diff --git a/ansible/inventory b/ansible/inventory index 77e90223..7db09ce6 100644 --- a/ansible/inventory +++ b/ansible/inventory @@ -4,3 +4,4 @@ openvpn-server1.ooni.io # This requires manual setup of ~/.ssh/config #codesign-box data.ooni.org +oonidatatest.ooni.nu diff --git a/ansible/playbook-bootstrap.yml b/ansible/playbook-bootstrap.yml new file mode 100644 index 00000000..f1eb10bb --- /dev/null +++ b/ansible/playbook-bootstrap.yml @@ -0,0 +1,7 @@ +# This playbook is to be run on hosts that don't support bootstrapping the base +# OS setup with something other than ansible (eg. cloud-init) +- name: Ensure ssh_users are synched on all hosts + hosts: all + remote_user: root + roles: + - ssh_users diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 5f4ee32a..fa093dc4 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -36,6 +36,12 @@ roles: - ssh_users +- name: Deploy oonidata hosts + hosts: oonidatatest.ooni.nu + become: true + roles: + - oonidata + # commented out due to the fact it requires manual config of ~/.ssh/config #- name: Setup codesign box # hosts: codesign-box diff --git a/ansible/requirements.yml b/ansible/requirements.yml index 94e27282..39dbd754 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -1,3 +1,3 @@ - src: willshersystems.sshd - src: nginxinc.nginx -- src: geerlingguy.nginx +- src: geerlingguy.certbot diff --git a/ansible/roles/miniconda/vars/main.yml b/ansible/roles/miniconda/defaults/main.yml similarity index 100% rename from ansible/roles/miniconda/vars/main.yml rename to ansible/roles/miniconda/defaults/main.yml diff --git a/ansible/roles/miniconda/tasks/install.yml b/ansible/roles/miniconda/tasks/install.yml index 5abdb9d8..5da31271 100644 --- a/ansible/roles/miniconda/tasks/install.yml +++ b/ansible/roles/miniconda/tasks/install.yml @@ -14,7 +14,6 @@ mode: "0700" - name: Run the miniconda installer - become_user: miniconda ansible.builtin.shell: | bash {{ miniconda_install_dir }}/miniconda.sh -b -u -p {{ miniconda_install_dir }} diff --git a/ansible/roles/miniconda/tasks/main.yml b/ansible/roles/miniconda/tasks/main.yml index 962ca008..958ecd6a 100644 --- a/ansible/roles/miniconda/tasks/main.yml +++ b/ansible/roles/miniconda/tasks/main.yml @@ -4,14 +4,7 @@ path: "{{ miniconda_install_dir }}/bin/conda" register: miniconda_bin -- name: Create miniconda user - become: yes - ansible.builtin.user: - name: miniconda - create_home: no - - include_tasks: install.yml - become: yes when: not miniconda_bin.stat.exists - name: "install conda packages" diff --git a/ansible/roles/nginx/meta/main.yml b/ansible/roles/nginx/meta/main.yml deleted file mode 100644 index 655239f5..00000000 --- a/ansible/roles/nginx/meta/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -dependencies: - - libhandlers -... diff --git a/ansible/roles/oonidata/vars/main.yml b/ansible/roles/oonidata/defaults/main.yml similarity index 100% rename from ansible/roles/oonidata/vars/main.yml rename to ansible/roles/oonidata/defaults/main.yml diff --git a/ansible/roles/oonidata/meta/main.yml b/ansible/roles/oonidata/meta/main.yml index 1e67bfa5..191069ae 100644 --- a/ansible/roles/oonidata/meta/main.yml +++ b/ansible/roles/oonidata/meta/main.yml @@ -1,5 +1,3 @@ dependencies: - role: miniconda - vars: - miniconda_install_dir: "{{ miniconda_install_dir }}" - role: nginx diff --git a/ansible/roles/oonidata/tasks/main.yml b/ansible/roles/oonidata/tasks/main.yml index 4b79bcf9..c413c9ef 100644 --- a/ansible/roles/oonidata/tasks/main.yml +++ b/ansible/roles/oonidata/tasks/main.yml @@ -1,12 +1,12 @@ --- - include_tasks: jupyterhub.yml - become: yes -- include_role: geerlingguy.nginx +- include_role: + name: geerlingguy.certbot vars: certbot_admin_email: admin@ooni.org certbot_create_if_missing: true certbot_create_standalone_stop_services: [] certbot_certs: - domains: - - {{ inventory_name }} + - "{{ inventory_name }}"