Added web service

2024-07-18 10:04:07 +02:00
parent 7a1e728f2f
commit ff2751e207
7 changed files with 46 additions and 28 deletions
--- a/files/usertwist
+++ b/files/usertwist
--- a/files/usertwist.service
+++ b/files/usertwist.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Simple Web Service
+
+[Service]
+User=caddy
+Group=caddy
+ExecStart=/usr/local/bin/usertwist
+
+[Install]
+WantedBy=multi-user.target
--- a/inventory.ini
+++ b/inventory.ini
@@ -1,2 +1,2 @@
 [athelas]
-vps ansible_host=95.217.153.90 ansible_connection=ssh ansible_user=root
+vps ansible_host=135.181.250.127 ansible_connection=ssh ansible_user=root
--- a/tasks/install_caddy.yml
+++ b/tasks/install_caddy.yml
@@ -24,24 +24,33 @@
    ansible.builtin.package:
      name: caddy

-  - name: Creating webserver root folder
-    ansible.builtin.file:
-      path: /var/www/html/
-      state: directory
-      group: caddy
-      owner: caddy
-
-  - name: Creating webserver index.html
-    ansible.builtin.file:
-      path: /var/www/html/index.html
-      state: touch
-      group: caddy
-      owner: caddy
-
-  - name: Editing Caddyfile
+  - name: Editing Caddyfile to setup the reverse_proxy
    ansible.builtin.template:
      src: ~/ansible/templates/Caddyfile.j2
      dest: /etc/caddy/Caddyfile

-  - name: Reboot
-    ansible.builtin.reboot:
+  - name: Put the service binary on the remote server
+    ansible.builtin.copy:
+      src: ~/ansible/files/usertwist
+      dest: /usr/local/bin
+      owner: root
+      group: root
+      mode: '0755'
+
+  - name: Put the service systemd file on the remote server
+    ansible.builtin.copy:
+      src: ~/ansible/files/usertwist.service
+      dest: /etc/systemd/system
+      owner: root
+      group: root
+
+  - name: Enable the service systemd unit
+    ansible.builtin.systemd_service:
+      name: usertwist
+      enabled: true
+      state: started
+
+  - name: Restart Caddy service
+    ansible.builtin.service:
+      name: caddy
+      state: restarted
--- a/tasks/setup_iptables.yml
+++ b/tasks/setup_iptables.yml
@@ -11,8 +11,8 @@
      jump: ACCEPT
      destination_ports:
        - "22"
+        - "8081"
        - "80"
-        - "443"

  - name: Set INPUT policy to DROP
    ansible.builtin.iptables:
--- a/tasks/setup_ssh.yml
+++ b/tasks/setup_ssh.yml
@@ -28,6 +28,7 @@
    ansible.builtin.user:
      name: "motysten"
      groups: "sudo"
+      shell: /bin/bash
      append: true
      password: "{{ lookup('password', '/tmp/userpass length=12 encrypt=sha512_crypt') }}"
    become: true
--- a/templates/Caddyfile.j2
+++ b/templates/Caddyfile.j2
@@ -8,18 +8,16 @@
 # this machine's public IP, then replace ":80" below with your
 # domain name.

-poc.athelas.fr {
-	# Set this path to your site's directory.
-	root * /var/www/html
-
-	# Enable the static file server.
-	file_server
+poc.athelas.fr:8081 {

 	# Another common task is to set up a reverse proxy:
-	# reverse_proxy localhost:8080
+	reverse_proxy localhost:8080
+
+	# Also edit ACME server
+	tls {
+		ca https://acme-staging-v02.api.letsencrypt.org/directory
+	}

-	# Or serve a PHP site through php-fpm:
-	# php_fastcgi localhost:9000
 }

 # Refer to the Caddy docs for more information: