mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2024-11-24 13:41:03 +01:00
Compare commits
No commits in common. "fcaaa16c64ddac692e6e7f58df33820f3f240321" and "f1160a6ef080435765af9394968363940c4d66da" have entirely different histories.
fcaaa16c64
...
f1160a6ef0
@ -1,61 +0,0 @@
|
||||
---
|
||||
# general setup
|
||||
- name: general setup
|
||||
hosts: all
|
||||
become: true
|
||||
tasks:
|
||||
roles:
|
||||
- role: update
|
||||
when: execute_updates is true
|
||||
|
||||
- name: setup standard wireguard
|
||||
hosts: wireguard_server
|
||||
become: true
|
||||
roles:
|
||||
- wireguard
|
||||
|
||||
# vpn setup
|
||||
- name: setup wireguard client behind firewall\nat
|
||||
hosts: wireguard_behind_firewall
|
||||
become: true
|
||||
roles:
|
||||
- client-wireguard-behind-firewall
|
||||
|
||||
- name: setup wireguard client
|
||||
hosts: wireguard_client
|
||||
become: true
|
||||
roles:
|
||||
- client-wireguard
|
||||
|
||||
## backup setup
|
||||
- name: setup replica backup hosts
|
||||
hosts: replica_backup
|
||||
become: true
|
||||
roles:
|
||||
- role: backup-remote-to-local
|
||||
|
||||
- name: setup backup to swappable
|
||||
hosts: backup_to_usb
|
||||
become: true
|
||||
roles:
|
||||
- backup-data-to-usb
|
||||
|
||||
## driver setup
|
||||
- name: driver-intel
|
||||
hosts: intel
|
||||
become: true
|
||||
roles:
|
||||
- driver-intel
|
||||
|
||||
- name: setup multiprinter hosts
|
||||
hosts: epson_multiprinter
|
||||
become: true
|
||||
roles:
|
||||
- driver-epson-multiprinter
|
||||
|
||||
## system setup
|
||||
- name: setup swapfile hosts
|
||||
hosts: swapfile
|
||||
become: false
|
||||
roles:
|
||||
- system-swapfile
|
102
playbook-pcs.yml
102
playbook-pcs.yml
@ -1,102 +0,0 @@
|
||||
---
|
||||
|
||||
- import_playbook: playbook-common.yml
|
||||
|
||||
## pc applications
|
||||
- name: general host setup
|
||||
hosts: personal_computers
|
||||
become: true
|
||||
roles:
|
||||
- pc-administrator-tools
|
||||
- driver-non-free
|
||||
|
||||
- name: pc-office
|
||||
hosts: collection_officetools
|
||||
become: true
|
||||
roles:
|
||||
- pc-office
|
||||
|
||||
- name: personal computer for business
|
||||
hosts: business_personal_computer
|
||||
become: true
|
||||
roles:
|
||||
- pc-gnucash
|
||||
|
||||
- name: pc-designer-tools
|
||||
hosts: collection_designer
|
||||
become: true
|
||||
roles:
|
||||
- pc-designer-tools
|
||||
|
||||
- name: pc-qbittorrent
|
||||
hosts: collection_torrent
|
||||
become: true
|
||||
roles:
|
||||
- pc-qbittorrent
|
||||
|
||||
- name: pc-streaming-tools
|
||||
hosts: collection_streamer
|
||||
become: true
|
||||
roles:
|
||||
- pc-streaming-tools
|
||||
|
||||
- name: pc-bluray-player-tools
|
||||
hosts: collection_bluray_player
|
||||
become: true
|
||||
roles:
|
||||
- pc-bluray-player-tools
|
||||
|
||||
- name: pc-latex
|
||||
hosts: latex
|
||||
become: true
|
||||
roles:
|
||||
- pc-latex
|
||||
|
||||
- name: GNOME setup
|
||||
hosts: gnome
|
||||
become: true
|
||||
roles:
|
||||
- pc-gnome
|
||||
|
||||
- name: setup ssh client
|
||||
hosts: ssh
|
||||
become: false
|
||||
roles:
|
||||
- pc-ssh
|
||||
|
||||
- name: setup gaming hosts
|
||||
hosts: gaming
|
||||
become: true
|
||||
roles:
|
||||
- pc-games
|
||||
|
||||
- name: setup entertainment hosts
|
||||
hosts: entertainment
|
||||
become: true
|
||||
roles:
|
||||
- pc-spotify
|
||||
|
||||
- name: setup torbrowser hosts
|
||||
hosts: torbrowser
|
||||
become: true
|
||||
roles:
|
||||
- pc-torbrowser
|
||||
|
||||
- name: setup nextcloud
|
||||
hosts: nextcloud_client
|
||||
become: true
|
||||
roles:
|
||||
- pc-nextcloud
|
||||
|
||||
- name: setup docker
|
||||
hosts: docker
|
||||
become: true
|
||||
roles:
|
||||
- pc-docker
|
||||
|
||||
# driver
|
||||
- name: setup msi rgb keyboard
|
||||
hosts: msi_perkeyrgb
|
||||
become: true
|
||||
roles:
|
||||
- driver-msi-keyboard-color
|
@ -1,6 +1,11 @@
|
||||
---
|
||||
|
||||
- import_playbook: playbook-common.yml
|
||||
- name: general setup
|
||||
hosts: all
|
||||
become: true
|
||||
tasks:
|
||||
roles:
|
||||
- role: update
|
||||
when: execute_updates is true
|
||||
|
||||
- name: servers host setup
|
||||
hosts: servers
|
||||
@ -12,6 +17,25 @@
|
||||
- cleanup-disc-space
|
||||
- health-btrfs
|
||||
|
||||
# Wireguard Rollen
|
||||
- name: setup standard wireguard
|
||||
hosts: wireguard_server
|
||||
become: true
|
||||
roles:
|
||||
- wireguard
|
||||
|
||||
- name: setup wireguard client behind firewall\nat
|
||||
hosts: wireguard_behind_firewall
|
||||
become: true
|
||||
roles:
|
||||
- client-wireguard-behind-firewall
|
||||
|
||||
- name: setup wireguard client
|
||||
hosts: wireguard_client
|
||||
become: true
|
||||
roles:
|
||||
- client-wireguard
|
||||
|
||||
# Native Webserver Roles
|
||||
- name: setup nginx-homepages
|
||||
hosts: homepage
|
||||
@ -37,7 +61,6 @@
|
||||
vars:
|
||||
domain: cloud.{{top_domain}}
|
||||
http_port: 8001
|
||||
|
||||
- name: setup gitea hosts
|
||||
hosts: gitea
|
||||
become: true
|
||||
@ -48,16 +71,19 @@
|
||||
http_port: 8002
|
||||
ssh_port: 2201
|
||||
run_mode: prod
|
||||
|
||||
- name: setup wordpress hosts
|
||||
hosts: wordpress
|
||||
become: true
|
||||
roles:
|
||||
- role: docker-wordpress
|
||||
vars:
|
||||
domains: "{{wordpress_domains}}"
|
||||
http_port: 8003
|
||||
|
||||
tasks:
|
||||
- name: Include docker-wordpress role for each domain
|
||||
include_role:
|
||||
name: docker-wordpress
|
||||
vars:
|
||||
domain: "{{ item }}"
|
||||
http_port: 8003
|
||||
loop: "{{ wordpress_domains }}"
|
||||
loop_control:
|
||||
loop_var: item
|
||||
- name: setup mediawiki hosts
|
||||
hosts: mediawiki
|
||||
become: true
|
||||
@ -66,16 +92,14 @@
|
||||
vars:
|
||||
domain: wiki.{{top_domain}}
|
||||
http_port: 8004
|
||||
|
||||
- name: setup mybb hosts
|
||||
hosts: mybb
|
||||
become: true
|
||||
roles:
|
||||
- role: docker-mybb
|
||||
vars:
|
||||
domains: "{{mybb_domains}}"
|
||||
domain: forum.{{top_domain}}
|
||||
http_port: 8005
|
||||
|
||||
- name: setup yourls hosts
|
||||
hosts: yourls
|
||||
become: true
|
||||
@ -84,7 +108,6 @@
|
||||
vars:
|
||||
domain: s.{{top_domain}}
|
||||
http_port: 8006
|
||||
|
||||
- name: setup mailu hosts
|
||||
hosts: mailu
|
||||
become: true
|
||||
@ -93,7 +116,6 @@
|
||||
vars:
|
||||
domain: "mail.{{top_domain}}"
|
||||
http_port: 8007
|
||||
|
||||
- name: setup elk hosts
|
||||
hosts: elk
|
||||
become: true
|
||||
@ -102,7 +124,6 @@
|
||||
vars:
|
||||
domain: "elk.{{top_domain}}"
|
||||
http_port: 8008
|
||||
|
||||
- name: setup mastodon hosts
|
||||
hosts: mastodon
|
||||
become: true
|
||||
@ -112,7 +133,6 @@
|
||||
domain: "mastodon.{{top_domain}}"
|
||||
http_port: 8009
|
||||
stream_port: 4001
|
||||
|
||||
- name: setup pixelfed hosts
|
||||
hosts: pixelfed
|
||||
become: true
|
||||
@ -121,7 +141,6 @@
|
||||
vars:
|
||||
domain: pixelfed.{{top_domain}}
|
||||
http_port: 8010
|
||||
|
||||
- name: setup peertube hosts
|
||||
hosts: peertube
|
||||
become: true
|
||||
@ -130,7 +149,6 @@
|
||||
vars:
|
||||
domain: peertube.{{top_domain}}
|
||||
http_port: 8011
|
||||
|
||||
- name: setup bigbluebutton hosts
|
||||
hosts: bigbluebutton
|
||||
become: true
|
||||
@ -146,7 +164,6 @@
|
||||
vars:
|
||||
domain: funkwhale.{{top_domain}}
|
||||
http_port: 8012
|
||||
|
||||
- name: setup roulette-wheel hosts
|
||||
hosts: roulette_wheel
|
||||
become: true
|
||||
@ -155,16 +172,14 @@
|
||||
vars:
|
||||
domain: roulette.{{top_domain}}
|
||||
http_port: 8013
|
||||
|
||||
- name: setup joomla hosts
|
||||
hosts: joomla
|
||||
become: true
|
||||
roles:
|
||||
- role: docker-joomla
|
||||
vars:
|
||||
domain: "{{joomla_domains}}"
|
||||
domain: "joomla.{{top_domain}}"
|
||||
http_port: 8014
|
||||
|
||||
- name: setup attendize
|
||||
hosts: attendize
|
||||
become: true
|
||||
@ -174,7 +189,6 @@
|
||||
domain: "tickets.{{top_domain}}"
|
||||
http_port: 8015
|
||||
mail_interface_http_port: 8016
|
||||
|
||||
- name: setup baserow hosts
|
||||
hosts: baserow
|
||||
become: true
|
||||
@ -183,7 +197,6 @@
|
||||
vars:
|
||||
domain: baserow.{{top_domain}}
|
||||
http_port: 8017
|
||||
|
||||
- name: setup matomo hosts
|
||||
hosts: matomo
|
||||
become: true
|
||||
@ -192,7 +205,6 @@
|
||||
vars:
|
||||
domain: matomo.{{top_domain}}
|
||||
http_port: 8018
|
||||
|
||||
- name: setup listmonk
|
||||
hosts: listmonk
|
||||
become: true
|
||||
@ -201,7 +213,6 @@
|
||||
vars:
|
||||
domain: listmonk.{{top_domain}}
|
||||
http_port: 8019
|
||||
|
||||
- name: setup akaunting hosts
|
||||
hosts: akaunting
|
||||
become: true
|
||||
@ -210,3 +221,133 @@
|
||||
vars:
|
||||
domain: akaunting.{{top_domain}}
|
||||
http_port: 8080
|
||||
|
||||
# Backup Roles
|
||||
- name: setup replica backup hosts
|
||||
hosts: replica_backup
|
||||
become: true
|
||||
roles:
|
||||
- role: backup-remote-to-local
|
||||
|
||||
## PC services
|
||||
- name: general host setup
|
||||
hosts: personal_computers
|
||||
become: true
|
||||
roles:
|
||||
- pc-administrator-tools
|
||||
- driver-non-free
|
||||
|
||||
- name: pc-office
|
||||
hosts: collection_officetools
|
||||
become: true
|
||||
roles:
|
||||
- pc-office
|
||||
|
||||
- name: personal computer for business
|
||||
hosts: business_personal_computer
|
||||
become: true
|
||||
roles:
|
||||
- pc-gnucash
|
||||
|
||||
- name: pc-designer-tools
|
||||
hosts: collection_designer
|
||||
become: true
|
||||
roles:
|
||||
- pc-designer-tools
|
||||
|
||||
- name: pc-qbittorrent
|
||||
hosts: collection_torrent
|
||||
become: true
|
||||
roles:
|
||||
- pc-qbittorrent
|
||||
|
||||
- name: pc-streaming-tools
|
||||
hosts: collection_streamer
|
||||
become: true
|
||||
roles:
|
||||
- pc-streaming-tools
|
||||
|
||||
- name: pc-bluray-player-tools
|
||||
hosts: collection_bluray_player
|
||||
become: true
|
||||
roles:
|
||||
- pc-bluray-player-tools
|
||||
|
||||
- name: driver-intel
|
||||
hosts: intel
|
||||
become: true
|
||||
roles:
|
||||
- driver-intel
|
||||
|
||||
- name: pc-latex
|
||||
hosts: latex
|
||||
become: true
|
||||
roles:
|
||||
- pc-latex
|
||||
|
||||
- name: GNOME setup
|
||||
hosts: gnome
|
||||
become: true
|
||||
roles:
|
||||
- pc-gnome
|
||||
|
||||
- name: setup msi rgb keyboard
|
||||
hosts: msi_perkeyrgb
|
||||
become: true
|
||||
roles:
|
||||
- driver-msi-keyboard-color
|
||||
|
||||
- name: setup ssh hosts
|
||||
hosts: ssh
|
||||
become: false
|
||||
roles:
|
||||
- pc-ssh
|
||||
|
||||
- name: setup swapfile hosts
|
||||
hosts: swapfile
|
||||
become: false
|
||||
roles:
|
||||
- system-swapfile
|
||||
|
||||
- name: setup gaming hosts
|
||||
hosts: gaming
|
||||
become: true
|
||||
roles:
|
||||
- pc-games
|
||||
|
||||
- name: setup entertainment hosts
|
||||
hosts: entertainment
|
||||
become: true
|
||||
roles:
|
||||
- pc-spotify
|
||||
|
||||
- name: setup multiprinter hosts
|
||||
hosts: epson_multiprinter
|
||||
become: true
|
||||
roles:
|
||||
- driver-epson-multiprinter
|
||||
|
||||
- name: setup torbrowser hosts
|
||||
hosts: torbrowser
|
||||
become: true
|
||||
roles:
|
||||
- pc-torbrowser
|
||||
|
||||
- name: setup nextcloud
|
||||
hosts: nextcloud_client
|
||||
become: true
|
||||
roles:
|
||||
- pc-nextcloud
|
||||
|
||||
- name: setup docker
|
||||
hosts: docker
|
||||
become: true
|
||||
roles:
|
||||
- pc-docker
|
||||
|
||||
|
||||
- name: setup backup to swappable
|
||||
hosts: backup_to_usb
|
||||
become: true
|
||||
roles:
|
||||
- backup-data-to-usb
|
@ -1,6 +1,10 @@
|
||||
---
|
||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||
include_tasks: nginx-docker-proxy-domain.yml
|
||||
- name: recieve {{domain}} certificate
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: register directory
|
||||
stat:
|
||||
|
@ -1,6 +1,10 @@
|
||||
---
|
||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||
include_tasks: nginx-docker-proxy-domain.yml
|
||||
- name: recieve {{domain}} certificate
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: "create {{docker_compose_instance_directory}}"
|
||||
file:
|
||||
|
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: "include task certbot-matomo.yml"
|
||||
include_tasks: certbot-matomo.yml
|
||||
- name: recieve {{domain}} certificate
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=templates/nginx-proxy.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
|
@ -1,7 +1,11 @@
|
||||
---
|
||||
|
||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||
include_tasks: nginx-docker-proxy-domain.yml
|
||||
- name: recieve {{domain}} certificate
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: create elasticsearch-sysctl.conf
|
||||
copy:
|
||||
|
@ -1,6 +1,10 @@
|
||||
---
|
||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||
include_tasks: nginx-docker-proxy-domain.yml
|
||||
- name: recieve {{domain}} certificate
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: "create {{docker_compose_instance_directory}}"
|
||||
file:
|
||||
|
@ -1,6 +1,10 @@
|
||||
---
|
||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||
include_tasks: nginx-docker-proxy-domain.yml
|
||||
- name: recieve {{domain}} certificate
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}} https
|
||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: "create {{docker_compose_instance_directory}}"
|
||||
file:
|
||||
|
@ -1,5 +1,9 @@
|
||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||
include_tasks: nginx-docker-proxy-domain.yml
|
||||
- name: recieve {{domain}} certificate
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: "docker jenkins"
|
||||
docker_compose:
|
||||
|
@ -1,9 +1,10 @@
|
||||
---
|
||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||
include_tasks: nginx-docker-proxy-domain.yml
|
||||
loop: "{{ domains }}"
|
||||
loop_control:
|
||||
loop_var: domain
|
||||
- name: recieve {{domain}} certificate
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: "create {{docker_compose_instance_directory}}"
|
||||
file:
|
||||
|
@ -1,6 +1,12 @@
|
||||
---
|
||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||
include_tasks: nginx-docker-proxy-domain.yml
|
||||
- name: recieve {{domain}} certificate
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template:
|
||||
src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2"
|
||||
dest: "/etc/nginx/conf.d/{{domain}}.conf"
|
||||
notify: restart nginx
|
||||
|
||||
- name: "create {{docker_compose_instance_directory}}"
|
||||
file:
|
||||
|
@ -1,8 +1,13 @@
|
||||
---
|
||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||
include_tasks: nginx-docker-proxy-domain.yml
|
||||
|
||||
- name: recieve {{domain}} certificate
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
vars:
|
||||
client_max_body_size: "31M"
|
||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: "create {{path_docker_compose_files}}mailu"
|
||||
file:
|
||||
|
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: "include task certbot-matomo.yml"
|
||||
include_tasks: certbot-matomo.yml
|
||||
- name: recieve {{domain}} certificate
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=templates/mastodon.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
|
@ -1,6 +1,12 @@
|
||||
---
|
||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||
include_tasks: nginx-docker-proxy-domain.yml
|
||||
- name: recieve {{domain}} certificate
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template:
|
||||
src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2"
|
||||
dest: "/etc/nginx/conf.d/{{domain}}.conf"
|
||||
notify: restart nginx
|
||||
|
||||
- name: "create {{docker_compose_instance_directory}}"
|
||||
file:
|
||||
|
@ -1,5 +1,9 @@
|
||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||
include_tasks: nginx-docker-proxy-domain.yml
|
||||
- name: recieve {{domain}} certificate
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: "docker mediawiki"
|
||||
docker_compose:
|
||||
|
@ -1,13 +1,16 @@
|
||||
---
|
||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||
include_tasks: nginx-docker-proxy-domain.yml
|
||||
loop: "{{ domains }}"
|
||||
loop_control:
|
||||
loop_var: domain
|
||||
- name: recieve {{domain}} certificate
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: "create {{conf_d_server_directory}} and parent directories"
|
||||
- name: configure {{domain}}.conf
|
||||
template:
|
||||
src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2"
|
||||
dest: "/etc/nginx/conf.d/{{domain}}.conf"
|
||||
notify: restart nginx
|
||||
|
||||
- name: "create {{conf_d_docker_directory}} and parent directories"
|
||||
file:
|
||||
path: "{{conf_d_server_directory}}"
|
||||
path: "{{conf_d_docker_directory}}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
recurse: yes
|
||||
|
@ -7,7 +7,6 @@ server {
|
||||
error_log stderr debug;
|
||||
root /var/www/html;
|
||||
index index.html index.php;
|
||||
worker_processes auto;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
@ -30,13 +29,6 @@ server {
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
|
||||
# client timeout
|
||||
keepalive_timeout 60s;
|
||||
client_header_timeout 60s;
|
||||
client_body_timeout 60s;
|
||||
send_timeout 300s;
|
||||
reset_timedout_connection on;
|
||||
|
||||
# proxy timeouts
|
||||
proxy_connect_timeout 300s;
|
||||
proxy_send_timeout 300s;
|
||||
|
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: "include task certbot-matomo.yml"
|
||||
include_tasks: certbot-matomo.yml
|
||||
- name: recieve {{domain}} certificate
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template:
|
||||
|
@ -1,6 +1,10 @@
|
||||
---
|
||||
- name: "include task certbot-matomo.yml"
|
||||
include_tasks: certbot-matomo.yml
|
||||
- name: recieve {{domain}} certificate
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=templates/peertube.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: "create {{docker_compose_instance_directory}}"
|
||||
file:
|
||||
|
@ -1,6 +1,10 @@
|
||||
---
|
||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||
include_tasks: nginx-docker-proxy-domain.yml
|
||||
- name: recieve {{domain}} certificate
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: "create {{docker_compose_instance_directory}}"
|
||||
file:
|
||||
|
@ -1,6 +1,10 @@
|
||||
---
|
||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||
include_tasks: nginx-docker-proxy-domain.yml
|
||||
- name: recieve {{domain}} certificate
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: "create {{docker_compose_instance_directory}}"
|
||||
file:
|
||||
|
@ -1,12 +1,17 @@
|
||||
---
|
||||
- name: recieve wordpress certificates for {{domain}}
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||
include_tasks: nginx-docker-proxy-domain.yml
|
||||
loop: "{{ domains }}"
|
||||
loop_control:
|
||||
loop_var: domain
|
||||
- name: Activate NGINX matomo tracking for {{domain}}
|
||||
include_role:
|
||||
name: nginx-matomo-tracking
|
||||
when: nginx_matomo_tracking_active
|
||||
|
||||
- name: configure wordpress nginx configurations
|
||||
vars:
|
||||
client_max_body_size: "{{wordpress_max_upload_size}}"
|
||||
template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{ domain }}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: "create {{docker_compose_instance_directory}}"
|
||||
file:
|
||||
|
@ -1,6 +1,12 @@
|
||||
---
|
||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||
include_tasks: nginx-docker-proxy-domain.yml
|
||||
- name: recieve {{domain}} certificate
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template:
|
||||
src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2"
|
||||
dest: "/etc/nginx/conf.d/{{domain}}.conf"
|
||||
notify: restart nginx
|
||||
|
||||
- name: "create {{docker_compose_instance_directory}}"
|
||||
file:
|
||||
|
@ -1,41 +1,7 @@
|
||||
# health-nginx
|
||||
|
||||
## Overview
|
||||
`health-nginx` is an Ansible role designed to send health reports for nginx configurations. It leverages Python scripting to check the status of nginx server configurations and reports back any issues. This role is especially useful for maintaining the health of nginx servers in a dynamic environment.
|
||||
Sends a health report for nginx configurations. This role was created with the help of ChatGPT. The conversation you will find [here](https://chat.openai.com/share/4033be29-12a6-40a3-bf3c-fc5d57dba8cb).
|
||||
|
||||
## Requirements
|
||||
- Ansible
|
||||
- Python with the `requests` module
|
||||
- Access to the nginx configuration files
|
||||
|
||||
## Role Variables
|
||||
- `health_nginx_folder`: The folder where the `health-nginx` script and related files are stored. Defaults to `"{{ path_administrator_scripts }}health-nginx/"`.
|
||||
|
||||
## Dependencies
|
||||
This role depends on:
|
||||
- `python-pip`: For installing Python packages.
|
||||
- `systemd-notifier`: For notifying systemd in case of any failures.
|
||||
|
||||
## Example Playbook
|
||||
```yaml
|
||||
- hosts: servers
|
||||
roles:
|
||||
- { role: health-nginx }
|
||||
```
|
||||
|
||||
## Usage
|
||||
1. **Installation of Python Modules**: The role installs the required Python `requests` module.
|
||||
2. **File and Directory Management**: It creates the necessary directories and files, including the `health-nginx.py` script.
|
||||
3. **Service and Timer Templates**: Templates for `health-nginx.service` and `health-nginx.timer` are set up to automate the health checks.
|
||||
4. **Running the Health Check**: The `health-nginx.py` script is executed to perform the health check. It iterates over nginx configuration files and sends a HEAD request to each domain/subdomain to verify its status. The script considers different expected status codes based on the domain or subdomain.
|
||||
|
||||
## Handler Details
|
||||
- **reload health-nginx.service**: Reloads the `health-nginx.service` if there are any changes to the service file.
|
||||
- **restart health-nginx.timer**: Restarts and enables the `health-nginx.timer` to schedule regular health checks.
|
||||
|
||||
## Additional Information
|
||||
- For more details on nginx configurations, visit [nginx documentation](https://nginx.org/en/docs/).
|
||||
- Learn more about Ansible's `uri_module` [here](https://docs.ansible.com/ansible/latest/modules/uri_module.html).
|
||||
|
||||
## Contributions
|
||||
This role was created with the assistance of ChatGPT. The conversation can be found [here](https://chat.openai.com/share/4033be29-12a6-40a3-bf3c-fc5d57dba8cb) and [here](https://chat.openai.com/share/7f3766d1-9db7-4976-8fe9-68d1142c0a78).
|
||||
## see
|
||||
- https://nginx.org/en/docs/
|
||||
- https://docs.ansible.com/ansible/latest/modules/uri_module.html
|
||||
|
@ -20,19 +20,19 @@ for filename in os.listdir(config_path):
|
||||
parts = name.split('.')
|
||||
|
||||
# Prepare the URL and expected status codes
|
||||
url = f"https://{name}"
|
||||
|
||||
# Default: Expect status code 200 for a domain
|
||||
expected_statuses = [200]
|
||||
url = f"http://{name}"
|
||||
|
||||
# Determine expected status codes based on subdomain
|
||||
if len(parts) == 3:
|
||||
if parts[0] == 'listmonk':
|
||||
expected_statuses = [401]
|
||||
elif parts[0] == 'www':
|
||||
expected_statuses = [200,301]
|
||||
elif parts[0] == 's':
|
||||
expected_statuses = [403]
|
||||
if len(parts) == 3 and parts[0] == 'www':
|
||||
expected_statuses = [200,301]
|
||||
elif len(parts) == 3 and parts[0] == 's':
|
||||
expected_statuses = [403]
|
||||
elif len(parts) <= 3:
|
||||
# For domain.tld where no specific subdomain is present
|
||||
expected_statuses = [200, 301]
|
||||
else:
|
||||
# Skip files that don't match the schema
|
||||
continue
|
||||
|
||||
try:
|
||||
# Send a HEAD request to get only the response header
|
||||
|
@ -1,11 +1,10 @@
|
||||
---
|
||||
- name: "include task certbot-matomo.yml"
|
||||
include_tasks: certbot-matomo.yml
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=homepage.nginx.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: recieve {{domain}} certificate
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: nginx-homepage repo git
|
||||
git:
|
||||
repo: "{{nginx_homepage_repository_address}}"
|
||||
|
@ -9,6 +9,11 @@
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: Activate NGINX matomo tracking
|
||||
include_role:
|
||||
name: nginx-matomo-tracking
|
||||
when: nginx_matomo_tracking_active and domain is defined
|
||||
|
||||
- name: create nginx config file
|
||||
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
|
||||
notify: restart nginx
|
||||
|
@ -1,5 +0,0 @@
|
||||
- name: "include task receive certbot certificate"
|
||||
include_tasks: recieve-certbot-certificate.yml
|
||||
|
||||
- name: "include task implement-matomo-tracking.yml"
|
||||
include_tasks: implement-matomo-tracking.yml
|
@ -1,5 +0,0 @@
|
||||
- name: configure {{domain}}.conf
|
||||
template:
|
||||
src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2"
|
||||
dest: "/etc/nginx/conf.d/{{domain}}.conf"
|
||||
notify: restart nginx
|
@ -1,4 +0,0 @@
|
||||
- name: Activate NGINX matomo tracking
|
||||
include_role:
|
||||
name: nginx-matomo-tracking
|
||||
when: nginx_matomo_tracking_active and domain is defined
|
@ -1,5 +0,0 @@
|
||||
- name: "include task certbot-matomo.yml"
|
||||
include_tasks: certbot-matomo.yml
|
||||
|
||||
- name: "include task create-domain-conf.yml"
|
||||
include_tasks: create-domain-conf.yml
|
@ -1,2 +0,0 @@
|
||||
- name: recieve certbot certificate for {{domain}}
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
Loading…
Reference in New Issue
Block a user