infra/mdk.fr.yml

---

- hosts: mdk
  vars:
    letsencrypt_email: julien@palard.fr
  tasks:
    - name: Setup mdk.fr
      include_role: name=nginx
      vars:
        nginx_domain: mdk.fr
        nginx_certificates: [mdk.fr, www.mdk.fr, julien.palard.fr, mandark.fr, sizeof.fr, www.mandark.fr, www.sizeof.fr]
        nginx_owner: mdk_fr
        nginx_path: /var/www/mdk.fr/
        nginx_public_deploy_key: |
          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/8I1ecV8EutLc+Qx6Q8b2RhzXMl9n23LznNlw+MQtM mdk.fr
          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETtLGjVKqpQ4bQRh108Bi5vkc8omuEwZPEUbeysLfci formations          
        nginx_conf: |
          add_header Content-Security-Policy "frame-ancestors 'none'";
          add_header X-Frame-Options "DENY";

          server
          {
              listen 80;
              server_name julien.palard.fr sizeof.fr www.sizeof.fr;
              return 301 https://mdk.fr;
          }

          server
          {
              listen 80;
              server_name mdk.fr www.mdk.fr mandark.fr www.mandark.fr;
              return 301 https://mdk.fr$request_uri;
          }

          server
          {
              listen 443 ssl http2;
              server_name julien.palard.fr sizeof.fr www.sizeof.fr;
              include snippets/letsencrypt-mdk.fr.conf;
              add_header X-Frame-Options "DENY";
              return 301 https://mdk.fr;
          }

          server
          {
              listen 443 ssl http2;
              server_name www.mdk.fr mandark.fr www.mandark.fr;
              include snippets/letsencrypt-mdk.fr.conf;
              add_header Content-Security-Policy "frame-ancestors 'none'";
              add_header X-Frame-Options "DENY";
              return 301 https://mdk.fr$request_uri;
          }

          server
          {
              listen 443 ssl http2;
              charset utf-8;
              server_name mdk.fr;
              include snippets/letsencrypt-mdk.fr.conf;
              add_header Content-Security-Policy "default-src 'none'; font-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'";
              add_header X-Frame-Options "DENY";
              gzip_static on;

              location /noindex/ {
                autoindex off;
              }

              location /index/ {
                autoindex on;
              }

              location /talks/ {
                autoindex on;
              }

              root /var/www/mdk.fr/;
              index index.html;
          }          

    - name: Keep nginx logs longer
      copy:
        dest: /etc/logrotate.d/nginx
        content: |
          /var/log/nginx/*.log {
           	size 10M
          	missingok
          	rotate 99
          	compress
          	delaycompress
          	notifempty
          	create 0640 www-data adm
          	sharedscripts
          	prerotate
          		if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
          			run-parts /etc/logrotate.d/httpd-prerotate; \
          		fi \
          	endscript
          	postrotate
          		invoke-rc.d nginx rotate >/dev/null 2>&1
          	endscript
          }