master
Andrew Wang 1 year ago
parent e969093d67
commit 68cce1fd3a
  1. 31
      roles/ftp/tasks/main.yml
  2. 73
      roles/mirror/tasks/main.yml
  3. 32
      roles/nginx/tasks/main.yml
  4. 22
      roles/nginx/templates/README.md
  5. 17
      roles/rsync/tasks/main.yml
  6. 0
      roles/rsync/templates/rsyncd-filter.conf
  7. 0
      roles/rsync/templates/rsyncd.conf
  8. 28
      roles/system/tasks/main.yml

@ -4,22 +4,12 @@
name: proftpd
state: present
update_cache: yes
- name: enable proftpd service
service:
name: proftpd
enabled: yes
- name: start proftpd service
- name: enable proftpd
service:
name: proftpd
state: started
# make `/mirror/root` dir
# will this overwrite the /mirror/root/include ?
# double check perms
# proftpd requires modules (how to install ?)
- name: copy over config files
copy:
@ -31,8 +21,6 @@
loop:
- { src: blacklist.dat, dest: blacklist.dat, mode: "644" }
# - { src: dhparams.pem, dest: dhparams.pem, mode: "644" }
# generate this file with:
# openssl dhparam -outform PEM -2|-5 1024|1536|2048|3072|4096|6144|7680|8192 >> dhparams.pem
- { src: ldap.conf, dest: ldap.conf, mode: "600" }
- { src: modules.conf, dest: modules.conf, mode: "644" }
- { src: proftpd.conf, dest: proftpd.conf, mode: "644" }
@ -40,7 +28,18 @@
- { src: tls.conf, dest: tls.conf, mode: "644" }
- { src: virtuals.conf, dest: virtuals.conf, mode: "644" }
- name: reload proftpd service
- name: create dhparams.pem
# not regenerated every playbook run
command:
cmd: >
openssl dhparam
-outform PEM -2|-5
1024|1536|2048|3072|4096|6144|7680|8192
>> /etc/proftpd/dhparams.pem
creates: /etc/proftpd/dhparams.pem
- name: restart and enable proftpd
service:
name: proftpd
state: reloaded
state: restarted
enabled: yes

@ -5,9 +5,14 @@
owner: root
group: root
mode: "0644"
# TODO: start/restart cron
- name: copy mirror home
- name: restart and enable cron
systemd:
name: cron
state: restarted
enabled: yes
- name: copy files for /home/mirror
copy:
src: "{{ role_path }}/templates/mirror/"
dest: /home/mirror
@ -15,21 +20,14 @@
group: mirror
mode: preserve
- name: copy include
- name: copy files for /mirror/root
copy:
src: "{{ role_path }}/templates/root/root/include/"
dest: /mirror/root/include
src: "{{ role_path }}/templates/root/root/"
dest: /mirror/root
owner: root
group: csc-mirror
mode: preserve
- name: create merlin directories
file:
path: /mirror/merlin
owner: root
group: root
mode: "0755"
- name: create merlin subdirectories
file:
path: "/mirror/merlin/{{ item.file }}"
@ -37,30 +35,30 @@
group: "{{ item.owner }}"
mode: "0755"
loop:
- { file: bin, owner: root }
- { file: dev, owner: root }
- { file: bin, owner: root }
- { file: run, owner: mirror }
- name: copy over arthur and busybox
- name: copy arthur and busybox into merlin
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
dest: "/mirror/merlin/{{ item.dest }}"
owner: root
group: root
mode: "0755"
loop:
- src: "{{ role_path }}/templates/root/merlin/arthur"
dest: "/mirror/merlin/arthur"
dest: "arthur"
- src: "/usr/bin/busybox"
dest: "/mirror/merlin/bin/busybox"
dest: "bin/busybox"
- name: create symlinks
- name: create symlinks from busybox and arthur
# noqa deprecated-command-syntax
# need chdir to create relative symlinks
command:
cmd: "ln -s {{ item.src }} {{ item.dest }}"
chdir: "/mirror/merlin/run"
creates: "/mirror/merlin/run/{{ item.dest }}"
chdir: "/mirror/merlin/bin"
creates: "/mirror/merlin/bin/{{ item.dest }}"
loop:
- { src: busybox, dest: cd }
- { src: busybox, dest: cp }
@ -71,12 +69,33 @@
- { src: busybox, dest: sleep }
- { src: ../arthur, dest: arthur }
# startup merlin to get
# /mirror/merlin/run/merlin.sock
# then symlink to /mirror/merlin/merlin.sock
# and /home/mirror/merlin/merlin.sock
# https://tldp.org/LDP/lfs/LFS-BOOK-6.1.1-HTML/chapter06/devices.html
- name: create special files
# /dev/(random|urandom) normally has "-m 0444"
# donno why mirror has writable random and urandom
command:
cmd: "mknod -m 0666 /mirror/merlin/dev/{{ item.file }} c 1 {{ item.type }}"
creates: "/mirror/merlin/dev/{{ item.file }}"
loop:
- { type: "3", file: "null" }
- { type: "8", file: "random" }
- { type: "9", file: "urandom" }
- name: create first merlin.sock symlink
# noqa deprecated-command-syntax
# need chdir to create relative symlinks
command:
cmd: "ln -s run/merlin.sock merlin.sock"
chdir: "/mirror/merlin"
creates: "/mirror/merlin/merlin.sock"
# in /mirror/merlin/dev need to create null random urandom with mknod
- name: create second merlin.sock symlink
file:
src: "/mirror/merlin/merlin.sock"
dest: "/home/mirror/merlin/merlin.sock"
owner: root
group: root
state: link
# might not need the root/merlin/(bin|dev|run) and just make the empty dirs
# where does arthur come from?
# TODO: copy over merlin.service and start/enable service
# this will create /mirror/merlin/run/merlin.sock

@ -1,12 +1,12 @@
---
- name: Install nginx
- name: install nginx
apt:
name: nginx
state: present
update_cache: true
- name: Start nginx service
service:
- name: start nginx
systemd:
name: nginx
state: started
@ -39,16 +39,18 @@
group: root
mode: "0755"
- name: Find all files in sites-available
find:
paths: /etc/nginx/sites-available
register: sites
- name: Link to sites-enabled
file:
src: "{{ item.path }}"
path: "/etc/nginx/sites-enabled/{{ item.path | basename }}"
state: link
with_items: "{{ sites.files }}"
- name: enable debian.conf and mirror.conf
# noqa deprecated-command-syntax
command:
cmd: "ln -s ../sites-available/{{ item }} {{ item }}"
chdir: "/etc/nginx/sites-enabled"
creates: "/etc/nginx/sites-enabled/{{ item }}"
loop:
- debian.conf
- mirror.conf
# restart nginx service
- name: restart and enable nginx
systemd:
name: nginx
state: restarted
enabled: yes

@ -1,22 +0,0 @@
Will not copy ssl certs (dev env will not support ssl?)
```
mime.types ->
/etc/nginx/mime.types
```
```
nginx.conf ->
/etc/nginx/nginx.conf
```
```
includes/ ->
/etc/nginx/includes/
```
```
sites-available/ ->
/etc/nginx/sites-available/
```
To enable the sites
```
ln -s /etc/nginx/sites-available/debian.conf /etc/nginx/sites-enabled/
ln -s /etc/nginx/sites-available/mirror.conf /etc/nginx/sites-enabled/
```

@ -4,19 +4,24 @@
state: present
update_cache: yes
- name: start rsync
systemd:
name: rsync
state: started
- name: copy rsync configs
template:
copy:
src: "{{ role_path }}/templates/{{ item.src }}"
dest: /etc/{{ item.dest }}
owner: root
group: root
mode: "0644"
loop:
- { src: "rsyncd.conf.j2", dest: "rsyncd.conf" }
- { src: "rsyncd-filter.conf.j2", dest: "rsyncd-filter.conf" }
- { src: "rsyncd.conf", dest: "rsyncd.conf" }
- { src: "rsyncd-filter.conf", dest: "rsyncd-filter.conf" }
- name: enable and start rsync daemon
- name: restart and enable rsync
systemd:
name: rsync
enabled: true
state: started
state: restarted
enabled: true

@ -1,4 +1,4 @@
- name: ensure groups are created
- name: create groups
group:
name: "{{ item.group }}"
gid: "{{ item.gid }}"
@ -9,7 +9,7 @@
- { group: syscom, gid: 10001 }
- { group: csc-mirror, gid: 10014 }
- name: ensure users are created
- name: create users
user:
name: "{{ item.user }}"
shell: "{{ item.shell }}"
@ -34,14 +34,21 @@
# why are the file permissions like this?
- name: create /mirror and /mirror/merlin
- name: create /mirror
file:
path: /mirror
state: directory
owner: root
group: root
mode: "0755"
- name: create /mirror/merlin
file:
path: /mirror/merlin
state: directory
owner: root
group: root
mode: "0755"
recurse: yes
- name: create /mirror/root
file:
@ -51,10 +58,9 @@
group: syscom
mode: "0775"
# only .cscmirror1 is owned by mirror:mirror
# .cscmirror(2|3) is owned by root:root
- name: create zfs mountpoint
# inconsistency: only .cscmirror1 is owned by mirror
# .cscmirror(2|3) is owned by root
file:
path: /mirror/root/.cscmirror
state: directory
@ -87,7 +93,7 @@
- /dev/vde
- /dev/vdf
- name: concatenate disks into single line
- name: join disk pathes onto one line
set_fact:
disk_arg: "{{ disks | join(' ') }}"
@ -106,6 +112,6 @@
{{ disk_arg }}
when: zpool_exists.rc != 0
# mount all zpools
# zfs mount -a
# may need to mount it (also check that it will automount on boot)
# - name: mount zool
# command: zfs mount -a
# when: zpool_exists.rc != 0
Loading…
Cancel
Save