forked from ccchb/ansible
Mete role
This commit is contained in:
parent
d1af9ebbbc
commit
ff8ad02776
4 changed files with 71 additions and 0 deletions
23
roles/mete/defaults/main.yml
Normal file
23
roles/mete/defaults/main.yml
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
mete_domain: kasse.z1.ccchb.de
|
||||||
|
mete_nginx_domains:
|
||||||
|
- kasse.z1.ccchb.de
|
||||||
|
- kasse.zweigstelle.space
|
||||||
|
mete_app_dir: /var/www/kiosk.z1.ccchb.de/mete
|
||||||
|
mete_app_url: "http://127.0.0.1:3000/"
|
||||||
|
mete_nginx_config: |
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
listen 443 ssl http2;
|
||||||
|
|
||||||
|
{% for domain in mete_nginx_domains %}
|
||||||
|
server_name {{ domain }};
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/{{ mete_domain }}/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/{{ mete_domain }}/privkey.pem;
|
||||||
|
ssl_trusted_certificate /etc/letsencrypt/live/{{ mete_domain }}/chain.pem;
|
||||||
|
|
||||||
|
include snippets/certbot.conf;
|
||||||
|
|
||||||
|
...
|
19
roles/mete/tasks/main.yml
Normal file
19
roles/mete/tasks/main.yml
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
- name: Install mete systemd unit
|
||||||
|
template:
|
||||||
|
src: service.j2
|
||||||
|
dest: "/etc/systemd/system/mete@{{ mete_domain }}.service"
|
||||||
|
|
||||||
|
- name: Install mete nginx site
|
||||||
|
notify: reload nginx
|
||||||
|
template:
|
||||||
|
src: nginx.j2
|
||||||
|
dest: /etc/nginx/sites-available/{{ mete_domain }}
|
||||||
|
|
||||||
|
- name: Activate mete site
|
||||||
|
file:
|
||||||
|
src: /etc/nginx/sites-available/{{ mete_domain }}
|
||||||
|
dest: /etc/nginx/sites-enabled/{{ mete_domain }}
|
||||||
|
state: link
|
||||||
|
|
||||||
|
...
|
17
roles/mete/templates/nginx.j2
Normal file
17
roles/mete/templates/nginx.j2
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
server {
|
||||||
|
{{ mete_nginx_config }}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass {{ mete_app_url }};
|
||||||
|
|
||||||
|
satisfy any;
|
||||||
|
|
||||||
|
allow 45.152.242.34;
|
||||||
|
allow 2001:67c:708::/48;
|
||||||
|
|
||||||
|
auth_basic "CCCHB internal";
|
||||||
|
auth_basic_user_file "htpasswd";
|
||||||
|
}
|
||||||
|
}
|
12
roles/mete/templates/service.j2
Normal file
12
roles/mete/templates/service.j2
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Mete application server on {{ mete_domain }}
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/bin/bundler exec rails server
|
||||||
|
WorkingDirectory={{ mete_app_dir }}
|
||||||
|
User=www-data
|
||||||
|
Environment=RAILS_ENV=production
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
Loading…
Reference in a new issue