diff --git a/roles/mete/defaults/main.yml b/roles/mete/defaults/main.yml new file mode 100644 index 0000000..45f1b4f --- /dev/null +++ b/roles/mete/defaults/main.yml @@ -0,0 +1,23 @@ +--- + +mete_domain: kasse.z1.ccchb.de +mete_nginx_domains: + - kasse.z1.ccchb.de + - kasse.zweigstelle.space +mete_app_dir: /var/www/kiosk.z1.ccchb.de/mete +mete_app_url: "http://127.0.0.1:3000/" +mete_nginx_config: | + listen [::]:443 ssl http2; + listen 443 ssl http2; + + {% for domain in mete_nginx_domains %} + server_name {{ domain }}; + {% endfor %} + + ssl_certificate /etc/letsencrypt/live/{{ mete_domain }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ mete_domain }}/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/{{ mete_domain }}/chain.pem; + + include snippets/certbot.conf; + +... diff --git a/roles/mete/tasks/main.yml b/roles/mete/tasks/main.yml new file mode 100644 index 0000000..952d0ee --- /dev/null +++ b/roles/mete/tasks/main.yml @@ -0,0 +1,19 @@ +--- +- name: Install mete systemd unit + template: + src: service.j2 + dest: "/etc/systemd/system/mete@{{ mete_domain }}.service" + +- name: Install mete nginx site + notify: reload nginx + template: + src: nginx.j2 + dest: /etc/nginx/sites-available/{{ mete_domain }} + +- name: Activate mete site + file: + src: /etc/nginx/sites-available/{{ mete_domain }} + dest: /etc/nginx/sites-enabled/{{ mete_domain }} + state: link + +... diff --git a/roles/mete/templates/nginx.j2 b/roles/mete/templates/nginx.j2 new file mode 100644 index 0000000..9a7084b --- /dev/null +++ b/roles/mete/templates/nginx.j2 @@ -0,0 +1,17 @@ +# {{ ansible_managed }} + +server { + {{ mete_nginx_config }} + + location / { + proxy_pass {{ mete_app_url }}; + + satisfy any; + + allow 45.152.242.34; + allow 2001:67c:708::/48; + + auth_basic "CCCHB internal"; + auth_basic_user_file "htpasswd"; + } +} diff --git a/roles/mete/templates/service.j2 b/roles/mete/templates/service.j2 new file mode 100644 index 0000000..9856cb9 --- /dev/null +++ b/roles/mete/templates/service.j2 @@ -0,0 +1,12 @@ +[Unit] +Description=Mete application server on {{ mete_domain }} + +[Service] +ExecStart=/bin/bundler exec rails server +WorkingDirectory={{ mete_app_dir }} +User=www-data +Environment=RAILS_ENV=production + +[Install] +WantedBy=multi-user.target +