Apply fixes after testing

2023-12-25 21:49:17 +01:00 · 2023-12-25 21:49:17 +01:00 · 3ac0ded2a3
parent 2d9eb03b66
commit 3ac0ded2a3
13 changed files with 40 additions and 24 deletions
--- a/roles/apps/defaults/main.yml
+++ b/roles/apps/defaults/main.yml
@ -32,7 +32,7 @@ apps_vars:
  monerod:
    backup: false
    sender: false
-    extra_tasks: false
+    extra_tasks: true
    domain: xmr.{{ apps_local_domain }}
    version: latest

--- a/roles/apps/tasks/extra_tasks/monerod.yml
+++ b/roles/apps/tasks/extra_tasks/monerod.yml
@ -0,0 +1,9 @@
+# vim: ft=yaml.ansible
+# code: language=ansible
+---
+- name: Create subfolder for monerod data
+  ansible.builtin.file:
+    path: "{{ apps_data_root }}/monerod/data/bitmonero"
+    owner: '1000'
+    mode: u=rwx,g=rx,o=rx
+    state: directory
--- a/roles/apps/tasks/extra_tasks/nginx.yml
+++ b/roles/apps/tasks/extra_tasks/nginx.yml
@ -8,7 +8,7 @@
    mode: u=rwx,g=rx,o=rx
    state: directory

- name: Copy nginx config for {{ app }}
+- name: Copy nginx configs
  ansible.builtin.template:
    src: nginx/conf.d/{{ app }}.conf.j2
    dest: "{{ apps_data_root }}/nginx/data/conf.d/{{ app }}.conf"
--- a/roles/apps/tasks/main.yml
+++ b/roles/apps/tasks/main.yml
@ -7,7 +7,7 @@
    enable_ipv6: true
    ipam_config:
      - subnet: 172.17.2.0/24
-        gateway: 172.17.2.1
+      - subnet: fd02::/64
    state: present

 - name: Create Docker network for Postfix
--- a/roles/apps/templates/compose-files/ipfs.yml.j2
+++ b/roles/apps/templates/compose-files/ipfs.yml.j2
@ -16,8 +16,8 @@ services:
        aliases:
          - ipfs
    ports:
-      - {{ ansible_hostname }}:4001:4001/tcp
-      - {{ ansible_hostname }}:4001:4001/udp
+      - 4001:4001/tcp
+      - 4001:4001/udp
    volumes:
      - "./data/ipfs-config.sh:/container-init.d/ipfs-config.sh:ro"
      - "./data/data:/data/ipfs:rw"
--- a/roles/apps/templates/compose-files/monerod.yml.j2
+++ b/roles/apps/templates/compose-files/monerod.yml.j2
@ -12,9 +12,9 @@ services:
        aliases:
          - monerod
    ports:
-      - {{ ansible_hostname }}:18080:18080/tcp
+      - 18080:18080/tcp
    volumes:
-      - "./data:/home/monero/.bitmonero:rw"
+      - "./data/bitmonero:/home/monero/.bitmonero:rw"

 networks:
  {{ apps_shared_docker_network }}:
--- a/roles/apps/templates/nginx/conf.d/ipfs.conf.j2
+++ b/roles/apps/templates/nginx/conf.d/ipfs.conf.j2
@ -4,10 +4,10 @@
 server {
    listen 8080;
    server_name {{ apps_vars.ipfs.domain }};
-    resolver 127.0.0.11;

    location / {
-        proxy_pass http://ipfs:5001;
+        set $upstream http://ipfs:5001;
+        proxy_pass $upstream;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto "https";
    }
@ -16,10 +16,10 @@ server {
 server {
    listen 8080;
    server_name ~^([\w-]+\.(ipfs|ipns)\.)?{{ apps_vars.ipfs.gateway_domain }}$;
-    resolver 127.0.0.11;

    location / {
-        proxy_pass http://ipfs:8080;
+        set $upstream http://ipfs:8080;
+        proxy_pass $upstream;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto "https";
    }
--- a/roles/apps/templates/nginx/conf.d/monerod.conf.j2
+++ b/roles/apps/templates/nginx/conf.d/monerod.conf.j2
@ -4,10 +4,10 @@
 server {
    listen 8080;
    server_name {{ apps_vars.monerod.domain }};
-    resolver 127.0.0.11;

    location / {
-        proxy_pass http://monerod:18089;
+        set $upstream http://monerod:18089;
+        proxy_pass $upstream;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto "https";
    }
--- a/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2
+++ b/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2
@ -4,10 +4,10 @@
 server {
    listen 8080;
    server_name {{ apps_vars.nextcloud.domain }};
-    resolver 127.0.0.11;

    location / {
-        proxy_pass http://nextcloud:80;
+        set $upstream http://nextcloud:80;
+        proxy_pass $upstream;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto "https";
    }
--- a/roles/docker/files/daemon.json
+++ b/roles/docker/files/daemon.json
@ -1,4 +1,10 @@
 {
+  "default-address-pools": [
+    {
+      "base": "172.17.0.0/16",
+      "size": 24
+    }
+  ],
  "experimental": true,
  "ip6tables": true
 }
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@ -1,14 +1,6 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
- name: Copy Docker daemon config file
-  ansible.builtin.copy:
-    src: daemon.json
-    dest: /etc/docker/daemon.json
-    owner: root
-    mode: u=rw,g=r,o=r
-  notify: Reload Docker daemon
-
 - name: Add Docker PGP key
  ansible.builtin.rpm_key:
    key: https://download.docker.com/linux/centos/gpg
@ -35,6 +27,14 @@
      - containerd.io
    state: present

+- name: Copy Docker daemon config file
+  ansible.builtin.copy:
+    src: daemon.json
+    dest: /etc/docker/daemon.json
+    owner: root
+    mode: u=rw,g=r,o=r
+  notify: Reload Docker daemon
+
 - name: Ensure Docker daemon is enabled and running
  ansible.builtin.service:
    name: docker
--- a/roles/virt-common/files/sshd_config
+++ b/roles/virt-common/files/sshd_config
@ -18,4 +18,6 @@ PrintMotd no
 UseDNS no
 AcceptEnv LANG LC_*

+Subsystem sftp internal-sftp
+
 Include /etc/ssh/sshd_config.d/*.conf
--- a/roles/virt-common/tasks/firewall.yml
+++ b/roles/virt-common/tasks/firewall.yml
@ -10,7 +10,6 @@
        source: 192.168.0.0/16
        permanent: true
        state: enabled
-      loop:

    - name: Move internal network to zone 'internal'
      ansible.posix.firewalld: