diff --git a/Makefile b/Makefile deleted file mode 100644 index b9f8d48..0000000 --- a/Makefile +++ /dev/null @@ -1,23 +0,0 @@ -.PHONY: ansible-playbook -ansible-playbook: deps - if [ -n "$(TAG)" ]; then \ - ansible-playbook playbook-julien-palard.yml -i inventory.yml -t $(TAG); \ - else \ - ansible-playbook playbook-julien-palard.yml -i inventory.yml; \ - fi - -.PHONY: weechat -weechat: TAG = weechat -weechat: ansible-playbook - -.PHONY: web -web: TAG = web -web: ansible-playbook - -.PHONY: pasteque -pasteque: TAG = pasteque -pasteque: ansible-playbook - -.PHONY: deps -deps: - ansible-galaxy install -f julienpalard.nginx_letsencrypt diff --git a/cert_watch.yml b/cert_watch.yml new file mode 100644 index 0000000..1392094 --- /dev/null +++ b/cert_watch.yml @@ -0,0 +1,79 @@ +--- + +- hosts: mdk + vars: + letsencrypt_email: julien@palard.fr + tasks: + - name: Setup certificate watcher + include_role: name=certificate_watcher + tags: always + vars: + owner: certificate-watcher + dest: mdk + domains: | + # meltygroup + pypi.meltylab.fr + admin-framework.staging.meltylab.fr + admin-meltyfr.staging.meltylab.fr + ads.meltygroup.com + api-meltyfr.staging.meltylab.fr + boost.staging.meltylab.fr + doc-api-sephora.staging.meltylab.fr + gitlab.eeple.fr + media.melty.fr + melty-instant-article.staging.meltylab.fr + melty.es + melty.fr + melty.it + meltyfr-amp.staging.meltylab.fr + meltygroup-amp.staging.meltylab.fr + meltygroup.com + meltygroup.staging.meltylab.fr + meltylab.fr + sephora.staging.meltylab.fr + shoko-amp.staging.meltylab.fr + shoko.fr + ssr.staging.meltylab.fr + tyramisu.fr + + # Python + pycon.org + fr.pycon.org + afpy.org + pycon.fr + bugs.python.org + hg.python.org + devguide.python.org + docs.python.org + legacy.python.org + packaging.python.org + python.org + wiki.python.org + www.python.org + pypi.org + + # Hackinscience + hackinscience.org + www.hackinscience.org + + # Perso + julien.palard.fr + le-poitevin.fr + mdk.fr + wyz.fr + palard.fr + sizeof.fr + www.mdk.fr + www.palard.fr + www.sizeof.fr + + # Friends + mastodon.etalab.gouv.fr + protonmail.com + makina-corpus.com + fr.wikipedia.org + mamot.fr + framagenda.org + framapad.org + framanotes.org + framasoft.org diff --git a/common.yml b/common.yml new file mode 100644 index 0000000..26e8738 --- /dev/null +++ b/common.yml @@ -0,0 +1,32 @@ +--- + +- hosts: mdk + vars: + letsencrypt_email: julien@palard.fr + tasks: + - name: Setup nftables + include_role: name=nftables + tags: always + vars: + nftables_conf: | + #!/usr/sbin/nft -f + + flush ruleset + + table inet filter { + chain input { + type filter hook input priority 0; + iif lo accept + ct state established,related accept + tcp dport { ssh, http, https } ct state new accept + counter drop + } + } + - name: Setup letsencrypt + include_role: name=julienpalard.nginx_letsencrypt + tags: always + vars: + certificates: + - [irc.mdk.fr] + - [tuw.fr] + - [wyz.fr, www.wyz.fr] diff --git a/pasteque.yml b/pasteque.yml new file mode 100644 index 0000000..2fa56b1 --- /dev/null +++ b/pasteque.yml @@ -0,0 +1,13 @@ +--- + +- hosts: mdk + vars: + letsencrypt_email: julien@palard.fr + tasks: + - name: Setup wyz.fr + include_role: name=pasteque + tags: always + vars: + owner: wyz + domain: wyz.fr + path: /home/wyz/ diff --git a/site.yml b/site.yml index 9a61950..a79f22a 100644 --- a/site.yml +++ b/site.yml @@ -1,223 +1,7 @@ --- -- hosts: mdk - vars: - letsencrypt_email: julien@palard.fr - tasks: - - name: Setup nftables - include_role: name=nftables - tags: always - vars: - nftables_conf: | - #!/usr/sbin/nft -f - - flush ruleset - - table inet filter { - chain input { - type filter hook input priority 0; - iif lo accept - ct state established,related accept - tcp dport { ssh, http, https } ct state new accept - counter drop - } - } - - - name: Setup mdk.fr - include_role: name=static_website - tags: always - vars: - domain: mdk.fr - extra_certificates: [www.mdk.fr] - owner: mdk_fr - path: /var/www/mdk.fr/ - public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/8I1ecV8EutLc+Qx6Q8b2RhzXMl9n23LznNlw+MQtM deploy' - - - name: Setup palard.fr - include_role: name=static_website - tags: always - vars: - domain: palard.fr - extra_certificates: [julien.palard.fr, www.palard.fr] - nginx_extra: "location / {return 301 https://mdk.fr;}" - - - name: Setup mandark.fr - include_role: name=static_website - tags: always - vars: - domain: mandark.fr - extra_certificates: [www.mandark.fr] - nginx_extra: "location / {return 301 https://mdk.fr;}" - - - name: Setup le-poitevin.fr - include_role: name=static_website - tags: always - vars: - domain: le-poitevin.fr - extra_certificates: [www.le-poitevin.fr] - owner: le_poitevin_fr - path: /var/www/le-poitevin.fr/ - public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBhFjd1nWN2N0xNm5N+sg9yMcb3sHrYWZ5vPdSUST0zn deploy' - - - name: Setup codeenseine.fr - include_role: name=static_website - tags: always - vars: - domain: codeenseine.fr - extra_certificates: [www.codeenseine.fr] - owner: codeenseine_fr - path: /var/www/codeenseine.fr/ - public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVUrVDfDWwig4Vau0GJkvEpihMQXUhGVCBOQP6izGgx deploy' - - - name: Setup kisspush.net - include_role: name=static_website - tags: always - vars: - domain: kisspush.net - extra_certificates: [www.kisspush.net] - nginx_extra: "location / {return 301 https://mdk.fr;}" - - - name: Setup letsencrypt - include_role: name=julienpalard.nginx_letsencrypt - tags: always - vars: - certificates: - - [irc.mdk.fr] - - [tuw.fr] - - [wyz.fr, www.wyz.fr] - - - name: Setup weechat - include_role: name=weechat - tags: always - vars: - version: 2.7 - owner: weechat - - - name: Setup Glowing Bear - tags: weechat - unarchive: - src: https://github.com/glowing-bear/glowing-bear/archive/0.7.2.tar.gz - remote_src: yes - dest: "/usr/local/src/" - - - name: Configure irc.mdk.fr - tags: weechat - notify: reload nginx - copy: - dest: /etc/nginx/conf.d/irc.mdk.fr.conf - content: | - # Set connection header based on upgrade header - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; - } - - server - { - listen 443 ssl; - include snippets/letsencrypt-irc.mdk.fr.conf; - add_header Content-Security-Policy "default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; object-src 'none'; frame-src 'none'; font-src cdnjs.cloudflare.com;"; - add_header X-Frame-Options DENY; - server_name irc.mdk.fr; - - location / - { - root /usr/local/src/glowing-bear-0.7.2/; - index index.html; - } - - location /weechat - { - proxy_pass http://127.0.0.1:9000; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_read_timeout 4h; - } - } - - - name: Setup wyz.fr - include_role: name=pasteque - tags: always - vars: - owner: wyz - domain: wyz.fr - path: /home/wyz/ - - - name: Setup certificate watcher - include_role: name=certificate_watcher - tags: always - vars: - owner: certificate-watcher - dest: mdk - domains: | - # meltygroup - pypi.meltylab.fr - admin-framework.staging.meltylab.fr - admin-meltyfr.staging.meltylab.fr - ads.meltygroup.com - api-meltyfr.staging.meltylab.fr - boost.staging.meltylab.fr - doc-api-sephora.staging.meltylab.fr - gitlab.eeple.fr - media.melty.fr - melty-instant-article.staging.meltylab.fr - melty.es - melty.fr - melty.it - meltyfr-amp.staging.meltylab.fr - meltygroup-amp.staging.meltylab.fr - meltygroup.com - meltygroup.staging.meltylab.fr - meltylab.fr - sephora.staging.meltylab.fr - shoko-amp.staging.meltylab.fr - shoko.fr - ssr.staging.meltylab.fr - tyramisu.fr - - # Python - pycon.org - fr.pycon.org - afpy.org - pycon.fr - bugs.python.org - hg.python.org - devguide.python.org - docs.python.org - legacy.python.org - packaging.python.org - python.org - wiki.python.org - www.python.org - pypi.org - - # Hackinscience - hackinscience.org - www.hackinscience.org - - # Perso - julien.palard.fr - le-poitevin.fr - mdk.fr - wyz.fr - palard.fr - sizeof.fr - www.mdk.fr - www.palard.fr - www.sizeof.fr - - # Friends - mastodon.etalab.gouv.fr - protonmail.com - makina-corpus.com - fr.wikipedia.org - mamot.fr - framagenda.org - framapad.org - framanotes.org - framasoft.org - - handlers: - - name: reload nginx - service: name=nginx state=reloaded +- import_playbook: cert_watch.yml +- import_playbook: common.yml +- import_playbook: pasteque.yml +- import_playbook: static_websites.yml +- import_playbook: weechat.yml diff --git a/static_websites.yml b/static_websites.yml new file mode 100644 index 0000000..9dfd30c --- /dev/null +++ b/static_websites.yml @@ -0,0 +1,65 @@ +--- + +- hosts: mdk + vars: + letsencrypt_email: julien@palard.fr + tasks: + - name: Setup mdk.fr + include_role: name=static_website + tags: always + vars: + domain: mdk.fr + extra_certificates: [www.mdk.fr] + owner: mdk_fr + path: /var/www/mdk.fr/ + public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/8I1ecV8EutLc+Qx6Q8b2RhzXMl9n23LznNlw+MQtM deploy' + + - name: Setup palard.fr + include_role: name=static_website + tags: always + vars: + domain: palard.fr + extra_certificates: [julien.palard.fr, www.palard.fr] + nginx_extra: "location / {return 301 https://mdk.fr;}" + + - name: Setup mandark.fr + include_role: name=static_website + tags: always + vars: + domain: mandark.fr + extra_certificates: [www.mandark.fr] + nginx_extra: "location / {return 301 https://mdk.fr;}" + + - name: Setup le-poitevin.fr + include_role: name=static_website + tags: always + vars: + domain: le-poitevin.fr + extra_certificates: [www.le-poitevin.fr] + owner: le_poitevin_fr + path: /var/www/le-poitevin.fr/ + public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBhFjd1nWN2N0xNm5N+sg9yMcb3sHrYWZ5vPdSUST0zn deploy' + + - name: Setup codeenseine.fr + include_role: name=static_website + tags: always + vars: + domain: codeenseine.fr + extra_certificates: [www.codeenseine.fr] + owner: codeenseine_fr + path: /var/www/codeenseine.fr/ + public_deploy_key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVUrVDfDWwig4Vau0GJkvEpihMQXUhGVCBOQP6izGgx deploy' + + - name: Setup kisspush.net + include_role: name=static_website + tags: always + vars: + domain: kisspush.net + extra_certificates: [www.kisspush.net] + nginx_extra: "location / {return 301 https://mdk.fr;}" + + + + handlers: + - name: reload nginx + service: name=nginx state=reloaded diff --git a/weechat.yml b/weechat.yml new file mode 100644 index 0000000..0004c11 --- /dev/null +++ b/weechat.yml @@ -0,0 +1,55 @@ +--- + +- hosts: mdk + vars: + letsencrypt_email: julien@palard.fr + tasks: + - name: Setup weechat + include_role: name=weechat + tags: always + vars: + version: 2.7 + owner: weechat + + - name: Setup Glowing Bear + tags: weechat + unarchive: + src: https://github.com/glowing-bear/glowing-bear/archive/0.7.2.tar.gz + remote_src: yes + dest: "/usr/local/src/" + + - name: Configure irc.mdk.fr + tags: weechat + notify: reload nginx + copy: + dest: /etc/nginx/conf.d/irc.mdk.fr.conf + content: | + # Set connection header based on upgrade header + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + server + { + listen 443 ssl; + include snippets/letsencrypt-irc.mdk.fr.conf; + add_header Content-Security-Policy "default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; object-src 'none'; frame-src 'none'; font-src cdnjs.cloudflare.com;"; + add_header X-Frame-Options DENY; + server_name irc.mdk.fr; + + location / + { + root /usr/local/src/glowing-bear-0.7.2/; + index index.html; + } + + location /weechat + { + proxy_pass http://127.0.0.1:9000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_read_timeout 4h; + } + }