Merge branch 'webserver-2' into 'master'

Webserver neu mit Debian Stretch aufgesetzt See merge request !7

Merge branch 'webserver-2' into 'master'
Webserver neu mit Debian Stretch aufgesetzt See merge request !7
4ec90444 · void · e4e084ac · 5efecfac · 4ec90444 · 4ec90444
Commit 4ec90444 authored 7 years ago by void
--- a/host_vars/webserver
+++ b/host_vars/webserver
@@ -3,16 +3,17 @@

 motd_lines: 
  - "Webserver"
-  - "Öffentliche IPs: {{ansible_eth0.ipv4.address}} / {{ansible_eth0.ipv6[0].address}}"
+  - "Öffentliche IPs: {{ansible_ens3.ipv4.address}} / {{ansible_ens3.ipv6[0].address}}"

 debian_sources: 
-  - "deb http://ftp.halifax.rwth-aachen.de/debian/ jessie main contrib non-free"
-  - "deb http://security.debian.org/ jessie/updates main contrib non-free"
-  - "deb http://ftp.de.debian.org/debian/ jessie-updates main"
-  - "deb http://ftp.halifax.rwth-aachen.de/debian/ jessie-updates main contrib non-free"
-  - "deb http://apt.dockerproject.org/repo debian-jessie main"
+  - "deb http://ftp.halifax.rwth-aachen.de/debian/ stretch main contrib non-free"
+  - "deb http://security.debian.org/ stretch/updates main contrib non-free"
+  - "deb http://ftp.de.debian.org/debian/ stretch-updates main"
+  - "deb http://ftp.halifax.rwth-aachen.de/debian/ stretch-updates main contrib non-free"
+  - "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable"

 debian_keys:
+  - "https://download.docker.com/linux/debian/gpg"

 borgbackup_weekday: "*"
 borgbackup_hour: "4"

--- a/webserver/docker/tasks/main.yml
+++ b/webserver/docker/tasks/main.yml
@@ -11,13 +11,12 @@
    update_cache: yes
    state: installed
  with_items:
-    - docker-engine
+    - docker-ce
    - python 
    - python-pip
    
 - name: install pip packages
  pip: 
-    name: docker-py 
-    version: 1.7.2
+    name: docker-compose
+    version: 1.15.0
    state: present
-
--- a/webserver/openvpn/handlers/main.yml
+++ b/webserver/openvpn/handlers/main.yml
 ---
 - name: restart openvpn
-  service: name=openvpn state=restarted
+  service: name=openvpn-client@warpzone.service state=restarted
--- a/webserver/openvpn/tasks/main.yml
+++ b/webserver/openvpn/tasks/main.yml
@@ -7,13 +7,27 @@
  with_items:
    - openvpn

+# Log-Verzeichnis erstellen 
+
+- name: create folder struct for openvpn
+  file:
+    path: "/var/log/openvpn/"
+    state: "directory"
+
 # Konfigurationsdateien erstellen (ohne Keys)

 - name: Konfiguration erstellen 
-  template: src=warpzone.conf dest=/etc/openvpn/warpzone.conf
+  template: src=warpzone.conf dest=/etc/openvpn/client/warpzone.conf
  notify: restart openvpn

 - name: Konfiguration erstellen 
-  template: src=warpzone-up.sh dest=/etc/openvpn/warpzone-up.sh mode=o+x
+  template: src=warpzone-up.sh dest=/etc/openvpn/client/warpzone-up.sh mode=o+x
  notify: restart openvpn

+# Enable service 
+
+- name: enable openvpn systemd servise 
+  systemd:
+    name: openvpn-client@warpzone.service
+    state: started
+    enabled: True
--- a/webserver/openvpn/templates/warpzone.conf
+++ b/webserver/openvpn/templates/warpzone.conf
@@ -9,9 +9,12 @@ client
 resolv-retry infinite
 remote 212.124.34.242 1195 udp
 verify-x509-name "OpenVPN Server" name
-pkcs12 /etc/openvpn/warpzone.p12
-tls-auth /etc/openvpn/warpzone.key 1
+pkcs12 /etc/openvpn/client/warpzone.p12
+tls-auth /etc/openvpn/client/warpzone.key 1
 comp-lzo adaptive

 script-security 2
-up /etc/openvpn/warpzone-up.sh
+up /etc/openvpn/client/warpzone-up.sh
+
+log /var/log/openvpn/warpzone.log
+verb 3