From 463234850908793974c728dbc80f0e2aa74708cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonah=20Br=C3=BCchert?= Date: Fri, 16 Feb 2024 11:10:42 +0100 Subject: [PATCH] ansible: Make domain configurable --- ansible/hosts | 6 +-- ansible/roles/motis/files/config.ini | 1 + ansible/roles/motis/tasks/main.yml | 2 +- .../files/api.transitous.jbb.ghsq.de.conf | 21 ---------- .../nginx/files/transitous.jbb.ghsq.de.conf | 29 ------------- ansible/roles/nginx/tasks/main.yml | 41 +++---------------- .../roles/nginx/templates/transitous.conf.j2 | 28 +++++++++++++ 7 files changed, 37 insertions(+), 91 deletions(-) delete mode 100644 ansible/roles/nginx/files/api.transitous.jbb.ghsq.de.conf delete mode 100644 ansible/roles/nginx/files/transitous.jbb.ghsq.de.conf create mode 100644 ansible/roles/nginx/templates/transitous.conf.j2 diff --git a/ansible/hosts b/ansible/hosts index 19aac763..aa0005b2 100644 --- a/ansible/hosts +++ b/ansible/hosts @@ -7,7 +7,5 @@ motis: spline-vm-motis: ansible_user: root ansible_host: vm-motis.spline.de - cert_domains: - - transitous.jbb.ghsq.de - - api.transitous.jbb.ghsq.de - email: jbb@kaidan.im + transitous_nginx_site_include_extra: /etc/ssl/routing.spline.inf.fu-berlin.de/include.nginx + transitous_domain: routing.spline.de diff --git a/ansible/roles/motis/files/config.ini b/ansible/roles/motis/files/config.ini index 92e2b241..3968f56b 100644 --- a/ansible/roles/motis/files/config.ini +++ b/ansible/roles/motis/files/config.ini @@ -20,6 +20,7 @@ host=127.0.0.1 [import] #paths=osm:europe-latest.osm.pbf paths=osm:berlin-latest.osm.pbf +paths=schedule-de-longdistance:de-longdistance.fixed.zip paths=schedule-de-berlin:vbb.fixed.zip paths=schedule-lv-pv:pv.zip paths=schedule-lv-rigas-satiksme:improved-gtfs-satiksme.zip diff --git a/ansible/roles/motis/tasks/main.yml b/ansible/roles/motis/tasks/main.yml index 7ad495dd..2e250ad6 100644 --- a/ansible/roles/motis/tasks/main.yml +++ b/ansible/roles/motis/tasks/main.yml @@ -8,7 +8,7 @@ - name: Unpack MOTIS unarchive: - src: https://github.com/motis-project/motis/releases/download/v0.11.16/motis-linux-amd64.tar.bz2 + src: https://github.com/motis-project/motis/releases/download/v0.11.17/motis-linux-amd64.tar.bz2 dest: /opt/ remote_src: yes diff --git a/ansible/roles/nginx/files/api.transitous.jbb.ghsq.de.conf b/ansible/roles/nginx/files/api.transitous.jbb.ghsq.de.conf deleted file mode 100644 index 96abcea6..00000000 --- a/ansible/roles/nginx/files/api.transitous.jbb.ghsq.de.conf +++ /dev/null @@ -1,21 +0,0 @@ -# SPDX-FileCopyrightText: 2024 Jonah Brüchert -# -# SPDX-License-Identifier: AGPL-3.0-or-later - -server { - #listen 443 http2 ssl; - #listen [::]:443 http2 ssl; - listen 80; - listen [::]:80; - - server_name api.transitous.jbb.ghsq.de; - - # For certbot - location ^~ /.well-known/acme-challenge/ { - root /var/www/html/; - } - - location / { - proxy_pass http://localhost:8080; - } -} diff --git a/ansible/roles/nginx/files/transitous.jbb.ghsq.de.conf b/ansible/roles/nginx/files/transitous.jbb.ghsq.de.conf deleted file mode 100644 index 7ed54102..00000000 --- a/ansible/roles/nginx/files/transitous.jbb.ghsq.de.conf +++ /dev/null @@ -1,29 +0,0 @@ -# SPDX-FileCopyrightText: 2024 Jonah Brüchert -# -# SPDX-License-Identifier: AGPL-3.0-or-later - -server { - #listen 443 http2 ssl; - #listen [::]:443 http2 ssl; - listen 80; - listen [::]:80; - - server_name transitous.jbb.ghsq.de; - - # For certbot - location ^~ /.well-known/acme-challenge/ { - root /var/www/html/; - } - - location ~ ^/$ { - if ($arg_motis != https%3A%2F%2Fapi.transitous.jbb.ghsq.de) { - return 301 https://$host?motis=https%3A%2F%2Fapi.transitous.jbb.ghsq.de; - } - - root /opt/motis/web/; - } - - location / { - root /opt/motis/web/; - } -} diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml index dd8ec7e6..f6e83b72 100644 --- a/ansible/roles/nginx/tasks/main.yml +++ b/ansible/roles/nginx/tasks/main.yml @@ -10,31 +10,6 @@ systemd: name: nginx.service state: started -# -# - name: Install certbot -# apt: -# name: certbot -# -# - name: Check if certificate already exists. -# stat: -# path: /etc/letsencrypt/live/{{ cert_domains | first | replace('*.', '') }}/cert.pem -# register: letsencrypt_cert -# -# - name: Generate new certificate if one doesn't exist. -# command: >- -# certbot certonly --noninteractive --agree-tos --dry-run -# --email {{ email }} -# -w /var/www/html/ -# -d {{ cert_domains | join(',') }} -# --webroot -# --expand -# when: not letsencrypt_cert.stat.exists -# -# - name: Enable automatic certificate renewal -# service: -# name: certbot.timer -# enabled: true -# masked: false - name: Install nginx config copy: @@ -42,12 +17,9 @@ dest: /etc/nginx/nginx.conf - name: Install site config - copy: - src: "{{ item }}.conf" - dest: "/etc/nginx/sites-available/{{ item }}.conf" - with_items: - - transitous.jbb.ghsq.de - - api.transitous.jbb.ghsq.de + template: + src: "transitous.conf.j2" + dest: "/etc/nginx/sites-available/transitous.conf" - name: Disable default site configuration file: @@ -56,12 +28,9 @@ - name: Enable nginx sites file: - src: "/etc/nginx/sites-available/{{ item }}.conf" - dest: "/etc/nginx/sites-enabled/{{ item }}.conf" + src: "/etc/nginx/sites-available/transitous.conf" + dest: "/etc/nginx/sites-enabled/transitous.conf" state: link - with_items: - - transitous.jbb.ghsq.de - - api.transitous.jbb.ghsq.de - name: Reload nginx systemd: diff --git a/ansible/roles/nginx/templates/transitous.conf.j2 b/ansible/roles/nginx/templates/transitous.conf.j2 new file mode 100644 index 00000000..5cfb3458 --- /dev/null +++ b/ansible/roles/nginx/templates/transitous.conf.j2 @@ -0,0 +1,28 @@ +# SPDX-FileCopyrightText: 2024 Jonah Brüchert +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +server { + listen 443 http2 ssl; + listen [::]:443 http2 ssl; + + include '{{ transitous_nginx_site_include_extra }}'; + + server_name {{ transitous_domain }}; + + location ~ ^/$ { + if ($arg_motis != https%3A%2F%2F{{ transitous_domain }}%2Fapi) { + return 301 https://$host?motis=https%3A%2F%2F{{ transitous_domain }}%2Fapi; + } + + root /opt/motis/web/; + } + + location / { + root /opt/motis/web/; + } + + location /api/ { + proxy_pass http://localhost:8080/; + } +}