mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-11-28 16:06:28 +00:00
add manual things
This commit is contained in:
parent
6b9d992f17
commit
a68f9b7102
46
ansible/playbooks/role-rocky-system.yml
Normal file
46
ansible/playbooks/role-rocky-system.yml
Normal file
@ -0,0 +1,46 @@
|
||||
---
|
||||
# No idea if this is an antipattern. Manage the system.
|
||||
#
|
||||
- name: Manage the basic aspects of the system
|
||||
hosts: all
|
||||
become: true
|
||||
|
||||
# This is to try to avoid the handler issue in pre/post tasks
|
||||
handlers:
|
||||
- import_tasks: handlers/main.yml
|
||||
|
||||
pre_tasks:
|
||||
- name: Check if ansible cannot be run here
|
||||
stat:
|
||||
path: /etc/no-ansible
|
||||
register: no_ansible
|
||||
|
||||
- name: Verify if we can run ansible
|
||||
assert:
|
||||
that:
|
||||
- "not no_ansible.stat.exists"
|
||||
success_msg: "We are able to run on this node"
|
||||
fail_msg: "/etc/no-ansible exists - skipping run on this node"
|
||||
|
||||
tasks:
|
||||
- name: Install/Update Base System packages
|
||||
dnf:
|
||||
name:
|
||||
- sudo
|
||||
update_only: true
|
||||
state: latest
|
||||
register: dnf_result
|
||||
|
||||
- name: "List changed packages"
|
||||
debug:
|
||||
var: dnf_result.results
|
||||
when: dnf_result.results | length > 0
|
||||
|
||||
post_tasks:
|
||||
- name: Touching run file that ansible has ran here
|
||||
file:
|
||||
path: /var/log/ansible.run
|
||||
state: touch
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
69
ansible/playbooks/role-rocky-wikijs.yml
Normal file
69
ansible/playbooks/role-rocky-wikijs.yml
Normal file
@ -0,0 +1,69 @@
|
||||
---
|
||||
# WikiJS
|
||||
- name: Install and manage Wikijs
|
||||
hosts: wiki
|
||||
become: false
|
||||
vars_files:
|
||||
- vars/vaults/hostman.yml
|
||||
- vars/vaults/wikijs.yml
|
||||
- vars/wikijs.yml
|
||||
|
||||
# This is to try to avoid the handler issue in pre/post tasks
|
||||
handlers:
|
||||
- import_tasks: handlers/main.yml
|
||||
|
||||
pre_tasks:
|
||||
- name: Check if ansible cannot be run here
|
||||
stat:
|
||||
path: /etc/no-ansible
|
||||
register: no_ansible
|
||||
|
||||
- name: Verify if we can run ansible
|
||||
assert:
|
||||
that:
|
||||
- "not no_ansible.stat.exists"
|
||||
success_msg: "We are able to run on this node"
|
||||
fail_msg: "/etc/no-ansible exists - skipping run on this node"
|
||||
|
||||
- name: Install SELinux packages
|
||||
become: true
|
||||
package:
|
||||
name: python3-policycoreutils.noarch
|
||||
state: present
|
||||
|
||||
roles:
|
||||
- role: rockylinux.ipagetcert
|
||||
become: true
|
||||
state: present
|
||||
tags: ['certs']
|
||||
|
||||
- role: rockylinux.wikijs
|
||||
tags: ['wikijs']
|
||||
become: true
|
||||
|
||||
# Define variables in vars/wikijs.yml
|
||||
- role: nginxinc.nginx_core.nginx
|
||||
tags: ['nginx']
|
||||
become: true
|
||||
- role: nginxinc.nginx_core.nginx_config
|
||||
tags: ['nginx']
|
||||
become: true
|
||||
|
||||
post_tasks:
|
||||
- name: Open firewalld ports
|
||||
become: true
|
||||
ansible.posix.firewalld:
|
||||
port: "{{ item.port }}"
|
||||
permanent: "{{ item.permanent }}"
|
||||
state: "{{ item.state }}"
|
||||
immediate: yes
|
||||
loop: "{{ firewall_rules }}"
|
||||
|
||||
- name: Touching run file that ansible has ran here
|
||||
become: true
|
||||
file:
|
||||
path: /var/log/ansible.run
|
||||
state: touch
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
109
ansible/playbooks/vars/wikijs.yml
Normal file
109
ansible/playbooks/vars/wikijs.yml
Normal file
@ -0,0 +1,109 @@
|
||||
---
|
||||
# wikijs vars
|
||||
firewall_rules:
|
||||
- port: 443/tcp
|
||||
permanent: true
|
||||
state: enabled
|
||||
- port: 9100/tcp
|
||||
permanent: true
|
||||
state: enabled
|
||||
|
||||
tls_ca_cert: "/etc/pki/tls/certs/ca-bundle.crt"
|
||||
tls_cert: "/etc/pki/tls/certs/{{ ansible_fqdn }}.crt"
|
||||
tls_key: "/etc/pki/tls/private/{{ ansible_fqdn }}.key"
|
||||
|
||||
ipa_getcert_requested_hostnames:
|
||||
- name: "{{ ansible_fqdn }}"
|
||||
owner: nginx
|
||||
key_location: "{{ tls_key }}"
|
||||
cert_location: "{{ tls_cert }}"
|
||||
postcmd: "/bin/systemctl reload nginx"
|
||||
|
||||
wikijs_dbtype: postgres
|
||||
wikijs_db:
|
||||
host: "db.rockylinux.org"
|
||||
port: 5432
|
||||
user: wikijs
|
||||
password: " {{ _wikijs_db_rw_pass }} "
|
||||
dbname: wikijs_db
|
||||
ssl: true
|
||||
|
||||
|
||||
####################
|
||||
### NGINX CONFIG ###
|
||||
####################
|
||||
|
||||
|
||||
# no demo config/template
|
||||
nginx_config_html_demo_template_enable: false
|
||||
|
||||
nginx_config_selinux: true
|
||||
nginx_config_selinux_enforcing: true
|
||||
|
||||
nginx_config_start: true
|
||||
|
||||
nginx_config_debug_output: true
|
||||
nginx_config_debug_tasks: true
|
||||
|
||||
# nginx_config_cleanup: true
|
||||
|
||||
nginx_config_http_template_enable: true
|
||||
nginx_config_main_template_enable: true
|
||||
|
||||
nginx_config_http_template:
|
||||
default:
|
||||
template_file: http/default.conf.j2
|
||||
conf_file_name: default.conf
|
||||
conf_file_location: /etc/nginx/conf.d/
|
||||
servers:
|
||||
redirect_https:
|
||||
listen:
|
||||
v6:
|
||||
ip: '[::]' # Wrap in square brackets for IPv6 addresses
|
||||
port: 80
|
||||
opts: ['default_server']
|
||||
v4:
|
||||
ip: '' # Wrap in square brackets for IPv6 addresses
|
||||
port: 80
|
||||
opts: ['default_server']
|
||||
server_name: "{{ ansible_fqdn }}"
|
||||
error_page: /usr/share/nginx/html
|
||||
access_log:
|
||||
- name: main
|
||||
location: /var/log/nginx/access.log
|
||||
error_log:
|
||||
location: /var/log/nginx/error.log
|
||||
level: warn
|
||||
root: "{{ wikijs_dir }}"
|
||||
https_redirect: $host
|
||||
wikijs_server:
|
||||
listen:
|
||||
v6:
|
||||
ip: '[::]' # Wrap in square brackets for IPv6 addresses
|
||||
port: 443
|
||||
ssl: true
|
||||
opts: ['http2', 'default_server']
|
||||
v4:
|
||||
ip: '' # Wrap in square brackets for IPv6 addresses
|
||||
port: 443
|
||||
ssl: true
|
||||
opts: ['http2', 'default_server']
|
||||
ssl:
|
||||
cert: "{{ tls_cert }}"
|
||||
key: "{{ tls_key }}"
|
||||
server_name: "{{ ansible_fqdn }}"
|
||||
error_page: /usr/share/nginx/html
|
||||
access_log:
|
||||
- name: main
|
||||
location: /var/log/nginx/access.log
|
||||
error_log:
|
||||
location: /var/log/nginx/error.log
|
||||
level: warn
|
||||
root: "{{ wikijs_dir }}"
|
||||
web_server:
|
||||
locations:
|
||||
default:
|
||||
location: /
|
||||
custom_options:
|
||||
- "proxy_pass http://localhost:3000/;"
|
||||
http_demo_conf: false
|
Loading…
Reference in New Issue
Block a user