Move r2e config to a file.

cert_watch.yml

@@ -62,11 +62,9 @@
           wyz.fr
           eqy.fr
           palard.fr
-          sizeof.fr
           irc.mdk.fr
           www.mdk.fr
           www.palard.fr
-          www.sizeof.fr
 
           # Friends
           protonmail.com
@@ -81,11 +79,6 @@
           framinetest.org
           framanotes.org
           framasoft.org
-          intrabachelors.epitech.digital
-          supinternet.fr
-          www.epitech.eu
-          # William.Queva
-          watshy.fr
 
           # Humancoders
           blog.humancoders.com

files/rss2email.cfg

@@ -0,0 +1,164 @@
+[DEFAULT]
+from = user@rss2email.invalid
+user-agent = rss2email/__VERSION__ (__URL__)
+use-8bit = False
+force-from = False
+use-publisher-email = False
+name-format = {feed-title}: {author}
+to = r2e@mdk.fr
+proxy = 
+feed-timeout = 60
+same-server-fetch-interval = 0
+active = True
+digest = False
+date-header = False
+date-header-order = modified, issued, created, expired
+bonus-header = 
+trust-guid = True
+trust-link = False
+reply-changes = False
+encodings = US-ASCII, ISO-8859-1, UTF-8, BIG5, ISO-2022-JP
+post-process = 
+digest-post-process = 
+html-mail = True
+multipart-html = False
+use-css = False
+css = h1 {
+	font: 18pt Georgia, "Times New Roman";
+	}
+	body {
+	font: 12pt Arial;
+	}
+	a:link {
+	font: 12pt Arial;
+	font-weight: bold;
+	color: #0000cc;
+	}
+	blockquote {
+	font-family: monospace;
+	}
+	.header {
+	background: #e0ecff;
+	border-bottom: solid 4px #c3d9ff;
+	padding: 5px;
+	margin-top: 0px;
+	color: red;
+	}
+	.header a {
+	font-size: 20px;
+	text-decoration: none;
+	}
+	.footer {
+	background: #c3d9ff;
+	border-top: solid 4px #c3d9ff;
+	padding: 5px;
+	margin-bottom: 0px;
+	}
+	border: solid 4px #c3d9ff;
+	}
+	margin-left: 5px;
+	margin-right: 5px;
+	}
+unicode-snob = False
+links-after-each-paragraph = False
+inline-links = True
+wrap-links = True
+body-width = 0
+email-protocol = sendmail
+sendmail = /usr/sbin/sendmail
+sendmail_config = 
+smtp-auth = False
+smtp-username = username
+smtp-password = password
+smtp-server = smtp.yourisp.net:25
+smtp-port = 465
+smtp-ssl = False
+imap-auth = False
+imap-username = username
+imap-password = password
+imap-server = imap.yourisp.net
+imap-port = 143
+imap-ssl = False
+imap-mailbox = INBOX
+maildir-path = ~/Maildir
+maildir-mailbox = INBOX
+verbose = warning
+
+[feed.Agarri-Sécurité-informatique-offensive]
+url = http://www.agarri.fr/blog/rss.xml
+
+[feed.Daily-Security]
+url = https://www.dailysecurity.fr/feed/index.xhtml
+
+[feed.Framablog]
+url = https://framablog.org/feed/
+
+[feed.hackndo]
+url = https://beta.hackndo.com/feed.xml
+
+[feed.Incidents-du-réseau-Framasoft]
+url = https://status.framasoft.org/atom
+
+[feed.LWN.net]
+url = https://lwn.net/headlines/newrss
+
+[feed.Segmentation-fault]
+url = http://www.segmentationfault.fr/feed/
+
+[feed.SSTIC---Blog]
+url = https://blog.sstic.org/index.xml
+
+[feed.top-scoring-links-hacking]
+url = https://www.reddit.com/r/hacking/top/.rss?t=month
+
+[feed.top-scoring-links-netsec]
+url = https://www.reddit.com/r/netsec/top/.rss?t=month
+
+[feed.top-scoring-links-securityCTF]
+url = https://www.reddit.com/r/securityCTF/top/.rss?t=month
+
+[feed.linuxfr]
+url = https://linuxfr.org/news.atom
+
+[feed.grisebouille]
+url = https://grisebouille.net/feed.rss
+
+[feed.mypy]
+url = https://mypy-lang.blogspot.com/feeds/posts/default
+
+[feed.weekly-osm-fr]
+url = https://weeklyosm.eu/fr/feed
+
+[feed.tenthousandmeters]
+url = https://tenthousandmeters.com/feeds/all.atom.xml
+
+[feed.vstinner]
+url = https://vstinner.github.io/feeds/all.atom.xml
+
+[feed.discourse]
+url = https://blog.discourse.org/feed.xml/
+
+[feed.LoOPS]
+url = https://reseau-loops.github.io/feed.xml
+
+[feed.mobian]
+url = https://blog.mobian.org/index.xml
+
+[feed.signal-spam]
+url = https://www.signal-spam.fr/feed/
+
+[feed.reflets]
+url = https://reflets.info/feeds/public
+
+[feed.mastodon]
+url = https://blog.joinmastodon.org/index.xml
+
+[feed.emacs-doctor]
+url = https://emacs-doctor.com/
+
+[feed.Pidgin]
+url = https://pidgin.im/post/index.xml
+
+[feed.communs-numeriques]
+url = https://code.gouv.fr/feed/feed.xml
+

mdk.fr.yml

@@ -8,7 +8,7 @@
       include_role: name=nginx
       vars:
         nginx_domain: mdk.fr
-        nginx_certificates: [mdk.fr, www.mdk.fr, julien.palard.fr, mandark.fr, sizeof.fr, www.mandark.fr, www.sizeof.fr]
+        nginx_certificates: [mdk.fr, www.mdk.fr, julien.palard.fr, mandark.fr, www.mandark.fr]
         nginx_owner: mdk_fr
         nginx_path: /var/www/mdk.fr/
         nginx_public_deploy_key: |
@@ -21,7 +21,7 @@
           server
           {
               listen 80;
-              server_name julien.palard.fr sizeof.fr www.sizeof.fr;
+              server_name julien.palard.fr;
               return 301 https://mdk.fr;
           }
 
@@ -35,7 +35,7 @@
           server
           {
               listen 443 ssl http2;
-              server_name julien.palard.fr sizeof.fr www.sizeof.fr;
+              server_name julien.palard.fr;
               include snippets/letsencrypt-mdk.fr.conf;
               return 301 https://mdk.fr;
           }
@@ -56,6 +56,10 @@
               include snippets/letsencrypt-mdk.fr.conf;
               gzip_static on;
 
+              add_header Content-Security-Policy "default-src 'none'; font-src 'self'; script-src 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self'; img-src 'self'; frame-ancestors 'none'";
+              add_header X-Frame-Options "DENY";
+              add_header X-Content-Type-Options "nosniff";
+
               location /noindex/ {
                 autoindex off;
               }
@@ -94,12 +98,10 @@
               }
 
               location /python-avancé/ {
-                  add_header X-Frame-Options "DENY";
                   add_header X-Content-Type-Options "nosniff";
               }
 
               location /python-initiation/ {
-                  add_header X-Frame-Options "DENY";
                   add_header X-Content-Type-Options "nosniff";
               }
 

roles/certificate_watcher/tasks/main.yml

@@ -8,6 +8,12 @@
     system: true
     name: "{{ owner }}"
 
+- name: Setup or upgrade venv
+  become: true
+  become_user: "{{ owner }}"
+  command: python3 -m venv --upgrade-deps "$HOME/.venv/"
+  changed_when: false
+
 - name: Install certificate watcher
   pip:
     name: certificate_watcher>=0.0.5

roles/nginx/tasks/main.yml

@@ -6,6 +6,10 @@
     dest: /etc/ssl/certs/dhparam.pem
     mode: 0644
 
+- name: Setup or upgrade venv
+  command: python3 -m venv --upgrade-deps /root/certbot-venv/
+  changed_when: false
+
 - name: Prepare certbot+gandi venv
   pip:
     chdir: /root/

rss2email.yml

@@ -15,178 +15,9 @@
 
     - name: Configure rss2email
       copy:
+        src: rss2email.cfg
         dest: /home/mdk/.config/rss2email.cfg
         owner: mdk
         group: mdk
         mode: 0644
         backup: true
-        content: |
-          [DEFAULT]
-          from = user@rss2email.invalid
-          user-agent = rss2email/__VERSION__ (__URL__)
-          use-8bit = False
-          force-from = False
-          use-publisher-email = False
-          name-format = {feed-title}: {author}
-          to = julien@palard.fr
-          proxy =
-          feed-timeout = 60
-          same-server-fetch-interval = 0
-          active = True
-          digest = False
-          date-header = False
-          date-header-order = modified, issued, created, expired
-          bonus-header =
-          trust-guid = True
-          trust-link = False
-          reply-changes = False
-          encodings = US-ASCII, ISO-8859-1, UTF-8, BIG5, ISO-2022-JP
-          post-process =
-          digest-post-process =
-          html-mail = True
-          multipart-html = False
-          use-css = False
-          css = h1 {
-          	font: 18pt Georgia, "Times New Roman";
-          	}
-          	body {
-          	font: 12pt Arial;
-          	}
-          	a:link {
-          	font: 12pt Arial;
-          	font-weight: bold;
-          	color: #0000cc;
-          	}
-          	blockquote {
-          	font-family: monospace;
-          	}
-          	.header {
-          	background: #e0ecff;
-          	border-bottom: solid 4px #c3d9ff;
-          	padding: 5px;
-          	margin-top: 0px;
-          	color: red;
-          	}
-          	.header a {
-          	font-size: 20px;
-          	text-decoration: none;
-          	}
-          	.footer {
-          	background: #c3d9ff;
-          	border-top: solid 4px #c3d9ff;
-          	padding: 5px;
-          	margin-bottom: 0px;
-          	}
-          	border: solid 4px #c3d9ff;
-          	}
-          	margin-left: 5px;
-          	margin-right: 5px;
-          	}
-          unicode-snob = False
-          links-after-each-paragraph = False
-          inline-links = True
-          wrap-links = True
-          body-width = 0
-          email-protocol = sendmail
-          sendmail = /usr/sbin/sendmail
-          sendmail_config =
-          smtp-auth = False
-          smtp-username = username
-          smtp-password = password
-          smtp-server = smtp.yourisp.net:25
-          smtp-port = 465
-          smtp-ssl = False
-          imap-auth = False
-          imap-username = username
-          imap-password = password
-          imap-server = imap.yourisp.net
-          imap-port = 143
-          imap-ssl = False
-          imap-mailbox = INBOX
-          maildir-path = ~/Maildir
-          maildir-mailbox = INBOX
-          verbose = warning
-
-          [feed.Agarri-Sécurité-informatique-offensive]
-          url = http://www.agarri.fr/blog/rss.xml
-
-          [feed.Daily-Security]
-          url = https://www.dailysecurity.fr/feed/index.xhtml
-
-          [feed.Framablog]
-          url = https://framablog.org/feed/
-
-          [feed.hackndo]
-          url = https://beta.hackndo.com/feed.xml
-
-          [feed.Hurricane-Labs]
-          url = https://hurricanelabs.com/feed/
-
-          [feed.Incidents-du-réseau-Framasoft]
-          url = https://status.framasoft.org/atom
-
-          [feed.LWN.net]
-          url = https://lwn.net/headlines/newrss
-
-          [feed.Segmentation-fault]
-          url = http://www.segmentationfault.fr/feed/
-
-          [feed.SSTIC---Blog]
-          url = https://blog.sstic.org/index.xml
-
-          [feed.top-scoring-links-hacking]
-          url = https://www.reddit.com/r/hacking/top/.rss?t=month
-
-          [feed.top-scoring-links-netsec]
-          url = https://www.reddit.com/r/netsec/top/.rss?t=month
-
-          [feed.top-scoring-links-securityCTF]
-          url = https://www.reddit.com/r/securityCTF/top/.rss?t=month
-
-          [feed.linuxfr]
-          url = https://linuxfr.org/news.atom
-
-          [feed.grisebouille]
-          url = https://grisebouille.net/feed.rss
-
-          [feed.mypy]
-          url = https://mypy-lang.blogspot.com/feeds/posts/default
-
-          [feed.weekly-osm-fr]
-          url = https://weeklyosm.eu/fr/feed
-
-          [feed.tenthousandmeters]
-          url = https://tenthousandmeters.com/feeds/all.atom.xml
-
-          [feed.vstinner]
-          url = https://vstinner.github.io/feeds/all.atom.xml
-
-          [feed.discourse]
-          url = https://blog.discourse.org/feed.xml/
-
-          [feed.LoOPS]
-          url = https://reseau-loops.github.io/feed.xml
-
-          [feed.mobian]
-          url = https://blog.mobian.org/index.xml
-
-          [feed.signal-spam]
-          url = https://signal-spam.fr/feed/
-
-          [feed.reflets]
-          url = https://reflets.info/feeds/public
-
-          [feed.mastodon]
-          url = https://blog.joinmastodon.org/index.xml
-
-          [feed.gitea-open-letter]
-          url = https://gitea-open-letter.coding.social/updates/atom.xml
-
-          [feed.emacs-doctor]
-          url = https://www.emacs-doctor.com/feed.xml
-
-          [feed.Pidgin]
-          url = https://pidgin.im/post/index.xml
-
-          [feed.communs-numeriques]
-          url = https://communs.numerique.gouv.fr/feed/feed.xml