add api and db role

2016-11-22 14:14:04 +01:00 · 2016-11-22 14:14:04 +01:00 · ef3b9a5af3
commit ef3b9a5af3
11 changed files with 161 additions and 0 deletions
--- a/warehost-api/defaults/main.yml
+++ b/warehost-api/defaults/main.yml
@ -0,0 +1,6 @@
+---
+warehost_db_host: localhost
+warehost_api_internal_ip: 127.0.0.1
+warehost_api_internal_port: 60990
+warehost_api_ssl: true
+warehost_api_domain: api.warehost.de
--- a/warehost-api/handlers/main.yml
+++ b/warehost-api/handlers/main.yml
@ -0,0 +1,12 @@
+---
+- name: reload daemon-reload
+  command: systemctl daemon-reload
+
+- name: reload nginx
+  service: name=nginx state=reloaded
+
+- name: reload caddy
+  service: name=caddy state=reloaded
+
+- name: restart warehost
+  service: name=warehost state=restarted
--- a/warehost-api/meta/main.yml
+++ b/warehost-api/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+- warehost-db
--- a/warehost-api/tasks/caddy.yml
+++ b/warehost-api/tasks/caddy.yml
@ -0,0 +1,4 @@
+---
+- name: Configurate caddy
+  template: src=caddy.conf dest=/etc/caddy/hosts/80-warehost-api.act owner=http mode=0644
+  notify: reload caddy
--- a/warehost-api/tasks/main.yml
+++ b/warehost-api/tasks/main.yml
@ -0,0 +1,34 @@
+---
+- name: Create users
+  user: name=warehost createhome=no
+
+- name: Download Warehost (TODO current copy)
+  copy: src=warehost dest=/usr/local/bin/warehost owner=root group=root mode=0755
+
+- name: Create config folder
+  file: path=/etc/warehost state=directory owner=warehost mode=0700
+
+- name: Create log folder
+  file: path=/var/log/warehost state=directory owner=warehost mode=0700
+
+- name: Configurate warehost
+  template: src=config.yml dest=/etc/warehost/api.conf owner=warehost mode=0600
+  notify: restart warehost
+
+- name: Install service
+  template: src=warehost.unit dest=/lib/systemd/system/warehost.service owner=root mode=644
+  notify:
+  - reload daemon-reload
+  - restart warehost
+
+- name: Enable warehost
+  service: name=warehost state=started enabled=yes
+
+
+- name: Configurate per nginx
+  include: nginx.yml
+  when: warehost_webserver_type == "nginx"
+
+- name: Configurate per caddy
+  include: caddy.yml
+  when: warehost_webserver_type == "caddy"
--- a/warehost-api/tasks/nginx.yml
+++ b/warehost-api/tasks/nginx.yml
@ -0,0 +1,10 @@
+---
+- name: Create ssl cert
+  command: /srv/bin/ssl-create {{warehost_api_domain}}
+  args:
+    creates: /etc/letsencrypt/live/{{warehost_api_domain}}/fullchain.pem
+  when: warehostv2_api_ssl
+
+- name: Configurate nginx
+  template: src=nginx.conf dest=/etc/nginx/servers/80-{{ warehost_api_domain }}.act owner=http mode=644
+  notify: reload nginx
--- a/warehost-api/templates/caddy.conf
+++ b/warehost-api/templates/caddy.conf
@ -0,0 +1,8 @@
+http://{{warehost_api_domain}} {
+	redir https://{{warehost_api_domain}}{uri}
+}
+https://{{warehost_api_domain}} {
+	tls {{caddy_ssl_mail}}
+	gzip
+	proxy / {{warehost_api_internal_ip}}:{{warehost_api_internal_port}}
+}
--- a/warehost-api/templates/config.yml
+++ b/warehost-api/templates/config.yml
@ -0,0 +1,14 @@
+---
+api:
+  address: {{warehost_api_internal_ip}}
+  port: {{warehost_api_internal_port}}
+  allowedorigins: "*"
+log:
+  path: /var/log/warehost/api.log
+database: "host={{warehost_db_host}} user={{warehost_db_user}} dbname={{warehost_db_dbname}} password={{warehost_db_pass}} sslmode=disable"
+databasedebug: false
+modules:
+  host:
+    enabled: true
+  web:
+    enabled: true
--- a/warehost-api/templates/nginx.conf
+++ b/warehost-api/templates/nginx.conf
@ -0,0 +1,36 @@
+upstream warehostv2_api {
+        server {{warehost_api_internal_ip}}:{{warehost_api_internal_port}};
+}
+server {
+        listen 80;
+        listen [::]:80;
+        server_name {{warehost_api_domain}} www.{{warehost_api_domain}};
+
+        root /dev/null;
+        location / {
+                return 301 https://$server_name$request_uri;
+        }
+}
+server {
+        listen 443 ssl;
+        listen [::]:443 ssl;
+        client_max_body_size 4G;
+        server_name {{warehost_api_domain}} www.{{warehost_api_domain}};
+        server_tokens off;
+        ssl_certificate_key /etc/letsencrypt/live/{{warehost_api_domain}}/privkey.pem;
+        ssl_certificate /etc/letsencrypt/live/{{warehost_api_domain}}/fullchain.pem;
+        keepalive_timeout 5;
+        location / {
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection "upgrade";
+                proxy_http_version 1.1;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header Host $http_host;
+                proxy_redirect off;
+                proxy_pass http://warehostv2_api;
+        }
+        location /.well-known/acme-challenge {
+                root /srv/http/default;
+        }
+}
--- a/warehost-api/templates/warehost.unit
+++ b/warehost-api/templates/warehost.unit
@ -0,0 +1,21 @@
+[Unit]
+Description=Warehost v2
+After=syslog.target
+After=network.target
+After=postgresql.service
+
+[Service]
+# Modify these two values and uncomment them if you have
+# repos with lots of files and get an HTTP error 500 because
+# of that
+###
+#LimitMEMLOCK=infinity
+#LimitNOFILE=65535
+Type=simple
+User=warehost
+Group=nobody
+ExecStart=/usr/local/bin/warehost -c /etc/warehost/api.conf
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
--- a/warehost-db/tasks/main.yml
+++ b/warehost-db/tasks/main.yml
@ -0,0 +1,13 @@
+---
+- name: Create database
+  become: postgres
+  become_method: su
+  postgresql_db: name={{ warehost_db_dbname }}
+  when: warehost_db_pass is defined
+
+- name: Create users for database
+  become: postgres
+  become_method: su
+  postgresql_user: db={{ warehost_db_dbname }} name={{ warehost_db_user }} password='{{ warehost_db_pass }}'
+  register: createdb
+  when: warehost_db_pass is defined