AFPy/infra
AFPy
/
infra
9
0
Fork 2
Code Issues 5 Pull Requests Projects Releases Wiki Activity
infra/pycon.fr.yml

206 lines
7.4 KiB
YAML
Raw Permalink Blame History

---
# After running this playbook on a new machine, you'll need either to:
# - Rsync /var/www/pycon/fr/ from another server or a backup.
# - Redeploy every sites (to run pelican / frozen-flask / ...).
- hosts: webservers
vars:
nginx_public_deploy_key: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINbgxOufHY7SxQrJNTlHmye+xeNHBA1O5SGtGhGeOVZM
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIvF5rwjx5lpjzH6B4Uce9kZhz260kkwzYvIieR189Q1
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFRY4/MaxUs8+mTrCKCXpHiXdrTjpNK9MqIpSpdLtxST pyconfr-2023
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMcZWATyNJmSIejI/yugxAdtvif3aK5jc518NAiK0nEo pyconfr-2024
tasks:
- name: Basic setup
include_role: name=common
- name: Setup PyConFr
include_role: name=nginx
vars:
nginx_owner: pyconfr
nginx_domain: pycon.fr
nginx_certificates: ['pycon.fr', 'www.pycon.fr']
nginx_path: /var/www/pycon.fr/
nginx_conf: |
server
{
listen [::]:80; listen 80;
server_name .pycon.fr;
return 301 https://$host$request_uri;
}
server
{
listen [::]:443 ssl http2; listen 443 ssl http2;
server_name pycon.fr;
include snippets/letsencrypt-pycon.fr.conf;
return 301 https://www.pycon.fr$request_uri;
}
server
{
listen [::]:443 ssl http2; listen 443 ssl http2;
server_name www.pycon.fr;
include snippets/letsencrypt-pycon.fr.conf;
root /var/www/pycon.fr/;
charset utf-8;
location = / {
return 302 https://www.pycon.fr/2024$request_uri;
}
location ~ ^/2021 {
return 301 https://www.pycon.fr/2023/;
}
location ~ ^/2022 {
return 301 https://www.pycon.fr/2023/;
}
location ~ ^/2023/ {
add_header Content-Security-Policy "default-src 'none'; object-src 'self'; frame-ancestors 'self'; form-action 'none'; base-uri 'none'; frame-src 'self' https://framacarte.org; font-src 'self'; img-src 'self' https://openstreetmap.fr; script-src 'self' 'unsafe-inline' https://framasoft.org https://framacarte.org; style-src 'self' 'unsafe-inline'";
add_header Strict-Transport-Security "max-age=63072000";
add_header X-Content-Type-Options "nosniff";
}
location ~ ^/2024/ {
add_header Content-Security-Policy "default-src 'none'; object-src 'self'; frame-ancestors 'self'; form-action 'none'; base-uri 'none'; frame-src 'self' https://framacarte.org; font-src 'self'; img-src 'self' https://openstreetmap.fr; script-src 'self' 'unsafe-inline' https://framasoft.org https://framacarte.org; style-src 'self' 'unsafe-inline'";
add_header Content-Security-Policy-Report-Only "default-src 'none'; object-src 'self'; frame-ancestors 'self'; form-action 'none'; base-uri 'none'; frame-src 'self' https://framacarte.org; font-src 'self'; img-src 'self' https://openstreetmap.fr; script-src 'self' https://framasoft.org https://framacarte.org; style-src 'self'";
add_header Strict-Transport-Security "max-age=63072000";
add_header X-Content-Type-Options "nosniff";
}
# Prevent browsers from incorrectly detecting non-scripts as scripts
add_header X-Content-Type-Options "nosniff";
rewrite ^/2018/$ /2018/fr/index/ last;
rewrite ^/2018/(A-Za-z-)+/$ /2018/fr/$1/ last;
}
- name: Setup PyConFr 2016
include_role: name=nginx
vars:
nginx_domain: 2016.pycon.fr
nginx_certificates: [2016.pycon.fr]
nginx_conf: |
server
{
listen [::]:80; listen 80;
server_name 2016.pycon.fr;
return 301 https://www.pycon.fr/2016/;
}
server
{
listen [::]:443 ssl http2; listen 443 ssl http2;
server_name 2016.pycon.fr;
include snippets/letsencrypt-2016.pycon.fr.conf;
return 301 https://www.pycon.fr/2016/;
}
- name: Setup PyConFr 2012
include_role: name=nginx
vars:
nginx_domain: 2012.pycon.fr
nginx_certificates: [2012.pycon.fr]
nginx_conf: |
server
{
listen [::]:80; listen 80;
server_name 2012.pycon.fr;
return 301 https://www.pycon.fr/2012/;
}
server
{
listen [::]:443 ssl http2; listen 443 ssl http2;
server_name 2012.pycon.fr;
include snippets/letsencrypt-2012.pycon.fr.conf;
return 301 https://www.pycon.fr/2012/;
}
- name: Setup PyConFr 2011
include_role: name=nginx
vars:
nginx_domain: 2011.pycon.fr
nginx_certificates: [2011.pycon.fr]
nginx_conf: |
server
{
listen [::]:80; listen 80;
server_name 2011.pycon.fr;
return 301 https://www.pycon.fr/2011/;
}
server
{
listen [::]:443 ssl http2; listen 443 ssl http2;
server_name 2011.pycon.fr;
include snippets/letsencrypt-2011.pycon.fr.conf;
return 301 https://www.pycon.fr/2011/;
}
- name: Setup PyConFr 2010
include_role: name=nginx
vars:
nginx_domain: 2010.pycon.fr
nginx_certificates: [2010.pycon.fr]
nginx_conf: |
server
{
listen [::]:80; listen 80;
server_name 2010.pycon.fr;
return 301 https://www.pycon.fr/2010/;
}
server
{
listen [::]:443 ssl http2; listen 443 ssl http2;
server_name 2010.pycon.fr;
include snippets/letsencrypt-2010.pycon.fr.conf;
return 301 https://www.pycon.fr/2010/;
}
- name: Setup sigal of paullaroid.pycon.fr
include_role: name=nginx
vars:
nginx_owner: paullaroid
nginx_domain: paullaroid.pycon.fr
nginx_certificates: [paullaroid.pycon.fr]
nginx_path: /var/www/paullaroid.pycon.fr/
nginx_conf: |
server
{
listen [::]:80; listen 80;
server_name paullaroid.pycon.fr;
return 301 https://$host$request_uri;
}
server
{
listen [::]:443 ssl http2; listen 443 ssl http2;
charset utf-8;
server_name paullaroid.pycon.fr;
include snippets/letsencrypt-paullaroid.pycon.fr.conf;
root /var/www/paullaroid.pycon.fr/;
index index.html;
}
- name: Setup fr.pycon.org
include_role: name=julienpalard.nginx
vars:
nginx_domain: fr.pycon.org
nginx_certificates: [fr.pycon.org]
nginx_conf: |
server
{
listen [::]:80; listen 80;
server_name fr.pycon.org;
return 301 https://www.pycon.fr/;
}
server
{
listen [::]:443 ssl http2; listen 443 ssl http2;
server_name fr.pycon.org;
include snippets/letsencrypt-fr.pycon.org.conf;
return 301 https://www.pycon.fr/;
}
Reference in New Issue View Git Blame Copy Permalink