mirror of
https://github.com/DO1JLR/ansible_playbook_servers.git
synced 2024-09-14 19:53:56 +02:00
create etesync
This commit is contained in:
parent
622c39d025
commit
40e7e7fc70
6 changed files with 85 additions and 6 deletions
19
host_vars/services.l3d.space/vars.yml
Normal file
19
host_vars/services.l3d.space/vars.yml
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
acme_domain_unwant_list: []
|
||||||
|
# - name: 'example.com'
|
||||||
|
|
||||||
|
nginx_sites:
|
||||||
|
- name: 'etebase.l3d.ch'
|
||||||
|
|
||||||
|
acme_notification_email: "{{ _acme_notification_email }}"
|
||||||
|
|
||||||
|
# firewall
|
||||||
|
fail2ban_destemail: "{{ _fail2ban_destemail }}"
|
||||||
|
firewall_allowed_tcp_ports:
|
||||||
|
- "22"
|
||||||
|
- "80"
|
||||||
|
- "443"
|
||||||
|
|
||||||
|
etebase__allowed_hosts_allowed_host1: 'etebase.l3d.ch'
|
||||||
|
etebase__restart_webserver: true
|
||||||
|
etebase__systemd_setup: true
|
18
host_vars/services.l3d.space/vault.yml
Normal file
18
host_vars/services.l3d.space/vault.yml
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
36303862626638383966623733653733316630343437666130656664353064393633343831393261
|
||||||
|
3735303864663231623362373761653736346538313736320a356361643562656431323963306264
|
||||||
|
32386363323635363466323638363437383463646166626632613332313861383162323463333637
|
||||||
|
3933303462386163360a353365333632343861393666663239623664663038666433666363623934
|
||||||
|
63363263656434666136343833316138343730626432303430613031346561373436613836626165
|
||||||
|
34373331373266663835633466653437626533383566393833636361313937363965616461336130
|
||||||
|
62363239316437313935333037643632616665373439636237336264646133313030383633333763
|
||||||
|
38643333316531303638333435623563633266373463656138366334336134363861643365656532
|
||||||
|
31336134353464396533303261623038363037626530623764363664343566333437383231313366
|
||||||
|
62616533646330663464663530626437633764383963353736643330616430626463386532626361
|
||||||
|
63323437336664326535616638396538333338303838653930623038623631643562613431336563
|
||||||
|
34333662613061396130353865386434626665626665633139363266663038613137356138383364
|
||||||
|
61343736393361616332323764356162313936306432323232343764666163386533313862646537
|
||||||
|
34366432666464633735333436623832643630316432323138303338646563313361636366396563
|
||||||
|
34366230313131656438336561636634376661346533393539613030626532613734333739613131
|
||||||
|
34666139323639376536383630633534333734323561366239306634303735656361643138356337
|
||||||
|
3137
|
|
@ -15,3 +15,8 @@ services.l3d.space
|
||||||
|
|
||||||
[resolver:children]
|
[resolver:children]
|
||||||
mail
|
mail
|
||||||
|
|
||||||
|
[nginx]
|
||||||
|
[nginx:children]
|
||||||
|
web
|
||||||
|
services
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
Subproject commit 51b7b3aa6882d855481ed4128d11a21070432c1e
|
Subproject commit e8570dcd3b5803d1b6631f8f17bb150310785981
|
12
site.yml
12
site.yml
|
@ -23,12 +23,17 @@
|
||||||
- {role: geerlingguy.firewall, tags: [default, firewall], become: true}
|
- {role: geerlingguy.firewall, tags: [default, firewall], become: true}
|
||||||
- {role: robertdebock.fail2ban, tags: [default, fail2ban], become: true}
|
- {role: robertdebock.fail2ban, tags: [default, fail2ban], become: true}
|
||||||
|
|
||||||
- name: Deploy web config
|
- name: Setup Webserver
|
||||||
hosts: web
|
hosts: nginx
|
||||||
roles:
|
roles:
|
||||||
- {role: do1jlr.webhost, tags: [web, webhost], become: true}
|
- {role: do1jlr.webhost, tags: [web, webhost], become: true}
|
||||||
- {role: do1jlr.acmetool, tags: [web, acmetool], become: true}
|
- {role: do1jlr.acmetool, tags: [web, acmetool], become: true}
|
||||||
- {role: do1jlr.nginx, tags: [web, nginx]}
|
- {role: do1jlr.nginx, tags: [web, nginx]}
|
||||||
|
|
||||||
|
|
||||||
|
- name: Deploy web config
|
||||||
|
hosts: web
|
||||||
|
roles:
|
||||||
- {role: do1jlr.mysql, tags: [web, git, mysql], become: true}
|
- {role: do1jlr.mysql, tags: [web, git, mysql], become: true}
|
||||||
- {role: do1jlr.gitea, tags: [web, gitea, git]}
|
- {role: do1jlr.gitea, tags: [web, gitea, git]}
|
||||||
|
|
||||||
|
@ -46,9 +51,6 @@
|
||||||
hosts: mail
|
hosts: mail
|
||||||
roles:
|
roles:
|
||||||
- {role: do1jlr.mysql, tags: [mail, mysql, mariadb], become: true}
|
- {role: do1jlr.mysql, tags: [mail, mysql, mariadb], become: true}
|
||||||
- {role: do1jlr.webhost, tags: [mail, webhost], become: true}
|
|
||||||
- {role: do1jlr.acmetool, tags: [mail, acmetool], become: true}
|
|
||||||
- {role: do1jlr.nginx, tags: [mail, nginx]}
|
|
||||||
- {role: do1jlr.mailserver_preperation, tags: [mail, mailserver_preperation, prep, mailserver]}
|
- {role: do1jlr.mailserver_preperation, tags: [mail, mailserver_preperation, prep, mailserver]}
|
||||||
- {role: do1jlr.dovecot, tags: [mail, dovecot, mailserver_dovecot]}
|
- {role: do1jlr.dovecot, tags: [mail, dovecot, mailserver_dovecot]}
|
||||||
- {role: postfix, tags: [mail, postfix]}
|
- {role: postfix, tags: [mail, postfix]}
|
||||||
|
|
35
templates/files/nginx/sites/etebase.l3d.ch_tls.conf
Normal file
35
templates/files/nginx/sites/etebase.l3d.ch_tls.conf
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
upstream etebase {
|
||||||
|
server unix:///tmp/etebase_server.sock;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
|
server_name etebase.l3d.ch;
|
||||||
|
|
||||||
|
include snippets/tls_parameters_{{ site.name }}.snippet.conf;
|
||||||
|
include snippets/tls_certificate_{{ site.name }}.snippet.conf;
|
||||||
|
include snippets/logging_{{ site.name }}.snippet.conf;
|
||||||
|
|
||||||
|
charset utf-8;
|
||||||
|
client_max_body_size 75M;
|
||||||
|
|
||||||
|
location /static/ {
|
||||||
|
alias /var/lib/etebase/static_root/; # Project's static files
|
||||||
|
}
|
||||||
|
location / {
|
||||||
|
proxy_pass http://etebase;
|
||||||
|
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Host $server_name;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in a new issue