102 lines
3.0 KiB
YAML
102 lines
3.0 KiB
YAML
---
|
|
|
|
- hosts: mdk
|
|
vars:
|
|
letsencrypt_email: julien@palard.fr
|
|
tasks:
|
|
- name: Setup mdk.fr
|
|
include_role: name=nginx
|
|
vars:
|
|
nginx_domain: mdk.fr
|
|
nginx_certificates: [mdk.fr, www.mdk.fr, julien.palard.fr, mandark.fr, sizeof.fr, www.mandark.fr, www.sizeof.fr]
|
|
nginx_owner: mdk_fr
|
|
nginx_path: /var/www/mdk.fr/
|
|
nginx_public_deploy_key: |
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/8I1ecV8EutLc+Qx6Q8b2RhzXMl9n23LznNlw+MQtM mdk.fr
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETtLGjVKqpQ4bQRh108Bi5vkc8omuEwZPEUbeysLfci formations
|
|
nginx_conf: |
|
|
add_header Content-Security-Policy "frame-ancestors 'none'";
|
|
add_header X-Frame-Options "DENY";
|
|
|
|
server
|
|
{
|
|
listen 80;
|
|
server_name julien.palard.fr sizeof.fr www.sizeof.fr;
|
|
return 301 https://mdk.fr;
|
|
}
|
|
|
|
server
|
|
{
|
|
listen 80;
|
|
server_name mdk.fr www.mdk.fr mandark.fr www.mandark.fr;
|
|
return 301 https://mdk.fr$request_uri;
|
|
}
|
|
|
|
server
|
|
{
|
|
listen 443 ssl http2;
|
|
server_name julien.palard.fr sizeof.fr www.sizeof.fr;
|
|
include snippets/letsencrypt-mdk.fr.conf;
|
|
add_header X-Frame-Options "DENY";
|
|
return 301 https://mdk.fr;
|
|
}
|
|
|
|
server
|
|
{
|
|
listen 443 ssl http2;
|
|
server_name www.mdk.fr mandark.fr www.mandark.fr;
|
|
include snippets/letsencrypt-mdk.fr.conf;
|
|
add_header Content-Security-Policy "frame-ancestors 'none'";
|
|
add_header X-Frame-Options "DENY";
|
|
return 301 https://mdk.fr$request_uri;
|
|
}
|
|
|
|
server
|
|
{
|
|
listen 443 ssl http2;
|
|
charset utf-8;
|
|
server_name mdk.fr;
|
|
include snippets/letsencrypt-mdk.fr.conf;
|
|
add_header Content-Security-Policy "default-src 'none'; font-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'";
|
|
add_header X-Frame-Options "DENY";
|
|
gzip_static on;
|
|
|
|
location /noindex/ {
|
|
autoindex off;
|
|
}
|
|
|
|
location /index/ {
|
|
autoindex on;
|
|
}
|
|
|
|
location /talks/ {
|
|
autoindex on;
|
|
}
|
|
|
|
root /var/www/mdk.fr/;
|
|
index index.html;
|
|
}
|
|
|
|
- name: Keep nginx logs longer
|
|
copy:
|
|
dest: /etc/logrotate.d/nginx
|
|
content: |
|
|
/var/log/nginx/*.log {
|
|
size 10M
|
|
missingok
|
|
rotate 99
|
|
compress
|
|
delaycompress
|
|
notifempty
|
|
create 0640 www-data adm
|
|
sharedscripts
|
|
prerotate
|
|
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
|
|
run-parts /etc/logrotate.d/httpd-prerotate; \
|
|
fi \
|
|
endscript
|
|
postrotate
|
|
invoke-rc.d nginx rotate >/dev/null 2>&1
|
|
endscript
|
|
}
|