salt/ansible
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Move web1 over to a containerized setup, containerize Nextcloud

Browse Source
This commit is contained in:
Salt 2021-08-24 00:31:11 -05:00
parent a6cc1ecece
commit 1fb222fb15
6 changed files with 113 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
playbooks/prod_web.yml
View File

@ -15,6 +15,80 @@
restart_policy: unless-stopped
pull: yes
tasks:
- name: ensure docker network
docker_network: name=web
tags: [ docker ]
- name: ensure docker nginx config
copy:
dest: /data/nginx-certbot/user_conf.d/vhosts.conf
mode: "0750"
content: |
server {
listen 443 ssl default_server;
server_name desu.ltd;
ssl_certificate /etc/letsencrypt/live/desu.ltd/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/desu.ltd/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/desu.ltd/chain.pem;
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://desultd:80;
}
}
server {
listen 443 ssl;
server_name 9iron.club;
ssl_certificate /etc/letsencrypt/live/desu.ltd/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/desu.ltd/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/desu.ltd/chain.pem;
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://9iron:80;
}
}
server {
listen 443 ssl;
server_name git.desu.ltd;
ssl_certificate /etc/letsencrypt/live/desu.ltd/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/desu.ltd/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/desu.ltd/chain.pem;
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://gitea:3000;
}
}
server {
listen 443 ssl;
server_name nc.desu.ltd;
ssl_certificate /etc/letsencrypt/live/desu.ltd/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/desu.ltd/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/desu.ltd/chain.pem;
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://nextcloud:80;
}
}
server {
listen 443 ssl;
server_name srv.9iron.club;
ssl_certificate /etc/letsencrypt/live/desu.ltd/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/desu.ltd/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/desu.ltd/chain.pem;
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://srv:80;
}
}
tags: [ docker, ingress ]
- name: include tasks for apps
include_tasks: tasks/app/{{ task }}
with_items:
@ -28,6 +102,9 @@
- 9iron.yml
- desultd.yml
- gitea.yml
- nextcloud.yml
- srv.yml
- ingress-generic.yml
loop_control:
loop_var: task
tags: [ always ]
@ -47,20 +124,12 @@
- /var/lib/gitea/log
- /data/gitea/data/gitea/log
tags: [ backup ]
- role: certbot
tags: [ web, certbot ]
- role: php
tags: [ web, php ]
- role: apache
tags: [ web, apache ]
- role: git
vars:
git_repos:
- repo: https://git.desu.ltd/salt/gitea-custom
dest: /data/gitea/data/gitea/custom
tags: [ web, git ]
- role: nextcloud
tags: [ web, nextcloud ]
- hosts: web2.desu.ltd
module_defaults:
docker_container:

5
playbooks/tasks/web/9iron.yml
View File

@ -3,8 +3,9 @@
docker_container:
name: 9iron
image: rehashedsalt/9iron:latest
ports:
- 8001:80
networks:
- name: web
aliases: [ "9iron" ]
volumes:
- /data/9iron/files:/var/www/html/files
- /data/9iron/packs:/var/www/html/minecraft/packs

5
playbooks/tasks/web/desultd.yml
View File

@ -3,8 +3,9 @@
docker_container:
name: desultd
image: rehashedsalt/desultd:latest
ports:
- 8002:80
networks:
- name: web
aliases: [ "desultd" ]
volumes:
- /data/9iron/files:/var/www/html/files
tags: [ docker, 9iron ]

4
playbooks/tasks/web/gitea.yml
View File

@ -12,8 +12,10 @@
GITEA__database_USER: gitea-desultd
GITEA__database_PASSWD: "{{ secret_gitea_db_pass }}"
ports:
- 3000:3000
- 127.0.0.1:2222:22
networks:
- name: web
aliases: [ "gitea" ]
volumes:
- /data/gitea/data:/data
- /etc/timezone:/etc/timezone:ro

14
playbooks/tasks/web/nextcloud.yml Normal file
View File

@ -0,0 +1,14 @@
# vim:ft=ansible:
- name: docker deploy nextcloud
docker_container:
name: nextcloud
image: nextcloud:21
networks:
- name: web
aliases: [ "nextcloud" ]
volumes:
- /data/nextcloud/apps:/var/www/html/apps
- /data/nextcloud/config:/var/www/html/config
- /data/nextcloud/themes:/var/www/html/themes
- /srv/desu.ltd/nc:/var/www/html/data
tags: [ docker, nextcloud ]

13
playbooks/tasks/web/srv.yml Normal file
View File

@ -0,0 +1,13 @@
# vim:ft=ansible:
- name: docker deploy nextcloud shim
docker_container:
# NOTE: We depend on the default configuration of Apache here, specifically
# the default to have server-generated indexes. Makes srv easier to navigate
name: srv
image: httpd:latest
networks:
- name: web
aliases: [ "srv" ]
volumes:
- /var/www/srv.9iron.club:/usr/local/apache2/htdocs
tags: [ docker, 9iron ]