stargate-cluster/vm-ansible
stargate-cluster/vm-ansible
1
0
Fork 0
Code Pull Requests Releases Activity

fix vikunja
Some checks reported errors
continuous-integration/drone/push Build was killed
Details

Browse Source
This commit is contained in:
Torma Kristóf 2023-08-14 20:23:20 +02:00
parent a769494bc7
commit 8fb0ebb6fb
3 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
host_vars/vikunja.yaml
View File

@ -2,7 +2,11 @@
ansible_host: vikunja.intra.tormakris.dev ansible_host: vikunja.intra.tormakris.dev
webserver: webserver:
- domain: "vikunja.tormakristof.eu" - domain: "vikunja.tormakristof.eu"
port: 8080 port: 8081
bigrequests: false bigrequests: false
https: false https: false
additionallocations:
- https: true
port: 8080
location: '~* ^/(api|dav|\.well-known)/'
... ...

10
roles/realmd/tasks/main.yaml
View File

@ -28,12 +28,12 @@
ansible.builtin.set_fact: ansible.builtin.set_fact:
join_passw: "{{ lookup('env', 'JOIN_PASSW') }}" join_passw: "{{ lookup('env', 'JOIN_PASSW') }}"
delegate_to: localhost delegate_to: localhost
when: found in checkjoined and checkjoined.found == 0 when: checkjoined.found == 0
- name: Join to AD with realmd - name: Join to AD with realmd
ansible.builtin.shell: ansible.builtin.shell:
cmd: echo {{ join_passw }} | realm join -v -U tormakris_admin intra.tormakris.dev cmd: echo {{ join_passw }} | realm join -v -U tormakris_admin intra.tormakris.dev
when: found in checkjoined and checkjoined.found == 0 when: checkjoined.found == 0
- name: Enable pam homedir create on first logon - name: Enable pam homedir create on first logon
ansible.builtin.command: ansible.builtin.command:
@ -53,7 +53,7 @@
state: present state: present
path: /etc/sssd/sssd.conf path: /etc/sssd/sssd.conf
line: "ad_gpo_access_control = disabled" line: "ad_gpo_access_control = disabled"
when: found in checkadgpoac and checkadgpoac.found == 0 when: checkadgpoac.found == 0
- name: Check if ad_access_filter is set - name: Check if ad_access_filter is set
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
@ -69,7 +69,7 @@
state: present state: present
path: /etc/sssd/sssd.conf path: /etc/sssd/sssd.conf
line: "ad_access_filter = memberOf=CN=LinuxUsers,OU=Service Groups,DC=intra,DC=tormakris,DC=dev" line: "ad_access_filter = memberOf=CN=LinuxUsers,OU=Service Groups,DC=intra,DC=tormakris,DC=dev"
when: found in checkadaf and checkadaf.found == 0 when: checkadaf.found == 0
- name: "Restart sssd" - name: "Restart sssd"
ansible.builtin.service: ansible.builtin.service:
@ -90,5 +90,5 @@
state: present state: present
path: /etc/sudoers path: /etc/sudoers
line: "%linuxadmins@intra.tormakris.dev ALL=(ALL) NOPASSWD: ALL" line: "%linuxadmins@intra.tormakris.dev ALL=(ALL) NOPASSWD: ALL"
when: found in checksudoers and checksudoers.found == 0 when: checksudoers.found == 0
... ...

8
roles/webserver/templates/nginx.conf
View File

@ -65,16 +65,16 @@ http {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
{%- for server in webserver %} {% for server in webserver %}
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name {{ server.domain }}; server_name {{ server.domain }};
ssl_certificate /etc/letsencrypt/live/{{ server.domain }}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/{{ server.domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ server.domain }}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/{{ server.domain }}/privkey.pem;
{% if server.bigrequests -%} {% if server.bigrequests %}
client_max_body_size 8G; client_max_body_size 8G;
{% endif -%} {% endif %}
location /{ location /{
{% if server.https %} {% if server.https %}
proxy_pass https://127.0.0.1:{{ server.port }}; proxy_pass https://127.0.0.1:{{ server.port }};
@ -100,7 +100,7 @@ http {
proxy_pass http://127.0.0.1:{{ location.port }}; proxy_pass http://127.0.0.1:{{ location.port }};
{% endif %} {% endif %}
} }
{% endfor -%} {% endfor %}
{% endif %} {% endif %}
} }