+ fix install tmux plugin check

+ nginx master proxy dummy things #861m7vaer Шаблон операционной системы на Debian 10
12 months ago · 05c680826c
8 changed files with 120 additions and 3 deletions
--- a/debops/files/etc/nginx-master-proxy/conf.d/sample-filecloud.conf.example
+++ b/debops/files/etc/nginx-master-proxy/conf.d/sample-filecloud.conf.example
@ -0,0 +1,18 @@
+server {
+    listen 80;
+    server_name domain;
+    client_max_body_size 0;
+    location / {
+        proxy_pass http://lxc_host;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_connect_timeout 600;
+        proxy_send_timeout 600;
+        proxy_read_timeout 600;
+        send_timeout 600;
+    }
+    listen 443 ssl;
+    ssl_certificate /etc/letsencrypt/tmp/domain/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/tmp/domain/privkey.pem;
+}
--- a/debops/files/etc/nginx-master-proxy/conf.d/sample-s3.conf.example
+++ b/debops/files/etc/nginx-master-proxy/conf.d/sample-s3.conf.example
@ -0,0 +1,20 @@
+server {
+    listen 80;
+    server_name domain;
+    ignore_invalid_headers off;
+    client_max_body_size 0;
+    proxy_buffering off;
+    location / {
+        proxy_pass http://lxc_host:9000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+        # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+        chunked_transfer_encoding off;
+    }
+    listen 443 ssl;
+    ssl_certificate /etc/letsencrypt/tmp/domain/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/tmp/domain/privkey.pem;
+}
--- a/debops/files/etc/nginx-master-proxy/conf.d/sample-website.conf.example
+++ b/debops/files/etc/nginx-master-proxy/conf.d/sample-website.conf.example
@ -0,0 +1,13 @@
+server {
+    listen 80;
+    server_name domain;
+    location / {
+        proxy_pass https://lxc_host;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+    listen 443 ssl;
+    ssl_certificate /etc/letsencrypt/tmp/domain/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/tmp/domain/privkey.pem;
+}
--- a/debops/files/etc/nginx-master-proxy/conf.d/sample-youtrack.conf.example
+++ b/debops/files/etc/nginx-master-proxy/conf.d/sample-youtrack.conf.example
@ -0,0 +1,32 @@
+server {
+    listen 80;
+    server_name domain;
+    location / {
+        proxy_pass http://lxc_host:8080;
+        access_log off;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+        client_max_body_size 60m;
+        proxy_http_version 1.1;
+    }
+    location /api/eventSourceBus {
+        proxy_pass http://lxc_host:8080;
+        access_log off;
+        proxy_cache off;
+        proxy_buffering off;
+        proxy_read_timeout 86400s;
+        proxy_send_timeout 86400s;
+        proxy_set_header Connection '';
+        chunked_transfer_encoding off;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+    }
+    listen 443 ssl;
+    ssl_certificate /etc/letsencrypt/tmp/domain/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/tmp/domain/privkey.pem;
+}
--- a/debops/nginx-master-proxy.yml
+++ b/debops/nginx-master-proxy.yml
@ -0,0 +1,29 @@
+---
+
+- name: Manage master nginx proxy
+  collections: [ 'debops.debops', 'debops.roles01',
+                 'debops.roles02', 'debops.roles03' ]
+  hosts: [ 'debian10' ]
+  become: True
+
+  environment: '{{ inventory__environment | d({})
+                   | combine(inventory__group_environment | d({}))
+                   | combine(inventory__host_environment  | d({})) }}'
+
+  vars:
+    nginx_acme: True
+    nginx_real_ip_from: ['172.16.30.0/24']
+    nginx_default_keepalive_timeout: 65
+    nginx_ocsp: False
+    nginx_worker_processes: auto
+
+  pre_tasks:
+    - name: Copy Nginx Master Proxy config examples
+      copy:
+        src: etc/nginx-master-proxy/conf.d
+        dest: /etc/nginx/
+        mode: 0644
+
+  roles:
+    - role: nginx
+      tags: [ 'role::nginx', 'skip::nginx' ]
--- a/debops/root_account.yml
+++ b/debops/root_account.yml
@ -17,7 +17,7 @@

  post_tasks:
    - name: Tmux Plugins Manager
-      shell: git clone https://github.com/tmux-plugins/tpm ~/.tmux/plugins/tpm && ~/.tmux/plugins/tpm/bin/install_plugins
+      shell: test -d ~/.tmux/plugins/tpm || git clone https://github.com/tmux-plugins/tpm ~/.tmux/plugins/tpm && ~/.tmux/plugins/tpm/bin/install_plugins

  roles:
    - role: root_account
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -3,6 +3,7 @@
 ansible_user: root
 remote_user: root

+keyring__keyserver: hkp://keyserver.ubuntu.com:80
 # Add further variables which apply to all servers to this file...

 ...
--- a/nginx-site.yml
+++ b/nginx-site.yml
@ -1,13 +1,17 @@
 ---
+- import_playbook: playbooks/own/allow-releaseinfo-change.yml
+- import_playbook: playbooks/own/locales.yml
 - import_playbook: debops/tzdata.yml
 - import_playbook: debops/pki.yml
+- import_playbook: debops/yadm.yml
+- import_playbook: debops/root_account.yml
+- import_playbook: debops/sudo.yml
+- import_playbook: debops/system_users.yml
 - import_playbook: debops/mariadb.yml
 - import_playbook: debops/php-prod.yml
 - import_playbook: debops/nginx.yml
 - import_playbook: debops/nodejs.yml
 - import_playbook: debops/redis.yml
- import_playbook: debops/users.yml
- import_playbook: debops/sudo.yml
 - import_playbook: playbooks/own/var-www-set-ownerships.yml

 # Import all other group playbooks in this file...