Archive abandoned project
This commit is contained in:
Benoit
parent
bc8862d90b
commit
65be894048
501 changed files with 24305 additions and 0 deletions
145
esh_haproxy/recipes/config.rb
Normal file
145
esh_haproxy/recipes/config.rb
Normal file
|
|
@ -0,0 +1,145 @@
|
|||
#
|
||||
# Cookbook:: esh_haproxy
|
||||
# Recipe:: config
|
||||
#
|
||||
# Copyright:: 2022, https://easyself.host
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apt_package %w(haproxy whois)
|
||||
|
||||
directory "/etc/haproxy/country" do
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '0755'
|
||||
action :create
|
||||
end
|
||||
|
||||
cookbook_file '/usr/local/bin/haproxy_country' do
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '0755'
|
||||
action :create
|
||||
end
|
||||
|
||||
execute 'haproxy generate country acl' do
|
||||
command '/usr/local/bin/haproxy_country'
|
||||
environment ({ 'LICENSE_KEY' => node['esh']['haproxy']['config']['maxmind_key'] })
|
||||
action :run
|
||||
not_if { ::File.exist?('/etc/haproxy/country/JP.txt') }
|
||||
end
|
||||
|
||||
remote_file '/etc/haproxy/dhparam' do
|
||||
source 'https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe4096.pem'
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '0444'
|
||||
action :create
|
||||
end
|
||||
|
||||
template '/etc/haproxy/haproxy.cfg' do
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '0444'
|
||||
variables acls: node['esh']['haproxy']['config']['acls'],
|
||||
listen: node['esh']['haproxy']['config']['listen'],
|
||||
backends: node['esh']['haproxy']['config']['backends'],
|
||||
stats_password: node['esh']['haproxy']['config']['stats_password']
|
||||
action :create
|
||||
end
|
||||
|
||||
systemd_unit 'haproxy_country_failure.service' do
|
||||
content <<~EOU
|
||||
[Unit]
|
||||
Description=Notifies HC if haproxy country fail
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/usr/bin/curl -fsS -m 10 --retry 5 #{node['esh']['haproxy']['config']['hc_url']}/fail
|
||||
|
||||
EOU
|
||||
verify false
|
||||
action [:create, :enable]
|
||||
end
|
||||
|
||||
systemd_unit 'haproxy_country_success.service' do
|
||||
content <<~EOU
|
||||
[Unit]
|
||||
Description=Notifies HC if haproxy country succeed
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/usr/bin/curl -fsS -m 10 --retry 5 #{node['esh']['haproxy']['config']['hc_url']}
|
||||
|
||||
EOU
|
||||
verify false
|
||||
action [:create, :enable]
|
||||
end
|
||||
|
||||
systemd_unit 'haproxy_country.service' do
|
||||
content <<~EOU
|
||||
[Unit]
|
||||
Description=Update haproxy country IP range
|
||||
OnFailure=haproxy_country_failure.service
|
||||
OnSuccess=haproxy_country_success.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="LICENSE_KEY=#{node['esh']['haproxy']['config']['maxmind_key']}"
|
||||
ExecStartPre=/usr/bin/curl -fsS -m 10 --retry 5 #{node['esh']['haproxy']['config']['hc_url']}/start
|
||||
ExecStart=/usr/local/bin/haproxy_country
|
||||
|
||||
EOU
|
||||
verify false
|
||||
action [:create, :enable]
|
||||
end
|
||||
|
||||
systemd_unit 'haproxy_country.timer' do
|
||||
content <<~EOU
|
||||
[Unit]
|
||||
Description=Run haproxy_country on Fridays, 12h random
|
||||
|
||||
[Timer]
|
||||
OnCalendar=Fri 00:00
|
||||
RandomizedDelaySec=12h
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
EOU
|
||||
verify false
|
||||
action [:create, :enable]
|
||||
end
|
||||
|
||||
apt_package 'ssl-cert'
|
||||
|
||||
directory '/etc/haproxy/crt' do
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '0755'
|
||||
action :create
|
||||
end
|
||||
|
||||
execute 'add to haproxy default self-signed certificate' do
|
||||
command <<~EOT
|
||||
cat /etc/ssl/certs/ssl-cert-snakeoil.pem \
|
||||
/etc/ssl/private/ssl-cert-snakeoil.key \
|
||||
> /etc/haproxy/crt/ssl-cert-snakeoil.pem
|
||||
EOT
|
||||
not_if { ::File.exist?('/etc/haproxy/crt/ssl-cert-snakeoil.pem') }
|
||||
action :run
|
||||
end
|
||||
|
||||
service 'haproxy' do
|
||||
action :nothing
|
||||
subscribes :reload, 'template[/etc/haproxy/haproxy.cfg]', :immediately
|
||||
end
|
||||
17
esh_haproxy/recipes/default.rb
Normal file
17
esh_haproxy/recipes/default.rb
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
#
|
||||
# Cookbook:: esh_haproxy
|
||||
# Recipe:: default
|
||||
#
|
||||
# Copyright:: 2022, https://easyself.host
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
Reference in a new issue