Compare commits
7 Commits
05b1e8da07
...
93cbf7eb4c
Author | SHA1 | Date | |
---|---|---|---|
93cbf7eb4c | |||
cb60bcb5f8 | |||
7ca9b6dc8c | |||
0addb1e6a0 | |||
9acc10b73f | |||
01314cb137 | |||
1982782284 |
@ -4,5 +4,5 @@ dl_server_root: /var/www/dl
|
|||||||
dl_access_log: /var/log/nginx/dl.access.log
|
dl_access_log: /var/log/nginx/dl.access.log
|
||||||
dl_error_log: /var/log/nginx/dl.error.log
|
dl_error_log: /var/log/nginx/dl.error.log
|
||||||
dl_ssl_enabled: false
|
dl_ssl_enabled: false
|
||||||
dl_ssl_certificate: "/etc/letsencrypt/live/{{ dl_server_name }}/fullchain.pem"
|
dl_ssl_certificate: "/var/lib/lego/certificates/{{ dl_server_name }}.crt"
|
||||||
dl_ssl_certificate_key: "/etc/letsencrypt/live/{{ dl_server_name }}/privkey.pem"
|
dl_ssl_certificate_key: "/var/lib/lego/certificates/{{ dl_server_name }}.key"
|
||||||
|
@ -53,6 +53,8 @@ gitea_config:
|
|||||||
colorize: no
|
colorize: no
|
||||||
service:
|
service:
|
||||||
register_manual_confirm: true
|
register_manual_confirm: true
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
gitea_var_tree:
|
gitea_var_tree:
|
||||||
- "{{ gitea_var_path }}"
|
- "{{ gitea_var_path }}"
|
||||||
@ -62,6 +64,6 @@ gitea_var_tree:
|
|||||||
- "{{ gitea_var_path }}/backup"
|
- "{{ gitea_var_path }}/backup"
|
||||||
|
|
||||||
gitea_ssl_enabled: yes
|
gitea_ssl_enabled: yes
|
||||||
gitea_ssl_certificate: "/etc/letsencrypt/live/{{ gitea_domain }}/fullchain.pem"
|
gitea_ssl_certificate: "/var/lib/lego/certificates/{{ gitea_domain }}.crt"
|
||||||
gitea_ssl_certificate_key: "/etc/letsencrypt/live/{{ gitea_domain }}/privkey.pem"
|
gitea_ssl_certificate_key: "/var/lib/lego/certificates/{{ gitea_domain }}.key"
|
||||||
#gitea_ssl_dhparam: "/etc/letsencrypt/ssl-dhparams.pem"
|
#gitea_ssl_dhparam: "/etc/letsencrypt/ssl-dhparams.pem"
|
||||||
|
@ -26,8 +26,8 @@ grafana_config:
|
|||||||
http_port: "{{ grafana_port }}"
|
http_port: "{{ grafana_port }}"
|
||||||
|
|
||||||
grafana_ssl_enabled: true
|
grafana_ssl_enabled: true
|
||||||
grafana_ssl_certificate: "/etc/letsencrypt/live/{{ grafana_domain }}/fullchain.pem"
|
grafana_ssl_certificate: "/var/lib/lego/certificates/{{ grafana_domain }}.crt"
|
||||||
grafana_ssl_certificate_key: "/etc/letsencrypt/live/{{ grafana_domain }}/privkey.pem"
|
grafana_ssl_certificate_key: "/var/lib/lego/certificates/{{ grafana_domain }}.key"
|
||||||
# grafana_ssl_dhparam: "/etc/letsencrypt/ssl-dhparams.pem"
|
# grafana_ssl_dhparam: "/etc/letsencrypt/ssl-dhparams.pem"
|
||||||
|
|
||||||
|
|
||||||
|
@ -11,8 +11,8 @@ minecraft_port: 25565
|
|||||||
minecraft_user: minecraft
|
minecraft_user: minecraft
|
||||||
minecraft_group: minecraft
|
minecraft_group: minecraft
|
||||||
|
|
||||||
minecraft_jar_url: https://launcher.mojang.com/v1/objects/e00c4052dac1d59a1188b2aa9d5a87113aaf1122/server.jar
|
minecraft_jar_url: https://piston-data.mojang.com/v1/objects/84194a2f286ef7c14ed7ce0090dba59902951553/server.jar
|
||||||
minecraft_jar_checksum: sha256:deefd056f0cf89c3d7fd48d03f56a8a73943586e8c061fdabd0fd92d32ced2b2
|
minecraft_jar_checksum: sha256:3af73a9dc5a102e38147946360dd27d4d70bae7055bf91cf2151cd5d121b79e0
|
||||||
|
|
||||||
minecraft_opt_path: /opt/minecraft
|
minecraft_opt_path: /opt/minecraft
|
||||||
minecraft_var_path: /var/opt/minecraft
|
minecraft_var_path: /var/opt/minecraft
|
||||||
|
@ -44,6 +44,19 @@
|
|||||||
mode: 0644
|
mode: 0644
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
|
|
||||||
|
- name: configure htpasswd files
|
||||||
|
ansible.builtin.copy:
|
||||||
|
dest: "{{ nginx_etc_path }}/{{ item.key }}.htpasswd"
|
||||||
|
owner: root
|
||||||
|
group: nginx
|
||||||
|
mode: 0640
|
||||||
|
content: |
|
||||||
|
{% for u, h in item.value.items() %}
|
||||||
|
{{ u }}:{{ h }}
|
||||||
|
{% endfor %}
|
||||||
|
loop: "{{ nginx_htpasswd_files | dict2items }}"
|
||||||
|
notify: reload nginx
|
||||||
|
|
||||||
- name: configure virtual hosts
|
- name: configure virtual hosts
|
||||||
ansible.builtin.include_tasks: vhost.yaml
|
ansible.builtin.include_tasks: vhost.yaml
|
||||||
loop: "{{ nginx_vhosts | dict2items }}"
|
loop: "{{ nginx_vhosts | dict2items }}"
|
||||||
|
@ -3,11 +3,11 @@
|
|||||||
block:
|
block:
|
||||||
- name: create webroot
|
- name: create webroot
|
||||||
file:
|
file:
|
||||||
path: "{{ vhost.root }}"
|
path: "{{ server.root }}"
|
||||||
state: directory
|
state: directory
|
||||||
loop: "{{ item.value }}"
|
loop: "{{ item.value.server }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: vhost
|
loop_var: server
|
||||||
|
|
||||||
- name: configure virtual host
|
- name: configure virtual host
|
||||||
template:
|
template:
|
||||||
|
@ -1,33 +1,59 @@
|
|||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
{% for vhost in item.value %}
|
{% if item.value.upstream is defined %}
|
||||||
|
{% for upstream in item.value.upstream %}
|
||||||
|
upstream {{ upstream.name }} {
|
||||||
|
{% for server in upstream.server %}
|
||||||
|
server {{ server }};
|
||||||
|
{% endfor %}
|
||||||
|
}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if item.value.map is defined %}
|
||||||
|
{% for map in item.value.map %}
|
||||||
|
map {{ map.name }} {{ map.variable }} {
|
||||||
|
{% for k, v in map.content.items() %}
|
||||||
|
{% if k is string and k == "" %}
|
||||||
|
"" {{ v }};
|
||||||
|
{% else %}
|
||||||
|
{{ k }} {{ v }};
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% for server in item.value.server %}
|
||||||
server {
|
server {
|
||||||
{% if vhost.listen is defined %}
|
{% if server.listen is defined %}
|
||||||
{% for listen in vhost.listen %}
|
{% for listen in server.listen %}
|
||||||
listen {{ listen }};
|
listen {{ listen }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
{% if vhost.server_name is defined %}
|
|
||||||
server_name {{ vhost.server_name }};
|
|
||||||
{% endif %}
|
|
||||||
{% endif %}
|
|
||||||
access_log {{ vhost.access_log | default(nginx_var_log_path + '/' + vhost.server_name + '.access.log main') }};
|
|
||||||
error_log {{ vhost.error_log | default(nginx_var_log_path + '/' + vhost.server_name + '.error.log warn') }};
|
|
||||||
|
|
||||||
{% if vhost.root is defined %}
|
|
||||||
root {{ vhost.root }};
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
index {{ vhost.index | default('index.html index.htm') }};
|
http2 {{ server.http2 | default("on") }};
|
||||||
|
|
||||||
{% if vhost.ssl_certificate is defined %}
|
{% if server.server_name is defined %}
|
||||||
ssl_certificate {{ vhost.ssl_certificate }};
|
server_name {{ server.server_name }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if vhost.ssl_certificate_key is defined %}
|
access_log {{ server.access_log | default(nginx_var_log_path + '/' + server.server_name + '.access.log main') }};
|
||||||
ssl_certificate_key {{ vhost.ssl_certificate_key }};
|
error_log {{ server.error_log | default(nginx_var_log_path + '/' + server.server_name + '.error.log warn') }};
|
||||||
|
|
||||||
|
{% if server.root is defined %}
|
||||||
|
root {{ server.root }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if vhost.ssl_dhparam is defined %}
|
|
||||||
ssl_dhparam {{ vhost.ssl_dhparam }};
|
index {{ server.index | default('index.html index.htm') }};
|
||||||
|
|
||||||
|
{% if server.ssl_certificate is defined %}
|
||||||
|
ssl_certificate {{ server.ssl_certificate }};
|
||||||
|
{% endif %}
|
||||||
|
{% if server.ssl_certificate_key is defined %}
|
||||||
|
ssl_certificate_key {{ server.ssl_certificate_key }};
|
||||||
|
{% endif %}
|
||||||
|
{% if server.ssl_dhparam is defined %}
|
||||||
|
ssl_dhparam {{ server.ssl_dhparam }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
location /.well-known/acme-challenge/ {
|
location /.well-known/acme-challenge/ {
|
||||||
@ -35,8 +61,8 @@ server {
|
|||||||
try_files $uri =404;
|
try_files $uri =404;
|
||||||
}
|
}
|
||||||
|
|
||||||
{% if vhost.raw is defined %}
|
{% if server.raw is defined %}
|
||||||
{{ vhost.raw | indent(4) }}
|
{{ server.raw | indent(4) }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
}
|
}
|
||||||
{% endfor %}
|
{% endfor %}
|
@ -39,8 +39,8 @@ prometheus_bin_path: /usr/local/bin
|
|||||||
|
|
||||||
prometheus_ssl_enabled: true
|
prometheus_ssl_enabled: true
|
||||||
prometheus_hostname: "{{ prometheus_web_external_url | urlsplit('hostname') }}"
|
prometheus_hostname: "{{ prometheus_web_external_url | urlsplit('hostname') }}"
|
||||||
prometheus_ssl_certificate: "/etc/letsencrypt/live/{{ prometheus_hostname }}/fullchain.pem"
|
prometheus_ssl_certificate: "/var/lib/lego/certificates/{{ prometheus_hostname }}.crt"
|
||||||
prometheus_ssl_certificate_key: "/etc/letsencrypt/live/{{ prometheus_hostname }}/privkey.pem"
|
prometheus_ssl_certificate_key: "/var/lib/lego/certificates/{{ prometheus_hostname }}.key"
|
||||||
|
|
||||||
prometheus_alertmanager_enabled: true
|
prometheus_alertmanager_enabled: true
|
||||||
|
|
||||||
|
@ -23,6 +23,14 @@
|
|||||||
group: "{{ prometheus_etc_group }}"
|
group: "{{ prometheus_etc_group }}"
|
||||||
mode: "{{ prometheus_etc_mode }}"
|
mode: "{{ prometheus_etc_mode }}"
|
||||||
|
|
||||||
|
- name: create file_sd_config.d path
|
||||||
|
file:
|
||||||
|
path: "{{ prometheus_etc_path }}/file_sd_config.d"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ prometheus_etc_owner }}"
|
||||||
|
group: "{{ prometheus_etc_group }}"
|
||||||
|
mode: "{{ prometheus_etc_mode }}"
|
||||||
|
|
||||||
- name: create var path
|
- name: create var path
|
||||||
file:
|
file:
|
||||||
path: "{{ prometheus_var_path }}"
|
path: "{{ prometheus_var_path }}"
|
||||||
@ -49,6 +57,15 @@
|
|||||||
mode: 0444
|
mode: 0444
|
||||||
notify: reload prometheus
|
notify: reload prometheus
|
||||||
|
|
||||||
|
- name: configure file_sd_config.d
|
||||||
|
copy:
|
||||||
|
dest: "{{ prometheus_etc_path }}/file_sd_config.d/{{ item.name }}"
|
||||||
|
content: "{{ (item.targets | default([])) | to_json }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0444
|
||||||
|
loop: "{{ prometheus_file_sd_config_d_files | default([]) }}"
|
||||||
|
|
||||||
- name: configure systemd template
|
- name: configure systemd template
|
||||||
template:
|
template:
|
||||||
src: prometheus.service.j2
|
src: prometheus.service.j2
|
||||||
|
@ -33,3 +33,9 @@ rsyslog_default_rules_state: file
|
|||||||
rsyslog_default_rules: []
|
rsyslog_default_rules: []
|
||||||
rsyslog_rules: []
|
rsyslog_rules: []
|
||||||
rsyslog_archival_format_enabled: false
|
rsyslog_archival_format_enabled: false
|
||||||
|
|
||||||
|
rsyslog_etc_path: /etc/rsyslog.d
|
||||||
|
rsyslog_config_path: /etc/rsyslog.conf
|
||||||
|
|
||||||
|
rsyslog_d:
|
||||||
|
[]
|
@ -50,7 +50,7 @@
|
|||||||
- name: configure archival format
|
- name: configure archival format
|
||||||
template:
|
template:
|
||||||
src: archival.conf.j2
|
src: archival.conf.j2
|
||||||
dest: /etc/rsyslog.d/10-archival.conf
|
dest: "{{ rsyslog_etc_path }}/10-archival.conf"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
@ -59,7 +59,7 @@
|
|||||||
|
|
||||||
- name: manage archive rules
|
- name: manage archive rules
|
||||||
file:
|
file:
|
||||||
path: /etc/rsyslog.d/10-archival.conf
|
path: "{{ rsyslog_etc_path }}/10-archival.conf"
|
||||||
state: "{{ rsyslog_archival_format_enabled | ternary('file', 'absent') }}"
|
state: "{{ rsyslog_archival_format_enabled | ternary('file', 'absent') }}"
|
||||||
|
|
||||||
- name: compress log cron job
|
- name: compress log cron job
|
||||||
|
@ -14,7 +14,7 @@
|
|||||||
- name: configure
|
- name: configure
|
||||||
template:
|
template:
|
||||||
src: rsyslog.conf.j2
|
src: rsyslog.conf.j2
|
||||||
dest: /etc/rsyslog.conf
|
dest: "{{ rsyslog_config_path }}"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
@ -26,7 +26,7 @@
|
|||||||
- name: configure default rules
|
- name: configure default rules
|
||||||
template:
|
template:
|
||||||
src: default.conf.j2
|
src: default.conf.j2
|
||||||
dest: /etc/rsyslog.d/50-default.conf
|
dest: "{{ rsyslog_etc_path }}/50-default.conf"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
@ -35,8 +35,19 @@
|
|||||||
|
|
||||||
- name: manage default rules
|
- name: manage default rules
|
||||||
file:
|
file:
|
||||||
path: /etc/rsyslog.d/50-default.conf
|
path: "{{ rsyslog_etc_path }}/50-default.conf"
|
||||||
state: "{{ rsyslog_default_rules_state }}"
|
state: "{{ rsyslog_default_rules_state }}"
|
||||||
|
notify: restart rsyslog
|
||||||
|
|
||||||
|
- name: configure rsyslog.d rules
|
||||||
|
ansible.builtin.copy:
|
||||||
|
dest: "{{ rsyslog_etc_path }}/{{ item.priority }}-{{ item.name }}.conf"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
content: "{{ item.content }}"
|
||||||
|
loop: "{{ rsyslog_d | default([]) }}"
|
||||||
|
notify: restart rsyslog
|
||||||
|
|
||||||
- name: manage service
|
- name: manage service
|
||||||
service:
|
service:
|
||||||
|
@ -21,10 +21,10 @@ unattended_upgrades_unattended_upgrade: true
|
|||||||
unattended_upgrades_allowed_origins:
|
unattended_upgrades_allowed_origins:
|
||||||
- "${distro_id}:${distro_codename}"
|
- "${distro_id}:${distro_codename}"
|
||||||
- "${distro_id}:${distro_codename}-security"
|
- "${distro_id}:${distro_codename}-security"
|
||||||
- "${distro_id}ESM:${distro_codename}"
|
- "${distro_id}:${distro_codename}-updates"
|
||||||
# - "${distro_id}:${distro_codename}-updates"
|
|
||||||
# - "${distro_id}:${distro_codename}-proposed"
|
|
||||||
# - "${distro_id}:${distro_codename}-backports"
|
# - "${distro_id}:${distro_codename}-backports"
|
||||||
|
# - "${distro_id}:${distro_codename}-proposed"
|
||||||
|
# - "${distro_id}ESM:${distro_codename}"
|
||||||
|
|
||||||
# List of packages to not update (regexp are supported)
|
# List of packages to not update (regexp are supported)
|
||||||
# unattended_upgrades_package_blacklist: []
|
# unattended_upgrades_package_blacklist: []
|
||||||
|
@ -15,6 +15,9 @@ Address = {{ address }}
|
|||||||
{% if "listen_port" in i %}
|
{% if "listen_port" in i %}
|
||||||
ListenPort = {{ i.listen_port }}
|
ListenPort = {{ i.listen_port }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if "table" in i %}
|
||||||
|
Table = {{ i.table }}
|
||||||
|
{% endif %}
|
||||||
{% endmacro -%}
|
{% endmacro -%}
|
||||||
|
|
||||||
{%- macro render_peer(p) %}
|
{%- macro render_peer(p) %}
|
||||||
@ -35,6 +38,12 @@ AllowedIPs = {{ p.allowed_ips }}
|
|||||||
AllowedIPs = {{ p.allowed_ips | join(', ') }}
|
AllowedIPs = {{ p.allowed_ips | join(', ') }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if "preshared_key" in p %}
|
||||||
|
PresharedKey = {{ p.preshared_key }}
|
||||||
|
{% endif %}
|
||||||
|
{% if "persistent_keepalive" in p %}
|
||||||
|
PersistentKeepalive = {{ p.persistent_keepalive }}
|
||||||
|
{% endif %}
|
||||||
{% endmacro -%}
|
{% endmacro -%}
|
||||||
|
|
||||||
{% if wireguard_interfaces[_wireguard_interface] and
|
{% if wireguard_interfaces[_wireguard_interface] and
|
||||||
|
Loading…
Reference in New Issue
Block a user