Merge branch 'master' of https://git.electricmandarine.cloud/nicolo/ansible-lab
This commit is contained in:
20
roles/fail2ban/tasks/main.yml
Normal file
20
roles/fail2ban/tasks/main.yml
Normal file
@@ -0,0 +1,20 @@
|
||||
---
|
||||
- name: Ensure epel-release is installed (RedHat)
|
||||
ansible.builtin.package:
|
||||
name: epel-release
|
||||
state: present
|
||||
update_cache: yes
|
||||
when: ansible_os_family == 'RedHat'
|
||||
|
||||
- name: Ensure fail2ban is installed
|
||||
ansible.builtin.package:
|
||||
name: fail2ban
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: Start fail2ban for RedHat
|
||||
ansible.builtin.systemd_service:
|
||||
name: fail2ban
|
||||
state: started
|
||||
enabled: true
|
||||
when: ansible_os_family == 'RedHat'
|
||||
3
roles/heriverse/defaults/main.yml
Normal file
3
roles/heriverse/defaults/main.yml
Normal file
@@ -0,0 +1,3 @@
|
||||
heriverse_repo_url: "https://git.3dresearch.it/stratigraph/docker-heriverse"
|
||||
# Note: replace with the domain name for Caddy config
|
||||
#server_name: "heriverse.stratigraph"
|
||||
5
roles/heriverse/handlers/main.yml
Normal file
5
roles/heriverse/handlers/main.yml
Normal file
@@ -0,0 +1,5 @@
|
||||
---
|
||||
- name: Restart Caddy
|
||||
ansible.builtin.service:
|
||||
name: caddy
|
||||
state: restarted
|
||||
78
roles/heriverse/tasks/main.yml
Normal file
78
roles/heriverse/tasks/main.yml
Normal file
@@ -0,0 +1,78 @@
|
||||
---
|
||||
- name: Ensure ACL is installed
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- acl
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: Ensure git is installed
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- git
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: Ensure Caddy is installed
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- caddy
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: Create Heriverse user
|
||||
ansible.builtin.user:
|
||||
name: heriverse
|
||||
shell: /usr/sbin/nologin
|
||||
home: /opt/heriverse
|
||||
create_home: true
|
||||
password: '*'
|
||||
|
||||
- name: Ensure Heriverse directory exists
|
||||
ansible.builtin.file:
|
||||
path: /opt/heriverse/docker-herivese
|
||||
state: directory
|
||||
owner: heriverse
|
||||
group: heriverse
|
||||
mode: "0755"
|
||||
|
||||
- name: Clone Heriverse repo
|
||||
ansible.builtin.git:
|
||||
repo: "{{ heriverse_repo_url }}"
|
||||
dest: /opt/heriverse/docker-heriverse
|
||||
clone: true
|
||||
become: true
|
||||
become_user: heriverse
|
||||
|
||||
# Temporary
|
||||
- name: Replace docker-compose.yml for prod
|
||||
ansible.builtin.template:
|
||||
src: docker-compose.yml.j2
|
||||
dest: "/opt/heriverse/docker-heriverse"
|
||||
owner: root
|
||||
group: root
|
||||
force: true
|
||||
mode: '0644'
|
||||
|
||||
- name: Create and start all Heriverse services
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: /opt/heriverse/docker-heriverse
|
||||
pull: missing
|
||||
register: output
|
||||
|
||||
- name: Execute entrypoint script
|
||||
ansible.builtin.command:
|
||||
chdir: /opt/heriverse/docker-heriverse
|
||||
cmd: './entrypoint.sh'
|
||||
become: true
|
||||
become_user: heriverse
|
||||
|
||||
- name: Copy Caddy config file
|
||||
ansible.builtin.template:
|
||||
src: Caddyfile.j2
|
||||
dest: "/etc/caddy/Caddyfile"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify: Restart Caddy
|
||||
|
||||
25
roles/heriverse/templates/Caddyfile.j2
Normal file
25
roles/heriverse/templates/Caddyfile.j2
Normal file
@@ -0,0 +1,25 @@
|
||||
{{ server_name }} {
|
||||
# Don't show ATON's frontend home page
|
||||
redir / /a/heriverse 302
|
||||
|
||||
request_body {
|
||||
max_size 2GB # This can be made configurable
|
||||
}
|
||||
|
||||
# `handle_path` is required where URIs must be rewritten
|
||||
handle_path /server/* {
|
||||
reverse_proxy localhost:3000
|
||||
}
|
||||
|
||||
handle /auth* {
|
||||
reverse_proxy localhost:8080
|
||||
}
|
||||
|
||||
handle_path /couchdb/* {
|
||||
reverse_proxy localhost:5984
|
||||
}
|
||||
|
||||
handle /* {
|
||||
reverse_proxy localhost:8081
|
||||
}
|
||||
}
|
||||
94
roles/heriverse/templates/docker-compose.yml.j2
Normal file
94
roles/heriverse/templates/docker-compose.yml.j2
Normal file
@@ -0,0 +1,94 @@
|
||||
services:
|
||||
|
||||
# =======================
|
||||
# FRONTEND
|
||||
# =======================
|
||||
heriverse:
|
||||
image: git.3dresearch.it:5050/cnr-h2iosc/heriverse/heriverse-wapp:latest
|
||||
container_name: heriverse
|
||||
ports:
|
||||
- "8081:8080"
|
||||
depends_on:
|
||||
- heriverse-server
|
||||
- keycloak
|
||||
volumes:
|
||||
- ./mount/heriverse/config/Utils.js:/aton/wapps/heriverse/config/Utils.js
|
||||
networks:
|
||||
- backend
|
||||
restart: always
|
||||
|
||||
# =======================
|
||||
# BACKEND / API SERVER
|
||||
# =======================
|
||||
heriverse-server:
|
||||
image: git.3dresearch.it:5050/stratigraph/heriverse-server:latest
|
||||
container_name: heriverse-server
|
||||
ports:
|
||||
- "3000:3000"
|
||||
depends_on:
|
||||
- couchdb
|
||||
- keycloak
|
||||
volumes:
|
||||
- ./mount/server/uploads:/app/uploads
|
||||
- ./mount/server/config:/app/conf
|
||||
networks:
|
||||
- backend
|
||||
restart: always
|
||||
# =======================
|
||||
# DATABASE
|
||||
# =======================
|
||||
couchdb:
|
||||
image: apache/couchdb:3
|
||||
container_name: couchdb
|
||||
environment:
|
||||
- COUCHDB_USER=admin
|
||||
- COUCHDB_PASSWORD=admin
|
||||
- COUCHDB_SECRET=heriversesecret
|
||||
- COUCHDB_SINGLE_NODE=true
|
||||
ports:
|
||||
- "5984:5984"
|
||||
volumes:
|
||||
- couchdb_data:/opt/couchdb/data
|
||||
- couchdb_config:/opt/couchdb/etc/local.d
|
||||
networks:
|
||||
- backend
|
||||
restart: always
|
||||
keycloak:
|
||||
image: quay.io/keycloak/keycloak:24.0.4
|
||||
container_name: keycloak
|
||||
environment:
|
||||
KEYCLOAK_ADMIN: admin
|
||||
KEYCLOAK_ADMIN_PASSWORD: admin
|
||||
KC_DB: dev-file
|
||||
KC_PROXY: edge
|
||||
KC_HTTP_ENABLED: "true"
|
||||
KC_HOSTNAME_STRICT: "false"
|
||||
KC_HOSTNAME_STRICT_HTTPS: "false"
|
||||
ports:
|
||||
- "8080:8080"
|
||||
command:
|
||||
- start-dev
|
||||
- --import-realm
|
||||
- --http-relative-path=/auth
|
||||
- --proxy-headers=xforwarded
|
||||
- --hostname={{ server_name }}
|
||||
- --hostname-strict=false
|
||||
- --hostname-strict-https=false
|
||||
- --http-enabled=true
|
||||
volumes:
|
||||
- keycloak_data:/opt/keycloak/data
|
||||
- ./mount/keycloak/realms/realm-heriverse.json:/opt/keycloak/data/import/realm-heriverse.json
|
||||
networks:
|
||||
- backend
|
||||
restart: always
|
||||
# =======================
|
||||
# NETWORK AND VOLUMES
|
||||
# =======================
|
||||
networks:
|
||||
backend:
|
||||
driver: bridge
|
||||
|
||||
volumes:
|
||||
couchdb_data:
|
||||
couchdb_config:
|
||||
keycloak_data:
|
||||
1
roles/iiif-manif/defaults/main.yml
Normal file
1
roles/iiif-manif/defaults/main.yml
Normal file
@@ -0,0 +1 @@
|
||||
iiif_repo_url: "https://git.electricmandarine.cloud/nicolo/greek-manifests"
|
||||
5
roles/iiif-manif/handlers/main.yml
Normal file
5
roles/iiif-manif/handlers/main.yml
Normal file
@@ -0,0 +1,5 @@
|
||||
---
|
||||
- name: Restart PM2
|
||||
ansible.builtin.command: '/home/nicolo/node_modules/bin/pm2 restart all --update-env'
|
||||
become: true
|
||||
become_user: nicolo
|
||||
38
roles/iiif-manif/tasks/main.yml
Normal file
38
roles/iiif-manif/tasks/main.yml
Normal file
@@ -0,0 +1,38 @@
|
||||
---
|
||||
- name: Ensure ACL is installed
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- acl
|
||||
state: present
|
||||
update_cache: yes
|
||||
when: ansible_os_family == 'RedHat'
|
||||
|
||||
- name: Ensure git is installed
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- git
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: Pull from manifest repo
|
||||
ansible.builtin.git:
|
||||
repo: "{{ iiif_repo_url }}"
|
||||
# To be changed!!
|
||||
dest: /home/nicolo/greek-manifests
|
||||
update: true
|
||||
clone: false
|
||||
version: master
|
||||
become: true
|
||||
become_user: nicolo
|
||||
|
||||
- name: Install Yarn dependencies based on package.json
|
||||
community.general.yarn:
|
||||
# To be changed!!
|
||||
path: /home/nicolo/greek-manifests
|
||||
executable: /home/nicolo/node_modules/bin/yarn
|
||||
production: true
|
||||
become: true
|
||||
become_user: nicolo
|
||||
# this should alwasy notify 'Restart PM2'
|
||||
changed_when: true
|
||||
notify: Restart PM2
|
||||
Reference in New Issue
Block a user