diff options
-rw-r--r-- | chaos-at-home/ch-repo.yml | 2 | ||||
-rw-r--r-- | inventory/host_vars/ch-repo.yml | 45 | ||||
-rw-r--r-- | roles/approx/defaults/main.yml | 12 | ||||
-rw-r--r-- | roles/approx/handlers/main.yml | 5 | ||||
-rw-r--r-- | roles/approx/tasks/main.yml | 85 |
5 files changed, 114 insertions, 35 deletions
diff --git a/chaos-at-home/ch-repo.yml b/chaos-at-home/ch-repo.yml index b34a9f12..96255b0b 100644 --- a/chaos-at-home/ch-repo.yml +++ b/chaos-at-home/ch-repo.yml @@ -15,4 +15,4 @@ - role: apt-repo/spreadspace - role: nginx/base - role: monitoring/prometheus/exporter - - role: apt-cacher-ng + - role: approx diff --git a/inventory/host_vars/ch-repo.yml b/inventory/host_vars/ch-repo.yml index cbba6599..f76eddfd 100644 --- a/inventory/host_vars/ch-repo.yml +++ b/inventory/host_vars/ch-repo.yml @@ -53,45 +53,22 @@ lvm_groups: - /dev/sdb -apt_cacher_ng_storage: +approx_storage: type: lvm vg: storage - lv: apt-cacher-ng + lv: approx size: 15G fs: ext4 -apt_cacher_ng_hostname: apt.chaos-at-home.org - -apt_cacher_ng_remaps: - debian: - path: /debian - backends: - - http://debian.anexia.at/debian - debian-security: - path: /debian-security - backends: - - http://debian.anexia.at/debian-security - debian-archive: - path: /debian-archive - backends: - - http://archive.debian.org/debian - ubuntu: - path: /ubuntu - backends: - - http://ubuntu.anexia.at/ubuntu - kali: - path: /kali - backends: - - http://http.kali.org/kali - raspios: - path: /raspios - backends: - - http://archive.raspberrypi.com/debian - -apt_cacher_ng_admin_auth: - username: admin - password: "{{ vault_apt_cacher_ng_admin_auth_password }}" +approx_hostname: apt.chaos-at-home.org +approx_backends: + debian: http://debian.anexia.at/debian + debian-security: http://debian.anexia.at/debian-security + debian-archive: http://archive.debian.org/debian + ubuntu: http://ubuntu.anexia.at/ubuntu + kali: http://http.kali.org/kali + raspios: http://archive.raspberrypi.com/debian prometheus_job_multitarget_blackbox__probe: @@ -100,5 +77,5 @@ prometheus_job_multitarget_blackbox__probe: target: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:{{ ansible_port | default(22) }}" module: ssh_banner - instance: "http-apt.chaos-at-home.org" - target: "http://{{ apt_cacher_ng_hostname }}/acng-report.html" + target: "http://{{ approx_hostname }}" module: "http_2xx" diff --git a/roles/approx/defaults/main.yml b/roles/approx/defaults/main.yml new file mode 100644 index 00000000..d0894b58 --- /dev/null +++ b/roles/approx/defaults/main.yml @@ -0,0 +1,12 @@ +--- +approx_basepath: /srv/approx + +# approx_storage: +# type: ... + +# approx_hostname: apt.example.com + +# apt_cacher_ng_remaps: +# debian: http://deb.debian.org/debian +# debian-security: http://security.debian.org +# ubuntu: http://archive.ubuntu.com/ubuntu diff --git a/roles/approx/handlers/main.yml b/roles/approx/handlers/main.yml new file mode 100644 index 00000000..dfae79a6 --- /dev/null +++ b/roles/approx/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart approx socket + systemd: + name: approx.socket + state: restarted diff --git a/roles/approx/tasks/main.yml b/roles/approx/tasks/main.yml new file mode 100644 index 00000000..f913120f --- /dev/null +++ b/roles/approx/tasks/main.yml @@ -0,0 +1,85 @@ +--- +- name: prepare storage volume for approx + when: approx_storage is defined + vars: + storage_volume: "{{ approx_storage | combine({'dest': approx_basepath}) }}" + include_role: + name: "storage/{{ approx_storage.type }}/volume" + +- name: install approx + apt: + name: approx + state: present + +- name: make sure cache and tmp directories exist + loop: + - cache + - tmp + file: + state: directory + path: "{{ approx_basepath }}/{{ item }}" + mode: 0700 + owner: approx + group: approx + +- name: generate approx config + copy: + content: | + # ansible managed + + {% for name, remote in approx_backends.items() %} + {{ name }} {{ remote }} + {% endfor %} + + $cache {{ approx_basepath }}/cache + dest: /etc/approx/approx.conf + +- name: create override directories for approx systemd units + loop: + - approx@.service + - approx.socket + file: + state: directory + path: "/etc/systemd/system/{{ item }}.d" + +- name: create appprox service override + copy: + content: | + # ansible managed + [Unit] + CollectMode=inactive-or-failed + + [Service] + Environment=TMPDIR="{{ approx_basepath }}/tmp" + dest: /etc/systemd/system/approx@.service.d/ansible.conf + notify: restart approx socket + +- name: create appprox socket override + copy: + content: | + # ansible managed + [Socket] + ListenStream= + ListenStream=127.0.0.1:19999 + dest: /etc/systemd/system/approx.socket.d/ansible.conf + notify: restart approx socket + +- name: make sure approx socket is started + systemd: + daemon_reload: yes + name: approx.socket + state: started + +- name: configure nginx vhost + vars: + nginx_vhost: + default: yes + name: approx + template: generic + hostnames: + - "{{ approx_hostname }}" + locations: + '/': + proxy_pass: http://127.0.0.1:19999 + include_role: + name: nginx/vhost |