mdk
/
infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
infra/mdk.fr.yml

154 lines
4.9 KiB
YAML
Raw Permalink Blame History

---
- hosts: mdk
vars:
letsencrypt_email: julien@palard.fr
tasks:
- name: Common setup
include_role: name=common
- name: Setup email
include_role: name=exim
vars:
smtp_host: "{{ vault_smtp_host }}"
smtp_port: "{{ vault_smtp_port }}"
smtp_username: "{{ vault_smtp_username }}"
smtp_password: "{{ vault_smtp_password }}"
- name: Setup mdk.fr
include_role: name=nginx
vars:
nginx_domain: mdk.fr
nginx_certificates: [mdk.fr, www.mdk.fr, julien.palard.fr, mandark.fr, www.mandark.fr]
nginx_owner: mdk_fr
nginx_path: /var/www/mdk.fr/
nginx_public_deploy_key: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/8I1ecV8EutLc+Qx6Q8b2RhzXMl9n23LznNlw+MQtM mdk.fr
nginx_conf: |
add_header Content-Security-Policy "default-src 'none'; font-src 'self'; script-src 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self'; img-src 'self'; frame-ancestors 'none'";
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options "nosniff";
server
{
listen 80;
server_name julien.palard.fr;
return 301 https://mdk.fr;
}
server
{
listen 80;
server_name mdk.fr www.mdk.fr mandark.fr www.mandark.fr;
return 301 https://mdk.fr$request_uri;
}
server
{
listen 443 ssl http2;
server_name julien.palard.fr;
include snippets/letsencrypt-mdk.fr.conf;
return 301 https://mdk.fr;
}
server
{
listen 443 ssl http2;
server_name www.mdk.fr mandark.fr www.mandark.fr;
include snippets/letsencrypt-mdk.fr.conf;
return 301 https://mdk.fr$request_uri;
}
server
{
listen 443 ssl http2;
charset utf-8;
server_name mdk.fr;
include snippets/letsencrypt-mdk.fr.conf;
gzip_static on;
add_header Content-Security-Policy "default-src 'none'; font-src 'self'; script-src 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self'; img-src 'self'; frame-ancestors 'none'";
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options "nosniff";
location /noindex/ {
autoindex off;
}
location /index/ {
autoindex on;
}
location /talks/ {
autoindex on;
}
location /carte/ {
allow 82.64.237.93;
allow 2a01:e0a:15:ac20::/64;
deny all;
add_header Content-Security-Policy "frame-ancestors 'none'";
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options "nosniff";
}
location /dicewars/ {
add_header Content-Security-Policy "frame-ancestors 'none'";
add_header X-Frame-Options "DENY";
}
location /photos/ {
allow 82.64.237.93;
allow 2a01:e0a:15:ac20::/64;
deny all;
add_header Content-Security-Policy "default-src 'none'; font-src 'self'; script-src 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self'; img-src 'self'";
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options "nosniff";
}
location /x/ {
add_header Content-Security-Policy "frame-ancestors 'none'";
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options "nosniff";
}
location /python-avancé/ {
add_header X-Content-Type-Options "nosniff";
}
location /python-initiation/ {
add_header X-Content-Type-Options "nosniff";
}
location /django-initiation/ {
add_header X-Content-Type-Options "nosniff";
}
root /var/www/mdk.fr/;
index index.html;
}
- name: Keep nginx logs longer
copy:
dest: /etc/logrotate.d/nginx
content: |
/var/log/nginx/*.log {
size 10M
missingok
rotate 99
compress
delaycompress
notifempty
create 0640 www-data adm
sharedscripts
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi \
endscript
postrotate
invoke-rc.d nginx rotate >/dev/null 2>&1
endscript
}
Reference in New Issue View Git Blame Copy Permalink