davrot/neuro_ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
neuro_ansible/install_scripts/install_code.yaml
David Rotermund 97797976ef Update
2024-04-26 16:27:19 +02:00

140 lines
3.9 KiB
YAML
Raw Permalink Blame History

---
- name: install code server
hosts: all
become: true
tasks:
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: install client
ansible.builtin.dnf:
name: "http://10.10.0.3/cmk/check_mk/agents/check-mk-agent-2.2.0p24-1.noarch.rpm"
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
disable_gpg_check: true
- name: remove other files
include_tasks: yaml_sub/install_docker.yaml
- name: Create network codeNet
community.docker.docker_network:
name: codeNet
- name: Create volume code data
community.docker.docker_volume:
name: code_data
state: present
- name: Create code container
community.docker.docker_container:
name: code-server
image: lscr.io/linuxserver/code-server:latest
state: started
recreate: no
restart_policy: always
volumes:
- "code_data:/config"
env:
PASSWORD: "{{ passwd }}"
TZ: "Europe/Berlin"
PUID: "0"
PGID: "0"
DEFAULT_WORKSPACE: "/config/workspace"
PROXY_DOMAIN: "code.neuro.uni-bremen.de"
networks:
- name: codeNet
comparisons:
networks: strict
- name: set nginx.conf
blockinfile:
path: /root/nginx/nginx.conf
state: present
create: true
owner: "root"
group: "root"
mode: "0644"
block: |
events {}
http {
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /certs/nginx_certificate.pem;
ssl_certificate_key /certs/nginx_key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
server_tokens off;
client_max_body_size 50M;
location / {
proxy_pass http://code-server:8443;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 3m;
proxy_send_timeout 3m;
}
}
}
- name: copy key
ansible.builtin.copy:
src: "/config/certs/key.pem"
dest: "/root/nginx/key.pem"
owner: root
group: root
mode: "0600"
- name: copy ca
ansible.builtin.copy:
src: "/config/certs/crt_ca.pem"
dest: "/root/nginx/ca.pem"
owner: root
group: root
mode: "0600"
- name: Create nginx container
community.docker.docker_container:
name: nginx
image: "nginx:stable-alpine"
state: started
recreate: no
restart_policy: always
volumes:
- "/root/nginx/key.pem:/certs/nginx_key.pem:ro"
- "/root/nginx/ca.pem:/certs/nginx_certificate.pem:ro"
- "/root/nginx/nginx.conf:/etc/nginx/nginx.conf:ro"
ports:
- "0.0.0.0:443:443"
- "0.0.0.0:80:80"
env:
NGINX_WORKER_PROCESSES: "4"
NGINX_WORKER_CONNECTIONS: "768"
networks:
- name: codeNet
comparisons:
networks: strict
Reference in a new issue View git blame Copy permalink