crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[nginx/moinmoin] Extract nginx configuration 

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
certbot_on_virtu
Yohann D'ANELLO 2021-02-22 21:22:07 +01:00 committed by ynerant
parent d6f15d4210
commit 6b8fb0916f
10 changed files with 121 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
group_vars/nginx.yml
View File

@ -28,5 +28,5 @@ glob_nginx:
default_ssl_domain: crans.org
real_ip_from:
- "172.16.0.0/16"
- "2a0c:700:0:2::/64"
- "fd00:0:0:10::/64"
deploy_robots_file: false

37
group_vars/wiki.yml 100644
View File

@ -0,0 +1,37 @@
---
glob_moinmoin:
main: false
loc_nginx:
service_name: wiki
ssl: []
servers:
- server_name: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipwrap + [ansible_hostname, ansible_hostname + '.adm.crans.org'] }}"
default: true
access_log: "/var/log/nginx/wiki.log combined"
error_log: "/var/log/nginx/wiki.error.log"
additional_params:
- "rewrite ^/$ $scheme://wiki.crans.org/PageAccueil"
- "client_max_body_size 15M"
locations:
- filter: "/wiki"
params:
- "alias /var/local/wiki/htdocs/"
- filter: "/robots.txt"
params:
- "alias /var/local/wiki/robots.txt"
- filter: "/favicon.ico"
params:
- "/var/local/wiki/favicon.ico"
- filter: "/www-sitemap.xml"
params:
- "alias /var/local/wiki/www-sitemap.xml"
- filter: "/"
params:
- "uwsgi_pass unix:///var/run/uwsgi/app/moinmoin/socket"
- "include uwsgi_params"

2
host_vars/kiwi.adm.crans.org.yml
View File

@ -31,5 +31,5 @@ to_backup:
read_only: "yes",
}
moinmoin:
loc_moinmoin:
main: true

5
host_vars/sputnik.adm.crans.org
View File

@ -1,5 +0,0 @@
---
loc_slapd:
ip: "{{ query('ldap', 'ip', 'sputnik', 'adm') | ipv4 | first }}"
replica: true
replica_rid: 4

64
host_vars/sputnik.adm.crans.org.yml
View File

@ -23,5 +23,67 @@ to_backup:
hosts_allow: ["zephir.adm.crans.org", "10.231.136.6", "172.31.0.1"],
}
moinmoin:
loc_slapd:
ip: "{{ query('ldap', 'ip', 'sputnik', 'adm') | ipv4 | first }}"
replica: true
replica_rid: 4
loc_moinmoin:
main: false
loc_certbot:
- dns_rfc2136_server: '172.16.10.147'
dns_rfc2136_name: certbot_adm_challenge.
dns_rfc2136_secret: "{{ vault.certbot_adm_dns_secret }}"
mail: root@crans.org
certname: adm.crans.org
domains: "*.adm.crans.org"
- dns_rfc2136_server: '172.16.10.147'
dns_rfc2136_name: certbot_challenge.
dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
mail: root@crans.org
certname: crans.org
domains: "git2.crans.org, status.crans.org, wiki.crans.org"
loc_nginx:
service_name: wiki
ssl:
- name: adm.crans.org
cert: /etc/letsencrypt/live/adm.crans.org/fullchain.pem
cert_key: /etc/letsencrypt/live/adm.crans.org/privkey.pem
trusted_cert: /etc/letsencrypt/live/adm.crans.org/chain.pem
- name: crans.org
cert: /etc/letsencrypt/live/crans.org/fullchain.pem
cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
servers:
- server_name:
- "wiki2.crans.org"
ssl : "crans.org"
access_log: "/var/log/nginx/wiki.log combined"
error_log: "/var/log/nginx/wiki.error.log"
additional_params:
- "rewrite ^/$ $scheme://wiki2.crans.org/PageAccueil"
- "client_max_body_size 15M"
locations:
- filter: "/wiki"
params:
- "alias /var/local/wiki/htdocs/"
- filter: "/robots.txt"
params:
- "alias /var/local/wiki/robots.txt"
- filter: "/favicon.ico"
params:
- "/var/local/wiki/favicon.ico"
- filter: "/www-sitemap.xml"
params:
- "alias /var/local/wiki/www-sitemap.xml"
- filter: "/"
params:
- "uwsgi_pass unix:///var/run/uwsgi/app/moinmoin/socket"
- "include uwsgi_params"

8
hosts
View File

@ -20,6 +20,9 @@ tealc.adm.crans.org
[belenios]
belenios.adm.crans.org
[certbot]
sputnik.adm.crans.org
[certbot:children]
dovecot
git
@ -93,6 +96,7 @@ mailman
reverseproxy
roundcube
thelounge
wiki
[ntp_server]
charybde.adm.crans.org
@ -136,6 +140,10 @@ daniel.adm.crans.org
jack.adm.crans.org
sam.adm.crans.org
[wiki]
kiwi.adm.crans.org
sputnik.adm.crans.org
[crans_routeurs:children]
# dhcp TODO: Really needed ?
# keepalived

12
plays/moinmoin.yml
View File

@ -1,6 +1,16 @@
#!/usr/bin/env ansible-playbook
---
- hosts: certbot:&wiki
vars:
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
roles:
- certbot
# Deploy MoinMoin Wiki
- hosts: kiwi.adm.crans.org,soyouz.adm.crans.org,sputnik.adm.crans.org
- hosts: wiki
vars:
moinmoin: '{{ glob_moinmoin | default({}) | combine(loc_moinmoin | default({})) }}'
nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
roles:
- moinmoin
- nginx

5
roles/moinmoin/handlers/main.yml
View File

@ -3,8 +3,3 @@
service:
name: uwsgi
state: restarted
- name: Restart nginx
service:
name: nginx
state: restarted

13
roles/moinmoin/tasks/main.yml
View File

@ -40,19 +40,6 @@
enabled: true
state: started
- name: Configure nginx
template:
src: nginx/sites-available/wiki.j2
dest: /etc/nginx/sites-available/wiki
notify: Restart nginx
- name: Activate nginx site
file:
src: /etc/nginx/sites-available/wiki
dest: /etc/nginx/sites-enabled/wiki
state: link
notify: Restart nginx
- name: Indicate role in motd
template:
src: update-motd.d/05-service.j2

31
roles/moinmoin/templates/nginx/sites-available/wiki.j2
View File

@ -1,31 +0,0 @@
{{ ansible_header | comment }}
server {
listen 80;
listen [::]:80;
server_name wiki.adm.crans.org;
access_log /var/log/nginx/wiki.log combined;
error_log /var/log/nginx/wiki.error.log;
# Redirect to home page
rewrite ^/$ $scheme://wiki.crans.org/PageAccueil;
# Limit uploads
client_max_body_size 15M;
# MoinMoin paths
location /wiki/ { alias /var/local/wiki/htdocs/; }
location /robots.txt { alias /var/local/wiki/robots.txt; }
location /favicon.ico { alias /var/local/wiki/favicon.ico; }
location /www-sitemap.xml { alias /var/local/wiki/www-sitemap.xml; }
location / {
uwsgi_pass unix:///var/run/uwsgi/app/moinmoin/socket;
include uwsgi_params;
}
set_real_ip_from 172.16.10.0/24;
set_real_ip_from fd00:0:0:10::/64;
real_ip_header X-Real-Ip;
}