dan/sk-testvm.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151

---
- name: Basic Setup
  hosts: sk-testvm
  roles:
  - role: apt-repo/base
  - role: core/base
  - role: core/sshd/base
  - role: core/zsh
  - role: core/ntp

- name: Payload Setup
  hosts: sk-testvm
  vars:
    acme_client: uacme
    # acme_client: acmetool
    # cert_provider: "{{ acme_client }}"
    # cert_provider: static
    # cert_provider: selfsigned
    cert_provider: static-ca
  roles:
  - role: apt-repo/spreadspace
  - role: kubernetes/base
  - role: kubernetes/standalone/base
  - role: "x509/{{ cert_provider }}/base"
  - role: nginx/base
  - role: nginx/auth/sso/base
  - role: nginx/auth/sso/backend
  - role: nginx/vhost
    nginx_vhost:
      default: yes
      name: nosuchsite
      template: generic
      tls:
        certificate_provider: "{{ cert_provider }}"
        certificate_config: "{{ lookup('vars', (cert_provider | replace('-','_'))+'_cert_config__default', default={}) }}"
        hsts: no
      hostnames:
      - testvm.elev8.at
      locations:
        '/':
          root: /var/www/default
          index: index.html
  - role: nginx/vhost
    nginx_vhost:
      name: login
      template: generic
      tls:
        certificate_provider: "{{ cert_provider }}"
        certificate_config: "{{ lookup('vars', (cert_provider | replace('-','_'))+'_cert_config__test', default={}) }}"
        hsts: no
      hostnames:
      - login.spreadspace.org
      - login.spreadspace.com
      - login.spreadspace.net
      - login.spreadspace.systems
      locations:
        '/':
          proxy_pass: http://127.0.0.1:8082
  - role: nginx/vhost
    nginx_vhost:
      name: test
      template: generic
      tls:
        certificate_provider: "{{ cert_provider }}"
        certificate_config: "{{ lookup('vars', (cert_provider | replace('-','_'))+'_cert_config__test', default={}) }}"
        hsts: no
      hostnames:
      - test.spreadspace.org
      - test.spreadspace.com
      - test.spreadspace.net
      - test.spreadspace.systems
      extra_directives: |
        include snippets/sso-spreadspace.conf;
      locations:
        '/':
          # proxy_pass: http://127.0.0.1:8080
          root: /var/www/test
          index: index.html
          extra_directives: |
            #auth_request_set $username $upstream_http_x_username;
            #proxy_set_header Remote-User $username;
            auth_request_set $cookie $upstream_http_set_cookie;
            add_header Set-Cookie $cookie;
  # - role: apps/mumble
  #   mumble_version: v1.4.287-4
  #   mumble_instance: spreadspace
  #   mumble_hostnames:
  #   - test.spreadspace.org
  #   - test.spreadspace.com
  #   - test.spreadspace.net
  #   - test.spreadspace.systems
  #   mumble_superuser_password: "very-secret"
  #   mumble_config_options:
  #     bonjour: false
  #     sslCiphers: "ECDHE+AESGCM:DHE+AESGCM:ECDHE+AES256:DHE+AES256:ECDHE+AES128:DHE+AES128:!RSA:!ADH:!AECDH:!MD5"
  #     welcometext: "Welcome to the spreadspace Mumble Test-Server"
  #     rememberchannel: true
  #   mumble_tls:
  #     certificate_provider: "{{ cert_provider }}"
  #     certificate_config: "{{ lookup('vars', cert_provider+'_cert_config__test', default={}) }}"
  # - role: apps/coturn
  #   coturn_version: 4.6.2-r4
  #   coturn_realm: spreadspace
  #   coturn_hostnames:
  #   - test.spreadspace.org
  #   - test.spreadspace.com
  #   - test.spreadspace.net
  #   - test.spreadspace.systems
  #   coturn_auth_secret: "somewhat-secret"
  #   coturn_tls:
  #     certificate_provider: "{{ cert_provider }}"
  #     certificate_config: "{{ lookup('vars', cert_provider+'_cert_config__test', default={}) }}"
  post_tasks:
  - name: make sure document root directories exist
    loop:
    - test
    - default
    file:
      path: "/var/www/{{ item }}"
      state: directory

  - name: install index.html for default server
    copy:
      dest: /var/www/default/index.html
      content: |
        <html>
          <head>
            <title>No Such Site</title>
          </head>
          <body style="font-family: Helvetica, Arial, Sans-Serif; color: white; background: black;">
            <div style="text-align: center; margin-top: 4em; margin-left:auto; margin-right:auto;">
              <h2 style="">You have reached testvm.elev8.at, nothing to see here.</h2>
            </div>
          </body>
        </html>


  - name: install index.html for test server
    copy:
      dest: /var/www/test/index.html
      content: |
        <html>
          <head>
            <title>This is Test</title>
          </head>
          <body style="font-family: Helvetica, Arial, Sans-Serif; color: white; background: black;">
            <div style="text-align: center; margin-top: 4em; margin-left:auto; margin-right:auto;">
              <h2 style="">If you can read this the test was successful.</h2>
            </div>
          </body>
        </html>