forked from Netz39_Admin/netz39-infra-ansible
Merge branch 'reorder'
This commit is contained in:
commit
559ed740e6
9 changed files with 81 additions and 136 deletions
16
inventory
16
inventory
|
@ -1,5 +1,9 @@
|
||||||
all:
|
all:
|
||||||
vars:
|
vars:
|
||||||
|
server_admin: "admin@netz39.de"
|
||||||
|
|
||||||
|
ag_timezone: Europe/Berlin
|
||||||
|
|
||||||
users:
|
users:
|
||||||
- logname: "alex"
|
- logname: "alex"
|
||||||
viewname: "Alexander Dahl"
|
viewname: "Alexander Dahl"
|
||||||
|
@ -42,8 +46,12 @@ all:
|
||||||
|
|
||||||
hosts:
|
hosts:
|
||||||
tau.netz39.de:
|
tau.netz39.de:
|
||||||
|
server_admin: "admin+tau@netz39.de"
|
||||||
|
mysql_root_pw: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
64313138383833643866383332623265383863623332343864306537633931326139303638303761
|
||||||
|
6464653933613663643632383935376164393033363233330a313063613832396166666464666136
|
||||||
|
36633532393231663634663034666666356332373438646130643161383134653739663066626538
|
||||||
|
3661663132343639310a613431653031626434323064313465373866666332353931313836623465
|
||||||
|
3461
|
||||||
|
|
||||||
children:
|
|
||||||
tau:
|
|
||||||
hosts:
|
|
||||||
tau.netz39.de:
|
|
||||||
|
|
82
main.yml
82
main.yml
|
@ -1,25 +1,10 @@
|
||||||
---
|
---
|
||||||
- hosts: tau
|
- hosts: all
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
vars:
|
vars:
|
||||||
ansible_python_interpreter: /usr/bin/python3
|
ansible_python_interpreter: /usr/bin/python3
|
||||||
|
|
||||||
server_admin: "admin@netz39.de"
|
|
||||||
|
|
||||||
ag_timezone: Europe/Berlin
|
|
||||||
|
|
||||||
docker_compose_version: "1.25.4"
|
|
||||||
docker_compose_path: /usr/local/bin/docker-compose
|
|
||||||
|
|
||||||
mysql_root_pw: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
64313138383833643866383332623265383863623332343864306537633931326139303638303761
|
|
||||||
6464653933613663643632383935376164393033363233330a313063613832396166666464666136
|
|
||||||
36633532393231663634663034666666356332373438646130643161383134653739663066626538
|
|
||||||
3661663132343639310a613431653031626434323064313465373866666332353931313836623465
|
|
||||||
3461
|
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
- role: ansible.timezone
|
- role: ansible.timezone
|
||||||
|
|
||||||
|
@ -49,15 +34,64 @@
|
||||||
include_role:
|
include_role:
|
||||||
name: users
|
name: users
|
||||||
|
|
||||||
- name: Install Docker
|
|
||||||
|
|
||||||
|
- hosts: tau.netz39.de
|
||||||
|
become: true
|
||||||
|
|
||||||
|
vars:
|
||||||
|
ansible_python_interpreter: /usr/bin/python3
|
||||||
|
|
||||||
|
docker_compose_version: "1.25.4"
|
||||||
|
docker_compose_path: /usr/local/bin/docker-compose
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- role: docker
|
||||||
|
- role: apache
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Setup docker network
|
||||||
|
docker_network:
|
||||||
|
name: dockernet
|
||||||
|
driver: bridge
|
||||||
|
ipam_config:
|
||||||
|
- subnet: 192.168.0.0/24
|
||||||
|
gateway: 192.168.0.1
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Setup forward site reservierung.netz39.de
|
||||||
include_role:
|
include_role:
|
||||||
name: install-docker
|
name: setup-http-site-forward
|
||||||
|
vars:
|
||||||
|
site_name: reservierung.netz39.de
|
||||||
|
forward_to: https://codimd.pingtech.de/aYsBj5wSTviFTozd8b0P_Q
|
||||||
|
|
||||||
- name: Setup Docker Environment
|
- name: Setup proxy site testredmine.netz39.de
|
||||||
include_tasks: tasks/docker_env.yml
|
include_role:
|
||||||
|
name: setup-http-site-proxy
|
||||||
- name: Setup httpd
|
vars:
|
||||||
include_tasks: tasks/httpd.yml
|
site_name: testredmine.netz39.de
|
||||||
|
proxy_port: 9004
|
||||||
|
|
||||||
- name: Setup phpmyadmin
|
- name: Setup phpmyadmin
|
||||||
include_tasks: tasks/phpmyadmin.yml
|
docker_container:
|
||||||
|
name: phpmyadmin
|
||||||
|
state: started
|
||||||
|
image: phpmyadmin:5.0
|
||||||
|
networks_cli_compatible: true
|
||||||
|
networks:
|
||||||
|
- name: dockernet
|
||||||
|
restart_policy: always
|
||||||
|
env:
|
||||||
|
PMA_HOST: 192.168.0.1
|
||||||
|
MYSQL_ROOT_PASSWORD: "{{ mysql_root_pw }}"
|
||||||
|
PMA_ABSOLUTE_URI: "https://mysql.adm.netz39.de"
|
||||||
|
published_ports:
|
||||||
|
- 9001:80
|
||||||
|
|
||||||
|
- name: Setup proxy site mysql.adm.netz39.de
|
||||||
|
include_role:
|
||||||
|
name: setup-http-site-proxy
|
||||||
|
vars:
|
||||||
|
site_name: mysql.adm.netz39.de
|
||||||
|
proxy_port: 9001
|
||||||
|
|
11
roles/apache/tasks/main.yml
Normal file
11
roles/apache/tasks/main.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
- name: Ensure Apache2 and modules are installed and up to date
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- apache2
|
||||||
|
state: latest
|
||||||
|
|
||||||
|
- name: Ensure mod_rewrite is enabled
|
||||||
|
apache2_module:
|
||||||
|
name: rewrite
|
||||||
|
state: present
|
|
@ -1,10 +0,0 @@
|
||||||
- name: Setup docker network
|
|
||||||
docker_network:
|
|
||||||
name: dockernet
|
|
||||||
driver: bridge
|
|
||||||
ipam_config:
|
|
||||||
- subnet: 192.168.0.0/24
|
|
||||||
gateway: 192.168.0.1
|
|
||||||
state: present
|
|
||||||
|
|
||||||
|
|
|
@ -1,27 +0,0 @@
|
||||||
---
|
|
||||||
- name: Ensure Apache2 and modules are installed and up to date
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- apache2
|
|
||||||
state: latest
|
|
||||||
|
|
||||||
- name: Ensure mod_rewrite is enabled
|
|
||||||
apache2_module:
|
|
||||||
name: rewrite
|
|
||||||
state: present
|
|
||||||
|
|
||||||
|
|
||||||
- name: Setup forward site reservierung.netz39.de
|
|
||||||
include_role:
|
|
||||||
name: setup-http-site-forward
|
|
||||||
vars:
|
|
||||||
site_name: reservierung.netz39.de
|
|
||||||
forward_to: https://codimd.pingtech.de/aYsBj5wSTviFTozd8b0P_Q
|
|
||||||
|
|
||||||
|
|
||||||
- name: Setup proxy site testredmine.netz39.de
|
|
||||||
include_role:
|
|
||||||
name: setup-http-site-proxy
|
|
||||||
vars:
|
|
||||||
site_name: testredmine.netz39.de
|
|
||||||
proxy_port: 9004
|
|
|
@ -1,23 +0,0 @@
|
||||||
---
|
|
||||||
- name: Setup phpmyadmin
|
|
||||||
docker_container:
|
|
||||||
name: phpmyadmin
|
|
||||||
state: started
|
|
||||||
image: phpmyadmin:5.0
|
|
||||||
networks_cli_compatible: true
|
|
||||||
networks:
|
|
||||||
- name: dockernet
|
|
||||||
restart_policy: always
|
|
||||||
env:
|
|
||||||
PMA_HOST: 192.168.0.1
|
|
||||||
MYSQL_ROOT_PASSWORD: "{{ mysql_root_pw }}"
|
|
||||||
PMA_ABSOLUTE_URI: "https://mysql.adm.netz39.de"
|
|
||||||
published_ports:
|
|
||||||
- 9001:80
|
|
||||||
|
|
||||||
- name: Setup proxy site mysql.adm.netz39.de
|
|
||||||
include_role:
|
|
||||||
name: setup-http-site-proxy
|
|
||||||
vars:
|
|
||||||
site_name: mysql.adm.netz39.de
|
|
||||||
proxy_port: 9001
|
|
|
@ -1,48 +0,0 @@
|
||||||
---
|
|
||||||
- name: Add users | create users, shell, home dirs
|
|
||||||
user:
|
|
||||||
name: "{{ item }}"
|
|
||||||
shell: /bin/bash
|
|
||||||
createhome: yes
|
|
||||||
comment: 'created with ansible'
|
|
||||||
password_lock: true
|
|
||||||
append: true
|
|
||||||
with_items:
|
|
||||||
- "{{ admin_users }}"
|
|
||||||
|
|
||||||
- name: Create .ssh user directories
|
|
||||||
file:
|
|
||||||
path: "{{ '/home/' + item + '/.ssh' }}"
|
|
||||||
state: directory
|
|
||||||
mode: "0700"
|
|
||||||
owner: "{{ item }}"
|
|
||||||
group: "{{ item }}"
|
|
||||||
with_items:
|
|
||||||
- "{{ admin_users }}"
|
|
||||||
|
|
||||||
- name: Set authorized keys for users
|
|
||||||
copy:
|
|
||||||
src: "{{'users/' + item + '_authorized_keys'}}"
|
|
||||||
remote_src: no
|
|
||||||
dest: "{{ '/home/' + item + '/.ssh/authorized_keys' }}"
|
|
||||||
mode: "0600"
|
|
||||||
owner: "{{ item }}"
|
|
||||||
group: "{{ item }}"
|
|
||||||
with_items:
|
|
||||||
- "{{ admin_users }}"
|
|
||||||
|
|
||||||
- name: Place users in sudo group
|
|
||||||
user:
|
|
||||||
name: "{{ item }}"
|
|
||||||
groups: sudo
|
|
||||||
append: yes
|
|
||||||
with_items:
|
|
||||||
- "{{ admin_users }}"
|
|
||||||
|
|
||||||
- name: Configure group sudo for sudoers without password
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/sudoers
|
|
||||||
state: present
|
|
||||||
regexp: '^%sudo\s'
|
|
||||||
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
|
|
||||||
validate: /usr/sbin/visudo -cf %s
|
|
Loading…
Reference in a new issue