From 0beddefac016b23ef5c88293b7570227c7b3ddbc Mon Sep 17 00:00:00 2001 From: David Rotermund <54365609+davrot@users.noreply.github.com> Date: Mon, 8 Apr 2024 10:49:57 +0200 Subject: [PATCH] Add files via upload --- host_overleaf | 1 + install_docker.yaml | 31 ++++ install_overleaf.yaml | 280 +++++++++++++++++++++++++++++++++++ upgrade_tex.yaml | 14 ++ yaml_sub/install_docker.yaml | 35 +++++ 5 files changed, 361 insertions(+) create mode 100644 host_overleaf create mode 100644 install_docker.yaml create mode 100644 install_overleaf.yaml create mode 100644 upgrade_tex.yaml create mode 100644 yaml_sub/install_docker.yaml diff --git a/host_overleaf b/host_overleaf new file mode 100644 index 0000000..c7958fa --- /dev/null +++ b/host_overleaf @@ -0,0 +1 @@ +134.102.55.230 diff --git a/install_docker.yaml b/install_docker.yaml new file mode 100644 index 0000000..a45c4de --- /dev/null +++ b/install_docker.yaml @@ -0,0 +1,31 @@ +--- +- name: install docker as systemd plus add a protainer web + hosts: all + become: true + + tasks: + + - name: remove other files + include_tasks: yaml_sub/install_docker.yaml + + - name: Create a volume + community.docker.docker_volume: + name: portainer_data + state: present + + - name: Create portainer container + community.docker.docker_container: + name: portainerweb + image: portainer/portainer-ce + state: started + recreate: yes + restart_policy: always + published_ports: + - "8000:8000/tcp" + - "9443:9443/tcp" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - portainer_data:/data + + + diff --git a/install_overleaf.yaml b/install_overleaf.yaml new file mode 100644 index 0000000..21d0167 --- /dev/null +++ b/install_overleaf.yaml @@ -0,0 +1,280 @@ +--- +# TODO: Need to fix the mongo db init + +- name: install overleaf + hosts: all + become: true + + vars: + EMAIL__USERNAME: "{{ EUSER }}" + EMAIL__PASSWORD: "{{ EPASS }}" + + tasks: + + - name: Create network OverleafNet + community.docker.docker_network: + name: OverleafNet + + - name: set smtpd_pre.conf + blockinfile: + path: /root/opensmtpd/smtpd_pre.conf + state: present + create: true + owner: "root" + group: "root" + mode: "0644" + block: | + listen on 0.0.0.0 + listen on :: + + table aliases file:/etc/smtpd/aliases + + queue ttl 4d + bounce warn-interval 1h, 6h, 2d + smtp max-message-size 35M + + table authinfo db:/etc/smtpd/authinfo.db + action default relay host "smtps://user@mailhost.neurotec.uni-bremen.de:465" auth tls no-verify + match from any for any action default + + + - name: Create a volume overleafsmtpd_spool + community.docker.docker_volume: + name: overleafsmtpd_spool + state: present + + + - name: Create OpenSMTPd + community.docker.docker_container: + name: overleafsmtpd + image: wodby/opensmtpd + state: started + recreate: no + restart_policy: always + networks: + - name: OverleafNet + comparisons: + networks: strict + env: + RELAY_HOST: "XXX" + RELAY_PROTO: "smtps" + RELAY_PORT: "XXX" + RELAY_USER: "{{ EMAIL__USERNAME }}" + RELAY_PASSWORD: "{{ EMAIL__PASSWORD }}" + + volumes: + - "/root/opensmtpd/smtpd_pre.conf:/etc/gotpl/smtpd.conf.tmpl" + - "overleafsmtpd_spool:/var/spool/smtpd" + + - name: Create a volume overleaf_redis + community.docker.docker_volume: + name: overleaf_redis + state: present + + - name: Create redis container + community.docker.docker_container: + name: overleafredis + image: docker.io/library/redis:6.2 + state: started + recreate: no + restart_policy: always + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s + command: --save 60 1 --loglevel warning + volumes: + - overleaf_redis:/data + + networks: + - name: OverleafNet + + comparisons: + networks: strict + + + - name: Create a volume overleaf_mongo + community.docker.docker_volume: + name: overleaf_mongo + state: present + register: mongo_volume_creation + + - name: Create a volume overleaf_mongo_cdb + community.docker.docker_volume: + name: overleaf_mongo_cdb + state: present + register: mongo_volume_creation + + + - name: Create mongo container + community.docker.docker_container: + name: overleafmongo + image: mongo:5.0 + state: started + recreate: no + restart_policy: always + healthcheck: + test: "mongosh --quiet --eval 'rs.hello().setName ? rs.hello().setName : rs.initiate({_id: \"overleaf\",members:[{_id: 0, host:\"overleafmongo:27017\"}]})'" + #echo 'db.stats().ok' | mongo localhost:27017/test --quiet + interval: 10s + timeout: 10s + retries: 5 + command: --replSet overleaf + volumes: + - "overleaf_mongo:/data/db" + - "overleaf_mongo_cdb:/data/configdb" + + networks: + - name: OverleafNet +# - name: bridge + +# ports: +# - "27017:27017" + + comparisons: + networks: strict + +# - name: Prepare mongodb +# community.docker.docker_container_exec: +# container: overleafmongo +# command: sh -c 'mongo --eval "rs.initiate({ _id: \"overleaf\", members: [ { _id: 0, host: \"overleafmongo:27017\" } ] })"' +# when: mongo_volume_creation.changed + + - name: Create a volume overleaf_data + community.docker.docker_volume: + name: overleaf_data + state: present + + - name: Create a volume overleaf_tex2024 + community.docker.docker_volume: + name: overleaf_tex2024 + state: present + + - name: Create overleaf container + community.docker.docker_container: + name: overleaf + image: sharelatex/sharelatex + state: started + recreate: no + restart_policy: always + + volumes: + - "overleaf_data:/var/lib/overleaf" + - "overleaf_tex2024:/usr/local/texlive/2024" + - "overleaf_tex2024:/usr/local/texlive/2023" + + networks: + - name: OverleafNet + + comparisons: + networks: strict + + env: + GIT_BRIDGE_ENABLED: "false" + GIT_BRIDGE_HOST: "git-bridge" + GIT_BRIDGE_PORT: "8000" + REDIS_HOST: "overleafredis" + REDIS_PORT: "6379" + V1_HISTORY_URL: "http://overleaf:3100/api" + OVERLEAF_MONGO_URL: "mongodb://overleafmongo/sharelatex" + OVERLEAF_REDIS_HOST: "overleafredis" + OVERLEAF_APP_NAME: "FB1 University of Bremen Overleaf" + ENABLED_LINKED_FILE_TYPES: "project_file,project_output_file" + ENABLE_CONVERSIONS: "true" + EMAIL_CONFIRMATION_DISABLED: "false" + OVERLEAF_BEHIND_PROXY: "true" + OVERLEAF_SECURE_COOKIE: "true" + OVERLEAF_SITE_URL: "https://overleaf.neuro.uni-bremen.de" + OVERLEAF_NAV_TITLE: "FB1 Overleaf" + + OVERLEAF_ADMIN_EMAIL: "overleaf@neuro.uni-bremen.de" + OVERLEAF_EMAIL_FROM_ADDRESS: "overleaf@neuro.uni-bremen.de" + OVERLEAF_EMAIL_SMTP_HOST: "overleafsmtpd" + OVERLEAF_EMAIL_SMTP_PORT: "25" + OVERLEAF_EMAIL_SMTP_SECURE: "false" + OVERLEAF_EMAIL_SMTP_LOGGER: "true" + OVERLEAF_CUSTOM_EMAIL_FOOTER: "This system is run by the ITP" + + - name: set nginx.conf + blockinfile: + path: /root/nginx/nginx.conf + state: present + create: true + owner: "root" + group: "root" + mode: "0644" + block: | + events {} + http { + server { + listen 80 default_server; + server_name _; + return 301 https://$host$request_uri; + } + server { + listen 443 ssl; + ssl_certificate /certs/nginx_certificate.pem; + ssl_certificate_key /certs/nginx_key.pem; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; + server_tokens off; + client_max_body_size 50M; + + location / { + proxy_pass http://overleaf:80; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_read_timeout 3m; + proxy_send_timeout 3m; + } + } + } + + - name: Create nginx container + community.docker.docker_container: + name: overleafnginx + image: "nginx:stable-alpine" + state: started + recreate: no + restart_policy: always + + volumes: + - "/root/nginx/key.pem:/certs/nginx_key.pem:ro" + - "/root/nginx/ca.pem:/certs/nginx_certificate.pem:ro" + - "/root/nginx/nginx.conf:/etc/nginx/nginx.conf:ro" + + ports: + - "0.0.0.0:443:443" + - "0.0.0.0:80:80" + env: + NGINX_WORKER_PROCESSES: "4" + NGINX_WORKER_CONNECTIONS: "768" + + networks: + - name: OverleafNet + + comparisons: + networks: strict + + - name: Post install info (1) + debug: + msg: "Restart Overleaf docker container" + + - name: Post install info (2) + debug: + msg: "Don't forget to place the cerificates onto the server" + + - name: Post install info (3) + debug: + msg: "Initial Overleaf user: got https://overleaf.neuro.uni-bremen.de/launchpad " + + + diff --git a/upgrade_tex.yaml b/upgrade_tex.yaml new file mode 100644 index 0000000..eb75b3e --- /dev/null +++ b/upgrade_tex.yaml @@ -0,0 +1,14 @@ +--- +- name: update tex + hosts: all + become: true + + tasks: + + - name: Update tex + community.docker.docker_container_exec: + container: overleaf + command: /bin/bash -c "cd /root ; rm -rf install-tl-* ; curl -L -o tl-unx.tar.gz https://mirror.ctan.org/systems/texlive/tlnet/install-tl-unx.tar.gz ; tar -xzf tl-unx.tar.gz; cd install-tl-*; perl ./install-tl --no-interaction " + + + diff --git a/yaml_sub/install_docker.yaml b/yaml_sub/install_docker.yaml new file mode 100644 index 0000000..613ee3b --- /dev/null +++ b/yaml_sub/install_docker.yaml @@ -0,0 +1,35 @@ +--- +- name: set myrepo + blockinfile: + path: /etc/yum.repos.d/myrepo.repo + state: present + create: true + owner: "root" + group: "root" + mode: "0666" + block: | + [docker-ce-stable] + name=Docker CE Stable - $basearch + baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/stable + enabled=0 + gpgcheck=1 + gpgkey=https://download.docker.com/linux/fedora/gpg + +- name: install docker rpm + ansible.builtin.dnf: + name: "docker-ce,docker-ce-cli,docker-ce-rootless-extras,docker-buildx-plugin,docker-compose-plugin,python3,python3-pip,python3-requests" + state: latest + update_cache: true + skip_broken: true + nobest: false + allowerasing: true + enablerepo: "docker-ce-stable" + +- name: make sure docker service unit is started + ansible.builtin.systemd_service: + state: started + name: docker + enabled: true + + +