Browse Source

+ sample configs for nginx-proxy lxc instance

+ site_name as general option for different lxc_host and site_name (personally used for vps deployment)
+ vps deploy script
+ node version manager install
+ php version setup vars moved into separate vars-file
+ ansible.cfg that helps to use local inventory and group_vars files
+ root account playbook
master
dimti 1 year ago
parent
commit
9bb3348cce
  1. 7
      _mysql-server-site.yml
  2. 3
      ansible.cfg
  3. 2
      data/db-dumps/.gitignore
  4. 2
      debops/files/etc/nginx-master-proxy/conf.d/sample-filecloud.conf.example
  5. 2
      debops/files/etc/nginx-master-proxy/conf.d/sample-s3.conf.example
  6. 2
      debops/files/etc/nginx-master-proxy/conf.d/sample-website.conf.example
  7. 4
      debops/files/etc/nginx-master-proxy/conf.d/sample-youtrack.conf.example
  8. 20
      debops/nginx.yml
  9. 8
      debops/php-prod.yml
  10. 2
      debops/system_users.yml
  11. 0
      debops/templates/var/www/site_name/index.html.j2
  12. 0
      debops/templates/var/www/site_name/normalize.css
  13. 3
      group_vars/all.yml
  14. 4
      nginx-site.yml
  15. 9
      playbooks/own/node-version-manager.yml
  16. 2
      playbooks/own/var-www-set-ownerships.yml
  17. 9
      root-account.yml
  18. 4
      run-lxc-playbook.sh
  19. 42
      run-vps-playbook.sh
  20. 8
      vars/databases-example.yml
  21. 14
      vars/php-example.yml
  22. 4
      vars/sudo-example.yml
  23. 6
      vars/system_users-example.yml

7
_mysql-server-site.yml

@ -0,0 +1,7 @@
---
- import_playbook: debops/mariadb_server.yml
- import_playbook: debops/mariadb-custom-db.yml
# Import all other group playbooks in this file...
...

3
ansible.cfg

@ -0,0 +1,3 @@
[defaults]
inventory=./hosts
group_vars=./group_vars

2
data/db-dumps/.gitignore

@ -0,0 +1,2 @@
*
!.gitignore

2
debops/files/etc/nginx-master-proxy/conf.d/sample-filecloud.conf.example

@ -3,7 +3,7 @@ server {
server_name domain; server_name domain;
client_max_body_size 0; client_max_body_size 0;
location / { location / {
proxy_pass http://lxc_host;
proxy_pass http://site_name;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;

2
debops/files/etc/nginx-master-proxy/conf.d/sample-s3.conf.example

@ -5,7 +5,7 @@ server {
client_max_body_size 0; client_max_body_size 0;
proxy_buffering off; proxy_buffering off;
location / { location / {
proxy_pass http://lxc_host:9000;
proxy_pass http://site_name:9000;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;

2
debops/files/etc/nginx-master-proxy/conf.d/sample-website.conf.example

@ -2,7 +2,7 @@ server {
listen 80; listen 80;
server_name domain; server_name domain;
location / { location / {
proxy_pass https://lxc_host;
proxy_pass https://site_name;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;

4
debops/files/etc/nginx-master-proxy/conf.d/sample-youtrack.conf.example

@ -2,7 +2,7 @@ server {
listen 80; listen 80;
server_name domain; server_name domain;
location / { location / {
proxy_pass http://lxc_host:8080;
proxy_pass http://site_name:8080;
access_log off; access_log off;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
@ -13,7 +13,7 @@ server {
proxy_http_version 1.1; proxy_http_version 1.1;
} }
location /api/eventSourceBus { location /api/eventSourceBus {
proxy_pass http://lxc_host:8080;
proxy_pass http://site_name:8080;
access_log off; access_log off;
proxy_cache off; proxy_cache off;
proxy_buffering off; proxy_buffering off;

20
debops/nginx.yml

@ -24,11 +24,11 @@
nginx_ocsp: False nginx_ocsp: False
nginx_worker_processes: auto nginx_worker_processes: auto
nginx__servers: nginx__servers:
- name: '{{ lxc_host }}'
- name: '{{ site_name }}'
type: php type: php
root: '/var/www/{{ lxc_host }}'
root: '/var/www/{{ site_name }}'
public_dir_name: '' public_dir_name: ''
@ -38,10 +38,12 @@
location_list: location_list:
- pattern: '/' - pattern: '/'
options: rewrite ^/.*$ /index.php last;
locations: locations:
- pattern: '~ ^/*.-backend/' - pattern: '~ ^/*.-backend/'
options: set $upstream unix:/run/php7.4-fpm-backend.sock; options: set $upstream unix:/run/php7.4-fpm-backend.sock;
options: try_files /index.html @october;
- pattern: '@october'
options: rewrite ^/.*$ /index.php last;
- pattern: '~* ^(?!/index).*\.php$' - pattern: '~* ^(?!/index).*\.php$'
options: return 403; options: return 403;
@ -74,17 +76,17 @@
post_tasks: post_tasks:
- name: Default index.html - name: Default index.html
template: template:
src: var/www/lxc_host/index.html.j2
dest: '/var/www/{{ lxc_host }}/index.html'
src: var/www/site_name/index.html.j2
dest: '/var/www/{{ site_name }}/index.html'
mode: 0644 mode: 0644
owner: '{{ lxc_host }}'
owner: '{{ site_name }}'
- name: Copy normalized.css - name: Copy normalized.css
template: template:
src: var/www/lxc_host/normalize.css
dest: '/var/www/{{ lxc_host }}/'
src: var/www/site_name/normalize.css
dest: '/var/www/{{ site_name }}/'
mode: 0644 mode: 0644
owner: '{{ lxc_host }}'
owner: '{{ site_name }}'
roles: roles:

8
debops/php-prod.yml

@ -10,10 +10,8 @@
| combine(inventory__group_environment | d({})) | combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}' | combine(inventory__host_environment | d({})) }}'
vars: vars:
php__version_preference: [ 'php7.4' ]
php__sury: '{{ ansible_local.php.sury
|d(ansible_distribution_release in [ "buster" ]) | bool }}'
php__sury_apt_key_id: '{{ php__sury_apt_key_id_map[ansible_distribution] }}' php__sury_apt_key_id: '{{ php__sury_apt_key_id_map[ansible_distribution] }}'
php__sury_apt_repo: '{{ php__sury_apt_repo_map[ansible_distribution] }}' php__sury_apt_repo: '{{ php__sury_apt_repo_map[ansible_distribution] }}'
php__sury_apt_key_id_map: php__sury_apt_key_id_map:
@ -36,7 +34,6 @@
# mbstring требует только некоторые пакеты в laravel # mbstring требует только некоторые пакеты в laravel
# bcmath - нужно для работы парсера Excel файлов на одном из проектов # bcmath - нужно для работы парсера Excel файлов на одном из проектов
# Laravel/OctoberCMS: intl, redis # Laravel/OctoberCMS: intl, redis
php__packages: [ 'curl', 'xml', 'gd', 'zip', 'mbstring', 'mysql', 'bcmath', 'intl', 'redis' ]
php__composer_upstream_enabled: '{{ True php__composer_upstream_enabled: '{{ True
if (ansible_distribution_release in if (ansible_distribution_release in
[ "buster" ]) [ "buster" ])
@ -58,6 +55,9 @@
pm: static pm: static
pm_max_children: 3 pm_max_children: 3
vars_files:
- ./../vars/php.yml
pre_tasks: pre_tasks:
- name: Apply keyring configuration for php environment - name: Apply keyring configuration for php environment

2
debops/system_users.yml

@ -20,7 +20,7 @@
post_tasks: post_tasks:
- name: Change starship character to dollar sign - name: Change starship character to dollar sign
shell: "sed -i 's/#/\\\\$/g' /home/{{ lxc_host }}/.config/starship.toml"
shell: "sed -i 's/#/\\\\$/g' /home/{{ site_name }}/.config/starship.toml"
args: args:
executable: /bin/bash executable: /bin/bash

0
debops/templates/var/www/lxc_host/index.html.j2 → debops/templates/var/www/site_name/index.html.j2

0
debops/templates/var/www/lxc_host/normalize.css → debops/templates/var/www/site_name/normalize.css

3
group_vars/all.yml

@ -6,4 +6,7 @@ remote_user: root
keyring__keyserver: hkp://keyserver.ubuntu.com:80 keyring__keyserver: hkp://keyserver.ubuntu.com:80
# Add further variables which apply to all servers to this file... # Add further variables which apply to all servers to this file...
secret__levels: '.'
site_name: '{{ site_name | d(lxc_host) }}'
... ...

4
nginx-site.yml

@ -7,12 +7,14 @@
- import_playbook: debops/root_account.yml - import_playbook: debops/root_account.yml
- import_playbook: debops/sudo.yml - import_playbook: debops/sudo.yml
- import_playbook: debops/system_users.yml - import_playbook: debops/system_users.yml
- import_playbook: debops/mariadb.yml
- import_playbook: debops/mariadb_server.yml
- import_playbook: debops/mariadb-custom-db.yml
- import_playbook: debops/php-prod.yml - import_playbook: debops/php-prod.yml
- import_playbook: debops/nginx.yml - import_playbook: debops/nginx.yml
- import_playbook: debops/nodejs.yml - import_playbook: debops/nodejs.yml
- import_playbook: debops/redis.yml - import_playbook: debops/redis.yml
- import_playbook: playbooks/own/var-www-set-ownerships.yml - import_playbook: playbooks/own/var-www-set-ownerships.yml
- import_playbook: playbooks/own/node-version-manager.yml
# Import all other group playbooks in this file... # Import all other group playbooks in this file...

9
playbooks/own/node-version-manager.yml

@ -0,0 +1,9 @@
---
- name: Installing node version manager
hosts: [ 'debian10' ]
tasks:
- name: Install nvm
become: true
become_user: '{{ site_name }}'
shell: 'wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.5/install.sh | bash'

2
playbooks/own/var-www-set-ownerships.yml

@ -4,4 +4,4 @@
hosts: [ 'debian10' ] hosts: [ 'debian10' ]
tasks: tasks:
- name: Set ownerships to /var/www dir - name: Set ownerships to /var/www dir
shell: 'chown -R {{ lxc_host }}:{{ lxc_host }} /var/www'
shell: 'chown -R {{ site_name }}:{{ site_name }} /var/www'

9
root-account.yml

@ -0,0 +1,9 @@
---
- import_playbook: playbooks/own/locales.yml
- import_playbook: debops/tzdata.yml
- import_playbook: debops/yadm.yml
- import_playbook: debops/root_account.yml
# Import all other group playbooks in this file...
...

4
run-playbook.sh → run-lxc-playbook.sh

@ -4,7 +4,7 @@ LXC_HOST=$2
PLAYBOOK=$3 PLAYBOOK=$3
usage() { usage() {
echo "Usage: run-playbook.sh server lxc_host playbook"
echo "Usage: run-lxc-playbook.sh server lxc_host playbook"
echo "server - main proxmox server IP address and lxc_host that the name of lxc container" echo "server - main proxmox server IP address and lxc_host that the name of lxc container"
echo "lxc_host - name of lxc container" echo "lxc_host - name of lxc container"
echo "playbook - playbook file" echo "playbook - playbook file"
@ -35,7 +35,7 @@ if [[ ! -f "$PLAYBOOK" ]]; then
fi fi
COMMAND=$(cat <<EOF COMMAND=$(cat <<EOF
ansible-playbook -e "lxc_host=$LXC_HOST" --ssh-common-args="-o ProxyCommand='ssh -W %h:%p root@$SERVER'" $PLAYBOOK
ansible-playbook -e "lxc_host=$LXC_HOST" --ssh-common-args="-o ProxyCommand='ssh -W %h:%p -q root@$SERVER'" $PLAYBOOK
EOF EOF
) )

42
run-vps-playbook.sh

@ -0,0 +1,42 @@
#!/bin/bash
SERVER=$1
SITE_NAME=$2
PLAYBOOK=$3
usage() {
echo "Usage: run-vps-playbook.sh server site_name playbook"
echo "server - domain or ip adress of the vps server"
echo "site_name - site name"
echo "playbook - playbook file"
}
if [[ -z "$SERVER" ]]; then
echo "You must defined SERVER as first argument"
usage
exit 1
fi
if [[ -z "$SITE_NAME" ]]; then
echo "You must defined SITE_NAME as second argument"
usage
exit 1
fi
if [[ -z "$PLAYBOOK" ]]; then
echo "You must defined PLAYBOOK as third argument"
usage
exit 1
fi
COMMAND=$(cat <<EOF
ansible-playbook -e "lxc_host=$SERVER" -e "site_name=$SITE_NAME" $PLAYBOOK
EOF
)
printf 'Launch ansible playbook:\n%s\n' "$COMMAND"
read -p "Are you sure? " -n 1 -r
echo # (optional) move to a new line
if [[ $REPLY =~ ^[Yy]$ ]]
then
/bin/bash -c "$COMMAND"
fi

8
vars/databases-example.yml

@ -1,7 +1,9 @@
mariadb__databases: mariadb__databases:
- name: '{{ lxc_host }}'
- name: '{{ site_name }}'
source: ./data/db-dumps/dump.sql
target: /tmp/dump.sql
mariadb__users: mariadb__users:
- name: '{{ lxc_host }}'
- name: '{{ site_name }}'
host: '%' host: '%'
database: '{{ lxc_host }}%'
database: '{{ site_name }}%'

14
vars/php-example.yml

@ -0,0 +1,14 @@
php__version_preference: [ 'php7.4' ]
php__sury: true
php__packages: [ 'curl', 'xml', 'gd', 'zip', 'mbstring', 'mysql', 'bcmath', 'intl', 'redis' ]
# For php8.1 automatic install gd is not possible, because https://github.com/debops/debops/issues/2272 and https://github.com/oerdnj/deb.sury.org/issues/1947
# For solve that - touch file: /etc/apt/preferences.d/libgd-pin100
# with these contents:
#Package: libgd3
#Pin-Priority: 100
# and launch installation process:
#apt update
#apt install -t bullseye libgd3
#apt-cache policy libgd3
#apt install php8.1-gd
# TODO: Move that into own script

4
vars/sudo-example.yml

@ -1,4 +1,4 @@
sudo__sudoers: sudo__sudoers:
- name: '{{ lxc_host }}-nopasswd'
- name: '{{ site_name }}-nopasswd'
raw: | raw: |
{{ lxc_host }} ALL=(ALL) NOPASSWD: ALL
{{ site_name }} ALL=(ALL) NOPASSWD: ALL

6
vars/system_users-example.yml

@ -1,9 +1,9 @@
system_users__groups: system_users__groups:
- name: '{{ lxc_host }}'
- name: '{{ site_name }}'
user: False user: False
system_users__accounts: system_users__accounts:
- name: '{{ lxc_host }}'
group: '{{ lxc_host }}'
- name: '{{ site_name }}'
group: '{{ site_name }}'
admin: True admin: True
shell: '/bin/bash' shell: '/bin/bash'
Loading…
Cancel
Save