--- # After running this playbook on a new machine, you'll need either to: # - Rsync /var/www/pycon/fr/ from another server or a backup. # - Redeploy every sites (to run pelican / frozen-flask / ...). - hosts: webservers vars: nginx_public_deploy_key: | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINbgxOufHY7SxQrJNTlHmye+xeNHBA1O5SGtGhGeOVZM ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIvF5rwjx5lpjzH6B4Uce9kZhz260kkwzYvIieR189Q1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFRY4/MaxUs8+mTrCKCXpHiXdrTjpNK9MqIpSpdLtxST pyconfr-2023 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMcZWATyNJmSIejI/yugxAdtvif3aK5jc518NAiK0nEo pyconfr-2024 tasks: - name: Basic setup include_role: name=common - name: Setup PyConFr include_role: name=nginx vars: nginx_owner: pyconfr nginx_domain: pycon.fr nginx_certificates: ['pycon.fr', 'www.pycon.fr'] nginx_path: /var/www/pycon.fr/ nginx_conf: | server { listen [::]:80; listen 80; server_name .pycon.fr; return 301 https://$host$request_uri; } server { listen [::]:443 ssl http2; listen 443 ssl http2; server_name pycon.fr; include snippets/letsencrypt-pycon.fr.conf; return 301 https://www.pycon.fr$request_uri; } server { listen [::]:443 ssl http2; listen 443 ssl http2; server_name www.pycon.fr; include snippets/letsencrypt-pycon.fr.conf; root /var/www/pycon.fr/; charset utf-8; location = / { return 302 https://www.pycon.fr/2024$request_uri; } location ~ ^/2021 { return 301 https://www.pycon.fr/2023/; } location ~ ^/2022 { return 301 https://www.pycon.fr/2023/; } location ~ ^/2023/ { add_header Content-Security-Policy "default-src 'none'; object-src 'self'; frame-ancestors 'self'; form-action 'none'; base-uri 'none'; frame-src 'self' https://framacarte.org; font-src 'self'; img-src 'self' https://openstreetmap.fr; script-src 'self' 'unsafe-inline' https://framasoft.org https://framacarte.org; style-src 'self' 'unsafe-inline'"; add_header Strict-Transport-Security "max-age=63072000"; add_header X-Content-Type-Options "nosniff"; } location ~ ^/2024/ { add_header Content-Security-Policy "default-src 'none'; object-src 'self'; frame-ancestors 'self'; form-action 'none'; base-uri 'none'; frame-src 'self' https://framacarte.org; font-src 'self'; img-src 'self' https://openstreetmap.fr; script-src 'self' 'unsafe-inline' https://framasoft.org https://framacarte.org; style-src 'self' 'unsafe-inline'"; add_header Content-Security-Policy-Report-Only "default-src 'none'; object-src 'self'; frame-ancestors 'self'; form-action 'none'; base-uri 'none'; frame-src 'self' https://framacarte.org; font-src 'self'; img-src 'self' https://openstreetmap.fr; script-src 'self' https://framasoft.org https://framacarte.org; style-src 'self'"; add_header Strict-Transport-Security "max-age=63072000"; add_header X-Content-Type-Options "nosniff"; } # Prevent browsers from incorrectly detecting non-scripts as scripts add_header X-Content-Type-Options "nosniff"; rewrite ^/2018/$ /2018/fr/index/ last; rewrite ^/2018/(A-Za-z-)+/$ /2018/fr/$1/ last; } - name: Setup PyConFr 2016 include_role: name=nginx vars: nginx_domain: 2016.pycon.fr nginx_certificates: [2016.pycon.fr] nginx_conf: | server { listen [::]:80; listen 80; server_name 2016.pycon.fr; return 301 https://www.pycon.fr/2016/; } server { listen [::]:443 ssl http2; listen 443 ssl http2; server_name 2016.pycon.fr; include snippets/letsencrypt-2016.pycon.fr.conf; return 301 https://www.pycon.fr/2016/; } - name: Setup PyConFr 2012 include_role: name=nginx vars: nginx_domain: 2012.pycon.fr nginx_certificates: [2012.pycon.fr] nginx_conf: | server { listen [::]:80; listen 80; server_name 2012.pycon.fr; return 301 https://www.pycon.fr/2012/; } server { listen [::]:443 ssl http2; listen 443 ssl http2; server_name 2012.pycon.fr; include snippets/letsencrypt-2012.pycon.fr.conf; return 301 https://www.pycon.fr/2012/; } - name: Setup PyConFr 2011 include_role: name=nginx vars: nginx_domain: 2011.pycon.fr nginx_certificates: [2011.pycon.fr] nginx_conf: | server { listen [::]:80; listen 80; server_name 2011.pycon.fr; return 301 https://www.pycon.fr/2011/; } server { listen [::]:443 ssl http2; listen 443 ssl http2; server_name 2011.pycon.fr; include snippets/letsencrypt-2011.pycon.fr.conf; return 301 https://www.pycon.fr/2011/; } - name: Setup PyConFr 2010 include_role: name=nginx vars: nginx_domain: 2010.pycon.fr nginx_certificates: [2010.pycon.fr] nginx_conf: | server { listen [::]:80; listen 80; server_name 2010.pycon.fr; return 301 https://www.pycon.fr/2010/; } server { listen [::]:443 ssl http2; listen 443 ssl http2; server_name 2010.pycon.fr; include snippets/letsencrypt-2010.pycon.fr.conf; return 301 https://www.pycon.fr/2010/; } - name: Setup sigal of paullaroid.pycon.fr include_role: name=nginx vars: nginx_owner: paullaroid nginx_domain: paullaroid.pycon.fr nginx_certificates: [paullaroid.pycon.fr] nginx_path: /var/www/paullaroid.pycon.fr/ nginx_conf: | server { listen [::]:80; listen 80; server_name paullaroid.pycon.fr; return 301 https://$host$request_uri; } server { listen [::]:443 ssl http2; listen 443 ssl http2; charset utf-8; server_name paullaroid.pycon.fr; include snippets/letsencrypt-paullaroid.pycon.fr.conf; root /var/www/paullaroid.pycon.fr/; index index.html; } - name: Setup fr.pycon.org include_role: name=julienpalard.nginx vars: nginx_domain: fr.pycon.org nginx_certificates: [fr.pycon.org] nginx_conf: | server { listen [::]:80; listen 80; server_name fr.pycon.org; return 301 https://www.pycon.fr/; } server { listen [::]:443 ssl http2; listen 443 ssl http2; server_name fr.pycon.org; include snippets/letsencrypt-fr.pycon.org.conf; return 301 https://www.pycon.fr/; }