Use Ansible collection for some roles, config updates

This commit is contained in:
Alexander Dietrich 2022-05-21 14:47:31 +02:00
parent 1fe1ce6bbc
commit c6802f992e
14 changed files with 21 additions and 70 deletions

View file

@ -1,20 +1,20 @@
--- ---
- hosts: ffhh - hosts: ffhh
roles: roles:
- basics - alxndr42.commons.basics
- basics-ffhh - basics-ffhh
tags: basics tags: basics
- hosts: nginx - hosts: nginx
roles: roles:
- nginx - alxndr42.commons.nginx
- nginx-ffhh - nginx-ffhh
- error-pages - error-pages
tags: nginx tags: nginx
- hosts: certbot - hosts: certbot
roles: roles:
- certbot - alxndr42.commons.certbot
tags: certbot tags: certbot
- hosts: certsync - hosts: certsync

View file

@ -1,5 +1,5 @@
ansible_python_interpreter: /usr/bin/python3
basics_autoupdate_mail: backend@hamburg.freifunk.net basics_autoupdate_mail: backend@hamburg.freifunk.net
certbot_email: backend@hamburg.freifunk.net
nginx_error_log: "/dev/null error" nginx_error_log: "/dev/null error"

View file

@ -1,6 +1,5 @@
basics_autoupdate_origins: basics_autoupdate_origins:
- o=Node Source,n=${distro_codename} - o=Node Source,n=${distro_codename}
- o=Prosody,n=${distro_codename}
- o=TorProject,n=${distro_codename} - o=TorProject,n=${distro_codename}
media_tls_crt: /etc/letsencrypt/live/media.hamburg.freifunk.net/fullchain.pem media_tls_crt: /etc/letsencrypt/live/media.hamburg.freifunk.net/fullchain.pem

View file

@ -1,7 +1,4 @@
--- ---
- src: alxndr42.basics collections:
name: basics - name: alxndr42.commons
version: v1.11.0 version: 1.0.0
- src: alxndr42.nginx
name: nginx
version: v1.4.0

View file

@ -1,7 +1,5 @@
--- ---
- src: https://github.com/alxndr42/ansible-basics.git collections:
name: basics - name: https://github.com/alxndr42/ansible-commons.git
version: v1.11.0 type: git
- src: https://github.com/alxndr42/ansible-nginx.git version: v1.0.0
name: nginx
version: v1.4.0

View file

@ -1,13 +0,0 @@
# Because we are using logrotate for greater flexibility, disable the
# internal certbot logrotation.
max-log-backups = 0
email = backend@hamburg.freifunk.net
rsa-key-size = 4096
authenticator = webroot
webroot-path = /var/www/_acme-challenge
agree-tos = True
non-interactive = True
text = True

View file

@ -1,5 +0,0 @@
#!/bin/bash
PATH="/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin"
systemctl reload nginx

View file

@ -1,25 +0,0 @@
---
- name: install certbot
apt:
name: certbot
cache_valid_time: 86400
- name: create webroot directory
file:
path: /var/www/_acme-challenge
state: directory
- name: copy cli.ini
copy:
src: cli.ini
dest: /etc/letsencrypt/
- name: populate service facts
service_facts:
- name: copy reload-nginx hook
copy:
src: reload-nginx
dest: /etc/letsencrypt/renewal-hooks/post/
mode: 0755
when: "'nginx' in services"

View file

@ -1,5 +1,5 @@
error_page 502 /_error-pages/502.html; error_page 502 /error-pages/502.html;
location ^~ /_error-pages { location ^~ /error-pages {
root /var/www; root /var/www;
} }

View file

@ -3,8 +3,8 @@
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<title>Bad Gateway</title> <title>Bad Gateway</title>
<link rel="stylesheet" href="/_error-pages/style.css"> <link rel="stylesheet" href="/error-pages/style.css">
</head> </head>
<body> <body>
<img src="/_error-pages/bad_gateway.png" alt="Bad Gateway Traffic Sign"> <img src="/error-pages/bad_gateway.png" alt="Bad Gateway Traffic Sign">
</body> </body>

View file

@ -1,13 +1,13 @@
--- ---
- name: create directory - name: create directory
file: file:
path: /var/www/_error-pages path: /var/www/error-pages
state: directory state: directory
- name: copy error-pages - name: copy error-pages
copy: copy:
src: error-pages/ src: error-pages/
dest: /var/www/_error-pages/ dest: /var/www/error-pages/
- name: copy error-pages.conf - name: copy error-pages.conf
copy: copy:

View file

@ -1,3 +1,3 @@
--- ---
dependencies: dependencies:
- role: nginx - role: alxndr42.commons.nginx

View file

@ -1,3 +1,3 @@
--- ---
dependencies: dependencies:
- role: nginx - role: alxndr42.commons.nginx

View file

@ -1,3 +1,3 @@
--- ---
dependencies: dependencies:
- role: nginx - role: alxndr42.commons.nginx