CCCHH/ansible-infra
CCCHH/ansible-infra
4
2
Fork 1
Code Issues 4 Pull requests 1 Wiki Activity Actions

Compare commits

base: CCCHH:93212e224874d8d0699c4f0721da1381b321b743
Branches Tags
CCCHH:main
CCCHH:feature/add-new-router
CCCHH:router-killing-turing
CCCHH:fux-alerts
CCCHH:ansible_pull
CCCHH:move_to_sops
...
compare: CCCHH:a86b34cf34bf108da491f58e0837201a2e963a51
Branches Tags
CCCHH:feature/add-new-router
CCCHH:router-killing-turing
CCCHH:main
CCCHH:fux-alerts
CCCHH:ansible_pull
CCCHH:move_to_sops

2 commits
93212e2248 ... a86b34cf34

Author SHA1 Message Date
c6ristian
a86b34cf34
 		set nginx logging to use journald
All checks were successful
/ Ansible Lint (push) Successful in 1m53s
Details
2025-01-19 20:30:53 +01:00
c6ristian
328ec744cc
 		Add base_config and deploy_systemd_journal_config 2025-01-19 20:30:05 +01:00
10 changed files with 75 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

30
inventories/chaosknoten/hosts.yaml
View file

@ -51,6 +51,21 @@ all:
ansible_host: zammad-intern.hamburg.ccc.de ansible_host: zammad-intern.hamburg.ccc.de
ansible_user: chaos ansible_user: chaos
ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
base_config_hosts:
hosts:
ccchoir:
cloud:
grafana:
keycloak:
lists:
mumble:
onlyoffice:
pad:
pretalx:
public-reverse-proxy:
tickets:
wiki:
zammad:
docker_compose_hosts: docker_compose_hosts:
hosts: hosts:
ccchoir: ccchoir:
@ -82,21 +97,6 @@ all:
public_reverse_proxy_hosts: public_reverse_proxy_hosts:
hosts: hosts:
public-reverse-proxy: public-reverse-proxy:
ssh_server_config_hosts:
hosts:
ccchoir:
cloud:
grafana:
keycloak:
lists:
mumble:
onlyoffice:
pad:
pretalx:
public-reverse-proxy:
tickets:
wiki:
zammad:
certbot_hosts: certbot_hosts:
hosts: hosts:
ccchoir: ccchoir:

6
playbooks/deploy.yaml
View file

@ -1,8 +1,8 @@
--- ---
- name: Ensure SSH server config deployment on ssh_server_config_hosts - name: Ensure base config is deployment on base_config_hosts
hosts: ssh_server_config_hosts hosts: base_config_hosts
roles: roles:
- deploy_ssh_server_config - base_config
- name: Ensure deployment of infrastructure authorized keys - name: Ensure deployment of infrastructure authorized keys
hosts: infrastructure_authorized_keys_hosts hosts: infrastructure_authorized_keys_hosts

4
roles/base_config/meta/main.yaml Normal file
View file

@ -0,0 +1,4 @@
---
dependencies:
- role: deploy_ssh_server_config
- role: deploy_systemd_journal_config

3
roles/deploy_systemd_journal_config/files/10-ccchh.conf Normal file
View file

@ -0,0 +1,3 @@
[Journal]
MaxFileSec=2day
MaxRetentionSec=2week

5
roles/deploy_systemd_journal_config/handlers/main.yaml Normal file
View file

@ -0,0 +1,5 @@
- name: Restart `systemd-journald.service`
ansible.builtin.systemd:
name: systemd-journald.service
state: restarted
become: true

18
roles/deploy_systemd_journal_config/tasks/main.yaml Normal file
View file

@ -0,0 +1,18 @@
- name: Create 'journald.conf.d' directory if it does not exist
ansible.builtin.file:
path: "/etc/systemd/journald.conf.d"
state: directory
mode: '0644'
owner: root
group: root
become: true
- name: make sure the custom configuration file is deployed
ansible.builtin.copy:
src: "10-ccchh.conf"
dest: "/etc/systemd/journald.conf.d/10-ccchh.conf"
mode: "0644"
owner: root
group: root
become: true
notify: Restart `systemd-journald.service`

1
roles/nginx/defaults/main.yaml
View file

@ -1,5 +1,6 @@
nginx__deploy_redirect_conf: true nginx__deploy_redirect_conf: true
nginx__deploy_tls_conf: true nginx__deploy_tls_conf: true
nginx__deploy_logging_conf: true
nginx__configurations: [ ] nginx__configurations: [ ]
nginx__use_custom_nginx_conf: false nginx__use_custom_nginx_conf: false
nginx__custom_nginx_conf: "" nginx__custom_nginx_conf: ""

2
roles/nginx/files/logging.conf Normal file
View file

@ -0,0 +1,2 @@
error_log syslog:server=unix:/run/systemd/journal/dev-log,nohostname,severity=warn debug;
access_log syslog:server=unix:/run/systemd/journal/dev-log,nohostname,severity=info main;

6
roles/nginx/meta/argument_specs.yaml
View file

@ -23,6 +23,12 @@ argument_specs:
type: bool type: bool
required: false required: false
default: true default: true
nginx__deploy_logging_conf:
description: >-
Whether or not to deploy a `logging.conf` to `/etc/nginx/conf.d/logging.conf`.
type: bool
required: false
default: true
nginx__configurations: nginx__configurations:
description: A list of nginx configurations. description: A list of nginx configurations.
type: list type: list

18
roles/nginx/tasks/main/config_deploy.yaml
View file

@ -100,6 +100,24 @@
ansible.builtin.set_fact: ansible.builtin.set_fact:
nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'redirect.conf' ] }}" # noqa: jinja[spacing] nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'redirect.conf' ] }}" # noqa: jinja[spacing]
- name: handle the case, where logging.conf should be deployed
when: nginx__deploy_logging_conf
block:
- name: make sure logging.conf is deployed
ansible.builtin.copy:
force: true
dest: /etc/nginx/conf.d/logging.conf
mode: "0644"
owner: root
group: root
src: logging.conf
become: true
notify: Restart `nginx.service`
- name: add logging.conf to nginx__config_files_to_exist
ansible.builtin.set_fact:
nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'logging.conf' ] }}" # noqa: jinja[spacing]
- name: make sure all given configuration files are deployed - name: make sure all given configuration files are deployed
ansible.builtin.copy: ansible.builtin.copy:
content: "{{ item.content }}" content: "{{ item.content }}"