Split playbooks.
This commit is contained in:
parent
513fcd0237
commit
0d13ec9f50
23
Makefile
23
Makefile
|
@ -1,23 +0,0 @@
|
|||
.PHONY: ansible-playbook
|
||||
ansible-playbook: deps
|
||||
if [ -n "$(TAG)" ]; then \
|
||||
ansible-playbook playbook-julien-palard.yml -i inventory.yml -t $(TAG); \
|
||||
else \
|
||||
ansible-playbook playbook-julien-palard.yml -i inventory.yml; \
|
||||
fi
|
||||
|
||||
.PHONY: weechat
|
||||
weechat: TAG = weechat
|
||||
weechat: ansible-playbook
|
||||
|
||||
.PHONY: web
|
||||
web: TAG = web
|
||||
web: ansible-playbook
|
||||
|
||||
.PHONY: pasteque
|
||||
pasteque: TAG = pasteque
|
||||
pasteque: ansible-playbook
|
||||
|
||||
.PHONY: deps
|
||||
deps:
|
||||
ansible-galaxy install -f julienpalard.nginx_letsencrypt
|
|
@ -0,0 +1,79 @@
|
|||
---
|
||||
|
||||
- hosts: mdk
|
||||
vars:
|
||||
letsencrypt_email: julien@palard.fr
|
||||
tasks:
|
||||
- name: Setup certificate watcher
|
||||
include_role: name=certificate_watcher
|
||||
tags: always
|
||||
vars:
|
||||
owner: certificate-watcher
|
||||
dest: mdk
|
||||
domains: |
|
||||
# meltygroup
|
||||
pypi.meltylab.fr
|
||||
admin-framework.staging.meltylab.fr
|
||||
admin-meltyfr.staging.meltylab.fr
|
||||
ads.meltygroup.com
|
||||
api-meltyfr.staging.meltylab.fr
|
||||
boost.staging.meltylab.fr
|
||||
doc-api-sephora.staging.meltylab.fr
|
||||
gitlab.eeple.fr
|
||||
media.melty.fr
|
||||
melty-instant-article.staging.meltylab.fr
|
||||
melty.es
|
||||
melty.fr
|
||||
melty.it
|
||||
meltyfr-amp.staging.meltylab.fr
|
||||
meltygroup-amp.staging.meltylab.fr
|
||||
meltygroup.com
|
||||
meltygroup.staging.meltylab.fr
|
||||
meltylab.fr
|
||||
sephora.staging.meltylab.fr
|
||||
shoko-amp.staging.meltylab.fr
|
||||
shoko.fr
|
||||
ssr.staging.meltylab.fr
|
||||
tyramisu.fr
|
||||
|
||||
# Python
|
||||
pycon.org
|
||||
fr.pycon.org
|
||||
afpy.org
|
||||
pycon.fr
|
||||
bugs.python.org
|
||||
hg.python.org
|
||||
devguide.python.org
|
||||
docs.python.org
|
||||
legacy.python.org
|
||||
packaging.python.org
|
||||
python.org
|
||||
wiki.python.org
|
||||
www.python.org
|
||||
pypi.org
|
||||
|
||||
# Hackinscience
|
||||
hackinscience.org
|
||||
www.hackinscience.org
|
||||
|
||||
# Perso
|
||||
julien.palard.fr
|
||||
le-poitevin.fr
|
||||
mdk.fr
|
||||
wyz.fr
|
||||
palard.fr
|
||||
sizeof.fr
|
||||
www.mdk.fr
|
||||
www.palard.fr
|
||||
www.sizeof.fr
|
||||
|
||||
# Friends
|
||||
mastodon.etalab.gouv.fr
|
||||
protonmail.com
|
||||
makina-corpus.com
|
||||
fr.wikipedia.org
|
||||
mamot.fr
|
||||
framagenda.org
|
||||
framapad.org
|
||||
framanotes.org
|
||||
framasoft.org
|
|
@ -0,0 +1,32 @@
|
|||
---
|
||||
|
||||
- hosts: mdk
|
||||
vars:
|
||||
letsencrypt_email: julien@palard.fr
|
||||
tasks:
|
||||
- name: Setup nftables
|
||||
include_role: name=nftables
|
||||
tags: always
|
||||
vars:
|
||||
nftables_conf: |
|
||||
#!/usr/sbin/nft -f
|
||||
|
||||
flush ruleset
|
||||
|
||||
table inet filter {
|
||||
chain input {
|
||||
type filter hook input priority 0;
|
||||
iif lo accept
|
||||
ct state established,related accept
|
||||
tcp dport { ssh, http, https } ct state new accept
|
||||
counter drop
|
||||
}
|
||||
}
|
||||
- name: Setup letsencrypt
|
||||
include_role: name=julienpalard.nginx_letsencrypt
|
||||
tags: always
|
||||
vars:
|
||||
certificates:
|
||||
- [irc.mdk.fr]
|
||||
- [tuw.fr]
|
||||
- [wyz.fr, www.wyz.fr]
|
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
|
||||
- hosts: mdk
|
||||
vars:
|
||||
letsencrypt_email: julien@palard.fr
|
||||
tasks:
|
||||
- name: Setup wyz.fr
|
||||
include_role: name=pasteque
|
||||
tags: always
|
||||
vars:
|
||||
owner: wyz
|
||||
domain: wyz.fr
|
||||
path: /home/wyz/
|
226
site.yml
226
site.yml
|
@ -1,223 +1,7 @@
|
|||
---
|
||||
|
||||
- hosts: mdk
|
||||
vars:
|
||||
letsencrypt_email: julien@palard.fr
|
||||
tasks:
|
||||
- name: Setup nftables
|
||||
include_role: name=nftables
|
||||
tags: always
|
||||
vars:
|
||||
nftables_conf: |
|
||||
#!/usr/sbin/nft -f
|
||||
|
||||
flush ruleset
|
||||
|
||||
table inet filter {
|
||||
chain input {
|
||||
type filter hook input priority 0;
|
||||
iif lo accept
|
||||
ct state established,related accept
|
||||
tcp dport { ssh, http, https } ct state new accept
|
||||
counter drop
|
||||
}
|
||||
}
|
||||
|
||||
- name: Setup mdk.fr
|
||||
include_role: name=static_website
|
||||
tags: always
|
||||
vars:
|
||||
domain: mdk.fr
|
||||
extra_certificates: [www.mdk.fr]
|
||||
owner: mdk_fr
|
||||
path: /var/www/mdk.fr/
|
||||
public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/8I1ecV8EutLc+Qx6Q8b2RhzXMl9n23LznNlw+MQtM deploy'
|
||||
|
||||
- name: Setup palard.fr
|
||||
include_role: name=static_website
|
||||
tags: always
|
||||
vars:
|
||||
domain: palard.fr
|
||||
extra_certificates: [julien.palard.fr, www.palard.fr]
|
||||
nginx_extra: "location / {return 301 https://mdk.fr;}"
|
||||
|
||||
- name: Setup mandark.fr
|
||||
include_role: name=static_website
|
||||
tags: always
|
||||
vars:
|
||||
domain: mandark.fr
|
||||
extra_certificates: [www.mandark.fr]
|
||||
nginx_extra: "location / {return 301 https://mdk.fr;}"
|
||||
|
||||
- name: Setup le-poitevin.fr
|
||||
include_role: name=static_website
|
||||
tags: always
|
||||
vars:
|
||||
domain: le-poitevin.fr
|
||||
extra_certificates: [www.le-poitevin.fr]
|
||||
owner: le_poitevin_fr
|
||||
path: /var/www/le-poitevin.fr/
|
||||
public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBhFjd1nWN2N0xNm5N+sg9yMcb3sHrYWZ5vPdSUST0zn deploy'
|
||||
|
||||
- name: Setup codeenseine.fr
|
||||
include_role: name=static_website
|
||||
tags: always
|
||||
vars:
|
||||
domain: codeenseine.fr
|
||||
extra_certificates: [www.codeenseine.fr]
|
||||
owner: codeenseine_fr
|
||||
path: /var/www/codeenseine.fr/
|
||||
public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVUrVDfDWwig4Vau0GJkvEpihMQXUhGVCBOQP6izGgx deploy'
|
||||
|
||||
- name: Setup kisspush.net
|
||||
include_role: name=static_website
|
||||
tags: always
|
||||
vars:
|
||||
domain: kisspush.net
|
||||
extra_certificates: [www.kisspush.net]
|
||||
nginx_extra: "location / {return 301 https://mdk.fr;}"
|
||||
|
||||
- name: Setup letsencrypt
|
||||
include_role: name=julienpalard.nginx_letsencrypt
|
||||
tags: always
|
||||
vars:
|
||||
certificates:
|
||||
- [irc.mdk.fr]
|
||||
- [tuw.fr]
|
||||
- [wyz.fr, www.wyz.fr]
|
||||
|
||||
- name: Setup weechat
|
||||
include_role: name=weechat
|
||||
tags: always
|
||||
vars:
|
||||
version: 2.7
|
||||
owner: weechat
|
||||
|
||||
- name: Setup Glowing Bear
|
||||
tags: weechat
|
||||
unarchive:
|
||||
src: https://github.com/glowing-bear/glowing-bear/archive/0.7.2.tar.gz
|
||||
remote_src: yes
|
||||
dest: "/usr/local/src/"
|
||||
|
||||
- name: Configure irc.mdk.fr
|
||||
tags: weechat
|
||||
notify: reload nginx
|
||||
copy:
|
||||
dest: /etc/nginx/conf.d/irc.mdk.fr.conf
|
||||
content: |
|
||||
# Set connection header based on upgrade header
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
server
|
||||
{
|
||||
listen 443 ssl;
|
||||
include snippets/letsencrypt-irc.mdk.fr.conf;
|
||||
add_header Content-Security-Policy "default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; object-src 'none'; frame-src 'none'; font-src cdnjs.cloudflare.com;";
|
||||
add_header X-Frame-Options DENY;
|
||||
server_name irc.mdk.fr;
|
||||
|
||||
location /
|
||||
{
|
||||
root /usr/local/src/glowing-bear-0.7.2/;
|
||||
index index.html;
|
||||
}
|
||||
|
||||
location /weechat
|
||||
{
|
||||
proxy_pass http://127.0.0.1:9000;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_read_timeout 4h;
|
||||
}
|
||||
}
|
||||
|
||||
- name: Setup wyz.fr
|
||||
include_role: name=pasteque
|
||||
tags: always
|
||||
vars:
|
||||
owner: wyz
|
||||
domain: wyz.fr
|
||||
path: /home/wyz/
|
||||
|
||||
- name: Setup certificate watcher
|
||||
include_role: name=certificate_watcher
|
||||
tags: always
|
||||
vars:
|
||||
owner: certificate-watcher
|
||||
dest: mdk
|
||||
domains: |
|
||||
# meltygroup
|
||||
pypi.meltylab.fr
|
||||
admin-framework.staging.meltylab.fr
|
||||
admin-meltyfr.staging.meltylab.fr
|
||||
ads.meltygroup.com
|
||||
api-meltyfr.staging.meltylab.fr
|
||||
boost.staging.meltylab.fr
|
||||
doc-api-sephora.staging.meltylab.fr
|
||||
gitlab.eeple.fr
|
||||
media.melty.fr
|
||||
melty-instant-article.staging.meltylab.fr
|
||||
melty.es
|
||||
melty.fr
|
||||
melty.it
|
||||
meltyfr-amp.staging.meltylab.fr
|
||||
meltygroup-amp.staging.meltylab.fr
|
||||
meltygroup.com
|
||||
meltygroup.staging.meltylab.fr
|
||||
meltylab.fr
|
||||
sephora.staging.meltylab.fr
|
||||
shoko-amp.staging.meltylab.fr
|
||||
shoko.fr
|
||||
ssr.staging.meltylab.fr
|
||||
tyramisu.fr
|
||||
|
||||
# Python
|
||||
pycon.org
|
||||
fr.pycon.org
|
||||
afpy.org
|
||||
pycon.fr
|
||||
bugs.python.org
|
||||
hg.python.org
|
||||
devguide.python.org
|
||||
docs.python.org
|
||||
legacy.python.org
|
||||
packaging.python.org
|
||||
python.org
|
||||
wiki.python.org
|
||||
www.python.org
|
||||
pypi.org
|
||||
|
||||
# Hackinscience
|
||||
hackinscience.org
|
||||
www.hackinscience.org
|
||||
|
||||
# Perso
|
||||
julien.palard.fr
|
||||
le-poitevin.fr
|
||||
mdk.fr
|
||||
wyz.fr
|
||||
palard.fr
|
||||
sizeof.fr
|
||||
www.mdk.fr
|
||||
www.palard.fr
|
||||
www.sizeof.fr
|
||||
|
||||
# Friends
|
||||
mastodon.etalab.gouv.fr
|
||||
protonmail.com
|
||||
makina-corpus.com
|
||||
fr.wikipedia.org
|
||||
mamot.fr
|
||||
framagenda.org
|
||||
framapad.org
|
||||
framanotes.org
|
||||
framasoft.org
|
||||
|
||||
handlers:
|
||||
- name: reload nginx
|
||||
service: name=nginx state=reloaded
|
||||
- import_playbook: cert_watch.yml
|
||||
- import_playbook: common.yml
|
||||
- import_playbook: pasteque.yml
|
||||
- import_playbook: static_websites.yml
|
||||
- import_playbook: weechat.yml
|
||||
|
|
|
@ -0,0 +1,65 @@
|
|||
---
|
||||
|
||||
- hosts: mdk
|
||||
vars:
|
||||
letsencrypt_email: julien@palard.fr
|
||||
tasks:
|
||||
- name: Setup mdk.fr
|
||||
include_role: name=static_website
|
||||
tags: always
|
||||
vars:
|
||||
domain: mdk.fr
|
||||
extra_certificates: [www.mdk.fr]
|
||||
owner: mdk_fr
|
||||
path: /var/www/mdk.fr/
|
||||
public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/8I1ecV8EutLc+Qx6Q8b2RhzXMl9n23LznNlw+MQtM deploy'
|
||||
|
||||
- name: Setup palard.fr
|
||||
include_role: name=static_website
|
||||
tags: always
|
||||
vars:
|
||||
domain: palard.fr
|
||||
extra_certificates: [julien.palard.fr, www.palard.fr]
|
||||
nginx_extra: "location / {return 301 https://mdk.fr;}"
|
||||
|
||||
- name: Setup mandark.fr
|
||||
include_role: name=static_website
|
||||
tags: always
|
||||
vars:
|
||||
domain: mandark.fr
|
||||
extra_certificates: [www.mandark.fr]
|
||||
nginx_extra: "location / {return 301 https://mdk.fr;}"
|
||||
|
||||
- name: Setup le-poitevin.fr
|
||||
include_role: name=static_website
|
||||
tags: always
|
||||
vars:
|
||||
domain: le-poitevin.fr
|
||||
extra_certificates: [www.le-poitevin.fr]
|
||||
owner: le_poitevin_fr
|
||||
path: /var/www/le-poitevin.fr/
|
||||
public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBhFjd1nWN2N0xNm5N+sg9yMcb3sHrYWZ5vPdSUST0zn deploy'
|
||||
|
||||
- name: Setup codeenseine.fr
|
||||
include_role: name=static_website
|
||||
tags: always
|
||||
vars:
|
||||
domain: codeenseine.fr
|
||||
extra_certificates: [www.codeenseine.fr]
|
||||
owner: codeenseine_fr
|
||||
path: /var/www/codeenseine.fr/
|
||||
public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVUrVDfDWwig4Vau0GJkvEpihMQXUhGVCBOQP6izGgx deploy'
|
||||
|
||||
- name: Setup kisspush.net
|
||||
include_role: name=static_website
|
||||
tags: always
|
||||
vars:
|
||||
domain: kisspush.net
|
||||
extra_certificates: [www.kisspush.net]
|
||||
nginx_extra: "location / {return 301 https://mdk.fr;}"
|
||||
|
||||
|
||||
|
||||
handlers:
|
||||
- name: reload nginx
|
||||
service: name=nginx state=reloaded
|
|
@ -0,0 +1,55 @@
|
|||
---
|
||||
|
||||
- hosts: mdk
|
||||
vars:
|
||||
letsencrypt_email: julien@palard.fr
|
||||
tasks:
|
||||
- name: Setup weechat
|
||||
include_role: name=weechat
|
||||
tags: always
|
||||
vars:
|
||||
version: 2.7
|
||||
owner: weechat
|
||||
|
||||
- name: Setup Glowing Bear
|
||||
tags: weechat
|
||||
unarchive:
|
||||
src: https://github.com/glowing-bear/glowing-bear/archive/0.7.2.tar.gz
|
||||
remote_src: yes
|
||||
dest: "/usr/local/src/"
|
||||
|
||||
- name: Configure irc.mdk.fr
|
||||
tags: weechat
|
||||
notify: reload nginx
|
||||
copy:
|
||||
dest: /etc/nginx/conf.d/irc.mdk.fr.conf
|
||||
content: |
|
||||
# Set connection header based on upgrade header
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
server
|
||||
{
|
||||
listen 443 ssl;
|
||||
include snippets/letsencrypt-irc.mdk.fr.conf;
|
||||
add_header Content-Security-Policy "default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; object-src 'none'; frame-src 'none'; font-src cdnjs.cloudflare.com;";
|
||||
add_header X-Frame-Options DENY;
|
||||
server_name irc.mdk.fr;
|
||||
|
||||
location /
|
||||
{
|
||||
root /usr/local/src/glowing-bear-0.7.2/;
|
||||
index index.html;
|
||||
}
|
||||
|
||||
location /weechat
|
||||
{
|
||||
proxy_pass http://127.0.0.1:9000;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_read_timeout 4h;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue