remove ansible stuff
This commit is contained in:
parent
f0bda87240
commit
d9577b6937
14 changed files with 0 additions and 287 deletions
2
Makefile
2
Makefile
|
@ -11,5 +11,3 @@ container:
|
|||
release:
|
||||
docker push gempir/justlog
|
||||
|
||||
provision:
|
||||
ansible-playbook -i ansible/hosts ansible/playbook.yml --ask-vault-pass ${ARGS}
|
|
@ -1,24 +0,0 @@
|
|||
---
|
||||
api_domain: api.gempir.com
|
||||
email: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
65373739353434323038366266343639376262633166356330336339396664326264343334633864
|
||||
6164633261343062623666613536343265663038343330360a313637663739343464396133366565
|
||||
35666538386231343533333231646131383734663834663039636235313237636366343535376366
|
||||
3438353430666537630a323338663565366439353163646435633738653563393330613064363163
|
||||
66356363623063373532626262343361663933623132653162633034396131623038
|
||||
username: gempbot
|
||||
oauth: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
66373430346665366531646264336337613562373035653735643932636137356333326434623734
|
||||
3666356337396236316539623931333666346330393262370a376335373437613133663561313230
|
||||
61383331616335383631643933326632653438623462666430616661313465353765396130323166
|
||||
6237666263393265630a623637653565306138626633316135643032616231323839396234653863
|
||||
35346561656133383230313464636339653338373462383233383962376161386334
|
||||
clientID: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
62316166366330343165663837393431616230343061663664366433383533666538353563323735
|
||||
6633336330393765383934366361623465643335333862320a376636613862636130653231396633
|
||||
36353764356232353731316165303061333765343162356665666563373935326435623439653463
|
||||
3035653631353231340a636437303436633536636334643131303164353066316365333735616466
|
||||
63663636356635636439623162366564343036623735376534626161316333393134
|
|
@ -1,2 +0,0 @@
|
|||
[main]
|
||||
apollo.gempir.com
|
|
@ -1 +0,0 @@
|
|||
apollo.gempir.com
|
|
@ -1,16 +0,0 @@
|
|||
---
|
||||
- name: Provision hosts for logstv
|
||||
hosts: all
|
||||
remote_user: root
|
||||
|
||||
roles:
|
||||
- {role: 'common', tags: ['common']}
|
||||
- {role: 'nginx', tags: ['nginx']}
|
||||
- {role: 'bot', tags: ['bot']}
|
||||
|
||||
handlers:
|
||||
- name: restart ufw
|
||||
service: name=ufw state=restarted
|
||||
|
||||
- name: Reload systemd daemon
|
||||
command: systemctl daemon-reload
|
|
@ -1,23 +0,0 @@
|
|||
---
|
||||
- name: create log directory
|
||||
file:
|
||||
path: /mnt/data/justlog
|
||||
state: directory
|
||||
owner: justlog
|
||||
group: justlog
|
||||
mode: 0750
|
||||
|
||||
- name: create config file
|
||||
template:
|
||||
src: templates/config.j2
|
||||
dest: /home/justlog/config.json
|
||||
owner: justlog
|
||||
group: justlog
|
||||
mode: 0640
|
||||
|
||||
- name: install systemd unit file
|
||||
template: src=service.j2 dest=/etc/systemd/system/justlog.service
|
||||
|
||||
- name: reload units
|
||||
systemd:
|
||||
daemon_reload: yes
|
|
@ -1,25 +0,0 @@
|
|||
{
|
||||
"admin": "gempir",
|
||||
"logsDirectory": "/mnt/data/justlog",
|
||||
"clientID": "{{ clientID }}",
|
||||
"username": "{{ username }}",
|
||||
"oauth": "{{ oauth }}",
|
||||
"channels": [
|
||||
"11148817",
|
||||
"77829817",
|
||||
"99659894",
|
||||
"22484632",
|
||||
"42426044",
|
||||
"62300805",
|
||||
"93031467",
|
||||
"14824099",
|
||||
"133554225",
|
||||
"36396364",
|
||||
"134551603",
|
||||
"43689956",
|
||||
"41015858",
|
||||
"74844182",
|
||||
"36588055",
|
||||
"30816637"
|
||||
]
|
||||
}
|
|
@ -1,15 +0,0 @@
|
|||
[Unit]
|
||||
Description=justlog service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/home/justlog/justlog
|
||||
WorkingDirectory=/home/justlog
|
||||
TimeoutStopSec=5
|
||||
User=justlog
|
||||
Group=justlog
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,28 +0,0 @@
|
|||
---
|
||||
- name: update and upgrade apt packages
|
||||
become: true
|
||||
apt:
|
||||
upgrade: yes
|
||||
update_cache: yes
|
||||
cache_valid_time: 86400 #One day
|
||||
|
||||
- name: install apt-transport-https
|
||||
apt: name=apt-transport-https state=present
|
||||
|
||||
- name: install htop
|
||||
apt: name=htop state=present
|
||||
|
||||
- name: install ufw firewall
|
||||
include: ufw.yml
|
||||
|
||||
- name: Ensure group "justlog" exists
|
||||
group:
|
||||
name: justlog
|
||||
state: present
|
||||
|
||||
- name: Create justlog user
|
||||
user:
|
||||
name: justlog
|
||||
shell: /bin/bash
|
||||
groups: justlog
|
||||
append: yes
|
|
@ -1,28 +0,0 @@
|
|||
---
|
||||
# - name: Install ufw
|
||||
# apt: package=ufw state=present
|
||||
|
||||
# - name: Configure ufw defaults
|
||||
# ufw: direction={{ item.direction }} policy={{ item.policy }}
|
||||
# with_items:
|
||||
# - { direction: 'incoming', policy: 'deny' }
|
||||
# - { direction: 'outgoing', policy: 'allow' }
|
||||
# notify:
|
||||
# - restart ufw
|
||||
|
||||
# - name: Configure ufw rules
|
||||
# ufw: rule={{ item.rule }} port={{ item.port }} proto={{ item.proto }}
|
||||
# with_items:
|
||||
# - { rule: 'limit', port: '{{ ssh_port | default("22") }}', proto: 'tcp' }
|
||||
# - { rule: 'allow', port: '80', proto: 'tcp' }
|
||||
# - { rule: 'allow', port: '443', proto: 'tcp' }
|
||||
# notify:
|
||||
# - restart ufw
|
||||
|
||||
# - name: Enable ufw logging
|
||||
# ufw: logging=on
|
||||
# notify:
|
||||
# - restart ufw
|
||||
|
||||
# - name: Enable ufw
|
||||
# ufw: state=enabled
|
|
@ -1,52 +0,0 @@
|
|||
---
|
||||
- name: Upgrade system
|
||||
apt: upgrade=dist update_cache=yes
|
||||
|
||||
- name: Install nginx
|
||||
apt: name=nginx state=latest
|
||||
|
||||
- name: install letsencrypt
|
||||
apt: name=letsencrypt state=latest
|
||||
|
||||
- name: create letsencrypt directory
|
||||
file: name=/var/www/letsencrypt state=directory
|
||||
|
||||
- name: Remove default nginx config
|
||||
file: name=/etc/nginx/sites-enabled/default state=absent
|
||||
|
||||
- name: Install system nginx config
|
||||
template:
|
||||
src: templates/nginx.conf.j2
|
||||
dest: /etc/nginx/nginx.conf
|
||||
|
||||
- name: Install nginx site for api
|
||||
template:
|
||||
src: templates/api.j2
|
||||
dest: /etc/nginx/sites-enabled/api
|
||||
|
||||
- name: Reload nginx to activate letsencrypt site
|
||||
service: name=nginx state=restarted
|
||||
|
||||
- name: Create letsencrypt certificate
|
||||
shell: letsencrypt certonly -n --webroot -w /var/www/letsencrypt -m {{ email }} --agree-tos -d {{ api_domain }}
|
||||
args:
|
||||
creates: /etc/letsencrypt/live/{{ api_domain }}
|
||||
|
||||
- name: Generate dhparams
|
||||
shell: openssl dhparam -out /etc/nginx/dhparams.pem 2048
|
||||
args:
|
||||
creates: /etc/nginx/dhparams.pem
|
||||
|
||||
- name: Install nginx site for api
|
||||
template:
|
||||
src: templates/api.le.j2
|
||||
dest: /etc/nginx/sites-enabled/api_le
|
||||
|
||||
- name: Reload nginx to activate specified site
|
||||
service: name=nginx state=restarted
|
||||
|
||||
- name: Add letsencrypt cronjob for cert renewal
|
||||
cron:
|
||||
name: letsencrypt_renewal
|
||||
special_time: weekly
|
||||
job: letsencrypt --renew certonly -n --webroot -w /var/www/letsencrypt -m {{ email }} --agree-tos -d {{ api_domain }} && service nginx reload
|
|
@ -1,15 +0,0 @@
|
|||
server_tokens off;
|
||||
|
||||
server {
|
||||
listen 80 default_server;
|
||||
server_name {{ api_domain }};
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
root /var/www/letsencrypt;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location / {
|
||||
rewrite ^ https://$host$request_uri? permanent;
|
||||
}
|
||||
}
|
|
@ -1,21 +0,0 @@
|
|||
server {
|
||||
listen 443 ssl default deferred;
|
||||
server_name {{ api_domain }};
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/{{ api_domain }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ api_domain }}/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/{{ api_domain }}/fullchain.pem;
|
||||
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_timeout 5m;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
|
||||
ssl_dhparam /etc/nginx/dhparams.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:8025;
|
||||
}
|
||||
}
|
|
@ -1,35 +0,0 @@
|
|||
user www-data;
|
||||
worker_processes 4;
|
||||
pid /run/nginx.pid;
|
||||
|
||||
events {
|
||||
worker_connections 2000;
|
||||
}
|
||||
|
||||
http {
|
||||
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
keepalive_timeout 65;
|
||||
types_hash_max_size 2048;
|
||||
proxy_connect_timeout 600;
|
||||
proxy_send_timeout 600;
|
||||
proxy_read_timeout 600;
|
||||
send_timeout 600;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
access_log /var/log/nginx/access.log;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
}
|
Loading…
Add table
Reference in a new issue