Mete role

This commit is contained in:
Fritz Grimpen 2021-02-16 23:38:59 +00:00
parent d1af9ebbbc
commit ff8ad02776
4 changed files with 71 additions and 0 deletions

View file

@ -0,0 +1,23 @@
---
mete_domain: kasse.z1.ccchb.de
mete_nginx_domains:
- kasse.z1.ccchb.de
- kasse.zweigstelle.space
mete_app_dir: /var/www/kiosk.z1.ccchb.de/mete
mete_app_url: "http://127.0.0.1:3000/"
mete_nginx_config: |
listen [::]:443 ssl http2;
listen 443 ssl http2;
{% for domain in mete_nginx_domains %}
server_name {{ domain }};
{% endfor %}
ssl_certificate /etc/letsencrypt/live/{{ mete_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ mete_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ mete_domain }}/chain.pem;
include snippets/certbot.conf;
...

19
roles/mete/tasks/main.yml Normal file
View file

@ -0,0 +1,19 @@
---
- name: Install mete systemd unit
template:
src: service.j2
dest: "/etc/systemd/system/mete@{{ mete_domain }}.service"
- name: Install mete nginx site
notify: reload nginx
template:
src: nginx.j2
dest: /etc/nginx/sites-available/{{ mete_domain }}
- name: Activate mete site
file:
src: /etc/nginx/sites-available/{{ mete_domain }}
dest: /etc/nginx/sites-enabled/{{ mete_domain }}
state: link
...

View file

@ -0,0 +1,17 @@
# {{ ansible_managed }}
server {
{{ mete_nginx_config }}
location / {
proxy_pass {{ mete_app_url }};
satisfy any;
allow 45.152.242.34;
allow 2001:67c:708::/48;
auth_basic "CCCHB internal";
auth_basic_user_file "htpasswd";
}
}

View file

@ -0,0 +1,12 @@
[Unit]
Description=Mete application server on {{ mete_domain }}
[Service]
ExecStart=/bin/bundler exec rails server
WorkingDirectory={{ mete_app_dir }}
User=www-data
Environment=RAILS_ENV=production
[Install]
WantedBy=multi-user.target