From 488b1a9cf5eb2d17864b24432f315331925d32d3 Mon Sep 17 00:00:00 2001
From: Kaitlyn Parkhurst <symkat@symkat.com>
Date: Sun, 20 Nov 2022 18:39:55 -0800
Subject: [PATCH] Updated ansible.

---
 .../ansible/roles/mjb-profile-buildserver/tasks/main.yml | 8 ++++++++
 devops/ansible/roles/mjb-profile-certbot/tasks/main.yml  | 9 +++++++++
 .../ansible/roles/mjb-profile-panel/tasks/webserver.yml  | 8 ++++----
 .../roles/mjb-profile-panel/templates/nginx-domain.j2    | 6 +++---
 .../ansible/roles/mjb-profile-store/tasks/webserver.yml  | 8 ++++----
 .../ansible/roles/mjb-profile-store/templates/app.ini.j2 | 8 ++++----
 .../roles/mjb-profile-store/templates/nginx-domain.j2    | 2 +-
 .../roles/mjb-profile-webserver/templates/default.j2     | 2 +-
 .../ansible/roles/mjb-role-webapp/tasks/manager_user.yml | 4 ++--
 .../ansible/roles/mjb-role-webapp/templates/mjb.yml.j2   | 8 ++++----
 10 files changed, 40 insertions(+), 23 deletions(-)

diff --git a/devops/ansible/roles/mjb-profile-buildserver/tasks/main.yml b/devops/ansible/roles/mjb-profile-buildserver/tasks/main.yml
index 0ec9f8a..d6c1305 100644
--- a/devops/ansible/roles/mjb-profile-buildserver/tasks/main.yml
+++ b/devops/ansible/roles/mjb-profile-buildserver/tasks/main.yml
@@ -5,6 +5,14 @@
     state: latest
     update_cache: yes
 
+- name: Install packages for build support
+  apt:
+    name: [
+      'podman',
+      'rsync',
+    ]
+    state: present
+
 - name: Support running MJB::Web
   include_role:
     name: mjb-role-webapp
diff --git a/devops/ansible/roles/mjb-profile-certbot/tasks/main.yml b/devops/ansible/roles/mjb-profile-certbot/tasks/main.yml
index 0e51323..a6cfd34 100644
--- a/devops/ansible/roles/mjb-profile-certbot/tasks/main.yml
+++ b/devops/ansible/roles/mjb-profile-certbot/tasks/main.yml
@@ -8,6 +8,7 @@
   apt:
     name: [
       'certbot',
+      'python3-certbot-dns-linode',
       'rsync',
     ]
     state: present
@@ -81,3 +82,11 @@
     src: /root/.ssh/id_rsa.pub
     dest: "{{ inventory_dir }}/files/ssh/id_rsa.pub"
     flat: true
+
+- name: "Install SSH Key for manager to use rsync to webservers"
+  copy:
+    dest: /home/manager/.ssh/id_rsa
+    src: "{{ inventory_dir }}/files/ssh/id_rsa"
+    owner: manager
+    group: manager
+    mode: 0600
diff --git a/devops/ansible/roles/mjb-profile-panel/tasks/webserver.yml b/devops/ansible/roles/mjb-profile-panel/tasks/webserver.yml
index f2dc44c..7c3167e 100644
--- a/devops/ansible/roles/mjb-profile-panel/tasks/webserver.yml
+++ b/devops/ansible/roles/mjb-profile-panel/tasks/webserver.yml
@@ -13,10 +13,10 @@
     state: started
     enabled: true
 
-- name: "Install /etc/nginx/sites-enabled/{{ domain_name }}"
+- name: "Install /etc/nginx/sites-enabled/{{ domain_name.panel }}"
   template:
     src: "{{ role_path }}/templates/nginx-domain.j2"
-    dest: "/etc/nginx/sites-enabled/{{ domain_name }}"
+    dest: "/etc/nginx/sites-enabled/{{ domain_name.panel }}"
     force: no
     owner: root
     group: root
@@ -25,8 +25,8 @@
     - Restart nginx
 
 - name: Setup SSL Certificates
-  shell: certbot run --nginx -d {{ domain_name }} {{ '-d www.' + domain_name if redirect_www }} --agree-tos --register-unsafely-without-email
+  shell: certbot run --nginx -d {{ domain_name.panel }} {{ '-d www.' + domain_name.panel if redirect_www }} --agree-tos --register-unsafely-without-email
   args:
-    creates: /etc/letsencrypt/live/{{ domain_name }}/cert.pem
+    creates: /etc/letsencrypt/live/{{ domain_name.panel }}/cert.pem
   notify:
     - Restart nginx
diff --git a/devops/ansible/roles/mjb-profile-panel/templates/nginx-domain.j2 b/devops/ansible/roles/mjb-profile-panel/templates/nginx-domain.j2
index 68ab530..1355b4c 100644
--- a/devops/ansible/roles/mjb-profile-panel/templates/nginx-domain.j2
+++ b/devops/ansible/roles/mjb-profile-panel/templates/nginx-domain.j2
@@ -3,7 +3,7 @@ upstream myapp {
 }
 
 server {
-    server_name {{ domain_name }};
+    server_name {{ domain_name.panel }};
 
     location / {
         proxy_pass http://myapp;
@@ -18,7 +18,7 @@ server {
 }
 
 server {
-    server_name www.{{ domain_name }};
-    return 301 $scheme://{{ domain_name }}$request_uri;
+    server_name www.{{ domain_name.panel }};
+    return 301 $scheme://{{ domain_name.panel }}$request_uri;
 }
 
diff --git a/devops/ansible/roles/mjb-profile-store/tasks/webserver.yml b/devops/ansible/roles/mjb-profile-store/tasks/webserver.yml
index f9098ed..364f6b5 100644
--- a/devops/ansible/roles/mjb-profile-store/tasks/webserver.yml
+++ b/devops/ansible/roles/mjb-profile-store/tasks/webserver.yml
@@ -13,10 +13,10 @@
     state: started
     enabled: true
 
-- name: "Install /etc/nginx/sites-enabled/{{ domain_name }}"
+- name: "Install /etc/nginx/sites-enabled/{{ domain_name.store }}"
   template:
     src: "{{ role_path }}/templates/nginx-domain.j2"
-    dest: "/etc/nginx/sites-enabled/{{ domain_name }}"
+    dest: "/etc/nginx/sites-enabled/{{ domain_name.store }}"
     force: no
     owner: root
     group: root
@@ -25,8 +25,8 @@
     - Restart nginx
 
 - name: Setup SSL Certificates
-  shell: certbot run --nginx -d {{ domain_name }} --agree-tos --register-unsafely-without-email
+  shell: certbot run --nginx -d {{ domain_name.store }} --agree-tos --register-unsafely-without-email
   args:
-    creates: /etc/letsencrypt/live/{{ domain_name }}/cert.pem
+    creates: /etc/letsencrypt/live/{{ domain_name.store }}/cert.pem
   notify:
     - Restart nginx
diff --git a/devops/ansible/roles/mjb-profile-store/templates/app.ini.j2 b/devops/ansible/roles/mjb-profile-store/templates/app.ini.j2
index 638feae..5046a93 100644
--- a/devops/ansible/roles/mjb-profile-store/templates/app.ini.j2
+++ b/devops/ansible/roles/mjb-profile-store/templates/app.ini.j2
@@ -21,10 +21,10 @@ ENABLE_PUSH_CREATE_ORG = true
 
 
 [server]
-SSH_DOMAIN       = {{ domain_name }}
-DOMAIN           = {{ domain_name }}
+SSH_DOMAIN       = {{ domain_name.store }}
+DOMAIN           = {{ domain_name.store }}
 HTTP_PORT        = 3000
-ROOT_URL         = https://{{ domain_name }}/
+ROOT_URL         = https://{{ domain_name.store }}/
 DISABLE_SSH      = false
 SSH_PORT         = 22
 LFS_START_SERVER = true
@@ -51,7 +51,7 @@ REQUIRE_SIGNIN_VIEW               = false
 DEFAULT_KEEP_EMAIL_PRIVATE        = false
 DEFAULT_ALLOW_CREATE_ORGANIZATION = true
 DEFAULT_ENABLE_TIMETRACKING       = true
-NO_REPLY_ADDRESS                  = {{ domain_name }}
+NO_REPLY_ADDRESS                  = {{ domain_name.store }}
 
 [picture]
 DISABLE_GRAVATAR        = true
diff --git a/devops/ansible/roles/mjb-profile-store/templates/nginx-domain.j2 b/devops/ansible/roles/mjb-profile-store/templates/nginx-domain.j2
index 30e61d5..7f0ae61 100644
--- a/devops/ansible/roles/mjb-profile-store/templates/nginx-domain.j2
+++ b/devops/ansible/roles/mjb-profile-store/templates/nginx-domain.j2
@@ -1,6 +1,6 @@
 server {
     listen 80;
-    server_name {{ domain_name }};
+    server_name {{ domain_name.store }};
 
     location / {
         proxy_pass http://localhost:3000;
diff --git a/devops/ansible/roles/mjb-profile-webserver/templates/default.j2 b/devops/ansible/roles/mjb-profile-webserver/templates/default.j2
index dac2b28..b3cc8bc 100644
--- a/devops/ansible/roles/mjb-profile-webserver/templates/default.j2
+++ b/devops/ansible/roles/mjb-profile-webserver/templates/default.j2
@@ -11,7 +11,7 @@ server {
 
 	# certbot passthrough
 	location /.well-known/acme-challenge {
-    		proxy_pass http://{{ certbot_domain }};
+    		proxy_pass http://{{ domain_name.certbot }};
 	}
 
 	location / {
diff --git a/devops/ansible/roles/mjb-role-webapp/tasks/manager_user.yml b/devops/ansible/roles/mjb-role-webapp/tasks/manager_user.yml
index 21f7a87..ed4c161 100644
--- a/devops/ansible/roles/mjb-role-webapp/tasks/manager_user.yml
+++ b/devops/ansible/roles/mjb-role-webapp/tasks/manager_user.yml
@@ -40,7 +40,7 @@
 - name: Create ~manager/.ssh/config
   copy:
     dest: /home/manager/.ssh/config
-    content: "host *.{{ service_domain }}\n   StrictHostKeyChecking no\n"
+    content: "host *.{{ domain_name.root }}\n   StrictHostKeyChecking no\n"
     owner: manager
     group: manager
     mode: 0600
@@ -48,7 +48,7 @@
 - name: Create ~manager/.gitconfig
   copy:
     dest: /home/manager/.gitconfig
-    content: "[user]\n\temail = manager@{{ service_domain }}\n\tname = Manager Bot\n"
+    content: "[user]\n\temail = manager@{{ domain_name.root }}\n\tname = Manager Bot\n"
     owner: manager
     group: manager
     mode: 0600
diff --git a/devops/ansible/roles/mjb-role-webapp/templates/mjb.yml.j2 b/devops/ansible/roles/mjb-role-webapp/templates/mjb.yml.j2
index 74722db..1751566 100644
--- a/devops/ansible/roles/mjb-role-webapp/templates/mjb.yml.j2
+++ b/devops/ansible/roles/mjb-role-webapp/templates/mjb.yml.j2
@@ -1,12 +1,12 @@
 ---
-jekyll_init_repo: {{ mjb_web.jekyll_init_repo }}
-store_repo_base: {{ mjb_web.store_repo_base }}
+jekyll_init_repo: {{ panel_config.jekyll_init_repo }}
+store_repo_base: {{ panel_config.store_repo_base }}
 
 database:
   mjb:    postgresql://{{ databases.mjb.user }}:{{ databases.mjb.pass }}@{{ databases.mjb.host }}/{{ databases.mjb.name }}
   minion: postgresql://{{ databases.minion.user }}:{{ databases.minion.pass }}@{{ databases.minion.host }}/{{ databases.minion.name }}
 
-domain_for_links: {{ panel_domain }}
+domain_for_links: {{ domain_name.panel }}
 
 smtp:
   host: {{ smtp.host }}
@@ -15,6 +15,6 @@ smtp:
   sasl_password: {{ smtp.pass }}
 
 secrets:
-{% for secret in secrets %}
+{% for secret in panel_config.secrets %}
   - {{ secret }}
 {% endfor %}