Add role service-nginx-firmware

2017-10-27 11:41:00 +02:00 · 2017-10-27 11:41:00 +02:00 · dc146df5f7
parent 545162a46f
commit dc146df5f7
6 changed files with 121 additions and 0 deletions
--- a/roles/service-nginx-firmware/README.md
+++ b/roles/service-nginx-firmware/README.md
@ -0,0 +1,22 @@
+# Ansible role service-nginx-firmware
+
+Diese Ansible role konfiguriert die Firmware Synchronisation und die erforderlichen nginx vHosts.
+
+- verwaltet `/var/www/html/firmware`
+- installiert und konfiguriert den systemd timer firmware-sync
+- schreibt firmware.conf
+
+## Benötigte Variablen
+
+- Variable `http_domain_external` # string: Externe Freifunk MWU Domain
+- Variable `http_domain_internal` # string: Interne Freifunk MWU Domain
+- Dictionary `meshes`
+´´´
+meshes:
+  - id: xx
+...
+    site_name: # string
+...
+    http_domain_external: # string: Externe Mesh Domain
+    http_domain_internal: # string: Interne Mesh Domain
+´´´
--- a/roles/service-nginx-firmware/meta/main.yml
+++ b/roles/service-nginx-firmware/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: service-nginx }
--- a/roles/service-nginx-firmware/tasks/main.yml
+++ b/roles/service-nginx-firmware/tasks/main.yml
@ -0,0 +1,41 @@
+---
+- name: manage firmware directory
+  file:
+    path: /var/www/html/firmware
+    state: directory
+    mode: 0755
+    owner: www-data
+    group: www-data
+
+- name: write systemd unit firmware-sync.service
+  template:
+    src: firmware-sync.service.j2
+    dest: /etc/systemd/system/firmware-sync.service
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload systemd
+
+- name: write systemd timer firmware-sync.timer
+  template:
+    src: firmware-sync.timer.j2
+    dest: /etc/systemd/system/firmware-sync.timer
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload systemd
+
+- name: configure systemd unit/timer firmware-sync
+  systemd:
+    name: firmware-sync.timer
+    enabled: yes
+    state: started
+
+- name: write firmware.conf
+  template:
+    src: firmware_vhost.conf.j2
+    dest: /etc/nginx/conf.d/firmware.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload nginx
--- a/roles/service-nginx-firmware/templates/firmware-sync.service.j2
+++ b/roles/service-nginx-firmware/templates/firmware-sync.service.j2
@ -0,0 +1,11 @@
+#
+# {{ ansible_managed }}
+#
+[Unit]
+Description=Synchronize Freifunk MWU Firmware directory
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/rsync -avh4 --delete rsync://milchreis.freifunk-mwu.de:873/firmware /var/www/html/firmware
+User=www-data
+Group=www-data
--- a/roles/service-nginx-firmware/templates/firmware-sync.timer.j2
+++ b/roles/service-nginx-firmware/templates/firmware-sync.timer.j2
@ -0,0 +1,12 @@
+#
+# {{ ansible_managed }}
+#
+[Unit]
+Description=Timer which schedules firmware-sync.service
+
+[Timer]
+OnBootSec=30min
+OnUnitActiveSec=10min
+
+[Install]
+WantedBy=timers.target
--- a/roles/service-nginx-firmware/templates/firmware_vhost.conf.j2
+++ b/roles/service-nginx-firmware/templates/firmware_vhost.conf.j2
@ -0,0 +1,32 @@
+server {
+    listen 80;
+    server_name firmware.{{ http_domain_internal }} firmware.{{ http_domain_external }};
+
+    charset utf-8;
+    server_tokens off;
+
+    root /var/www/html/firmware;
+    location / {
+        autoindex on;
+        autoindex_exact_size off;
+    }
+}
+
+{% for mesh in meshes %}
+server {
+    listen 80;
+    server_name firmware.{{ mesh.http_domain_internal }} firmware.{{ mesh.http_domain_external }};
+
+    charset utf-8;
+    server_tokens off;
+
+    root /var/www/html/firmware/{{ mesh.site_name.lower() }};
+    location / {
+        autoindex on;
+        autoindex_exact_size off;
+    }
+}
+{% if not loop.last %}
+
+{% endif %}
+{% endfor %}