Added variables for nginx role

2 years ago · 9867d7e467
parent 090e8e4162
commit 9867d7e467
12 changed files with 79 additions and 10 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -16,3 +16,6 @@
 [submodule "roles/matrix-bridge-telegram"]
 	path = roles/matrix-bridge-telegram
 	url = ssh://git@gitea.auro.re:2222/Pains-Perdus/matrix-bridge-telegram.git
+[submodule "roles/nginx"]
+	path = roles/nginx
+	url = ssh://git@gitea.auro.re:2222/Pains-Perdus/nginx.git
--- a/TODO.md
+++ b/TODO.md
@ -42,6 +42,10 @@ setup:
 - disable cloud init
 - remove cloud init account and change the connenction variable for the vm

+## Network
+
+- Improve the networking role: cannot reload network interfaces without ifupdown2, but ifupdown2 causes lost of connectivity on some hosts because it lacks backward compatibility with ifupdown
+
 ## Matrix

 - Potgres role should be redone, it is currently called too many times that could be globalized I think. Also the setting of timezone and locale is not idempotent
--- a/books/matrix.yml
+++ b/books/matrix.yml
@ -8,7 +8,8 @@
    - matrix-bridge-signal
    - matrix-bridge-instagram
    - matrix-bridge-telegram
+    - nginx

 - hosts: proxy
  roles:
-    - rp_synapse
+    - nginx
--- a/books/proxy.yml
+++ b/books/proxy.yml
@ -0,0 +1,7 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- hosts: proxy
+  roles:
+    - nginx
+
--- a/group_vars/proxy/main.yml
+++ b/group_vars/proxy/main.yml
@ -1,9 +1,25 @@
 ---

-reverse_proxy_sites:
-  - {from: hindley.pains-perdus.fr,       to: "http://127.0.0.1:5000"}
-  - {from: "{{ grafana_domain_name }}",   to: "http://127.0.0.1:3000"}
+ssl_reverse_proxy_upstream:
+  pterodactyl:
+    to: "10.7.10.103"
+    sni_server_name: "play.nyx.ovh"
+    to_port: 443
+  matrix:
+    to: "10.7.10.101"
+    sni_server_name: matrix.pains-perdus.fr
+    to_port: 443

-sharing_sites:
-  - {from: share.deso-palaiseau.fr,                 folder: "/home/histausse/www",            user: histausse,     group: histausse}
-  - {from: wiki.deso-palaiseau.fr,                  folder: "/home/histausse/wiki/public",    user: histausse,     group: histausse}
+http_sites:
+  "pains-perdus.fr":
+    root_snippets: # TODO: check if needed
+      - |
+        listen 8448 ssl http2;
+        listen [::]:8448 ssl http2;
+    locations:
+      "/.well-known/matrix/server":
+        config:
+          - |
+            return 200 '{"m.server": "matrix.pains-perdus.fr:443"}';
+            default_type application/json;
+            add_header Access-Control-Allow-Origin *;
--- a/group_vars/synapse/main.yml
+++ b/group_vars/synapse/main.yml
@ -41,3 +41,17 @@ matrix_bridge_telegram_admins:
 matrix_bridge_telegram_allowed_external_user:
  - '@dorianx:matrix.rezel.net'

+## Nginx
+http_sites:
+  "matrix.pains-perdus.fr":
+    root_snippets: []
+    locations:
+      "~* ^(\/_matrix|\/_synapse\/client)":
+        config:
+          - |
+            # Nginx by default only allows file uploads up to 1M in size
+            # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
+            client_max_body_size {{ matrix_max_upload_size }};;
+        templates:
+          - proxy_pass.j2
+        to: "http://localhost:8008"
--- a/host_vars/nitrogen/main.yml
+++ b/host_vars/nitrogen/main.yml
@ -0,0 +1,12 @@
+---
+ansible_host: nitrogen.lan
+
+## Users
+users:
+  g33kex: sudo
+  histausse: sudo
+
+## Networking
+interfaces:
+  eth0:
+    type: dhcp
--- a/4
+++ b/4
@ -10,6 +10,7 @@ bismuth # BigBlueButton
 sulfur # Synapse
 technetium # Test
 iridium # Pterodactyl
+nitrogen # Nginx

 [container]

@ -22,6 +23,7 @@ barium # Backup
 bismuth
 technetium
 iridium
+nitrogen

 # Groups
 [monitoring]
@ -49,7 +51,7 @@ hindley
 sulfur

 [proxy]
-hindley
+nitrogen

 [prometheus]
 hindley
--- a/roles/cloudinit/tasks/main.yml
+++ b/roles/cloudinit/tasks/main.yml
@ -10,6 +10,12 @@
    state: absent
  when: ansible_facts["lsb"]["id"] == "Ubuntu"

+- name: Remove cloudinit network configuration
+  file:
+    path: "/etc/network/interfaces.d/50-cloud-init"
+    state: absent
+  when: ansible_facts["lsb"]["id"] == "Debian"
+
 - name: Disable cloudinit
  file:
    path: "/etc/cloud/cloud-init.disabled"
--- a/roles/networking/handlers/main.yml
+++ b/roles/networking/handlers/main.yml
@ -1,7 +1,8 @@
 ---
 - name: Reload network interfaces debian
-  become: true
-  command: /sbin/ifreload -a
+  systemd: 
+    name: networking
+    state: restarted

 - name: Restart dhcpcd raspbian
  systemd:
--- a/roles/networking/tasks/main.yml
+++ b/roles/networking/tasks/main.yml
@ -51,10 +51,12 @@
    name: net.ipv4.ip_forward
    value: "{{ ipv4_forwarding | int | default(0) }}"
    sysctl_set: true
+  when: ipv4_forwarding is defined

 - name: Set ipv6 forwarding
  ansible.posix.sysctl:
    name: net.ipv6.conf.all.forwarding
    value: "{{ ipv6_forwarding | int | default(0) }}"
    sysctl_set: true
+  when: ipv6_forwarding is defined

--- a/roles/nginx
+++ b/roles/nginx
@ -0,0 +1 @@
+Subproject commit eaf8320201b61383631e7344b6a4f6b2f8189c4d
				`@ -0,0 +1 @@`
				`Subproject commit eaf8320201b61383631e7344b6a4f6b2f8189c4d`