change: remove web1 & add signal

playbook.yaml

@@ -9,10 +9,9 @@
     - { role : zabbix-agent,      tags : [ "zabbix-agent" ] }
     - { role : iptables,          tags : [ "iptables" ] }
 
-- hosts: web1
+- hosts: signal
   roles:
-    - { role : web1, tags : [ "web1" ] }
-    - { role : media, tags : [ "media" ] }
+    - { role : signal, tags : [ "signal" ] }
 
 - hosts: mail
   roles:

roles/media/files/htpasswd

@@ -1,2 +0,0 @@
-kathi:$y$j9T$HISTORY_PURGED_SECRET
-sheppy:$y$HISTORY_PURGED_SECRET

roles/media/files/nginx_media.conf

@@ -1,28 +0,0 @@
-map $http_x_nginx_cert_auth $basic_auth_val {
-    default "private";
-    true off;
-} 
-
-server {
-
-
-    autoindex on;
-    autoindex_localtime on;
-
-    listen 8000;
-    root /var/www/media;
-
-    add_header Vary Accept-Encoding;
-    add_header Access-Control-Allow-Origin $http_origin;
-
-    location /videos/{
-        default_type video/mp4;
-        limit_rate 2m;
-        autoindex on;
-    }
-
-    location /auth/{
-        auth_basic $basic_auth_val;
-        auth_basic_user_file /etc/nginx/htpasswd;
-    }
-}

roles/media/tasks/main.yaml

@@ -1,17 +0,0 @@
-- name: Install Nginx
-  apt:
-    pkg:
-      - nginx
-    state: present
-
-- name: Deploy nginx-config (page)
-  copy:
-    src: nginx_media.conf
-    dest: /etc/nginx/sites-available/media.conf
-  notify: restart nginx
-
-- name: Deploy nginx basic auth file
-  copy:
-    src: htpasswd
-    dest: /etc/nginx/
-  notify: restart nginx

roles/signal/tasks/main.yaml

@@ -0,0 +1,7 @@
+- name: event poller cronjob
+  cron:
+    user: sheppy
+    hour: "*"
+    minute: "*"
+    name: Poll Notifications from Dispatch (signal)
+    job: "/home/sheppy/signal-http-gateway/signal-query-dispatch.py --target {{ event_dispatcher_address }} --user {{ event_dispatcher_user }} --password {{ event_dispatcher_pass }} --signal-cli-bin /home/sheppy/signal-cli/bin/signal-cli"

roles/web1/files/sls_config.py

@@ -1 +0,0 @@
-SQLALCHEMY_DATABASE_URI = "sqlite:///database.sqlite"

roles/web1/handlers/main.yaml

@@ -1,19 +0,0 @@
-- name: systemctl restart image-factory
-  systemd:
-    name: image-factory
-    state: restarted
-
-- name: systemctl restart serien-ampel
-  systemd:
-    name: serien-ampel
-    state: restarted
-
-- name: systemctl restart simple-log-server
-  systemd:
-    name: simple-log-server
-    state: restarted
-
-- name: systemctl restart soundlib-interface
-  systemd:
-    name: soundlib-interface
-    state: restarted

roles/web1/meta/main.yml

@@ -1,2 +0,0 @@
-dependencies:
-    - global-handlers

roles/web1/tasks/main.yaml

@@ -1,141 +0,0 @@
-- name: Include service variables
-  include_vars: services.yaml
-
-- name: Install apt packages
-  apt:
-    pkg:
-        - libyaml-dev
-
-- name: Install python packages
-  pip:
-    name: 
-      - itsdangerous==2.0.1
-      - flask
-      - flask-login
-      - flask-oidc
-      - Flask-SQLAlchemy
-      - MarkupSafe
-      - Pillow
-      - docker-compose
-      - waitress
-    extra_args: --break-system-packages
-
-- name: fix dumb flask oidc scheme bug
-  lineinfile:
-    path: /usr/local/lib/python3.9/dist-packages/flask_oidc/__init__.py
-    regex: "            flow\\.redirect_uri = url_for\\('_oidc_callback', _external=True\\)"
-    line:  "            flow.redirect_uri = url_for('_oidc_callback', _external=True, _scheme='https')"
-    backup: yes
-
-- name: Set mode /usr/local/lib/ (python libraries)
-  file:
-    path: /usr/local/lib/
-    mode: 'a+rX'
-    recurse: true
-
-- name: Clone repositories
-  git:
-    repo: https://github.com/FAUSheppy/{{ item }}.git
-    dest: "/var/www/{{ item }}"
-  become: yes
-  become_user: www-data
-  with_items:        
-    - python-flask-picture-factory
-    - simple-log-server
-
-- name: Ensure Ownership to www-data
-  file:
-    path: /var/www/{{ item }}/
-    owner: www-data
-    group: www-data
-    recurse: true
-  with_items:        
-    - python-flask-picture-factory
-    - simple-log-server
-
-- name: Deploy OIDC config (config)
-  template:
-    src: oidc_config.json.j2
-    dest: "/var/www/{{ item }}/oidc.json"
-    owner: www-data
-    group: www-data
-  with_items:
-    - python-flask-picture-factory
-    - simple-log-server
-
-- name: SLS Config
-  copy:
-    src: sls_config.py
-    dest: /var/www/simple-log-server/config.py
-    owner: www-data
-    group: www-data
-
-- name: Deploy OIDC config (client secrets)
-  template:
-    src: oidc_client_secrets.json.j2
-    dest: "/var/www/{{ item }}/oidc_client_secrets.json"
-    owner: www-data
-    group: www-data
-  with_items:
-    - python-flask-picture-factory
-    - simple-log-server
-
-- name: OAuth2Proxy directories
-  file:
-    path: "/opt/oauth2proxy/{{ item }}/"
-    state: directory
-    recurse: yes
-  with_items:
-    - python-flask-picture-factory
-    - simple-log-server
-
-- name: Deploy OAuth2Proxy compose files
-  template:
-    src: oauth-standalone-docker-compose.yaml
-    dest: "/opt/oauth2proxy/{{ item }}/docker-compose.yaml"
-  with_items:
-    - simple-log-server
-    - python-flask-picture-factory
-
-- name: Template Systemd Units
-  template:
-    src: "waitress-systemd-unit.j2"
-    dest: "/etc/systemd/system/{{ item.name }}.service"
-  with_items:
-    - { name : "python-flask-picture-factory",
-                                     path : "/var/www/python-flask-picture-factory", external_oidc : true }
-    - { name : "serien-ampel",       path : "/var/www/serien-ampel" }
-    - { name : "simple-log-server",  path : "/var/www/simple-log-server", external_oidc : true }
-  notify:
-    - daemon reload
-    - systemctl restart image-factory
-    - systemctl restart serien-ampel
-    - systemctl restart simple-log-server
-
-- meta: flush_handlers
-
-- name: Deploy OAuth2Proxy
-  community.docker.docker_compose:
-    project_src: /opt/oauth2proxy/{{ item }}/
-    pull: true
-  with_items:
-    - simple-log-server
-    - python-flask-picture-factory
-
-- name: Enable and Start Systemd Units
-  systemd:
-    name: "{{ item }}"
-    enabled: yes
-    state: started
-  with_items:
-    - python-flask-picture-factory
-    - serien-ampel
-    - simple-log-server
-
-- name: event poller cronjob
-  cron:
-    user: sheppy
-    hour: "*"
-    minute: "*"
-    name: Poll Notifications from Dispatch (signal)
-    job: "/home/sheppy/signal-http-gateway/signal-query-dispatch.py --target {{ event_dispatcher_address }} --user {{ event_dispatcher_user }} --password {{ event_dispatcher_pass }} --signal-cli-bin /home/sheppy/signal-cli/bin/signal-cli"