Provision (read: move) Netbox to desu.ltd
This commit is contained in:
parent
489cf1a8de
commit
3051d8a299
@ -110,6 +110,36 @@ gitea_internal_token: !vault |
|
|||||||
62633234313261363537663061373931303832653531356566633739636264666635653936313965
|
62633234313261363537663061373931303832653531356566633739636264666635653936313965
|
||||||
623964653936646334313864643030653763
|
623964653936646334313864643030653763
|
||||||
|
|
||||||
|
# For Netbox
|
||||||
|
secret_netbox_user_pass: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
33313861366430643638383666653432393466663032613962356266316238376239623438393830
|
||||||
|
6431643833363963626238306563643431383630613565660a363464313837663231396566636535
|
||||||
|
66313164663537313661653763623931623562626635616165636330303231363033656234323765
|
||||||
|
3535386162393564370a623061383831376666656633666537653565393138653134313263646332
|
||||||
|
39356261623833396166623364346639323863633832333735646366373734613163
|
||||||
|
secret_netbox_api_token: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
63313937383737376131326534303963396162396366313635643639303264613763613039656636
|
||||||
|
3661383139366639303864323662613465663562656134390a356663613732643037363631376135
|
||||||
|
31643765333238386566313766313466353931616161343933643366343131616433363538336237
|
||||||
|
3837323762623761630a636231376364333563306366623136633238326436653764353632366562
|
||||||
|
63626364306239373436396464666532396538373664646333656361363662326366
|
||||||
|
secret_netbox_db_pass: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
33333232623431393930626435313138643963663731336530663066633563666439383936316538
|
||||||
|
6337376232613937303635386235346561326134616265300a326266373834303137623439366438
|
||||||
|
33616365353663633434653463643964613231343335326234343331396137363439666138376332
|
||||||
|
3564356231336230630a336639656337353538633931623536303430363836386137646563613338
|
||||||
|
66326661313064306162363265303636333765383736336231346136383763613131
|
||||||
|
secret_netbox_secret_key: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
35313764653130613764383638323462643036363035366239633239393738363262323137393433
|
||||||
|
3761386334383762633732306666633133306363396637350a323437666533653433303533343663
|
||||||
|
39386237333335333463656363373535323432333937356564653433353163316635393733303936
|
||||||
|
3061313335366664370a393331623633336539303065353161386132346430313931353965313538
|
||||||
|
66653265336462313337353264666661323563333964633331633365623431386133
|
||||||
|
|
||||||
# For Nextcloud
|
# For Nextcloud
|
||||||
secret_nextcloud_9iron_db_pass: !vault |
|
secret_nextcloud_9iron_db_pass: !vault |
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
@ -134,15 +164,6 @@ secret_nextcloud_admin_pass: !vault |
|
|||||||
3534643731333331320a393462323264666135666134336536633639613065363339333131653433
|
3534643731333331320a393462323264666135666134336536633639613065363339333131653433
|
||||||
37653732313664356330356139646336353735613336326563366361383737653538
|
37653732313664356330356139646336353735613336326563366361383737653538
|
||||||
|
|
||||||
# For OnlyOffice
|
|
||||||
secret_onlyoffice_9iron_db_pass: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
31326366346266353162303566646632376434373966663533353737626539366662306163346562
|
|
||||||
3934666237323331303063636561613531613431303237360a323335333764356335326665626665
|
|
||||||
30396236656537626531616532353839303535336534303934316237343338336536323135653865
|
|
||||||
3036393663396633380a366461613536616264613237626164373631353137643963663830393833
|
|
||||||
34326639343831346333333461663634333434633136646163326634653439623138
|
|
||||||
|
|
||||||
# For Peertube
|
# For Peertube
|
||||||
secret_peertube_db_pass: !vault |
|
secret_peertube_db_pass: !vault |
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
@ -17,7 +17,7 @@
|
|||||||
- option: listen_addresses
|
- option: listen_addresses
|
||||||
value: 192.168.164.156
|
value: 192.168.164.156
|
||||||
postgresql_hba_entries:
|
postgresql_hba_entries:
|
||||||
- { type: local, database: all, user: postgres, auth_method: peer }
|
- { type: local, database: all, user: postgres, auth_method: trust }
|
||||||
- { type: local, database: all, user: all, auth_method: md5 }
|
- { type: local, database: all, user: all, auth_method: md5 }
|
||||||
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
|
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
|
||||||
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
|
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
|
||||||
@ -28,6 +28,8 @@
|
|||||||
password: "{{ secret_gitea_db_pass }}"
|
password: "{{ secret_gitea_db_pass }}"
|
||||||
- name: gulagbot-desultd
|
- name: gulagbot-desultd
|
||||||
password: "{{ secret_gulagbot_db_pass }}"
|
password: "{{ secret_gulagbot_db_pass }}"
|
||||||
|
- name: netbox-desultd
|
||||||
|
password: "{{ secret_netbox_db_pass }}"
|
||||||
- name: nextcloud-desultd
|
- name: nextcloud-desultd
|
||||||
password: "{{ secret_nextcloud_db_pass }}"
|
password: "{{ secret_nextcloud_db_pass }}"
|
||||||
- name: peertube-cowfee
|
- name: peertube-cowfee
|
||||||
@ -39,6 +41,8 @@
|
|||||||
owner: gitea-desultd
|
owner: gitea-desultd
|
||||||
- name: gulagbot-desultd
|
- name: gulagbot-desultd
|
||||||
owner: gulagbot-desultd
|
owner: gulagbot-desultd
|
||||||
|
- name: netbox-desultd
|
||||||
|
owner: netbox-desultd
|
||||||
- name: nextcloud-desultd
|
- name: nextcloud-desultd
|
||||||
owner: nextcloud-desultd
|
owner: nextcloud-desultd
|
||||||
- name: pleroma_cowfee
|
- name: pleroma_cowfee
|
||||||
|
@ -225,3 +225,92 @@
|
|||||||
tags: [ motd ]
|
tags: [ motd ]
|
||||||
- role: docker
|
- role: docker
|
||||||
tags: [ web, docker, skip-pull ]
|
tags: [ web, docker, skip-pull ]
|
||||||
|
- hosts: web3.desu.ltd
|
||||||
|
module_defaults:
|
||||||
|
docker_container:
|
||||||
|
state: started
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
pull: yes
|
||||||
|
tasks:
|
||||||
|
- name: ensure docker network
|
||||||
|
docker_network: name=web
|
||||||
|
tags: [ docker ]
|
||||||
|
- name: ensure docker nginx config
|
||||||
|
copy:
|
||||||
|
dest: /data/nginx-certbot/user_conf.d/vhosts.conf
|
||||||
|
mode: "0750"
|
||||||
|
content: |
|
||||||
|
server {
|
||||||
|
listen 443 ssl default_server;
|
||||||
|
server_name netbox.desu.ltd;
|
||||||
|
ssl_certificate /etc/letsencrypt/live/netbox.desu.ltd/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/netbox.desu.ltd/privkey.pem;
|
||||||
|
ssl_trusted_certificate /etc/letsencrypt/live/netbox.desu.ltd/chain.pem;
|
||||||
|
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
|
||||||
|
location / {
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_pass http://netbox:8080;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
tags: [ docker, ingress ]
|
||||||
|
- name: docker deploy redis
|
||||||
|
docker_container:
|
||||||
|
name: redis
|
||||||
|
image: redis:6-alpine
|
||||||
|
networks:
|
||||||
|
- name: web
|
||||||
|
aliases: [ "redis" ]
|
||||||
|
tags: [ docker, redis ]
|
||||||
|
- name: docker deploy netbox
|
||||||
|
docker_container:
|
||||||
|
name: netbox
|
||||||
|
image: netboxcommunity/netbox:latest
|
||||||
|
env:
|
||||||
|
SUPERUSER_EMAIL: rehashedsalt@cock.li
|
||||||
|
SUPERUSER_PASSWORD: "{{ secret_netbox_user_pass }}"
|
||||||
|
SUPERUSER_API_TOKEN: "{{ secret_netbox_api_token }}"
|
||||||
|
SECRET_KEY: "{{ secret_netbox_secret_key }}"
|
||||||
|
ALLOWED_HOST: netbox.desu.ltd
|
||||||
|
DB_HOST: 192.168.164.156
|
||||||
|
DB_NAME: netbox-desultd
|
||||||
|
DB_USER: netbox-desultd
|
||||||
|
DB_PASSWORD: "{{ secret_netbox_db_pass }}"
|
||||||
|
REDIS_HOST: redis
|
||||||
|
REDIS_PORT: "6379"
|
||||||
|
networks:
|
||||||
|
- name: web
|
||||||
|
aliases: [ "netbox" ]
|
||||||
|
volumes:
|
||||||
|
- /data/netbox/config:/config
|
||||||
|
tags: [ docker, netbox ]
|
||||||
|
- name: docker deploy nginx proxy
|
||||||
|
docker_container:
|
||||||
|
name: ingress
|
||||||
|
image: jonasal/nginx-certbot:2.2.0
|
||||||
|
env:
|
||||||
|
TZ: "America/Chicago"
|
||||||
|
CERTBOT_EMAIL: rehashedsalt@cock.li
|
||||||
|
networks:
|
||||||
|
- name: web
|
||||||
|
aliases: [ "ingress" ]
|
||||||
|
ports:
|
||||||
|
- "443:443"
|
||||||
|
- "80:80"
|
||||||
|
volumes:
|
||||||
|
- /data/nginx-certbot/letsencrypt:/etc/letsencrypt
|
||||||
|
- /data/nginx-certbot/user_conf.d:/etc/nginx/user_conf.d:ro
|
||||||
|
tags: [ docker, ingress ]
|
||||||
|
roles:
|
||||||
|
- role: backup
|
||||||
|
vars:
|
||||||
|
backup_s3backup_list_extra:
|
||||||
|
- /data
|
||||||
|
tags: [ backup ]
|
||||||
|
- role: motd
|
||||||
|
vars:
|
||||||
|
motd_watch_services_extra:
|
||||||
|
- docker
|
||||||
|
tags: [ motd ]
|
||||||
|
- role: docker
|
||||||
|
tags: [ web, docker, skip-pull ]
|
||||||
|
Loading…
Reference in New Issue
Block a user