ctucx.git: ansible-configs

My personal ansible roles and playbooks [deprecated in favor of nixos]

commit 9c6440eca5240f7302e202c3ba5e41469d40aec8
parent c8dcbf329bd6f36b367c37549eac4cab5686906d
Author: Leah Thein <leah@toaster.fritz.box>
Date: Wed, 2 Dec 2020 00:24:34 +0100

rest-server: add role

3 files changed, 80 insertions(+), 0 deletions(-)
A
config-files/rest-server/rest-server.initd
|
15
+++++++++++++++
A
roles/rest-server/tasks/main.yml
|
46
++++++++++++++++++++++++++++++++++++++++++++++
A
roles/rest-server/templates/rest-server-vhost.conf.j2
|
19
+++++++++++++++++++
diff --git a/config-files/rest-server/rest-server.initd b/config-files/rest-server/rest-server.initd
@@ -0,0 +1,15 @@
+#!/sbin/openrc-run
+supervisor=supervise-daemon
+
+name="rest-server"
+description="Rest Server is a high performance HTTP server that implements restic's REST backend API."
+
+command="/usr/bin/rest-server"
+command_args="--append-only --listen 127.0.0.1:8060 --no-auth --path /var/lib/rest-server --prometheus"
+command_user=leah:leah
+directory="/var/lib/rest-server"
+
+depend() {
+	need net localmount
+	after firewall
+}

diff --git a/roles/rest-server/tasks/main.yml b/roles/rest-server/tasks/main.yml
@@ -0,0 +1,46 @@
+---
+
+- name: Install rest-server
+  apk:
+   name: rest-server
+   state: present
+   update_cache: yes
+
+- name: create a data dir for restic server
+  file:
+   path: /var/lib/rest-server
+   state: directory
+   owner: leah
+   group: leah
+
+- name: copy rest-server service file to server
+  copy:
+    src: config-files/rest-server/rest-server.initd
+    dest: /etc/init.d/rest-server
+    mode: 0755
+
+- service:
+   name: rest-server
+   enabled: yes
+   state: restarted
+
+- name: put passwd file for rest-server
+  copy:
+    content: "{{rest_server.passwd}}"
+    dest: /etc/nginx/passwd/rest-server
+    owner: nginx
+    group: nginx
+    mode: 0700
+
+- name: copy nginx-vhost for frps to destination host 
+  template: 
+    src: rest-server-vhost.conf.j2
+    dest: /etc/nginx/conf.d/rest-server.conf
+    mode: 0644
+    owner: nginx
+    group: nginx
+
+- name: restart nginx
+  service:
+    name: nginx
+    state: restarted

diff --git a/roles/rest-server/templates/rest-server-vhost.conf.j2 b/roles/rest-server/templates/rest-server-vhost.conf.j2
@@ -0,0 +1,19 @@
+server {
+	listen 443 ssl;
+	listen [::]:443 ssl;
+
+	ssl_certificate "{{rest_server.ssl_cert}}";
+	ssl_certificate_key "{{rest_server.ssl_privkey}}";
+	include /etc/nginx/ssl.conf;
+	
+	server_name {{rest_server.domain}};
+
+	auth_basic           "hello";
+	auth_basic_user_file /etc/nginx/passwd/rest-server; 
+
+	location / {
+		proxy_pass http://127.0.0.1:8060/;
+		client_max_body_size 500M;
+		include /etc/nginx/proxy.conf;
+	}
+}