add files from infra-misc
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
parent
d4f4bcafac
commit
7a901c0191
|
@ -0,0 +1,38 @@
|
|||
# Description
|
||||
|
||||
This is a deployment [Conan](https://conan.io/) server, which is a decentralized and multi-platform
|
||||
package manager.
|
||||
|
||||
# Details
|
||||
|
||||
Conan runs as a container on the host and exposes port `9300` which is the proxied via Nginx to regular HTTPS via `443`.
|
||||
|
||||
The backups are generated __TODO__ and uploaded to a Digital Ocean space. For configuration details see [`defaults/main.yml`](./defaults/main.yml).
|
||||
|
||||
# Usage
|
||||
|
||||
Simply point Conan at the HTTPS endpoint:
|
||||
```bash
|
||||
conan remote add status-repo https://conan.status.im/
|
||||
```
|
||||
And add your user for repo access:
|
||||
```bash
|
||||
% conan user admin --remote=status-repo [11/01/18 13:55:04]
|
||||
Please enter a password for "admin" account:
|
||||
Changed user of remote 'status-repo' from 'None' (anonymous) to 'admin'
|
||||
```
|
||||
|
||||
# Docker Image
|
||||
|
||||
The image used is custom because we wanted to use GUnicorn for hosting the server
|
||||
It comes from the [`infra-utils`](https://github.com/status-im/infra-utils/tree/master/conan) repo.
|
||||
|
||||
# Documentation
|
||||
|
||||
* https://hub.docker.com/r/cguenther/conan-server/
|
||||
* https://docs.conan.io/en/latest/uploading_packages/running_your_server.html
|
||||
* https://docs.conan.io/en/latest/uploading_packages/uploading_to_remotes.html
|
||||
|
||||
# Known Issues
|
||||
|
||||
* Backups of repo
|
|
@ -0,0 +1,23 @@
|
|||
---
|
||||
# Ghost settings
|
||||
conan_domain: 'conan.status.im'
|
||||
conan_cont_image: 'statusteam/conan:latest'
|
||||
conan_cont_name: 'conan-server'
|
||||
conan_cont_port: 9300
|
||||
conan_cont_workers: 4
|
||||
conan_cont_timeout: 300
|
||||
conan_cont_vol: '/docker/{{ conan_cont_name }}'
|
||||
conan_max_upload: 800m
|
||||
# container specific settings
|
||||
conan_cont_home: '/root/.conan_server'
|
||||
|
||||
conan_users:
|
||||
- name: admin
|
||||
pass: '{{lookup("passwordstore", "services/conan/admin-pass")}}'
|
||||
write: true
|
||||
- name: status
|
||||
pass: '{{lookup("passwordstore", "services/conan/status-pass")}}'
|
||||
write: true
|
||||
- name: test
|
||||
pass: test
|
||||
write: false
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
- name: Save iptables rules
|
||||
shell: iptables-save > /etc/iptables/rules.v4
|
||||
|
||||
- name: reload nginx
|
||||
service: name=nginx state=reloaded
|
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
- name: 'Create directories for {{ conan_cont_name }}'
|
||||
file:
|
||||
path: '{{ conan_cont_vol }}/{{ item }}'
|
||||
state: directory
|
||||
owner: 'dockremap'
|
||||
recurse: true
|
||||
with_items:
|
||||
- 'conf'
|
||||
- 'data'
|
||||
|
||||
- name: 'Generate the {{ conan_cont_name }} config'
|
||||
template:
|
||||
src: server.conf.j2
|
||||
dest: '{{ conan_cont_vol }}/conf/server.conf'
|
||||
owner: 'dockremap'
|
||||
register: config
|
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
- name: Consul service definition
|
||||
include_role: name=consul-service
|
||||
vars:
|
||||
consul_config_name: '{{ conan_cont_name }}'
|
||||
consul_services:
|
||||
- id: '{{ conan_cont_name }}'
|
||||
name: '{{ conan_cont_name }}'
|
||||
port: '{{ conan_cont_port }}'
|
||||
address: 'localhost'
|
||||
tags: ['{{ env }}.{{ stage }}', 'conan', 'repo']
|
||||
checks:
|
||||
- id: '{{ conan_cont_name }}-health'
|
||||
type: http
|
||||
http: 'http://localhost:{{ conan_cont_port }}/v2/ping'
|
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
- name: 'Start container: {{ conan_cont_name }}'
|
||||
docker_container:
|
||||
name: '{{ conan_cont_name }}'
|
||||
image: '{{ conan_cont_image }}'
|
||||
pull: true
|
||||
restart_policy: always
|
||||
state: '{{ cont_state }}'
|
||||
recreate: '{{ cont_recreate }}'
|
||||
restart: '{{ config.changed | default(cont_restart) }}'
|
||||
ports:
|
||||
- '{{ conan_cont_port }}:{{ conan_cont_port }}'
|
||||
env:
|
||||
CONAN_PORT: '{{ conan_cont_port | string }}'
|
||||
CONAN_WORKERS: '{{ conan_cont_workers | string }}'
|
||||
CONAN_TIMEOUT: '{{ conan_cont_timeout | string }}'
|
||||
volumes:
|
||||
- '{{ conan_cont_vol }}/data:{{ conan_cont_home }}/data'
|
||||
- '{{ conan_cont_vol }}/conf/server.conf:{{ conan_cont_home }}/server.conf'
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
- name: 'Enable {{ conan_cont_name }}'
|
||||
iptables:
|
||||
comment: '{{ conan_cont_name }}'
|
||||
chain: INPUT
|
||||
jump: ACCEPT
|
||||
source: '0.0.0.0/0'
|
||||
protocol: 'tcp'
|
||||
destination_port: '{{ item }}'
|
||||
with_items:
|
||||
- 80
|
||||
- 443
|
||||
notify:
|
||||
- Save iptables rules
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
- include_tasks: config.yml
|
||||
- include_tasks: container.yml
|
||||
- include_tasks: consul.yml
|
||||
- include_tasks: proxy.yml
|
||||
- include_tasks: firewall.yml
|
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
- name: 'Template Ghost proxy config: {{ conan_cont_name }}'
|
||||
template:
|
||||
src: conan-proxy.conf.j2
|
||||
dest: '/etc/nginx/sites-available/{{ conan_cont_name }}.conf'
|
||||
notify: reload nginx
|
||||
|
||||
- name: 'Symlink Ghost proxy config: {{ conan_cont_name }}'
|
||||
file:
|
||||
src: '/etc/nginx/sites-available/{{ conan_cont_name }}.conf'
|
||||
dest: '/etc/nginx/sites-enabled/{{ conan_cont_name }}.conf'
|
||||
state: link
|
||||
notify: reload nginx
|
|
@ -0,0 +1,24 @@
|
|||
server {
|
||||
listen 80;
|
||||
server_name {{ conan_domain }};
|
||||
return 302 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
|
||||
server_name {{ conan_domain }};
|
||||
|
||||
ssl_certificate /certs/origin.crt;
|
||||
ssl_certificate_key /certs/origin.key;
|
||||
|
||||
client_max_body_size {{ conan_max_upload }};
|
||||
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://127.0.0.1:{{ conan_cont_port }}/;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,30 @@
|
|||
[server]
|
||||
updown_secret: {{lookup("passwordstore", "services/conan/updown-secret")}}
|
||||
jwt_secret: {{lookup("passwordstore", "services/conan/jwt-secret")}}
|
||||
jwt_expire_minutes: 120
|
||||
|
||||
authorize_timeout: 1800
|
||||
|
||||
# This affects actual listen port
|
||||
port: {{ conan_cont_port }}
|
||||
# These 3 affect how server advertises itself publicly
|
||||
ssl_enabled: True
|
||||
public_port: 443
|
||||
host_name: {{ conan_domain }}
|
||||
|
||||
store_adapter: disk
|
||||
# Just for disk storage adapter
|
||||
disk_storage_path: {{ conan_cont_home }}/data
|
||||
disk_authorize_timeout: 1800
|
||||
|
||||
[read_permissions]
|
||||
# By default all users can read all blocks
|
||||
*/*@*/*: *
|
||||
|
||||
[write_permissions]
|
||||
*/*@*/*: {{ conan_users | selectattr("write", "equalto", True) | map(attribute="name") | join(",") }}
|
||||
|
||||
[users]
|
||||
{% for user in conan_users %}
|
||||
{{ user.name }}: {{ user.pass }}
|
||||
{% endfor %}
|
Loading…
Reference in New Issue