Add secure gRPC support to Woodpecker agent

Add gRPC support to nginx role
2024-11-17 14:36:43 +01:00 · 2024-11-17 14:36:09 +01:00
7 changed files with 45 additions and 5 deletions
--- a/roles/nginx/defaults/main.yml
+++ b/roles/nginx/defaults/main.yml
@ -1,3 +1,4 @@
 ---
 nginx_certificate_path: /etc/sce-certbot
-nginx_sites: []
+nginx_proxy_pass: []
 nginx_grpc_pass: []
--- a/roles/nginx/tasks/grpc-pass.yml
+++ b/roles/nginx/tasks/grpc-pass.yml
@ -0,0 +1,16 @@
 ---
 - name: Install nginx template
  ansible.builtin.template:
    src: grpc-pass.j2
    dest: /etc/nginx/sites-available/{{ site_name }}
    mode: "0644"
  notify: Reload nginx
 - name: Activate nginx configuration
  ansible.builtin.file:
    src: /etc/nginx/sites-available/{{ site_name }}
    dest: /etc/nginx/sites-enabled/{{ site_name }}
    owner: root
    group: root
    state: link
  notify: Reload nginx
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -24,9 +24,17 @@
    path: /etc/nginx/passwdfile
  register: htpasswdfile
- name: Iterate over configured nginx sites
+- name: Iterate over configured nginx sites (proxy pass)
-  ansible.builtin.include_tasks: site.yml
+  ansible.builtin.include_tasks: proxy-pass.yml
-  loop: "{{ nginx_sites }}"
+  loop: "{{ nginx_proxy_pass }}"
  vars:
    site_name: "{{ item['name'] }}"
    site_port: "{{ item['port'] }}"
    site_cert: "{{ item['cert'] }}"
 - name: Iterate over configured nginx sites (grpc pass)
  ansible.builtin.include_tasks: grpc-pass.yml
  loop: "{{ nginx_grpc_pass }}"
  vars:
    site_name: "{{ item['name'] }}"
    site_port: "{{ item['port'] }}"
--- a/roles/nginx/tasks/proxy-pass.yml
+++ b/roles/nginx/tasks/proxy-pass.yml
@ -6,7 +6,7 @@
 - name: Install nginx template
  ansible.builtin.template:
-    src: nginx-server.j2
+    src: proxy-pass.j2
    dest: /etc/nginx/sites-available/{{ site_name }}
    mode: "0644"
  vars:
--- a/roles/nginx/templates/grpc-pass.j2
+++ b/roles/nginx/templates/grpc-pass.j2
@ -0,0 +1,14 @@
 # {{ ansible_managed }}
 server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name {{ site_name }};
  ssl_certificate {{ nginx_certificate_path }}/{{ site_cert }}/fullchain.pem;
  ssl_certificate_key {{ nginx_certificate_path }}/{{ site_cert }}/privkey.pem;
  location / {
    grpc_pass grpc://127.0.0.1:{{ site_port }};
  }
 }
--- a/roles/nginx/templates/nginx-server.j2
+++ b/roles/nginx/templates/nginx-server.j2
--- a/roles/podman_woodpecker_agent/tasks/agents.yml
+++ b/roles/podman_woodpecker_agent/tasks/agents.yml
@ -35,6 +35,7 @@
      WOODPECKER_HEALTHCHECK: false
      WOODPECKER_LOG_LEVEL: debug
      WOODPECKER_BACKEND: docker
      WOODPECKER_GRPC_SECURE: true
      WOODPECKER_FILTER_LABELS: "{{ podman_woodpecker_agent_filter_labels }}"
    secrets:
      - "woodpecker-agent-secret-{{ workspace_user }},type=env,target=WOODPECKER_AGENT_SECRET"
Author	SHA1	Message	Date
Ivo C.S. Wingelaar	67dad76dad	Add secure gRPC support to Woodpecker agent	2024-11-17 14:36:43 +01:00
Ivo C.S. Wingelaar	ec96953d16	Add gRPC support to nginx role	2024-11-17 14:36:09 +01:00