: matomo
  become: true
@ -205,6 +192,7 @@
      vars:
        domain: matomo.{{top_domain}}
        http_port: 8018
+
 - name: setup listmonk
  hosts: listmonk
  become: true
@ -213,6 +201,7 @@
      vars:
        domain: listmonk.{{top_domain}}
        http_port: 8019
+
 - name: setup akaunting hosts
  hosts: akaunting
  become: true
@ -221,133 +210,3 @@
      vars:
        domain: akaunting.{{top_domain}}
        http_port: 8080
-
-# Backup Roles
- name: setup replica backup hosts
-  hosts: replica_backup
-  become: true
-  roles:
-    - role: backup-remote-to-local
-
-## PC services
- name: general host setup
-  hosts: personal_computers
-  become: true
-  roles:
-    - pc-administrator-tools
-    - driver-non-free
-
- name: pc-office
-  hosts: collection_officetools
-  become: true
-  roles:
-    - pc-office
-
- name: personal computer for business
-  hosts: business_personal_computer
-  become: true
-  roles:
-    - pc-gnucash
-
- name: pc-designer-tools
-  hosts: collection_designer
-  become: true
-  roles:
-    - pc-designer-tools
-
- name: pc-qbittorrent
-  hosts: collection_torrent
-  become: true
-  roles:
-    - pc-qbittorrent
-
- name: pc-streaming-tools
-  hosts: collection_streamer
-  become: true
-  roles:
-    - pc-streaming-tools
-
- name: pc-bluray-player-tools
-  hosts: collection_bluray_player
-  become: true
-  roles:
-    - pc-bluray-player-tools
-
- name: driver-intel
-  hosts: intel
-  become: true
-  roles:
-    - driver-intel
-
- name: pc-latex
-  hosts: latex
-  become: true
-  roles:
-    - pc-latex
-
- name: GNOME setup
-  hosts: gnome
-  become: true
-  roles:
-    - pc-gnome
-
- name: setup msi rgb keyboard
-  hosts: msi_perkeyrgb
-  become: true
-  roles:
-    - driver-msi-keyboard-color
-
- name: setup ssh hosts
-  hosts: ssh
-  become: false
-  roles:
-    - pc-ssh
-
- name: setup swapfile hosts
-  hosts: swapfile
-  become: false
-  roles:
-    - system-swapfile
-
- name: setup gaming hosts
-  hosts: gaming
-  become: true
-  roles:
-    - pc-games
-
- name: setup entertainment hosts
-  hosts: entertainment
-  become: true
-  roles:
-    - pc-spotify
-
- name: setup multiprinter hosts
-  hosts: epson_multiprinter
-  become: true
-  roles:
-    - driver-epson-multiprinter
-
- name: setup torbrowser hosts
-  hosts: torbrowser
-  become: true
-  roles:
-    - pc-torbrowser
-
- name: setup nextcloud
-  hosts: nextcloud_client
-  become: true
-  roles:
-    - pc-nextcloud
-
- name: setup docker
-  hosts: docker
-  become: true
-  roles:
-    - pc-docker
-
-
- name: setup backup to swappable
-  hosts: backup_to_usb
-  become: true
-  roles:
-    - backup-data-to-usb
--- a/roles/docker-akaunting/tasks/main.yml
+++ b/roles/docker-akaunting/tasks/main.yml
@ -1,10 +1,6 @@
 ---
- name: recieve {{domain}} certificate
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
-
- name: configure {{domain}}.conf
-  template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
-  notify: restart nginx
+- name: "include tasks nginx-docker-proxy-domain.yml"
+  include_tasks: nginx-docker-proxy-domain.yml

 - name: register directory
  stat:
--- a/roles/docker-baserow/tasks/main.yml
+++ b/roles/docker-baserow/tasks/main.yml
@ -1,10 +1,6 @@
 ---
- name: recieve {{domain}} certificate
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
-
- name: configure {{domain}}.conf
-  template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
-  notify: restart nginx
+- name: "include tasks nginx-docker-proxy-domain.yml"
+  include_tasks: nginx-docker-proxy-domain.yml

 - name: "create {{docker_compose_instance_directory}}"
  file:
--- a/roles/docker-bigbluebutton/tasks/main.yml
+++ b/roles/docker-bigbluebutton/tasks/main.yml
@ -1,6 +1,6 @@
 ---
- name: recieve {{domain}} certificate
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
+- name: "include task certbot-matomo.yml"
+  include_tasks: certbot-matomo.yml

 - name: configure {{domain}}.conf
  template: src=templates/nginx-proxy.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
--- a/roles/docker-elk/tasks/main.yml
+++ b/roles/docker-elk/tasks/main.yml
@ -1,11 +1,7 @@
 ---

- name: recieve {{domain}} certificate
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
-
- name: configure {{domain}}.conf
-  template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
-  notify: restart nginx
+- name: "include tasks nginx-docker-proxy-domain.yml"
+  include_tasks: nginx-docker-proxy-domain.yml

 - name: create elasticsearch-sysctl.conf
  copy:
--- a/roles/docker-funkwhale/tasks/main.yml
+++ b/roles/docker-funkwhale/tasks/main.yml
@ -1,10 +1,6 @@
 ---
- name: recieve {{domain}} certificate
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
-
- name: configure {{domain}}.conf
-  template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
-  notify: restart nginx
+- name: "include tasks nginx-docker-proxy-domain.yml"
+  include_tasks: nginx-docker-proxy-domain.yml

 - name: "create {{docker_compose_instance_directory}}"
  file:
--- a/roles/docker-gitea/tasks/main.yml
+++ b/roles/docker-gitea/tasks/main.yml
@ -1,10 +1,6 @@
 ---
- name: recieve {{domain}} certificate
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
-
- name: configure {{domain}} https
-  template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
-  notify: restart nginx
+- name: "include tasks nginx-docker-proxy-domain.yml"
+  include_tasks: nginx-docker-proxy-domain.yml

 - name: "create {{docker_compose_instance_directory}}"
  file:
--- a/roles/docker-jenkins/tasks/main.yml
+++ b/roles/docker-jenkins/tasks/main.yml
@ -1,9 +1,5 @@
- name: recieve {{domain}} certificate
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
-
- name: configure {{domain}}.conf
-  template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
-  notify: restart nginx
+- name: "include tasks nginx-docker-proxy-domain.yml"
+  include_tasks: nginx-docker-proxy-domain.yml

 - name: "docker jenkins"
  docker_compose:
--- a/roles/docker-joomla/tasks/main.yml
+++ b/roles/docker-joomla/tasks/main.yml
@ -1,10 +1,9 @@
 ---
- name: recieve {{domain}} certificate
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
-
- name: configure {{domain}}.conf
-  template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
-  notify: restart nginx
+- name: "include tasks nginx-docker-proxy-domain.yml"
+  include_tasks: nginx-docker-proxy-domain.yml
+  loop: "{{ domains }}"
+  loop_control:
+    loop_var: domain

 - name: "create {{docker_compose_instance_directory}}"
  file:
--- a/roles/docker-listmonk/tasks/main.yml
+++ b/roles/docker-listmonk/tasks/main.yml
@ -1,12 +1,6 @@
 ---
- name: recieve {{domain}} certificate
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
-
- name: configure {{domain}}.conf
-  template: 
-    src:  "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2"
-    dest: "/etc/nginx/conf.d/{{domain}}.conf"
-  notify: restart nginx
+- name: "include tasks nginx-docker-proxy-domain.yml"
+  include_tasks: nginx-docker-proxy-domain.yml

 - name: "create {{docker_compose_instance_directory}}"
  file:
--- a/roles/docker-mailu/tasks/main.yml
+++ b/roles/docker-mailu/tasks/main.yml
@ -1,13 +1,8 @@
 ---
-
- name: recieve {{domain}} certificate
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
-
- name: configure {{domain}}.conf
+- name: "include tasks nginx-docker-proxy-domain.yml"
+  include_tasks: nginx-docker-proxy-domain.yml
  vars:
    client_max_body_size: "31M"
-  template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
-  notify: restart nginx

 - name: "create {{path_docker_compose_files}}mailu"
  file:
--- a/roles/docker-mastodon/tasks/main.yml
+++ b/roles/docker-mastodon/tasks/main.yml
@ -1,6 +1,6 @@
 ---
- name: recieve {{domain}} certificate
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
+- name: "include task certbot-matomo.yml"
+  include_tasks: certbot-matomo.yml

 - name: configure {{domain}}.conf
  template: src=templates/mastodon.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
--- a/roles/docker-matomo/tasks/main.yml
+++ b/roles/docker-matomo/tasks/main.yml
@ -1,12 +1,6 @@
 ---
- name: recieve {{domain}} certificate
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
-
- name: configure {{domain}}.conf
-  template: 
-    src:  "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2"
-    dest: "/etc/nginx/conf.d/{{domain}}.conf"
-  notify: restart nginx
+- name: "include tasks nginx-docker-proxy-domain.yml"
+  include_tasks: nginx-docker-proxy-domain.yml

 - name: "create {{docker_compose_instance_directory}}"
  file:
--- a/roles/docker-mediawiki/tasks/main.yml
+++ b/roles/docker-mediawiki/tasks/main.yml
@ -1,9 +1,5 @@
- name: recieve {{domain}} certificate
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
-
- name: configure {{domain}}.conf
-  template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
-  notify: restart nginx
+- name: "include tasks nginx-docker-proxy-domain.yml"
+  include_tasks: nginx-docker-proxy-domain.yml

 - name: "docker mediawiki"
  docker_compose:
--- a/roles/docker-mybb/tasks/main.yml
+++ b/roles/docker-mybb/tasks/main.yml
@ -1,16 +1,13 @@
 ---
- name: recieve {{domain}} certificate
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
+- name: "include tasks nginx-docker-proxy-domain.yml"
+  include_tasks: nginx-docker-proxy-domain.yml
+  loop: "{{ domains }}"
+  loop_control:
+    loop_var: domain

- name: configure {{domain}}.conf
-  template: 
-    src:  "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2" 
-    dest: "/etc/nginx/conf.d/{{domain}}.conf"
-  notify: restart nginx
-
- name: "create {{conf_d_docker_directory}} and parent directories"
+- name: "create {{conf_d_server_directory}} and parent directories"
  file:
-    path: "{{conf_d_docker_directory}}"
+    path: "{{conf_d_server_directory}}"
    state: directory
    mode: 0755
    recurse: yes
--- a/roles/docker-mybb/templates/default.conf
+++ b/roles/docker-mybb/templates/default.conf
@ -7,6 +7,7 @@ server {
    error_log stderr debug;
    root /var/www/html;
    index index.html index.php;
+    worker_processes auto;

    location / {
        try_files $uri $uri/ /index.php?$args;
@ -29,6 +30,13 @@ server {
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;

+        # client timeout
+        keepalive_timeout           60s;
+        client_header_timeout       60s;
+        client_body_timeout         60s;
+        send_timeout                300s;
+        reset_timedout_connection   on;
+
        # proxy timeouts
        proxy_connect_timeout       300s;
        proxy_send_timeout          300s;
--- a/roles/docker-nextcloud/tasks/main.yml
+++ b/roles/docker-nextcloud/tasks/main.yml
@ -1,6 +1,6 @@
 ---
- name: recieve {{domain}} certificate
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
+- name: "include task certbot-matomo.yml"
+  include_tasks: certbot-matomo.yml

 - name: configure {{domain}}.conf
  template: 
--- a/roles/docker-peertube/tasks/main.yml
+++ b/roles/docker-peertube/tasks/main.yml
@ -1,10 +1,6 @@
 ---
- name: recieve {{domain}} certificate
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
-
- name: configure {{domain}}.conf
-  template: src=templates/peertube.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
-  notify: restart nginx
+- name: "include task certbot-matomo.yml"
+  include_tasks: certbot-matomo.yml

 - name: "create {{docker_compose_instance_directory}}"
  file:
--- a/roles/docker-pixelfed/tasks/main.yml
+++ b/roles/docker-pixelfed/tasks/main.yml
@ -1,10 +1,6 @@
 ---
- name: recieve {{domain}} certificate
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
-
- name: configure {{domain}}.conf
-  template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
-  notify: restart nginx
+- name: "include tasks nginx-docker-proxy-domain.yml"
+  include_tasks: nginx-docker-proxy-domain.yml

 - name: "create {{docker_compose_instance_directory}}"
  file:
--- a/roles/docker-roulette-wheel/tasks/main.yml
+++ b/roles/docker-roulette-wheel/tasks/main.yml
@ -1,10 +1,6 @@
 ---
- name: recieve {{domain}} certificate
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
-
- name: configure {{domain}}.conf
-  template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
-  notify: restart nginx
+- name: "include tasks nginx-docker-proxy-domain.yml"
+  include_tasks: nginx-docker-proxy-domain.yml

 - name: "create {{docker_compose_instance_directory}}"
  file:
--- a/roles/docker-wordpress/tasks/main.yml
+++ b/roles/docker-wordpress/tasks/main.yml
@ -1,17 +1,12 @@
 ---
- name: recieve wordpress certificates for {{domain}}
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}

- name: Activate NGINX matomo tracking for {{domain}}
-  include_role:
-    name: nginx-matomo-tracking
-  when: nginx_matomo_tracking_active
-
- name: configure wordpress nginx configurations
+- name: "include tasks nginx-docker-proxy-domain.yml"
+  include_tasks: nginx-docker-proxy-domain.yml
+  loop: "{{ domains }}"
+  loop_control:
+    loop_var: domain
  vars:
    client_max_body_size: "{{wordpress_max_upload_size}}"
-  template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{ domain }}.conf
-  notify: restart nginx

 - name: "create {{docker_compose_instance_directory}}"
  file:
--- a/roles/docker-yourls/tasks/main.yml
+++ b/roles/docker-yourls/tasks/main.yml
@ -1,12 +1,6 @@
 ---
- name: recieve {{domain}} certificate
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
-
- name: configure {{domain}}.conf
-  template: 
-    src:  "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2"
-    dest: "/etc/nginx/conf.d/{{domain}}.conf"
-  notify: restart nginx
+- name: "include tasks nginx-docker-proxy-domain.yml"
+  include_tasks: nginx-docker-proxy-domain.yml

 - name: "create {{docker_compose_instance_directory}}"
  file:
--- a/roles/health-nginx/README.md
+++ b/roles/health-nginx/README.md
@ -1,7 +1,41 @@
 # health-nginx

-Sends a health report for nginx configurations. This role was created with the help of ChatGPT. The conversation you will find [here](https://chat.openai.com/share/4033be29-12a6-40a3-bf3c-fc5d57dba8cb).
+## Overview
+`health-nginx` is an Ansible role designed to send health reports for nginx configurations. It leverages Python scripting to check the status of nginx server configurations and reports back any issues. This role is especially useful for maintaining the health of nginx servers in a dynamic environment.

-## see
- https://nginx.org/en/docs/
- https://docs.ansible.com/ansible/latest/modules/uri_module.html
+## Requirements
+- Ansible
+- Python with the `requests` module
+- Access to the nginx configuration files
+
+## Role Variables
+- `health_nginx_folder`: The folder where the `health-nginx` script and related files are stored. Defaults to `"{{ path_administrator_scripts }}health-nginx/"`.
+
+## Dependencies
+This role depends on:
+- `python-pip`: For installing Python packages.
+- `systemd-notifier`: For notifying systemd in case of any failures.
+
+## Example Playbook
+```yaml
+- hosts: servers
+  roles:
+    - { role: health-nginx }
+```
+
+## Usage
+1. **Installation of Python Modules**: The role installs the required Python `requests` module.
+2. **File and Directory Management**: It creates the necessary directories and files, including the `health-nginx.py` script.
+3. **Service and Timer Templates**: Templates for `health-nginx.service` and `health-nginx.timer` are set up to automate the health checks.
+4. **Running the Health Check**: The `health-nginx.py` script is executed to perform the health check. It iterates over nginx configuration files and sends a HEAD request to each domain/subdomain to verify its status. The script considers different expected status codes based on the domain or subdomain.
+
+## Handler Details
+- **reload health-nginx.service**: Reloads the `health-nginx.service` if there are any changes to the service file.
+- **restart health-nginx.timer**: Restarts and enables the `health-nginx.timer` to schedule regular health checks.
+
+## Additional Information
+- For more details on nginx configurations, visit [nginx documentation](https://nginx.org/en/docs/).
+- Learn more about Ansible's `uri_module` [here](https://docs.ansible.com/ansible/latest/modules/uri_module.html).
+
+## Contributions
+This role was created with the assistance of ChatGPT. The conversation can be found [here](https://chat.openai.com/share/4033be29-12a6-40a3-bf3c-fc5d57dba8cb) and [here](https://chat.openai.com/share/7f3766d1-9db7-4976-8fe9-68d1142c0a78).
--- a/roles/health-nginx/files/health-nginx.py
+++ b/roles/health-nginx/files/health-nginx.py
@ -20,19 +20,19 @@ for filename in os.listdir(config_path):
        parts = name.split('.')
        
        # Prepare the URL and expected status codes
-        url = f"http://{name}"
+        url = f"https://{name}"
+        
+        # Default: Expect status code 200 for a domain
+        expected_statuses = [200]
        
        # Determine expected status codes based on subdomain
-        if len(parts) == 3 and parts[0] == 'www':
-            expected_statuses = [200,301]
-        elif len(parts) == 3 and parts[0] == 's':
-            expected_statuses = [403]
-        elif len(parts) <= 3:
-            # For domain.tld where no specific subdomain is present
-            expected_statuses = [200, 301]
-        else:
-            # Skip files that don't match the schema
-            continue
+        if len(parts) == 3:
+            if parts[0] == 'listmonk':
+                expected_statuses = [401]
+            elif parts[0] == 'www':
+                expected_statuses = [200,301]
+            elif parts[0] == 's':
+                expected_statuses = [403]

        try:
            # Send a HEAD request to get only the response header
--- a/roles/nginx-homepage/tasks/main.yml
+++ b/roles/nginx-homepage/tasks/main.yml
@ -1,10 +1,11 @@
+---
+- name: "include task certbot-matomo.yml"
+  include_tasks: certbot-matomo.yml
+
 - name: configure {{domain}}.conf
  template: src=homepage.nginx.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
  notify: restart nginx

- name: recieve {{domain}} certificate
-  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
-
 - name: nginx-homepage repo git
  git:
    repo: "{{nginx_homepage_repository_address}}"
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -9,11 +9,6 @@
    state: directory
    mode: 0755

- name: Activate NGINX matomo tracking
-  include_role:
-    name: nginx-matomo-tracking
-  when: nginx_matomo_tracking_active and domain is defined
-
 - name: create nginx config file
  template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
  notify: restart nginx
--- a/tasks/certbot-matomo.yml
+++ b/tasks/certbot-matomo.yml
@ -0,0 +1,5 @@
+- name: "include task receive certbot certificate"
+  include_tasks: recieve-certbot-certificate.yml
+
+- name: "include task implement-matomo-tracking.yml"
+  include_tasks: implement-matomo-tracking.yml
--- a/tasks/create-domain-conf.yml
+++ b/tasks/create-domain-conf.yml
@ -0,0 +1,5 @@
+- name: configure {{domain}}.conf
+  template: 
+    src:  "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2" 
+    dest: "/etc/nginx/conf.d/{{domain}}.conf"
+  notify: restart nginx
--- a/tasks/implement-matomo-tracking.yml
+++ b/tasks/implement-matomo-tracking.yml
@ -0,0 +1,4 @@
+- name: Activate NGINX matomo tracking
+  include_role:
+    name: nginx-matomo-tracking
+  when: nginx_matomo_tracking_active and domain is defined
--- a/tasks/nginx-docker-proxy-domain.yml
+++ b/tasks/nginx-docker-proxy-domain.yml
@ -0,0 +1,5 @@
+- name: "include task certbot-matomo.yml"
+  include_tasks: certbot-matomo.yml
+
+- name: "include task create-domain-conf.yml"
+  include_tasks: create-domain-conf.yml
--- a/tasks/recieve-certbot-certificate.yml
+++ b/tasks/recieve-certbot-certificate.yml
@ -0,0 +1,2 @@
+- name: recieve certbot certificate for {{domain}}
+  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
Author	SHA1	Message	Date
Kevin Veen-Birkenbach	fcaaa16c64	refactored roles. Not fully tested yet. Testrun will be done tomorrow.,	2023-12-06 17:59:57 +01:00
Kevin Veen-Birkenbach	9509534109	refactored playbooks, tracking and implemented multi domain for mybb	2023-12-06 16:29:34 +01:00
Kevin Veen-Birkenbach	68a2bd4421	refactored wordpress role	2023-12-06 14:40:18 +01:00
Kevin Veen-Birkenbach	15090dd75d	Raised limits	2023-12-06 13:44:57 +01:00
Kevin Veen-Birkenbach	709c741a5b	optimized healh-nginx logic	2023-12-06 12:31:39 +01:00