Updated ansible.

3 years ago · 488b1a9cf5
parent 7c48ed4b00
commit 488b1a9cf5
10 changed files with 40 additions and 23 deletions
--- a/devops/ansible/roles/mjb-profile-buildserver/tasks/main.yml
+++ b/devops/ansible/roles/mjb-profile-buildserver/tasks/main.yml
@ -5,6 +5,14 @@
    state: latest
    update_cache: yes

+- name: Install packages for build support
+  apt:
+    name: [
+      'podman',
+      'rsync',
+    ]
+    state: present
+
 - name: Support running MJB::Web
  include_role:
    name: mjb-role-webapp
--- a/devops/ansible/roles/mjb-profile-certbot/tasks/main.yml
+++ b/devops/ansible/roles/mjb-profile-certbot/tasks/main.yml
@ -8,6 +8,7 @@
  apt:
    name: [
      'certbot',
+      'python3-certbot-dns-linode',
      'rsync',
    ]
    state: present
@ -81,3 +82,11 @@
    src: /root/.ssh/id_rsa.pub
    dest: "{{ inventory_dir }}/files/ssh/id_rsa.pub"
    flat: true
+
+- name: "Install SSH Key for manager to use rsync to webservers"
+  copy:
+    dest: /home/manager/.ssh/id_rsa
+    src: "{{ inventory_dir }}/files/ssh/id_rsa"
+    owner: manager
+    group: manager
+    mode: 0600
--- a/devops/ansible/roles/mjb-profile-panel/tasks/webserver.yml
+++ b/devops/ansible/roles/mjb-profile-panel/tasks/webserver.yml
@ -13,10 +13,10 @@
    state: started
    enabled: true

- name: "Install /etc/nginx/sites-enabled/{{ domain_name }}"
+- name: "Install /etc/nginx/sites-enabled/{{ domain_name.panel }}"
  template:
    src: "{{ role_path }}/templates/nginx-domain.j2"
-    dest: "/etc/nginx/sites-enabled/{{ domain_name }}"
+    dest: "/etc/nginx/sites-enabled/{{ domain_name.panel }}"
    force: no
    owner: root
    group: root
@ -25,8 +25,8 @@
    - Restart nginx

 - name: Setup SSL Certificates
-  shell: certbot run --nginx -d {{ domain_name }} {{ '-d www.' + domain_name if redirect_www }} --agree-tos --register-unsafely-without-email
+  shell: certbot run --nginx -d {{ domain_name.panel }} {{ '-d www.' + domain_name.panel if redirect_www }} --agree-tos --register-unsafely-without-email
  args:
-    creates: /etc/letsencrypt/live/{{ domain_name }}/cert.pem
+    creates: /etc/letsencrypt/live/{{ domain_name.panel }}/cert.pem
  notify:
    - Restart nginx
--- a/devops/ansible/roles/mjb-profile-panel/templates/nginx-domain.j2
+++ b/devops/ansible/roles/mjb-profile-panel/templates/nginx-domain.j2
@ -3,7 +3,7 @@ upstream myapp {
 }

 server {
-    server_name {{ domain_name }};
+    server_name {{ domain_name.panel }};

    location / {
        proxy_pass http://myapp;
@ -18,7 +18,7 @@ server {
 }

 server {
-    server_name www.{{ domain_name }};
-    return 301 $scheme://{{ domain_name }}$request_uri;
+    server_name www.{{ domain_name.panel }};
+    return 301 $scheme://{{ domain_name.panel }}$request_uri;
 }

--- a/devops/ansible/roles/mjb-profile-store/tasks/webserver.yml
+++ b/devops/ansible/roles/mjb-profile-store/tasks/webserver.yml
@ -13,10 +13,10 @@
    state: started
    enabled: true

- name: "Install /etc/nginx/sites-enabled/{{ domain_name }}"
+- name: "Install /etc/nginx/sites-enabled/{{ domain_name.store }}"
  template:
    src: "{{ role_path }}/templates/nginx-domain.j2"
-    dest: "/etc/nginx/sites-enabled/{{ domain_name }}"
+    dest: "/etc/nginx/sites-enabled/{{ domain_name.store }}"
    force: no
    owner: root
    group: root
@ -25,8 +25,8 @@
    - Restart nginx

 - name: Setup SSL Certificates
-  shell: certbot run --nginx -d {{ domain_name }} --agree-tos --register-unsafely-without-email
+  shell: certbot run --nginx -d {{ domain_name.store }} --agree-tos --register-unsafely-without-email
  args:
-    creates: /etc/letsencrypt/live/{{ domain_name }}/cert.pem
+    creates: /etc/letsencrypt/live/{{ domain_name.store }}/cert.pem
  notify:
    - Restart nginx
--- a/devops/ansible/roles/mjb-profile-store/templates/app.ini.j2
+++ b/devops/ansible/roles/mjb-profile-store/templates/app.ini.j2
@ -21,10 +21,10 @@ ENABLE_PUSH_CREATE_ORG = true


 [server]
-SSH_DOMAIN       = {{ domain_name }}
-DOMAIN           = {{ domain_name }}
+SSH_DOMAIN       = {{ domain_name.store }}
+DOMAIN           = {{ domain_name.store }}
 HTTP_PORT        = 3000
-ROOT_URL         = https://{{ domain_name }}/
+ROOT_URL         = https://{{ domain_name.store }}/
 DISABLE_SSH      = false
 SSH_PORT         = 22
 LFS_START_SERVER = true
@ -51,7 +51,7 @@ REQUIRE_SIGNIN_VIEW               = false
 DEFAULT_KEEP_EMAIL_PRIVATE        = false
 DEFAULT_ALLOW_CREATE_ORGANIZATION = true
 DEFAULT_ENABLE_TIMETRACKING       = true
-NO_REPLY_ADDRESS                  = {{ domain_name }}
+NO_REPLY_ADDRESS                  = {{ domain_name.store }}

 [picture]
 DISABLE_GRAVATAR        = true
--- a/devops/ansible/roles/mjb-profile-store/templates/nginx-domain.j2
+++ b/devops/ansible/roles/mjb-profile-store/templates/nginx-domain.j2
@ -1,6 +1,6 @@
 server {
    listen 80;
-    server_name {{ domain_name }};
+    server_name {{ domain_name.store }};

    location / {
        proxy_pass http://localhost:3000;
--- a/devops/ansible/roles/mjb-profile-webserver/templates/default.j2
+++ b/devops/ansible/roles/mjb-profile-webserver/templates/default.j2
@ -11,7 +11,7 @@ server {

 	# certbot passthrough
 	location /.well-known/acme-challenge {
-    		proxy_pass http://{{ certbot_domain }};
+    		proxy_pass http://{{ domain_name.certbot }};
 	}

 	location / {
--- a/devops/ansible/roles/mjb-role-webapp/tasks/manager_user.yml
+++ b/devops/ansible/roles/mjb-role-webapp/tasks/manager_user.yml
@ -40,7 +40,7 @@
 - name: Create ~manager/.ssh/config
  copy:
    dest: /home/manager/.ssh/config
-    content: "host *.{{ service_domain }}\n   StrictHostKeyChecking no\n"
+    content: "host *.{{ domain_name.root }}\n   StrictHostKeyChecking no\n"
    owner: manager
    group: manager
    mode: 0600
@ -48,7 +48,7 @@
 - name: Create ~manager/.gitconfig
  copy:
    dest: /home/manager/.gitconfig
-    content: "[user]\n\temail = manager@{{ service_domain }}\n\tname = Manager Bot\n"
+    content: "[user]\n\temail = manager@{{ domain_name.root }}\n\tname = Manager Bot\n"
    owner: manager
    group: manager
    mode: 0600
--- a/devops/ansible/roles/mjb-role-webapp/templates/mjb.yml.j2
+++ b/devops/ansible/roles/mjb-role-webapp/templates/mjb.yml.j2
@ -1,12 +1,12 @@
 ---
-jekyll_init_repo: {{ mjb_web.jekyll_init_repo }}
-store_repo_base: {{ mjb_web.store_repo_base }}
+jekyll_init_repo: {{ panel_config.jekyll_init_repo }}
+store_repo_base: {{ panel_config.store_repo_base }}

 database:
  mjb:    postgresql://{{ databases.mjb.user }}:{{ databases.mjb.pass }}@{{ databases.mjb.host }}/{{ databases.mjb.name }}
  minion: postgresql://{{ databases.minion.user }}:{{ databases.minion.pass }}@{{ databases.minion.host }}/{{ databases.minion.name }}

-domain_for_links: {{ panel_domain }}
+domain_for_links: {{ domain_name.panel }}

 smtp:
  host: {{ smtp.host }}
@ -15,6 +15,6 @@ smtp:
  sasl_password: {{ smtp.pass }}

 secrets:
-{% for secret in secrets %}
+{% for secret in panel_config.secrets %}
  - {{ secret }}
 {% endfor %}