v0.1

2025-07-20 14:53:12 +03:00
commit cd2f49ea82
234 changed files with 52038 additions and 0 deletions
--- a/playbooks/roles/nginx-first-start/files/docker_files/certbot/Dockerfile
+++ b/playbooks/roles/nginx-first-start/files/docker_files/certbot/Dockerfile
@@ -0,0 +1,19 @@
+
+#облегченный образ дебиан
+FROM registry-1.docker.io/library/ubuntu:latest
+LABEL authors="RONIS"
+
+# Обновление и установка необходимых пакетов с последующей очисткой
+RUN sed -i 's|http://archive.ubuntu.com|http://mirror.yandex.ru/ubuntu|' /etc/apt/sources.list && \
+    apt update && apt  install -y certbot python3-certbot-nginx cron && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
+COPY check_and_create_cert.sh  ./
+
+# Проверка наличия сертификата для домена
+RUN chmod +x ./check_and_create_cert.sh && echo "0 0 1 * * certbot renew --quiet" | tee -a /etc/crontab > /dev/null
+
+
+# Запуск скрипта в контейнере при старте "& cron -f" обеспечивает запуск процесса для поддержки контейнера 
+CMD bash -c "./check_and_create_cert.sh & cron -f"
+
--- a/playbooks/roles/nginx-first-start/files/docker_files/certbot/check_and_create_cert.sh
+++ b/playbooks/roles/nginx-first-start/files/docker_files/certbot/check_and_create_cert.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+set -e
+if certbot certificates | grep -q "No certificates found."; then
+    echo "Сертификат не найден. Создаю новый..."
+    certbot certonly --webroot -w /var/www/certbot/  -d $DOMAIN_URL -d $GIT_DOMAIN -d $DRONE_DOMAIN -m $DOMAIN_EMAIL -d $GRAFANA_DOMAIN --agree-tos --no-eff-email --non-interactive --config-dir /etc/letsencrypt --work-dir /var/lib/letsencrypt --logs-dir /var/log/letsencrypt
+else
+    echo "Сертификат уже существует."
+    certbot renew -n
+fi
--- a/playbooks/roles/nginx-first-start/files/docker_files/nginx-compose.yaml
+++ b/playbooks/roles/nginx-first-start/files/docker_files/nginx-compose.yaml
@@ -0,0 +1,54 @@
+services:
+  nginx:
+    container_name: nginx
+    image: nginx:1.28.0-bookworm
+    environment:
+      USER_ID: 1000
+      USER_GID: 1001
+    ports:
+      - "80:80"
+
+    volumes:
+      - /srv/proxy/nginx/:/etc/nginx/:ro
+      - /srv/proxy/certbot/letsencrypt:/etc/letsencrypt:ro
+      - /srv/proxy/certbot/www/:/var/www/certbot/
+      - /srv/log/nginx:/var/log/nginx
+      - /srv/proxy/static:/usr/share/nginx/static:ro
+
+    restart: unless-stopped
+    networks:
+      - cicd_net
+      - nginx_net
+      - test_net
+      - prod_net
+      - monitoring_net
+
+  certbot:
+    container_name: certbot
+    build: certbot
+    env_file:
+      - .env
+    volumes:
+      - /srv/proxy/certbot/letsencrypt:/etc/letsencrypt
+      - /srv/proxy/certbot/www/:/var/www/certbot
+      - /srv/proxy/log/letsencrypt:/var/log/letsencrypt
+    restart: unless-stopped
+    user: root
+    depends_on:
+      - nginx
+    networks:
+      - nginx_net
+    dns:
+      - 8.8.8.8
+
+networks:
+  nginx_net:
+    external: true
+  cicd_net:
+    external: true
+  test_net:
+    external: true
+  prod_net:
+    external: true
+  monitoring_net:
+    external: true
--- a/playbooks/roles/nginx-first-start/files/nginx/nginx.conf
+++ b/playbooks/roles/nginx-first-start/files/nginx/nginx.conf
@@ -0,0 +1,19 @@
+
+
+worker_processes auto;
+
+events {
+    worker_connections 1024;
+}
+http{server {
+    listen 80;
+    server_name ronis0505.tech git.ronis0505.tech drone.ronis0505.tech grafana.ronis0505.tech;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}}