add hatecomputers.club main page role

2024-03-26 18:49:53 -04:00 · 2024-03-26 18:49:53 -04:00 · 2663f4dda9
parent 2a7c67899c
commit 2663f4dda9
8 changed files with 77 additions and 1 deletions
--- a/deploy.yml
+++ b/deploy.yml
@ -26,3 +26,6 @@

 - name: CI
  ansible.builtin.import_playbook: playbooks/deploy-drone.yml
+
+- name: Website for hatecomputers.club
+  ansible.builtin.import_playbook: playbooks/deploy-hatecomputers-club.yml
--- a/group_vars/host_domains.yml
+++ b/group_vars/host_domains.yml
@ -9,3 +9,4 @@ host_domains:
    # - himmel.hatecomputers.club
    - git.hatecomputers.club
    - ci.hatecomputers.club
+    - hatecomputers.club
--- a/2
+++ b/2
@ -33,5 +33,5 @@ himmel.int.infra.hatecomputers.club  ansible_user=root ansible_connection=ssh
 [drone]
 himmel.int.infra.hatecomputers.club  ansible_user=root ansible_connection=ssh

-[hatecomputers.club]
+[hatecomputers-club]
 himmel.int.infra.hatecomputers.club  ansible_user=root ansible_connection=ssh
--- a/playbooks/deploy-hatecomputers-club.yml
+++ b/playbooks/deploy-hatecomputers-club.yml
@ -0,0 +1,6 @@
+---
+
+- name: hatecomputers.club setup
+  hosts: hatecomputers-club
+  roles:
+    - hatecomputers-club
--- a/playbooks/roles/hatecomputers-club/tasks/main.yml
+++ b/playbooks/roles/hatecomputers-club/tasks/main.yml
@ -0,0 +1,23 @@
+---
+
+- name: Ensure hatecomputers-club docker/compose exist
+  ansible.builtin.file:
+    path: /etc/docker/compose/hatecomputers-club
+    state: directory
+    owner: root
+    group: root
+    mode: 0700
+
+- name: Build hatecomputers-club docker-compose.yml.j2
+  ansible.builtin.template:
+    src: docker-compose.yml.j2
+    dest: /etc/docker/compose/hatecomputers-club/docker-compose.yml
+    owner: root
+    group: root
+    mode: 0700
+
+- name: Enable hatecomputers-club
+  ansible.builtin.systemd_service:
+    state: restarted
+    enabled: true
+    name: docker-compose@hatecomputers-club
--- a/playbooks/roles/hatecomputers-club/templates/docker-compose.yml.j2
+++ b/playbooks/roles/hatecomputers-club/templates/docker-compose.yml.j2
@ -0,0 +1,14 @@
+
+version: '3'
+
+services:
+  kanidm:
+    image: git.hatecomputers.club/hatecomputers/hatecomputers.club:main
+    restart: always
+    ports:
+      - 127.0.0.1:9696:8080
+    environment:
+      - CLOUDFLARE_TOKEN={{ cloudflare_api_token }}
+      - CLOUDFLARE_ZONE={{ cloudflare_zone_id }}
+    volumes:
+      - ./db:/app/db
--- a/playbooks/roles/nginx/templates/himmel.int.infra.hatecomputers.club/http.hatecomputers.club.conf
+++ b/playbooks/roles/nginx/templates/himmel.int.infra.hatecomputers.club/http.hatecomputers.club.conf
@ -0,0 +1,8 @@
+server {
+  listen 80;
+  server_name hatecomputers.club;
+
+  location / {
+    rewrite ^ https://hatecomputers.club$request_uri? permanent;
+  }
+}
--- a/playbooks/roles/nginx/templates/himmel.int.infra.hatecomputers.club/https.hatecomputers.club.conf
+++ b/playbooks/roles/nginx/templates/himmel.int.infra.hatecomputers.club/https.hatecomputers.club.conf
@ -0,0 +1,21 @@
+server {
+  server_name hatecomputers.club;
+  listen 443 ssl;
+
+  ssl_dhparam /etc/nginx/dhparams.pem;
+  
+  ssl_session_timeout 1d;
+  ssl_session_tickets off;
+  ssl_protocols TLSv1.2 TLSv1.3;
+  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+  ssl_prefer_server_ciphers off;
+
+  ssl_certificate /etc/letsencrypt/live/hatecomputers.club/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/hatecomputers.club/privkey.pem;
+
+  location / {
+    proxy_pass         http://127.0.0.1:9696;
+    proxy_set_header   X-Real-IP $remote_addr;
+    proxy_set_header   Host $host;
+  }
+}