diff --git a/common.yaml b/common.yaml index ad94391..97f699b 100644 --- a/common.yaml +++ b/common.yaml @@ -1,5 +1,5 @@ --- -- hosts: git.0rpheus.net +- hosts: mail.0rpheus.net roles: - haproxy \ No newline at end of file diff --git a/hosts.yaml b/hosts.yaml index e8c9433..90943ae 100644 --- a/hosts.yaml +++ b/hosts.yaml @@ -2,40 +2,43 @@ all: hosts: - git.0rpheus.net: + mail.0rpheus.net: vars: - ansible_become: true + ansible_become: false + + haproxy_domains: + # : + smokeping.0rpheus.net: smokeping + seafile.0rpheus.net: odroid + tt-rss.0rpheus.net: odroid + mail.0rpheus.net: apache + blog.0rpheus.net: apache + git.0rpheus.net: gogs + # haproxy backends haproxy_backends: - seafile.0rpheus.net: - server_defs: - - "odroid 169.254.1.3:80 check" - - smokeping.0rpheus.net: - server_defs: - - "odroid 169.254.1.3:1080 check" - - tt-rss.0rpheus.net: + apache: server_defs: - - "odroid 169.254.1.3:80 check" + - "apache 127.0.0.1:8080 check" + + odroid: + server_defs: + - "odroid 172.30.30.2:80 check" + + smokeping: + server_defs: + - "odroid-docker 172.30.30.2:1080 check" post.0rpheus.net: server_defs: - "docker 127.0.0.1:4000 check" - blog.0rpheus.net: + gogs: server_defs: - - "lighttpd 127.0.0.1:2020 check" + - "gogs-web-1 127.0.0.1:3000 check" - git.0rpheus.net: - server_defs: - - "gogs 127.0.0.1:3000 check" - - ox.0rpheus.net: - server_defs: - - "docker 127.0.0.1:81 check" diff --git a/roles/haproxy/files/update_haproxy_certs.sh b/roles/haproxy/files/update_haproxy_certs.sh index 4d9d528..ae4e2be 100755 --- a/roles/haproxy/files/update_haproxy_certs.sh +++ b/roles/haproxy/files/update_haproxy_certs.sh @@ -34,8 +34,3 @@ do done systemctl reload haproxy - -# update jabber -cat /etc/letsencrypt/live/jabber.0rpheus.net/fullchain.pem > /etc/prosody/certs/jabber.0rpheus.net.crt -cat /etc/letsencrypt/live/jabber.0rpheus.net/privkey.pem > /etc/prosody/certs/jabber.0rpheus.net.key -systemctl restart prosody.service diff --git a/roles/haproxy/tasks/main.yaml b/roles/haproxy/tasks/main.yaml index d43dc2f..4a7d064 100644 --- a/roles/haproxy/tasks/main.yaml +++ b/roles/haproxy/tasks/main.yaml @@ -20,10 +20,14 @@ system: yes create_home: no -- name: create config dir +- name: create directories file: - path: /etc/haproxy/ + path: "{{ item }}" state: directory + with_items: + - /etc/haproxy/ + - /etc/haproxy/certs/ + - /var/lib/haproxy/ - name: copy errorcodes copy: diff --git a/roles/haproxy/templates/domains.txt b/roles/haproxy/templates/domains.txt index 6f0e6d0..b57447e 100644 --- a/roles/haproxy/templates/domains.txt +++ b/roles/haproxy/templates/domains.txt @@ -1,3 +1,3 @@ -{% for domain in haproxy_backends %} +{% for domain in haproxy_domains %} {{ domain }} {% endfor %} diff --git a/roles/haproxy/templates/haproxy.cfg b/roles/haproxy/templates/haproxy.cfg index 298e63e..1236994 100644 --- a/roles/haproxy/templates/haproxy.cfg +++ b/roles/haproxy/templates/haproxy.cfg @@ -54,7 +54,7 @@ defaults frontend http bind *:80 name http - bind *:443 name https ssl crt /etc/haproxy/certs/default.pem crt /etc/haproxy/certs/ ecdhe secp384r1 alpn h2,http/1.1 npn h2,http/1.1 + bind *:443 name https ssl crt /etc/haproxy/certs/mail.0rpheus.net.pem crt /etc/haproxy/certs/ ecdhe secp384r1 alpn h2,http/1.1 npn h2,http/1.1 compression algo gzip compression type text/html text/plain text/javascript application/javascript application/xml text/css diff --git a/roles/haproxy/templates/hostname2backend.map b/roles/haproxy/templates/hostname2backend.map index 07c5bc7..ca97063 100644 --- a/roles/haproxy/templates/hostname2backend.map +++ b/roles/haproxy/templates/hostname2backend.map @@ -1,3 +1,3 @@ -{% for domain in haproxy_backends %} - {{- domain }} {{ domain }} +{% for domain in haproxy_domains %} + {{- domain }} {{ haproxy_domains[domain] }} {% endfor %}