From eb25b0ca188c0df085a6a9218cbf077370f9b1eb Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Fri, 28 Aug 2020 01:01:03 +0200
Subject: add host ch-http-proxy

---
 chaos-at-home/ch-http-proxy.yml                | 42 ++++++++++++++++++++++++++
 inventory/group_vars/chaos-at-home/network.yml |  7 +++--
 inventory/host_vars/ch-http-proxy.yml          | 36 ++++++++++++++++++++++
 inventory/hosts.ini                            |  2 ++
 4 files changed, 84 insertions(+), 3 deletions(-)
 create mode 100644 chaos-at-home/ch-http-proxy.yml
 create mode 100644 inventory/host_vars/ch-http-proxy.yml

diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml
new file mode 100644
index 00000000..7302072b
--- /dev/null
+++ b/chaos-at-home/ch-http-proxy.yml
@@ -0,0 +1,42 @@
+---
+- name: Basic Setup
+  hosts: ch-http-proxy
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd
+  - role: core/zsh
+  # - role: apt-repo/spreadspace
+  # - role: acmetool/base
+  - role: nginx/base
+  # - role: acmetool/cert
+  #   acmetool_cert_name: "http.chaos-at-home.org"
+  #   acmetool_cert_config:
+  #     request:
+  #       challenge:
+  #         http-self-test: false
+  # post_tasks:
+  # - name: install systemd service unit for service-ip
+  #   copy:
+  #     dest: /etc/systemd/system/http-service-ip.service
+  #     content: |
+  #       [Unit]
+  #       Description=Assign HTTP Sevice IP
+  #       After=network.target
+
+  #       [Service]
+  #       Type=oneshot
+  #       ExecStart=/usr/sbin/ip addr add dev {{ network.primary.name }} {{ network_services.http.addr }}/32
+  #       ExecStop=/usr/sbin/ip addr del dev {{ network.primary.name }} {{ network_services.http.addr }}/32
+  #       RemainAfterExit=yes
+
+  #       [Install]
+  #       WantedBy=multi-user.target
+  #   register: service_ip_systemd_unit
+
+  # - name: make sure service-ip systemd unit is enabeld and started
+  #   systemd:
+  #     daemon_reload: yes
+  #     name: http-service-ip.service
+  #     state: "{{ (service_ip_systemd_unit is changed) | ternary('restarted', 'started') }}"
+  #     enabled: yes
diff --git a/inventory/group_vars/chaos-at-home/network.yml b/inventory/group_vars/chaos-at-home/network.yml
index d2bbde0a..4059a866 100644
--- a/inventory/group_vars/chaos-at-home/network.yml
+++ b/inventory/group_vars/chaos-at-home/network.yml
@@ -47,11 +47,12 @@ network_zones:
     - 9.9.9.9
     offsets:
       ch-apps: 1
+      ch-http-proxy: 8
       ch-imap-proxy: 9
       ch-jump: 22
       ch-gw-lan: 28
       ch-nic: 53
-      __svc_web__: 80
+      __svc_http__: 80
       __svc_imap__: 143
       ch-router-obsd: 253
       ch-router: 254
@@ -88,11 +89,11 @@ network_zones:
 
 
 network_services:
-  web:
+  http:
     ports:
     - 80
     - 443
-    addr: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets.__svc_web__) | ipaddr('address') }}"
+    addr: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets.__svc_http__) | ipaddr('address') }}"
   imap:
     ports:
     #- 143
diff --git a/inventory/host_vars/ch-http-proxy.yml b/inventory/host_vars/ch-http-proxy.yml
new file mode 100644
index 00000000..6ac333ef
--- /dev/null
+++ b/inventory/host_vars/ch-http-proxy.yml
@@ -0,0 +1,36 @@
+---
+install_jumphost: ch-jump
+
+install:
+  vm:
+    memory: 2G
+    numcpus: 2
+    autostart: True
+  disks:
+    primary: /dev/sda
+    scsi:
+      sda:
+        type: zfs
+        name: root
+        size: 10g
+  interfaces:
+  - bridge: br-svc
+    name: svc0
+
+network:
+  nameservers: "{{ network_zones.svc.dns }}"
+  domain: "{{ host_domain }}"
+  systemd_link:
+    interfaces: "{{ install.interfaces }}"
+  primary: &_network_primary_
+    name: svc0
+    address: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ network_zones.svc.gateway }}"
+    static_routes:
+    - destination: "{{ network_zones.lan.prefix }}"
+      gateway: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ipaddr('address') }}"
+  interfaces:
+  - *_network_primary_
+
+
+#acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}"
diff --git a/inventory/hosts.ini b/inventory/hosts.ini
index f4a7c266..71564bcf 100644
--- a/inventory/hosts.ini
+++ b/inventory/hosts.ini
@@ -23,6 +23,7 @@ ch-nic host_name=nic
 ch-equinox-ws host_name=equinox-ws
 ch-prometheus host_name=prometheus
 ch-apps host_name=apps
+ch-http-proxy host_name=http-proxy
 ch-imap-proxy host_name=imap-proxy
 ch-atlas host_name=atlas
 ch-pan host_name=pan
@@ -260,6 +261,7 @@ vmhost-ch-gnocchi-guests
 
 [vmhost-ch-prometheus-guests]
 ch-apps
+ch-http-proxy
 ch-imap-proxy
 [vmhost-ch-prometheus]
 ch-prometheus
-- 
cgit v1.2.3