Apply fixes after testing

This commit is contained in:
Sam A. 2023-12-25 23:17:36 +01:00
parent 3ac0ded2a3
commit 6d5d1b5853
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
9 changed files with 35 additions and 90 deletions

View file

@ -1,12 +1,12 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
62653230353438653231623538326333343234663838366336626462383666323665396663666630 32316365373632626334633238386337656537366164343739323236316630383366343532663839
3861613861386231323435663864386238613738623232620a323466353761306263373934373137 6231303563643932656238636633303233613930623864350a393861343666613136623634613530
61363561353765633763316438393833343333643338623136343561626633353262306261333730 35313232333735393361396565386263633966643532663334366464613637303263303336303831
3564306233363730330a376165343466303362376464613534323235316138656362656332313134 6463386263343565320a323232613765646162343936363531323732623363316364626364343738
34363132303331613162306665313538323362626339623631393530613135646563326163346237 64386562333539303734663366643865663561663138313039373163333836343566623961383832
30343432373530386237633263356561363530663339376261303030353735666138313462323333 64303437303837653939333338323737626430656265333333366163396265316536353833316330
33393538623632366330303630613132336130366635616665306563643665346264643163633563 36346465663830656661363735303636656136616332336565616335393061393834306533613933
33643962393434346534633930626137373564396465323761643261393433303363396163623563 37613863643331333064333262333937653332643462313630346165373066323634356239323538
39333930633863356236653063303762363538653739623330656537343364656538613762623162 39366666323831303366356566346665613532623862653464616630393262626561306165613732
31373638643434636331613634356237656338386639363061626231616235343833633433383566 65623665376435346432366239666138616631653733363934613239633739643733306562343261
363733393837396133373032343464333866 326135306430666637663638353831366637

View file

@ -1,21 +1,21 @@
[app_prod] [app_prod]
sapt-labp-app01 sapt-labp-app01
[mda_prod]
sapt-labp-mda01
[db_prod] [db_prod]
sapt-labp-db01 sapt-labp-db01
# [mda_prod]
# sapt-labp-mda01
[app_stage] [app_stage]
sapt-labs-app01 sapt-labs-app01
[mda_stage]
sapt-labs-mda01
[db_stage] [db_stage]
sapt-labs-db01 sapt-labs-db01
# [mda_stage]
# sapt-labs-mda01
[proxy_shrd] [proxy_shrd]
sapt-labr-prx01 sapt-labr-prx01
@ -31,10 +31,12 @@ sapt-labx-ctl01
[production:children] [production:children]
app_prod app_prod
db_prod db_prod
# mda_prod
[staging:children] [staging:children]
app_stage app_stage
db_stage db_stage
# mda_stage
[shared:children] [shared:children]
proxy_shrd proxy_shrd
@ -44,9 +46,9 @@ monitor_shrd
app_prod app_prod
app_stage app_stage
[mediaservers:children] #[mediaservers:children]
mda_prod #mda_prod
mda_stage #mda_stage
[dbservers:children] [dbservers:children]
db_prod db_prod

View file

@ -16,8 +16,8 @@ esac
export HOSTS export HOSTS
export ROLES export ROLES
PLAYBOOK="play-$(tr -dc A-Za-z < /dev/urandom | head -c 10).yml" PLAYBOOK="playbook-$(tr -dc A-Za-z < /dev/urandom | head -c 10).yml"
envsubst < playbook_template.yml > "$PLAYBOOK" envsubst < site.yml > "$PLAYBOOK"
ansible-playbook "$PLAYBOOK" ansible-playbook "$PLAYBOOK"
STATUS=$? STATUS=$?

View file

@ -1,8 +0,0 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Run play
hosts: ${HOSTS}
remote_user: ansible
become: true
roles: ${ROLES}

View file

@ -12,9 +12,9 @@ proxy_trusted_subnets:
proxy_vars: proxy_vars:
production: production:
app01: "{{ hostvars['sapt-labp-app01'] }}" app01: "{{ hostvars['sapt-labp-app01'] }}"
mda01: "{{ hostvars['sapt-labp-mda01'] }}" # mda01: "{{ hostvars['sapt-labp-mda01'] }}"
staging: staging:
app01: "{{ hostvars['sapt-labs-app01'] }}" app01: "{{ hostvars['sapt-labs-app01'] }}"
mda01: "{{ hostvars['sapt-labs-mda01'] }}" # mda01: "{{ hostvars['sapt-labs-mda01'] }}"
shared: shared:
mon01: "{{ hostvars['sapt-labr-mon01'] }}" mon01: "{{ hostvars['sapt-labr-mon01'] }}"

View file

@ -5,4 +5,3 @@
ansible.builtin.command: ansible.builtin.command:
cmd: docker compose build cmd: docker compose build
chdir: "{{ proxy_data_root }}" chdir: "{{ proxy_data_root }}"
warn: false

View file

@ -8,7 +8,7 @@
{% for env in ['production', 'staging'] %} {% for env in ['production', 'staging'] %}
# Environment: {{ env }} # Environment: {{ env }}
{{ proxy_vars[env].app01.apps_vars.ipfs.domain }} { ipfs.local.{{ proxy_vars[env].app01.apps_base_domain }} {
tls {{ tls_email }} { tls {{ tls_email }} {
dns njalla {{ njalla_api_token }} dns njalla {{ njalla_api_token }}
} }
@ -29,9 +29,9 @@
respond 403 respond 403
} }
{{ proxy_vars[env].app01.apps_vars.ipfs.gateway_domain }}, ipfs-gateway.{{ proxy_vars[env].app01.apps_base_domain }},
*.ipfs.{{ proxy_vars[env].app01.apps_vars.ipfs.gateway_domain }}, *.ipfs.ipfs-gateway.{{ proxy_vars[env].app01.apps_base_domain }},
*.ipns.{{ proxy_vars[env].app01.apps_vars.ipfs.gateway_domain }} { *.ipns.ipfs-gateway.{{ proxy_vars[env].app01.apps_base_domain }} {
tls {{ tls_email }} { tls {{ tls_email }} {
dns njalla {{ njalla_api_token }} dns njalla {{ njalla_api_token }}
} }
@ -44,7 +44,7 @@
reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080 reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
} }
{{ proxy_vars[env].app01.apps_vars.monerod.domain }} { xmr.local.{{ proxy_vars[env].app01.apps_base_domain }} {
tls {{ tls_email }} { tls {{ tls_email }} {
dns njalla {{ njalla_api_token }} dns njalla {{ njalla_api_token }}
} }
@ -65,7 +65,7 @@
respond 403 respond 403
} }
{{ proxy_vars[env].app01.apps_vars.nextcloud.domain }} { cloud.{{ proxy_vars[env].app01.apps_base_domain }} {
tls {{ tls_email }} tls {{ tls_email }}
header { header {

View file

@ -1,56 +1,8 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible # code: language=ansible
--- ---
# - name: Control servers - name: Run play
# hosts: control_infra hosts: ${HOSTS}
# remote_user: root
# roles:
# - ctl-common
- name: Base configuration
hosts: virtualservers
remote_user: ansible remote_user: ansible
become: true become: true
roles: roles: ${ROLES}
- virt-common
- name: Docker hosts
hosts: appservers:proxyservers:monitorservers
become: true
roles:
- docker
- name: Application servers
hosts: appservers
remote_user: ansible
become: true
roles:
- apps
# - name: Media servers
# hosts: mediaservers
# remote_user: ansible
# become: true
# roles:
# - jellyfin
- name: Database servers
hosts: dbservers
remote_user: ansible
become: true
roles:
- postgresql
# - name: Monitoring servers
# hosts: monitorservers
# remote_user: ansible
# become: true
# roles:
# - monitoring
- name: Proxy servers
hosts: proxyservers
remote_user: ansible
become: true
roles:
- proxy