diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2020-08-29 02:15:03 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2020-08-29 02:15:03 +0200 |
| commit | 3a8354d8088631d3df016b925f5af72f6bb9ec4a (patch) | |
| tree | ff5ab82f976330b31f93d0c90d7fefbad42cb669 /chaos-at-home | |
| parent | disable protocol downgrade (diff) | |
finalize ch-http-proxy
Diffstat (limited to 'chaos-at-home')
| -rw-r--r-- | chaos-at-home/ch-auth-legacy.yml | 6 | ||||
| -rw-r--r-- | chaos-at-home/ch-http-proxy.yml | 46 |
2 files changed, 28 insertions, 24 deletions
diff --git a/chaos-at-home/ch-auth-legacy.yml b/chaos-at-home/ch-auth-legacy.yml new file mode 100644 index 00000000..1e15efa8 --- /dev/null +++ b/chaos-at-home/ch-auth-legacy.yml @@ -0,0 +1,6 @@ +--- +- name: Basic Setup + hosts: ch-auth-legacy + tasks: + - debug: + msg: legacy host, not maintained by ansible... diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml index f90939d0..2dc38364 100644 --- a/chaos-at-home/ch-http-proxy.yml +++ b/chaos-at-home/ch-http-proxy.yml @@ -37,7 +37,6 @@ </body> </html> - - name: configure default vhost web.chaos-at-home.org vars: nginx_vhost: @@ -110,8 +109,7 @@ acme: yes hostnames: - passwd.chaos-at-home.org - # proxy_pass: "https://{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-auth-legacy']) | ipaddr('address') }}/" - proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-auth-legacy']) | ipaddr('address') }}:843/" + proxy_pass: "https://{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-auth-legacy']) | ipaddr('address') }}/" proxy_ssl: verify: "on" trusted_certificate: /etc/ssl/whawty-auth-ca/ca.pem @@ -237,27 +235,27 @@ ### Service IP - # - name: install systemd service unit for service-ip - # copy: - # dest: /etc/systemd/system/http-service-ip.service - # content: | - # [Unit] - # Description=Assign HTTP Sevice IP - # After=network.target + - name: install systemd service unit for service-ip + copy: + dest: /etc/systemd/system/http-service-ip.service + content: | + [Unit] + Description=Assign HTTP Sevice IP + After=network.target - # [Service] - # Type=oneshot - # ExecStart=/usr/sbin/ip addr add dev {{ network.primary.name }} {{ network_services.http.addr }}/32 - # ExecStop=/usr/sbin/ip addr del dev {{ network.primary.name }} {{ network_services.http.addr }}/32 - # RemainAfterExit=yes + [Service] + Type=oneshot + ExecStart=/usr/sbin/ip addr add dev {{ network.primary.name }} {{ network_services.http.addr }}/32 + ExecStop=/usr/sbin/ip addr del dev {{ network.primary.name }} {{ network_services.http.addr }}/32 + RemainAfterExit=yes - # [Install] - # WantedBy=multi-user.target - # register: service_ip_systemd_unit + [Install] + WantedBy=multi-user.target + register: service_ip_systemd_unit - # - name: make sure service-ip systemd unit is enabeld and started - # systemd: - # daemon_reload: yes - # name: http-service-ip.service - # state: "{{ (service_ip_systemd_unit is changed) | ternary('restarted', 'started') }}" - # enabled: yes + - name: make sure service-ip systemd unit is enabeld and started + systemd: + daemon_reload: yes + name: http-service-ip.service + state: "{{ (service_ip_systemd_unit is changed) | ternary('restarted', 'started') }}" + enabled: yes |