From 6d5d1b58537b8477d9d87d50878dafd01bf243ae Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Mon, 25 Dec 2023 23:17:36 +0100 Subject: [PATCH] Apply fixes after testing --- group_vars/shared/vault.yml | 22 ++++---- inventory.ini | 20 +++---- play.sh | 4 +- playbook_template.yml | 8 --- roles/proxy/defaults/main.yml | 4 +- roles/proxy/handlers/main.yml | 1 - roles/proxy/templates/caddy/Caddyfile.j2 | 12 ++--- ...cker-compose.yml => docker-compose.yml.j2} | 0 site.yml | 54 ++----------------- 9 files changed, 35 insertions(+), 90 deletions(-) delete mode 100644 playbook_template.yml rename roles/proxy/templates/docker/{docker-compose.yml => docker-compose.yml.j2} (100%) diff --git a/group_vars/shared/vault.yml b/group_vars/shared/vault.yml index be35017..d669aab 100644 --- a/group_vars/shared/vault.yml +++ b/group_vars/shared/vault.yml @@ -1,12 +1,12 @@ $ANSIBLE_VAULT;1.1;AES256 -62653230353438653231623538326333343234663838366336626462383666323665396663666630 -3861613861386231323435663864386238613738623232620a323466353761306263373934373137 -61363561353765633763316438393833343333643338623136343561626633353262306261333730 -3564306233363730330a376165343466303362376464613534323235316138656362656332313134 -34363132303331613162306665313538323362626339623631393530613135646563326163346237 -30343432373530386237633263356561363530663339376261303030353735666138313462323333 -33393538623632366330303630613132336130366635616665306563643665346264643163633563 -33643962393434346534633930626137373564396465323761643261393433303363396163623563 -39333930633863356236653063303762363538653739623330656537343364656538613762623162 -31373638643434636331613634356237656338386639363061626231616235343833633433383566 -363733393837396133373032343464333866 +32316365373632626334633238386337656537366164343739323236316630383366343532663839 +6231303563643932656238636633303233613930623864350a393861343666613136623634613530 +35313232333735393361396565386263633966643532663334366464613637303263303336303831 +6463386263343565320a323232613765646162343936363531323732623363316364626364343738 +64386562333539303734663366643865663561663138313039373163333836343566623961383832 +64303437303837653939333338323737626430656265333333366163396265316536353833316330 +36346465663830656661363735303636656136616332336565616335393061393834306533613933 +37613863643331333064333262333937653332643462313630346165373066323634356239323538 +39366666323831303366356566346665613532623862653464616630393262626561306165613732 +65623665376435346432366239666138616631653733363934613239633739643733306562343261 +326135306430666637663638353831366637 diff --git a/inventory.ini b/inventory.ini index 40e5732..4d51db2 100644 --- a/inventory.ini +++ b/inventory.ini @@ -1,21 +1,21 @@ [app_prod] sapt-labp-app01 -[mda_prod] -sapt-labp-mda01 - [db_prod] sapt-labp-db01 +# [mda_prod] +# sapt-labp-mda01 + [app_stage] sapt-labs-app01 -[mda_stage] -sapt-labs-mda01 - [db_stage] sapt-labs-db01 +# [mda_stage] +# sapt-labs-mda01 + [proxy_shrd] sapt-labr-prx01 @@ -31,10 +31,12 @@ sapt-labx-ctl01 [production:children] app_prod db_prod +# mda_prod [staging:children] app_stage db_stage +# mda_stage [shared:children] proxy_shrd @@ -44,9 +46,9 @@ monitor_shrd app_prod app_stage -[mediaservers:children] -mda_prod -mda_stage +#[mediaservers:children] +#mda_prod +#mda_stage [dbservers:children] db_prod diff --git a/play.sh b/play.sh index 26ab98e..091a60b 100755 --- a/play.sh +++ b/play.sh @@ -16,8 +16,8 @@ esac export HOSTS export ROLES -PLAYBOOK="play-$(tr -dc A-Za-z < /dev/urandom | head -c 10).yml" -envsubst < playbook_template.yml > "$PLAYBOOK" +PLAYBOOK="playbook-$(tr -dc A-Za-z < /dev/urandom | head -c 10).yml" +envsubst < site.yml > "$PLAYBOOK" ansible-playbook "$PLAYBOOK" STATUS=$? diff --git a/playbook_template.yml b/playbook_template.yml deleted file mode 100644 index b8ff532..0000000 --- a/playbook_template.yml +++ /dev/null @@ -1,8 +0,0 @@ -# vim: ft=yaml.ansible -# code: language=ansible ---- -- name: Run play - hosts: ${HOSTS} - remote_user: ansible - become: true - roles: ${ROLES} diff --git a/roles/proxy/defaults/main.yml b/roles/proxy/defaults/main.yml index 09d54ac..8c15b8f 100644 --- a/roles/proxy/defaults/main.yml +++ b/roles/proxy/defaults/main.yml @@ -12,9 +12,9 @@ proxy_trusted_subnets: proxy_vars: production: app01: "{{ hostvars['sapt-labp-app01'] }}" - mda01: "{{ hostvars['sapt-labp-mda01'] }}" + # mda01: "{{ hostvars['sapt-labp-mda01'] }}" staging: app01: "{{ hostvars['sapt-labs-app01'] }}" - mda01: "{{ hostvars['sapt-labs-mda01'] }}" + # mda01: "{{ hostvars['sapt-labs-mda01'] }}" shared: mon01: "{{ hostvars['sapt-labr-mon01'] }}" diff --git a/roles/proxy/handlers/main.yml b/roles/proxy/handlers/main.yml index 4838dff..ac4ce17 100644 --- a/roles/proxy/handlers/main.yml +++ b/roles/proxy/handlers/main.yml @@ -5,4 +5,3 @@ ansible.builtin.command: cmd: docker compose build chdir: "{{ proxy_data_root }}" - warn: false diff --git a/roles/proxy/templates/caddy/Caddyfile.j2 b/roles/proxy/templates/caddy/Caddyfile.j2 index 62b2f10..005e29c 100644 --- a/roles/proxy/templates/caddy/Caddyfile.j2 +++ b/roles/proxy/templates/caddy/Caddyfile.j2 @@ -8,7 +8,7 @@ {% for env in ['production', 'staging'] %} # Environment: {{ env }} -{{ proxy_vars[env].app01.apps_vars.ipfs.domain }} { +ipfs.local.{{ proxy_vars[env].app01.apps_base_domain }} { tls {{ tls_email }} { dns njalla {{ njalla_api_token }} } @@ -29,9 +29,9 @@ respond 403 } -{{ proxy_vars[env].app01.apps_vars.ipfs.gateway_domain }}, -*.ipfs.{{ proxy_vars[env].app01.apps_vars.ipfs.gateway_domain }}, -*.ipns.{{ proxy_vars[env].app01.apps_vars.ipfs.gateway_domain }} { +ipfs-gateway.{{ proxy_vars[env].app01.apps_base_domain }}, +*.ipfs.ipfs-gateway.{{ proxy_vars[env].app01.apps_base_domain }}, +*.ipns.ipfs-gateway.{{ proxy_vars[env].app01.apps_base_domain }} { tls {{ tls_email }} { dns njalla {{ njalla_api_token }} } @@ -44,7 +44,7 @@ reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080 } -{{ proxy_vars[env].app01.apps_vars.monerod.domain }} { +xmr.local.{{ proxy_vars[env].app01.apps_base_domain }} { tls {{ tls_email }} { dns njalla {{ njalla_api_token }} } @@ -65,7 +65,7 @@ respond 403 } -{{ proxy_vars[env].app01.apps_vars.nextcloud.domain }} { +cloud.{{ proxy_vars[env].app01.apps_base_domain }} { tls {{ tls_email }} header { diff --git a/roles/proxy/templates/docker/docker-compose.yml b/roles/proxy/templates/docker/docker-compose.yml.j2 similarity index 100% rename from roles/proxy/templates/docker/docker-compose.yml rename to roles/proxy/templates/docker/docker-compose.yml.j2 diff --git a/site.yml b/site.yml index 208699a..b8ff532 100644 --- a/site.yml +++ b/site.yml @@ -1,56 +1,8 @@ # vim: ft=yaml.ansible # code: language=ansible --- -# - name: Control servers -# hosts: control_infra -# remote_user: root -# roles: -# - ctl-common - -- name: Base configuration - hosts: virtualservers +- name: Run play + hosts: ${HOSTS} remote_user: ansible become: true - roles: - - virt-common - -- name: Docker hosts - hosts: appservers:proxyservers:monitorservers - become: true - roles: - - docker - -- name: Application servers - hosts: appservers - remote_user: ansible - become: true - roles: - - apps - -# - name: Media servers -# hosts: mediaservers -# remote_user: ansible -# become: true -# roles: -# - jellyfin - -- name: Database servers - hosts: dbservers - remote_user: ansible - become: true - roles: - - postgresql - -# - name: Monitoring servers -# hosts: monitorservers -# remote_user: ansible -# become: true -# roles: -# - monitoring - -- name: Proxy servers - hosts: proxyservers - remote_user: ansible - become: true - roles: - - proxy + roles: ${ROLES}