This commit is contained in:
Kris Lamoureux 2022-11-19 02:37:47 -05:00
parent 75ee5be87d
commit 10851d3d64
9 changed files with 132 additions and 7 deletions

4
.ansible-lint Normal file
View File

@ -0,0 +1,4 @@
---
kinds:
- playbook: "*.yml"

1
.gitignore vendored
View File

@ -1,4 +1,5 @@
environments
*.log
.playbook
.vagrant
.vscode

9
Makefile Normal file
View File

@ -0,0 +1,9 @@
all: vagrant
vagrant:
vagrant up --no-destroy-on-error --no-color | tee ./vagrantup.log
./forward-ssh.sh
clean:
vagrant destroy -f --no-color
rm -rf .vagrant *.log

View File

@ -1,15 +1,19 @@
# Free I.T. Athen's Infrastructure
This project is used to develop Ansible for deploying and maintaining websites
and services operated by Free I.T. Athens.
and services operated by Free I.T. Athens (FRITA).
- Requires Ansible and Vagrant on the host
- Requires GNU Make, Ansible, and Vagrant on the host
## Quick Start
1. Clone this project
2. Run `vagrant up` to provision a Debian 11 base box
2. Run `make` to provision a Debian 11 base box
3. Go to
- [Traefik Dashboard](https://traefik.local.freeitathens.org:8443/dashboard/#/)
- [WordPress](https://www.local.freeitathens.org)
4. Click through the HTTPS security warning
## Authors
* **Kris Lamoureux** - *Project Founder* - @[krislamo](https://github.com/krislamo)
* **Kris Lamoureux** - *Project Founder* - [@krislamo](https://github.com/krislamo)
## Copyrights and Licenses
Copyright (C) 2019, 2020, 2022 Free I.T. Athens

View File

@ -1,5 +1,41 @@
###############
### Secrets ###
###############
secret:
WORDPRESS_DB_PASSWORD: WPpa55w0rd!
##############
### Docker ###
##############
docker_users:
- vagrant
webserver_env:
TRAEFIK_DOMAIN: traefik.example.org
################
#### MariaDB ###
################
databases:
- name: wordpress
pass: "{{ secret.WORDPRESS_DB_PASSWORD }}"
#######################
### Webserver Stack ###
#######################
webserver:
###############
### Traefik ###
###############
#TRAEFIK_VERSION: latest
#TRAEFIK_DOMAIN: traefik.local.freeitathens.org
#TRAEFIK_DASHBOARD: true
#TRAEFIK_EXPOSED_DEFAULT: false
TRAEFIK_DEBUG: true
#################
### WordPress ###
#################
#WORDPRESS_VERSION: latest
#WORDPRESS_DOMAIN: www.local.freeitathens.org
#WORDPRESS_DB_HOST: host.docker.internal
#WORDPRESS_DB_NAME: wordpress
#WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: "{{ secret.WORDPRESS_DB_PASSWORD }}"

23
forward-ssh.sh Executable file
View File

@ -0,0 +1,23 @@
#!/bin/bash
# Finds the SSH private key under ./.vagrant and connects to
# the Vagrant box port forwarding localhost ports: 8443, 80, 443
PRIVATE_KEY="$(find .vagrant -name "private_key")"
HOST_IP="$(vagrant ssh -c "hostname -I | cut -d' ' -f2" 2>/dev/null)"
if [ "$(pgrep -afc "$PRIVATE_KEY")" -eq 0 ]; then
set -x
sudo ssh -fNT -i "$PRIVATE_KEY" \
-L 8443:localhost:8443 \
-L 80:localhost:80 \
-L 443:localhost:443 \
-o UserKnownHostsFile=/dev/null \
-o StrictHostKeyChecking=no \
vagrant@"${HOST_IP::-1}" 2>/dev/null
set +x
else
echo "ERROR: SSH process already running"
pgrep -af "$PRIVATE_KEY"
echo -e "\nKill process:\n\tsudo kill -9 \"\$(pgrep -f \"$PRIVATE_KEY\")\""
exit 1
fi

View File

@ -1,5 +1,8 @@
version: '3.5'
volumes:
wordpress:
networks:
traefik:
name: traefik
@ -7,10 +10,12 @@ networks:
services:
traefik:
image: traefik:${TRAEFIK_VERSION:-latest}
restart: always
command:
- --api.dashboard=${TRAEFIK_DASHBOARD:-true}
- --api.debug=${TRAEFIK_DEBUG:-false}
- --providers.docker=true
- --providers.docker.exposedbydefault=${TRAEFIK_EXPOSED_DEFAULT:-false}
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
@ -28,5 +33,25 @@ services:
traefik.http.routers.api.entrypoints: local
traefik.http.routers.api.service: api@internal
traefik.http.routers.api.tls: true
traefik.enable: true
networks:
- traefik
wordpress:
image: wordpress:${WORDPRESS_VERSION:-latest}
restart: always
environment:
WORDPRESS_DB_HOST: ${WORDPRESS_DB_HOST:-host.docker.internal}
WORDPRESS_DB_NAME: ${WORDPRESS_DB_NAME-wordpress}
WORDPRESS_DB_USER: ${WORDPRESS_DB_USER:-wordpress}
WORDPRESS_DB_PASSWORD: ${WORDPRESS_DB_PASSWORD}
labels:
traefik.http.routers.wordpress.rule: Host(`${WORDPRESS_DOMAIN:-www.local.freeitathens.org}`)
traefik.http.routers.wordpress.entrypoints: websecure
traefik.http.routers.wordpress.tls.certresolver: letsencrypt
traefik.docker.network: traefik
traefik.enable: true
volumes:
- wordpress:/var/www/html
extra_hosts:
- host.docker.internal:host-gateway

View File

@ -3,6 +3,29 @@
name: mariadb-server
state: present
- name: Install MySQL Support for Python 3
apt:
name: python3-pymysql
state: present
- name: Create MariaDB databases
mysql_db:
name: "{{ item.name }}"
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
loop: "{{ databases }}"
no_log: "{{ item.pass is defined }}"
- name: Create MariaDB users
mysql_user:
name: "{{ item.name }}"
password: "{{ item.pass }}"
priv: "{{ item.name }}.*:ALL,GRANT"
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
loop: "{{ databases }}"
no_log: "{{ item.pass is defined }}"
- name: Create webserver docker-compose directory
ansible.builtin.file:
path: "{{ webserver_root }}"

View File

@ -1,4 +1,4 @@
# {{ ansible_managed }}
{% for key, value in webserver_env.items() %}
{% for key, value in webserver.items() %}
{{ key }}={{ value }}
{% endfor %}