Role za registrator bi moral delovati na fresh alpine installu

2025-07-30 17:11:37 +02:00 · 2025-07-30 17:11:37 +02:00 · d5b6fe1d92
commit d5b6fe1d92
parent 57923a51ad
2 changed files with 69 additions and 11 deletions
--- a/roles/registrator/tasks/main.yml
+++ b/roles/registrator/tasks/main.yml
@ -58,17 +58,41 @@
    dest: /home/registrator/registrator
    force: yes

+- name: Create log/data/config directories
+  file:
+    dest: "/home/registrator/{{ item }}"
+    owner: registrator
+    state: directory
+  loop:
+    - data
+    - logs
+    - spool
+    - registrator/spool
+
+- name: Create config directory
+  file:
+    dest: "/home/registrator/registrator/conf"
+    owner: registrator 
+    group: www-data
+    state: directory
+    mode: 0750
+
 - name: Configure registrator settings
  template:
    dest: "/home/registrator/registrator/conf/{{ item }}"
    src: "{{ item }}.j2"
    owner: registrator
-    group: registrator
-    mode: 0600
+    group: www-data
+    mode: 0640
    force: no
  loop:
    - loginconf.php

+- name: Enable site for Apache
+  template:
+    dest: "/etc/apache2/conf.d/zzz-{{ dns_name }}.conf"
+    src: "zzz-registrator.conf.j2"
+
 - name: Create utility / cronjob scripts
  copy:
    dest: "/home/registrator/{{ item }}"
@ -81,15 +105,6 @@
    - push_siemens_to_spica.sh
    - garaze_racunovodstvo.sh

- name: Create log/data directories
-  file:
-    dest: "/home/registrator/{{ item }}"
-    owner: registrator
-  loop:
-    - data
-    - logs
-    - spool
-
 - name: Create garaze config
  copy:
    dest: "/home/registrator/garaze_recipients.txt"
--- a/roles/registrator/templates/zzz-registrator.conf.j2
+++ b/roles/registrator/templates/zzz-registrator.conf.j2
@ -0,0 +1,43 @@
+<IfModule mod_ssl.c>
+<Virtualhost *:443>
+DocumentRoot /home/registrator/registrator
+<Directory "/home/registrator/registrator">
+    #
+    # Possible values for the Options directive are "None", "All",
+    # or any combination of:
+    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+    #
+    # Note that "MultiViews" must be named *explicitly* --- "Options All"
+    # doesn't give it to you.
+    #
+    # The Options directive is both complicated and important.  Please see
+    # http://httpd.apache.org/docs/2.4/mod/core.html#options
+    # for more information.
+    #
+    Options Indexes FollowSymLinks
+
+    #
+    # AllowOverride controls what directives may be placed in .htaccess files.
+    # It can be "All", "None", or any combination of the keywords:
+    #   AllowOverride FileInfo AuthConfig Limit
+    #
+    AllowOverride None
+
+    #
+    # Controls who can get stuff from this server.
+    #
+    AuthType openid-connect
+    Require valid-user
+</Directory>
+
+ServerName {{ dns_name }}
+Include /etc/letsencrypt/options-ssl-apache.conf
+SSLCertificateFile /etc/letsencrypt/live/{{dns_name}}/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/{{dns_name}}/privkey.pem
+</Virtualhost>
+</IfModule>
+<IfModule mod_ssl.c>
+<Virtualhost *:80>
+ServerName {{ dns_name }}
+</Virtualhost>
+</IfModule>