From 5a9c435dd37666ab3b46b74bce51aa00522a533f Mon Sep 17 00:00:00 2001 From: Jacob Babor Date: Thu, 21 Jul 2022 21:05:27 -0500 Subject: [PATCH] Move everything into one huge monolithic VM --- playbooks/local_dns.yml | 42 +++----- playbooks/prod_com.yml | 40 ------- playbooks/prod_db.yml | 12 +-- playbooks/prod_game.yml | 12 --- playbooks/prod_web.yml | 188 +++++++++++++-------------------- playbooks/site_main.yml | 2 - playbooks/tasks/web/ara.yml | 2 +- playbooks/tasks/web/gitea.yml | 2 +- playbooks/tasks/web/netbox.yml | 2 +- 9 files changed, 96 insertions(+), 206 deletions(-) delete mode 100755 playbooks/prod_com.yml delete mode 100755 playbooks/prod_game.yml diff --git a/playbooks/local_dns.yml b/playbooks/local_dns.yml index baa0da2..cb3ef01 100755 --- a/playbooks/local_dns.yml +++ b/playbooks/local_dns.yml @@ -70,24 +70,12 @@ state: "{{ item.state | default('present', true) }}" value: [ "{{ item.value }}" ] with_items: - - record: bastion1.desu.ltd - value: bastion1.dallas.mgmt.desu.ltd - - record: com1.desu.ltd - value: com1.dallas.mgmt.desu.ltd - record: dsk-ryzen-0.desu.ltd value: dsk-ryzen-1.ws.mgmt.desu.ltd - record: lap-s76-lemp9-0.desu.ltd value: lap-s76-lemp9-1.ws.mgmt.desu.ltd - record: pi-homeauto-1.desu.ltd value: pi-homeauto-1.home.mgmt.desu.ltd - - record: psql1.desu.ltd - value: psql1.dallas.mgmt.desu.ltd - - record: web1.desu.ltd - value: web1.dallas.mgmt.desu.ltd - - record: web2.desu.ltd - value: web2.dallas.mgmt.desu.ltd - - record: web3.desu.ltd - value: web3.dallas.mgmt.desu.ltd loop_control: label: "{{ item.record }}" delegate_to: localhost @@ -102,22 +90,22 @@ value: [ "{{ item.value }}" ] with_items: # Public - - record: git.desu.ltd - value: web1.dallas.mgmt.desu.ltd - - record: jenkins.desu.ltd - value: web2.dallas.mgmt.desu.ltd - - record: matrix.desu.ltd - value: com1.dallas.mgmt.desu.ltd - - record: movie.desu.ltd - value: web3.dallas.mgmt.desu.ltd - - record: nagios.desu.ltd - value: web3.dallas.mgmt.desu.ltd - - record: nc.desu.ltd - value: web1.dallas.mgmt.desu.ltd - - record: netbox.desu.ltd - value: web3.dallas.mgmt.desu.ltd - record: ara.desu.ltd - value: web3.dallas.mgmt.desu.ltd + value: vm-general-1.ashburn.mgmt.desu.ltd + - record: git.desu.ltd + value: vm-general-1.ashburn.mgmt.desu.ltd + - record: jenkins.desu.ltd + value: vm-general-1.ashburn.mgmt.desu.ltd + - record: matrix.desu.ltd + value: vm-general-1.ashburn.mgmt.desu.ltd + - record: movie.desu.ltd + value: vm-general-1.ashburn.mgmt.desu.ltd + - record: nagios.desu.ltd + value: vm-general-1.ashburn.mgmt.desu.ltd + - record: nc.desu.ltd + value: vm-general-1.ashburn.mgmt.desu.ltd + - record: netbox.desu.ltd + value: vm-general-1.ashburn.mgmt.desu.ltd # Local - record: homeauto.local.desu.ltd value: pi-homeauto-1.home.mgmt.desu.ltd diff --git a/playbooks/prod_com.yml b/playbooks/prod_com.yml deleted file mode 100755 index 01fe8b5..0000000 --- a/playbooks/prod_com.yml +++ /dev/null @@ -1,40 +0,0 @@ -#!/usr/bin/env ansible-playbook -# vim:ft=ansible: -# Webservers ---- -- hosts: com1.dallas.mgmt.desu.ltd - gather_facts: no - module_defaults: - docker_container: - state: started - restart_policy: unless-stopped - pull: yes - pre_tasks: - - name: ensure docker network - docker_network: name=web - tags: [ docker ] - tasks: - - name: include tasks for applications - include_tasks: tasks/{{ item }} - with_items: - - web/element-web.yml - - web/synapse.yml - tags: [ always ] - roles: - - role: backup - vars: - backup_s3backup_list_extra: - - /data - tags: [ backup ] - - role: ingress - vars: - ingress_servers: - - name: matrix.desu.ltd - proxies: - - location: "~* ^(\/_matrix|\/_synapse|\/client|\/health)" - pass: http://synapse:8008 - - location: / - pass: http://element:80 - directives: - - "client_max_body_size 0" - tags: [ web, docker, ingress ] diff --git a/playbooks/prod_db.yml b/playbooks/prod_db.yml index 0b72978..334a35c 100755 --- a/playbooks/prod_db.yml +++ b/playbooks/prod_db.yml @@ -2,17 +2,15 @@ # vim:ft=ansible: # Database servers --- -- hosts: psql1.dallas.mgmt.desu.ltd +- hosts: vm-general-1.ashburn.mgmt.desu.ltd roles: - - role: backup - tags: [ backup ] - role: geerlingguy.postgresql vars: postgresql_global_config_options: - option: listen_addresses - value: 192.168.164.156,127.0.0.1 + value: 10.0.0.2,127.0.0.1 - option: max_connections - value: 60 + value: 240 - option: shared_buffers value: 128MB postgresql_hba_entries: @@ -21,7 +19,9 @@ - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 } - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 } # Used for internal access from other nodes - - { type: host, database: all, user: all, address: '192.168.0.0/16', auth_method: md5 } + - { type: host, database: all, user: all, address: '10.0.0.0/8', auth_method: md5 } + # Used for internal access from Docker + - { type: host, database: all, user: all, address: '172.16.0.0/12', auth_method: md5 } postgresql_users: - name: ara-desultd password: "{{ secret_ara_db_pass }}" diff --git a/playbooks/prod_game.yml b/playbooks/prod_game.yml deleted file mode 100755 index 92f9a29..0000000 --- a/playbooks/prod_game.yml +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env ansible-playbook -# vim:ft=ansible: -# Game servers ---- -- hosts: vm-game-1.dallas.mgmt.desu.ltd - gather_facts: no - tasks: - - name: include tasks for gameservers - include_tasks: tasks/game/{{ item }} - with_items: - - scpsl.yml - tags: [ always ] diff --git a/playbooks/prod_web.yml b/playbooks/prod_web.yml index 52ab97c..c8fc98c 100755 --- a/playbooks/prod_web.yml +++ b/playbooks/prod_web.yml @@ -2,26 +2,32 @@ # vim:ft=ansible: # Webservers --- -- hosts: web1.dallas.mgmt.desu.ltd +- hosts: vm-general-1.ashburn.mgmt.desu.ltd gather_facts: no module_defaults: docker_container: state: started restart_policy: unless-stopped pull: yes - tasks: + pre_tasks: - name: ensure docker network docker_network: name=web tags: [ docker ] + tasks: - name: include tasks for applications include_tasks: tasks/{{ item }} with_items: - app/redis.yml - web/9iron.yml + - web/ara.yml - web/desultd.yml + - web/element-web.yml - web/gitea.yml + - web/jenkins.yml + - web/netbox.yml - web/nextcloud.yml - web/srv.yml + - web/synapse.yml tags: [ always ] roles: - role: backup @@ -40,118 +46,6 @@ - repo: https://git.desu.ltd/salt/gitea-custom dest: /data/gitea/data/gitea/custom tags: [ web, git ] - - role: ingress - vars: - ingress_servers: - # desu.ltd - - name: desu.ltd - proxy_pass: http://desultd:80 - locations: - - location: /.well-known/matrix/server - contents: | - default_type application/json; - return 200 '{"m.server":"matrix.desu.ltd:443"}'; - - location: /.well-known/matrix/client - contents: | - default_type application/json; - return 200 '{"m.homeserver":{"base_url":"https://matrix.desu.ltd"}}'; - - name: git.desu.ltd - proxy_pass: http://gitea:3000 - - name: nc.desu.ltd - directives: - - "add_header Strict-Transport-Security \"max-age=31536000\"" - - "client_max_body_size 0" - proxy_pass: http://nextcloud:80 - locations: - - location: "^~ /.well-known" - contents: | - location = /.well-known/carddav { return 301 /remote.php/dav/; } - location = /.well-known/caldav { return 301 /remote.php/dav/; } - location ^~ /.well-known { return 301 /index.php$uri; } - try_files $uri $uri/ =404; - # 9iron - - name: www.9iron.club - directives: - - "return 301 $scheme://9iron.club$request_uri" - - name: 9iron.club - proxy_pass: http://9iron:80 - - name: srv.9iron.club - proxy_pass: http://srv:80 - tags: [ web, docker, ingress ] -- hosts: web2.dallas.mgmt.desu.ltd - gather_facts: no - module_defaults: - docker_container: - state: started - restart_policy: unless-stopped - pull: yes - pre_tasks: - - name: ensure docker network - docker_network: name=web - tags: [ docker ] - - name: include tasks for applications - include_tasks: tasks/{{ item }} - with_items: - - app/redis.yml - - web/jenkins.yml - tags: [ always ] - roles: - - role: backup - vars: - backup_s3backup_list_extra: - - /data - tags: [ backup ] - - role: ingress - vars: - ingress_servers: - - name: jenkins.desu.ltd - locations: - - location: "/" - contents: | - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Forwarded-Port 443; - proxy_pass http://jenkins:8080; - - location: | - ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" - contents: | - rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last; - - location: "/userContent" - contents: | - root /data/jenkins/home/; - if (!-f $request_filename) { - rewrite (.*) /$1 last; - break; - } - tags: [ web, docker, ingress ] -- hosts: web3.dallas.mgmt.desu.ltd - module_defaults: - docker_container: - state: started - restart_policy: unless-stopped - pull: yes - pre_tasks: - - name: clear host errors - ansible.builtin.meta: clear_host_errors - tasks: - - name: ensure docker network - docker_network: name=web - tags: [ docker ] - - name: include tasks for applications - include_tasks: tasks/{{ item }} - with_items: - - app/redis.yml - - web/netbox.yml - - web/ara.yml - tags: [ always ] - roles: - - role: backup - vars: - backup_s3backup_list_extra: - - /data - tags: [ backup ] - # TODO: Replace this with Naemon(?) - role: nagios vars: nagios_matrix_server: "https://matrix.desu.ltd" @@ -313,10 +207,72 @@ - role: ingress vars: ingress_servers: + # desu.ltd - name: ara.desu.ltd proxy_pass: http://ara:8000 - - name: netbox.desu.ltd - proxy_pass: http://netbox:8080 + - name: desu.ltd + proxy_pass: http://desultd:80 + locations: + - location: /.well-known/matrix/server + contents: | + default_type application/json; + return 200 '{"m.server":"matrix.desu.ltd:443"}'; + - location: /.well-known/matrix/client + contents: | + default_type application/json; + return 200 '{"m.homeserver":{"base_url":"https://matrix.desu.ltd"}}'; + - name: git.desu.ltd + proxy_pass: http://gitea:3000 + - name: jenkins.desu.ltd + locations: + - location: "/" + contents: | + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Port 443; + proxy_pass http://jenkins:8080; + - location: | + ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" + contents: | + rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last; + - location: "/userContent" + contents: | + root /data/jenkins/home/; + if (!-f $request_filename) { + rewrite (.*) /$1 last; + break; + } + - name: matrix.desu.ltd + proxies: + - location: "~* ^(\/_matrix|\/_synapse|\/client|\/health)" + pass: http://synapse:8008 + - location: / + pass: http://element:80 + directives: + - "client_max_body_size 0" - name: nagios.desu.ltd proxy_pass: http://nagios:80 + - name: nc.desu.ltd + directives: + - "add_header Strict-Transport-Security \"max-age=31536000\"" + - "client_max_body_size 0" + proxy_pass: http://nextcloud:80 + locations: + - location: "^~ /.well-known" + contents: | + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + location ^~ /.well-known { return 301 /index.php$uri; } + try_files $uri $uri/ =404; + - name: netbox.desu.ltd + proxy_pass: http://netbox:8080 + # 9iron + - name: www.9iron.club + directives: + - "return 301 $scheme://9iron.club$request_uri" + - name: 9iron.club + proxy_pass: http://9iron:80 + - name: srv.9iron.club + proxy_pass: http://srv:80 tags: [ web, docker, ingress ] diff --git a/playbooks/site_main.yml b/playbooks/site_main.yml index 565527d..9fb2344 100755 --- a/playbooks/site_main.yml +++ b/playbooks/site_main.yml @@ -14,5 +14,3 @@ # Production configuration - import_playbook: prod_db.yml - import_playbook: prod_web.yml -- import_playbook: prod_com.yml -- import_playbook: prod_game.yml diff --git a/playbooks/tasks/web/ara.yml b/playbooks/tasks/web/ara.yml index 9ec3d41..1cb6674 100644 --- a/playbooks/tasks/web/ara.yml +++ b/playbooks/tasks/web/ara.yml @@ -9,7 +9,7 @@ ARA_DATABASE_NAME: ara-desultd ARA_DATABASE_USER: ara-desultd ARA_DATABASE_PASSWORD: "{{ secret_ara_db_pass }}" - ARA_DATABASE_HOST: 192.168.164.156 + ARA_DATABASE_HOST: 10.0.0.2 networks: - name: web aliases: [ "ara" ] diff --git a/playbooks/tasks/web/gitea.yml b/playbooks/tasks/web/gitea.yml index 9c14937..06e5821 100644 --- a/playbooks/tasks/web/gitea.yml +++ b/playbooks/tasks/web/gitea.yml @@ -7,7 +7,7 @@ USER_UID: "1002" USER_GID: "1002" GITEA__database_DB_TYPE: postgres - GITEA__database_HOST: 192.168.164.156:5432 + GITEA__database_HOST: 10.0.0.2:5432 GITEA__database_NAME: gitea-desultd GITEA__database_USER: gitea-desultd GITEA__database_PASSWD: "{{ secret_gitea_db_pass }}" diff --git a/playbooks/tasks/web/netbox.yml b/playbooks/tasks/web/netbox.yml index 9b95ce2..9849b85 100644 --- a/playbooks/tasks/web/netbox.yml +++ b/playbooks/tasks/web/netbox.yml @@ -13,7 +13,7 @@ SUPERUSER_API_TOKEN: "{{ secret_netbox_api_token }}" SECRET_KEY: "{{ secret_netbox_secret_key }}" ALLOWED_HOST: netbox.desu.ltd - DB_HOST: 192.168.164.156 + DB_HOST: 10.0.0.2 DB_NAME: netbox-desultd DB_USER: netbox-desultd DB_PASSWORD: "{{ secret_netbox_db_pass }}"