2023-03-15 17:13:31 +00:00
|
|
|
---
|
|
|
|
# 1. Setup LXC
|
|
|
|
- include_tasks: pkg.yml
|
|
|
|
|
|
|
|
# 2. Setup networking
|
|
|
|
- include_tasks: networking.yml
|
|
|
|
|
|
|
|
# 2. Create maatma container from alpine ctr
|
|
|
|
- include_tasks: container-setup.yml
|
|
|
|
|
|
|
|
- name: "Ensure container's directory is traversable by srs-deploy"
|
|
|
|
file:
|
|
|
|
path: "/var/lib/lxc/maatma"
|
|
|
|
group: srs-deploy
|
|
|
|
state: directory
|
|
|
|
|
2023-03-16 01:58:20 +00:00
|
|
|
# 3. Install firewall
|
|
|
|
# 4. Install others scripts
|
2023-03-15 21:16:43 +00:00
|
|
|
- name: configure wg-adlin
|
|
|
|
copy:
|
|
|
|
src: "/etc/wireguard/wg-adlin.conf"
|
|
|
|
dest: "/var/lib/lxc/{{ ctr_name }}/rootfs/etc/wg-adlin.conf"
|
|
|
|
remote_src: true
|
|
|
|
tags:
|
|
|
|
- wireguard
|
|
|
|
|
|
|
|
- name: Copy wg-sync.sh
|
|
|
|
copy:
|
|
|
|
src: "wg-sync.sh"
|
|
|
|
dest: "/var/lib/lxc/{{ ctr_name }}/rootfs/root/wg-sync.sh"
|
|
|
|
mode: 0755
|
|
|
|
tags:
|
|
|
|
- wireguard
|
|
|
|
|
2023-03-15 17:13:31 +00:00
|
|
|
- name: Retrieve clean-wg.sh
|
|
|
|
get_url:
|
|
|
|
url: https://git.nemunai.re/teach/adlin/raw/branch/master/token-validator/clean-wg.sh
|
|
|
|
dest: "/var/lib/lxc/{{ ctr_name }}/rootfs/usr/sbin/clean-wg.sh"
|
|
|
|
mode: 0755
|
2023-03-15 21:16:43 +00:00
|
|
|
tags:
|
|
|
|
- wireguard
|
2023-03-15 17:13:31 +00:00
|
|
|
|
|
|
|
- name: Add update-adlin script
|
|
|
|
template:
|
|
|
|
src: update-adlin
|
|
|
|
dest: /sbin/update-adlin
|
|
|
|
mode: 0755
|
|
|
|
|
|
|
|
- name: Define authorized key for srs-deploy
|
|
|
|
ansible.posix.authorized_key:
|
|
|
|
user: srs-deploy
|
|
|
|
state: present
|
|
|
|
key: "{{ ssh_key_srs_deploy }}"
|
|
|
|
|
|
|
|
- name: Ensure directory exists for receiving new builds
|
|
|
|
file:
|
|
|
|
path: "/var/lib/lxc/{{ ctr_name }}/rootfs/home/newbuilds"
|
|
|
|
owner: srs-deploy
|
|
|
|
state: directory
|
|
|
|
|
|
|
|
- name: Ensure directory exists for receiving maatma error pages
|
|
|
|
file:
|
|
|
|
path: "/var/www/nemunai.re/adlin/.error-pages"
|
|
|
|
owner: srs-deploy
|
|
|
|
state: directory
|
|
|
|
|
|
|
|
- name: Launch maatma container
|
|
|
|
service:
|
|
|
|
name: "lxc.{{ ctr_name }}"
|
|
|
|
state: started
|
|
|
|
enabled: true
|