resolv merge issue

2019-10-19 19:23:12 +02:00 · 2019-10-19 19:23:12 +02:00 · 5e307d5641
commit 5e307d5641
parent e6ff06dc53 f09776dc5e
7 changed files with 217 additions and 28 deletions
--- a/group_vars/all/all_vault
+++ b/group_vars/all/all_vault
@ -1,19 +1,30 @@
 $ANSIBLE_VAULT;1.1;AES256
-66373932613336323337303165393131656639616164393765646533343937346638343235623665
-3764663835643766636165386231633538323730303865350a373730356638316331643332386236
-65346662623063613933663233376239333664396431333264366464386632333936653130353431
-6538366132316333310a393537373862363439346565613566636330613934363136373131353161
-30313339343332396132666234646130666661356236333937343730386539656562343538656265
-35366237646264393466353835383439616264623737366230303833353033616163326635396539
-62363761313663326131363334323761336531353564323565373132393134383664353061396166
-65396530313165353164636239383038316137616437333962613662653535343938646637336233
-31393162623762643038323139313464393965613539353331646134653463306137653661303539
-31356235656231303261306465393836326362343262613134373566393035396165313235623265
-37333162313535653838353633626665623030663663386362663037323230393438333832376238
-31383734653733636337616639323161316535363636663236346234323833303662346230626565
-65633730363937646237643035366535393063653962346536616361666232336466663233313063
-64363864336237343739653065663730353031363130396134393337346465396164386161303938
-61303334323939616437313763663164323937386266666530373732613962366130326435613563
-62326332646561363365376363616431623330373561623761383336303835323765383831353064
-32643235316130333039616538326533636466346439616261616139326262396631386239653138
-6165613133656637633766643434376566393134643731343534
+36393436653566306436363065303537636361316533303036323966316161343739666233333331
+6562383739343862386462613861666536646337303863320a646366663664643434333263343935
+35306233623866643530393863326532613063386662346530346133353439626636373666653065
+6561346437346663630a366463393762343862636539363863366662326439323732366663656162
+39306333396434343236323439636261636235373836356165313938306366613335343634653065
+66623162663334646332666537323032656562643961303665383531373565656665326533343266
+61383536353038393631643837316366383136346231333336663135323764613937653333333330
+65313331303366373239623561663932323266646236383739346235383938356665313461616131
+36336338303530323736313537303938356137383434323030336237656635376433653633323237
+32646162613731383166653930363835643162306362646335643233303461376235643933636634
+39353233643836396534663364316539386130386166663134633033643861356338336165363031
+33303534333763363437646433336665373362326530623730316664376230616333653139646336
+37666531336362373861376135366463323134643561346163643137613038663235636134356363
+37623037656630343739333734366361313634313832343732633564356161306134646664316134
+31373066306230323130613536356265396439313733376437316361393864393265666332633535
+34373861616565353762366663333833346334356535336365613632656461396566323363326537
+66613438663539313163306166323734366333306533346463633031376237326264613565613766
+65383537313461613664343961616432313037346531333261323331663131373034323935373566
+63363633633562653533326138633462633238353264323361386133316234666638383831663433
+61623635636432653031373036383664393630306332386563353632373430623530336166613163
+33346661353634396532353266303162326331393534336131316537366335643637613532393631
+34303130356431393163636363383233356235623666623165373730633436346162343137623438
+66373730653636356663366162363133303961613165343735326563636363306533386434646133
+65383063396166343066383332616132353732343765323964666634633533373530643230373939
+62366363356433336365343264393730653265633531326563303166393638383731313163373261
+37313531643337313333336432636438393932613363393831663163646333666536653166383739
+31633362636635336430336463643564626563333964313830643833396630363262666162356665
+38383433323661396331663763623563636137633034643065623032383466633535343937383965
+3965
--- a/group_vars/server
+++ b/group_vars/server
@ -1,11 +1,18 @@
 systemd_mounts: 
    diskstation_git:
-        share: 192.168.1.10:/volume1/git
+        share: diskstation.ducamps.win:/volume2/git
        mount: /mnt/diskstation/git
        type: nfs
        options:
            - " "
        automount: true
+    diskstation_CardDav:
+        share: diskstation.ducamps.win:/volume2/CardDav
+        mount: /mnt/diskstation/CardDav
+        type: nfs
+        options:
+            - " "
+        automount: true
    backup_disk:
        share: /dev/sda1
        mount: /mnt/backup
@ -14,6 +21,24 @@ systemd_mounts:
            - uid=1024
            - guid=100
        automount: true    
+    diskstation_home:
+        share: //diskstation.ducamps.win/homes/admin
+        mount: /mnt/diskstation/home
+        type: cifs
+        options:
+            - credentials=/etc/creds/.diskstation_credentials
+            - uid=1024
+            - gid=100
+        automount: true        
+    diskstation_photo:
+        share: //diskstation.ducamps.win/photo
+        mount: /mnt/diskstation/photo
+        type: cifs
+        options:
+            - credentials=/etc/creds/.diskstation_credentials
+            - uid=1024
+            - gid=100
+        automount: true
    diskstation_music:
        share: //diskstation.ducamps.win/music
        mount: /mnt/diskstation/music
@ -27,6 +52,10 @@ systemd_mounts_enabled:
    - diskstation_git
    - diskstation_music
    - backup_disk 
+    - diskstation_photo
+    - diskstation_home
+    - diskstation_CardDav
+

 credentials_files:
    1:
@ -61,21 +90,44 @@ Gandi_API_KEYS: "{{ vault_gandi_API_Keys }}"
 Gandi_Domain: "{{ domain.name }}"
 Gandi_Record: www

+certbot_auto_renew_user: root
+certbot_create_if_missing: true
+certbot_cert_name: "{{domain.name}}"
+certbot_certs:
+  - email: "{{user.mail}}"
+    domains:
+    - www.{{domain.name}}
+    - git.{{domain.name}}
+    - supysonic.{{domain.name}}
+    - syno.{{domain.name}}
+    - file.{{domain.name}}
+

 nginx_vhosts:
    - listen: "80"
-      server_name: "localhost"
+      server_name: "_"
+      filename: "redirect80.conf"
+      state: "present"
+      template: "{{ nginx_vhost_template }}"
+      extra_parameters: |
+        return 301 https://$host;
+    - listen: "443 ssl"
+      server_name: "www.{{domain.name}}"
      root: "/usr/share/nginx/html/"
      error_page: "404              /404/404.html"
      filename: "default.conf"
      state: "present"
      template: "{{ nginx_vhost_template }}"
      extra_parameters: |
+        include /etc/nginx/conf.d/{{domain.name}}.ssl;
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }
-           location / {
+        location / {
+           rewrite ^/.well-known/carddav /radicale/$remote_user/carddav/ redirect;
+           rewrite ^/.well-known/caldav /radicale/$remote_user/caldav/ redirect;
+ 
           index index.php index.html index.htm ;
           default_type text/html;

@ -83,6 +135,15 @@ nginx_vhosts:
        location =/ {
             rewrite ^ /starter;
        }
+        location /radicale/ 
+        { 
+            # The trailing / is important!
+            proxy_pass        http://localhost:5232/; # The / is important!
+            proxy_set_header  X-Script-Name /radicale;
+            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_pass_header Authorization;
+        }
+

        location ~ \.php$ {
           # try_files $uri =404;
@ -94,7 +155,71 @@ nginx_vhosts:
            include fastcgi_params;
        }
        include /etc/nginx/conf.d/*.default;
-
+    - listen: "443 ssl"
+      server_name: "git.{{domain.name}}"
+      filename: "gitea.conf"
+      state: "present"
+      template: "{{ nginx_vhost_template }}"
+      extra_parameters: |
+        include /etc/nginx/conf.d/{{domain.name}}.ssl;
+        location / {
+          proxy_set_header Host $host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-Host $host:$server_port;
+          proxy_set_header X-Forwarded-Server $host;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+          proxy_pass http://localhost:3000;
+        }
+      
+    - listen: "443 ssl"
+      server_name: "syno.{{domain.name}}"
+      filename: "syno.conf"
+      state: "present"
+      template: "{{ nginx_vhost_template }}"
+      extra_parameters: |
+        include /etc/nginx/conf.d/{{domain.name}}.ssl;
+        location / {
+          proxy_set_header Host $host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-Host $host:$server_port;
+          proxy_set_header X-Forwarded-Server $host;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+          proxy_pass http://192.168.1.10:5000;
+        }   
+    - listen: "443 ssl"
+      server_name: "supysonic.{{domain.name}}"
+      filename: "supysonic.conf"
+      state: "present"
+      template: "{{ nginx_vhost_template }}"
+      extra_parameters: |
+        include /etc/nginx/conf.d/{{domain.name}}.ssl;
+        location / { 
+          proxy_set_header Host $host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-Host $host:$server_port;
+          proxy_set_header X-Forwarded-Server $host;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+          proxy_pass http://localhost:8001;
+        }
+    - listen: "443 ssl"
+      server_name: "file.{{domain.name}}"
+      filename: "cloudcommander.conf"
+      state: "present"
+      template: "{{ nginx_vhost_template }}"
+      extra_parameters: |
+        include /etc/nginx/conf.d/{{domain.name}}.ssl;
+        location / { 
+          proxy_set_header Host $host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-Host $host:$server_port;
+          proxy_set_header X-Forwarded-Server $host;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+          proxy_pass http://localhost:8000;
+        }

 nginx_realIP_Proxy: 192.168.1.10/24

@ -103,6 +228,7 @@ php_extention_enable:
    - mysqli
    - pdo_mysql
    - soap
+    - intl

 mysql_root_password: "{{ vault_mysql_root }}"
 mysql_root_password_update: true
@ -145,4 +271,6 @@ gitea_start_ssh: false
 gitea_ssh_port: 22
 gitea_SQl_target_file: /mnt/diskstation/git/backup/mysql/last/gitea.sql

-supysonic_db_password: "{{ vault_mysql_supysonic }}"
+supysonic_db_password: "{{ vault_mysql_supysonic }}"
+
+docker_users: "{{user.name}}" 
--- a/host_vars/arch3
+++ b/host_vars/arch3
@ -3,4 +3,50 @@ ttrss_url_path: http://arch3/tt-rss/
 gitea_http_domain: arch3
 gitea_root_url: http://arch3:3000

-chainetv_repo_branch: dev
+chainetv_repo_branch: dev
+
+certbot_create_if_missing: false
+
+nginx_vhosts:
+    - listen: "80"
+      server_name: "_"
+      filename: "default.conf"
+      state: "present"
+      template: "{{ nginx_vhost_template }}"
+      extra_parameters: |
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /usr/share/nginx/html;
+        }
+        location / {
+           rewrite ^/.well-known/carddav /radicale/$remote_user/carddav/ redirect;
+           rewrite ^/.well-known/caldav /radicale/$remote_user/caldav/ redirect;
+           index index.php index.html index.htm ;
+           default_type text/html;
+
+
+        }
+        location =/ {
+             rewrite ^ /starter;
+        }
+        location /radicale/ 
+        { 
+            # The trailing / is important!
+            proxy_pass        http://localhost:5232/; # The / is important!
+            proxy_set_header  X-Script-Name /radicale;
+            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_pass_header Authorization;
+        }
+
+
+        location ~ \.php$ {
+           # try_files $uri =404;
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_read_timeout 800;
+            fastcgi_index index.php;
+            include fastcgi_params;
+        }
+        include /etc/nginx/conf.d/*.default;
+   
--- a/host_vars/pi2
+++ b/host_vars/pi2
@ -1,3 +1,4 @@
 ttrss_url_path: "https://www.{{domain.name}}/tt-rss"
 gitea_http_domain: git.{{domain.name}}
-gitea_root_url: https://git.{{domain.name}}
+gitea_root_url: https://git.{{domain.name}}
+certbot_force: false
--- a/server.yml
+++ b/server.yml
@ -16,10 +16,14 @@
  - gandi-dyn-dns
  - fail2ban
  - {role: dns , become: yes }
-  - {role: nginx, become: yes }
+  - {role: nginx, become: yes }  
+  - {role: ansible-role-certbot, become: yes} ##need to have a external connection on 80
  - {role: mariadb, become: yes }
+  - {role: radicale , become: yes }
+  - cloud-commander
  - php
  - tt-rss
  - gitea
  - chainetv
+  - supysonic

--- a/1
+++ b/1
@ -1,4 +1,3 @@
---
 [workstation]
 arch2
 debian
--- a/supysonic.yml
+++ b/supysonic.yml
@ -1,7 +1,7 @@
 ---
 - hosts: server
  vars:
-    force_site_update: true
+    supysonic_force_site_update: true

  roles:
  - supysonic