This commit is contained in:
parent
79c4b27de5
commit
d3278da2bc
@ -13,7 +13,7 @@ homeassistant_extra_groups:
|
|||||||
homeassistant_base_dir: /opt/homeassistant
|
homeassistant_base_dir: /opt/homeassistant
|
||||||
homeassistant_conf_dir: "{{ homeassistant_base_dir }}/config"
|
homeassistant_conf_dir: "{{ homeassistant_base_dir }}/config"
|
||||||
|
|
||||||
homeassistant_dependencies: []
|
homeassistant_packages: []
|
||||||
|
|
||||||
homeassistant_http_bind_port: 8123
|
homeassistant_http_bind_port: 8123
|
||||||
homeassistant_client_url: https://hassio.example.com
|
homeassistant_client_url: https://hassio.example.com
|
||||||
@ -45,13 +45,3 @@ homeassistant_exclude_modemmanager: False
|
|||||||
homeassistant_serial_device:
|
homeassistant_serial_device:
|
||||||
- vendor_id: "0000"
|
- vendor_id: "0000"
|
||||||
product_id: "xxxx"
|
product_id: "xxxx"
|
||||||
|
|
||||||
homeassistant_nginx_vhost_enabled: False
|
|
||||||
homeassistant_nginx_server: localhost
|
|
||||||
homeassistant_nginx_vhost_dir: /etc/nginx/sites-available
|
|
||||||
homeassistant_nginx_vhost_symlink: /etc/nginx/sites-enabled
|
|
||||||
homeassistant_nginx_iptables_enabled: False
|
|
||||||
homeassistant_nginx_tls_enabled: False
|
|
||||||
homeassistant_nginx_tls_cert_file: homeassistant-cert.pem
|
|
||||||
homeassistant_nginx_tls_key_file: homeassistant-key.pem
|
|
||||||
homeassistant_nginx_proxy_url: "https://1.2.3.4:{{ homeassistant_http_bind_port }}"
|
|
||||||
|
@ -8,15 +8,6 @@
|
|||||||
become: True
|
become: True
|
||||||
become_user: root
|
become_user: root
|
||||||
|
|
||||||
- name: Reload nginx
|
|
||||||
systemd:
|
|
||||||
state: reloaded
|
|
||||||
name: nginx
|
|
||||||
listen: __nginx_reload
|
|
||||||
delegate_to: "{{ homeassistant_nginx_server }}"
|
|
||||||
become: True
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: Reload udev rules
|
- name: Reload udev rules
|
||||||
command: "udevadm control --reload-rules"
|
command: "udevadm control --reload-rules"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
|
@ -2,15 +2,9 @@
|
|||||||
- name: Converge
|
- name: Converge
|
||||||
hosts: all
|
hosts: all
|
||||||
vars:
|
vars:
|
||||||
yum_repositories:
|
homeassistant_packages:
|
||||||
epel:
|
- epel-release
|
||||||
filename: Extra-EPEL
|
|
||||||
desc: Extra Packages for Enterprise Linux (EPEL)
|
|
||||||
baseurl: "http://download.fedoraproject.org/pub/epel/$releasever/$basearch/"
|
|
||||||
gpgkey: "http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-$releasever/"
|
|
||||||
enabled: True
|
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
- role: xoxys.yum
|
|
||||||
- role: xoxys.python3
|
- role: xoxys.python3
|
||||||
- role: xoxys.homeassistant
|
- role: xoxys.homeassistant
|
||||||
|
@ -4,6 +4,4 @@
|
|||||||
- import_tasks: tls.yml
|
- import_tasks: tls.yml
|
||||||
when: homeassistant_tls_enabled | bool
|
when: homeassistant_tls_enabled | bool
|
||||||
tags: tls_renewal
|
tags: tls_renewal
|
||||||
- import_tasks: nginx.yml
|
|
||||||
when: homeassistant_nginx_vhost_enabled | bool
|
|
||||||
- import_tasks: post_tasks.yml
|
- import_tasks: post_tasks.yml
|
||||||
|
@ -1,50 +0,0 @@
|
|||||||
---
|
|
||||||
- block:
|
|
||||||
- name: Copy certs and private key to nginx proxy
|
|
||||||
copy:
|
|
||||||
src: "{{ item.src }}"
|
|
||||||
dest: "{{ item.dest }}"
|
|
||||||
mode: "{{ item.mode }}"
|
|
||||||
loop:
|
|
||||||
- { src: "{{ homeassistant_tls_key_source }}", dest: '/etc/pki/tls/private/{{ homeassistant_nginx_tls_key_file }}', mode: '0600' }
|
|
||||||
- { src: "{{ homeassistant_tls_cert_source }}", dest: '/etc/pki/tls/certs/{{ homeassistant_nginx_tls_cert_file }}', mode: '0750' }
|
|
||||||
loop_control:
|
|
||||||
label: "{{ item.dest }}"
|
|
||||||
notify: __nginx_reload
|
|
||||||
delegate_to: "{{ homeassistant_nginx_server }}"
|
|
||||||
when: homeassistant_nginx_tls_enabled | bool
|
|
||||||
become: True
|
|
||||||
become_user: root
|
|
||||||
tags: tls_renewal
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: Add vhost configuration file
|
|
||||||
template:
|
|
||||||
src: nginx/vhost.j2
|
|
||||||
dest: "{{ homeassistant_nginx_vhost_dir }}/homeassistant"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0640
|
|
||||||
notify: __nginx_reload
|
|
||||||
|
|
||||||
- name: Enable homeassistant vhost
|
|
||||||
file:
|
|
||||||
src: "{{ homeassistant_nginx_vhost_dir }}/homeassistant"
|
|
||||||
dest: "{{ homeassistant_nginx_vhost_symlink }}/homeassistant"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
state: link
|
|
||||||
notify: __nginx_reload
|
|
||||||
when: homeassistant_nginx_vhost_symlink is defined
|
|
||||||
|
|
||||||
- name: Open ports in iptables
|
|
||||||
iptables_raw:
|
|
||||||
name: allow_homeassistant_nginx_proxy
|
|
||||||
state: present
|
|
||||||
rules: "-A OUTPUT -m state --state NEW -p tcp -d {{ homeassistant_nginx_proxy_url | urlsplit('hostname') }} --dport {{ homeassistant_nginx_proxy_url | urlsplit('port') }} -j ACCEPT"
|
|
||||||
when:
|
|
||||||
- homeassistant_nginx_iptables_enabled | bool
|
|
||||||
- (not homeassistant_nginx_server == inventory_hostname or not homeassistant_nginx_server == "localhost")
|
|
||||||
delegate_to: "{{ homeassistant_nginx_server }}"
|
|
||||||
become: True
|
|
||||||
become_user: root
|
|
@ -19,6 +19,6 @@
|
|||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
loop: "{{ homeassistant_dependencies }}"
|
loop: "{{ homeassistant_packages }}"
|
||||||
become: True
|
become: True
|
||||||
become_user: root
|
become_user: root
|
||||||
|
@ -1,48 +0,0 @@
|
|||||||
#jinja2: lstrip_blocks: True
|
|
||||||
# {{ ansible_managed }}
|
|
||||||
upstream backend_homeassistant {
|
|
||||||
server {{ homeassistant_nginx_proxy_url | urlsplit('hostname') }}:{{ homeassistant_nginx_proxy_url | urlsplit('port') }};
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_name {{ homeassistant_client_url | urlsplit('hostname') }};
|
|
||||||
|
|
||||||
client_max_body_size 200M;
|
|
||||||
|
|
||||||
{% if homeassistant_nginx_tls_enabled %}
|
|
||||||
return 301 https://$server_name$request_uri;
|
|
||||||
{% else %}
|
|
||||||
location / {
|
|
||||||
proxy_pass {{ homeassistant_nginx_proxy_url | urlsplit('scheme') }}://backend_homeassistant;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_redirect http:// https://;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection $connection_upgrade;
|
|
||||||
}
|
|
||||||
{% endif %}
|
|
||||||
}
|
|
||||||
|
|
||||||
{% if homeassistant_nginx_tls_enabled %}
|
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
server_name {{ homeassistant_client_url | urlsplit('hostname') }};
|
|
||||||
|
|
||||||
client_max_body_size 200M;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass {{ homeassistant_nginx_proxy_url | urlsplit('scheme') }}://backend_homeassistant;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_redirect http:// https://;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection $connection_upgrade;
|
|
||||||
}
|
|
||||||
|
|
||||||
ssl_certificate /etc/pki/tls/certs/{{ homeassistant_nginx_tls_cert_file }};
|
|
||||||
ssl_certificate_key /etc/pki/tls/private/{{ homeassistant_nginx_tls_key_file }};
|
|
||||||
}
|
|
||||||
{% endif %}
|
|
Loading…
Reference in New Issue
Block a user