Pains-Perdus/ansible
3
1
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

Added variables for nginx role

Browse source
This commit is contained in:
g33kex 2022-08-04 20:57:40 +02:00
parent 090e8e4162
commit 9867d7e467
12 changed files with 79 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.gitmodules vendored
View file

@ -16,3 +16,6 @@
[submodule "roles/matrix-bridge-telegram"] [submodule "roles/matrix-bridge-telegram"]
path = roles/matrix-bridge-telegram path = roles/matrix-bridge-telegram
url = ssh://git@gitea.auro.re:2222/Pains-Perdus/matrix-bridge-telegram.git url = ssh://git@gitea.auro.re:2222/Pains-Perdus/matrix-bridge-telegram.git
[submodule "roles/nginx"]
path = roles/nginx
url = ssh://git@gitea.auro.re:2222/Pains-Perdus/nginx.git

4
TODO.md
View file

@ -42,6 +42,10 @@ setup:
- disable cloud init - disable cloud init
- remove cloud init account and change the connenction variable for the vm - remove cloud init account and change the connenction variable for the vm
## Network
- Improve the networking role: cannot reload network interfaces without ifupdown2, but ifupdown2 causes lost of connectivity on some hosts because it lacks backward compatibility with ifupdown
## Matrix ## Matrix
- Potgres role should be redone, it is currently called too many times that could be globalized I think. Also the setting of timezone and locale is not idempotent - Potgres role should be redone, it is currently called too many times that could be globalized I think. Also the setting of timezone and locale is not idempotent

3
books/matrix.yml
View file

@ -8,7 +8,8 @@
- matrix-bridge-signal - matrix-bridge-signal
- matrix-bridge-instagram - matrix-bridge-instagram
- matrix-bridge-telegram - matrix-bridge-telegram
- nginx
- hosts: proxy - hosts: proxy
roles: roles:
- rp_synapse - nginx

7
books/proxy.yml Executable file
View file

@ -0,0 +1,7 @@
#!/usr/bin/env ansible-playbook
---
- hosts: proxy
roles:
- nginx

28
group_vars/proxy/main.yml
View file

@ -1,9 +1,25 @@
--- ---
reverse_proxy_sites: ssl_reverse_proxy_upstream:
- {from: hindley.pains-perdus.fr, to: "http://127.0.0.1:5000"} pterodactyl:
- {from: "{{ grafana_domain_name }}", to: "http://127.0.0.1:3000"} to: "10.7.10.103"
sni_server_name: "play.nyx.ovh"
to_port: 443
matrix:
to: "10.7.10.101"
sni_server_name: matrix.pains-perdus.fr
to_port: 443
sharing_sites: http_sites:
- {from: share.deso-palaiseau.fr, folder: "/home/histausse/www", user: histausse, group: histausse} "pains-perdus.fr":
- {from: wiki.deso-palaiseau.fr, folder: "/home/histausse/wiki/public", user: histausse, group: histausse} root_snippets: # TODO: check if needed
- |
listen 8448 ssl http2;
listen [::]:8448 ssl http2;
locations:
"/.well-known/matrix/server":
config:
- |
return 200 '{"m.server": "matrix.pains-perdus.fr:443"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;

14
group_vars/synapse/main.yml
View file

@ -41,3 +41,17 @@ matrix_bridge_telegram_admins:
matrix_bridge_telegram_allowed_external_user: matrix_bridge_telegram_allowed_external_user:
- '@dorianx:matrix.rezel.net' - '@dorianx:matrix.rezel.net'
## Nginx
http_sites:
"matrix.pains-perdus.fr":
root_snippets: []
locations:
"~* ^(\/_matrix|\/_synapse\/client)":
config:
- |
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size {{ matrix_max_upload_size }};;
templates:
- proxy_pass.j2
to: "http://localhost:8008"

12
host_vars/nitrogen/main.yml Normal file
View file

@ -0,0 +1,12 @@
---
ansible_host: nitrogen.lan
## Users
users:
g33kex: sudo
histausse: sudo
## Networking
interfaces:
eth0:
type: dhcp

4
hosts
View file

@ -10,6 +10,7 @@ bismuth # BigBlueButton
sulfur # Synapse sulfur # Synapse
technetium # Test technetium # Test
iridium # Pterodactyl iridium # Pterodactyl
nitrogen # Nginx
[container] [container]
@ -22,6 +23,7 @@ barium # Backup
bismuth bismuth
technetium technetium
iridium iridium
nitrogen
# Groups # Groups
[monitoring] [monitoring]
@ -49,7 +51,7 @@ hindley
sulfur sulfur
[proxy] [proxy]
hindley nitrogen
[prometheus] [prometheus]
hindley hindley

6
roles/cloudinit/tasks/main.yml
View file

@ -10,6 +10,12 @@
state: absent state: absent
when: ansible_facts["lsb"]["id"] == "Ubuntu" when: ansible_facts["lsb"]["id"] == "Ubuntu"
- name: Remove cloudinit network configuration
file:
path: "/etc/network/interfaces.d/50-cloud-init"
state: absent
when: ansible_facts["lsb"]["id"] == "Debian"
- name: Disable cloudinit - name: Disable cloudinit
file: file:
path: "/etc/cloud/cloud-init.disabled" path: "/etc/cloud/cloud-init.disabled"

5
roles/networking/handlers/main.yml
View file

@ -1,7 +1,8 @@
--- ---
- name: Reload network interfaces debian - name: Reload network interfaces debian
become: true systemd:
command: /sbin/ifreload -a name: networking
state: restarted
- name: Restart dhcpcd raspbian - name: Restart dhcpcd raspbian
systemd: systemd:

2
roles/networking/tasks/main.yml
View file

@ -51,10 +51,12 @@
name: net.ipv4.ip_forward name: net.ipv4.ip_forward
value: "{{ ipv4_forwarding | int | default(0) }}" value: "{{ ipv4_forwarding | int | default(0) }}"
sysctl_set: true sysctl_set: true
when: ipv4_forwarding is defined
- name: Set ipv6 forwarding - name: Set ipv6 forwarding
ansible.posix.sysctl: ansible.posix.sysctl:
name: net.ipv6.conf.all.forwarding name: net.ipv6.conf.all.forwarding
value: "{{ ipv6_forwarding | int | default(0) }}" value: "{{ ipv6_forwarding | int | default(0) }}"
sysctl_set: true sysctl_set: true
when: ipv6_forwarding is defined

1
roles/nginx Submodule

@ -0,0 +1 @@
Subproject commit eaf8320201b61383631e7344b6a4f6b2f8189c4d