Refactoring
- moved inventory - add some variables - splitted files and templates - added role grafana - add a play 'all'
This commit is contained in:
parent
065b5d42a8
commit
5a211c975a
29
README.md
29
README.md
|
@ -16,28 +16,23 @@ Usually, it looks like this:
|
|||
|
||||
```
|
||||
# Dummy try with --check
|
||||
ansible-playbook -i inventory.yml role.yml -v --diff --check --ask-become-pass
|
||||
ansible-playbook -i inventory/main.yml role.yml -vv --diff --check --ask-become-pass
|
||||
# Real try
|
||||
ansible-playbook -i inventory.yml role.yml -v --ask-become-pass
|
||||
ansible-playbook -i inventory/main.yml role.yml -v --ask-become-pass
|
||||
```
|
||||
|
||||
The file `inventory.yml` already contains an host: the main VPS, `aperture-labs`.
|
||||
The file `inventory/main.yml` already contains an host: the main VPS, `aperture-labs`.
|
||||
See [Configuration](#Configuration) to add the host to your SSH config.
|
||||
|
||||
## Existing roles
|
||||
## Variables
|
||||
|
||||
### Nginx
|
||||
Variables are defined in `inventory/host_vars/aperture-labs.yml`.
|
||||
They can be overriden, see [the documentation](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable).
|
||||
|
||||
**Update the nginx configuration, reload the service**
|
||||
They may be mandatory for execution of roles.
|
||||
|
||||
| Variable name | Mandatory | Comment |
|
||||
|------------------|-----------|----------------------------------------------|
|
||||
| sites_enabled | yes | List of sites to enable from sites-available |
|
||||
|
||||
### Uwsgi
|
||||
|
||||
**Update the uwsgi configuration, restart the service**
|
||||
|
||||
| Variable name | Mandatory | Comment |
|
||||
|------------------|-----------|----------------------------------------------|
|
||||
| environments | yes | List of environments to restart |
|
||||
| Variable name | Comment |
|
||||
|------------------|----------------------------------------------|
|
||||
| sites_enabled | List of sites to enable from sites-available |
|
||||
| proxy_ports | List of ports to use with proxy_pass |
|
||||
| allowed_users | List of users allowed to login through SSH |
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
- name: Run all roles
|
||||
hosts: all
|
||||
become: yes
|
||||
become_user: root
|
||||
become_method: sudo
|
||||
|
||||
roles:
|
||||
- grafana
|
||||
- iptables
|
||||
- nginx
|
||||
- ssh
|
||||
- uwsgi
|
|
@ -1,3 +1,19 @@
|
|||
---
|
||||
sites_enabled:
|
||||
- "000-default"
|
||||
- "bible"
|
||||
- "creativecalc"
|
||||
- "gitea"
|
||||
- "grafana"
|
||||
- "mumbleweb"
|
||||
- "p7"
|
||||
- "pc-dev"
|
||||
|
||||
proxy_ports:
|
||||
grafana: 3000
|
||||
gitea: 3001
|
||||
mumbleweb: 64737
|
||||
|
||||
allowed_users:
|
||||
- "breizh"
|
||||
- "cake"
|
|
@ -1 +1,2 @@
|
|||
[vps]
|
||||
aperture-labs # Add an entry in your ~/.ssh/config
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
- name: Update monitoring configuration
|
||||
hosts: all
|
||||
become: yes
|
||||
become_user: root
|
||||
become_method: sudo
|
||||
|
||||
roles:
|
||||
- grafana
|
||||
- telegraf
|
||||
- influxdb
|
||||
- goaccess
|
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
- name: "Install Grafana"
|
||||
pacman:
|
||||
name: "grafana"
|
||||
state: present
|
||||
|
||||
- name: "Copy ini file"
|
||||
template:
|
||||
src: 'grafana.ini'
|
||||
dest: '/etc/'
|
||||
owner: 'grafana'
|
||||
mode: 0644
|
||||
|
||||
- name: "Restarting grafana"
|
||||
service:
|
||||
name: "grafana"
|
||||
state: restarted
|
|
@ -0,0 +1,517 @@
|
|||
##################### Grafana Configuration Example #####################
|
||||
#
|
||||
# Everything has defaults so you only need to uncomment things you want to
|
||||
# change
|
||||
|
||||
# possible values : production, development
|
||||
;app_mode = production
|
||||
|
||||
# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty
|
||||
;instance_name = ${HOSTNAME}
|
||||
|
||||
#################################### Paths ####################################
|
||||
[paths]
|
||||
# Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used)
|
||||
;data = /var/lib/grafana
|
||||
|
||||
# Temporary files in `data` directory older than given duration will be removed
|
||||
;temp_data_lifetime = 24h
|
||||
|
||||
# Directory where grafana can store logs
|
||||
;logs = /var/log/grafana
|
||||
|
||||
# Directory where grafana will automatically scan and look for plugins
|
||||
;plugins = /var/lib/grafana/plugins
|
||||
|
||||
# folder that contains provisioning config files that grafana will apply on startup and while running.
|
||||
;provisioning = conf/provisioning
|
||||
|
||||
#################################### Server ####################################
|
||||
[server]
|
||||
# Protocol (http, https, socket)
|
||||
;protocol = http
|
||||
|
||||
# The ip address to bind to, empty will bind to all interfaces
|
||||
http_addr = 127.0.0.1
|
||||
|
||||
# The http port to use
|
||||
http_port = {{ proxy_ports.grafana | mandatory }}
|
||||
|
||||
# The public facing domain name used to access grafana from a browser
|
||||
domain = grafana.planet-casio.com
|
||||
|
||||
# Redirect to correct domain if host header does not match domain
|
||||
# Prevents DNS rebinding attacks
|
||||
;enforce_domain = false
|
||||
|
||||
# The full public facing url you use in browser, used for redirects and emails
|
||||
# If you use reverse proxy and sub path specify full url (with sub path)
|
||||
root_url = https://grafana.planet-casio.com
|
||||
|
||||
# Log web requests
|
||||
;router_logging = false
|
||||
|
||||
# the path relative working path
|
||||
;static_root_path = public
|
||||
|
||||
# enable gzip
|
||||
;enable_gzip = false
|
||||
|
||||
# https certs & key file
|
||||
;cert_file =
|
||||
;cert_key =
|
||||
|
||||
# Unix socket path
|
||||
;socket =
|
||||
|
||||
#################################### Database ####################################
|
||||
[database]
|
||||
# You can configure the database connection by specifying type, host, name, user and password
|
||||
# as separate properties or as on string using the url properties.
|
||||
|
||||
# Either "mysql", "postgres" or "sqlite3", it's your choice
|
||||
;type = sqlite3
|
||||
;host = 127.0.0.1:3306
|
||||
;name = grafana
|
||||
;user = root
|
||||
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
|
||||
;password =
|
||||
|
||||
# Use either URL or the previous fields to configure the database
|
||||
# Example: mysql://user:secret@host:port/database
|
||||
;url =
|
||||
|
||||
# For "postgres" only, either "disable", "require" or "verify-full"
|
||||
;ssl_mode = disable
|
||||
|
||||
# For "sqlite3" only, path relative to data_path setting
|
||||
;path = grafana.db
|
||||
|
||||
# Max idle conn setting default is 2
|
||||
;max_idle_conn = 2
|
||||
|
||||
# Max conn setting default is 0 (mean not set)
|
||||
;max_open_conn =
|
||||
|
||||
# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours)
|
||||
;conn_max_lifetime = 14400
|
||||
|
||||
# Set to true to log the sql calls and execution times.
|
||||
log_queries =
|
||||
|
||||
# For "sqlite3" only. cache mode setting used for connecting to the database. (private, shared)
|
||||
;cache_mode = private
|
||||
|
||||
#################################### Session ####################################
|
||||
[session]
|
||||
# Either "memory", "file", "redis", "mysql", "postgres", default is "file"
|
||||
;provider = file
|
||||
|
||||
# Provider config options
|
||||
# memory: not have any config yet
|
||||
# file: session dir path, is relative to grafana data_path
|
||||
# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=grafana`
|
||||
# mysql: go-sql-driver/mysql dsn config string, e.g. `user:password@tcp(127.0.0.1:3306)/database_name`
|
||||
# postgres: user=a password=b host=localhost port=5432 dbname=c sslmode=disable
|
||||
;provider_config = sessions
|
||||
|
||||
# Session cookie name
|
||||
;cookie_name = grafana_sess
|
||||
|
||||
# If you use session in https only, default is false
|
||||
cookie_secure = true
|
||||
|
||||
# Session life time, default is 86400
|
||||
;session_life_time = 86400
|
||||
|
||||
#################################### Data proxy ###########################
|
||||
[dataproxy]
|
||||
|
||||
# This enables data proxy logging, default is false
|
||||
;logging = false
|
||||
|
||||
# How long the data proxy should wait before timing out default is 30 (seconds)
|
||||
;timeout = 30
|
||||
|
||||
#################################### Analytics ####################################
|
||||
[analytics]
|
||||
# Server reporting, sends usage counters to stats.grafana.org every 24 hours.
|
||||
# No ip addresses are being tracked, only simple counters to track
|
||||
# running instances, dashboard and error counts. It is very helpful to us.
|
||||
# Change this option to false to disable reporting.
|
||||
;reporting_enabled = true
|
||||
|
||||
# Set to false to disable all checks to https://grafana.net
|
||||
# for new vesions (grafana itself and plugins), check is used
|
||||
# in some UI views to notify that grafana or plugin update exists
|
||||
# This option does not cause any auto updates, nor send any information
|
||||
# only a GET request to http://grafana.com to get latest versions
|
||||
;check_for_updates = true
|
||||
|
||||
# Google Analytics universal tracking code, only enabled if you specify an id here
|
||||
;google_analytics_ua_id =
|
||||
|
||||
# Google Tag Manager ID, only enabled if you specify an id here
|
||||
;google_tag_manager_id =
|
||||
|
||||
#################################### Security ####################################
|
||||
[security]
|
||||
# default admin user, created on startup
|
||||
; admin_user = admin
|
||||
|
||||
# default admin password, can be changed before first start of grafana, or in profile settings
|
||||
;admin_password = admin
|
||||
|
||||
# used for signing
|
||||
;secret_key = SW2YcwTIb9zpOOhoPsMm
|
||||
|
||||
# disable gravatar profile images
|
||||
;disable_gravatar = false
|
||||
|
||||
# data source proxy whitelist (ip_or_domain:port separated by spaces)
|
||||
;data_source_proxy_whitelist =
|
||||
|
||||
# disable protection against brute force login attempts
|
||||
;disable_brute_force_login_protection = false
|
||||
|
||||
# set to true if you host Grafana behind HTTPS. default is false.
|
||||
cookie_secure = true
|
||||
|
||||
# set cookie SameSite attribute. defaults to `lax`. can be set to "lax", "strict" and "none"
|
||||
;cookie_samesite = lax
|
||||
|
||||
#################################### Snapshots ###########################
|
||||
[snapshots]
|
||||
# snapshot sharing options
|
||||
;external_enabled = true
|
||||
;external_snapshot_url = https://snapshots-origin.raintank.io
|
||||
;external_snapshot_name = Publish to snapshot.raintank.io
|
||||
|
||||
# remove expired snapshot
|
||||
;snapshot_remove_expired = true
|
||||
|
||||
#################################### Dashboards History ##################
|
||||
[dashboards]
|
||||
# Number dashboard versions to keep (per dashboard). Default: 20, Minimum: 1
|
||||
;versions_to_keep = 20
|
||||
|
||||
#################################### Users ###############################
|
||||
[users]
|
||||
# disable user signup / registration
|
||||
;allow_sign_up = true
|
||||
|
||||
# Allow non admin users to create organizations
|
||||
;allow_org_create = true
|
||||
|
||||
# Set to true to automatically assign new users to the default organization (id 1)
|
||||
;auto_assign_org = true
|
||||
|
||||
# Default role new users will be automatically assigned (if disabled above is set to true)
|
||||
;auto_assign_org_role = Viewer
|
||||
|
||||
# Background text for the user field on the login page
|
||||
;login_hint = email or username
|
||||
|
||||
# Default UI theme ("dark" or "light")
|
||||
;default_theme = dark
|
||||
|
||||
# External user management, these options affect the organization users view
|
||||
;external_manage_link_url =
|
||||
;external_manage_link_name =
|
||||
;external_manage_info =
|
||||
|
||||
# Viewers can edit/inspect dashboard settings in the browser. But not save the dashboard.
|
||||
;viewers_can_edit = false
|
||||
|
||||
[auth]
|
||||
# Login cookie name
|
||||
;login_cookie_name = grafana_session
|
||||
|
||||
# The lifetime (days) an authenticated user can be inactive before being required to login at next visit. Default is 7 days,
|
||||
;login_maximum_inactive_lifetime_days = 7
|
||||
|
||||
# The maximum lifetime (days) an authenticated user can be logged in since login time before being required to login. Default is 30 days.
|
||||
;login_maximum_lifetime_days = 30
|
||||
|
||||
# How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes.
|
||||
;token_rotation_interval_minutes = 10
|
||||
|
||||
# Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false
|
||||
;disable_login_form = false
|
||||
|
||||
# Set to true to disable the signout link in the side menu. useful if you use auth.proxy, defaults to false
|
||||
;disable_signout_menu = false
|
||||
|
||||
# URL to redirect the user to after sign out
|
||||
;signout_redirect_url =
|
||||
|
||||
# Set to true to attempt login with OAuth automatically, skipping the login screen.
|
||||
# This setting is ignored if multiple OAuth providers are configured.
|
||||
;oauth_auto_login = false
|
||||
|
||||
#################################### Anonymous Auth ######################
|
||||
[auth.anonymous]
|
||||
# enable anonymous access
|
||||
;enabled = false
|
||||
|
||||
# specify organization name that should be used for unauthenticated users
|
||||
;org_name = Main Org.
|
||||
|
||||
# specify role for unauthenticated users
|
||||
;org_role = Viewer
|
||||
|
||||
#################################### Github Auth ##########################
|
||||
[auth.github]
|
||||
;enabled = false
|
||||
;allow_sign_up = true
|
||||
;client_id = some_id
|
||||
;client_secret = some_secret
|
||||
;scopes = user:email,read:org
|
||||
;auth_url = https://github.com/login/oauth/authorize
|
||||
;token_url = https://github.com/login/oauth/access_token
|
||||
;api_url = https://api.github.com/user
|
||||
;team_ids =
|
||||
;allowed_organizations =
|
||||
|
||||
#################################### Google Auth ##########################
|
||||
[auth.google]
|
||||
;enabled = false
|
||||
;allow_sign_up = true
|
||||
;client_id = some_client_id
|
||||
;client_secret = some_client_secret
|
||||
;scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
|
||||
;auth_url = https://accounts.google.com/o/oauth2/auth
|
||||
;token_url = https://accounts.google.com/o/oauth2/token
|
||||
;api_url = https://www.googleapis.com/oauth2/v1/userinfo
|
||||
;allowed_domains =
|
||||
|
||||
#################################### Generic OAuth ##########################
|
||||
[auth.generic_oauth]
|
||||
;enabled = false
|
||||
;name = OAuth
|
||||
;allow_sign_up = true
|
||||
;client_id = some_id
|
||||
;client_secret = some_secret
|
||||
;scopes = user:email,read:org
|
||||
;auth_url = https://foo.bar/login/oauth/authorize
|
||||
;token_url = https://foo.bar/login/oauth/access_token
|
||||
;api_url = https://foo.bar/user
|
||||
;team_ids =
|
||||
;allowed_organizations =
|
||||
;tls_skip_verify_insecure = false
|
||||
;tls_client_cert =
|
||||
;tls_client_key =
|
||||
;tls_client_ca =
|
||||
|
||||
; Set to true to enable sending client_id and client_secret via POST body instead of Basic authentication HTTP header
|
||||
; This might be required if the OAuth provider is not RFC6749 compliant, only supporting credentials passed via POST payload
|
||||
;send_client_credentials_via_post = false
|
||||
|
||||
#################################### Grafana.com Auth ####################
|
||||
[auth.grafana_com]
|
||||
;enabled = false
|
||||
;allow_sign_up = true
|
||||
;client_id = some_id
|
||||
;client_secret = some_secret
|
||||
;scopes = user:email
|
||||
;allowed_organizations =
|
||||
|
||||
#################################### Auth Proxy ##########################
|
||||
[auth.proxy]
|
||||
;enabled = false
|
||||
;header_name = X-WEBAUTH-USER
|
||||
;header_property = username
|
||||
;auto_sign_up = true
|
||||
;ldap_sync_ttl = 60
|
||||
;whitelist = 192.168.1.1, 192.168.2.1
|
||||
;headers = Email:X-User-Email, Name:X-User-Name
|
||||
|
||||
#################################### Basic Auth ##########################
|
||||
[auth.basic]
|
||||
;enabled = true
|
||||
|
||||
#################################### Auth LDAP ##########################
|
||||
[auth.ldap]
|
||||
;enabled = false
|
||||
;config_file = /etc/grafana/ldap.toml
|
||||
;allow_sign_up = true
|
||||
|
||||
#################################### SMTP / Emailing ##########################
|
||||
[smtp]
|
||||
enabled = true
|
||||
host = localhost:25
|
||||
;user =
|
||||
# If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;"""
|
||||
;password =
|
||||
;cert_file =
|
||||
;key_file =
|
||||
;skip_verify = false
|
||||
from_address = grafana@planet-casio.com
|
||||
from_name = "Grafana"
|
||||
# EHLO identity in SMTP dialog (defaults to instance_name)
|
||||
; ehlo_identity =
|
||||
|
||||
[emails]
|
||||
;welcome_email_on_sign_up = false
|
||||
|
||||
#################################### Logging ##########################
|
||||
[log]
|
||||
# Either "console", "file", "syslog". Default is console and file
|
||||
# Use space to separate multiple modes, e.g. "console file"
|
||||
;mode = console file
|
||||
|
||||
# Either "debug", "info", "warn", "error", "critical", default is "info"
|
||||
;level = info
|
||||
|
||||
# optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug
|
||||
;filters =
|
||||
|
||||
# For "console" mode only
|
||||
[log.console]
|
||||
;level =
|
||||
|
||||
# log line format, valid options are text, console and json
|
||||
;format = console
|
||||
|
||||
# For "file" mode only
|
||||
[log.file]
|
||||
;level =
|
||||
|
||||
# log line format, valid options are text, console and json
|
||||
;format = text
|
||||
|
||||
# This enables automated log rotate(switch of following options), default is true
|
||||
;log_rotate = true
|
||||
|
||||
# Max line number of single file, default is 1000000
|
||||
;max_lines = 1000000
|
||||
|
||||
# Max size shift of single file, default is 28 means 1 << 28, 256MB
|
||||
;max_size_shift = 28
|
||||
|
||||
# Segment log daily, default is true
|
||||
;daily_rotate = true
|
||||
|
||||
# Expired days of log file(delete after max days), default is 7
|
||||
;max_days = 7
|
||||
|
||||
[log.syslog]
|
||||
;level =
|
||||
|
||||
# log line format, valid options are text, console and json
|
||||
;format = text
|
||||
|
||||
# Syslog network type and address. This can be udp, tcp, or unix. If left blank, the default unix endpoints will be used.
|
||||
;network =
|
||||
;address =
|
||||
|
||||
# Syslog facility. user, daemon and local0 through local7 are valid.
|
||||
;facility =
|
||||
|
||||
# Syslog tag. By default, the process' argv[0] is used.
|
||||
;tag =
|
||||
|
||||
#################################### Alerting ############################
|
||||
[alerting]
|
||||
# Disable alerting engine & UI features
|
||||
;enabled = true
|
||||
# Makes it possible to turn off alert rule execution but alerting UI is visible
|
||||
;execute_alerts = true
|
||||
|
||||
# Default setting for new alert rules. Defaults to categorize error and timeouts as alerting. (alerting, keep_state)
|
||||
;error_or_timeout = alerting
|
||||
|
||||
# Default setting for how Grafana handles nodata or null values in alerting. (alerting, no_data, keep_state, ok)
|
||||
;nodata_or_nullvalues = no_data
|
||||
|
||||
# Alert notifications can include images, but rendering many images at the same time can overload the server
|
||||
# This limit will protect the server from render overloading and make sure notifications are sent out quickly
|
||||
;concurrent_render_limit = 5
|
||||
|
||||
#################################### Explore #############################
|
||||
[explore]
|
||||
# Enable the Explore section
|
||||
;enabled = true
|
||||
|
||||
#################################### Internal Grafana Metrics ##########################
|
||||
# Metrics available at HTTP API Url /metrics
|
||||
[metrics]
|
||||
# Disable / Enable internal metrics
|
||||
;enabled = true
|
||||
|
||||
# Publish interval
|
||||
;interval_seconds = 10
|
||||
|
||||
# Send internal metrics to Graphite
|
||||
[metrics.graphite]
|
||||
# Enable by setting the address setting (ex localhost:2003)
|
||||
;address =
|
||||
;prefix = prod.grafana.%(instance_name)s.
|
||||
|
||||
#################################### Distributed tracing ############
|
||||
[tracing.jaeger]
|
||||
# Enable by setting the address sending traces to jaeger (ex localhost:6831)
|
||||
;address = localhost:6831
|
||||
# Tag that will always be included in when creating new spans. ex (tag1:value1,tag2:value2)
|
||||
;always_included_tag = tag1:value1
|
||||
# Type specifies the type of the sampler: const, probabilistic, rateLimiting, or remote
|
||||
;sampler_type = const
|
||||
# jaeger samplerconfig param
|
||||
# for "const" sampler, 0 or 1 for always false/true respectively
|
||||
# for "probabilistic" sampler, a probability between 0 and 1
|
||||
# for "rateLimiting" sampler, the number of spans per second
|
||||
# for "remote" sampler, param is the same as for "probabilistic"
|
||||
# and indicates the initial sampling rate before the actual one
|
||||
# is received from the mothership
|
||||
;sampler_param = 1
|
||||
|
||||
#################################### Grafana.com integration ##########################
|
||||
# Url used to import dashboards directly from Grafana.com
|
||||
[grafana_com]
|
||||
;url = https://grafana.com
|
||||
|
||||
#################################### External image storage ##########################
|
||||
[external_image_storage]
|
||||
# Used for uploading images to public servers so they can be included in slack/email messages.
|
||||
# you can choose between (s3, webdav, gcs, azure_blob, local)
|
||||
;provider =
|
||||
|
||||
[external_image_storage.s3]
|
||||
;bucket =
|
||||
;region =
|
||||
;path =
|
||||
;access_key =
|
||||
;secret_key =
|
||||
|
||||
[external_image_storage.webdav]
|
||||
;url =
|
||||
;public_url =
|
||||
;username =
|
||||
;password =
|
||||
|
||||
[external_image_storage.gcs]
|
||||
;key_file =
|
||||
;bucket =
|
||||
;path =
|
||||
|
||||
[external_image_storage.azure_blob]
|
||||
;account_name =
|
||||
;account_key =
|
||||
;container_name =
|
||||
|
||||
[external_image_storage.local]
|
||||
# does not require any configuration
|
||||
|
||||
[rendering]
|
||||
# Options to configure external image rendering server like https://github.com/grafana/grafana-image-renderer
|
||||
;server_url =
|
||||
;callback_url =
|
||||
|
||||
[enterprise]
|
||||
# Path to a valid Grafana Enterprise license.jwt file
|
||||
;license_path =
|
||||
|
||||
[panels]
|
||||
;enable_alpha = false
|
||||
# If set to true Grafana will allow script tags in text panels. Not recommended as it enable XSS vulnerabilities.
|
||||
;disable_sanitize_html = false
|
|
@ -5,14 +5,14 @@
|
|||
state: present
|
||||
|
||||
- name: "Copy rules"
|
||||
template:
|
||||
file:
|
||||
src: '{{ item }}'
|
||||
dest: '/etc/iptables/'
|
||||
owner: 'root'
|
||||
mode: 0644
|
||||
with_fileglob: '*.rules'
|
||||
|
||||
- name: "Restarting iptables"
|
||||
- name: "Reloading iptables"
|
||||
service:
|
||||
name: "iptables"
|
||||
state: reloaded
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
- "sites-enabled"
|
||||
|
||||
- name: "Copy common files"
|
||||
copy:
|
||||
file:
|
||||
src: '{{ item }}'
|
||||
dest: '/etc/nginx/'
|
||||
owner: 'root'
|
||||
|
@ -22,7 +22,7 @@
|
|||
with_fileglob: '*.conf'
|
||||
|
||||
- name: "Copy conf.d"
|
||||
copy:
|
||||
file:
|
||||
src: '{{ item }}'
|
||||
dest: '/etc/nginx/sites-available/'
|
||||
owner: 'root'
|
||||
|
@ -30,12 +30,12 @@
|
|||
with_fileglob: 'conf.d/*.conf'
|
||||
|
||||
- name: "Copy sites-available"
|
||||
copy:
|
||||
template:
|
||||
src: '{{ item }}'
|
||||
dest: '/etc/nginx/sites-available/'
|
||||
owner: 'root'
|
||||
mode: 0644
|
||||
with_fileglob: 'sites-available/*.conf'
|
||||
with_fileglob: '../templates/sites-available/*.conf'
|
||||
|
||||
- name: "Enable sites"
|
||||
file:
|
||||
|
@ -44,7 +44,7 @@
|
|||
state: link
|
||||
loop: "{{ sites_enabled }}"
|
||||
|
||||
- name: "Restarting nginx"
|
||||
- name: "Reloading nginx"
|
||||
service:
|
||||
name: "nginx"
|
||||
state: reloaded
|
||||
|
|
|
@ -3,7 +3,7 @@ server {
|
|||
listen *:80;
|
||||
|
||||
server_name gitea.planet-casio.com git.planet-casio.com;
|
||||
|
||||
|
||||
include common.conf;
|
||||
|
||||
access_log /var/log/nginx/gitea_access.log;
|
||||
|
@ -19,7 +19,7 @@ server {
|
|||
listen *:443 ssl http2;
|
||||
|
||||
server_name gitea.planet-casio.com git.planet-casio.com;
|
||||
|
||||
|
||||
include common.conf;
|
||||
include ssl.conf;
|
||||
|
||||
|
@ -36,6 +36,6 @@ server {
|
|||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://127.0.0.1:3001;
|
||||
proxy_pass http://127.0.0.1:{{ proxy_ports.gitea | mandatory }};
|
||||
}
|
||||
}
|
|
@ -3,7 +3,7 @@ server {
|
|||
listen *:80;
|
||||
|
||||
server_name grafana.planet-casio.com;
|
||||
|
||||
|
||||
include common.conf;
|
||||
|
||||
access_log /var/log/nginx/grafana_access.log;
|
||||
|
@ -19,7 +19,7 @@ server {
|
|||
listen *:443 ssl http2;
|
||||
|
||||
server_name grafana.planet-casio.com;
|
||||
|
||||
|
||||
include common.conf;
|
||||
include ssl.conf;
|
||||
|
||||
|
@ -32,6 +32,6 @@ server {
|
|||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://127.0.0.1:3000;
|
||||
proxy_pass http://127.0.0.1:{{ proxy_ports.grafana | mandatory }};
|
||||
}
|
||||
}
|
|
@ -3,7 +3,7 @@ server {
|
|||
listen *:80;
|
||||
|
||||
server_name mumble.planet-casio.com;
|
||||
|
||||
|
||||
include common.conf;
|
||||
|
||||
access_log /var/log/nginx/mumbleweb_access.log;
|
||||
|
@ -23,8 +23,8 @@ server {
|
|||
include common.conf;
|
||||
include ssl.conf;
|
||||
|
||||
ssl_certificate /etc/dehydrated/certs/mumble.planet-casio.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/dehydrated/certs/mumble.planet-casio.com/privkey.pem;
|
||||
ssl_certificate /etc/dehydrated/certs/mumble.planet-casio.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/dehydrated/certs/mumble.planet-casio.com/privkey.pem;
|
||||
|
||||
access_log /var/log/nginx/mumbleweb_access.log;
|
||||
error_log /var/log/nginx/mumbleweb_error.log;
|
||||
|
@ -37,7 +37,7 @@ server {
|
|||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_pass http://localhost:64737;
|
||||
proxy_pass http://localhost:{{ proxy_ports.mumbleweb | mandatory }};
|
||||
}
|
||||
}
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
sites_enabled:
|
||||
- "000-default"
|
||||
- "bible"
|
||||
- "creativecalc"
|
||||
- "gitea"
|
||||
- "grafana"
|
||||
- "mumbleweb"
|
||||
- "p7"
|
||||
- "pc-dev"
|
|
@ -11,7 +11,7 @@
|
|||
owner: 'root'
|
||||
mode: 0644
|
||||
|
||||
- name: "Restarting sshd"
|
||||
- name: "Reloading sshd"
|
||||
service:
|
||||
name: "sshd"
|
||||
state: reloaded
|
||||
|
|
|
@ -6,22 +6,23 @@
|
|||
|
||||
- name: "Copy ini files"
|
||||
copy:
|
||||
src: '{{ item }}'
|
||||
src: '{{ item }}.ini'
|
||||
dest: '/etc/uwsgi/'
|
||||
owner: 'root'
|
||||
mode: 0644
|
||||
with_fileglob: '*.ini'
|
||||
loop: "{{ sites_enabled }}"
|
||||
when: item in ["pc", "pc-dev"]
|
||||
|
||||
- name: "Copy systemd service"
|
||||
copy:
|
||||
src: '{{ item }}'
|
||||
src: 'uwsgi@.service'
|
||||
dest: '/etc/systemd/system/'
|
||||
owner: 'root'
|
||||
mode: 0644
|
||||
with_fileglob: '*.service'
|
||||
|
||||
- name: "Restarting uwsgi"
|
||||
service:
|
||||
name: "uwsgi@{{ item }}"
|
||||
state: restarted
|
||||
loop: "{{ environments }}"
|
||||
loop: "{{ sites_enabled }}"
|
||||
when: item in ["pc", "pc-dev"]
|
||||
|
|
|
@ -1,2 +0,0 @@
|
|||
environments:
|
||||
- "pc-dev"
|
Loading…
Reference in New Issue