mharb
/
tf-oci-ans-selfhost-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Upload playbooks.

This commit is contained in:
mharb 2023-07-31 14:43:21 +00:00
parent 5d6801fdb9
commit 4e441432bd
4 changed files with 246 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
ansible_playbooks/nginx.conf Normal file
View File

@ -0,0 +1,46 @@
worker_processes auto;
events {
worker_connections 512;
}
http {
resolver 127.0.0.11;
upstream backend {
server code-server:8443 fail_timeout=30;
}
server {
listen 443 ssl default_server;
server_name localhost;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_certificate /etc/nginx/ssl/oracle-tf-demo_cert.pem;
ssl_certificate_key /etc/nginx/ssl/oracle-tf-demo_privkey.pem;
location / {
proxy_pass http://backend;
proxy_set_header Accept-Encoding gzip;
proxy_set_header Connection upgrade;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_ssl_server_name on;
proxy_ssl_trusted_certificate /etc/nginx/ssl/oracle-tf-demo_cert.pem;
proxy_ssl_verify on;
}
}
server {
listen 80;
server_name $(REMOTE HOST GOES HERE);
return 301 https://$(REMOTE HOST GOES HERE)$request_uri;
}
}

103
ansible_playbooks/tf_app_playbook.yml Normal file
View File

@ -0,0 +1,103 @@
---
# Automate a self-hosted copy of code-server
- hosts: oracle
remote_user: ubuntu
name: Install and deploy vscode server
become: true
vars:
certificate_name: "oracle-tf-demo"
pre_tasks:
- name: Set a strong password to login to VS Code's browser editor
ansible.builtin.pause:
prompt: "Set a strong password to login to VS Code's browser editor"
echo: false
register: vscode_password
no_log: true
run_once: true
tasks:
- name: Copy nginx configuration to host
ansible.builtin.copy:
src: nginx.conf
dest: ~/nginx.conf
owner: root
group: root
mode: '0604'
- name: Download terraform binary
ansible.builtin.get_url:
url: https://releases.hashicorp.com/terraform/1.4.6/terraform_1.4.6_linux_amd64.zip
dest: ~/terraform.zip
mode: '0644'
- name: Unpack terraform binary
ansible.builtin.unarchive:
remote_src: true
src: "/root/terraform.zip"
dest: ~/
- name: Write self signed certificate
become: false
ansible.builtin.command: 'mkcert -ecdsa -client -cert-file="{{ certificate_name }}_cert.pem" -key-file="{{ certificate_name }}_privkey.pem" ubuntu@tf-demo'
args:
creates: "{{ certificate_name }}_privkey.pem"
- name: Create a custom docker network
tags: docker
community.docker.docker_network:
name: nginx-vscode-network
- name: Launch the nginx-proxy container
tags: docker
community.docker.docker_container:
name: nginx-proxy
state: started
image: nginx
restart: true
networks:
- name: nginx-vscode-network
aliases:
- nginx-proxy
volumes:
- "~/nginx.conf:/etc/nginx/nginx.conf"
- "/home/ubuntu/{{ certificate_name }}_cert.pem:/etc/nginx/ssl/{{ certificate_name }}_cert.pem"
- "/home/ubuntu/{{ certificate_name }}_privkey.pem:/etc/nginx/ssl/{{ certificate_name }}_privkey.pem"
pull: true
ports:
- "443:443"
- "80:80"
- name: Launch the code-server container
tags: docker
community.docker.docker_container:
name: code-server
state: started
image: "linuxserver/code-server"
volumes:
- "~/terraform:/usr/bin/terraform"
- "/lib/:/lib/"
- "/usr/:/usr/"
networks:
- name: nginx-vscode-network
aliases:
- code-server
env:
PASSWORD: "{{ vscode_password.user_input }}"
pull: true
ports:
- "8443:8443"
- name: Allow HTTP(S) through the firewall
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
destination_ports:
- "443"
- "80"
- "8000"
jump: ACCEPT

47
ansible_playbooks/tf_infra_playbook.yml Normal file
View File

@ -0,0 +1,47 @@
---
# Automate Oracle Cloud Compute configration
- hosts: oracle
remote_user: ubuntu
name: Install packages, updates, and swap
become: true
tasks:
- name: Edit partition table on sdc
tags: swap
community.general.parted:
device: /dev/sda
number: 1
state: present
- name: Format partition to swap
tags: swap
community.general.filesystem:
fstype: swap
dev: /dev/sda1
- name: Mount swap devices
tags: swap
ansible.builtin.command: "swapon /dev/sda1"
args:
creates:
/tmp/swap_active
- name: Update all packages
ansible.builtin.apt:
update_cache: 'yes'
upgrade: dist
- name: Install apt packages
ansible.builtin.apt:
pkg:
- docker.io
- mkcert
- unzip
- pip
- name: Reboot the instance
tags: swap
ansible.builtin.reboot:
reboot_timeout: 120

50
ansible_playbooks/wolfreealpha_residue.yml Normal file
View File

@ -0,0 +1,50 @@
#
# vars:
#
# search_path: "/var/lib/docker/containers/overlay2/*/diff/usr/share/nginx"
# - name: Download the vscode server
# become: true
# ansible.builtin.get_url:
# url: https://github.com/coder/code-server/releases/download/v4.12.0/code-server_4.12.0_amd64.deb
# dest: .
# mode: '0400'
#
# - name: Install vs-code server
# become: true
# ansible.builtin.apt:
# deb: ./code-server_4.12.0_amd64.deb
#
# - name: Copy apt install log to disk
# delegate_to: localhost
# ansible.builtin.copy:
# content: '{{ installout }}'
# dest: ./install_log.txt
# mode: '0600'
#
# - name: Download the wolfreealpha Dockerfile
# become: true
# ansible.builtin.get_url:
# url: https://git.disroot.org/wolfree/wolfree-dockerfile/raw/branch/master/Dockerfile
# dest: .
# mode: '0400'
#
# - name: Copy apt update log to disk
# delegate_to: localhost
# ansible.builtin.copy:
# content: '{{ updateout }}'
# dest: ./update_log.txt
# mode: '0600'
#
# - name: Check if file exists
# become: true
# ansible.builtin.stat:
# path: "{{ search_path }}"
# register: result
#
# - name: Build wolfreealpha container
# become: true
# environment:
# DOCKER_BUILDKIT: 1
# when: not result.stat.exists
# ansible.builtin.command:
# cmd: 'docker build --progress=plain --tag wolfree https://try.gitea.io/wolfree/wolfree-dockerfile.git'