From a424ee49cdb632d7a95e2c8fc5b846b5bb9bc10e Mon Sep 17 00:00:00 2001 From: hitchhooker Date: Fri, 27 Oct 2023 21:26:00 +0700 Subject: [PATCH] remove dotters/ibp cert automation for now --- host_vars/bkk03.yaml | 13 +-- host_vars/ibp.yaml | 2 +- roles/setup_install_nginx/tasks/dotters.yaml | 98 -------------------- roles/setup_install_nginx/tasks/ibp.yaml | 98 -------------------- 4 files changed, 6 insertions(+), 205 deletions(-) delete mode 100644 roles/setup_install_nginx/tasks/dotters.yaml delete mode 100644 roles/setup_install_nginx/tasks/ibp.yaml diff --git a/host_vars/bkk03.yaml b/host_vars/bkk03.yaml index cfb93007..7f02e195 100644 --- a/host_vars/bkk03.yaml +++ b/host_vars/bkk03.yaml @@ -28,14 +28,14 @@ lxc_nodes: - host: "ibp" proxmox_config: vmid: "997" - hostname: "{{ hostvars['monitor']['host_name'] }}" + hostname: "{{ hostvars['ibp']['host_name'] }}" ostemplate: "local:vztmpl/{{ default_container_template }}" - netif: "{{ hostvars['monitor']['netif'] }}" + netif: "{{ hostvars['ibp']['netif'] }}" cores: 1 memory: 256 swap: 256 password: "{{ default_password }}" - disk: "{{ default_storage }}:20" + disk: "{{ default_storage }}:50" onboot: True unprivileged: True validate_certs: False @@ -44,11 +44,8 @@ lxc_nodes: features: - nesting=1 port_forwards: - - from_port: "{{ hostvars['monitor']['ansible_port'] }}" - to_host: "{{ hostvars['monitor']['container_ip'] }}:22" - protocol: "tcp" - - from_port: "{{ hostvars['monitor']['zabbix_port'] }}" - to_host: "{{ hostvars['monitor']['container_ip'] }}:10050" + - from_port: "{{ hostvars['ibp']['ansible_port'] }}" + to_host: "{{ hostvars['ibp']['container_ip'] }}:22" protocol: "tcp" - host: "dot23" proxmox_config: diff --git a/host_vars/ibp.yaml b/host_vars/ibp.yaml index 9ae79504..69108e8d 100644 --- a/host_vars/ibp.yaml +++ b/host_vars/ibp.yaml @@ -5,6 +5,6 @@ ansible_port: "2997" host_name: "ibp.rotko.net" host_timezone: "Asia/Bangkok" netif: '{"net0":"name=eth0,gw={{ default_nat_network_forward_cidr.split("/")[0] }},ip={{ default_host_ip }}/24,bridge={{ default_nat_device }}"}' -role: "monitor" +role: "ibp" pinned_service: False ... diff --git a/roles/setup_install_nginx/tasks/dotters.yaml b/roles/setup_install_nginx/tasks/dotters.yaml deleted file mode 100644 index 90f21c39..00000000 --- a/roles/setup_install_nginx/tasks/dotters.yaml +++ /dev/null @@ -1,98 +0,0 @@ ---- -# Install SSH key from value -- name: Install SSH key - ansible.builtin.copy: - content: "{{ default_dotters_private_key }}" - force: yes - dest: '/root/.ssh/dotters_key' - mode: '0600' - -- name: Ensure /opt/github exists - ansible.builtin.file: - path: /opt/github - state: directory - mode: '0755' - -- name: Install/Update rpc.dotters.network SSL - become: True - block: - - name: Git update - ansible.builtin.git: - repo: '{{ default_dotters_repository }}' - dest: '/opt/github/dotters-ssl' - key_file: '/root/.ssh/dotters_key' - update: yes - force: yes - environment: - GIT_SSH_COMMAND: "ssh -i /root/.ssh/dotters_key -o IdentitiesOnly=yes" - tags: - - skip_ansible_later - - - name: Check new expiration date - ansible.builtin.shell: | - set -o pipefail - openssl x509 -enddate -noout -in /opt/github/dotters-ssl/cert/cert.pem | cut -f2 -d'=' - register: expiration_date_new_dotters - args: - executable: /bin/bash - -# Ensure destination directories exist -- name: Ensure directories exist for archive and live certificates - ansible.builtin.file: - path: "{{ item }}" - state: directory - mode: '0755' - loop: - - "/etc/letsencrypt/archive/{{ default_public_dns_dotters }}" - - "/etc/letsencrypt/live/{{ default_public_dns_dotters }}" - -# Copy the certificates to the archive folder -- name: Copy SSL certificates to archive directory - ansible.builtin.copy: - src: "/opt/github/dotters-ssl/cert/{{ item }}" - dest: "/etc/letsencrypt/archive/{{ default_public_dns_dotters }}/{{ item }}" - mode: '0644' - remote_src: yes - loop: - - cert.pem - - chain.pem - - fullchain.pem - - privkey.pem - -# Create symlinks in the live directory -- name: Create symlinks in live directory - ansible.builtin.file: - src: "/etc/letsencrypt/archive/{{ default_public_dns_dotters }}/{{ item }}" - dest: "/etc/letsencrypt/live/{{ default_public_dns_dotters }}/{{ item }}" - state: link - loop: - - cert.pem - - chain.pem - - fullchain.pem - - privkey.pem - -# Setup NGINX configuration directories -- name: Ensure NGINX configuration directories exist - ansible.builtin.file: - path: "/etc/nginx/{{ item }}" - state: directory - mode: '0755' - loop: - - sites-available - - sites-enabled - -# Configure NGINX for HTTPS -- name: Apply HTTPS configuration to NGINX - ansible.builtin.template: - src: https-{{ default_node_type }}-dotters.j2 - dest: "/etc/nginx/sites-available/{{ default_public_dns_dotters }}" - mode: '0755' - -# Enable the HTTPS configuration in NGINX -- name: Enable HTTPS configuration for NGINX - ansible.builtin.file: - src: "/etc/nginx/sites-available/{{ default_public_dns_dotters }}" - dest: "/etc/nginx/sites-enabled/{{ default_public_dns_dotters }}" - state: link - notify: Reload nginx -... diff --git a/roles/setup_install_nginx/tasks/ibp.yaml b/roles/setup_install_nginx/tasks/ibp.yaml deleted file mode 100644 index fc54eaab..00000000 --- a/roles/setup_install_nginx/tasks/ibp.yaml +++ /dev/null @@ -1,98 +0,0 @@ ---- -# Install SSH key from value -- name: Install SSH key - ansible.builtin.copy: - content: "{{ default_ibp_private_key }}" - force: yes - dest: '/root/.ssh/ibp_key' - mode: '0600' - -- name: Ensure /opt/github exists - ansible.builtin.file: - path: /opt/github - state: directory - mode: '0755' - -- name: Install/Update ibp.network SSL - become: True - block: - - name: Git update - ansible.builtin.git: - repo: '{{ default_ibp_repository }}' - dest: '/opt/github/ibp-ssl' - key_file: '/root/.ssh/ibp_key' - update: yes - force: yes - environment: - GIT_SSH_COMMAND: "ssh -i /root/.ssh/ibp_key -o IdentitiesOnly=yes" - tags: - - skip_ansible_later - - - name: Check new expiration date - ansible.builtin.shell: | - set -o pipefail - openssl x509 -enddate -noout -in /opt/github/ibp-ssl/cert/cert.pem | cut -f2 -d'=' - register: expiration_date_new_ibp - args: - executable: /bin/bash - -# Ensure destination directories exist -- name: Ensure directories exist for archive and live certificates - ansible.builtin.file: - path: "{{ item }}" - state: directory - mode: '0755' - loop: - - "/ets/letsencrypt/archive/{{ default_public_dns_ibp }}" - - "/etc/letsencrypt/live/{{ default_public_dns_ibp }}" - -# Copy the certificates to the archive folder -- name: Copy SSL certificates to archive directory - ansible.builtin.copy: - src: "/opt/github/ibp-ssl/cert/{{ item }}" - dest: "/etc/letsencrypt/archive/{{ default_public_dns_ibs }}/{{ item }}" - mode: '0644' - remote_src: yes - loop: - - cert.pem - - chain.pem - - fullchain.pem - - privkey.pem - -# Create symlinks in the live directory -- name: Create symlinks in live directory - ansible.builtin.file: - src: "/etc/letsencrypt/archive/{{ default_public_dns_ibp }}/{{ item }}" - dest: "/etc/letsencrypt/live/{{ default_public_dns_ibp }}/{{ item }}" - state: link - loop: - - cert.pem - - chain.pem - - fullchain.pem - - privkey.pem - -# Setup NGINX configuration directories -- name: Ensure NGINX configuration directories exist - ansible.builtin.file: - path: "/etc/nginx/{{ item }}" - state: directory - mode: '0755' - loop: - - sites-available - - sites-enabled - -# Configure NGINX for HTTPS -- name: Apply HTTPS configuration to NGINX - ansible.builtin.template: - src: https-{{ default_node_type }}-ibp.j2 - dest: "/etc/nginx/sites-available/{{ default_public_dns_ibp }}" - mode: '0755' - -# Enable the HTTPS configuration in NGINX -- name: Enable HTTPS configuration for NGINX - ansible.builtin.file: - src: "/etc/nginx/sites-available/{{ default_public_dns_ibp }}" - dest: "/etc/nginx/sites-enabled/{{ default_public_dns_ibp }}" - state: link - notify: Reload nginx -...