summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--chaos-at-home/ch-repo.yml2
-rw-r--r--inventory/host_vars/ch-repo.yml45
-rw-r--r--roles/approx/defaults/main.yml12
-rw-r--r--roles/approx/handlers/main.yml5
-rw-r--r--roles/approx/tasks/main.yml85
5 files changed, 114 insertions, 35 deletions
diff --git a/chaos-at-home/ch-repo.yml b/chaos-at-home/ch-repo.yml
index b34a9f12..96255b0b 100644
--- a/chaos-at-home/ch-repo.yml
+++ b/chaos-at-home/ch-repo.yml
@@ -15,4 +15,4 @@
- role: apt-repo/spreadspace
- role: nginx/base
- role: monitoring/prometheus/exporter
- - role: apt-cacher-ng
+ - role: approx
diff --git a/inventory/host_vars/ch-repo.yml b/inventory/host_vars/ch-repo.yml
index cbba6599..f76eddfd 100644
--- a/inventory/host_vars/ch-repo.yml
+++ b/inventory/host_vars/ch-repo.yml
@@ -53,45 +53,22 @@ lvm_groups:
- /dev/sdb
-apt_cacher_ng_storage:
+approx_storage:
type: lvm
vg: storage
- lv: apt-cacher-ng
+ lv: approx
size: 15G
fs: ext4
-apt_cacher_ng_hostname: apt.chaos-at-home.org
-
-apt_cacher_ng_remaps:
- debian:
- path: /debian
- backends:
- - http://debian.anexia.at/debian
- debian-security:
- path: /debian-security
- backends:
- - http://debian.anexia.at/debian-security
- debian-archive:
- path: /debian-archive
- backends:
- - http://archive.debian.org/debian
- ubuntu:
- path: /ubuntu
- backends:
- - http://ubuntu.anexia.at/ubuntu
- kali:
- path: /kali
- backends:
- - http://http.kali.org/kali
- raspios:
- path: /raspios
- backends:
- - http://archive.raspberrypi.com/debian
-
-apt_cacher_ng_admin_auth:
- username: admin
- password: "{{ vault_apt_cacher_ng_admin_auth_password }}"
+approx_hostname: apt.chaos-at-home.org
+approx_backends:
+ debian: http://debian.anexia.at/debian
+ debian-security: http://debian.anexia.at/debian-security
+ debian-archive: http://archive.debian.org/debian
+ ubuntu: http://ubuntu.anexia.at/ubuntu
+ kali: http://http.kali.org/kali
+ raspios: http://archive.raspberrypi.com/debian
prometheus_job_multitarget_blackbox__probe:
@@ -100,5 +77,5 @@ prometheus_job_multitarget_blackbox__probe:
target: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:{{ ansible_port | default(22) }}"
module: ssh_banner
- instance: "http-apt.chaos-at-home.org"
- target: "http://{{ apt_cacher_ng_hostname }}/acng-report.html"
+ target: "http://{{ approx_hostname }}"
module: "http_2xx"
diff --git a/roles/approx/defaults/main.yml b/roles/approx/defaults/main.yml
new file mode 100644
index 00000000..d0894b58
--- /dev/null
+++ b/roles/approx/defaults/main.yml
@@ -0,0 +1,12 @@
+---
+approx_basepath: /srv/approx
+
+# approx_storage:
+# type: ...
+
+# approx_hostname: apt.example.com
+
+# apt_cacher_ng_remaps:
+# debian: http://deb.debian.org/debian
+# debian-security: http://security.debian.org
+# ubuntu: http://archive.ubuntu.com/ubuntu
diff --git a/roles/approx/handlers/main.yml b/roles/approx/handlers/main.yml
new file mode 100644
index 00000000..dfae79a6
--- /dev/null
+++ b/roles/approx/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart approx socket
+ systemd:
+ name: approx.socket
+ state: restarted
diff --git a/roles/approx/tasks/main.yml b/roles/approx/tasks/main.yml
new file mode 100644
index 00000000..f913120f
--- /dev/null
+++ b/roles/approx/tasks/main.yml
@@ -0,0 +1,85 @@
+---
+- name: prepare storage volume for approx
+ when: approx_storage is defined
+ vars:
+ storage_volume: "{{ approx_storage | combine({'dest': approx_basepath}) }}"
+ include_role:
+ name: "storage/{{ approx_storage.type }}/volume"
+
+- name: install approx
+ apt:
+ name: approx
+ state: present
+
+- name: make sure cache and tmp directories exist
+ loop:
+ - cache
+ - tmp
+ file:
+ state: directory
+ path: "{{ approx_basepath }}/{{ item }}"
+ mode: 0700
+ owner: approx
+ group: approx
+
+- name: generate approx config
+ copy:
+ content: |
+ # ansible managed
+
+ {% for name, remote in approx_backends.items() %}
+ {{ name }} {{ remote }}
+ {% endfor %}
+
+ $cache {{ approx_basepath }}/cache
+ dest: /etc/approx/approx.conf
+
+- name: create override directories for approx systemd units
+ loop:
+ - approx@.service
+ - approx.socket
+ file:
+ state: directory
+ path: "/etc/systemd/system/{{ item }}.d"
+
+- name: create appprox service override
+ copy:
+ content: |
+ # ansible managed
+ [Unit]
+ CollectMode=inactive-or-failed
+
+ [Service]
+ Environment=TMPDIR="{{ approx_basepath }}/tmp"
+ dest: /etc/systemd/system/approx@.service.d/ansible.conf
+ notify: restart approx socket
+
+- name: create appprox socket override
+ copy:
+ content: |
+ # ansible managed
+ [Socket]
+ ListenStream=
+ ListenStream=127.0.0.1:19999
+ dest: /etc/systemd/system/approx.socket.d/ansible.conf
+ notify: restart approx socket
+
+- name: make sure approx socket is started
+ systemd:
+ daemon_reload: yes
+ name: approx.socket
+ state: started
+
+- name: configure nginx vhost
+ vars:
+ nginx_vhost:
+ default: yes
+ name: approx
+ template: generic
+ hostnames:
+ - "{{ approx_hostname }}"
+ locations:
+ '/':
+ proxy_pass: http://127.0.0.1:19999
+ include_role:
+ name: nginx/vhost