From 85e0b9f978083fd28e7aca9c8ea8231b7fe21f32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krist=C3=B3f=20Torma?= Date: Wed, 23 Nov 2022 15:17:59 +0100 Subject: [PATCH] prepare for mastodon --- .drone.yml | 4 ++++ host_vars/mastodon.yaml | 8 ++++++-- host_vars/matrix.yaml | 8 ++++++-- roles/common/tasks/apt.yaml | 18 ++++++++++++++++++ roles/common/templates/jfrog.conf.template | 3 +++ roles/webgateway/templates/nginx.conf | 4 ++++ roles/webgateway/vars/main.yaml | 5 +++-- roles/webserver/templates/nginx.conf | 11 +++++++++++ 8 files changed, 55 insertions(+), 6 deletions(-) create mode 100644 roles/common/templates/jfrog.conf.template diff --git a/.drone.yml b/.drone.yml index 841bf06..e95439f 100644 --- a/.drone.yml +++ b/.drone.yml @@ -26,6 +26,8 @@ steps: environment: ANSIBLE_HOST_KEY_CHECKING: "False" ANSIBLE_PRIVATE_KEY_FILE: "/drone/src/id_rsa" + ARTIFACTORY_APT_PASSWORD: + from_secret: ARTIFACTORY_APT_PASSWORD settings: playbook: nightly.yaml galaxy: requirements.yaml @@ -37,6 +39,8 @@ steps: environment: ANSIBLE_HOST_KEY_CHECKING: "False" ANSIBLE_PRIVATE_KEY_FILE: "/drone/src/id_rsa" + ARTIFACTORY_APT_PASSWORD: + from_secret: ARTIFACTORY_APT_PASSWORD settings: playbook: nightly.yaml galaxy: requirements.yaml diff --git a/host_vars/mastodon.yaml b/host_vars/mastodon.yaml index 8c1082f..d9a540d 100644 --- a/host_vars/mastodon.yaml +++ b/host_vars/mastodon.yaml @@ -2,7 +2,11 @@ ansible_host: mastodon.intra.tormakris.dev webserver: - domain: "mastodon.tormakristof.eu" - port: 8080 - bigrequests: false + port: 3000 + bigrequests: true https: false + additionallocations: + - location: "/api/v1/streaming" + https: false + port: 4000 ... diff --git a/host_vars/matrix.yaml b/host_vars/matrix.yaml index 4078321..491674c 100644 --- a/host_vars/matrix.yaml +++ b/host_vars/matrix.yaml @@ -3,10 +3,14 @@ ansible_host: matrix.intra.tormakris.dev webserver: - domain: "matrix.tormakristof.eu" port: 8080 - bigrequests: false + bigrequests: true https: false - domain: "chat.tormakristof.eu" port: 8181 - bigrequests: false + bigrequests: true https: false +firewall: + - port: "9000" + proto: tcp + interface: "eth0" ... diff --git a/roles/common/tasks/apt.yaml b/roles/common/tasks/apt.yaml index 2812329..5b5cddb 100644 --- a/roles/common/tasks/apt.yaml +++ b/roles/common/tasks/apt.yaml @@ -1,4 +1,21 @@ --- +- name: "Use custom Ubuntu mirror" + replace: + path: /etc/apt/sources.list + regexp: 'http://hu.archive.ubuntu.com' + replace: 'https://tormakris.jfrog.io/artifactory/ubuntu-mirror' + backup: yes + +- name: "Get JFrog password from local environment variable" + ansible.builtin.set_fact: + artifactory_password: "{{ lookup('env', 'ARTIFACTORY_APT_PASSWORD') }}" + delegate_to: localhost + +- name: "Render JFrog credentials configuration" + template: + src: jrog.conf.template + dest: /etc/apt/auth.conf.d/jfrog.conf + - name: "Remove Ubuntu bloatware" apt: state: absent @@ -35,4 +52,5 @@ - tcpdump - xxd - git + - ncdu ... diff --git a/roles/common/templates/jfrog.conf.template b/roles/common/templates/jfrog.conf.template new file mode 100644 index 0000000..474fbc5 --- /dev/null +++ b/roles/common/templates/jfrog.conf.template @@ -0,0 +1,3 @@ +machine tormakris.jfrog.io +login apt +password {{ artifactory_password }} diff --git a/roles/webgateway/templates/nginx.conf b/roles/webgateway/templates/nginx.conf index 4ba312c..89aced4 100644 --- a/roles/webgateway/templates/nginx.conf +++ b/roles/webgateway/templates/nginx.conf @@ -132,6 +132,10 @@ http { location /.well-known{ try_files $uri $uri/ =404; } + + location /.well-known/webfinger { + return 301 https://mastodon.tormakristof.eu$request_uri; + } } server { diff --git a/roles/webgateway/vars/main.yaml b/roles/webgateway/vars/main.yaml index 75f852f..b8ead98 100644 --- a/roles/webgateway/vars/main.yaml +++ b/roles/webgateway/vars/main.yaml @@ -4,8 +4,8 @@ proxy: - {domain: drone.kmlabz.com, ip: drone.intra.tormakris.dev, bigrequests: false} - {domain: git.kmlabz.com, ip: git.intra.tormakris.dev, bigrequests: false} - {domain: guacamole.tormakristof.eu, ip: guacamole.intra.tormakris.dev, bigrequests: false} - - {domain: matrix.tormakristof.eu, ip: matrix.intra.tormakris.dev, bigrequests: false} - - {domain: chat.tormakristof.eu, ip: matrix.intra.tormakris.dev, bigrequests: false} + - {domain: matrix.tormakristof.eu, ip: matrix.intra.tormakris.dev, bigrequests: true} + - {domain: chat.tormakristof.eu, ip: matrix.intra.tormakris.dev, bigrequests: true} - {domain: nexus.kmlabz.com, ip: nexus.intra.tormakris.dev, bigrequests: true} - {domain: registry.kmlabz.com, ip: nexus.intra.tormakris.dev, bigrequests: true} - {domain: swagger.kmlabz.com, ip: swagger.intra.tormakris.dev, bigrequests: false} @@ -15,6 +15,7 @@ proxy: - {domain: sharepoint.tormakristof.eu, ip: sharepoint.intra.tormakris.dev, bigrequests: true} - {domain: onedrive.tormakristof.eu, ip: sharepoint.intra.tormakris.dev, bigrequests: true} - {domain: yt.tormakristof.eu, ip: ytmirror.intra.tormakris.dev, bigrequests: true} + - {domain: mastodon.tormakristof.eu, ip: mastodon.intra.tormakris.dev, bigrequests: true} static: [] diff --git a/roles/webserver/templates/nginx.conf b/roles/webserver/templates/nginx.conf index 163d4a0..10990b3 100644 --- a/roles/webserver/templates/nginx.conf +++ b/roles/webserver/templates/nginx.conf @@ -88,6 +88,17 @@ http { allow 192.168.69.0/24; deny all; } + {%- if server.additionallocations is defined %} + {%- for location in server.additionallocations %} + location {{location.location}}{ + {% if location.https %} + proxy_pass https://127.0.0.1:{{ location.port }}; + {% else %} + proxy_pass http://127.0.0.1:{{ location.port }}; + {% endif %} + } + {%- endfor %} + {%- endif %} } {% endfor %}