Ansible/domjudge
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Feat(domserver): docker compose testing #1

Merged
ytshih merged 16 commits from ytshih/testing into main 2025-04-07 20:44:26 +08:00
Conversation 0 Commits 16 Files Changed 29 +94
5 changed files with 94 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 43ee35f6a3 - Show all commits

9
README.md
View File

@@ -1 +1,10 @@
# Ansible / domjudge # Ansible / domjudge
## Usage
1. Fill in the vars in `group_vars`.
2. Fill in `domserver` and `judgehost` machine ips in `hosts` file.
3. Run `ansible-playbook playbooks/domserver`.
4. Run `ansible-playbook playbooks/judgehost`.
5. Put web cert and key to `/etc/haproxy/cert.pem` on domserver.
6. Check if judgehost been registered.

1
playbooks/domserver.yml
View File

@@ -4,3 +4,4 @@
roles: roles:
- role: install_packages - role: install_packages
- role: configure_domserver - role: configure_domserver
- role: configure_haproxy

52
roles/configure_haproxy/files/haproxy.cfg Normal file
View File

@@ -0,0 +1,52 @@
global
default-path config
#zero-warning
maxconn 20000
log 127.0.0.1 local0
user haproxy
#pidfile /run/haproxy.pid
hard-stop-after 5m
daemon
user haproxy
group haproxy
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
# default settings common to all HTTP proxies below
defaults
mode http
log global
timeout client 1m
timeout server 1m
timeout connect 10s
timeout http-keep-alive 2m
timeout queue 15s
timeout tunnel 4h # for websocket
frontend external
bind :443 name secure ssl crt /etc/haproxy/cert.pem
.if feature(QUIC)
bind quic4@:443 name quic ssl crt /etc/haproxy/cert.pem
http-response add-header alt-svc 'h3=":443"; ma=90000'
.endif
http-request redirect scheme https code 308 unless { ssl_fc }
http-request del-header x-forwarded-for
option forwardfor
option httplog
http-request set-header X-Forwarded-Proto https if { ssl_fc }
# enable HTTP compression of text contents
compression algo deflate gzip
compression type text/ application/javascript application/xhtml+xml image/x-icon
default_backend domserver
backend domserver
balance leastconn
option abortonclose
server gitea1 127.0.0.1:8080 maxconn 100 check inter 1s

5
roles/configure_haproxy/handlers/main.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- name: Restart haproxy
ansible.builtin.systemd_service:
name: haproxy.service
state: restarted

27
roles/configure_haproxy/tasks/main.yml Normal file
View File

@@ -0,0 +1,27 @@
---
- name: Update package cache
community.general.pacman:
update_cache: true
- name: Install haproxy
community.general.pacman:
pkg:
- haproxy
notify: Upgrade packages
- name: Install haproxy.cfg
ansible.builtin.copy:
src: haproxy.cfg
dest: /etc/haproxy/haproxy.cfg
mode: '0644'
owner: haproxy
group: haproxy
notify: Restart haproxy
- name: Prompt for manually install cert
ansible.builtin.pause:
prompt: "Make sure the cert and key pair are store in /etc/haproxy/cert.pem"
- name: Enable and start haproxy
ansible.builtin.systemd_service:
name: haproxy.service
state: started
enabled: true