Commit 8ee3d76b authored by Jelle van der Waa's avatar Jelle van der Waa 🚧
Browse files

Merge branch 'local-containers' into 'master'

Small changes for testing some roles in local containers

See merge request !58
parents 18815e7e c96e8b91
Pipeline #1613 passed with stage
in 47 seconds
......@@ -36,5 +36,3 @@ fail2ban_jails:
sshd: true
postfix: true
dovecot: false
fastcgi_cache: wiki
---
dependencies:
- role: nginx
......@@ -30,6 +30,9 @@
when: maintenance is not defined
tags: ['nginx']
- name: remove old fastcgi cache directory
file: path=/etc/nginx/wikicache state=absent
- name: configure robots.txt
copy: src=robots.txt dest="{{ archwiki_dir }}/robots.txt" owner=root group=root mode=0644
......
......@@ -13,6 +13,3 @@ ProtectSystem=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
[Install]
WantedBy=multi-user.target
[Unit]
Description=Archwiki runJobs timer
After=mysqld.service
[Timer]
OnUnitActiveSec=5min
......
fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=wiki:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
upstream archwiki {
server unix://{{ archwiki_socket }};
}
......@@ -39,7 +42,7 @@ server {
}
location /robots.txt {
alias {{ archwiki_dir }}/robots.txt;
alias {{ archwiki_dir }}/robots.txt;
}
location ^~ /. {
......@@ -61,7 +64,7 @@ server {
# special case for '/load.php' type URLs to cache css/js in nginx to relieve php-fpm
location = /load.php {
access_log /var/log/nginx/wiki.archlinux.org/access.log main;
access_log /var/log/nginx/{{ archwiki_domain }}/access.log main;
fastcgi_pass archwiki;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
......
[Unit]
ConditionVirtualization=no
......@@ -23,8 +23,16 @@
pacman: name=smartmontools state=present
when: "'hcloud' not in group_names"
# override smartd.service with ConditionVirtualization=no
# this should appear in the next upstream release, see https://github.com/smartmontools/smartmontools/issues/62
- name: create drop-in directory for smartd.service
file: path=/etc/systemd/system/smartd.service.d state=directory owner=root group=root mode=0755
- name: install drop-in snippet for smartd.service
copy: src=smartd-override.conf dest=/etc/systemd/system/smartd.service.d/override.conf owner=root group=root mode=0644
- name: start and enable smart
service: name=smartd enabled=yes state=started
service: name=smartd enabled=yes state=started daemon_reload=yes
when: "'hcloud' not in group_names"
- name: start and enable btrfs scrub timer
......
---
- name: restart firewalld
service: name=firewalld state=restarted
# NOTE: hack for a systemd bug (restarting firewalld.service fails due to fail2ban.service)
# https://github.com/systemd/systemd/issues/2830
# https://bugzilla.opensuse.org/show_bug.cgi?id=1146856
#- name: restart firewalld
# service: name=firewalld state=restarted
- name: stop firewalld
service: name=firewalld state=stopped
listen: restart firewalld
- name: start firewalld
service: name=firewalld state=started
listen: restart firewalld
......@@ -32,7 +32,7 @@
template: >
src=nginx.conf.j2 dest=/etc/nginx/nginx.d/fluxbb.conf
owner=root group=root mode=0644
notify: restart nginx
notify: reload nginx
- name: install python-passlib
pacman: name=python-passlib
......
......@@ -40,9 +40,8 @@
no_log: true
- name: configure zabbix-agent user
# FIXME: "zabbix_agent" is hardcoded in the password variable: {{ vault_mariadb_users.zabbix_agent }}
# NOTE: the zabbix-agent role uses {{zabbix_agent_mysql_password}} in the my.cnf.j2 template
mysql_user: user={{ zabbix_agent_mysql_user }} host=localhost password={{ vault_mariadb_users.zabbix_agent }}
# TODO: implement in ansible: grant process on *.* to 'zabbix_agent'@'localhost';
- name: install zabbix mysql config
template: src=zabbix_agentd.my.cnf.j2 dest=/etc/zabbix/zabbix_agentd.my.cnf owner=zabbix-agent group=zabbix-agent mode=0600
[client]
user={{zabbix_agent_mysql_user}}
password={{vault_mariadb_users.zabbix_agent}}
---
letsencrypt_validation_dir: "/var/lib/letsencrypt"
fastcgi_cache: false
---
- name: restart nginx
service: name=nginx state=restarted
- name: reload nginx
service: name=nginx state=reloaded
......@@ -9,7 +9,7 @@
- name: configure nginx
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf owner=root group=root mode=0644
notify:
- restart nginx
- reload nginx
- name: snippets directories
file: state=directory path=/etc/nginx/{{ item }} owner=root group=root mode=0755
......
......@@ -72,11 +72,6 @@ http {
index index.php index.html index.htm;
{% if fastcgi_cache %}
fastcgi_cache_path /etc/nginx/wikicache levels=1:2 keys_zone=wiki:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
{% endif %}
access_log syslog:server=unix:/dev/log,nohostname,tag=nginx_http main;
include snippets/sslsettings.conf;
......
---
- name: daemon reload
systemd:
reload-daemon: yes
daemon-reload: yes
---
sudo_users:
- root
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment