remove ansible stuff

This commit is contained in:
gempir 2019-07-13 13:31:20 +02:00
parent f0bda87240
commit d9577b6937
14 changed files with 0 additions and 287 deletions

View file

@ -11,5 +11,3 @@ container:
release:
docker push gempir/justlog
provision:
ansible-playbook -i ansible/hosts ansible/playbook.yml --ask-vault-pass ${ARGS}

View file

@ -1,24 +0,0 @@
---
api_domain: api.gempir.com
email: !vault |
$ANSIBLE_VAULT;1.1;AES256
65373739353434323038366266343639376262633166356330336339396664326264343334633864
6164633261343062623666613536343265663038343330360a313637663739343464396133366565
35666538386231343533333231646131383734663834663039636235313237636366343535376366
3438353430666537630a323338663565366439353163646435633738653563393330613064363163
66356363623063373532626262343361663933623132653162633034396131623038
username: gempbot
oauth: !vault |
$ANSIBLE_VAULT;1.1;AES256
66373430346665366531646264336337613562373035653735643932636137356333326434623734
3666356337396236316539623931333666346330393262370a376335373437613133663561313230
61383331616335383631643933326632653438623462666430616661313465353765396130323166
6237666263393265630a623637653565306138626633316135643032616231323839396234653863
35346561656133383230313464636339653338373462383233383962376161386334
clientID: !vault |
$ANSIBLE_VAULT;1.1;AES256
62316166366330343165663837393431616230343061663664366433383533666538353563323735
6633336330393765383934366361623465643335333862320a376636613862636130653231396633
36353764356232353731316165303061333765343162356665666563373935326435623439653463
3035653631353231340a636437303436633536636334643131303164353066316365333735616466
63663636356635636439623162366564343036623735376534626161316333393134

View file

@ -1,2 +0,0 @@
[main]
apollo.gempir.com

View file

@ -1 +0,0 @@
apollo.gempir.com

View file

@ -1,16 +0,0 @@
---
- name: Provision hosts for logstv
hosts: all
remote_user: root
roles:
- {role: 'common', tags: ['common']}
- {role: 'nginx', tags: ['nginx']}
- {role: 'bot', tags: ['bot']}
handlers:
- name: restart ufw
service: name=ufw state=restarted
- name: Reload systemd daemon
command: systemctl daemon-reload

View file

@ -1,23 +0,0 @@
---
- name: create log directory
file:
path: /mnt/data/justlog
state: directory
owner: justlog
group: justlog
mode: 0750
- name: create config file
template:
src: templates/config.j2
dest: /home/justlog/config.json
owner: justlog
group: justlog
mode: 0640
- name: install systemd unit file
template: src=service.j2 dest=/etc/systemd/system/justlog.service
- name: reload units
systemd:
daemon_reload: yes

View file

@ -1,25 +0,0 @@
{
"admin": "gempir",
"logsDirectory": "/mnt/data/justlog",
"clientID": "{{ clientID }}",
"username": "{{ username }}",
"oauth": "{{ oauth }}",
"channels": [
"11148817",
"77829817",
"99659894",
"22484632",
"42426044",
"62300805",
"93031467",
"14824099",
"133554225",
"36396364",
"134551603",
"43689956",
"41015858",
"74844182",
"36588055",
"30816637"
]
}

View file

@ -1,15 +0,0 @@
[Unit]
Description=justlog service
After=network.target
[Service]
Type=simple
ExecStart=/home/justlog/justlog
WorkingDirectory=/home/justlog
TimeoutStopSec=5
User=justlog
Group=justlog
Restart=always
[Install]
WantedBy=multi-user.target

View file

@ -1,28 +0,0 @@
---
- name: update and upgrade apt packages
become: true
apt:
upgrade: yes
update_cache: yes
cache_valid_time: 86400 #One day
- name: install apt-transport-https
apt: name=apt-transport-https state=present
- name: install htop
apt: name=htop state=present
- name: install ufw firewall
include: ufw.yml
- name: Ensure group "justlog" exists
group:
name: justlog
state: present
- name: Create justlog user
user:
name: justlog
shell: /bin/bash
groups: justlog
append: yes

View file

@ -1,28 +0,0 @@
---
# - name: Install ufw
# apt: package=ufw state=present
# - name: Configure ufw defaults
# ufw: direction={{ item.direction }} policy={{ item.policy }}
# with_items:
# - { direction: 'incoming', policy: 'deny' }
# - { direction: 'outgoing', policy: 'allow' }
# notify:
# - restart ufw
# - name: Configure ufw rules
# ufw: rule={{ item.rule }} port={{ item.port }} proto={{ item.proto }}
# with_items:
# - { rule: 'limit', port: '{{ ssh_port | default("22") }}', proto: 'tcp' }
# - { rule: 'allow', port: '80', proto: 'tcp' }
# - { rule: 'allow', port: '443', proto: 'tcp' }
# notify:
# - restart ufw
# - name: Enable ufw logging
# ufw: logging=on
# notify:
# - restart ufw
# - name: Enable ufw
# ufw: state=enabled

View file

@ -1,52 +0,0 @@
---
- name: Upgrade system
apt: upgrade=dist update_cache=yes
- name: Install nginx
apt: name=nginx state=latest
- name: install letsencrypt
apt: name=letsencrypt state=latest
- name: create letsencrypt directory
file: name=/var/www/letsencrypt state=directory
- name: Remove default nginx config
file: name=/etc/nginx/sites-enabled/default state=absent
- name: Install system nginx config
template:
src: templates/nginx.conf.j2
dest: /etc/nginx/nginx.conf
- name: Install nginx site for api
template:
src: templates/api.j2
dest: /etc/nginx/sites-enabled/api
- name: Reload nginx to activate letsencrypt site
service: name=nginx state=restarted
- name: Create letsencrypt certificate
shell: letsencrypt certonly -n --webroot -w /var/www/letsencrypt -m {{ email }} --agree-tos -d {{ api_domain }}
args:
creates: /etc/letsencrypt/live/{{ api_domain }}
- name: Generate dhparams
shell: openssl dhparam -out /etc/nginx/dhparams.pem 2048
args:
creates: /etc/nginx/dhparams.pem
- name: Install nginx site for api
template:
src: templates/api.le.j2
dest: /etc/nginx/sites-enabled/api_le
- name: Reload nginx to activate specified site
service: name=nginx state=restarted
- name: Add letsencrypt cronjob for cert renewal
cron:
name: letsencrypt_renewal
special_time: weekly
job: letsencrypt --renew certonly -n --webroot -w /var/www/letsencrypt -m {{ email }} --agree-tos -d {{ api_domain }} && service nginx reload

View file

@ -1,15 +0,0 @@
server_tokens off;
server {
listen 80 default_server;
server_name {{ api_domain }};
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
try_files $uri $uri/ =404;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
}

View file

@ -1,21 +0,0 @@
server {
listen 443 ssl default deferred;
server_name {{ api_domain }};
ssl on;
ssl_certificate /etc/letsencrypt/live/{{ api_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ api_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ api_domain }}/fullchain.pem;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_dhparam /etc/nginx/dhparams.pem;
location / {
proxy_pass http://127.0.0.1:8025;
}
}

View file

@ -1,35 +0,0 @@
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 2000;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}