All services now migrated and tested to be working as intended

These configurations should be valid enough to perform a really fast migration should something weird happen. Check the runbook created for this commit to see the steps involved.
2022-11-09 00:43:29 -08:00 · 2022-11-09 00:43:29 -08:00 · 025b0539a6
commit 025b0539a6
parent 7ddd15c4a5
7 changed files with 167 additions and 0 deletions
--- a/playbooks/atlas/init/setup-reverse-proxy.yml
+++ b/playbooks/atlas/init/setup-reverse-proxy.yml
@ -0,0 +1,48 @@
+
+# This playbook just installs nginx so that it is ready to configure
+# we don't bother with extra user accounts like with Beta because we
+# are only concerned with using nginx to serve fully containerized
+# applications. Not static files
+---
+- hosts: atlas
+  become: yes
+  vars:
+    CERT_EMAIL: "dev@shockrah.xyz"
+    SITES:
+      - search.project-athens.xyz
+      - files.leftcoast.space
+      - clips.shockrah.xyz
+  tasks:
+    - name: Install nginx
+      apt:
+        name: nginx
+        state: latest
+
+    - name: Install Certbot
+      community.general.snap:
+        name: certbot
+        classic: yes
+
+    - name: Push Configs
+      copy:
+        src:  "{{ '../nginx-plain-conf/' ~ item }}"
+        dest: "{{ '/etc/nginx/sites-available/' ~  item }}"
+      loop: "{{ SITES }}"
+
+    - name: Enable Sites in Nginx
+      file: 
+        src: "/etc/nginx/sites-available/{{item}}"
+        dest: "/etc/nginx/sites-enabled/{{item}}"
+        state: link
+      loop: "{{ SITES }}"
+
+    - name: Restart Nginx
+      service:
+        name: nginx
+        state: restarted
+
+    - name: Install Certificates for all sites on this host
+      command: >
+        certbot -n --nginx -m "{{ CERT_EMAIL }}" --agree-tos
+        --domains "{{item}}"
+      loop: "{{ SITES }}"
--- a/playbooks/atlas/nginx-plain-conf/clippable.yml
+++ b/playbooks/atlas/nginx-plain-conf/clippable.yml
@ -0,0 +1,30 @@
+# It is important to keep in mind that these websites are to be served under
+# either port 80 or port 443. The reasoning for allowing port 80 connections
+# is because the content here is not sensitive and I'm 100% sure I'm going
+# to get traffic from glow-friends so there
+
+---
+- hosts: beta
+  become: yes
+  tasks:
+    - name: Push clips.shockrah.xyz config(nginx)
+      copy:
+        src: "clips.shockrah.xyz"
+        dest: "/etc/nginx/sites-available/clips.shockrah.xyz"
+
+    - name: Enable clips nginx config
+      file:
+        src: /etc/nginx/sites-available/clips.shockrah.xyz
+        dest: /etc/nginx/sites-enabled/clips.shockrah.xyz
+        state: link
+
+    - name: Restart Nginx
+      service:
+        name: nginx
+        state: restarted
+
+    - name: Install New Certificate for all sites
+      command: >
+        certbot -n --nginx -m "dev@shockrah.xyz" --agree-tos
+        --domains clips.shockrah.xyz
+
--- a/playbooks/atlas/nginx-plain-conf/clips.shockrah.xyz
+++ b/playbooks/atlas/nginx-plain-conf/clips.shockrah.xyz
@ -0,0 +1,12 @@
+# This file contains a base configuration file for the projectathens
+# It is to be overwritten by certbot later on so adjusting this config
+# should not happen on the target server
+
+server  {
+	server_name clips.shockrah.xyz;
+	location / {
+		proxy_pass http://127.0.0.1:8482;
+	}
+}
+
+
--- a/playbooks/atlas/nginx-plain-conf/disable-default.yml
+++ b/playbooks/atlas/nginx-plain-conf/disable-default.yml
@ -0,0 +1,10 @@
+---
+- hosts: alpha
+  tasks:
+    - name: Disable Default Nginx Site
+      become: yes
+      file:
+        path: /etc/nginx/sites-enabled/default
+        state: absent
+
+
--- a/playbooks/atlas/nginx-plain-conf/files.leftcoast.space
+++ b/playbooks/atlas/nginx-plain-conf/files.leftcoast.space
@ -0,0 +1,14 @@
+# This file contains a base configuration file for the projectathens
+# It is to be overwritten by certbot later on so adjusting this config
+# should not happen on the target server
+
+server  {
+	server_name files.leftcoast.space;
+	location / {
+		proxy_pass http://127.0.0.1:8000;
+	}
+	# Because we take large video/image file uploads
+	client_max_body_size 0;
+}
+
+
--- a/playbooks/atlas/nginx-plain-conf/main.yml
+++ b/playbooks/atlas/nginx-plain-conf/main.yml
@ -0,0 +1,42 @@
+# This playbook just installs nginx so that it is ready to configure
+# we don't bother with extra user accounts like with Beta because we
+# are only concerned with using nginx to serve fully containerized
+# applications. Not static files
+---
+- hosts: alpha
+  become: yes
+  tasks:
+    - name: Install Certbot
+      community.general.snap:
+        name: certbot
+        classic: yes
+
+    - name: Push Configs
+      copy:
+        src:  "{{item}}"
+        dest: "/etc/nginx/sites-available/{{item}}"
+      loop:
+        - search.project-athens.xyz
+        - files.leftcoast.space
+
+    - name: Enable Sites in Nginx
+      file: 
+        src: "/etc/nginx/sites-available/{{item}}"
+        dest: "/etc/nginx/sites-enabled/{{item}}"
+        state: link
+      loop:
+        - search.project-athens.xyz
+        - files.leftcoast.space
+
+    - name: Restart Nginx
+      service:
+        name: nginx
+        state: restarted
+
+    - name: Install Certificates for all sites on this host
+      command: >
+        certbot -n --nginx -m "{{CERT_EMAIL}}" --agree-tos
+        --domains "{{item}}"
+      loop:
+        - search.project-athens.xyz
+        - files.leftcoast.space
--- a/playbooks/atlas/nginx-plain-conf/search.project-athens.xyz
+++ b/playbooks/atlas/nginx-plain-conf/search.project-athens.xyz
@ -0,0 +1,11 @@
+# This file contains a base configuration file for the projectathens
+# It is to be overwritten by certbot later on so adjusting this config
+# should not happen on the target server
+
+server  {
+	server_name search.project-athens.xyz;
+	location / {
+		proxy_pass http://127.0.0.1:8080;
+	}
+}
+