ansible/services_web.yml

#!/usr/bin/env ansible-playbook
---
# Deploy Docker hosts
- hosts: docker-ovh.adm.auro.re,docker-worker1-aurore.adm.auro.re
  roles:
    - docker

# Deploy Passbolt
- hosts: passbolt.adm.auro.re
  roles:
    - passbolt

# Deploy reverse proxy
- hosts: proxy*.adm.auro.re
  vars:
    certbot:
      dns_rfc2136_name: certbot_challenge.
      dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
      mail: tech.aurore@lists.crans.org
      certname: auro.re
      domains: "auro.re, *.auro.re, aurores.net, *.aurores.net, fede-aurore.net, *.fede-aurore.net"
      dns_masters_ipv4: 92.222.211.196
    nginx:
      ssl:
        cert: /etc/letsencrypt/live/auro.re/fullchain.pem
        cert_key: /etc/letsencrypt/live/auro.re/privkey.pem
        trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem

      redirect_dnames:
        - aurores.net
        - fede-aurore.net

      reverseproxy_sites:
        - {from: re2o.auro.re,          to: 10.128.0.10}
        - {from: intranet.auro.re,      to: 10.128.0.10}

        - {from: phabricator.auro.re,   to: 10.128.0.50}
        - {from: wiki.auro.re,          to: 10.128.0.51}
        - {from: www.auro.re,           to: 10.128.0.52}

        - {from: re2o-test.auro.re,     to: 10.128.0.100}

        - {from: riot.auro.re,          to: "10.128.0.150:8080"}
        - {from: codimd.auro.re,        to: "10.128.0.150:8081"}
        - {from: grafana.auro.re,       to: "10.128.0.150:8082"}
        - {from: privatebin.auro.re,    to: "10.128.0.150:8083"}
        - {from: pad.auro.re,           to: "10.128.0.150:8084"}
        - {from: cas.auro.re,           to: "10.128.0.150:8085"}

      redirect_sites:
        - {from: auro.re,               to: www.auro.re}
  roles:
    - certbot
    - nginx-reverseproxy
BangShebang! 2020-05-03 18:45:07 +02:00			`#!/usr/bin/env ansible-playbook`
Add docker role 2019-07-22 10:32:01 +02:00			`---`
			`# Deploy Docker hosts`
Deploy docker-worker1-aurore and proxy-backup 2020-05-09 12:21:36 +02:00			`- hosts: docker-ovh.adm.auro.re,docker-worker1-aurore.adm.auro.re`
Add docker role 2019-07-22 10:32:01 +02:00			`roles:`
			`- docker`
Move CodiMD to Docker 2019-07-22 19:14:43 +02:00
			`# Deploy Passbolt`
			`- hosts: passbolt.adm.auro.re`
			`roles:`
			`- passbolt`

Certbot wildcard role 2020-05-09 12:54:38 +02:00			`# Deploy reverse proxy`
			`- hosts: proxy*.adm.auro.re`
Move CodiMD to Docker 2019-07-22 19:14:43 +02:00			`vars:`
Certbot wildcard role 2020-05-09 12:54:38 +02:00			`certbot:`
			`dns_rfc2136_name: certbot_challenge.`
			`dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"`
			`mail: tech.aurore@lists.crans.org`
			`certname: auro.re`
			`domains: "auro.re, .auro.re, aurores.net, .aurores.net, fede-aurore.net, *.fede-aurore.net"`
			`dns_masters_ipv4: 92.222.211.196`
			`nginx:`
			`ssl:`
			`cert: /etc/letsencrypt/live/auro.re/fullchain.pem`
			`cert_key: /etc/letsencrypt/live/auro.re/privkey.pem`
			`trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem`

			`redirect_dnames:`
			`- aurores.net`
			`- fede-aurore.net`

			`reverseproxy_sites:`
			`- {from: re2o.auro.re, to: 10.128.0.10}`
			`- {from: intranet.auro.re, to: 10.128.0.10}`

			`- {from: phabricator.auro.re, to: 10.128.0.50}`
			`- {from: wiki.auro.re, to: 10.128.0.51}`
			`- {from: www.auro.re, to: 10.128.0.52}`

			`- {from: re2o-test.auro.re, to: 10.128.0.100}`

			`- {from: riot.auro.re, to: "10.128.0.150:8080"}`
			`- {from: codimd.auro.re, to: "10.128.0.150:8081"}`
			`- {from: grafana.auro.re, to: "10.128.0.150:8082"}`
			`- {from: privatebin.auro.re, to: "10.128.0.150:8083"}`
			`- {from: pad.auro.re, to: "10.128.0.150:8084"}`
			`- {from: cas.auro.re, to: "10.128.0.150:8085"}`

			`redirect_sites:`
			`- {from: auro.re, to: www.auro.re}`
Move CodiMD to Docker 2019-07-22 19:14:43 +02:00			`roles:`
Certbot wildcard role 2020-05-09 12:54:38 +02:00			`- certbot`
			`- nginx-reverseproxy`