add login web interface

8 years ago · 34c79f3a0d
--- a/all.yaml
+++ b/all.yaml
@ -1,6 +1,7 @@
 - include: ldap.yaml
 - include: blogs.yaml
 - include: lists.yaml
 - include: login.yaml
 - include: mail.yaml
 - include: projects.yaml
 - include: users.yaml
--- a/login.yaml
+++ b/login.yaml
@ -0,0 +1,15 @@
 ---
 - hosts: biff
  roles:
      - role: lxc_guest
        vm_name: login
        distro: stretch
      - role: ssh_server
        ansible_connection: lxc_ssh
        ansible_docker_extra_args: login
 - hosts: login
  roles:
      - role: dns_record
      - role: login
      - role: reverse_proxy
        hostname: login3
--- a/roles/login/meta/main.yaml
+++ b/roles/login/meta/main.yaml
@ -0,0 +1,7 @@
 ---
 dependencies:
  - role: nginx
    is_proxy: true
    config_name: "login"
    remote_host: "http://localhost:5000"
    server_name: "login.lilik.it"
--- a/roles/login/tasks/main.yaml
+++ b/roles/login/tasks/main.yaml
@ -0,0 +1,37 @@
 - name: install login packages
  apt:
    name: "{{ item }}"
    state: present
    update_cache: yes
    cache_valid_time: 3600
    install_recommends: '{{ install_recommends | default("no") }}'
  with_items:
    - git
    - python3
    - python3-ldap3
    - python3-flask

 - name: clone login repository
  git:
    repo: http://projects.lilik.it/lilik/lilik_users3.git
    dest: /srv/login
  notify:
    - restart login

 - name: add login init script
  template: src=login.j2 dest=/etc/init.d/login mode=755
  register: add_login_startup_script
  notify:
    - restart login

 - name: reload systemd
  systemd:
    daemon_reload: yes
    name: login
  when: add_login_startup_script.changed

 - include_role:
    name: service
  vars:
    service_name: login
    service_packages: null
--- a/roles/login/templates/login.conf.nginx.j2
+++ b/roles/login/templates/login.conf.nginx.j2
@ -0,0 +1,28 @@

 server {
  listen *:80;


  server_name login.lilik.it;

  client_max_body_size 0;


  location / {
    rewrite ^/$ /static/index.html permanent;

    proxy_http_version 1.1;

    proxy_set_header Host projects.leader.lilik.it;
    proxy_set_header X-Forwarded-Host "";
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto http;

    proxy_pass http://localhost:5000;
    proxy_hide_header    Content-Security-Policy;
    proxy_hide_header    X-Frame-Options;
 }


 }
--- a/roles/login/templates/login.j2
+++ b/roles/login/templates/login.j2
@ -0,0 +1,59 @@
 #!/bin/sh
 ### BEGIN INIT INFO
 # Provides:          login
 # Required-Start:    $remote_fs $syslog $networking
 # Required-Stop:     $remote_fs $syslog $networking
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: login
 # Description:       LILiK user manager interface
 ### END INIT INFO

 DIR=/srv/login
 DAEMON=$DIR/server.py
 DAEMON_NAME=login

 # Add any command line options for your daemon here
 DAEMON_OPTS=""

 # This next line determines what user the script runs as.
 DAEMON_USER=root

 # The process ID of the script when it runs is stored here:
 PIDFILE=/var/run/$DAEMON_NAME.pid

 . /lib/lsb/init-functions

 do_start () {
    log_daemon_msg "Starting system $DAEMON_NAME daemon"
    start-stop-daemon --start --background --pidfile $PIDFILE --make-pidfile --user $DAEMON_USER --chuid $DAEMON_USER --startas $DAEMON -- $DAEMON_OPTS
    log_end_msg $?
 }
 do_stop () {
    log_daemon_msg "Stopping system $DAEMON_NAME daemon"
    start-stop-daemon --stop --pidfile $PIDFILE --retry 10
    log_end_msg $?
 }

 case "$1" in

    start|stop)
        do_${1}
        ;;

    restart|reload|force-reload)
        do_stop
        do_start
        ;;

    status)
        status_of_proc "$DAEMON_NAME" "$DAEMON" && exit 0 || exit $?
        ;;

    *)
        echo "Usage: /etc/init.d/$DAEMON_NAME {start|stop|restart|status}"
        exit 1
        ;;

 esac
 exit 0