aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoransible_admin <capsul@cyberia.club>2021-01-18 23:29:27 +0000
committeransible_admin <capsul@cyberia.club>2021-01-18 23:29:27 +0000
commit1794336e13e992f25d5eb55364a86d4419c9561f (patch)
treedb4070e48f862b4cb216895c7a1880b5ff3708a5
parent402f26a7aebefc2d0bd402f31b3771bb0d30e4ef (diff)
downloadops-handbook-1794336e13e992f25d5eb55364a86d4419c9561f.tar.gz
ops-handbook-1794336e13e992f25d5eb55364a86d4419c9561f.tar.bz2
all sorts of shit
remove magnataur fix tls certs bug add comet add owncast skeleton
-rw-r--r--ansible/files/comet.cyberia.club/nginx/prometheus.cyberia.club.conf22
-rw-r--r--ansible/group_vars/streamservers4
-rw-r--r--ansible/hosts7
-rw-r--r--ansible/roles/owncast/tasks/main.yml25
-rw-r--r--ansible/site.yml1
-rw-r--r--builds/daily/capsul-alpine-3.13.yaml36
6 files changed, 92 insertions, 3 deletions
diff --git a/ansible/files/comet.cyberia.club/nginx/prometheus.cyberia.club.conf b/ansible/files/comet.cyberia.club/nginx/prometheus.cyberia.club.conf
new file mode 100644
index 0000000..c5f6556
--- /dev/null
+++ b/ansible/files/comet.cyberia.club/nginx/prometheus.cyberia.club.conf
@@ -0,0 +1,22 @@
+server {
+ listen 80;
+ server_name stream.cyberia.club;
+ include /etc/nginx/snippets/letsencrypt.conf;
+ location / {
+ return 302 https://stream.cyberia.club/;
+ }
+}
+
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ server_name stream.cyberia.club;
+ include /etc/nginx/snippets/ssl.conf;
+ ssl_certificate /etc/ssl/uacme/stream.cyberia.club/cert.pem;
+ ssl_certificate_key /etc/ssl/uacme/private/stream.cyberia.club/key.pem;
+
+ location / {
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_pass http://localhost:8080;
+ }
+}
diff --git a/ansible/group_vars/streamservers b/ansible/group_vars/streamservers
new file mode 100644
index 0000000..93be110
--- /dev/null
+++ b/ansible/group_vars/streamservers
@@ -0,0 +1,4 @@
+---
+
+tls_certs:
+ - stream.cyberia.club
diff --git a/ansible/hosts b/ansible/hosts
index cc33f0a..9964f1e 100644
--- a/ansible/hosts
+++ b/ansible/hosts
@@ -19,8 +19,11 @@ rosewater.cyberia.club
[mailservers]
domechild.cyberia.club
-[btcpayservers]
-magnataur.cyberia.club
+# [btcpayservers]
+# magnataur.cyberia.club
+
+[streamservers]
+comet.cyberia.club
# external
diff --git a/ansible/roles/owncast/tasks/main.yml b/ansible/roles/owncast/tasks/main.yml
new file mode 100644
index 0000000..2ea48ef
--- /dev/null
+++ b/ansible/roles/owncast/tasks/main.yml
@@ -0,0 +1,25 @@
+---
+- name: Add deps
+ package:
+ name: "{{ item }}"
+ state: present
+ with_items:
+ - ffmpeg
+ - git
+ - go
+
+- name: Start and enable owncast
+ service:
+ name: "{{ item }}"
+ state: started
+ enabled: yes
+ with_items:
+ - owncast
+
+- name: Allow RTMP traffic
+ iptables:
+ chain: INPUT
+ protocol: tcp
+ source: "{{ item }}"
+ destination_port: '1935'
+ jump: ACCEPT
diff --git a/ansible/site.yml b/ansible/site.yml
index 63ca239..d1d6710 100644
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -16,7 +16,6 @@
- nginx-custom-configs
- nginx
-
- name: setup DBServer
hosts: dbservers
become: true
diff --git a/builds/daily/capsul-alpine-3.13.yaml b/builds/daily/capsul-alpine-3.13.yaml
new file mode 100644
index 0000000..66eaafc
--- /dev/null
+++ b/builds/daily/capsul-alpine-3.13.yaml
@@ -0,0 +1,36 @@
+# this builds the capsul alpine 3.13 template
+image: alpine/edge
+packages:
+ - e2fsprogs
+ - qemu-img
+ - qemu-system-x86_64
+ - rsync
+environment:
+ version: 3.13
+ slaves:
+ - deploy@baikal.cyberia.club
+sources:
+ - https://git.cyberia.club/services/capsul-images
+secrets:
+ # deploy@baikal.cyberia.club
+ - aac6b8d1-65c1-4d7f-862f-094716b800e3
+triggers:
+ - action: email
+ condition: failure
+ to: ops <ops@cyberia.club>
+tasks:
+ - genimg: |
+ cd capsul-images/alpine
+ sudo ./build $version
+ - deploy: |
+ cd capsul-images/alpine
+ echo "StrictHostKeyChecking=no" >> ~/.ssh/config
+ for server in "${slaves[@]}"
+ do
+ ssh $server mkdir -p /tank/img/alpine/$version
+ rsync -rzP $version/root.img.qcow2 \
+ ${server}:/tank/img/alpine/$version/new_root.img.qcow2
+ ssh $server \
+ mv /tank/img/alpine/$version/new_root.img.qcow2 \
+ /tank/img/alpine/$version/root.img.qcow2
+ done