coimbrap
/
projet_serveur_krkn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
projet_serveur_krkn/deploiement/sources/zone_proxy/ct_proxy.yml

175 lines
4.8 KiB
YAML
Raw Blame History

# NGINX REVERSE
# Nginx Alpha (CT105) : 10.0.1.3 | 10.0.2.4 | 10.1.0.105
# Nginx Beta (CT106) : 10.0.1.4 | 10.0.2.5 | 10.1.0.106
# Gateway 10.0.1.0/24 -> 10.0.1.254
# Gateway 10.0.2.0/24 -> 10.0.2.254
# Gateway 10.1.0.0/24 -> 10.1.0.254
# Créer les conteneurs, les mets à jours, configure les mises à jours de sécurité automatique,
# installe des paquets utile et ceux des services, met en place ferm via notre template.
- hosts: localhost
connection: local
gather_facts: no
tasks:
- include_vars: /root/src/source_pve.yml
- include_vars: /root/src/password_proxy.yml
- name: Create LXC for Nginx Master (CT104)
proxmox:
api_user: root@pam
api_password: "{{ pass_pve }}"
api_host: '10.1.0.1'
node: alpha
cpus: 1
cores: 2
memory: 2048
disk: 16
swap: 1024
storage: local-zfs
ostemplate: 'local:vztmpl/debian-10.0-standard_10.0-1_amd64.tar.gz'
password: "{{ pass_nginx_alpha }}"
hostname: NginxMaster
vmid: 104
onboot: yes
unprivileged: yes
nameserver: '10.0.1.253'
netif: '{"net0":"name=eth0,ip=10.0.1.3/24,gw=10.0.1.254,bridge=vmbr1,tag=20","net1":"name=eth1,ip=10.0.2.4/24,gw=10.0.2.254,bridge=vmbr1,tag=30","net3":"name=eth3,ip=10.1.0.105/24,gw=10.1.0.254,bridge=vmbr2,tag=100"}'
pubkey: "{{ ssh_pub }}"
state: present
- name: Create LXC for Nginx Slave (CT105)
proxmox:
api_user: root@pam
api_password: "{{ pass_pve }}"
api_host: '10.1.0.1'
node: beta
cpus: 1
cores: 2
memory: 2048
disk: 16
swap: 1024
storage: local-zfs
ostemplate: 'local:vztmpl/debian-10.0-standard_10.0-1_amd64.tar.gz'
password: "{{ pass_nginx_slave }}"
hostname: NginxSlave
vmid: 105
onboot: yes
unprivileged: yes
nameserver: '10.0.1.253'
netif: '{"net0":"name=eth0,ip=10.0.1.4/24,gw=10.0.1.254,bridge=vmbr1,tag=20","net1":"name=eth1,ip=10.0.2.5/24,gw=10.0.2.254,bridge=vmbr1,tag=30","net3":"name=eth3,ip=10.1.0.106/24,gw=10.1.0.254,bridge=vmbr2,tag=100"}'
pubkey: "{{ ssh_pub }}"
state: present
- name: Start Proxy container
proxmox:
api_user: root@pam
api_password: "{{ pass_pve }}"
api_host: '10.1.0.1'
vmid: "{{ item }}"
state: started
with_items:
- '104'
- '105'
- hosts: zoneproxy
tasks:
- name: Set timezone for Proxy
timezone:
name: Europe/Paris
- name: APT configuration for Proxy
copy:
dest: "/etc/apt/apt.conf.d/01proxy"
content: |
Acquire::http {
Proxy "http://10.0.1.252:9999";
};
- name: WGET configuration for Proxy
copy:
dest: "/root/.wgetrc"
content: |
http_proxy = http://10.0.1.252:3128/
https_proxy = http://10.0.1.252:3128/
use_proxy = on
- name: Apt Update for Proxy
apt:
update_cache: yes
- name: Apt Upgrade for Proxy
apt:
upgrade: dist
- name: Install utils for Proxy
apt:
pkg:
- vim
- net-tools
- nmap
- dnsutils
- ferm
- unattended-upgrades
- apt-listchanges
- wget
- curl
- git
- name: Unattended-Upgrades Activation for Proxy
shell: |
echo unattended-upgrades unattended-upgrades/enable_auto_updates boolean true | debconf-set-selections
dpkg-reconfigure -f noninteractive unattended-upgrades
echo 'Unattended-Upgrade::Mail "root";' >> /etc/apt/apt.conf.d/50unattended-upgrades
- hosts: nginx
tasks:
- name: Install requirement for Nginx
apt:
pkg:
- nginx
- name: Enable service for Nginx
systemd:
name: "{{ item }}"
enabled: yes
with_items:
- 'nginx'
- name: Prepare NGINX for Nginx
file:
path: "{{ item }}"
state: absent
with_items:
- '/etc/nginx/sites-enabled/default'
- '/etc/nginx/sites-available/default'
- name: Prepare Nginx for Nginx
file:
path: "{{ item }}"
state: directory
with_items:
- '/home/hasync/letsencrypt-requests'
- '/etc/ssl/letsencrypt'
- name: Copy webhost deploy script for Nginx
copy:
src: /root/src/script_nginx.sh
dest: /root/deploy-webhost.sh
owner: root
group: root
mode: '0740'
- name: Copy ferm configuration for Nginx
copy:
src: /root/src/ferm/nginx_ferm.conf
dest: /etc/ferm/ferm.conf
owner: root
group: root
mode: '0640'
- name: Restart ferm for Nginx
systemd:
name: "ferm"
state: restarted
Reference in New Issue View Git Blame Copy Permalink