neuro_ansible/install_scripts/install_code.yaml

---
- name: install code server
  hosts: all
  become: true

  tasks:
    - name: remove other files
      include_tasks: yaml_sub/myrepo_clean.yaml

    - name: update file myrepo.repo
      import_tasks: yaml_sub/myrepo_data.yaml

    - name: install client
      ansible.builtin.dnf:
        name: "http://10.10.0.3/cmk/check_mk/agents/check-mk-agent-2.2.0p24-1.noarch.rpm"
        state: present
        update_cache: true
        skip_broken: true
        nobest: false
        allowerasing: true
        disable_gpg_check: true

    - name: remove other files
      include_tasks: yaml_sub/install_docker.yaml

    - name: Create network codeNet
      community.docker.docker_network:
        name: codeNet

    - name: Create volume code data
      community.docker.docker_volume:
        name: code_data
        state: present

    - name: Create code container
      community.docker.docker_container:
        name: code-server
        image: lscr.io/linuxserver/code-server:latest
        state: started
        recreate: yes
        restart_policy: always

        volumes:
          - "code_data:/config"

        env:
          PASSWORD: "{{ passwd }}"
          TZ: "Europe/Berlin"
          PUID: "0"
          PGID: "0"
          DEFAULT_WORKSPACE: "/config/workspace"
          PROXY_DOMAIN: "code.neuro.uni-bremen.de"

        networks:
          - name: codeNet
        comparisons:
          networks: strict

    - name: set nginx.conf
      blockinfile:
        path: /root/nginx/nginx.conf
        state: present
        create: true
        owner: "root"
        group: "root"
        mode: "0644"
        block: |
          events {}
          http {
            server {
              listen 80 default_server;
              server_name _;
              return 301 https://$host$request_uri;
            }
            server {
              listen 443 ssl;
              ssl_certificate      /certs/nginx_certificate.pem;
              ssl_certificate_key  /certs/nginx_key.pem;
              ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
              ssl_prefer_server_ciphers   on;
              ssl_ciphers                 EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
              add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
              server_tokens off;
              client_max_body_size 50M;

              location / {
                proxy_pass http://code-server:8443;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_read_timeout 3m;
                proxy_send_timeout 3m;
              }
            }
          }

#    - name: copy key
#      ansible.builtin.copy:
#        src: "/config/certs/key.pem"
#        dest: "/root/nginx/key.pem"
#        owner: root
#        group: root
#        mode: "0600"

#    - name: copy ca
#      ansible.builtin.copy:
#        src: "/config/certs/crt_ca.pem"
#        dest: "/root/nginx/ca.pem"
#        owner: root
#        group: root
#        mode: "0600"

    - name: Create nginx container
      community.docker.docker_container:
        name: nginx
        image: "nginx:stable-alpine"
        state: started
        recreate: no
        restart_policy: always

        volumes:
          - "/root/nginx/key.pem:/certs/nginx_key.pem:ro"
          - "/root/nginx/ca.pem:/certs/nginx_certificate.pem:ro"
          - "/root/nginx/nginx.conf:/etc/nginx/nginx.conf:ro"

        ports:
          - "0.0.0.0:443:443"
          - "0.0.0.0:80:80"
        env:
          NGINX_WORKER_PROCESSES: "4"
          NGINX_WORKER_CONNECTIONS: "768"

        networks:
          - name: codeNet

        comparisons:
          networks: strict
Add files via upload 2024-04-17 00:50:20 +02:00			`---`
Update 2024-04-25 16:48:40 +02:00			`- name: install code server`
Add files via upload 2024-04-17 00:50:20 +02:00			`hosts: all`
			`become: true`

			`tasks:`
			`- name: remove other files`
			`include_tasks: yaml_sub/myrepo_clean.yaml`

			`- name: update file myrepo.repo`
			`import_tasks: yaml_sub/myrepo_data.yaml`

			`- name: install client`
			`ansible.builtin.dnf:`
			`name: "http://10.10.0.3/cmk/check_mk/agents/check-mk-agent-2.2.0p24-1.noarch.rpm"`
			`state: present`
			`update_cache: true`
			`skip_broken: true`
			`nobest: false`
			`allowerasing: true`
			`disable_gpg_check: true`

			`- name: remove other files`
			`include_tasks: yaml_sub/install_docker.yaml`

Update 2024-04-25 16:48:40 +02:00			`- name: Create network codeNet`
			`community.docker.docker_network:`
			`name: codeNet`

Add files via upload 2024-04-17 00:50:20 +02:00			`- name: Create volume code data`
			`community.docker.docker_volume:`
			`name: code_data`
			`state: present`

			`- name: Create code container`
			`community.docker.docker_container:`
			`name: code-server`
			`image: lscr.io/linuxserver/code-server:latest`
			`state: started`
Update install_code.yaml 2024-04-26 16:21:33 +02:00			`recreate: yes`
Add files via upload 2024-04-17 00:50:20 +02:00			`restart_policy: always`

			`volumes:`
			`- "code_data:/config"`
Update 2024-04-25 16:48:40 +02:00
Add files via upload 2024-04-17 00:50:20 +02:00			`env:`
			`PASSWORD: "{{ passwd }}"`
			`TZ: "Europe/Berlin"`
			`PUID: "0"`
			`PGID: "0"`
			`DEFAULT_WORKSPACE: "/config/workspace"`
Update 2024-04-25 16:48:40 +02:00			`PROXY_DOMAIN: "code.neuro.uni-bremen.de"`

			`networks:`
			`- name: codeNet`
			`comparisons:`
			`networks: strict`

Update 2024-04-26 16:16:12 +02:00			`- name: set nginx.conf`
			`blockinfile:`
			`path: /root/nginx/nginx.conf`
			`state: present`
			`create: true`
			`owner: "root"`
			`group: "root"`
			`mode: "0644"`
			`block: \|`
			`events {}`
			`http {`
			`server {`
			`listen 80 default_server;`
			`server_name _;`
			`return 301 https://$host$request_uri;`
			`}`
			`server {`
			`listen 443 ssl;`
			`ssl_certificate /certs/nginx_certificate.pem;`
			`ssl_certificate_key /certs/nginx_key.pem;`
			`ssl_protocols TLSv1 TLSv1.1 TLSv1.2;`
			`ssl_prefer_server_ciphers on;`
			`ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;`
			`add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";`
			`server_tokens off;`
			`client_max_body_size 50M;`

			`location / {`
			`proxy_pass http://code-server:8443;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_http_version 1.1;`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection "upgrade";`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_read_timeout 3m;`
			`proxy_send_timeout 3m;`
			`}`
			`}`
			`}`

Update install_code.yaml 2024-04-26 16:18:49 +02:00			`# - name: copy key`
			`# ansible.builtin.copy:`
			`# src: "/config/certs/key.pem"`
			`# dest: "/root/nginx/key.pem"`
			`# owner: root`
			`# group: root`
			`# mode: "0600"`

			`# - name: copy ca`
			`# ansible.builtin.copy:`
			`# src: "/config/certs/crt_ca.pem"`
			`# dest: "/root/nginx/ca.pem"`
			`# owner: root`
			`# group: root`
			`# mode: "0600"`
Update 2024-04-26 16:16:12 +02:00
			`- name: Create nginx container`
Update 2024-04-25 16:48:40 +02:00			`community.docker.docker_container:`
Update 2024-04-26 16:16:12 +02:00			`name: nginx`
			`image: "nginx:stable-alpine"`
Update 2024-04-25 16:48:40 +02:00			`state: started`
			`recreate: no`
			`restart_policy: always`
Add files via upload 2024-04-17 00:50:20 +02:00
Update 2024-04-26 16:16:12 +02:00			`volumes:`
			`- "/root/nginx/key.pem:/certs/nginx_key.pem:ro"`
			`- "/root/nginx/ca.pem:/certs/nginx_certificate.pem:ro"`
			`- "/root/nginx/nginx.conf:/etc/nginx/nginx.conf:ro"`
Add files via upload 2024-04-17 00:50:20 +02:00
Update 2024-04-26 16:16:12 +02:00			`ports:`
			`- "0.0.0.0:443:443"`
			`- "0.0.0.0:80:80"`
Update 2024-04-25 16:48:40 +02:00			`env:`
Update 2024-04-26 16:16:12 +02:00			`NGINX_WORKER_PROCESSES: "4"`
			`NGINX_WORKER_CONNECTIONS: "768"`
Add files via upload 2024-04-17 00:50:20 +02:00
Update 2024-04-25 16:48:40 +02:00			`networks:`
			`- name: codeNet`
Update 2024-04-26 16:16:12 +02:00
Update 2024-04-25 16:48:40 +02:00			`comparisons:`
			`networks: strict`