Add legacy nginx service

2021-03-13 18:27:44 +01:00 · 2021-03-13 18:27:44 +01:00 · 216ff47574
commit 216ff47574
parent cbc789fce1
12 changed files with 160 additions and 5 deletions
--- a/deploy.yaml
+++ b/deploy.yaml
@ -5,6 +5,7 @@
  vars_files:
    - vars/environment.yml
    - vars/services.yml
+    - vars/databases.yml

  tasks:
    - name: Deploy services
--- a/roles/kadet.docker-swarm/tasks/main.yml
+++ b/roles/kadet.docker-swarm/tasks/main.yml
@ -11,7 +11,3 @@
    driver: "{{ item.driver|default('overlay') }}"
    scope: swarm
  loop: "{{ swarm_global_networks }}"
-
- name: Set swarm_host_address fact
-  set_fact:
-    swarm_host_address: "{{ ansible_docker0.ipv4.address }}"
--- a/services/gitea/tasks/setup.yml
+++ b/services/gitea/tasks/setup.yml
@ -4,6 +4,8 @@
    path: "{{ repositories_path }}"
    state: directory
    owner: "{{ ansible_user }}"
+  tags:
+    - setup

 - name: 'Create git user for ssh access'
  user:
@ -14,6 +16,8 @@
    state: present
    generate_ssh_key: yes
  register: git_user
+  tags:
+    - setup

 - name: 'Add host key for gitea SSH passthrough'
  ansible.posix.authorized_key:
@ -21,14 +25,20 @@
    key: "{{ git_user.ssh_public_key }}"
    state: present
    manage_dir: False
+  tags:
+    - setup

 - name: 'Ensure /app/gitea exists'
  file:
    path: "/app/gitea"
    state: directory
+  tags:
+    - setup

 - name: 'Copy gitea-ssh-forward script to remote'
  copy:
    src: "{{ service_path }}/bin/gitea-ssh-forward"
    dest: "/app/gitea/gitea"
-
+    mode: +x
+  tags:
+    - setup
--- a/services/legacy/config/nginx.conf
+++ b/services/legacy/config/nginx.conf
@ -0,0 +1,28 @@
+user              {{ www_user.uid }};
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+    gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+}
--- a/services/legacy/sites/default.conf
+++ b/services/legacy/sites/default.conf
@ -0,0 +1,43 @@
+server {
+    listen       80;
+
+    #charset koi8-r;
+    #access_log  /var/log/nginx/host.access.log  main;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    #error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+
+    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+    #
+    #location ~ \.php$ {
+    #    proxy_pass   http://127.0.0.1;
+    #}
+
+    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+    #
+    #location ~ \.php$ {
+    #    root           html;
+    #    fastcgi_pass   127.0.0.1:9000;
+    #    fastcgi_index  index.php;
+    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+    #    include        fastcgi_params;
+    #}
+
+    # deny access to .htaccess files, if Apache's document root
+    # concurs with nginx's one
+    #
+    #location ~ /\.ht {
+    #    deny  all;
+    #}
+}
--- a/services/legacy/stack.yml
+++ b/services/legacy/stack.yml
@ -0,0 +1,15 @@
+version: "{{ compose_version }}"
+
+services:
+  nginx:
+    image: nginx:latest
+    networks:
+      - "{{ ingress_network }}"
+      - default
+    volumes:
+      - "{{ www_root }}:/var/www"
+      - "{{ remote_service_path }}/sites:/etc/nginx/conf.d:ro"
+    deploy:
+      labels:
+        - traefik.enable=true
+        - traefik.http.services.{{ service }}.loadbalancer.server.port=80
--- a/services/legacy/tasks/config.yml
+++ b/services/legacy/tasks/config.yml
@ -0,0 +1,18 @@
+---
+- name: 'Ensure sites config directory exists'
+  file:
+    path: "{{ remote_service_path }}/sites"
+    state: directory
+    owner: "{{ ansible_user }}"
+  tags:
+    - config
+
+- name: 'Copy sites configuration to remote server'
+  template:
+    src: "{{ file }}"
+    dest: "{{ remote_service_path }}/sites/{{ file|basename }}"
+  with_fileglob: "{{ service_path }}/sites/*"
+  loop_control:
+    loop_var: file
+  tags:
+    - config
--- a/services/legacy/tasks/setup.yml
+++ b/services/legacy/tasks/setup.yml
@ -0,0 +1,30 @@
+---
+- name: Create www-data user for ssh access for legacy services
+  user:
+    name: www-data
+    group: www-data
+    shell: /bin/bash
+    system: yes
+    password: '!'
+    state: present
+  register: www_user
+  tags:
+    - setup
+
+- name: Add users to www-data group
+  user:
+    user: "{{ user }}"
+    groups: docker
+    append: yes
+  loop: "{{ www_data_users }}"
+  loop_control:
+    loop_var: user 
+
+- name: Ensure WWW root exists for legacy services
+  file:
+    path: "{{ www_root }}"
+    state: directory
+    owner: "{{ www_user.uid }}"
+    group: "{{ www_user.group }}"
+    mode: g+rw
+
--- a/services/legacy/vars/main.yml
+++ b/services/legacy/vars/main.yml
@ -0,0 +1,5 @@
+---
+www_root: /var/www
+www_data_users: []
+
+php_versions: ['7.1', '7.3']
--- a/services/traefik/config/dynamic/nginx.yaml
+++ b/services/traefik/config/dynamic/nginx.yaml
@ -0,0 +1,6 @@
+---
+http:
+  routers:
+    nginx:
+      rule: Host(`{{ main_domain }}`)
+      service: legacy@docker
--- a/vars/environment.yml
+++ b/vars/environment.yml
@ -11,3 +11,4 @@ pip_executable: pip3
 swarm_addr: eth0
 swarm_global_networks:
 - name: traefik
+swarm_host_address: "{{ ansible_docker0.ipv4.address }}"
--- a/vars/services.yml
+++ b/vars/services.yml
@ -33,3 +33,5 @@ service_config:
      user: gitea
      password: "{{ mysql_user_passwords['gitea'] }}"

+  legacy:
+    www_data_users: ["{{ ansible_user }}"]