Upload playbooks.
This commit is contained in:
parent
5d6801fdb9
commit
4e441432bd
46
ansible_playbooks/nginx.conf
Normal file
46
ansible_playbooks/nginx.conf
Normal file
@ -0,0 +1,46 @@
|
||||
worker_processes auto;
|
||||
|
||||
events {
|
||||
worker_connections 512;
|
||||
}
|
||||
|
||||
http {
|
||||
resolver 127.0.0.11;
|
||||
|
||||
upstream backend {
|
||||
server code-server:8443 fail_timeout=30;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl default_server;
|
||||
server_name localhost;
|
||||
|
||||
ssl_protocols TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
ssl_certificate /etc/nginx/ssl/oracle-tf-demo_cert.pem;
|
||||
ssl_certificate_key /etc/nginx/ssl/oracle-tf-demo_privkey.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://backend;
|
||||
proxy_set_header Accept-Encoding gzip;
|
||||
proxy_set_header Connection upgrade;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_ssl_trusted_certificate /etc/nginx/ssl/oracle-tf-demo_cert.pem;
|
||||
proxy_ssl_verify on;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name $(REMOTE HOST GOES HERE);
|
||||
return 301 https://$(REMOTE HOST GOES HERE)$request_uri;
|
||||
}
|
||||
}
|
||||
103
ansible_playbooks/tf_app_playbook.yml
Normal file
103
ansible_playbooks/tf_app_playbook.yml
Normal file
@ -0,0 +1,103 @@
|
||||
---
|
||||
# Automate a self-hosted copy of code-server
|
||||
|
||||
- hosts: oracle
|
||||
remote_user: ubuntu
|
||||
name: Install and deploy vscode server
|
||||
become: true
|
||||
vars:
|
||||
|
||||
certificate_name: "oracle-tf-demo"
|
||||
|
||||
pre_tasks:
|
||||
|
||||
- name: Set a strong password to login to VS Code's browser editor
|
||||
ansible.builtin.pause:
|
||||
prompt: "Set a strong password to login to VS Code's browser editor"
|
||||
echo: false
|
||||
register: vscode_password
|
||||
no_log: true
|
||||
run_once: true
|
||||
|
||||
tasks:
|
||||
|
||||
- name: Copy nginx configuration to host
|
||||
ansible.builtin.copy:
|
||||
src: nginx.conf
|
||||
dest: ~/nginx.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0604'
|
||||
|
||||
- name: Download terraform binary
|
||||
ansible.builtin.get_url:
|
||||
url: https://releases.hashicorp.com/terraform/1.4.6/terraform_1.4.6_linux_amd64.zip
|
||||
dest: ~/terraform.zip
|
||||
mode: '0644'
|
||||
|
||||
- name: Unpack terraform binary
|
||||
ansible.builtin.unarchive:
|
||||
remote_src: true
|
||||
src: "/root/terraform.zip"
|
||||
dest: ~/
|
||||
|
||||
- name: Write self signed certificate
|
||||
become: false
|
||||
ansible.builtin.command: 'mkcert -ecdsa -client -cert-file="{{ certificate_name }}_cert.pem" -key-file="{{ certificate_name }}_privkey.pem" ubuntu@tf-demo'
|
||||
args:
|
||||
creates: "{{ certificate_name }}_privkey.pem"
|
||||
|
||||
- name: Create a custom docker network
|
||||
tags: docker
|
||||
community.docker.docker_network:
|
||||
name: nginx-vscode-network
|
||||
|
||||
- name: Launch the nginx-proxy container
|
||||
tags: docker
|
||||
community.docker.docker_container:
|
||||
name: nginx-proxy
|
||||
state: started
|
||||
image: nginx
|
||||
restart: true
|
||||
networks:
|
||||
- name: nginx-vscode-network
|
||||
aliases:
|
||||
- nginx-proxy
|
||||
volumes:
|
||||
- "~/nginx.conf:/etc/nginx/nginx.conf"
|
||||
- "/home/ubuntu/{{ certificate_name }}_cert.pem:/etc/nginx/ssl/{{ certificate_name }}_cert.pem"
|
||||
- "/home/ubuntu/{{ certificate_name }}_privkey.pem:/etc/nginx/ssl/{{ certificate_name }}_privkey.pem"
|
||||
pull: true
|
||||
ports:
|
||||
- "443:443"
|
||||
- "80:80"
|
||||
|
||||
- name: Launch the code-server container
|
||||
tags: docker
|
||||
community.docker.docker_container:
|
||||
name: code-server
|
||||
state: started
|
||||
image: "linuxserver/code-server"
|
||||
volumes:
|
||||
- "~/terraform:/usr/bin/terraform"
|
||||
- "/lib/:/lib/"
|
||||
- "/usr/:/usr/"
|
||||
networks:
|
||||
- name: nginx-vscode-network
|
||||
aliases:
|
||||
- code-server
|
||||
env:
|
||||
PASSWORD: "{{ vscode_password.user_input }}"
|
||||
pull: true
|
||||
ports:
|
||||
- "8443:8443"
|
||||
|
||||
- name: Allow HTTP(S) through the firewall
|
||||
ansible.builtin.iptables:
|
||||
chain: INPUT
|
||||
protocol: tcp
|
||||
destination_ports:
|
||||
- "443"
|
||||
- "80"
|
||||
- "8000"
|
||||
jump: ACCEPT
|
||||
47
ansible_playbooks/tf_infra_playbook.yml
Normal file
47
ansible_playbooks/tf_infra_playbook.yml
Normal file
@ -0,0 +1,47 @@
|
||||
---
|
||||
# Automate Oracle Cloud Compute configration
|
||||
|
||||
- hosts: oracle
|
||||
remote_user: ubuntu
|
||||
name: Install packages, updates, and swap
|
||||
become: true
|
||||
|
||||
tasks:
|
||||
|
||||
- name: Edit partition table on sdc
|
||||
tags: swap
|
||||
community.general.parted:
|
||||
device: /dev/sda
|
||||
number: 1
|
||||
state: present
|
||||
|
||||
- name: Format partition to swap
|
||||
tags: swap
|
||||
community.general.filesystem:
|
||||
fstype: swap
|
||||
dev: /dev/sda1
|
||||
|
||||
- name: Mount swap devices
|
||||
tags: swap
|
||||
ansible.builtin.command: "swapon /dev/sda1"
|
||||
args:
|
||||
creates:
|
||||
/tmp/swap_active
|
||||
|
||||
- name: Update all packages
|
||||
ansible.builtin.apt:
|
||||
update_cache: 'yes'
|
||||
upgrade: dist
|
||||
|
||||
- name: Install apt packages
|
||||
ansible.builtin.apt:
|
||||
pkg:
|
||||
- docker.io
|
||||
- mkcert
|
||||
- unzip
|
||||
- pip
|
||||
|
||||
- name: Reboot the instance
|
||||
tags: swap
|
||||
ansible.builtin.reboot:
|
||||
reboot_timeout: 120
|
||||
50
ansible_playbooks/wolfreealpha_residue.yml
Normal file
50
ansible_playbooks/wolfreealpha_residue.yml
Normal file
@ -0,0 +1,50 @@
|
||||
#
|
||||
# vars:
|
||||
#
|
||||
# search_path: "/var/lib/docker/containers/overlay2/*/diff/usr/share/nginx"
|
||||
# - name: Download the vscode server
|
||||
# become: true
|
||||
# ansible.builtin.get_url:
|
||||
# url: https://github.com/coder/code-server/releases/download/v4.12.0/code-server_4.12.0_amd64.deb
|
||||
# dest: .
|
||||
# mode: '0400'
|
||||
#
|
||||
# - name: Install vs-code server
|
||||
# become: true
|
||||
# ansible.builtin.apt:
|
||||
# deb: ./code-server_4.12.0_amd64.deb
|
||||
#
|
||||
# - name: Copy apt install log to disk
|
||||
# delegate_to: localhost
|
||||
# ansible.builtin.copy:
|
||||
# content: '{{ installout }}'
|
||||
# dest: ./install_log.txt
|
||||
# mode: '0600'
|
||||
#
|
||||
# - name: Download the wolfreealpha Dockerfile
|
||||
# become: true
|
||||
# ansible.builtin.get_url:
|
||||
# url: https://git.disroot.org/wolfree/wolfree-dockerfile/raw/branch/master/Dockerfile
|
||||
# dest: .
|
||||
# mode: '0400'
|
||||
#
|
||||
# - name: Copy apt update log to disk
|
||||
# delegate_to: localhost
|
||||
# ansible.builtin.copy:
|
||||
# content: '{{ updateout }}'
|
||||
# dest: ./update_log.txt
|
||||
# mode: '0600'
|
||||
#
|
||||
# - name: Check if file exists
|
||||
# become: true
|
||||
# ansible.builtin.stat:
|
||||
# path: "{{ search_path }}"
|
||||
# register: result
|
||||
#
|
||||
# - name: Build wolfreealpha container
|
||||
# become: true
|
||||
# environment:
|
||||
# DOCKER_BUILDKIT: 1
|
||||
# when: not result.stat.exists
|
||||
# ansible.builtin.command:
|
||||
# cmd: 'docker build --progress=plain --tag wolfree https://try.gitea.io/wolfree/wolfree-dockerfile.git'
|
||||
Loading…
Reference in New Issue
Block a user