hatecomputers
/
infra
6
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

add hatecomputers.club main page role

This commit is contained in:
Elizabeth Hunt 2024-03-26 18:49:53 -04:00
parent 2a7c67899c
commit 2663f4dda9
8 changed files with 77 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
deploy.yml
View File

@ -26,3 +26,6 @@
- name: CI - name: CI
ansible.builtin.import_playbook: playbooks/deploy-drone.yml ansible.builtin.import_playbook: playbooks/deploy-drone.yml
- name: Website for hatecomputers.club
ansible.builtin.import_playbook: playbooks/deploy-hatecomputers-club.yml

1
group_vars/host_domains.yml
View File

@ -9,3 +9,4 @@ host_domains:
# - himmel.hatecomputers.club # - himmel.hatecomputers.club
- git.hatecomputers.club - git.hatecomputers.club
- ci.hatecomputers.club - ci.hatecomputers.club
- hatecomputers.club

2
inventory
View File

@ -33,5 +33,5 @@ himmel.int.infra.hatecomputers.club ansible_user=root ansible_connection=ssh
[drone] [drone]
himmel.int.infra.hatecomputers.club ansible_user=root ansible_connection=ssh himmel.int.infra.hatecomputers.club ansible_user=root ansible_connection=ssh
[hatecomputers.club] [hatecomputers-club]
himmel.int.infra.hatecomputers.club ansible_user=root ansible_connection=ssh himmel.int.infra.hatecomputers.club ansible_user=root ansible_connection=ssh

6
playbooks/deploy-hatecomputers-club.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: hatecomputers.club setup
hosts: hatecomputers-club
roles:
- hatecomputers-club

23
playbooks/roles/hatecomputers-club/tasks/main.yml Normal file
View File

@ -0,0 +1,23 @@
---
- name: Ensure hatecomputers-club docker/compose exist
ansible.builtin.file:
path: /etc/docker/compose/hatecomputers-club
state: directory
owner: root
group: root
mode: 0700
- name: Build hatecomputers-club docker-compose.yml.j2
ansible.builtin.template:
src: docker-compose.yml.j2
dest: /etc/docker/compose/hatecomputers-club/docker-compose.yml
owner: root
group: root
mode: 0700
- name: Enable hatecomputers-club
ansible.builtin.systemd_service:
state: restarted
enabled: true
name: docker-compose@hatecomputers-club

14
playbooks/roles/hatecomputers-club/templates/docker-compose.yml.j2 Normal file
View File

@ -0,0 +1,14 @@
version: '3'
services:
kanidm:
image: git.hatecomputers.club/hatecomputers/hatecomputers.club:main
restart: always
ports:
- 127.0.0.1:9696:8080
environment:
- CLOUDFLARE_TOKEN={{ cloudflare_api_token }}
- CLOUDFLARE_ZONE={{ cloudflare_zone_id }}
volumes:
- ./db:/app/db

8
playbooks/roles/nginx/templates/himmel.int.infra.hatecomputers.club/http.hatecomputers.club.conf Normal file
View File

@ -0,0 +1,8 @@
server {
listen 80;
server_name hatecomputers.club;
location / {
rewrite ^ https://hatecomputers.club$request_uri? permanent;
}
}

21
playbooks/roles/nginx/templates/himmel.int.infra.hatecomputers.club/https.hatecomputers.club.conf Normal file
View File

@ -0,0 +1,21 @@
server {
server_name hatecomputers.club;
listen 443 ssl;
ssl_dhparam /etc/nginx/dhparams.pem;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers off;
ssl_certificate /etc/letsencrypt/live/hatecomputers.club/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hatecomputers.club/privkey.pem;
location / {
proxy_pass http://127.0.0.1:9696;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
}
}