debian.ansible.novnc.server/novnc.yml

127 lines
3.5 KiB
YAML
Raw Normal View History

2022-07-10 10:51:03 +02:00
---
- name: novnc
2022-07-19 17:13:37 +02:00
hosts: all
2022-07-10 10:51:03 +02:00
tasks:
- name: Packages for novnc
apt:
name:
- novnc
update_cache: no
install_recommends: no
- name: /etc/systemd/system/websockify-novnc.service
blockinfile:
path: /etc/systemd/system/websockify-novnc.service
create: yes
mode: "0444"
owner: root
group: root
2024-11-26 12:08:01 +01:00
marker: "# {mark} ANSIBLE MANAGED BLOCK"
2022-07-10 10:51:03 +02:00
block: |
[Unit]
Description=Websockify NoVNC
After=network.target
[Service]
Type=simple
ExecStart=/usr/bin/websockify --web=/usr/share/novnc 0.0.0.0:8000 127.0.0.1:5900
KillMode=process
Restart=on-failure
RestartPreventExitStatus=255
RuntimeDirectory=websockify
RuntimeDirectoryMode=0755
[Install]
WantedBy=multi-user.target
Alias=websockify-novnc.service
backup: yes
notify:
- Restart websockify-novnc
- name: 'add websockify-novnc to startup'
command: systemctl enable websockify-novnc
args:
creates: /etc/systemd/system/multi-user.target.wants/websockify-novnc.service
2023-08-11 15:49:45 +02:00
- name: /home/docker/traefik/providers/novnc.yml noVNC<->Traefik provider
2022-07-10 10:51:03 +02:00
blockinfile:
path: /home/docker/traefik/providers/novnc.yml
create: yes
mode: 0444
owner: root
group: docker
marker: "# {mark} ANSIBLE MANAGED BLOCK"
block: |
http:
routers:
novnc:
rule: "Host(`novnc.{{inventory_hostname}}`)"
service: novnc
entryPoints:
- "https"
tls:
2022-11-05 15:09:42 +01:00
certresolver: letsencrypt
2022-07-10 10:51:03 +02:00
middlewares:
- "secHeaders@file"
- "auth-novnc"
services:
novnc:
loadBalancer:
servers:
- url: "http://192.168.41.1:8000"
middlewares:
auth-novnc:
basicauth:
2023-08-11 15:30:46 +02:00
usersFile: "/etc/traefik/providers.local/novnc.usersfile"
removeHeader: true
2023-08-11 15:36:02 +02:00
- name: /home/docker/traefik/novnc-genpw.sh (generate Random PW for noVNC basic-auth)
2023-08-11 15:30:46 +02:00
blockinfile:
2023-08-11 15:36:02 +02:00
path: /home/docker/traefik/novnc-genpw.sh
2023-08-11 15:30:46 +02:00
create: yes
mode: 0550
owner: root
group: docker
marker: "# {mark} ANSIBLE MANAGED BLOCK"
block: |
2023-08-11 15:36:02 +02:00
cd /home/docker/traefik
2023-08-11 15:30:46 +02:00
user=admin
password=$(pwgen -s 32 1)
[ -f novnc-env ] || echo "USER=!USER!
PASSWORD=!PASSWORD!
" >novnc-env
chmod 440 novnc-env
chown root:docker novnc-env
sed -i "s/\!USER\!/$user/g" novnc-env
sed -i "s/\!PASSWORD\!/$password/g" novnc-env
. novnc-env
2023-08-11 15:43:37 +02:00
echo $(htpasswd -nb $USER $PASSWORD) >providers/novnc.usersfile
2023-08-11 15:30:46 +02:00
backup: yes
validate: /bin/bash -n %s
2023-08-11 15:36:02 +02:00
- name: /home/docker/traefik/novnc-genpw.sh shebang
2023-08-11 15:30:46 +02:00
lineinfile:
2023-08-11 15:36:02 +02:00
path: /home/docker/traefik/novnc-genpw.sh
2023-08-11 15:30:46 +02:00
insertbefore: BOF
line: "#!/bin/bash -e"
- name: Gen initial password if not exists
ansible.builtin.shell: ./novnc-genpw.sh
args:
2023-08-11 15:36:02 +02:00
chdir: /home/docker/traefik
creates: /home/docker/traefik/providers/novnc.usersfile
2022-07-10 10:51:03 +02:00
handlers:
- name: Restart websockify-novnc
service:
name: websockify-novnc
state: restarted