feat: servidor de testing

fix: debuguear el template
fix: faltaba resolver la variable
2025-12-08 13:54:59 -03:00 · 2025-12-08 13:54:47 -03:00 · 2025-12-08 13:54:39 -03:00 · 2025-12-06 12:08:19 -03:00 · 2025-12-01 17:31:18 +00:00 · 2025-12-01 14:30:01 -03:00
11 changed files with 112 additions and 64 deletions
--- a/abyayala.yml
+++ b/abyayala.yml
@ -14,7 +14,6 @@ matrix:
    roles:
      - rap
    nodos:
-      - llavero
      - marmite
      - nodochasqui
      - yanapak
@ -59,6 +58,7 @@ matrix:
      - carabobolibre
      - samatuun
      - kaasavi
+      - llavero

  - service_name: respaldos
    domains:
@ -226,3 +226,9 @@ matrix:
      - kaasavi.abyaya.la
    nodo: kaasavi.comun
    force_https: yes
+
+  - service_name: llavero
+    domains:
+      - llavero.abyaya.la
+    nodo: llavero.comun
+    force_https: yes
--- a/group_vars/testing/vars
+++ b/group_vars/testing/vars
@ -0,0 +1,2 @@
+host_ip: 157.180.114.62
+main_zone: abyayala.red
--- a/hosts.production
+++ b/hosts.production
@ -1,5 +1,5 @@
 [localhost]
-127.0.0.1
+127.0.0.1 ansible_connection=local

 [hetzner]
 5.161.236.18
@ -11,3 +11,9 @@ ansible_ssh_user=root
 sutty.nl

 [sutty:vars]
+
+[testing]
+157.180.114.62
+
+[testing:vars]
+ansible_ssh_user=root
--- a/roles/althost/tasks/compose.yml
+++ b/roles/althost/tasks/compose.yml
@ -1,13 +1,13 @@
    - name: check if service volumes exists
-      local_action:
-        module: stat
+      stat:
        path: "{{ playbook_dir }}/roles/{{ item.roles[0] | default('proxy') }}/templates/volumes.yml"
+      delegate_to: localhost
      register: volumes_def

    - name: check if service networks exists
-      local_action:
-        module: stat
+      stat:
        path: "{{ playbook_dir }}/roles/{{ item.roles[0] | default('proxy') }}/templates/networks.yml"
+      delegate_to: localhost
      register: networks_def

    - set_fact:
@ -22,53 +22,53 @@
      when: networks_def.stat.exists

    - name: define services in local composition
-      local_action:
-        module: blockinfile
+      blockinfile:
        path: "{{ local_compose_path }}/docker-compose.yml"
        insertafter: "services:"
        marker: "# {mark} {{ service_name|upper }}"
        block: "{{ services_content }}"
+      delegate_to: localhost
      changed_when: false

    - name: define volumes in local composition
-      local_action:
-        module: lineinfile
+      lineinfile:
        path: "{{ local_compose_path }}/docker-compose.yml"
        insertafter: "# volumenes compartidos"
        line: "volumes: #"
        state: present
        regexp: "volumes: #"
+      delegate_to: localhost
      when: volumes_def.stat.exists
      changed_when: false

    - name: define volumes content in local composition
-      local_action:
-        module: lineinfile
+      lineinfile:
        path: "{{ local_compose_path }}/docker-compose.yml"
        insertafter: "volumes: #"
        line: "{{ volumes_content }}"
        state: present
        regexp: "{{ volumes_content }}"
+      delegate_to: localhost
      when: volumes_content is defined
      changed_when: false

    - name: define networks in local composition
-      local_action:
-        module: lineinfile
+      lineinfile:
        path: "{{ local_compose_path }}/docker-compose.yml"
        insertafter: "# redes compartidas"
        line: "networks: #"
        state: present
        regexp: "networks: #"
+      delegate_to: localhost
      when: networks_def.stat.exists
      changed_when: false

    - name: define networks content in local composition
-      local_action:
-        module: lineinfile
+      lineinfile:
        path: "{{ local_compose_path }}/docker-compose.yml"
        insertafter: "networks: #"
        line: "{{ networks_content }}"
        state: present
+      delegate_to: localhost
      when: networks_content is defined
      changed_when: false
--- a/roles/althost/tasks/main.yml
+++ b/roles/althost/tasks/main.yml
@ -1,28 +1,46 @@
    # DOCKER CE this is specific for Debian
    # https://docs.docker.com/install/linux/docker-ce/debian/
+    # Soporta Debian 12 (bookworm) y Debian 13 (trixie)
    - block:
      - name: "unattended upgrades"
        apt:
          name: "unattended-upgrades"
          state: "present"
-              
+
      - name: required packages
        apt:
-          name: ['apt-transport-https', 'ca-certificates', 'curl', 'gnupg2', 'software-properties-common', 'python3-pip']
+          name: ['ca-certificates', 'curl', 'python3-pip']
          state: present

-      - name: docker signing key
-        apt_key:
+      - name: create keyrings directory
+        file:
+          path: /etc/apt/keyrings
+          state: directory
+          mode: '0755'
+
+      - name: download docker gpg key
+        get_url:
          url: https://download.docker.com/linux/debian/gpg
-          state: present
-        
-      - name: docker apt repository
-        apt_repository:
-          repo: deb [arch=amd64] https://download.docker.com/linux/debian bookworm stable
+          dest: /etc/apt/keyrings/docker.asc
+          mode: '0644'

-      - name: install docker community edition
+      - name: add docker repository with deb822 format
+        deb822_repository:
+          name: docker
+          types: [deb]
+          uris: https://download.docker.com/linux/debian
+          suites: ["{{ ansible_distribution_release }}"]
+          components: [stable]
+          architectures: [amd64]
+          signed_by: /etc/apt/keyrings/docker.asc
+
+      - name: install docker community edition and compose plugin
        apt:
-          name: docker-ce
+          name:
+            - docker-ce
+            - docker-ce-cli
+            - containerd.io
+            - docker-compose-plugin
          update_cache: yes

      - name: is node already in swarm mode
@ -48,23 +66,11 @@
          state: present

      # ansible-docker requirements
-      - name: python package docker-py is deprecated
-        pip:
-          name: docker-py
-          state: absent
-          break_system_packages: true
-
-      - name: ensure python package docker is present
-        pip:
-          name: docker
+      # Use system packages instead of pip to avoid break_system_packages
+      - name: ensure python3-docker package is present
+        apt:
+          name: python3-docker
          state: present
-          break_system_packages: true
-
-      - name: ensure python package docker-compose is present
-        pip:
-          name: docker-compose
-          state: present
-          break_system_packages: true

      tags: installation

@ -74,16 +80,16 @@
        file: path={{ compose_path }} state=directory
      
      - name: make sure local compose path exists
-        local_action:
-          module: file
-          path: "{{ local_compose_path }}" 
+        file:
+          path: "{{ local_compose_path }}"
          state: directory
+        delegate_to: localhost

      - name: clean docker-compose.yml
-        local_action:
-          module: template
+        template:
          dest: "{{ local_compose_path }}/docker-compose.yml"
          src: roles/althost/templates/docker-compose.yml
+        delegate_to: localhost
        changed_when: false

      - name: execute roles per domain mapping
--- a/roles/knsupdate/tasks/update_domain.yml
+++ b/roles/knsupdate/tasks/update_domain.yml
@ -3,7 +3,7 @@

    - name: extract zone and hostname for main zone subdomains
      set_fact:
-        zone: main_zone ~ '.'
+        zone: "{{ main_zone ~ '.' }}"
        hostname: "{{ domain | regex_replace('([a-z0-9-]+)\\.' ~ main_zone|regex_escape , '\\1') }}"
      when: is_abyayala_subdomain

@ -29,6 +29,8 @@
        zone: "{{ domain_parts[-2:] | join('.') }}."
        hostname: "{{ domain_parts[:-2] | join('.') if domain_parts | length > 2 else '@' }}"
      when: not is_abyayala_subdomain and not uses_compound_tld
+    - debug:
+        msg: "{{ lookup('template', 'templates/commands.j2') }}"

    - name: knsupdate for this domain
      shell: knsupdate
--- a/roles/proxy/files/custom_proxy_includes/sutty.abyaya.la
+++ b/roles/proxy/files/custom_proxy_includes/sutty.abyaya.la
@ -1,11 +0,0 @@
-proxy_buffering off;
-proxy_request_buffering off;
-proxy_redirect off;
-proxy_connect_timeout 3m;
-proxy_send_timeout 3m;
-proxy_read_timeout 3m;
-
-limit_conn connection_limit 50;
-limit_req zone=request_limit nodelay burst=20;
-
-add_header Retry-After $retry_after always;
--- a/roles/proxy/files/custom_server_includes/sutty.abyaya.la
+++ b/roles/proxy/files/custom_server_includes/sutty.abyaya.la
@ -1,4 +0,0 @@
-add_header X-Frame-Options "sameorigin";
-add_header X-XSS-Protection "1; mode=block";
-add_header X-Content-Type-Options "nosniff";
-add_header Referrer-Policy "strict-origin-when-cross-origin";
--- a/roles/proxy/templates/common.conf
+++ b/roles/proxy/templates/common.conf
@ -0,0 +1,4 @@
+    add_header X-Frame-Options "sameorigin";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options "nosniff";
+    add_header Referrer-Policy "strict-origin-when-cross-origin";
--- a/roles/proxy/templates/default_proxy.conf
+++ b/roles/proxy/templates/default_proxy.conf
@ -12,7 +12,9 @@

        gzip_disable "msie6";
        {% endif %}
+
        client_max_body_size 1G;
+
        proxy_ssl_verify off;
        proxy_ssl_server_name on;
        proxy_ssl_name $ssl_server_name;
@ -27,6 +29,18 @@
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection upgrade;

+        proxy_buffering off;
+        proxy_request_buffering off;
+        proxy_redirect off;
+        proxy_connect_timeout 3m;
+        proxy_send_timeout 3m;
+        proxy_read_timeout 3m;
+
+        limit_conn connection_limit 50;
+        limit_req zone=request_limit nodelay burst=20;
+
+        add_header Retry-After $retry_after always;
+
        {% include "files/custom_proxy_includes/" ~ vhost.domains[0] ignore missing %}
 }
      # END PROXY
--- a/testnet.yml
+++ b/testnet.yml
@ -0,0 +1,23 @@
+althost: testnet
+matrix:
+  - service_name: comun
+    roles:
+      - kemal
+    domains:
+      - comun.abyayala.red
+
+  - service_name: dns
+    roles:
+      - knsupdate
+
+  - service_name: vpn
+    roles:
+      - rap
+    nodos:
+      - qi
+
+  - service_name: qi
+    domains:
+      - qi.abyayala.red
+    nodo: qi.comun
+#    force_https: yes
Author	SHA1	Message	Date
f	57c31fbd98	feat: servidor de testing	2025-12-08 13:54:59 -03:00
f	ce103e4eda	fix: debuguear el template	2025-12-08 13:54:47 -03:00
f	4979f6f8b8	fix: faltaba resolver la variable	2025-12-08 13:54:39 -03:00
f	ad5e18bda2	Merge branch 'master' into feat/parametrizar_redes	2025-12-06 12:08:19 -03:00
Numerica	a973291506	Merge pull request 'WIP fix instalacion de Abyayala toolkit' (#79 ) from fix_installation into master Reviewed-on: #79 Reviewed-by: fauno <fauno@sutty.coop.ar> Testeado por Pirra	2025-12-01 17:31:18 +00:00
Beta	43ea3c9a58	Merge branch 'master' into fix_installation	2025-12-01 14:30:01 -03:00
pirra	4bec6e7fae	agregue llavero	2025-11-28 13:16:06 -06:00
Beta	08a9a38fa5	Merge branch 'testing' into fix_installation	2025-11-26 18:20:29 -03:00
Beta	51bd9c9935	feat: agregar configuración group_vars para host testing - Definir host_ip: 157.180.114.62 - Requerido por rol knsupdate y certbot	2025-11-26 18:13:55 -03:00
Beta	4f18275831	Merge branch 'fix-apt-modules-deprecated' into fix_installation	2025-11-26 18:07:23 -03:00
Beta	82f6c62803	fix: actualizar prerequisitos para compatibilidad Debian 12 y 13 - Eliminar software-properties-common (no existe en Debian, solo Ubuntu) - Eliminar apt-transport-https (incluido por defecto en Debian moderno) - Eliminar gnupg2 (no requerido explícitamente) - Mantener solo paquetes esenciales: ca-certificates, curl, python3-pip Cumple con requisitos oficiales de Docker para Debian: https://docs.docker.com/engine/install/debian/ Compatible con Debian 12 (bookworm) y 13 (trixie)	2025-11-26 18:05:47 -03:00
Beta	dcc6fe2f48	Merge branch 'fix-local-action-deprecated' into fix_installation	2025-11-26 17:59:40 -03:00
Beta	7b16934a17	Merge branch 'testing' into fix_installation	2025-11-26 17:44:55 -03:00
Beta	0e2d64d39e	actualizacion de deprecaciones en instalacion	2025-11-26 17:42:40 -03:00
Beta	b750293414	Merge branch 'fix-python-modules-deprecated' into merge_fixes	2025-11-26 17:40:42 -03:00
Beta	1ab755fb10	Merge branch 'fix-apt-modules-deprecated' into merge_fixes	2025-11-26 17:40:18 -03:00
Beta	7e04c03370	Merge branch 'fix-debian-version-detection' into merge_fixes	2025-11-26 17:37:37 -03:00
Beta	cdadee266e	proxy nodo llavero	2025-11-26 16:32:29 -03:00
Beta	733c9930e2	fix: reemplazar local_action deprecado con delegate_to - Reemplazar 9 usos de local_action con delegate_to: localhost - 7 cambios en compose.yml (stat, blockinfile, lineinfile) - 2 cambios en main.yml (file, template) - Agregar ansible_connection=local en hosts.production para localhost Beneficios: - Cumple con mejores prácticas de Ansible - Sintaxis moderna y no deprecada - Evita intentos de conexión SSH a localhost - Mismo comportamiento funcional que local_action Refs: - https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_delegation.html	2025-11-26 16:29:00 -03:00
Beta	71e6eb9429	fix: reemplazar apt_key y apt_repository deprecados con deb822 - Reemplazar apt_key con get_url + keyrings directory - Reemplazar apt_repository con deb822_repository (formato moderno) - Detección automática de Debian 12 (bookworm) y 13 (trixie) - Llave GPG específica por repositorio (más seguro) - Requiere Ansible 2.15+ Beneficios: - Formato DEB822 moderno y no deprecado - Mayor seguridad con llaves por repositorio - Compatible con Debian 12 y 13 - Cumple con mejores prácticas actuales Refs: - https://docs.ansible.com/ansible/latest/collections/ansible/builtin/deb822_repository_module.html - https://manpages.debian.org/bookworm/apt/sources.list.5.en.html	2025-11-26 16:10:51 -03:00
Beta	6ed17848cd	fix: eliminar módulos Python deprecados y break_system_packages Cambios realizados: - Instalar Docker Compose v2 via docker-compose-plugin (apt) en lugar de pip - Especificar paquetes Docker explícitamente: docker-ce, docker-ce-cli, containerd.io, docker-compose-plugin - Reemplazar instalación de python-docker via pip por python3-docker desde apt - Eliminar break_system_packages que rompe aislamiento PEP 668 - Eliminar instalación obsoleta de docker-compose via pip Beneficios: - Cumple con PEP 668 (externally managed environments) - Docker Compose v2 más rápido y mejor integrado - Gestión de paquetes más limpia y mantenible - Compatible con Debian 12 y 13 Refs: - https://peps.python.org/pep-0668/ - https://docs.docker.com/compose/install/linux/ - https://packages.debian.org/bookworm/python3-docker	2025-11-26 15:54:08 -03:00
Beta	fd57ecd546	fix: soporte automático para Debian 12 y 13 en repositorio Docker - Reemplaza 'bookworm' hardcodeado con detección automática usando ansible_distribution_release - Agrega validación explícita que solo permite Debian 12 (bookworm) o 13 (trixie) - Mensaje de error claro si se intenta usar en versión no soportada - Comentarios actualizados indicando versiones soportadas Esto permite que el rol funcione automáticamente en Debian 12 y 13 sin necesidad de cambios manuales en el código. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-26 15:17:46 -03:00
Beta	7cdf7bb885	ej de test net	2025-11-26 14:41:57 -03:00
Beta	ecab24c02f	VPS 4 testing	2025-11-26 13:11:59 -03:00
Numerica	a3863b9465	Merge pull request 'issue-39-default' (#72 ) from issue-39-default into master Reviewed-on: #72 closes #39 o no??	2025-11-20 22:34:44 +00:00
Beta	a27a86ce6b	asi seria dejar todo esto default para todos los vhosts pero especificarlos en roles/proxy/files/custom, los sobrescribiria a estos o no? es deseable que si cerraria PR #65	2025-10-23 18:30:20 -03:00