Use valkyrie's resolv.conf
This commit is contained in:
parent
17cd8d75c3
commit
acb04f05b1
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,3 +1,4 @@
|
|||||||
group_vars/the_nine_worlds
|
group_vars/the_nine_worlds
|
||||||
host_vars/valkyrie
|
host_vars/valkyrie
|
||||||
host_vars/yggdrasil
|
host_vars/yggdrasil
|
||||||
|
playbooks/filesystem/tmp/valkyrie/etc/resolv.conf
|
||||||
|
@ -48,7 +48,6 @@ http {
|
|||||||
# OCSP Stapling.
|
# OCSP Stapling.
|
||||||
ssl_stapling on;
|
ssl_stapling on;
|
||||||
ssl_stapling_verify on;
|
ssl_stapling_verify on;
|
||||||
resolver 1.1.1.1 1.0.0.1 valid=300s;
|
|
||||||
resolver_timeout 5s;
|
resolver_timeout 5s;
|
||||||
|
|
||||||
# HTTP Strict Transport Security.
|
# HTTP Strict Transport Security.
|
||||||
|
0
playbooks/filesystem/tmp/.gitdummy
Normal file
0
playbooks/filesystem/tmp/.gitdummy
Normal file
@ -11,7 +11,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
|
|||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
TimeoutStopSec=70
|
TimeoutStopSec=70
|
||||||
ExecStartPre=/bin/rm -f %t/container-rproxy-nginx.pid %t/container-rproxy-nginx.ctr-id
|
ExecStartPre=/bin/rm -f %t/container-rproxy-nginx.pid %t/container-rproxy-nginx.ctr-id
|
||||||
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-rproxy-nginx.pid --cidfile %t/container-rproxy-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-rproxy.pod-id --replace -dt {{ service_rproxy_hosts }} -v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro -v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro -v ./.config/pod-rproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro -v etc_letsencrypt:/etc/letsencrypt:ro -v var_lib_letsencrypt:/var/lib/letsencrypt:ro -v ./.config/pod-rproxy/html:/var/www/html --name=pod-rproxy-nginx docker.io/library/nginx
|
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-rproxy-nginx.pid --cidfile %t/container-rproxy-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-rproxy.pod-id --replace -dt {{ service_rproxy_hosts }} -v /etc/resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro -v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro -v ./.config/pod-rproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro -v etc_letsencrypt:/etc/letsencrypt:ro -v var_lib_letsencrypt:/var/lib/letsencrypt:ro -v ./.config/pod-rproxy/html:/var/www/html --name=pod-rproxy-nginx docker.io/library/nginx
|
||||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-rproxy-nginx.ctr-id -t 10
|
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-rproxy-nginx.ctr-id -t 10
|
||||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-nginx.ctr-id
|
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-nginx.ctr-id
|
||||||
PIDFile=%t/container-rproxy-nginx.pid
|
PIDFile=%t/container-rproxy-nginx.pid
|
||||||
|
@ -11,7 +11,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
|
|||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
TimeoutStopSec=70
|
TimeoutStopSec=70
|
||||||
ExecStartPre=/bin/rm -f %t/container-www-nginx.pid %t/container-www-nginx.ctr-id
|
ExecStartPre=/bin/rm -f %t/container-www-nginx.pid %t/container-www-nginx.ctr-id
|
||||||
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-www-nginx.pid --cidfile %t/container-www-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-www.pod-id --replace -dt -v ./.config/pod-www/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro --name=pod-www-nginx docker.io/library/nginx
|
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-www-nginx.pid --cidfile %t/container-www-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-www.pod-id --replace -dt -v /etc/resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-www/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro --name=pod-www-nginx docker.io/library/nginx
|
||||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-www-nginx.ctr-id -t 10
|
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-www-nginx.ctr-id -t 10
|
||||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-www-nginx.ctr-id
|
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-www-nginx.ctr-id
|
||||||
PIDFile=%t/container-www-nginx.pid
|
PIDFile=%t/container-www-nginx.pid
|
||||||
|
@ -11,7 +11,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
|
|||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
TimeoutStopSec=70
|
TimeoutStopSec=70
|
||||||
ExecStartPre=/bin/rm -f %t/container-lrproxy-nginx.pid %t/container-lrproxy-nginx.ctr-id
|
ExecStartPre=/bin/rm -f %t/container-lrproxy-nginx.pid %t/container-lrproxy-nginx.ctr-id
|
||||||
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-lrproxy-nginx.pid --cidfile %t/container-lrproxy-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-lrproxy.pod-id --replace -dt {{ service_rproxy_hosts }} -v ./.config/pod-lrproxy/nginx.conf:/etc/nginx/nginx.conf:ro -v ./.config/pod-lrproxy/nginx-conf.d:/etc/nginx/conf.d:ro -v ./.config/pod-lrproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro -v etc_letsencrypt:/etc/letsencrypt:ro --name=pod-lrproxy-nginx docker.io/library/nginx
|
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-lrproxy-nginx.pid --cidfile %t/container-lrproxy-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-lrproxy.pod-id --replace -dt {{ service_rproxy_hosts }} -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-lrproxy/nginx.conf:/etc/nginx/nginx.conf:ro -v ./.config/pod-lrproxy/nginx-conf.d:/etc/nginx/conf.d:ro -v ./.config/pod-lrproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro -v etc_letsencrypt:/etc/letsencrypt:ro --name=pod-lrproxy-nginx docker.io/library/nginx
|
||||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-lrproxy-nginx.ctr-id -t 10
|
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-lrproxy-nginx.ctr-id -t 10
|
||||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-lrproxy-nginx.ctr-id
|
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-lrproxy-nginx.ctr-id
|
||||||
PIDFile=%t/container-lrproxy-nginx.pid
|
PIDFile=%t/container-lrproxy-nginx.pid
|
||||||
|
@ -7,3 +7,4 @@
|
|||||||
- import_tasks: tasks/services/setup/01-zfs-datasets.yml
|
- import_tasks: tasks/services/setup/01-zfs-datasets.yml
|
||||||
when: is_zfs
|
when: is_zfs
|
||||||
- import_tasks: tasks/services/setup/01-directories.yml
|
- import_tasks: tasks/services/setup/01-directories.yml
|
||||||
|
- import_tasks: tasks/services/setup/02-nameserver.yml
|
||||||
|
13
playbooks/tasks/services/setup/02-nameserver.yml
Normal file
13
playbooks/tasks/services/setup/02-nameserver.yml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
- name: Fetch valkyrie's resolv.conf
|
||||||
|
fetch:
|
||||||
|
src: "/etc/resolv.conf"
|
||||||
|
dest: "./filesystem/tmp/"
|
||||||
|
when:
|
||||||
|
ansible_hostname == 'valkyrie'
|
||||||
|
|
||||||
|
- name: Copy valkyrie's resolv.conf to yggdrasil
|
||||||
|
copy:
|
||||||
|
src: "./filesystem/tmp/valkyrie/etc/resolv.conf"
|
||||||
|
dest: "/var/lib/{{ ansible_hostname }}/valkyrie-resolv.conf"
|
||||||
|
when:
|
||||||
|
ansible_hostname == 'yggdrasil'
|
Loading…
Reference in New Issue
Block a user