samsapti
/
lab-ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove sapt-labr-prx02

This commit is contained in:
Sam A. 2023-12-22 21:57:19 +01:00
parent ab0b7835a4
commit c091a4f869
Signed by: samsapti
GPG Key ID: CBBBE7371E81C4EA
13 changed files with 97 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
host_vars/sapt-labr-prx01.yml
View File

@ -5,5 +5,3 @@ fqdn: sapt-labr-prx01.shrd.servers.sapti.me
ansible_host: 192.168.17.10
internal_ipv4: 10.2.18.10
virt_type: kvm
proxy_mode: global

9
host_vars/sapt-labr-prx02.yml
View File

@ -1,9 +0,0 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
fqdn: sapt-labr-prx02.shrd.servers.sapti.me
ansible_host: 192.168.17.11
internal_ipv4: 10.2.18.11
virt_type: kvm
proxy_mode: local

1
inventory.ini
View File

@ -18,7 +18,6 @@ sapt-labs-db01
[proxy_shrd]
sapt-labr-prx01
sapt-labr-prx02
[monitor_shrd]
sapt-labr-mon01

4
roles/apps/templates/nginx/conf.d/ipfs.conf.j2
View File

@ -2,7 +2,7 @@
server {
listen 8080;
server_name {{ apps_vars.ipfs.domain }};
resolver 127.0.1.1;
resolver 127.0.0.11;
location / {
proxy_pass http://ipfs:5001;
@ -14,7 +14,7 @@ server {
server {
listen 8080;
server_name ~^([\w-]+\.(ipfs|ipns)\.)?{{ apps_vars.ipfs.gateway_domain }}$;
resolver 127.0.1.1;
resolver 127.0.0.11;
location / {
proxy_pass http://ipfs:8080;

2
roles/apps/templates/nginx/conf.d/monerod.conf.j2
View File

@ -2,7 +2,7 @@
server {
listen 8080;
server_name {{ apps_vars.monerod.domain }};
resolver 127.0.1.1;
resolver 127.0.0.11;
location / {
proxy_pass http://monerod:18089;

2
roles/apps/templates/nginx/conf.d/nextcloud.conf.j2
View File

@ -2,7 +2,7 @@
server {
listen 8080;
server_name {{ apps_vars.nextcloud.domain }};
resolver 127.0.1.1;
resolver 127.0.0.11;
location / {
proxy_pass http://nextcloud:80;

7
roles/proxy/defaults/main.yml
View File

@ -2,7 +2,12 @@
# code: language=ansible
---
proxy_data_root: "{{ data_fs }}/proxy"
proxy_caddy_version: '2.7.4'
proxy_caddy_version: '2.7.6'
proxy_trusted_subnets:
- 192.168.1.0/24
- 192.168.8.0/24
- 192.168.17.0/24
proxy_vars:
production:

2
roles/proxy/handlers/main.yml
View File

@ -4,5 +4,5 @@
- name: Build custom Docker image for Caddy
ansible.builtin.command:
cmd: docker compose build
chdir: "{{ proxy_data_root }}/{{ proxy_mode }}"
chdir: "{{ proxy_data_root }}"
warn: false

23
roles/proxy/tasks/main.yml
View File

@ -1,23 +1,16 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create base folder
- name: Create base folder for Caddy
ansible.builtin.file:
path: "{{ proxy_data_root }}"
owner: root
mode: u=rwx,g=rx,o=rx
state: directory
- name: Create folder for Caddy
ansible.builtin.file:
path: "{{ proxy_data_root }}/{{ proxy_mode }}"
owner: root
mode: u=rwx,go=
state: directory
- name: Create build folder for Caddy
ansible.builtin.file:
path: "{{ proxy_data_root }}/{{ proxy_mode }}/build"
path: "{{ proxy_data_root }}/build"
owner: root
mode: u=rwx,g=rx,o=rx
state: directory
@ -25,35 +18,35 @@
- name: Copy Compose file for Caddy
ansible.builtin.template:
src: docker/docker-compose.yml.j2
dest: "{{ proxy_data_root }}/{{ proxy_mode }}/docker-compose.yml"
dest: "{{ proxy_data_root }}/docker-compose.yml"
owner: root
mode: u=rw,go=
- name: Copy Dockerfile for Caddy
ansible.builtin.template:
src: docker/Dockerfile.j2
dest: "{{ proxy_data_root }}/{{ proxy_mode }}/build/Dockerfile"
dest: "{{ proxy_data_root }}/build/Dockerfile"
owner: root
mode: u=rw,g=r,o=r
notify: Build custom Docker image for Caddy
- name: Create data folder for Caddy
ansible.builtin.file:
path: "{{ proxy_data_root }}/{{ proxy_mode }}/data"
path: "{{ proxy_data_root }}/data"
owner: root
mode: u=rwx,g=rx,o=rx
state: directory
- name: Copy Caddyfile
ansible.builtin.template:
src: caddy/{{ proxy_mode }}.Caddyfile.j2
dest: "{{ proxy_data_root }}/{{ proxy_mode }}/data/Caddyfile"
src: caddy/Caddyfile.j2
dest: "{{ proxy_data_root }}/data/Caddyfile"
owner: root
mode: u=rw,go=
- name: Create subfolders for Caddy data
ansible.builtin.file:
path: "{{ proxy_data_root }}/{{ proxy_mode }}/data/caddy-{{ item }}"
path: "{{ proxy_data_root }}/data/caddy-{{ item }}"
owner: root
mode: u=rwx,go=
state: directory

77
roles/proxy/templates/caddy/Caddyfile.j2 Normal file
View File

@ -0,0 +1,77 @@
# code: language=ansible-jinja
{
admin off
}
{% for env in ['production', 'staging'] %}
# Environment: {{ env }}
{{ proxy_vars[env].app01.apps_vars.ipfs.domain }} {
tls {{ tls_email }} {
dns njalla {{ njalla_api_token }}
}
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-Server
}
@local {
remote_ip {{ proxy_trusted_subnets | join(' ') }}
}
handle @local {
reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
}
respond 403
}
{{ proxy_vars[env].app01.apps_vars.ipfs.gateway_domain }},
*.ipfs.{{ proxy_vars[env].app01.apps_vars.ipfs.gateway_domain }},
*.ipns.{{ proxy_vars[env].app01.apps_vars.ipfs.gateway_domain }} {
tls {{ tls_email }} {
dns njalla {{ njalla_api_token }}
}
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-Server
}
reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
}
{{ proxy_vars[env].app01.apps_vars.monerod.domain }} {
tls {{ tls_email }} {
dns njalla {{ njalla_api_token }}
}
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-Server
}
@local {
remote_ip {{ proxy_trusted_subnets | join(' ') }}
}
handle @local {
reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
}
respond 403
}
{{ proxy_vars[env].app01.apps_vars.nextcloud.domain }} {
tls {{ tls_email }}
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-Server
}
reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
}
{% endfor %}

34
roles/proxy/templates/caddy/global.Caddyfile.j2
View File

@ -1,34 +0,0 @@
# code: language=ansible-jinja
{
admin off
}
{% for env in ['production', 'staging'] %}
# Environment: {{ env }}
{{ proxy_vars[env].app01.apps_vars.nextcloud.domain }} {
tls {{ tls_email }}
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-Server
}
reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
}
{{ proxy_vars[env].app01.apps_vars.ipfs.gateway_domain }},
*.ipfs.{{ proxy_vars[env].app01.apps_vars.ipfs.gateway_domain }},
*.ipns.{{ proxy_vars[env].app01.apps_vars.ipfs.gateway_domain }} {
tls {{ tls_email }} {
dns njalla {{ njalla_api_token }}
}
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-Server
}
reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
}
{% endfor %}

34
roles/proxy/templates/caddy/local.Caddyfile.j2
View File

@ -1,34 +0,0 @@
# code: language=ansible-jinja
{
admin off
}
{% for env in ['production', 'staging'] %}
# Environment: {{ env }}
{{ proxy_vars[env].app01.apps_vars.ipfs.domain }} {
tls {{ tls_email }} {
dns njalla {{ njalla_api_token }}
}
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-Server
}
reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
}
{{ proxy_vars[env].app01.apps_vars.monerod.domain }} {
tls {{ tls_email }} {
dns njalla {{ njalla_api_token }}
}
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-Server
}
reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
}
{% endfor %}

2
roles/proxy/templates/scripts/deploy.sh.j2
View File

@ -2,7 +2,7 @@
# code: language=bash
ARG="$1"
PROXY_DIR="{{ proxy_data_root }}/{{ proxy_mode }}"
PROXY_DIR="{{ proxy_data_root }}"
case $ARG in
start)