playbooks/ansible_playbook_servers
1
0
Fork 0
mirror of https://github.com/DO1JLR/ansible_playbook_servers.git synced 2024-09-14 19:53:56 +02:00
Code Releases Activity

update nginx config

Browse source
This commit is contained in:
L3D 2021-11-09 16:40:55 +01:00
parent 00ddfabd9a
commit a15f1a8e52
Signed by: l3d
GPG key ID: CD08445BFF4313D1
10 changed files with 82 additions and 77 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
host_vars/web01.l3d.space/vars.yml
View file

@ -1,48 +1,41 @@
---
postgres_users_no_log: false
users:
l3d:
- l3d@pinkie.l3d.yt
- l3d@mobile.l3d.yt
- l3d@backup.l3d.yt
- l3d@derpy.l3d.yt
- l3d@backup-rsa.l3d.yt
- l3d@business.wingcon.com
local_users:
webwaffel:
- l3d@pinkie.l3d.yt
- l3d@mobile.l3d.yt
- l3d@backup.l3d.yt
- l3d@derpy.l3d.yt
- l3d@backup-rsa.l3d.yt
- l3d@business.wingcon.com
- l3d@bsns.l3d
webwaffelpodcast:
- l3d@pinkie.l3d.yt
- l3d@mobile.l3d.yt
- l3d@backup.l3d.yt
- l3d@derpy.l3d.yt
- l3d@backup-rsa.l3d.yt
- l3d@business.wingcon.com
- l3d@bsns.l3d
files:
- l3d@pinkie.l3d.yt
- l3d@mobile.l3d.yt
- l3d@backup.l3d.yt
- l3d@derpy.l3d.yt
- l3d@backup-rsa.l3d.yt
- l3d@business.wingcon.com
- l3d@bsns.l3d
preview:
- l3d@pinkie.l3d.yt
- l3d@mobile.l3d.yt
- l3d@backup.l3d.yt
- l3d@derpy.l3d.yt
- l3d@backup-rsa.l3d.yt
- l3d@business.wingcon.com
- l3d@bsns.l3d
see:
- l3d@pinkie.l3d.yt
- l3d@mobile.l3d.yt
- l3d@backup.l3d.yt
- l3d@derpy.l3d.yt
- l3d@backup-rsa.l3d.yt
- l3d@business.wingcon.com
- l3d@bsns.l3d
sshd__allowed_users:
- "root"
@ -66,12 +59,12 @@ sshd__allowed_groups:
- "preview"
- 'see'
accounts:
local_accounts:
- 'l3d'
- 'webwaffel'
- 'webwaffelpodcast'
- "files"
- "preview"
- 'files'
- 'preview'
- 'see'
acme_domain_unwant_list: []

2
site.yml
View file

@ -18,7 +18,7 @@
- name: user specific roles for all hosts
hosts: all
roles:
- {role: do1jlr.admin_base, tags: [default, dotfiles]}
- {role: do1jlr.admin_base, tags: [default, init, users, accounts, dotfiles]}
- {role: dotfiles, tags: [default, dotfiles]}
- {role: geerlingguy.firewall, tags: [default, firewall], become: true}
- {role: robertdebock.fail2ban, tags: [default, fail2ban], become: true}

5
templates/files/nginx/sites/files.l3d.ch_tls.conf
View file

@ -14,6 +14,7 @@ server {
location / {
autoindex off;
add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
try_files $uri $uri/ =418;
}
@ -21,16 +22,19 @@ server {
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
}
location /fff/ {
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
}
location = /hidden/ {
autoindex off;
add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
return 418;
}
@ -38,5 +42,6 @@ server {
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
}
}

19
templates/files/nginx/sites/l3d.ch_tls.conf
View file

@ -1,14 +1,15 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name l3d.ch;
server_name l3d.ch;
include snippets/tls_parameters_{{ site.name }}.snippet.conf;
include snippets/tls_certificate_{{ site.name }}.snippet.conf;
include snippets/logging_{{ site.name }}.snippet.conf;
include snippets/tls_parameters_{{ site.name }}.snippet.conf;
include snippets/tls_certificate_{{ site.name }}.snippet.conf;
include snippets/logging_{{ site.name }}.snippet.conf;
location / {
return 418;
}
location / {
add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
return 418;
}
}

19
templates/files/nginx/sites/l3d.me_tls.conf
View file

@ -1,14 +1,15 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name l3d.me;
server_name l3d.me;
include snippets/tls_parameters_{{ site.name }}.snippet.conf;
include snippets/tls_certificate_{{ site.name }}.snippet.conf;
include snippets/logging_{{ site.name }}.snippet.conf;
include snippets/tls_parameters_{{ site.name }}.snippet.conf;
include snippets/tls_certificate_{{ site.name }}.snippet.conf;
include snippets/logging_{{ site.name }}.snippet.conf;
location / {
return 418;
}
location / {
add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
return 418;
}
}

19
templates/files/nginx/sites/l3d.space_tls.conf
View file

@ -1,14 +1,15 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name l3d.space;
server_name l3d.space;
include snippets/tls_parameters_{{ site.name }}.snippet.conf;
include snippets/tls_certificate_{{ site.name }}.snippet.conf;
include snippets/logging_{{ site.name }}.snippet.conf;
include snippets/tls_parameters_{{ site.name }}.snippet.conf;
include snippets/tls_certificate_{{ site.name }}.snippet.conf;
include snippets/logging_{{ site.name }}.snippet.conf;
location / {
return 418;
}
location / {
add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
return 418;
}
}

30
templates/files/nginx/sites/mail.l3d.space_tls.conf
View file

@ -1,19 +1,21 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mail.l3d.space;
server_name mail.l3d.space;
include snippets/tls_parameters_{{ site.name }}.snippet.conf;
include snippets/tls_certificate_{{ site.name }}.snippet.conf;
include snippets/logging_{{ site.name }}.snippet.conf;
include snippets/tls_parameters_{{ site.name }}.snippet.conf;
include snippets/tls_certificate_{{ site.name }}.snippet.conf;
include snippets/logging_{{ site.name }}.snippet.conf;
location / {
return 418;
}
location /rspamd/ {
proxy_pass http://localhost:11334/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
return 418;
}
location /rspamd/ {
add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
proxy_pass http://localhost:11334/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

19
templates/files/nginx/sites/waffel.shop_tls.conf
View file

@ -1,14 +1,15 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name waffel.shop;
server_name waffel.shop;
include snippets/tls_parameters_{{ site.name }}.snippet.conf;
include snippets/tls_certificate_{{ site.name }}.snippet.conf;
include snippets/logging_{{ site.name }}.snippet.conf;
include snippets/tls_parameters_{{ site.name }}.snippet.conf;
include snippets/tls_certificate_{{ site.name }}.snippet.conf;
include snippets/logging_{{ site.name }}.snippet.conf;
location / {
return 418;
}
location / {
add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
return 418;
}
}

19
templates/files/nginx/sites/waffelpate.de_tls.conf
View file

@ -1,14 +1,15 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name waffelpate.de;
server_name waffelpate.de;
include snippets/tls_parameters_{{ site.name }}.snippet.conf;
include snippets/tls_certificate_{{ site.name }}.snippet.conf;
include snippets/logging_{{ site.name }}.snippet.conf;
include snippets/tls_parameters_{{ site.name }}.snippet.conf;
include snippets/tls_certificate_{{ site.name }}.snippet.conf;
include snippets/logging_{{ site.name }}.snippet.conf;
location / {
return 418;
}
location / {
add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
return 418;
}
}

2
templates/files/nginx/sites/xn--see-br-0xa.se_tls.conf
View file

@ -11,7 +11,7 @@ server {
root /srv/www/xn--see-br-0xa.se;
location / {
add_header X-Served-By "CYBER Teapod 2.0";
add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
charset utf-8;
try_files $uri $uri/ =404;