From 32c209be718bf6bbc8fcd540ce2d909f3584c8da Mon Sep 17 00:00:00 2001
From: "Jorge E. Gomez" <jegomez@agofer.com.co>
Date: Mon, 28 Sep 2020 19:43:12 -0500
Subject: [PATCH] Initial version

---
 README.md                                  | 18 +++++
 hosts                                      |  2 +
 local.yml                                  | 12 ++++
 roles/lxchost/tasks/lxd_profile.yml        | 46 +++++++++++++
 roles/lxchost/tasks/main.yml               | 22 +++++++
 roles/lxchost/vars/main.yml                | 77 ++++++++++++++++++++++
 roles/nginxproxy/tasks/main.yml            | 33 ++++++++++
 roles/nginxproxy/templates/newsite.conf.j2 | 22 +++++++
 roles/nginxproxy/vars/main.yml             |  4 ++
 9 files changed, 236 insertions(+)
 create mode 100644 README.md
 create mode 100644 hosts
 create mode 100644 local.yml
 create mode 100644 roles/lxchost/tasks/lxd_profile.yml
 create mode 100644 roles/lxchost/tasks/main.yml
 create mode 100644 roles/lxchost/vars/main.yml
 create mode 100644 roles/nginxproxy/tasks/main.yml
 create mode 100644 roles/nginxproxy/templates/newsite.conf.j2
 create mode 100644 roles/nginxproxy/vars/main.yml

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..ed0e415
--- /dev/null
+++ b/README.md
@@ -0,0 +1,18 @@
+# Ansible role to launch a new container
+
+To be used in the LXD host (currently **servidora1e0.bogota.agofer**), via
+`ansible-pull`.
+
+```sh
+ansible-pull \
+  -U ssh://git@gitea.agofer.net:22001/jegomez/ansible-role-launch-container.git \
+  -e nombre=<newodoocontainer>
+```
+
+* Launches a new container called **newodoocontainer**.
+* Creates a DNS alias for **externo.agofer.net** called
+  **newodoocontainer.agofer.net**.
+* Registers this container in the existing Nginx Proxy container.
+* Requests an SSL certificate to _Let's Encrypt_ for the new domain, storing
+  the certificates in the Nginx Proxy container.
+
diff --git a/hosts b/hosts
new file mode 100644
index 0000000..13c0639
--- /dev/null
+++ b/hosts
@@ -0,0 +1,2 @@
+localhost ansible_connection=local
+nginx ansible_connection=lxd
diff --git a/local.yml b/local.yml
new file mode 100644
index 0000000..4584057
--- /dev/null
+++ b/local.yml
@@ -0,0 +1,12 @@
+- hosts: localhost
+  gather_facts: yes
+  user: sistemas
+  roles:
+    - lxchost
+  vars:
+    dominio: agofer.net
+    
+- hosts: nginx
+  gather_facts: no
+  roles:
+    - nginxproxy
diff --git a/roles/lxchost/tasks/lxd_profile.yml b/roles/lxchost/tasks/lxd_profile.yml
new file mode 100644
index 0000000..9f523ad
--- /dev/null
+++ b/roles/lxchost/tasks/lxd_profile.yml
@@ -0,0 +1,46 @@
+---
+- name: Create or verify Odoo LXD profile
+  lxd_profile:
+    name: odoo
+    description: LXD profile for Odoo v8
+    config: 
+	  user.vendor-data: |
+		#cloud-config
+		package_upgrade: true
+		packages:
+		  - python3-pip
+		users:
+		  - name: root
+			ssh-import-id: gh:jorgeegomez
+		write_files:
+		  - encoding: gzip
+			owner: root:root
+			path: /root/.ssh/id_ed25519
+			permissions: '0600'
+			content: !!binary |
+              '{{ privkey | string | b64encode }}'
+		  - encoding: gzip
+			owner: root:root
+			path: /root/.ssh/id_ed25519.pub
+			permissions: '0644'
+			content: !!binary |
+              '{{ pubkey | string | b64encode }}'
+		  - encoding: gzip
+			owner: root:root
+			path: /root/.ssh/known_hosts
+			permissions: '0644'
+			content: !!binary |
+              '{{ known_hosts | string | b64encode }}'
+		runcmd:
+		  - pip3 install ansible psycopg2-binary
+		  - [ ansible-pull, -U, "ssh://git@gitea.agofer.net:22001/jegomez/ansible-role-odoo8container.git" ]
+    devices:
+      nat01:
+        nictype: bridged
+        parent: nat01
+        type: nic
+      root:
+        path: /
+        pool: default
+        type: disk
+
diff --git a/roles/lxchost/tasks/main.yml b/roles/lxchost/tasks/main.yml
new file mode 100644
index 0000000..b0df8cd
--- /dev/null
+++ b/roles/lxchost/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+
+- set_fact:
+  container: '{{ nombre | urlencode | lower | regex_replace('_', '-') }}'
+
+# - import_playbook: lxd_profile.yml
+
+- name: Launch LXD container
+  lxd_container:
+    name: '{{ container }}'
+    ephemeral: no
+    profiles: ['odoo']
+    source:
+      type: image
+      mode: pull
+      server: https://cloud-images.ubuntu.com/releases
+      protocol: simplestreams
+      alias: ubuntu/18.04
+
+- name: Register DNS CNAME alias using Dreamhost API
+  shell:
+    cmd: curl "https://api.dreamhost.com/?key={{ apikey }}&cmd=dns-add_record&record={{ container }}.{{ dominio }}&type=CNAME&value=externo.{{ dominio }}."
diff --git a/roles/lxchost/vars/main.yml b/roles/lxchost/vars/main.yml
new file mode 100644
index 0000000..76fff09
--- /dev/null
+++ b/roles/lxchost/vars/main.yml
@@ -0,0 +1,77 @@
+$ANSIBLE_VAULT;1.1;AES256
+36353334653735326335326432396130633431376661626362653661383563653830633234333162
+3233303235333236313865316435336535333332303538660a623664646263383534313033633937
+63633231323539373062653632616631333136336332633739323163306533653330313664393230
+3834373434656162320a316462663631663231343834613639616461386666653963393334373231
+33316435383761363138626465316339386136386164393835633938666264313635663233373834
+38343731356436646132323165633065633135353936386464663436333964383834343563353563
+62653833306131363933366566353938613363666263363862646530383634313564633831323834
+34333431383232303631376430626461383835666635636630343036363435636133613734663937
+64356635613562333338383464326661646666633332393565303131626534353765616134613565
+36303137633135326666313133636636623931643433316239363135613063646163666636303536
+63613037646666666666646264366438633836346264636264356631353165656431396365356161
+30383635333966643535396163326635363764636437303530323537343066316133346539366238
+34363035306132343834643232323230623964356433623431373133613032396431326436363366
+64353064306230313634396335333633386264356237393537386133343939366664626466666533
+65333762356365396338666533616136303262373862383862323463326562623037323765633539
+63346262636638303238666363613064303734623662323462613866666132326262326138356338
+32636133383162633364343561663435393931353763646361336562346533616564326638646565
+61323962353661643637643437313164383832333133303965336132626665663962346237643334
+63666635393865336436353261626564326566333633373865303239653464326238633938393666
+62383033633633633033303331393132313732613336316661343763316139323731303665333535
+31343637646662643663326531366565616634346365356439313661383037346264653933376563
+61646630333330353636333038663332643366323132636366373537303533326663623330303830
+33316135343163343664643832393761373738633666656361343936393337623932343438316236
+62313130623939373865346665663331663238313961326265333235383739343934303538306462
+32346639383964666339393930326137623166386131616331626163313734656662636164333736
+35613564633761393866303132666134306436643933623138653337613432626631346632633364
+33313363656134363439633730343638646265323332373065323061623133393731316165663832
+62613834613936353637333637363163656430343364633165653030393931363838613566333934
+66323439376237383033626631633438393337336638633334343963613362353163353362656439
+66626233346230386138616565616437653131363431636438383462636665393265623261346363
+37636432386166393739323266303432383632323738666165623734306366376464363439353361
+66623062353461653462333966336166306334396564346364333537633134316666633032306433
+32326466643565323465303066383366323561386665373838366662376263343637663066663832
+31393333636437383133363932646433353932663336323634376564303338643461666130313738
+32656562306536393530326464633064613861663061316261613965663230393561346132383339
+39323837396439663432646665303731313561323762663236363936613834393463643531393338
+32623431663063393333353538656431343236626465613563326334656566656135343862656534
+37636165396337343538643238363461386331666133376632646639316461646539343066363835
+34626266303636613337663864313532663030646438356238396461613637316230316532643831
+35613033363933393337396236336265633930363766316463336432383161613338333166623933
+66646231626264323261353638653537356231343533373364346131346162356365633330636436
+36316562656461353335633939366537313433666230623939306331396236303833383337616162
+32616538393865363864663865316165306639393930316465626463326333306434303737303934
+36336131616163346438376264636234363566376436383938663830393932363436343065653539
+37353530623037666662396464653666353835393533643965343262323139356335646262613134
+64303832306536383861313232666531356233333138613635343036613139313330373832303464
+30383766623866356163643662663864343234663062323535383164323930323661376165643061
+37616430393035303730363562633935396633663966333963613665633332636230656432383961
+66323162303632663035376661376630346261663963396662396163306662363562313536303533
+65313263346431323530326562663761313164376366366532363965613930363562643464656265
+30393638373063636533346137663031363734343839346135613734666562623930643661323033
+35326238336330646466656431653930336263303630353237626432303763363265396433323965
+39353633663438313066306439666461386137346434363061636637393433343933356135346166
+65363635643962383039356563633635353063356637613030373831616662393032343063313530
+34343739643137623030643063343435633835303635613462323137373664653634366437636338
+66623237353861663539336234626436666664343663623135393033316464393761633733373834
+62616666363062363761373234376339663965343961373236333264636537326539623133333537
+61636437356431316339343738333663316432386661386235346361613539383237623565316531
+61656265366335663530373361666361666564346532343033663336303934613738373039663364
+64323837643131366561653566313766396365316130633531343436343061303661323031643161
+64306539616233666539623731666137666135643232326537396336393839646639306639643036
+33616639396333663262616661663465633035383965353832373837376164373661313632633434
+35366633633462333565353533386461396639373162306534313938653538633363393961323337
+66626662333531376135626266326131393639643831663738353936666536646366333638623561
+31636261356564396136383364396239643738376666313035353731346138313965626665633633
+65623364633733656135363233666461363965316235643838333564313838393964323539626366
+63626436623033616638633961323366613762333532396263346537343964316439356463316230
+36656138386333366265656132333937663330666562626138366234666236316438643763313935
+63643766323666633161386335643434386562346333643031323133356331346638633330326439
+61623039663638383033636138633665626438373633653639633338363966306166396662663865
+36376261353937353831616533653031643265633961386231343230616338366131646261666639
+34343334396166393563393339373062393932666138323865666433376462356663306333653831
+66663538653534326561306363303165356535353937333636623834323365366133333939336437
+66613633636566316535396131343035313265366266613436386363656339383839366330646330
+32616434653564363030393864613231363166353563386639666363616231303131323331633562
+37326361633937323239
diff --git a/roles/nginxproxy/tasks/main.yml b/roles/nginxproxy/tasks/main.yml
new file mode 100644
index 0000000..a9f914c
--- /dev/null
+++ b/roles/nginxproxy/tasks/main.yml
@@ -0,0 +1,33 @@
+---
+# Tasks to be run inside the Nginx proxy container
+
+- set_fact:
+  container: '{{ nombre | urlencode | lower | regex_replace('_', '-') }}'
+
+- name: Create basic Nginx config for new container
+  template:
+    src: newsite.conf.j2
+    dest: '/etc/nginx/conf.d/{{ container }}.{{ dominio }}.conf'
+
+- name: Create folder for Let's Encrypt files
+  file:
+    path: '/var/www/{{ container }}'
+    state: directory
+    owner: www-data
+    group: www-data
+    mode: '0755'
+    
+- name: Restart Nginx
+  systemd:
+    name: nginx
+    state: restarted
+
+- name: Request Let's Encrypt certificate
+  command:
+    cmd: 'certbot --redirect --agree-tos -m {{ email }} --hsts --nginx -n -d {{ nombre | lower }}.{{ dominio }}'
+ 
+- name: Restart Nginx again
+  systemd:
+    name: nginx
+    state: restarted
+
diff --git a/roles/nginxproxy/templates/newsite.conf.j2 b/roles/nginxproxy/templates/newsite.conf.j2
new file mode 100644
index 0000000..aba6efc
--- /dev/null
+++ b/roles/nginxproxy/templates/newsite.conf.j2
@@ -0,0 +1,22 @@
+server {
+    listen 80 proxy_protocol;
+    listen [::]:80 proxy_protocol;
+    server_name {{ container }}.{{ dominio }};
+    root /var/www/{{ container }};
+    location / {
+        resolver 10.0.3.1 valid=1h;
+        set $container "http://{{ container }}.lxd";
+        proxy_pass $container;
+
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-Host $host:$server_port;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+    location /.well-known {
+        alias /var/www/{{ container }}/.well-known;
+    }
+}
+
diff --git a/roles/nginxproxy/vars/main.yml b/roles/nginxproxy/vars/main.yml
new file mode 100644
index 0000000..4114315
--- /dev/null
+++ b/roles/nginxproxy/vars/main.yml
@@ -0,0 +1,4 @@
+---
+email: sistemas@agofer.com.co
+
+dominio: agofer.net