shockrah/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Deprecating old stuff that isnt used anymore

Browse Source
This commit is contained in:
shockrah
2024-08-17 16:19:28 -07:00
parent cbdfe05111
commit 2ec74d8b85
63 changed files with 151 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
deprecated/playbooks/alpha/certbot.yml Normal file
View File

@@ -0,0 +1,15 @@
---
- hosts: alpha
remote_user: ubuntu
become: yes
become_method: sudo
tasks:
- name: Install New Certificate for all sites
command: >
certbot -n --nginx -m "{{CERT_EMAIL}}" --agree-tos
--domains "{{item}}"
loop:
- search.project-athens.xyz
- clips.shockrah.xyz
- files.leftcoast.space

31
deprecated/playbooks/alpha/clips/setup.yml Normal file
View File

@@ -0,0 +1,31 @@
---
- hosts: alpha
become: yes
vars:
CLIPPABLE_ROOT: /mnt/drive1
tasks:
- name: Create mountpoints for volumes
file:
state: directory
path: "{{ CLIPPABLE_ROOT }}/{{ item }}"
loop:
- clips/
- thumbnails/
- name: Pull latest Clippable Image
community.docker.docker_container:
name: clippable
image: registry.gitlab.com/shockrah/clippable:latest
pull: yes
restart_policy: always
recreate: yes
env:
SITE_NAME: "Shockrah's Clips"
SITE_DESC: "Short clips of random stuff I do"
SITE_URL: "https://clips.shockrah.xyz"
ports:
- "8482:8482"
volumes:
- "{{CLIPPABLE_ROOT}}/clips:/media/clips"
- "{{CLIPPABLE_ROOT}}/thumbnails:/media/thumbnails"

15
deprecated/playbooks/alpha/docker-config.yml Normal file
View File

@@ -0,0 +1,15 @@
# Here we basically install a config that limits all containers to having
# a maxium amount of logs on disk. We do this to save on storage space
---
- hosts: alpha
become: yes
tasks:
- name: Copy over daemon.json config
copy:
src: docker/daemon.json
dest: /etc/daemon.json
- name: Restart Docker service
systemd:
name: docker
state: restarted

39
deprecated/playbooks/alpha/docker-user.yml Normal file
View File

@@ -0,0 +1,39 @@
# This playbook creates an ssh accessed user that is part of the docker group
# The reason for this is to create a user that can access docker services but
# not have root permissions to the host machine itself.
---
- hosts: alpha
remote_user: ubuntu
become: yes
vars:
NAME: dockerlass
tasks:
- name: Ensure Docker Group exists
group:
name: docker
state: present
- name: Ensure Docker-Only User exists and is part of the Docker group
user:
state: present
name: "{{ NAME }}"
create_home: true
groups: docker
- name: Ensure safe ~/.ssh directory
file:
path: "/home/{{NAME}}/.ssh"
state: directory
mode: 0700
owner: "{{ NAME }}"
- name: Ensure safe Authorized keys file
copy:
src: "{{ DOCKERLASS_PUB_KEY_PATH }}"
dest: "/home/{{NAME}}/.ssh/authorized_keys"
mode: 0600
owner: "{{ NAME }}"

7
deprecated/playbooks/alpha/docker/daemon.json Normal file
View File

@@ -0,0 +1,7 @@
{
"log-driver" : "local",
"log-opts": {
"max-size": "10m",
"max-file": "3"
}
}

22
deprecated/playbooks/alpha/filebrowser/main.yml Normal file
View File

@@ -0,0 +1,22 @@
# This playbook goes through the process of setting up a simple FTP server on
# the target host.
---
- hosts: alpha
become: yes
vars:
MOUNTPOINT: /mnt/fam-files
tasks:
- name: Setup Filebrowser Container
community.docker.docker_container:
name: filebrowser
image: filebrowser/filebrowser
restart_policy: always
volumes:
- "{{MOUNTPOINT}}/data:/srv"
ports:
- "8000:80"
user: "0:0"

46
deprecated/playbooks/alpha/init.yml Normal file
View File

@@ -0,0 +1,46 @@
---
- hosts: alpha
remote_user: ubuntu
tasks:
- name: Install docker dependencies
become: yes
become_method: sudo
apt:
name: "{{item}}"
update_cache: yes
loop:
- apt-transport-https
- ca-certificates
- curl
- gnupg
- software-properties-common
- lsb-release
- name: Install docker GPG key
become: yes
become_method: sudo
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: Add Docker Apt Repo
become: yes
become_method: sudo
apt_repository:
repo: deb https://download.docker.com/linux/ubuntu impish stable
state: present
- name: Install Docker components
become: yes
become_method: sudo
apt:
name: "{{item}}"
update_cache: yes
loop:
- docker-ce
- docker-ce-cli
- containerd.io

30
deprecated/playbooks/alpha/nginx/clippable.yml Normal file
View File

@@ -0,0 +1,30 @@
# It is important to keep in mind that these websites are to be served under
# either port 80 or port 443. The reasoning for allowing port 80 connections
# is because the content here is not sensitive and I'm 100% sure I'm going
# to get traffic from glow-friends so there
---
- hosts: beta
become: yes
tasks:
- name: Push clips.shockrah.xyz config(nginx)
copy:
src: "clips.shockrah.xyz"
dest: "/etc/nginx/sites-available/clips.shockrah.xyz"
- name: Enable clips nginx config
file:
src: /etc/nginx/sites-available/clips.shockrah.xyz
dest: /etc/nginx/sites-enabled/clips.shockrah.xyz
state: link
- name: Restart Nginx
service:
name: nginx
state: restarted
- name: Install New Certificate for all sites
command: >
certbot -n --nginx -m "dev@shockrah.xyz" --agree-tos
--domains clips.shockrah.xyz

12
deprecated/playbooks/alpha/nginx/clips.shockrah.xyz Normal file
View File

@@ -0,0 +1,12 @@
# This file contains a base configuration file for the projectathens
# It is to be overwritten by certbot later on so adjusting this config
# should not happen on the target server
server {
server_name clips.shockrah.xyz;
location / {
proxy_pass http://127.0.0.1:8482;
}
}

10
deprecated/playbooks/alpha/nginx/disable-default.yml Normal file
View File

@@ -0,0 +1,10 @@
---
- hosts: alpha
tasks:
- name: Disable Default Nginx Site
become: yes
file:
path: /etc/nginx/sites-enabled/default
state: absent

14
deprecated/playbooks/alpha/nginx/files.leftcoast.space Normal file
View File

@@ -0,0 +1,14 @@
# This file contains a base configuration file for the projectathens
# It is to be overwritten by certbot later on so adjusting this config
# should not happen on the target server
server {
server_name files.leftcoast.space;
location / {
proxy_pass http://127.0.0.1:8000;
}
# Because we take large video/image file uploads
client_max_body_size 0;
}

41
deprecated/playbooks/alpha/nginx/main.yml Normal file
View File

@@ -0,0 +1,41 @@
# This playbook just installs nginx so that it is ready to configure
# we don't bother with extra user accounts like with Beta because we
# are only concerned with using nginx to serve fully containerized
# applications. Not static files
---
- hosts: alpha
become: yes
vars:
SITES:
- search.project-athens.xyz
- files.leftcoast.space
- clips.shockrah.xyz
tasks:
- name: Install Certbot
community.general.snap:
name: certbot
classic: yes
- name: Push Configs
copy:
src: "{{item}}"
dest: "/etc/nginx/sites-available/{{item}}"
loop: "{{ SITES }}"
- name: Enable Sites in Nginx
file:
src: "/etc/nginx/sites-available/{{item}}"
dest: "/etc/nginx/sites-enabled/{{item}}"
state: link
loop: "{{ SITES }}"
- name: Restart Nginx
service:
name: nginx
state: restarted
- name: Install Certificates for all sites on this host
command: >
certbot -n --nginx -m "{{CERT_EMAIL}}" --agree-tos
--domains "{{item}}"
loop: "{{ SITES }}"

11
deprecated/playbooks/alpha/nginx/search.project-athens.xyz Normal file
View File

@@ -0,0 +1,11 @@
# This file contains a base configuration file for the projectathens
# It is to be overwritten by certbot later on so adjusting this config
# should not happen on the target server
server {
server_name search.project-athens.xyz;
location / {
proxy_pass http://127.0.0.1:8080;
}
}

31
deprecated/playbooks/alpha/searx/main.yml Normal file
View File

@@ -0,0 +1,31 @@
---
- hosts: alpha
remote_user: ubuntu
become: yes
tasks:
- name: Create /var/www/ Configuration Directory
file:
path: /var/www/
state: directory
- name: Create /var/www/searx/ Searx configuration Directory
file:
path: /var/www/searx
state: directory
- name: Copy Searx Configuration to /var/www/searx
copy:
src: settings.yml
dest: /var/www/searx/settings.yml
- name: Pull latest Searx Repo patches
community.docker.docker_container:
name: searx
image: searx/searx
pull: yes
restart_policy: always
recreate: yes
volumes:
- "/var/www/searx/settings.yml:/etc/searx/settings.yml"
ports:
- "8080:8080"

24
deprecated/playbooks/alpha/searx/settings.yml Normal file
View File

@@ -0,0 +1,24 @@
use_default_settings: True
general:
debug : False # Debug mode, only for development
instance_name : "Project Athens SearX" # displayed name
search:
safe_search : 0 # Filter results. 0: None, 1: Moderate, 2: Strict
autocomplete : "" # Existing autocomplete backends: "dbpedia", "duckduckgo", "google", "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off by default
default_lang : "" # Default search language - leave blank to detect from browser information or use codes from 'languages.py'
server:
port : 8080
bind_address : "127.0.0.1" # explicitly only listen on localhost
secret_key : "VnnTHjYycpMerevPKQ5DAngpcZ3in5R8wgshvz2kW1LBDw6Z/ytWGdkZfXZTdY7zMb0oe6UXoZ9a"
base_url : "https://search.project-athens.xyz"
image_proxy : False # Proxying image results through searx
# TODO: add morty proxy to the setup for cleaner results
# uncomment below section if you have running morty proxy
#result_proxy:
# url : http://127.0.0.1:3000/
# key : !!binary "your_morty_proxy_key"

18
deprecated/playbooks/alpha/setup-docker-plugin.yml Normal file
View File

@@ -0,0 +1,18 @@
---
- hosts: alpha
remote_user: ubuntu
tasks:
- name: Install Pip3
become: yes
become_method: sudo
apt:
name: python3-pip
update_cache: yes
- name: Install Docker Pip Package
become: yes
become_method: sudo
pip:
name: docker