diff options
| author | Elizabeth Hunt <me@liz.coffee> | 2025-05-01 00:27:42 -0700 |
|---|---|---|
| committer | Elizabeth Hunt <me@liz.coffee> | 2025-05-01 00:27:42 -0700 |
| commit | 2b9ff3c22f81a8d846bbc52aaa6f6524fec3bf77 (patch) | |
| tree | 17155b8b7c970d2fdd4b8ea87646a07a9d27ee59 /playbooks/roles | |
| parent | d357056752382ffe4ae866304d3573c361dbe21a (diff) | |
| download | infra-2b9ff3c22f81a8d846bbc52aaa6f6524fec3bf77.tar.gz infra-2b9ff3c22f81a8d846bbc52aaa6f6524fec3bf77.zip | |
initial src stuff
Diffstat (limited to 'playbooks/roles')
8 files changed, 83 insertions, 1 deletions
diff --git a/playbooks/roles/common/files/authorized_keys b/playbooks/roles/common/files/authorized_keys index abc559d..60edc04 100644 --- a/playbooks/roles/common/files/authorized_keys +++ b/playbooks/roles/common/files/authorized_keys @@ -1,2 +1,2 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnLAE5TrdYF8QWCSkvgUp15XKcwQJ9393a/CghSo8dG serve@ansible -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRHu3h9mDjQyFbojcxGKW0hPUDfgUmb2WCzd4Dv2qISM3GGt9LjD8o0IbWRNaTf5UyId5lu7wNHtygs5ZDfUVnlfxrI1CmoExuqkYFjy+R9Cu0x1J2w7+MrKPBd5akLCuKTTnXbyv79T0tLb07rCpGHojW8HH6wdDtg0siVqsPqZVTjg7WGbBYqiqlA5p8s+V9xN1q8lTOZrRI0PdgoU8W+1oIr9OHSG1ZeUBQx60izTEwMnWBxY2aA8SQolIVvsJCcMMc/EAnaz/rdJ5IkeqXGslIhUI7WCPHnPWN8CSdwMOLi5BNaOAK7Y2FkfKTUlO7I52BL87Cl3YpMxR0mTDrfSJTSp0B3ZAbUIXDA7biSh04YLwGQVI799vcyJf355A60btPaiuiBgI0am3h0WxnOACg7K6eV023EiUQ24UjlQ8pufHcJ1oDW8v6LHlp/atCWOl9KQIun9UUg8DD8/BLPprc0wzAV6Nco0ZIedouxZuUhduYYvUrLJ+ICpaZg6oPGitVJPIgyyI+WTfjRN4WTj/Z3Yhuj0RqF8b5ea4FNWuJtfF724t7SVnZsYlZGSCqL8gaEzbIATVe3THn5VwbK+S4ELD/9W6MOd6aZcTOK2yP3jlwjcjnW8sLuX+2qNwtSVVa4o5VsRZU40Da+3flzoBsyUwSE3H2PsFPH29lIQ== lizzy@yubikey +{{ me_lizcoffee_key }} diff --git a/playbooks/roles/nginx-proxy/templates/docker-compose.yml b/playbooks/roles/nginx-proxy/templates/docker-compose.yml index 49947a6..57f4d64 100644 --- a/playbooks/roles/nginx-proxy/templates/docker-compose.yml +++ b/playbooks/roles/nginx-proxy/templates/docker-compose.yml @@ -16,6 +16,8 @@ services: - "993:993" # sieve - "4190:4190" + # src + - "23231:23231" volumes: - /var/run/docker.sock:/tmp/docker.sock:ro - {{ nginx_proxy_base }}/certs:/etc/nginx/certs diff --git a/playbooks/roles/nginx-proxy/templates/toplevel.conf.d/stream.conf b/playbooks/roles/nginx-proxy/templates/toplevel.conf.d/stream.conf index fd2babe..315743a 100644 --- a/playbooks/roles/nginx-proxy/templates/toplevel.conf.d/stream.conf +++ b/playbooks/roles/nginx-proxy/templates/toplevel.conf.d/stream.conf @@ -20,6 +20,10 @@ stream { server {{ vpn_proxy_filter_container_name }}:4190; } + upstream src { + server {{ vpn_proxy_filter_container_name }}:23231; + } + server { listen 993; proxy_pass imaps; @@ -45,6 +49,10 @@ stream { proxy_pass managesieve; proxy_protocol on; } + server { + listen 23231; + proxy_pass src; + } } {% endif %} diff --git a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf new file mode 100644 index 0000000..ad24e23 --- /dev/null +++ b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf @@ -0,0 +1,15 @@ +server { + listen 80; + server_name src.liz.coffee; + location / { + proxy_pass https://{{ loadbalancer_ip }}; + proxy_ssl_verify off; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +} diff --git a/playbooks/roles/outbound/templates/proxy/nginx/toplevel.conf.d/stream.conf b/playbooks/roles/outbound/templates/proxy/nginx/toplevel.conf.d/stream.conf index 193e65a..80a4510 100644 --- a/playbooks/roles/outbound/templates/proxy/nginx/toplevel.conf.d/stream.conf +++ b/playbooks/roles/outbound/templates/proxy/nginx/toplevel.conf.d/stream.conf @@ -17,6 +17,9 @@ stream { upstream managesieve { server {{ loadbalancer_ip }}:4190; } + upstream src { + server {{ loadbalancer_ip }}:23231; + } server { set_real_ip_from {{ docker_network }}; @@ -53,4 +56,8 @@ stream { proxy_pass managesieve; proxy_protocol on; } + server { + listen 23231; + proxy_pass src; + } } diff --git a/playbooks/roles/src/tasks/main.yml b/playbooks/roles/src/tasks/main.yml new file mode 100644 index 0000000..a18b2c1 --- /dev/null +++ b/playbooks/roles/src/tasks/main.yml @@ -0,0 +1,8 @@ +--- + +- name: Deploy src + ansible.builtin.import_tasks: manage-docker-swarm-service.yml + vars: + service_name: src + template_render_dir: "../templates" + service_destination_dir: "{{ src_base }}" diff --git a/playbooks/roles/src/templates/stacks/docker-compose.yml b/playbooks/roles/src/templates/stacks/docker-compose.yml new file mode 100644 index 0000000..11d95e6 --- /dev/null +++ b/playbooks/roles/src/templates/stacks/docker-compose.yml @@ -0,0 +1,42 @@ +services: + src: + image: charmcli/soft-serve + volumes: + - {{ src_base }}/volumes/data:/soft-serve + ports: + - "23231:23231" + environment: + - TZ={{ timezone }} + - DEPLOYMENT_TIME={{ now() }} + - SOFT_SERVE_NAME={{ src_domain }} + - SOFT_SERVE_HTTP_PUBLIC_URL=https://{{ src_domain }} + - SOFT_SERVE_INITIAL_ADMIN_KEYS={{ src_admin_keys }} + networks: + - proxy + healthcheck: + test: ["CMD-SHELL", "echo hi"] # todo: something more meaningful + timeout: 15s + interval: 30s + retries: 3 + start_period: 10s + deploy: + mode: replicated + update_config: + parallelism: 1 + failure_action: rollback + order: start-first + delay: 10s + monitor: 45s + replicas: 1 + labels: + - traefik.enable=true + - traefik.swarm.network=proxy + - traefik.http.routers.src.tls=true + - traefik.http.routers.src.tls.certResolver=letsencrypt + - traefik.http.routers.src.rule=Host(`{{ src_domain }}`) + - traefik.http.routers.src.entrypoints=websecure + - traefik.http.services.src.loadbalancer.server.port=23232 + +networks: + proxy: + external: true diff --git a/playbooks/roles/src/templates/volumes/data/.gitkeep b/playbooks/roles/src/templates/volumes/data/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/playbooks/roles/src/templates/volumes/data/.gitkeep |