140 lines
4.0 KiB
YAML
140 lines
4.0 KiB
YAML
---
|
|
- name: Get domain
|
|
ansible.builtin.shell:
|
|
cmd: hostname -d
|
|
register: domain
|
|
tags:
|
|
- install
|
|
- add_config
|
|
|
|
- name: Install docker (Debian)
|
|
ansible.builtin.apt:
|
|
name:
|
|
- docker.io
|
|
- docker-compose
|
|
update_cache: yes
|
|
when: ansible_facts['os_family'] == "Debian"
|
|
tags: install
|
|
|
|
- name: Install dependencies RHEL
|
|
block:
|
|
- name: Install docker (RHEL)
|
|
ansible.builtin.pip:
|
|
name:
|
|
- docker
|
|
- docker-compose
|
|
when: ansible_facts['os_family'] == "RedHat"
|
|
|
|
- name: Enable docker (RHEL)
|
|
ansible.builtin.systemd:
|
|
name: docker
|
|
state: restarted
|
|
enabled: true
|
|
daemon_reload: true
|
|
when: ansible_facts['os_family'] == "RedHat"
|
|
tags: install
|
|
|
|
- name: Install rproxy
|
|
block:
|
|
- name: Remove rproxy dir
|
|
ansible.builtin.file:
|
|
path: "{{ rproxy_dir }}"
|
|
state: absent
|
|
|
|
- name: Create rproxy dir
|
|
ansible.builtin.file:
|
|
path: "{{ rproxy_dir }}"
|
|
state: directory
|
|
|
|
- name: Create sites dir
|
|
ansible.builtin.file:
|
|
path: "{{ rproxy_dir }}/sites"
|
|
state: directory
|
|
|
|
- name: Create repo dir
|
|
ansible.builtin.file:
|
|
path: "{{ rproxy_dir }}/repo"
|
|
state: directory
|
|
mode: 0777
|
|
|
|
- name: Create certs dir
|
|
ansible.builtin.file:
|
|
path: "{{ rproxy_dir }}/certs"
|
|
state: directory
|
|
|
|
- name: Copy docker-compose
|
|
ansible.builtin.template:
|
|
src: templates/docker-compose.yml.j2
|
|
dest: "{{ rproxy_dir }}/docker-compose.yml"
|
|
|
|
- name: Copy nginx.conf
|
|
ansible.builtin.copy:
|
|
src: files/nginx.conf
|
|
dest: "{{ rproxy_dir }}/nginx.conf"
|
|
|
|
- name: Copy repo.conf
|
|
ansible.builtin.copy:
|
|
src: files/repo.conf
|
|
dest: "{{ rproxy_dir }}/sites/repo.conf"
|
|
|
|
- name: Copy RootCA certificate
|
|
ansible.builtin.copy:
|
|
src: files/RootCA.crt
|
|
dest: '{{ rproxy_dir }}/certs/RootCA.crt'
|
|
|
|
- name: Copy RootCA key
|
|
ansible.builtin.copy:
|
|
src: files/RootCA.key
|
|
dest: '{{ rproxy_dir }}/certs/RootCA.key'
|
|
|
|
- name: Start rproxy
|
|
community.docker.docker_compose:
|
|
project_src: "{{ rproxy_dir }}"
|
|
tags: install
|
|
|
|
- name: Create configs
|
|
block:
|
|
- name: Copy server.conf
|
|
ansible.builtin.template:
|
|
src: templates/server.conf.j2
|
|
dest: "{{ rproxy_dir }}/sites/{{ rproxy_service_name }}.conf"
|
|
|
|
- name: Copy server certificate cnf
|
|
ansible.builtin.template:
|
|
src: templates/server.cnf.j2
|
|
dest: '{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.cnf'
|
|
|
|
- name: Generate server key
|
|
ansible.builtin.shell:
|
|
cmd: 'openssl genrsa -out {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.key 2048'
|
|
|
|
- name: Generate server csr
|
|
ansible.builtin.shell:
|
|
cmd: 'openssl req -key {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.key -new -out {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.csr -config {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.cnf'
|
|
|
|
- name: Sign server certificate
|
|
ansible.builtin.shell:
|
|
cmd: 'openssl x509 -req -CA {{ rproxy_dir }}/certs/RootCA.crt -CAkey {{ rproxy_dir }}/certs/RootCA.key -in {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.csr -out {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.crt -CAcreateserial -extfile {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.cnf -days 365 -extensions v3_x509'
|
|
|
|
- name: Create fullchain certificate
|
|
ansible.builtin.shell:
|
|
cmd: 'cat {{ rproxy_dir }}/certs/RootCA.crt >> {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.crt'
|
|
|
|
- name: Delete csr
|
|
ansible.builtin.file:
|
|
path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.csr"
|
|
state: absent
|
|
|
|
- name: Delete cnf
|
|
ansible.builtin.file:
|
|
path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.cnf"
|
|
state: absent
|
|
|
|
- name: Restart rproxy
|
|
community.docker.docker_compose:
|
|
project_src: "{{ rproxy_dir }}"
|
|
build: false
|
|
restarted: true
|
|
tags: add_config
|
|
|