From 3ac0ded2a3f45ff415081758189024930dc1cd5c Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Mon, 25 Dec 2023 21:49:17 +0100 Subject: [PATCH] Apply fixes after testing --- roles/apps/defaults/main.yml | 2 +- roles/apps/tasks/extra_tasks/monerod.yml | 9 +++++++++ roles/apps/tasks/extra_tasks/nginx.yml | 2 +- roles/apps/tasks/main.yml | 2 +- roles/apps/templates/compose-files/ipfs.yml.j2 | 4 ++-- .../apps/templates/compose-files/monerod.yml.j2 | 4 ++-- roles/apps/templates/nginx/conf.d/ipfs.conf.j2 | 8 ++++---- .../apps/templates/nginx/conf.d/monerod.conf.j2 | 4 ++-- .../templates/nginx/conf.d/nextcloud.conf.j2 | 4 ++-- roles/docker/files/daemon.json | 6 ++++++ roles/docker/tasks/main.yml | 16 ++++++++-------- roles/virt-common/files/sshd_config | 2 ++ roles/virt-common/tasks/firewall.yml | 1 - 13 files changed, 40 insertions(+), 24 deletions(-) create mode 100644 roles/apps/tasks/extra_tasks/monerod.yml diff --git a/roles/apps/defaults/main.yml b/roles/apps/defaults/main.yml index 9451703..065d4e3 100644 --- a/roles/apps/defaults/main.yml +++ b/roles/apps/defaults/main.yml @@ -32,7 +32,7 @@ apps_vars: monerod: backup: false sender: false - extra_tasks: false + extra_tasks: true domain: xmr.{{ apps_local_domain }} version: latest diff --git a/roles/apps/tasks/extra_tasks/monerod.yml b/roles/apps/tasks/extra_tasks/monerod.yml new file mode 100644 index 0000000..2e4362b --- /dev/null +++ b/roles/apps/tasks/extra_tasks/monerod.yml @@ -0,0 +1,9 @@ +# vim: ft=yaml.ansible +# code: language=ansible +--- +- name: Create subfolder for monerod data + ansible.builtin.file: + path: "{{ apps_data_root }}/monerod/data/bitmonero" + owner: '1000' + mode: u=rwx,g=rx,o=rx + state: directory diff --git a/roles/apps/tasks/extra_tasks/nginx.yml b/roles/apps/tasks/extra_tasks/nginx.yml index a6bf03c..4c708fa 100644 --- a/roles/apps/tasks/extra_tasks/nginx.yml +++ b/roles/apps/tasks/extra_tasks/nginx.yml @@ -8,7 +8,7 @@ mode: u=rwx,g=rx,o=rx state: directory -- name: Copy nginx config for {{ app }} +- name: Copy nginx configs ansible.builtin.template: src: nginx/conf.d/{{ app }}.conf.j2 dest: "{{ apps_data_root }}/nginx/data/conf.d/{{ app }}.conf" diff --git a/roles/apps/tasks/main.yml b/roles/apps/tasks/main.yml index 3fb7c1a..cca8156 100644 --- a/roles/apps/tasks/main.yml +++ b/roles/apps/tasks/main.yml @@ -7,7 +7,7 @@ enable_ipv6: true ipam_config: - subnet: 172.17.2.0/24 - gateway: 172.17.2.1 + - subnet: fd02::/64 state: present - name: Create Docker network for Postfix diff --git a/roles/apps/templates/compose-files/ipfs.yml.j2 b/roles/apps/templates/compose-files/ipfs.yml.j2 index 83f6faf..605dee3 100644 --- a/roles/apps/templates/compose-files/ipfs.yml.j2 +++ b/roles/apps/templates/compose-files/ipfs.yml.j2 @@ -16,8 +16,8 @@ services: aliases: - ipfs ports: - - {{ ansible_hostname }}:4001:4001/tcp - - {{ ansible_hostname }}:4001:4001/udp + - 4001:4001/tcp + - 4001:4001/udp volumes: - "./data/ipfs-config.sh:/container-init.d/ipfs-config.sh:ro" - "./data/data:/data/ipfs:rw" diff --git a/roles/apps/templates/compose-files/monerod.yml.j2 b/roles/apps/templates/compose-files/monerod.yml.j2 index 9b13318..8af836c 100644 --- a/roles/apps/templates/compose-files/monerod.yml.j2 +++ b/roles/apps/templates/compose-files/monerod.yml.j2 @@ -12,9 +12,9 @@ services: aliases: - monerod ports: - - {{ ansible_hostname }}:18080:18080/tcp + - 18080:18080/tcp volumes: - - "./data:/home/monero/.bitmonero:rw" + - "./data/bitmonero:/home/monero/.bitmonero:rw" networks: {{ apps_shared_docker_network }}: diff --git a/roles/apps/templates/nginx/conf.d/ipfs.conf.j2 b/roles/apps/templates/nginx/conf.d/ipfs.conf.j2 index daf106e..a1672e2 100644 --- a/roles/apps/templates/nginx/conf.d/ipfs.conf.j2 +++ b/roles/apps/templates/nginx/conf.d/ipfs.conf.j2 @@ -4,10 +4,10 @@ server { listen 8080; server_name {{ apps_vars.ipfs.domain }}; - resolver 127.0.0.11; location / { - proxy_pass http://ipfs:5001; + set $upstream http://ipfs:5001; + proxy_pass $upstream; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto "https"; } @@ -16,10 +16,10 @@ server { server { listen 8080; server_name ~^([\w-]+\.(ipfs|ipns)\.)?{{ apps_vars.ipfs.gateway_domain }}$; - resolver 127.0.0.11; location / { - proxy_pass http://ipfs:8080; + set $upstream http://ipfs:8080; + proxy_pass $upstream; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto "https"; } diff --git a/roles/apps/templates/nginx/conf.d/monerod.conf.j2 b/roles/apps/templates/nginx/conf.d/monerod.conf.j2 index 91b31fc..eddb7ae 100644 --- a/roles/apps/templates/nginx/conf.d/monerod.conf.j2 +++ b/roles/apps/templates/nginx/conf.d/monerod.conf.j2 @@ -4,10 +4,10 @@ server { listen 8080; server_name {{ apps_vars.monerod.domain }}; - resolver 127.0.0.11; location / { - proxy_pass http://monerod:18089; + set $upstream http://monerod:18089; + proxy_pass $upstream; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto "https"; } diff --git a/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2 b/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2 index 9ce3d6b..3b718cf 100644 --- a/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2 +++ b/roles/apps/templates/nginx/conf.d/nextcloud.conf.j2 @@ -4,10 +4,10 @@ server { listen 8080; server_name {{ apps_vars.nextcloud.domain }}; - resolver 127.0.0.11; location / { - proxy_pass http://nextcloud:80; + set $upstream http://nextcloud:80; + proxy_pass $upstream; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto "https"; } diff --git a/roles/docker/files/daemon.json b/roles/docker/files/daemon.json index 0d8b6e7..9205107 100644 --- a/roles/docker/files/daemon.json +++ b/roles/docker/files/daemon.json @@ -1,4 +1,10 @@ { + "default-address-pools": [ + { + "base": "172.17.0.0/16", + "size": 24 + } + ], "experimental": true, "ip6tables": true } diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 90bce14..8d3ca60 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,14 +1,6 @@ # vim: ft=yaml.ansible # code: language=ansible --- -- name: Copy Docker daemon config file - ansible.builtin.copy: - src: daemon.json - dest: /etc/docker/daemon.json - owner: root - mode: u=rw,g=r,o=r - notify: Reload Docker daemon - - name: Add Docker PGP key ansible.builtin.rpm_key: key: https://download.docker.com/linux/centos/gpg @@ -35,6 +27,14 @@ - containerd.io state: present +- name: Copy Docker daemon config file + ansible.builtin.copy: + src: daemon.json + dest: /etc/docker/daemon.json + owner: root + mode: u=rw,g=r,o=r + notify: Reload Docker daemon + - name: Ensure Docker daemon is enabled and running ansible.builtin.service: name: docker diff --git a/roles/virt-common/files/sshd_config b/roles/virt-common/files/sshd_config index f520383..bb2743a 100644 --- a/roles/virt-common/files/sshd_config +++ b/roles/virt-common/files/sshd_config @@ -18,4 +18,6 @@ PrintMotd no UseDNS no AcceptEnv LANG LC_* +Subsystem sftp internal-sftp + Include /etc/ssh/sshd_config.d/*.conf diff --git a/roles/virt-common/tasks/firewall.yml b/roles/virt-common/tasks/firewall.yml index 797d906..9577cd5 100644 --- a/roles/virt-common/tasks/firewall.yml +++ b/roles/virt-common/tasks/firewall.yml @@ -10,7 +10,6 @@ source: 192.168.0.0/16 permanent: true state: enabled - loop: - name: Move internal network to zone 'internal' ansible.posix.firewalld: