max/netz39-infra-ansible
1
0
Fork 0
forked from Netz39_Admin/netz39-infra-ansible
Code Issues Pull requests Releases Wiki Activity

Merge branch 'reorder'

Browse source
This commit is contained in:
Stefan Haun 2020-12-09 19:32:11 +01:00
commit 559ed740e6
9 changed files with 81 additions and 136 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
inventory
View file

@ -1,5 +1,9 @@
all:
vars:
server_admin: "admin@netz39.de"
ag_timezone: Europe/Berlin
users:
- logname: "alex"
viewname: "Alexander Dahl"
@ -42,8 +46,12 @@ all:
hosts:
tau.netz39.de:
server_admin: "admin+tau@netz39.de"
mysql_root_pw: !vault |
$ANSIBLE_VAULT;1.1;AES256
64313138383833643866383332623265383863623332343864306537633931326139303638303761
6464653933613663643632383935376164393033363233330a313063613832396166666464666136
36633532393231663634663034666666356332373438646130643161383134653739663066626538
3661663132343639310a613431653031626434323064313465373866666332353931313836623465
3461
children:
tau:
hosts:
tau.netz39.de:

82
main.yml
View file

@ -1,25 +1,10 @@
---
- hosts: tau
- hosts: all
become: true
vars:
ansible_python_interpreter: /usr/bin/python3
server_admin: "admin@netz39.de"
ag_timezone: Europe/Berlin
docker_compose_version: "1.25.4"
docker_compose_path: /usr/local/bin/docker-compose
mysql_root_pw: !vault |
$ANSIBLE_VAULT;1.1;AES256
64313138383833643866383332623265383863623332343864306537633931326139303638303761
6464653933613663643632383935376164393033363233330a313063613832396166666464666136
36633532393231663634663034666666356332373438646130643161383134653739663066626538
3661663132343639310a613431653031626434323064313465373866666332353931313836623465
3461
roles:
- role: ansible.timezone
@ -49,15 +34,64 @@
include_role:
name: users
- name: Install Docker
- hosts: tau.netz39.de
become: true
vars:
ansible_python_interpreter: /usr/bin/python3
docker_compose_version: "1.25.4"
docker_compose_path: /usr/local/bin/docker-compose
roles:
- role: docker
- role: apache
tasks:
- name: Setup docker network
docker_network:
name: dockernet
driver: bridge
ipam_config:
- subnet: 192.168.0.0/24
gateway: 192.168.0.1
state: present
- name: Setup forward site reservierung.netz39.de
include_role:
name: install-docker
name: setup-http-site-forward
vars:
site_name: reservierung.netz39.de
forward_to: https://codimd.pingtech.de/aYsBj5wSTviFTozd8b0P_Q
- name: Setup Docker Environment
include_tasks: tasks/docker_env.yml
- name: Setup httpd
include_tasks: tasks/httpd.yml
- name: Setup proxy site testredmine.netz39.de
include_role:
name: setup-http-site-proxy
vars:
site_name: testredmine.netz39.de
proxy_port: 9004
- name: Setup phpmyadmin
include_tasks: tasks/phpmyadmin.yml
docker_container:
name: phpmyadmin
state: started
image: phpmyadmin:5.0
networks_cli_compatible: true
networks:
- name: dockernet
restart_policy: always
env:
PMA_HOST: 192.168.0.1
MYSQL_ROOT_PASSWORD: "{{ mysql_root_pw }}"
PMA_ABSOLUTE_URI: "https://mysql.adm.netz39.de"
published_ports:
- 9001:80
- name: Setup proxy site mysql.adm.netz39.de
include_role:
name: setup-http-site-proxy
vars:
site_name: mysql.adm.netz39.de
proxy_port: 9001

11
roles/apache/tasks/main.yml Normal file
View file

@ -0,0 +1,11 @@
---
- name: Ensure Apache2 and modules are installed and up to date
apt:
name:
- apache2
state: latest
- name: Ensure mod_rewrite is enabled
apache2_module:
name: rewrite
state: present

0
roles/install-docker/handlers/main.yml → roles/docker/handlers/main.yml
View file

0
roles/install-docker/tasks/main.yml → roles/docker/tasks/main.yml
View file

10
tasks/docker_env.yml
View file

@ -1,10 +0,0 @@
- name: Setup docker network
docker_network:
name: dockernet
driver: bridge
ipam_config:
- subnet: 192.168.0.0/24
gateway: 192.168.0.1
state: present

27
tasks/httpd.yml
View file

@ -1,27 +0,0 @@
---
- name: Ensure Apache2 and modules are installed and up to date
apt:
name:
- apache2
state: latest
- name: Ensure mod_rewrite is enabled
apache2_module:
name: rewrite
state: present
- name: Setup forward site reservierung.netz39.de
include_role:
name: setup-http-site-forward
vars:
site_name: reservierung.netz39.de
forward_to: https://codimd.pingtech.de/aYsBj5wSTviFTozd8b0P_Q
- name: Setup proxy site testredmine.netz39.de
include_role:
name: setup-http-site-proxy
vars:
site_name: testredmine.netz39.de
proxy_port: 9004

23
tasks/phpmyadmin.yml
View file

@ -1,23 +0,0 @@
---
- name: Setup phpmyadmin
docker_container:
name: phpmyadmin
state: started
image: phpmyadmin:5.0
networks_cli_compatible: true
networks:
- name: dockernet
restart_policy: always
env:
PMA_HOST: 192.168.0.1
MYSQL_ROOT_PASSWORD: "{{ mysql_root_pw }}"
PMA_ABSOLUTE_URI: "https://mysql.adm.netz39.de"
published_ports:
- 9001:80
- name: Setup proxy site mysql.adm.netz39.de
include_role:
name: setup-http-site-proxy
vars:
site_name: mysql.adm.netz39.de
proxy_port: 9001

48
tasks/users.yml
View file

@ -1,48 +0,0 @@
---
- name: Add users | create users, shell, home dirs
user:
name: "{{ item }}"
shell: /bin/bash
createhome: yes
comment: 'created with ansible'
password_lock: true
append: true
with_items:
- "{{ admin_users }}"
- name: Create .ssh user directories
file:
path: "{{ '/home/' + item + '/.ssh' }}"
state: directory
mode: "0700"
owner: "{{ item }}"
group: "{{ item }}"
with_items:
- "{{ admin_users }}"
- name: Set authorized keys for users
copy:
src: "{{'users/' + item + '_authorized_keys'}}"
remote_src: no
dest: "{{ '/home/' + item + '/.ssh/authorized_keys' }}"
mode: "0600"
owner: "{{ item }}"
group: "{{ item }}"
with_items:
- "{{ admin_users }}"
- name: Place users in sudo group
user:
name: "{{ item }}"
groups: sudo
append: yes
with_items:
- "{{ admin_users }}"
- name: Configure group sudo for sudoers without password
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%sudo\s'
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
validate: /usr/sbin/visudo -cf %s