From 4e441432bd907371bd7a98c194d0997991d11d54 Mon Sep 17 00:00:00 2001 From: mharb Date: Mon, 31 Jul 2023 14:43:21 +0000 Subject: [PATCH] Upload playbooks. --- ansible_playbooks/nginx.conf | 46 +++++++++ ansible_playbooks/tf_app_playbook.yml | 103 +++++++++++++++++++++ ansible_playbooks/tf_infra_playbook.yml | 47 ++++++++++ ansible_playbooks/wolfreealpha_residue.yml | 50 ++++++++++ 4 files changed, 246 insertions(+) create mode 100644 ansible_playbooks/nginx.conf create mode 100644 ansible_playbooks/tf_app_playbook.yml create mode 100644 ansible_playbooks/tf_infra_playbook.yml create mode 100644 ansible_playbooks/wolfreealpha_residue.yml diff --git a/ansible_playbooks/nginx.conf b/ansible_playbooks/nginx.conf new file mode 100644 index 0000000..addc5c2 --- /dev/null +++ b/ansible_playbooks/nginx.conf @@ -0,0 +1,46 @@ +worker_processes auto; + +events { + worker_connections 512; +} + +http { + resolver 127.0.0.11; + + upstream backend { + server code-server:8443 fail_timeout=30; + } + + server { + listen 443 ssl default_server; + server_name localhost; + + ssl_protocols TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_stapling on; + ssl_stapling_verify on; + ssl_certificate /etc/nginx/ssl/oracle-tf-demo_cert.pem; + ssl_certificate_key /etc/nginx/ssl/oracle-tf-demo_privkey.pem; + + location / { + proxy_pass http://backend; + proxy_set_header Accept-Encoding gzip; + proxy_set_header Connection upgrade; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Real-IP $remote_addr; + proxy_ssl_server_name on; + proxy_ssl_trusted_certificate /etc/nginx/ssl/oracle-tf-demo_cert.pem; + proxy_ssl_verify on; + } + } + + server { + listen 80; + server_name $(REMOTE HOST GOES HERE); + return 301 https://$(REMOTE HOST GOES HERE)$request_uri; + } +} diff --git a/ansible_playbooks/tf_app_playbook.yml b/ansible_playbooks/tf_app_playbook.yml new file mode 100644 index 0000000..c1b833d --- /dev/null +++ b/ansible_playbooks/tf_app_playbook.yml @@ -0,0 +1,103 @@ +--- +# Automate a self-hosted copy of code-server + +- hosts: oracle + remote_user: ubuntu + name: Install and deploy vscode server + become: true + vars: + + certificate_name: "oracle-tf-demo" + + pre_tasks: + + - name: Set a strong password to login to VS Code's browser editor + ansible.builtin.pause: + prompt: "Set a strong password to login to VS Code's browser editor" + echo: false + register: vscode_password + no_log: true + run_once: true + + tasks: + + - name: Copy nginx configuration to host + ansible.builtin.copy: + src: nginx.conf + dest: ~/nginx.conf + owner: root + group: root + mode: '0604' + + - name: Download terraform binary + ansible.builtin.get_url: + url: https://releases.hashicorp.com/terraform/1.4.6/terraform_1.4.6_linux_amd64.zip + dest: ~/terraform.zip + mode: '0644' + + - name: Unpack terraform binary + ansible.builtin.unarchive: + remote_src: true + src: "/root/terraform.zip" + dest: ~/ + + - name: Write self signed certificate + become: false + ansible.builtin.command: 'mkcert -ecdsa -client -cert-file="{{ certificate_name }}_cert.pem" -key-file="{{ certificate_name }}_privkey.pem" ubuntu@tf-demo' + args: + creates: "{{ certificate_name }}_privkey.pem" + + - name: Create a custom docker network + tags: docker + community.docker.docker_network: + name: nginx-vscode-network + + - name: Launch the nginx-proxy container + tags: docker + community.docker.docker_container: + name: nginx-proxy + state: started + image: nginx + restart: true + networks: + - name: nginx-vscode-network + aliases: + - nginx-proxy + volumes: + - "~/nginx.conf:/etc/nginx/nginx.conf" + - "/home/ubuntu/{{ certificate_name }}_cert.pem:/etc/nginx/ssl/{{ certificate_name }}_cert.pem" + - "/home/ubuntu/{{ certificate_name }}_privkey.pem:/etc/nginx/ssl/{{ certificate_name }}_privkey.pem" + pull: true + ports: + - "443:443" + - "80:80" + + - name: Launch the code-server container + tags: docker + community.docker.docker_container: + name: code-server + state: started + image: "linuxserver/code-server" + volumes: + - "~/terraform:/usr/bin/terraform" + - "/lib/:/lib/" + - "/usr/:/usr/" + networks: + - name: nginx-vscode-network + aliases: + - code-server + env: + PASSWORD: "{{ vscode_password.user_input }}" + pull: true + ports: + - "8443:8443" + + - name: Allow HTTP(S) through the firewall + ansible.builtin.iptables: + chain: INPUT + protocol: tcp + destination_ports: + - "443" + - "80" + - "8000" + jump: ACCEPT diff --git a/ansible_playbooks/tf_infra_playbook.yml b/ansible_playbooks/tf_infra_playbook.yml new file mode 100644 index 0000000..e3f85ec --- /dev/null +++ b/ansible_playbooks/tf_infra_playbook.yml @@ -0,0 +1,47 @@ +--- +# Automate Oracle Cloud Compute configration + +- hosts: oracle + remote_user: ubuntu + name: Install packages, updates, and swap + become: true + + tasks: + + - name: Edit partition table on sdc + tags: swap + community.general.parted: + device: /dev/sda + number: 1 + state: present + + - name: Format partition to swap + tags: swap + community.general.filesystem: + fstype: swap + dev: /dev/sda1 + + - name: Mount swap devices + tags: swap + ansible.builtin.command: "swapon /dev/sda1" + args: + creates: + /tmp/swap_active + + - name: Update all packages + ansible.builtin.apt: + update_cache: 'yes' + upgrade: dist + + - name: Install apt packages + ansible.builtin.apt: + pkg: + - docker.io + - mkcert + - unzip + - pip + + - name: Reboot the instance + tags: swap + ansible.builtin.reboot: + reboot_timeout: 120 diff --git a/ansible_playbooks/wolfreealpha_residue.yml b/ansible_playbooks/wolfreealpha_residue.yml new file mode 100644 index 0000000..b2e719a --- /dev/null +++ b/ansible_playbooks/wolfreealpha_residue.yml @@ -0,0 +1,50 @@ +# +# vars: +# +# search_path: "/var/lib/docker/containers/overlay2/*/diff/usr/share/nginx" +# - name: Download the vscode server +# become: true +# ansible.builtin.get_url: +# url: https://github.com/coder/code-server/releases/download/v4.12.0/code-server_4.12.0_amd64.deb +# dest: . +# mode: '0400' +# +# - name: Install vs-code server +# become: true +# ansible.builtin.apt: +# deb: ./code-server_4.12.0_amd64.deb +# +# - name: Copy apt install log to disk +# delegate_to: localhost +# ansible.builtin.copy: +# content: '{{ installout }}' +# dest: ./install_log.txt +# mode: '0600' +# +# - name: Download the wolfreealpha Dockerfile +# become: true +# ansible.builtin.get_url: +# url: https://git.disroot.org/wolfree/wolfree-dockerfile/raw/branch/master/Dockerfile +# dest: . +# mode: '0400' +# +# - name: Copy apt update log to disk +# delegate_to: localhost +# ansible.builtin.copy: +# content: '{{ updateout }}' +# dest: ./update_log.txt +# mode: '0600' +# +# - name: Check if file exists +# become: true +# ansible.builtin.stat: +# path: "{{ search_path }}" +# register: result +# +# - name: Build wolfreealpha container +# become: true +# environment: +# DOCKER_BUILDKIT: 1 +# when: not result.stat.exists +# ansible.builtin.command: +# cmd: 'docker build --progress=plain --tag wolfree https://try.gitea.io/wolfree/wolfree-dockerfile.git'