shockrah/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Deprecating old stuff that isnt used anymore

Browse Source
This commit is contained in:
shockrah
2024-08-17 16:19:28 -07:00
parent cbdfe05111
commit 2ec74d8b85
63 changed files with 151 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
playbooks/alpha/certbot.yml
View File

@@ -1,15 +0,0 @@
---
- hosts: alpha
remote_user: ubuntu
become: yes
become_method: sudo
tasks:
- name: Install New Certificate for all sites
command: >
certbot -n --nginx -m "{{CERT_EMAIL}}" --agree-tos
--domains "{{item}}"
loop:
- search.project-athens.xyz
- clips.shockrah.xyz
- files.leftcoast.space

31
playbooks/alpha/clips/setup.yml
View File

@@ -1,31 +0,0 @@
---
- hosts: alpha
become: yes
vars:
CLIPPABLE_ROOT: /mnt/drive1
tasks:
- name: Create mountpoints for volumes
file:
state: directory
path: "{{ CLIPPABLE_ROOT }}/{{ item }}"
loop:
- clips/
- thumbnails/
- name: Pull latest Clippable Image
community.docker.docker_container:
name: clippable
image: registry.gitlab.com/shockrah/clippable:latest
pull: yes
restart_policy: always
recreate: yes
env:
SITE_NAME: "Shockrah's Clips"
SITE_DESC: "Short clips of random stuff I do"
SITE_URL: "https://clips.shockrah.xyz"
ports:
- "8482:8482"
volumes:
- "{{CLIPPABLE_ROOT}}/clips:/media/clips"
- "{{CLIPPABLE_ROOT}}/thumbnails:/media/thumbnails"

15
playbooks/alpha/docker-config.yml
View File

@@ -1,15 +0,0 @@
# Here we basically install a config that limits all containers to having
# a maxium amount of logs on disk. We do this to save on storage space
---
- hosts: alpha
become: yes
tasks:
- name: Copy over daemon.json config
copy:
src: docker/daemon.json
dest: /etc/daemon.json
- name: Restart Docker service
systemd:
name: docker
state: restarted

39
playbooks/alpha/docker-user.yml
View File

@@ -1,39 +0,0 @@
# This playbook creates an ssh accessed user that is part of the docker group
# The reason for this is to create a user that can access docker services but
# not have root permissions to the host machine itself.
---
- hosts: alpha
remote_user: ubuntu
become: yes
vars:
NAME: dockerlass
tasks:
- name: Ensure Docker Group exists
group:
name: docker
state: present
- name: Ensure Docker-Only User exists and is part of the Docker group
user:
state: present
name: "{{ NAME }}"
create_home: true
groups: docker
- name: Ensure safe ~/.ssh directory
file:
path: "/home/{{NAME}}/.ssh"
state: directory
mode: 0700
owner: "{{ NAME }}"
- name: Ensure safe Authorized keys file
copy:
src: "{{ DOCKERLASS_PUB_KEY_PATH }}"
dest: "/home/{{NAME}}/.ssh/authorized_keys"
mode: 0600
owner: "{{ NAME }}"

7
playbooks/alpha/docker/daemon.json
View File

@@ -1,7 +0,0 @@
{
"log-driver" : "local",
"log-opts": {
"max-size": "10m",
"max-file": "3"
}
}

22
playbooks/alpha/filebrowser/main.yml
View File

@@ -1,22 +0,0 @@
# This playbook goes through the process of setting up a simple FTP server on
# the target host.
---
- hosts: alpha
become: yes
vars:
MOUNTPOINT: /mnt/fam-files
tasks:
- name: Setup Filebrowser Container
community.docker.docker_container:
name: filebrowser
image: filebrowser/filebrowser
restart_policy: always
volumes:
- "{{MOUNTPOINT}}/data:/srv"
ports:
- "8000:80"
user: "0:0"

46
playbooks/alpha/init.yml
View File

@@ -1,46 +0,0 @@
---
- hosts: alpha
remote_user: ubuntu
tasks:
- name: Install docker dependencies
become: yes
become_method: sudo
apt:
name: "{{item}}"
update_cache: yes
loop:
- apt-transport-https
- ca-certificates
- curl
- gnupg
- software-properties-common
- lsb-release
- name: Install docker GPG key
become: yes
become_method: sudo
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: Add Docker Apt Repo
become: yes
become_method: sudo
apt_repository:
repo: deb https://download.docker.com/linux/ubuntu impish stable
state: present
- name: Install Docker components
become: yes
become_method: sudo
apt:
name: "{{item}}"
update_cache: yes
loop:
- docker-ce
- docker-ce-cli
- containerd.io

30
playbooks/alpha/nginx/clippable.yml
View File

@@ -1,30 +0,0 @@
# It is important to keep in mind that these websites are to be served under
# either port 80 or port 443. The reasoning for allowing port 80 connections
# is because the content here is not sensitive and I'm 100% sure I'm going
# to get traffic from glow-friends so there
---
- hosts: beta
become: yes
tasks:
- name: Push clips.shockrah.xyz config(nginx)
copy:
src: "clips.shockrah.xyz"
dest: "/etc/nginx/sites-available/clips.shockrah.xyz"
- name: Enable clips nginx config
file:
src: /etc/nginx/sites-available/clips.shockrah.xyz
dest: /etc/nginx/sites-enabled/clips.shockrah.xyz
state: link
- name: Restart Nginx
service:
name: nginx
state: restarted
- name: Install New Certificate for all sites
command: >
certbot -n --nginx -m "dev@shockrah.xyz" --agree-tos
--domains clips.shockrah.xyz

12
playbooks/alpha/nginx/clips.shockrah.xyz
View File

@@ -1,12 +0,0 @@
# This file contains a base configuration file for the projectathens
# It is to be overwritten by certbot later on so adjusting this config
# should not happen on the target server
server {
server_name clips.shockrah.xyz;
location / {
proxy_pass http://127.0.0.1:8482;
}
}

10
playbooks/alpha/nginx/disable-default.yml
View File

@@ -1,10 +0,0 @@
---
- hosts: alpha
tasks:
- name: Disable Default Nginx Site
become: yes
file:
path: /etc/nginx/sites-enabled/default
state: absent

14
playbooks/alpha/nginx/files.leftcoast.space
View File

@@ -1,14 +0,0 @@
# This file contains a base configuration file for the projectathens
# It is to be overwritten by certbot later on so adjusting this config
# should not happen on the target server
server {
server_name files.leftcoast.space;
location / {
proxy_pass http://127.0.0.1:8000;
}
# Because we take large video/image file uploads
client_max_body_size 0;
}

41
playbooks/alpha/nginx/main.yml
View File

@@ -1,41 +0,0 @@
# This playbook just installs nginx so that it is ready to configure
# we don't bother with extra user accounts like with Beta because we
# are only concerned with using nginx to serve fully containerized
# applications. Not static files
---
- hosts: alpha
become: yes
vars:
SITES:
- search.project-athens.xyz
- files.leftcoast.space
- clips.shockrah.xyz
tasks:
- name: Install Certbot
community.general.snap:
name: certbot
classic: yes
- name: Push Configs
copy:
src: "{{item}}"
dest: "/etc/nginx/sites-available/{{item}}"
loop: "{{ SITES }}"
- name: Enable Sites in Nginx
file:
src: "/etc/nginx/sites-available/{{item}}"
dest: "/etc/nginx/sites-enabled/{{item}}"
state: link
loop: "{{ SITES }}"
- name: Restart Nginx
service:
name: nginx
state: restarted
- name: Install Certificates for all sites on this host
command: >
certbot -n --nginx -m "{{CERT_EMAIL}}" --agree-tos
--domains "{{item}}"
loop: "{{ SITES }}"

11
playbooks/alpha/nginx/search.project-athens.xyz
View File

@@ -1,11 +0,0 @@
# This file contains a base configuration file for the projectathens
# It is to be overwritten by certbot later on so adjusting this config
# should not happen on the target server
server {
server_name search.project-athens.xyz;
location / {
proxy_pass http://127.0.0.1:8080;
}
}

31
playbooks/alpha/searx/main.yml
View File

@@ -1,31 +0,0 @@
---
- hosts: alpha
remote_user: ubuntu
become: yes
tasks:
- name: Create /var/www/ Configuration Directory
file:
path: /var/www/
state: directory
- name: Create /var/www/searx/ Searx configuration Directory
file:
path: /var/www/searx
state: directory
- name: Copy Searx Configuration to /var/www/searx
copy:
src: settings.yml
dest: /var/www/searx/settings.yml
- name: Pull latest Searx Repo patches
community.docker.docker_container:
name: searx
image: searx/searx
pull: yes
restart_policy: always
recreate: yes
volumes:
- "/var/www/searx/settings.yml:/etc/searx/settings.yml"
ports:
- "8080:8080"

18
playbooks/alpha/setup-docker-plugin.yml
View File

@@ -1,18 +0,0 @@
---
- hosts: alpha
remote_user: ubuntu
tasks:
- name: Install Pip3
become: yes
become_method: sudo
apt:
name: python3-pip
update_cache: yes
- name: Install Docker Pip Package
become: yes
become_method: sudo
pip:
name: docker

16
playbooks/athens-common/touch.yml
View File

@@ -1,16 +0,0 @@
# This is purely here to check if things are
# working properly
---
- hosts: alpha, beta, gamma, sigma
remote_user: ubuntu
tasks:
- name: Echo
shell: echo 'This playbooks is just testing connectivity'
- name: Sample HTTP Request
shell: curl http://google.com
- name: Sample HTTPS Request
shell: curl -k https://gogle.com

42
playbooks/athens-common/ufw.yml
View File

@@ -1,42 +0,0 @@
# This play book sets up a mirrored setup for both web service hosts
# such that they accept web traffic in and out from anywhere
# but only accept ssh connections from the internal network
---
- hosts: alpha,beta
remote_user: ubuntu
# UFW is only accessible to root so sudo is required for each task
become: yes
become_method: sudo
tasks:
- name: Install UFW in case it's not here
apt:
name: ufw
update_cache: yes
- name: Allow SSH connections from internal network
ufw:
rule: allow
port: ssh
direction: incoming
- name: Rate limit SSH connections
ufw:
rule: limit
direction: incoming
port: ssh
proto: tcp
- name: Allow Plain-HTTP traffic from anywhere
ufw:
rule: allow
port: 80
proto: tcp
- name: Allow HTTPS traffic from anywhere
ufw:
rule: allow
port: 443
proto: tcp

5
playbooks/athens-common/update-certs.yml
View File

@@ -1,5 +0,0 @@
---
- import_playbook: '../beta/certbot.yml'
- import_playbook: '../alpha/certbot.yml'

34
playbooks/atlas/init/clippable/main.yml
View File

@@ -1,34 +0,0 @@
---
- hosts: atlas
become: yes
vars:
CLIPPABLE_ROOT: "{{ CLIPPABLE_MOUNT_POINT }}/clips"
tasks:
- name: Fetch vars for getting mount points
include_vars:
file: ../../vars/drives.yml
- name: Create mountpoints for volumes
file:
state: directory
path: "{{ CLIPPABLE_ROOT }}/{{ item }}"
loop:
- clips
- thumbnails
- name: Pull latest Clippable Image
community.docker.docker_container:
name: clippable
image: registry.gitlab.com/shockrah/clippable:latest
pull: yes
restart_policy: always
recreate: yes
env:
SITE_NAME: "Shockrah's Clips"
SITE_DESC: "Short clips of random stuff I do"
SITE_URL: "https://clips.shockrah.xyz"
ports:
- "8482:8482"
volumes:
- "{{CLIPPABLE_ROOT}}/clips:/media/clips"
- "{{CLIPPABLE_ROOT}}/thumbnails:/media/thumbnails"

23
playbooks/atlas/init/filebrowser/main.yml
View File

@@ -1,23 +0,0 @@
# This playbook goes through the process of setting up a simple FTP server on
# the target host.
---
- hosts: atlas
become: yes
tasks:
- name: Fetch vars for getting mount points
include_vars:
file: ../../vars/drives.yml
- name: Setup Filebrowser Container
community.docker.docker_container:
name: filebrowser
image: filebrowser/filebrowser
restart_policy: always
volumes:
- "{{ FILEBROWSER_MOUNT_POINT }}/files:/srv"
ports:
- "8000:80"
user: "0:0"

14
playbooks/atlas/init/migrate-clips-files.yml
View File

@@ -1,14 +0,0 @@
---
- hosts: atlas
tasks:
- name: Fetch vars for getting mount points
include_vars:
file: ../vars/drives.yml
- name: Copy over Filebrowser & Clippable data from local
become: yes
copy:
src: "{{ item.src }}"
dest: "{{ item.dst }}"
loop:
- { src: "{{ filebrowser }}", dst: "{{ FILEBROWSER_MOUNT_POINT }}" }
- { src: "{{ clippable }}" , dst: "{{ CLIPPABLE_MOUNT_POINT }}" }

50
playbooks/atlas/init/perma-mount-drives.yml
View File

@@ -1,50 +0,0 @@
# This ensures that the mount points for our docker volumes are present and
# populated correctly
---
- hosts: atlas
become: yes
vars:
filesystem: ext4
tasks:
- name: Fetch vars for getting mount points
include_vars:
file: ../vars/drives.yml
- name: Creat mountpoints for mounted volumes
file:
path: "{{ item }}"
state: directory
owner: ubuntu
loop:
- "{{ CLIPPABLE_MOUNT_POINT }}"
- "{{ FILEBROWSER_MOUNT_POINT }}"
- name: Partition Devices
community.general.parted:
device: "{{ item }}"
number: 1
label: gpt
part_start: 0%
part_end: 100%
name: data
loop:
- "{{ FILEBROWSER_DRIVE }}"
- "{{ CLIPPABLE_DRIVE }}"
- name: Format the drive for use
community.general.filesystem:
dev: "{{ item }}"
fstype: "{{ filesystem }}"
loop:
- "{{ FILEBROWSER_DRIVE }}"
- "{{ CLIPPABLE_DRIVE }}"
- name: Permanently Mount Drives
mount:
state: mounted
path: "{{ item.dst }}"
src: "{{ item.src }}"
fstype: "{{ filesystem }}"
loop:
- { src: "{{ FILEBROWSER_DRIVE }}", dst: "{{ FILEBROWSER_MOUNT_POINT }}" }
- { src: "{{ CLIPPABLE_DRIVE }}", dst: "{{ CLIPPABLE_MOUNT_POINT }}" }

30
playbooks/atlas/init/searx/main.yml
View File

@@ -1,30 +0,0 @@
---
- hosts: atlas
become: yes
tasks:
- name: Create /var/www/ Configuration Directory
file:
path: /var/www/
state: directory
- name: Create /var/www/searx/ Searx configuration Directory
file:
path: /var/www/searx
state: directory
- name: Copy Searx Configuration to /var/www/searx
copy:
src: settings.yml
dest: /var/www/searx/settings.yml
- name: Pull latest Searx Repo patches
community.docker.docker_container:
name: searx
image: searx/searx
pull: yes
restart_policy: always
recreate: yes
volumes:
- "/var/www/searx/settings.yml:/etc/searx/settings.yml"
ports:
- "8080:8080"

20
playbooks/atlas/init/searx/settings.yml
View File

@@ -1,20 +0,0 @@
use_default_settings: True
general:
debug : False # Debug mode, only for development
instance_name : "Project Athens SearX" # displayed name
search:
safe_search : 0 # Filter results. 0: None, 1: Moderate, 2: Strict
autocomplete : "" # Existing autocomplete backends: "dbpedia", "duckduckgo", "google", "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off by default
default_lang : "" # Default search language - leave blank to detect from browser information or use codes from 'languages.py'
server:
port : 8080
bind_address : "127.0.0.1" # explicitly only listen on localhost
# This key only matters for API users which I don't care about
# Hence this is fine because meh.jpg
secret_key : "VnnTHjYycpMerevPKQ5DAngpcZ3in5R8wgshvz2kW1LBDw6Z/ytWGdkZfXZTdY7zMb0oe6UXoZ9a"
base_url : "https://search.project-athens.xyz"
image_proxy : False # Proxying image results through searx

8
playbooks/atlas/init/setup-containers.yml
View File

@@ -1,8 +0,0 @@
# Here we just call other playbooks to setup the services in the same way
# that the alpha host would set them up.
# NOTE: lewdlad is not included here because it is deployed via pipeline
# in it's own repository
---
- import_playbook: './searx/main.yml'
- import_playbook: './filebrowser/main.yml'
- import_playbook: './clippable/main.yml'

48
playbooks/atlas/init/setup-reverse-proxy.yml
View File

@@ -1,48 +0,0 @@
# This playbook just installs nginx so that it is ready to configure
# we don't bother with extra user accounts like with Beta because we
# are only concerned with using nginx to serve fully containerized
# applications. Not static files
---
- hosts: atlas
become: yes
vars:
CERT_EMAIL: "dev@shockrah.xyz"
SITES:
- search.project-athens.xyz
- files.leftcoast.space
- clips.shockrah.xyz
tasks:
- name: Install nginx
apt:
name: nginx
state: latest
- name: Install Certbot
community.general.snap:
name: certbot
classic: yes
- name: Push Configs
copy:
src: "{{ '../nginx-plain-conf/' ~ item }}"
dest: "{{ '/etc/nginx/sites-available/' ~ item }}"
loop: "{{ SITES }}"
- name: Enable Sites in Nginx
file:
src: "/etc/nginx/sites-available/{{item}}"
dest: "/etc/nginx/sites-enabled/{{item}}"
state: link
loop: "{{ SITES }}"
- name: Restart Nginx
service:
name: nginx
state: restarted
- name: Install Certificates for all sites on this host
command: >
certbot -n --nginx -m "{{ CERT_EMAIL }}" --agree-tos
--domains "{{item}}"
loop: "{{ SITES }}"

46
playbooks/atlas/init/system-deps.yml
View File

@@ -1,46 +0,0 @@
# This playbook downloads all the basic requirements to give containers
# an environment where they can be brought up safely. We focus primarily
# on the host with this playbook
---
- hosts: atlas
become: yes
become_method: sudo
tasks:
- name: Install docker dependencies
apt:
name: "{{item}}"
update_cache: yes
loop:
- apt-transport-https
- ca-certificates
- curl
- gnupg
- software-properties-common
- lsb-release
- python3
- python3-pip
- name: Install docker-py
pip:
name: docker-py
state: present
- name: Install docker GPG key
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: Add Docker Apt Repo
apt_repository:
repo: deb https://download.docker.com/linux/ubuntu impish stable
state: present
- name: Install Docker components
apt:
name: "{{item}}"
update_cache: yes
loop:
- docker-ce
- docker-ce-cli
- containerd.io

30
playbooks/atlas/nginx-plain-conf/clippable.yml
View File

@@ -1,30 +0,0 @@
# It is important to keep in mind that these websites are to be served under
# either port 80 or port 443. The reasoning for allowing port 80 connections
# is because the content here is not sensitive and I'm 100% sure I'm going
# to get traffic from glow-friends so there
---
- hosts: beta
become: yes
tasks:
- name: Push clips.shockrah.xyz config(nginx)
copy:
src: "clips.shockrah.xyz"
dest: "/etc/nginx/sites-available/clips.shockrah.xyz"
- name: Enable clips nginx config
file:
src: /etc/nginx/sites-available/clips.shockrah.xyz
dest: /etc/nginx/sites-enabled/clips.shockrah.xyz
state: link
- name: Restart Nginx
service:
name: nginx
state: restarted
- name: Install New Certificate for all sites
command: >
certbot -n --nginx -m "dev@shockrah.xyz" --agree-tos
--domains clips.shockrah.xyz

12
playbooks/atlas/nginx-plain-conf/clips.shockrah.xyz
View File

@@ -1,12 +0,0 @@
# This file contains a base configuration file for the projectathens
# It is to be overwritten by certbot later on so adjusting this config
# should not happen on the target server
server {
server_name clips.shockrah.xyz;
location / {
proxy_pass http://127.0.0.1:8482;
}
}

10
playbooks/atlas/nginx-plain-conf/disable-default.yml
View File

@@ -1,10 +0,0 @@
---
- hosts: alpha
tasks:
- name: Disable Default Nginx Site
become: yes
file:
path: /etc/nginx/sites-enabled/default
state: absent

14
playbooks/atlas/nginx-plain-conf/files.leftcoast.space
View File

@@ -1,14 +0,0 @@
# This file contains a base configuration file for the projectathens
# It is to be overwritten by certbot later on so adjusting this config
# should not happen on the target server
server {
server_name files.leftcoast.space;
location / {
proxy_pass http://127.0.0.1:8000;
}
# Because we take large video/image file uploads
client_max_body_size 0;
}

42
playbooks/atlas/nginx-plain-conf/main.yml
View File

@@ -1,42 +0,0 @@
# This playbook just installs nginx so that it is ready to configure
# we don't bother with extra user accounts like with Beta because we
# are only concerned with using nginx to serve fully containerized
# applications. Not static files
---
- hosts: alpha
become: yes
tasks:
- name: Install Certbot
community.general.snap:
name: certbot
classic: yes
- name: Push Configs
copy:
src: "{{item}}"
dest: "/etc/nginx/sites-available/{{item}}"
loop:
- search.project-athens.xyz
- files.leftcoast.space
- name: Enable Sites in Nginx
file:
src: "/etc/nginx/sites-available/{{item}}"
dest: "/etc/nginx/sites-enabled/{{item}}"
state: link
loop:
- search.project-athens.xyz
- files.leftcoast.space
- name: Restart Nginx
service:
name: nginx
state: restarted
- name: Install Certificates for all sites on this host
command: >
certbot -n --nginx -m "{{CERT_EMAIL}}" --agree-tos
--domains "{{item}}"
loop:
- search.project-athens.xyz
- files.leftcoast.space

11
playbooks/atlas/nginx-plain-conf/search.project-athens.xyz
View File

@@ -1,11 +0,0 @@
# This file contains a base configuration file for the projectathens
# It is to be overwritten by certbot later on so adjusting this config
# should not happen on the target server
server {
server_name search.project-athens.xyz;
location / {
proxy_pass http://127.0.0.1:8080;
}
}

5
playbooks/atlas/vars/drives.yml
View File

@@ -1,5 +0,0 @@
# These vars are really only used to configure the host for the first time
CLIPPABLE_MOUNT_POINT: /mnt/clippable
CLIPPABLE_DRIVE: /dev/nvme1n1
FILEBROWSER_DRIVE: /dev/nvme2n1
FILEBROWSER_MOUNT_POINT: /mnt/filebrowser

13
playbooks/beta/base-site-conf/freechat.shockrah.xyz
View File

@@ -1,13 +0,0 @@
# This file basically contains the base configuration for freechat.shockrah.xyz
# This is to be installed before running certbot against it as this only sets us
# up for correct HTTP(not TLS) based connections
server {
root /var/www/freechat;
index index.html;
server_name freechat.shockrah.xyz;
location / {
try_files $uri $uri/ =404;
}
}

13
playbooks/beta/base-site-conf/qrcodes.leftcoast.space
View File

@@ -1,13 +0,0 @@
# This file basically contains the base configuration for qrcodes.leftcoast.space
# This is to be installed before running certbot against it as this only sets us
# up for correct HTTP(not TLS) based connections
server {
root /var/www/qrcodes.leftcoast.space;
index index.html;
server_name qrcodes.leftcoast.space;
location / {
try_files $uri $uri/ =404;
}
}

14
playbooks/beta/base-site-conf/resume.shockrah.xyz
View File

@@ -1,14 +0,0 @@
# This file basically contains the base configuration for freechat.shockrah.xyz
# This is to be installed before running certbot against it as this only sets us
# up for correct HTTP(not TLS) based connections
server {
root /var/www/resume.shockrah.xyz;
index index.html;
server_name resume.shockrah.xyz;
location / {
try_files $uri $uri/ =404;
}
}

14
playbooks/beta/base-site-conf/shockrah.xyz
View File

@@ -1,14 +0,0 @@
# This file basically contains the base configuration for freechat.shockrah.xyz
# This is to be installed before running certbot against it as this only sets us
# up for correct HTTP(not TLS) based connections
server {
root /var/www/shockrah.xyz;
index index.html;
server_name shockrah.xyz;
location / {
try_files $uri $uri/ =404;
}
}

19
playbooks/beta/certbot.yml
View File

@@ -1,19 +0,0 @@
# It is important to keep in mind that these websites are to be served under
# either port 80 or port 443. The reasoning for allowing port 80 connections
# is because the content here is not sensitive and I'm 100% sure I'm going
# to get traffic from glow-friends so there
---
- hosts: beta
remote_user: ubuntu
become: yes
tasks:
- name: Install New Certificate for all sites
command: >
certbot -n --nginx -m "{{CERT_EMAIL}}" --agree-tos
--domains "{{item}}"
loop:
- freechat.shockrah.xyz
- shockrah.xyz
- resume.shockrah.xyz
- qrcodes.leftcoast.space

0
playbooks/beta/files/.gitkeep
View File

66
playbooks/beta/init.yml
View File

@@ -1,66 +0,0 @@
# This playbook goes through the process of setting up all the lower level
# infrastructure we need to start deploying website files to the server
# itself.
---
- hosts: beta
remote_user: ubuntu
become: yes
become_method: sudo
tasks:
- name: Install snapd package manager
apt:
name: snapd
update_cache: yes
state: present
- name: Install Nginx
apt:
name: nginx
update_cache: yes
state: present
- name: Update Snap
community.general.snap:
name: core
state: present
- name: Install Certbot Snap Package
community.general.snap:
name: certbot
classic: yes
- name: Create website admin group
group:
name: web
state: present
- name: Create website user account
user:
name: web
comment: Website maintainer account
state: present
- name: Create /home/web/.ssh directory
file:
path: /home/web/.ssh
state: directory
owner: web
group: web
mode: 0700
- name: Copy public web key to beta
authorized_key:
user: web
key: "{{ lookup('file', 'files/'+'web.pub') }}"
- name: Create Web root directory under new web account
file:
path: /var/www
state: directory
recurse: yes
owner: web
group: web

34
playbooks/beta/setup-nginx-confs.yml
View File

@@ -1,34 +0,0 @@
---
- hosts: beta
remote_user: ubuntu
become: yes
become_method: sudo
tasks:
- name: Push Nginx Site Configs into available site listings
copy:
src: "base-site-conf/{{item}}"
dest: /etc/nginx/sites-available/
loop:
- freechat.shockrah.xyz
- resume.shockrah.xyz
- shockrah.xyz
- qrcodes.leftcoast.space
- name: Enable Static Sites in Nginx
file:
src: "/etc/nginx/sites-available/{{item}}"
dest: "/etc/nginx/sites-enabled/{{item}}"
state: link
loop:
- freechat.shockrah.xyz
- resume.shockrah.xyz
- shockrah.xyz
- qrcodes.leftcoast.space
- name: Restart Nginx Service
service:
name: nginx
state: restarted

18
playbooks/beta/test-web-user.yml
View File

@@ -1,18 +0,0 @@
# This playbooks basically just ensures that the web user account is behaving
# correctly and is installed in the correct places
---
- hosts: web
user: web
tasks:
- name: Echo something
shell: echo Hello
register: hi
- debug: var=hi.stdout
- name: Who am I
shell: whoami
register: whoami
- debug: var=whoami.stdout_lines

0
playbooks/beta/vars/.gitkeep
View File

8
playbooks/beta/websites/update-blog.yml
View File

@@ -1,8 +0,0 @@
---
- hosts: beta
become: yes
tasks:
- name: Push blog content
copy:
src: "{{BLOG_LOCAL_PUBLIC}}/public/"
dest: /var/www/shockrah.xyz

8
playbooks/beta/websites/update-fc-docs.yml
View File

@@ -1,8 +0,0 @@
---
- hosts: beta
become: yes
tasks:
- name: Push docs content
copy:
src: "{{FC_LOCAL_DOCS}}/public"
dest: /var/www/freechat

12
playbooks/beta/websites/update-qrcodes.yml
View File

@@ -1,12 +0,0 @@
---
- hosts: beta
become: yes
tasks:
- name: Fetch variables from role specific vars file
include_vars:
file: ../vars/main.yml
- name: Push out qrcodes public content
copy:
src: "{{QRCODES_LOCAL_PUBLIC}}/public/"
dest: /var/www/qrcodes.leftcoast.space

11
playbooks/beta/websites/update-resume.yml
View File

@@ -1,11 +0,0 @@
---
- hosts: beta
become: yes
tasks:
- name: Fetch variables from role specific vars file
include_vars:
file: ../vars/main.yml
- name: Push out resume public content
copy:
src: "{{RESUME_LOCAL_PUBLIC}}/public/"
dest: /var/www/resume.shockrah.xyz

6
playbooks/check-syntax.sh
View File

@@ -1,6 +0,0 @@
#!/bin/sh
for f in `find -name '*.yml'`; do
echo ansible-playbook -i hosts.ini --syntax-check $f
ansible-playbook -i hosts.ini --syntax-check $f
done

7
playbooks/connect.sh
View File

@@ -1,7 +0,0 @@
#!/bin/sh
# -_-
set -x
ssh -F .ssh/config -o UserKnownHostsFile=.ssh/known_hosts $@

5
playbooks/readme
View File

@@ -1,5 +0,0 @@
Note about these playbooks: because the infrastructure is currently built on
FARGATE and ECS there is no need to have these here however I keep them around
in case they end up being of use somehow.
In other words these are here for reference but not used.