forked from usegalaxy-it/infrastructure-playbook
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathincoming.yml
79 lines (70 loc) · 2.05 KB
/
incoming.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# Autofs
usegalaxy_eu_autofs_mounts:
- data
data_conf:
- jwd -rw,hard,nosuid denbi.svm.bwsfs.uni-freiburg.de:/ws01/&
# GALAXY
galaxy_group:
name: galaxy
gid: 999
galaxy_system_group: galaxy
galaxy_user:
name: galaxy
create_home: true
home: /opt/galaxy
uid: 999
shell: /bin/bash
galaxy_config:
galaxy:
ftp_upload_dir: /data/jwd/incoming
# Certbot
server_names:
- 'www.usegalaxy.it'
- 'laniakea.usegalaxy.it'
#- 'ftp.usegalaxy.eu'
#- 'incoming.galaxyproject.eu'
certbot_auto_renew_hour: "{{ 23 |random(seed=inventory_hostname) }}"
certbot_auto_renew_minute: "{{ 59 |random(seed=inventory_hostname) }}"
certbot_auth_method: --webroot
certbot_install_method: virtualenv
certbot_auto_renew: yes
certbot_auto_renew_user: root
certbot_well_known_root: /srv/nginx/_well-known_root
certbot_share_key_users:
- nginx
- proftpd
certbot_post_renewal: |
systemctl restart proftpd || true
certbot_domains: "{{ server_names }}"
certbot_agree_tos: --agree-tos
certbot_virtualenv_package_name: python3-virtualenv
# NGINX
nginx_selinux_allow_local_connections: true
nginx_servers:
- redirect-ssl
nginx_ssl_servers:
- ftp
nginx_enable_default_server: false
nginx_ssl_role: usegalaxy-eu.certbot
nginx_conf_ssl_certificate: /etc/ssl/certs/fullchain.pem
nginx_conf_ssl_certificate_key: /etc/ssl/user/privkey-nginx.pem
# Proftpd:
proftpd_galaxy_auth: yes
galaxy_ftp_upload_dir: "{{ galaxy_config.galaxy.ftp_upload_dir }}"
proftpd_display_connect: |
{{ inventory_hostname }} FTP server
Unauthorized access is prohibited
proftpd_options:
- User: galaxy
- Group: galaxy
- Port: 21
proftpd_sql_db: "{{ proftpd__galaxy_db_connection }}"
proftpd_sql_user: ''
proftpd_conf_ssl_certificate: /etc/ssl/certs/cert.pem
proftpd_conf_ssl_certificate_key: /etc/ssl/user/privkey-proftpd.pem
proftpd_conf_ssl_ca_certificate: /etc/letsencrypt/live/ftp.usegalaxy.eu/chain.pem
proftpd_global_options:
- PassivePorts: 49152 65534
- TransferLog: /var/log/proftpd/xfer.log
proftpd_use_mod_tls_shmcache: false
proftpd_tls_options: NoSessionReuseRequired