128 lines
3.8 KiB
YAML
128 lines
3.8 KiB
YAML
---
|
|
- name: novnc
|
|
hosts: all
|
|
tasks:
|
|
|
|
- name: Packages for novnc
|
|
apt:
|
|
name:
|
|
- novnc
|
|
update_cache: no
|
|
install_recommends: no
|
|
|
|
- name: /etc/systemd/system/websockify-novnc.service
|
|
blockinfile:
|
|
path: /etc/systemd/system/websockify-novnc.service
|
|
create: yes
|
|
mode: "0444"
|
|
owner: root
|
|
group: root
|
|
marker: "# {mark} tor-nas ANSIBLE MANAGED BLOCK"
|
|
block: |
|
|
[Unit]
|
|
Description=Websockify NoVNC
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
ExecStart=/usr/bin/websockify --web=/usr/share/novnc 0.0.0.0:8000 127.0.0.1:5900
|
|
KillMode=process
|
|
Restart=on-failure
|
|
RestartPreventExitStatus=255
|
|
RuntimeDirectory=websockify
|
|
RuntimeDirectoryMode=0755
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
Alias=websockify-novnc.service
|
|
backup: yes
|
|
notify:
|
|
- Restart websockify-novnc
|
|
|
|
- name: 'add websockify-novnc to startup'
|
|
command: systemctl enable websockify-novnc
|
|
args:
|
|
creates: /etc/systemd/system/multi-user.target.wants/websockify-novnc.service
|
|
|
|
- name: /home/docker/traefik/providers/novnc.yml Webmin<->Traefik provider
|
|
blockinfile:
|
|
path: /home/docker/traefik/providers/novnc.yml
|
|
create: yes
|
|
mode: 0444
|
|
owner: root
|
|
group: docker
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK"
|
|
block: |
|
|
http:
|
|
routers:
|
|
novnc:
|
|
rule: "Host(`novnc.{{inventory_hostname}}`)"
|
|
service: novnc
|
|
entryPoints:
|
|
- "https"
|
|
tls:
|
|
certresolver: letsencrypt
|
|
middlewares:
|
|
- "secHeaders@file"
|
|
- "auth-novnc"
|
|
services:
|
|
novnc:
|
|
loadBalancer:
|
|
servers:
|
|
- url: "http://192.168.41.1:8000"
|
|
middlewares:
|
|
auth-novnc:
|
|
basicauth:
|
|
usersFile: "/etc/traefik/providers.local/novnc.usersfile"
|
|
removeHeader: true
|
|
|
|
- name: /home/docker/traefik.{{inventory_hostname}}/novnc-genpw.sh (generate Random PW for noVNC basic-auth)
|
|
blockinfile:
|
|
path: /home/docker/traefik.{{inventory_hostname}}/novnc-genpw.sh
|
|
create: yes
|
|
mode: 0550
|
|
owner: root
|
|
group: docker
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK"
|
|
block: |
|
|
cd /home/docker/traefik.{{inventory_hostname}}
|
|
user=admin
|
|
password=$(pwgen -s 32 1)
|
|
matrixadminpassword=$(pwgen -s 32 1)
|
|
|
|
[ -f novnc-env ] || echo "USER=!USER!
|
|
PASSWORD=!PASSWORD!
|
|
" >novnc-env
|
|
|
|
chmod 440 novnc-env
|
|
chown root:docker novnc-env
|
|
sed -i "s/\!USER\!/$user/g" novnc-env
|
|
sed -i "s/\!PASSWORD\!/$password/g" novnc-env
|
|
|
|
. novnc-env
|
|
echo $(htpasswd -nb $USER $PASSWORD) | sed -e s/\\$/\\$\\$/g >providers/novnc.usersfile
|
|
|
|
backup: yes
|
|
validate: /bin/bash -n %s
|
|
|
|
- name: /home/docker/matrix.{{inventory_hostname}}/novnc-genpw.sh shebang
|
|
lineinfile:
|
|
path: /home/docker/matrix.{{inventory_hostname}}/novnc-genpw.sh
|
|
insertbefore: BOF
|
|
line: "#!/bin/bash -e"
|
|
|
|
- name: Gen initial password if not exists
|
|
ansible.builtin.shell: ./novnc-genpw.sh
|
|
args:
|
|
chdir: /home/docker/traefik.{{inventory_hostname}}
|
|
creates: /home/docker/traefik.{{inventory_hostname}}/providers/novnc.usersfile
|
|
|
|
|
|
handlers:
|
|
|
|
- name: Restart websockify-novnc
|
|
service:
|
|
name: websockify-novnc
|
|
state: restarted
|
|
|