symkat
/
MyJekyllBlog
1
0
Fork 0
Code Issues Pull Requests Packages Projects 2 Releases Wiki Activity

Updated ansible.

Browse Source
master
Kaitlyn Parkhurst 3 years ago
parent 7c48ed4b00
commit 488b1a9cf5
10 changed files with 40 additions and 23 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      devops/ansible/roles/mjb-profile-buildserver/tasks/main.yml
  2. 9
      devops/ansible/roles/mjb-profile-certbot/tasks/main.yml
  3. 8
      devops/ansible/roles/mjb-profile-panel/tasks/webserver.yml
  4. 6
      devops/ansible/roles/mjb-profile-panel/templates/nginx-domain.j2
  5. 8
      devops/ansible/roles/mjb-profile-store/tasks/webserver.yml
  6. 8
      devops/ansible/roles/mjb-profile-store/templates/app.ini.j2
  7. 2
      devops/ansible/roles/mjb-profile-store/templates/nginx-domain.j2
  8. 2
      devops/ansible/roles/mjb-profile-webserver/templates/default.j2
  9. 4
      devops/ansible/roles/mjb-role-webapp/tasks/manager_user.yml
  10. 8
      devops/ansible/roles/mjb-role-webapp/templates/mjb.yml.j2

8
devops/ansible/roles/mjb-profile-buildserver/tasks/main.yml
Unescape View File

@ -5,6 +5,14 @@
state: latest state: latest
update_cache: yes update_cache: yes
- name: Install packages for build support
apt:
name: [
'podman',
'rsync',
]
state: present
- name: Support running MJB::Web - name: Support running MJB::Web
include_role: include_role:
name: mjb-role-webapp name: mjb-role-webapp

9
devops/ansible/roles/mjb-profile-certbot/tasks/main.yml
Unescape View File

@ -8,6 +8,7 @@
apt: apt:
name: [ name: [
'certbot', 'certbot',
'python3-certbot-dns-linode',
'rsync', 'rsync',
] ]
state: present state: present
@ -81,3 +82,11 @@
src: /root/.ssh/id_rsa.pub src: /root/.ssh/id_rsa.pub
dest: "{{ inventory_dir }}/files/ssh/id_rsa.pub" dest: "{{ inventory_dir }}/files/ssh/id_rsa.pub"
flat: true flat: true
- name: "Install SSH Key for manager to use rsync to webservers"
copy:
dest: /home/manager/.ssh/id_rsa
src: "{{ inventory_dir }}/files/ssh/id_rsa"
owner: manager
group: manager
mode: 0600

8
devops/ansible/roles/mjb-profile-panel/tasks/webserver.yml
Unescape View File

@ -13,10 +13,10 @@
state: started state: started
enabled: true enabled: true
- name: "Install /etc/nginx/sites-enabled/{{ domain_name }}" - name: "Install /etc/nginx/sites-enabled/{{ domain_name.panel }}"
template: template:
src: "{{ role_path }}/templates/nginx-domain.j2" src: "{{ role_path }}/templates/nginx-domain.j2"
dest: "/etc/nginx/sites-enabled/{{ domain_name }}" dest: "/etc/nginx/sites-enabled/{{ domain_name.panel }}"
force: no force: no
owner: root owner: root
group: root group: root
@ -25,8 +25,8 @@
- Restart nginx - Restart nginx
- name: Setup SSL Certificates - name: Setup SSL Certificates
shell: certbot run --nginx -d {{ domain_name }} {{ '-d www.' + domain_name if redirect_www }} --agree-tos --register-unsafely-without-email shell: certbot run --nginx -d {{ domain_name.panel }} {{ '-d www.' + domain_name.panel if redirect_www }} --agree-tos --register-unsafely-without-email
args: args:
creates: /etc/letsencrypt/live/{{ domain_name }}/cert.pem creates: /etc/letsencrypt/live/{{ domain_name.panel }}/cert.pem
notify: notify:
- Restart nginx - Restart nginx

6
devops/ansible/roles/mjb-profile-panel/templates/nginx-domain.j2
Unescape View File

@ -3,7 +3,7 @@ upstream myapp {
} }
server { server {
server_name {{ domain_name }}; server_name {{ domain_name.panel }};
location / { location / {
proxy_pass http://myapp; proxy_pass http://myapp;
@ -18,7 +18,7 @@ server {
} }
server { server {
server_name www.{{ domain_name }}; server_name www.{{ domain_name.panel }};
return 301 $scheme://{{ domain_name }}$request_uri; return 301 $scheme://{{ domain_name.panel }}$request_uri;
} }

8
devops/ansible/roles/mjb-profile-store/tasks/webserver.yml
Unescape View File

@ -13,10 +13,10 @@
state: started state: started
enabled: true enabled: true
- name: "Install /etc/nginx/sites-enabled/{{ domain_name }}" - name: "Install /etc/nginx/sites-enabled/{{ domain_name.store }}"
template: template:
src: "{{ role_path }}/templates/nginx-domain.j2" src: "{{ role_path }}/templates/nginx-domain.j2"
dest: "/etc/nginx/sites-enabled/{{ domain_name }}" dest: "/etc/nginx/sites-enabled/{{ domain_name.store }}"
force: no force: no
owner: root owner: root
group: root group: root
@ -25,8 +25,8 @@
- Restart nginx - Restart nginx
- name: Setup SSL Certificates - name: Setup SSL Certificates
shell: certbot run --nginx -d {{ domain_name }} --agree-tos --register-unsafely-without-email shell: certbot run --nginx -d {{ domain_name.store }} --agree-tos --register-unsafely-without-email
args: args:
creates: /etc/letsencrypt/live/{{ domain_name }}/cert.pem creates: /etc/letsencrypt/live/{{ domain_name.store }}/cert.pem
notify: notify:
- Restart nginx - Restart nginx

8
devops/ansible/roles/mjb-profile-store/templates/app.ini.j2
Unescape View File

@ -21,10 +21,10 @@ ENABLE_PUSH_CREATE_ORG = true
[server] [server]
SSH_DOMAIN = {{ domain_name }} SSH_DOMAIN = {{ domain_name.store }}
DOMAIN = {{ domain_name }} DOMAIN = {{ domain_name.store }}
HTTP_PORT = 3000 HTTP_PORT = 3000
ROOT_URL = https://{{ domain_name }}/ ROOT_URL = https://{{ domain_name.store }}/
DISABLE_SSH = false DISABLE_SSH = false
SSH_PORT = 22 SSH_PORT = 22
LFS_START_SERVER = true LFS_START_SERVER = true
@ -51,7 +51,7 @@ REQUIRE_SIGNIN_VIEW = false
DEFAULT_KEEP_EMAIL_PRIVATE = false DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = {{ domain_name }} NO_REPLY_ADDRESS = {{ domain_name.store }}
[picture] [picture]
DISABLE_GRAVATAR = true DISABLE_GRAVATAR = true

2
devops/ansible/roles/mjb-profile-store/templates/nginx-domain.j2
Unescape View File

@ -1,6 +1,6 @@
server { server {
listen 80; listen 80;
server_name {{ domain_name }}; server_name {{ domain_name.store }};
location / { location / {
proxy_pass http://localhost:3000; proxy_pass http://localhost:3000;

2
devops/ansible/roles/mjb-profile-webserver/templates/default.j2
Unescape View File

@ -11,7 +11,7 @@ server {
# certbot passthrough # certbot passthrough
location /.well-known/acme-challenge { location /.well-known/acme-challenge {
proxy_pass http://{{ certbot_domain }}; proxy_pass http://{{ domain_name.certbot }};
} }
location / { location / {

4
devops/ansible/roles/mjb-role-webapp/tasks/manager_user.yml
Unescape View File

@ -40,7 +40,7 @@
- name: Create ~manager/.ssh/config - name: Create ~manager/.ssh/config
copy: copy:
dest: /home/manager/.ssh/config dest: /home/manager/.ssh/config
content: "host *.{{ service_domain }}\n StrictHostKeyChecking no\n" content: "host *.{{ domain_name.root }}\n StrictHostKeyChecking no\n"
owner: manager owner: manager
group: manager group: manager
mode: 0600 mode: 0600
@ -48,7 +48,7 @@
- name: Create ~manager/.gitconfig - name: Create ~manager/.gitconfig
copy: copy:
dest: /home/manager/.gitconfig dest: /home/manager/.gitconfig
content: "[user]\n\temail = manager@{{ service_domain }}\n\tname = Manager Bot\n" content: "[user]\n\temail = manager@{{ domain_name.root }}\n\tname = Manager Bot\n"
owner: manager owner: manager
group: manager group: manager
mode: 0600 mode: 0600

8
devops/ansible/roles/mjb-role-webapp/templates/mjb.yml.j2
Unescape View File

@ -1,12 +1,12 @@
--- ---
jekyll_init_repo: {{ mjb_web.jekyll_init_repo }} jekyll_init_repo: {{ panel_config.jekyll_init_repo }}
store_repo_base: {{ mjb_web.store_repo_base }} store_repo_base: {{ panel_config.store_repo_base }}
database: database:
mjb: postgresql://{{ databases.mjb.user }}:{{ databases.mjb.pass }}@{{ databases.mjb.host }}/{{ databases.mjb.name }} mjb: postgresql://{{ databases.mjb.user }}:{{ databases.mjb.pass }}@{{ databases.mjb.host }}/{{ databases.mjb.name }}
minion: postgresql://{{ databases.minion.user }}:{{ databases.minion.pass }}@{{ databases.minion.host }}/{{ databases.minion.name }} minion: postgresql://{{ databases.minion.user }}:{{ databases.minion.pass }}@{{ databases.minion.host }}/{{ databases.minion.name }}
domain_for_links: {{ panel_domain }} domain_for_links: {{ domain_name.panel }}
smtp: smtp:
host: {{ smtp.host }} host: {{ smtp.host }}
@ -15,6 +15,6 @@ smtp:
sasl_password: {{ smtp.pass }} sasl_password: {{ smtp.pass }}
secrets: secrets:
{% for secret in secrets %} {% for secret in panel_config.secrets %}
- {{ secret }} - {{ secret }}
{% endfor %} {% endfor %}

Write Preview
Loading…
Cancel
Save