add api and db role
This commit is contained in:
commit
ef3b9a5af3
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
warehost_db_host: localhost
|
||||||
|
warehost_api_internal_ip: 127.0.0.1
|
||||||
|
warehost_api_internal_port: 60990
|
||||||
|
warehost_api_ssl: true
|
||||||
|
warehost_api_domain: api.warehost.de
|
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
- name: reload daemon-reload
|
||||||
|
command: systemctl daemon-reload
|
||||||
|
|
||||||
|
- name: reload nginx
|
||||||
|
service: name=nginx state=reloaded
|
||||||
|
|
||||||
|
- name: reload caddy
|
||||||
|
service: name=caddy state=reloaded
|
||||||
|
|
||||||
|
- name: restart warehost
|
||||||
|
service: name=warehost state=restarted
|
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
dependencies:
|
||||||
|
- warehost-db
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
- name: Configurate caddy
|
||||||
|
template: src=caddy.conf dest=/etc/caddy/hosts/80-warehost-api.act owner=http mode=0644
|
||||||
|
notify: reload caddy
|
|
@ -0,0 +1,34 @@
|
||||||
|
---
|
||||||
|
- name: Create users
|
||||||
|
user: name=warehost createhome=no
|
||||||
|
|
||||||
|
- name: Download Warehost (TODO current copy)
|
||||||
|
copy: src=warehost dest=/usr/local/bin/warehost owner=root group=root mode=0755
|
||||||
|
|
||||||
|
- name: Create config folder
|
||||||
|
file: path=/etc/warehost state=directory owner=warehost mode=0700
|
||||||
|
|
||||||
|
- name: Create log folder
|
||||||
|
file: path=/var/log/warehost state=directory owner=warehost mode=0700
|
||||||
|
|
||||||
|
- name: Configurate warehost
|
||||||
|
template: src=config.yml dest=/etc/warehost/api.conf owner=warehost mode=0600
|
||||||
|
notify: restart warehost
|
||||||
|
|
||||||
|
- name: Install service
|
||||||
|
template: src=warehost.unit dest=/lib/systemd/system/warehost.service owner=root mode=644
|
||||||
|
notify:
|
||||||
|
- reload daemon-reload
|
||||||
|
- restart warehost
|
||||||
|
|
||||||
|
- name: Enable warehost
|
||||||
|
service: name=warehost state=started enabled=yes
|
||||||
|
|
||||||
|
|
||||||
|
- name: Configurate per nginx
|
||||||
|
include: nginx.yml
|
||||||
|
when: warehost_webserver_type == "nginx"
|
||||||
|
|
||||||
|
- name: Configurate per caddy
|
||||||
|
include: caddy.yml
|
||||||
|
when: warehost_webserver_type == "caddy"
|
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
- name: Create ssl cert
|
||||||
|
command: /srv/bin/ssl-create {{warehost_api_domain}}
|
||||||
|
args:
|
||||||
|
creates: /etc/letsencrypt/live/{{warehost_api_domain}}/fullchain.pem
|
||||||
|
when: warehostv2_api_ssl
|
||||||
|
|
||||||
|
- name: Configurate nginx
|
||||||
|
template: src=nginx.conf dest=/etc/nginx/servers/80-{{ warehost_api_domain }}.act owner=http mode=644
|
||||||
|
notify: reload nginx
|
|
@ -0,0 +1,8 @@
|
||||||
|
http://{{warehost_api_domain}} {
|
||||||
|
redir https://{{warehost_api_domain}}{uri}
|
||||||
|
}
|
||||||
|
https://{{warehost_api_domain}} {
|
||||||
|
tls {{caddy_ssl_mail}}
|
||||||
|
gzip
|
||||||
|
proxy / {{warehost_api_internal_ip}}:{{warehost_api_internal_port}}
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
api:
|
||||||
|
address: {{warehost_api_internal_ip}}
|
||||||
|
port: {{warehost_api_internal_port}}
|
||||||
|
allowedorigins: "*"
|
||||||
|
log:
|
||||||
|
path: /var/log/warehost/api.log
|
||||||
|
database: "host={{warehost_db_host}} user={{warehost_db_user}} dbname={{warehost_db_dbname}} password={{warehost_db_pass}} sslmode=disable"
|
||||||
|
databasedebug: false
|
||||||
|
modules:
|
||||||
|
host:
|
||||||
|
enabled: true
|
||||||
|
web:
|
||||||
|
enabled: true
|
|
@ -0,0 +1,36 @@
|
||||||
|
upstream warehostv2_api {
|
||||||
|
server {{warehost_api_internal_ip}}:{{warehost_api_internal_port}};
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
server_name {{warehost_api_domain}} www.{{warehost_api_domain}};
|
||||||
|
|
||||||
|
root /dev/null;
|
||||||
|
location / {
|
||||||
|
return 301 https://$server_name$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
listen [::]:443 ssl;
|
||||||
|
client_max_body_size 4G;
|
||||||
|
server_name {{warehost_api_domain}} www.{{warehost_api_domain}};
|
||||||
|
server_tokens off;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/{{warehost_api_domain}}/privkey.pem;
|
||||||
|
ssl_certificate /etc/letsencrypt/live/{{warehost_api_domain}}/fullchain.pem;
|
||||||
|
keepalive_timeout 5;
|
||||||
|
location / {
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_pass http://warehostv2_api;
|
||||||
|
}
|
||||||
|
location /.well-known/acme-challenge {
|
||||||
|
root /srv/http/default;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,21 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Warehost v2
|
||||||
|
After=syslog.target
|
||||||
|
After=network.target
|
||||||
|
After=postgresql.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
# Modify these two values and uncomment them if you have
|
||||||
|
# repos with lots of files and get an HTTP error 500 because
|
||||||
|
# of that
|
||||||
|
###
|
||||||
|
#LimitMEMLOCK=infinity
|
||||||
|
#LimitNOFILE=65535
|
||||||
|
Type=simple
|
||||||
|
User=warehost
|
||||||
|
Group=nobody
|
||||||
|
ExecStart=/usr/local/bin/warehost -c /etc/warehost/api.conf
|
||||||
|
Restart=always
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
- name: Create database
|
||||||
|
become: postgres
|
||||||
|
become_method: su
|
||||||
|
postgresql_db: name={{ warehost_db_dbname }}
|
||||||
|
when: warehost_db_pass is defined
|
||||||
|
|
||||||
|
- name: Create users for database
|
||||||
|
become: postgres
|
||||||
|
become_method: su
|
||||||
|
postgresql_user: db={{ warehost_db_dbname }} name={{ warehost_db_user }} password='{{ warehost_db_pass }}'
|
||||||
|
register: createdb
|
||||||
|
when: warehost_db_pass is defined
|
Reference in New Issue