mdk
/
infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Split playbooks.

This commit is contained in:
Julien Palard 2019-12-16 23:30:24 +01:00
parent 513fcd0237
commit 0d13ec9f50
7 changed files with 249 additions and 244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
Makefile
View File

@ -1,23 +0,0 @@
.PHONY: ansible-playbook
ansible-playbook: deps
if [ -n "$(TAG)" ]; then \
ansible-playbook playbook-julien-palard.yml -i inventory.yml -t $(TAG); \
else \
ansible-playbook playbook-julien-palard.yml -i inventory.yml; \
fi
.PHONY: weechat
weechat: TAG = weechat
weechat: ansible-playbook
.PHONY: web
web: TAG = web
web: ansible-playbook
.PHONY: pasteque
pasteque: TAG = pasteque
pasteque: ansible-playbook
.PHONY: deps
deps:
ansible-galaxy install -f julienpalard.nginx_letsencrypt

79
cert_watch.yml Normal file
View File

@ -0,0 +1,79 @@
---
- hosts: mdk
vars:
letsencrypt_email: julien@palard.fr
tasks:
- name: Setup certificate watcher
include_role: name=certificate_watcher
tags: always
vars:
owner: certificate-watcher
dest: mdk
domains: |
# meltygroup
pypi.meltylab.fr
admin-framework.staging.meltylab.fr
admin-meltyfr.staging.meltylab.fr
ads.meltygroup.com
api-meltyfr.staging.meltylab.fr
boost.staging.meltylab.fr
doc-api-sephora.staging.meltylab.fr
gitlab.eeple.fr
media.melty.fr
melty-instant-article.staging.meltylab.fr
melty.es
melty.fr
melty.it
meltyfr-amp.staging.meltylab.fr
meltygroup-amp.staging.meltylab.fr
meltygroup.com
meltygroup.staging.meltylab.fr
meltylab.fr
sephora.staging.meltylab.fr
shoko-amp.staging.meltylab.fr
shoko.fr
ssr.staging.meltylab.fr
tyramisu.fr
# Python
pycon.org
fr.pycon.org
afpy.org
pycon.fr
bugs.python.org
hg.python.org
devguide.python.org
docs.python.org
legacy.python.org
packaging.python.org
python.org
wiki.python.org
www.python.org
pypi.org
# Hackinscience
hackinscience.org
www.hackinscience.org
# Perso
julien.palard.fr
le-poitevin.fr
mdk.fr
wyz.fr
palard.fr
sizeof.fr
www.mdk.fr
www.palard.fr
www.sizeof.fr
# Friends
mastodon.etalab.gouv.fr
protonmail.com
makina-corpus.com
fr.wikipedia.org
mamot.fr
framagenda.org
framapad.org
framanotes.org
framasoft.org

32
common.yml Normal file
View File

@ -0,0 +1,32 @@
---
- hosts: mdk
vars:
letsencrypt_email: julien@palard.fr
tasks:
- name: Setup nftables
include_role: name=nftables
tags: always
vars:
nftables_conf: |
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0;
iif lo accept
ct state established,related accept
tcp dport { ssh, http, https } ct state new accept
counter drop
}
}
- name: Setup letsencrypt
include_role: name=julienpalard.nginx_letsencrypt
tags: always
vars:
certificates:
- [irc.mdk.fr]
- [tuw.fr]
- [wyz.fr, www.wyz.fr]

13
pasteque.yml Normal file
View File

@ -0,0 +1,13 @@
---
- hosts: mdk
vars:
letsencrypt_email: julien@palard.fr
tasks:
- name: Setup wyz.fr
include_role: name=pasteque
tags: always
vars:
owner: wyz
domain: wyz.fr
path: /home/wyz/

226
site.yml
View File

@ -1,223 +1,7 @@
---
- hosts: mdk
vars:
letsencrypt_email: julien@palard.fr
tasks:
- name: Setup nftables
include_role: name=nftables
tags: always
vars:
nftables_conf: |
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0;
iif lo accept
ct state established,related accept
tcp dport { ssh, http, https } ct state new accept
counter drop
}
}
- name: Setup mdk.fr
include_role: name=static_website
tags: always
vars:
domain: mdk.fr
extra_certificates: [www.mdk.fr]
owner: mdk_fr
path: /var/www/mdk.fr/
public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/8I1ecV8EutLc+Qx6Q8b2RhzXMl9n23LznNlw+MQtM deploy'
- name: Setup palard.fr
include_role: name=static_website
tags: always
vars:
domain: palard.fr
extra_certificates: [julien.palard.fr, www.palard.fr]
nginx_extra: "location / {return 301 https://mdk.fr;}"
- name: Setup mandark.fr
include_role: name=static_website
tags: always
vars:
domain: mandark.fr
extra_certificates: [www.mandark.fr]
nginx_extra: "location / {return 301 https://mdk.fr;}"
- name: Setup le-poitevin.fr
include_role: name=static_website
tags: always
vars:
domain: le-poitevin.fr
extra_certificates: [www.le-poitevin.fr]
owner: le_poitevin_fr
path: /var/www/le-poitevin.fr/
public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBhFjd1nWN2N0xNm5N+sg9yMcb3sHrYWZ5vPdSUST0zn deploy'
- name: Setup codeenseine.fr
include_role: name=static_website
tags: always
vars:
domain: codeenseine.fr
extra_certificates: [www.codeenseine.fr]
owner: codeenseine_fr
path: /var/www/codeenseine.fr/
public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVUrVDfDWwig4Vau0GJkvEpihMQXUhGVCBOQP6izGgx deploy'
- name: Setup kisspush.net
include_role: name=static_website
tags: always
vars:
domain: kisspush.net
extra_certificates: [www.kisspush.net]
nginx_extra: "location / {return 301 https://mdk.fr;}"
- name: Setup letsencrypt
include_role: name=julienpalard.nginx_letsencrypt
tags: always
vars:
certificates:
- [irc.mdk.fr]
- [tuw.fr]
- [wyz.fr, www.wyz.fr]
- name: Setup weechat
include_role: name=weechat
tags: always
vars:
version: 2.7
owner: weechat
- name: Setup Glowing Bear
tags: weechat
unarchive:
src: https://github.com/glowing-bear/glowing-bear/archive/0.7.2.tar.gz
remote_src: yes
dest: "/usr/local/src/"
- name: Configure irc.mdk.fr
tags: weechat
notify: reload nginx
copy:
dest: /etc/nginx/conf.d/irc.mdk.fr.conf
content: |
# Set connection header based on upgrade header
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server
{
listen 443 ssl;
include snippets/letsencrypt-irc.mdk.fr.conf;
add_header Content-Security-Policy "default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; object-src 'none'; frame-src 'none'; font-src cdnjs.cloudflare.com;";
add_header X-Frame-Options DENY;
server_name irc.mdk.fr;
location /
{
root /usr/local/src/glowing-bear-0.7.2/;
index index.html;
}
location /weechat
{
proxy_pass http://127.0.0.1:9000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 4h;
}
}
- name: Setup wyz.fr
include_role: name=pasteque
tags: always
vars:
owner: wyz
domain: wyz.fr
path: /home/wyz/
- name: Setup certificate watcher
include_role: name=certificate_watcher
tags: always
vars:
owner: certificate-watcher
dest: mdk
domains: |
# meltygroup
pypi.meltylab.fr
admin-framework.staging.meltylab.fr
admin-meltyfr.staging.meltylab.fr
ads.meltygroup.com
api-meltyfr.staging.meltylab.fr
boost.staging.meltylab.fr
doc-api-sephora.staging.meltylab.fr
gitlab.eeple.fr
media.melty.fr
melty-instant-article.staging.meltylab.fr
melty.es
melty.fr
melty.it
meltyfr-amp.staging.meltylab.fr
meltygroup-amp.staging.meltylab.fr
meltygroup.com
meltygroup.staging.meltylab.fr
meltylab.fr
sephora.staging.meltylab.fr
shoko-amp.staging.meltylab.fr
shoko.fr
ssr.staging.meltylab.fr
tyramisu.fr
# Python
pycon.org
fr.pycon.org
afpy.org
pycon.fr
bugs.python.org
hg.python.org
devguide.python.org
docs.python.org
legacy.python.org
packaging.python.org
python.org
wiki.python.org
www.python.org
pypi.org
# Hackinscience
hackinscience.org
www.hackinscience.org
# Perso
julien.palard.fr
le-poitevin.fr
mdk.fr
wyz.fr
palard.fr
sizeof.fr
www.mdk.fr
www.palard.fr
www.sizeof.fr
# Friends
mastodon.etalab.gouv.fr
protonmail.com
makina-corpus.com
fr.wikipedia.org
mamot.fr
framagenda.org
framapad.org
framanotes.org
framasoft.org
handlers:
- name: reload nginx
service: name=nginx state=reloaded
- import_playbook: cert_watch.yml
- import_playbook: common.yml
- import_playbook: pasteque.yml
- import_playbook: static_websites.yml
- import_playbook: weechat.yml

65
static_websites.yml Normal file
View File

@ -0,0 +1,65 @@
---
- hosts: mdk
vars:
letsencrypt_email: julien@palard.fr
tasks:
- name: Setup mdk.fr
include_role: name=static_website
tags: always
vars:
domain: mdk.fr
extra_certificates: [www.mdk.fr]
owner: mdk_fr
path: /var/www/mdk.fr/
public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/8I1ecV8EutLc+Qx6Q8b2RhzXMl9n23LznNlw+MQtM deploy'
- name: Setup palard.fr
include_role: name=static_website
tags: always
vars:
domain: palard.fr
extra_certificates: [julien.palard.fr, www.palard.fr]
nginx_extra: "location / {return 301 https://mdk.fr;}"
- name: Setup mandark.fr
include_role: name=static_website
tags: always
vars:
domain: mandark.fr
extra_certificates: [www.mandark.fr]
nginx_extra: "location / {return 301 https://mdk.fr;}"
- name: Setup le-poitevin.fr
include_role: name=static_website
tags: always
vars:
domain: le-poitevin.fr
extra_certificates: [www.le-poitevin.fr]
owner: le_poitevin_fr
path: /var/www/le-poitevin.fr/
public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBhFjd1nWN2N0xNm5N+sg9yMcb3sHrYWZ5vPdSUST0zn deploy'
- name: Setup codeenseine.fr
include_role: name=static_website
tags: always
vars:
domain: codeenseine.fr
extra_certificates: [www.codeenseine.fr]
owner: codeenseine_fr
path: /var/www/codeenseine.fr/
public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVUrVDfDWwig4Vau0GJkvEpihMQXUhGVCBOQP6izGgx deploy'
- name: Setup kisspush.net
include_role: name=static_website
tags: always
vars:
domain: kisspush.net
extra_certificates: [www.kisspush.net]
nginx_extra: "location / {return 301 https://mdk.fr;}"
handlers:
- name: reload nginx
service: name=nginx state=reloaded

55
weechat.yml Normal file
View File

@ -0,0 +1,55 @@
---
- hosts: mdk
vars:
letsencrypt_email: julien@palard.fr
tasks:
- name: Setup weechat
include_role: name=weechat
tags: always
vars:
version: 2.7
owner: weechat
- name: Setup Glowing Bear
tags: weechat
unarchive:
src: https://github.com/glowing-bear/glowing-bear/archive/0.7.2.tar.gz
remote_src: yes
dest: "/usr/local/src/"
- name: Configure irc.mdk.fr
tags: weechat
notify: reload nginx
copy:
dest: /etc/nginx/conf.d/irc.mdk.fr.conf
content: |
# Set connection header based on upgrade header
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server
{
listen 443 ssl;
include snippets/letsencrypt-irc.mdk.fr.conf;
add_header Content-Security-Policy "default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; object-src 'none'; frame-src 'none'; font-src cdnjs.cloudflare.com;";
add_header X-Frame-Options DENY;
server_name irc.mdk.fr;
location /
{
root /usr/local/src/glowing-bear-0.7.2/;
index index.html;
}
location /weechat
{
proxy_pass http://127.0.0.1:9000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 4h;
}
}