NMS: Add ansible playbook for front and fix VCL

Works OK, but some work is still needed, specially regarding configuration
and passwords and whatnot.

3 files changed, 103 insertions, 12 deletions

diff --git a/nms/ansible/inventory b/nms/ansible/inventory
new file mode 100644
index 0000000..8e6c8ff
--- /dev/null
+++ b/nms/ansible/inventory
@@ -0,0 +1,6 @@
+[db]
+nms-dev-db.gathering.org
+
+[nms-front]
+dockerlol
+nms-dev-db.gathering.org
diff --git a/nms/ansible/playbook.yml b/nms/ansible/playbook.yml
new file mode 100644
index 0000000..c6f558c
--- /dev/null
+++ b/nms/ansible/playbook.yml
@@ -0,0 +1,96 @@
+---
+- hosts: nms-front
+  become: false
+  tasks:
+  # Some of these are probably redundant, but kept around because it works
+  # and they aren't too bad.
+  - name: Misc packages
+    apt: name={{ item }} state=present
+    with_items:
+    - wget
+    - vim
+    - man
+    - build-essential
+    - net-tools
+    - bash-completion
+    - git-core
+    - autoconf
+    - netcat
+    - libwww-perl
+    - libmicrohttpd-dev
+    - libcurl4-gnutls-dev
+    - libedit-dev
+    - libpcre3-dev
+    - libncurses5-dev
+    - python-demjson
+    - python-docutils
+    - libtool
+    - locales
+    - screen
+    - openssh-server	
+    - libcapture-tiny-perl
+    - libcgi-pm-perl
+    - libcommon-sense-perl
+    - libdata-dumper-simple-perl
+    - libdbd-pg-perl
+    - libdbi-perl
+    - libdigest-perl
+    - libgd-perl
+    - libgeo-ip-perl
+    - libhtml-parser-perl
+    - libhtml-template-perl
+    - libimage-magick-perl
+    - libimage-magick-q16-perl
+    - libjson-perl
+    - libjson-xs-perl
+    - libnetaddr-ip-perl
+    - libnet-cidr-perl
+    - libnet-ip-perl
+    - libnet-openssh-perl
+    - libnet-oping-perl
+    - libnet-rawip-perl
+    - libnet-telnet-cisco-perl
+    - libnet-telnet-perl
+    - libsnmp-perl
+    - libsocket6-perl
+    - libsocket-perl
+    - libswitch-perl
+    - libtimedate-perl
+    - perl
+    - perl-base
+    - perl-modules
+    - varnish
+    - libfreezethaw-perl		
+    - apache2
+
+  # Note the update!
+  # 
+  # The idea here is that you run this playbook repeatedly on whatever
+  # "production" site is in use instead of manually logging in and doing
+  # changes.
+  - name: tgmanage repo
+    git: repo=https://github.com/tech-server/tgmanage.git dest=/srv/tgmanage update=true accept_hostkey=yes track_submodules=no
+
+  - name: Enable CGI
+    apache2_module: state=present name=cgid
+
+  - name: Remove default apache site
+    file: path=/etc/apache2/sites-enabled/000-default.conf  state=absent
+
+  - name: Add NMS site config
+    file: src=/srv/tgmanage/web/etc/apache2/nms.tg16.gathering.org.conf dest=/etc/apache2/sites-enabled/nms.tg16.gathering.org.conf state=link
+
+  - name: "Apache: Don't listen on 80"
+    lineinfile: line="Listen 80" state=absent dest=/etc/apache2/ports.conf
+
+  - name: "Apache: DO listen on 8080"
+    lineinfile: line="Listen 8080" state=present dest=/etc/apache2/ports.conf
+
+  - name: "Varnish: Set up VCL"
+    file: path=/etc/varnish/default.vcl src=/srv/tgmanage/web/etc/varnish/nms.vcl state=link force=true
+
+  - name: "Varnish: Remove default systemd config"
+    lineinfile: line="ExecStart=/usr/sbin/varnishd -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m" state=absent dest=/lib/systemd/system/varnish.service
+
+  - name: "Varnish: Add sensible systemd config"
+    lineinfile: line="ExecStart=/usr/sbin/varnishd -f /etc/varnish/default.vcl -s malloc,256m" state=present dest=/lib/systemd/system/varnish.service insertafter="Service"
diff --git a/web/etc/varnish/nms.vcl b/web/etc/varnish/nms.vcl
index 8ac8b46..754ecbc 100644
--- a/web/etc/varnish/nms.vcl
+++ b/web/etc/varnish/nms.vcl
@@ -1,24 +1,13 @@
 # vim: ts=8:expandtab:sw=4:softtabstop=4
 
-# Magi.
 vcl 4.0;
 
-# Mer magi.
 backend default {
     .host = "127.0.0.1";
     .port = "8080";
 }
-acl yoda {
-    "185.110.148.11";
-    "127.0.0.1";
-    "::1";
-    "2a06:5841:1337::11";
-}
-# Sort magi.
+
 sub vcl_recv {
-    if (client.ip !~ yoda) {
-        return (synth(418,"GET RECKT"));
-    }
     if (req.url ~ "^/where" || req.url ~ "^/location") {
 	set req.url = "/api/public/location";
     }