diff options
| -rw-r--r-- | chaos-at-home/ch-http-proxy.yml | 42 | ||||
| -rw-r--r-- | inventory/group_vars/chaos-at-home/network.yml | 7 | ||||
| -rw-r--r-- | inventory/host_vars/ch-http-proxy.yml | 36 | ||||
| -rw-r--r-- | inventory/hosts.ini | 2 |
4 files changed, 84 insertions, 3 deletions
diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml new file mode 100644 index 00000000..7302072b --- /dev/null +++ b/chaos-at-home/ch-http-proxy.yml @@ -0,0 +1,42 @@ +--- +- name: Basic Setup + hosts: ch-http-proxy + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd + - role: core/zsh + # - role: apt-repo/spreadspace + # - role: acmetool/base + - role: nginx/base + # - role: acmetool/cert + # acmetool_cert_name: "http.chaos-at-home.org" + # acmetool_cert_config: + # request: + # challenge: + # http-self-test: false + # post_tasks: + # - name: install systemd service unit for service-ip + # copy: + # dest: /etc/systemd/system/http-service-ip.service + # content: | + # [Unit] + # Description=Assign HTTP Sevice IP + # After=network.target + + # [Service] + # Type=oneshot + # ExecStart=/usr/sbin/ip addr add dev {{ network.primary.name }} {{ network_services.http.addr }}/32 + # ExecStop=/usr/sbin/ip addr del dev {{ network.primary.name }} {{ network_services.http.addr }}/32 + # RemainAfterExit=yes + + # [Install] + # WantedBy=multi-user.target + # register: service_ip_systemd_unit + + # - name: make sure service-ip systemd unit is enabeld and started + # systemd: + # daemon_reload: yes + # name: http-service-ip.service + # state: "{{ (service_ip_systemd_unit is changed) | ternary('restarted', 'started') }}" + # enabled: yes diff --git a/inventory/group_vars/chaos-at-home/network.yml b/inventory/group_vars/chaos-at-home/network.yml index d2bbde0a..4059a866 100644 --- a/inventory/group_vars/chaos-at-home/network.yml +++ b/inventory/group_vars/chaos-at-home/network.yml @@ -47,11 +47,12 @@ network_zones: - 9.9.9.9 offsets: ch-apps: 1 + ch-http-proxy: 8 ch-imap-proxy: 9 ch-jump: 22 ch-gw-lan: 28 ch-nic: 53 - __svc_web__: 80 + __svc_http__: 80 __svc_imap__: 143 ch-router-obsd: 253 ch-router: 254 @@ -88,11 +89,11 @@ network_zones: network_services: - web: + http: ports: - 80 - 443 - addr: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets.__svc_web__) | ipaddr('address') }}" + addr: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets.__svc_http__) | ipaddr('address') }}" imap: ports: #- 143 diff --git a/inventory/host_vars/ch-http-proxy.yml b/inventory/host_vars/ch-http-proxy.yml new file mode 100644 index 00000000..6ac333ef --- /dev/null +++ b/inventory/host_vars/ch-http-proxy.yml @@ -0,0 +1,36 @@ +--- +install_jumphost: ch-jump + +install: + vm: + memory: 2G + numcpus: 2 + autostart: True + disks: + primary: /dev/sda + scsi: + sda: + type: zfs + name: root + size: 10g + interfaces: + - bridge: br-svc + name: svc0 + +network: + nameservers: "{{ network_zones.svc.dns }}" + domain: "{{ host_domain }}" + systemd_link: + interfaces: "{{ install.interfaces }}" + primary: &_network_primary_ + name: svc0 + address: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address/prefix') }}" + gateway: "{{ network_zones.svc.gateway }}" + static_routes: + - destination: "{{ network_zones.lan.prefix }}" + gateway: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ipaddr('address') }}" + interfaces: + - *_network_primary_ + + +#acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}" diff --git a/inventory/hosts.ini b/inventory/hosts.ini index f4a7c266..71564bcf 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -23,6 +23,7 @@ ch-nic host_name=nic ch-equinox-ws host_name=equinox-ws ch-prometheus host_name=prometheus ch-apps host_name=apps +ch-http-proxy host_name=http-proxy ch-imap-proxy host_name=imap-proxy ch-atlas host_name=atlas ch-pan host_name=pan @@ -260,6 +261,7 @@ vmhost-ch-gnocchi-guests [vmhost-ch-prometheus-guests] ch-apps +ch-http-proxy ch-imap-proxy [vmhost-ch-prometheus] ch-prometheus |