From 8362230eb40b04d3afff8e29ebdfa4817956adf3 Mon Sep 17 00:00:00 2001 From: Kris Lamoureux Date: Mon, 27 Jun 2022 20:21:25 -0400 Subject: [PATCH] Add nginx proxy server --- .gitignore | 1 + proxy.yml | 11 +++++++++++ roles/base/files/buster-backports.list | 1 - roles/bitwarden/tasks/main.yml | 1 + roles/jenkins/files/ansible.list | 1 - roles/jenkins/tasks/agent.yml | 15 --------------- roles/postgresql/defaults/main.yml | 3 +++ roles/postgresql/tasks/main.yml | 10 ++++++---- 8 files changed, 22 insertions(+), 21 deletions(-) create mode 100644 proxy.yml delete mode 100644 roles/base/files/buster-backports.list delete mode 100644 roles/jenkins/files/ansible.list diff --git a/.gitignore b/.gitignore index 213c524..6d9c91e 100644 --- a/.gitignore +++ b/.gitignore @@ -8,5 +8,6 @@ !dockerbox.yml !hypervisor.yml !minecraft.yml +!proxy.yml !unifi.yml /environments/ diff --git a/proxy.yml b/proxy.yml new file mode 100644 index 0000000..1f9f492 --- /dev/null +++ b/proxy.yml @@ -0,0 +1,11 @@ +- name: Install Proxy Server + hosts: proxyhosts + become: true + roles: + - base + - jenkins + - postgresql + - proxy + - docker + - gitea + - bitwarden diff --git a/roles/base/files/buster-backports.list b/roles/base/files/buster-backports.list deleted file mode 100644 index 68d5e8b..0000000 --- a/roles/base/files/buster-backports.list +++ /dev/null @@ -1 +0,0 @@ -deb http://deb.debian.org/debian buster-backports main diff --git a/roles/bitwarden/tasks/main.yml b/roles/bitwarden/tasks/main.yml index 136a0b0..74663c8 100644 --- a/roles/bitwarden/tasks/main.yml +++ b/roles/bitwarden/tasks/main.yml @@ -70,6 +70,7 @@ path: "{{ bitwarden_root }}/bwdata/config.yml" line: "- {{ bitwarden_realips }}" insertafter: "^real_ips" + notify: rebuild_bitwarden - name: Install Bitwarden systemd service template: diff --git a/roles/jenkins/files/ansible.list b/roles/jenkins/files/ansible.list deleted file mode 100644 index 3ebd328..0000000 --- a/roles/jenkins/files/ansible.list +++ /dev/null @@ -1 +0,0 @@ -deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main diff --git a/roles/jenkins/tasks/agent.yml b/roles/jenkins/tasks/agent.yml index d82dcb0..6121c98 100644 --- a/roles/jenkins/tasks/agent.yml +++ b/roles/jenkins/tasks/agent.yml @@ -1,8 +1,3 @@ -- name: Install GnuPG - apt: - name: gnupg - state: present - - name: Create Jenkins user user: name: "{{ jenkins_user }}" @@ -25,16 +20,6 @@ validate: "visudo -cf %s" mode: 0440 -- name: Install Ansible source - copy: - src: ansible.list - dest: /etc/apt/sources.list.d/ansible.list - -- name: Add Ansible source key - apt_key: - keyserver: keyserver.ubuntu.com - id: 93C4A3FD7BB9C367 - - name: Install Ansible apt: name: ansible diff --git a/roles/postgresql/defaults/main.yml b/roles/postgresql/defaults/main.yml index e9af37e..0284653 100644 --- a/roles/postgresql/defaults/main.yml +++ b/roles/postgresql/defaults/main.yml @@ -1,2 +1,5 @@ postgresql_config: /etc/postgresql/13/main/pg_hba.conf postgresql_listen: "*" +postgresql_trust: + - "172.16.0.0/12" + - "192.168.0.0/16" diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index 8d9404b..713aac5 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -3,15 +3,16 @@ name: postgresql state: present -- name: Trust connections to PostgreSQL from Docker +- name: Trust connections to PostgreSQL postgresql_pg_hba: dest: "{{ postgresql_config }}" contype: host databases: all users: all - address: "172.16.0.0/12" + address: "{{ item }}" method: trust register: postgresql_hba + loop: "{{ postgresql_trust }}" - name: Change PostgreSQL listen addresses postgresql_set: @@ -33,9 +34,10 @@ state: restarted when: postgresql_config.changed -- name: Allow database connections from Docker +- name: Allow database connections ufw: rule: allow port: "5432" proto: tcp - src: "172.16.0.0/12" + src: "{{ item }}" + loop: "{{ postgresql_trust }}"