kris/FRITA-infra
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

merge into: kris:timetrex
Branches Tags
kris:main
kris:timetrex
kris:nextcloud
kris:merge
kris:wip
kris:master
...
pull from: kris:main
Branches Tags
kris:main
kris:timetrex
kris:nextcloud
kris:merge
kris:wip
kris:master

5 Commits
timetrex ... main

Author SHA1 Message Date
Kris Lamoureux
236ec455cc
Add cron and fix database maintenance task 2023-10-03 23:30:28 -04:00
Kris Lamoureux
69c38221ec
Update .env template and add --diff 2023-10-03 20:45:15 -04:00
Kris Lamoureux
63c544d9e9
Add ncdu and tree packages 2022-11-25 02:58:00 -05:00
Kris Lamoureux
c8015351b4
Add strong random example of generating secrets 2022-11-25 01:02:13 -05:00
Kris Lamoureux
7048aa8418
Add Ansible Vault instructions to README 2022-11-25 00:57:02 -05:00
4 changed files with 31 additions and 3 deletions
Show Stats Expand all files Collapse all files

19
README.md
View File

@ -26,11 +26,28 @@ and services operated by Free I.T. Athens (FRITA).
4. Run `ansible-playbook` against the production servers, e.g., 4. Run `ansible-playbook` against the production servers, e.g.,
``` ```
ansible-playbook -u root -i environments/production --vault-pass-file ./.ansible_vault webserver.yml --check ansible-playbook -u root -i environments/production --vault-pass-file ./.ansible_vault webserver.yml --diff --check
``` ```
5. Delete the `.ansible_vault` file when you are done 5. Delete the `.ansible_vault` file when you are done
### Using Ansible Vault to add or rotate values
Do not submit ciphertext into Ansible Vault with the indention formatting.<br />
To submit, press `CTRL+d` twice.
- Decrypt Ansible Vault values
```
ansible-vault decrypt --vault-pass-file .ansible_vault
```
- Encrypt new Ansible Vault values
```
ansible-vault encrypt --vault-pass-file .ansible_vault
```
- e.g., `pwgen -s 100 1 | ansible-vault encrypt --vault-pass-file .ansible_vault`
## Authors ## Authors
* **Kris Lamoureux** - *Project Founder* - [@krislamo](https://github.com/krislamo) * **Kris Lamoureux** - *Project Founder* - [@krislamo](https://github.com/krislamo)

2
roles/common/defaults/main.yml
View File

@ -1,2 +1,4 @@
packages: packages:
- dnsutils - dnsutils
- ncdu
- tree

11
roles/webserver/handlers/nextcloud.yml
View File

@ -24,6 +24,15 @@
listen: composeup_webserver listen: composeup_webserver
when: nextcloud_install.changed when: nextcloud_install.changed
- name: Install Nextcloud background jobs cron
ansible.builtin.cron:
name: Nextcloud background job
minute: "*/5"
job: "/usr/bin/docker exec -u www-data webserver_nextcloud_1 /usr/local/bin/php -f /var/www/html/cron.php"
user: root
listen: composeup_webserver
when: nextcloud_install.changed
- name: Preform Nextcloud database maintenance - name: Preform Nextcloud database maintenance
ansible.builtin.command: "docker exec --user www-data {{ webserver_root | basename }}_nextcloud_1 {{ item }}" ansible.builtin.command: "docker exec --user www-data {{ webserver_root | basename }}_nextcloud_1 {{ item }}"
loop: loop:
@ -32,4 +41,4 @@
- "php occ db:convert-filecache-bigint" - "php occ db:convert-filecache-bigint"
- "php occ maintenance:mode --off" - "php occ maintenance:mode --off"
listen: composeup_webserver listen: composeup_webserver
when: "' - needsDbUpgrade: true' in nextcloud_status.stdout_lines" when: "' - needsDbUpgrade: true' in nextcloud_status.stdout_lines or nextcloud_install.changed"

2
roles/webserver/templates/compose-env.j2
View File

@ -1,4 +1,4 @@
# {{ ansible_managed }} # {{ ansible_managed }}
{% for key, value in webserver.items() %} {% for key, value in webserver.items() %}
{{ key }}={{ value }} {{ key }}={{ value }}
{% endfor %} {% endfor %}