From a15f1a8e528026ad39636e444d9b338fff1c8540 Mon Sep 17 00:00:00 2001 From: L3D Date: Tue, 9 Nov 2021 16:40:55 +0100 Subject: [PATCH] update nginx config --- host_vars/web01.l3d.space/vars.yml | 25 ++++++---------- site.yml | 2 +- .../files/nginx/sites/files.l3d.ch_tls.conf | 5 ++++ templates/files/nginx/sites/l3d.ch_tls.conf | 19 ++++++------ templates/files/nginx/sites/l3d.me_tls.conf | 19 ++++++------ .../files/nginx/sites/l3d.space_tls.conf | 19 ++++++------ .../files/nginx/sites/mail.l3d.space_tls.conf | 30 ++++++++++--------- .../files/nginx/sites/waffel.shop_tls.conf | 19 ++++++------ .../files/nginx/sites/waffelpate.de_tls.conf | 19 ++++++------ .../nginx/sites/xn--see-br-0xa.se_tls.conf | 2 +- 10 files changed, 82 insertions(+), 77 deletions(-) diff --git a/host_vars/web01.l3d.space/vars.yml b/host_vars/web01.l3d.space/vars.yml index b5228d1..4f06d41 100644 --- a/host_vars/web01.l3d.space/vars.yml +++ b/host_vars/web01.l3d.space/vars.yml @@ -1,48 +1,41 @@ --- postgres_users_no_log: false -users: - l3d: - - l3d@pinkie.l3d.yt - - l3d@mobile.l3d.yt - - l3d@backup.l3d.yt - - l3d@derpy.l3d.yt - - l3d@backup-rsa.l3d.yt - - l3d@business.wingcon.com +local_users: webwaffel: - l3d@pinkie.l3d.yt - l3d@mobile.l3d.yt - l3d@backup.l3d.yt - l3d@derpy.l3d.yt - l3d@backup-rsa.l3d.yt - - l3d@business.wingcon.com + - l3d@bsns.l3d webwaffelpodcast: - l3d@pinkie.l3d.yt - l3d@mobile.l3d.yt - l3d@backup.l3d.yt - l3d@derpy.l3d.yt - l3d@backup-rsa.l3d.yt - - l3d@business.wingcon.com + - l3d@bsns.l3d files: - l3d@pinkie.l3d.yt - l3d@mobile.l3d.yt - l3d@backup.l3d.yt - l3d@derpy.l3d.yt - l3d@backup-rsa.l3d.yt - - l3d@business.wingcon.com + - l3d@bsns.l3d preview: - l3d@pinkie.l3d.yt - l3d@mobile.l3d.yt - l3d@backup.l3d.yt - l3d@derpy.l3d.yt - l3d@backup-rsa.l3d.yt - - l3d@business.wingcon.com + - l3d@bsns.l3d see: - l3d@pinkie.l3d.yt - l3d@mobile.l3d.yt - l3d@backup.l3d.yt - l3d@derpy.l3d.yt - l3d@backup-rsa.l3d.yt - - l3d@business.wingcon.com + - l3d@bsns.l3d sshd__allowed_users: - "root" @@ -66,12 +59,12 @@ sshd__allowed_groups: - "preview" - 'see' -accounts: +local_accounts: - 'l3d' - 'webwaffel' - 'webwaffelpodcast' - - "files" - - "preview" + - 'files' + - 'preview' - 'see' acme_domain_unwant_list: [] diff --git a/site.yml b/site.yml index 3acfd3a..de016ad 100644 --- a/site.yml +++ b/site.yml @@ -18,7 +18,7 @@ - name: user specific roles for all hosts hosts: all roles: - - {role: do1jlr.admin_base, tags: [default, dotfiles]} + - {role: do1jlr.admin_base, tags: [default, init, users, accounts, dotfiles]} - {role: dotfiles, tags: [default, dotfiles]} - {role: geerlingguy.firewall, tags: [default, firewall], become: true} - {role: robertdebock.fail2ban, tags: [default, fail2ban], become: true} diff --git a/templates/files/nginx/sites/files.l3d.ch_tls.conf b/templates/files/nginx/sites/files.l3d.ch_tls.conf index 5cf6478..0a69fa3 100644 --- a/templates/files/nginx/sites/files.l3d.ch_tls.conf +++ b/templates/files/nginx/sites/files.l3d.ch_tls.conf @@ -14,6 +14,7 @@ server { location / { autoindex off; + add_header X-Served-By "teapot CYBER 4.0 (with blockchain)"; try_files $uri $uri/ =418; } @@ -21,16 +22,19 @@ server { autoindex on; autoindex_exact_size off; autoindex_localtime on; + add_header X-Served-By "teapot CYBER 4.0 (with blockchain)"; } location /fff/ { autoindex on; autoindex_exact_size off; autoindex_localtime on; + add_header X-Served-By "teapot CYBER 4.0 (with blockchain)"; } location = /hidden/ { autoindex off; + add_header X-Served-By "teapot CYBER 4.0 (with blockchain)"; return 418; } @@ -38,5 +42,6 @@ server { autoindex on; autoindex_exact_size off; autoindex_localtime on; + add_header X-Served-By "teapot CYBER 4.0 (with blockchain)"; } } diff --git a/templates/files/nginx/sites/l3d.ch_tls.conf b/templates/files/nginx/sites/l3d.ch_tls.conf index 24da2b7..751278d 100644 --- a/templates/files/nginx/sites/l3d.ch_tls.conf +++ b/templates/files/nginx/sites/l3d.ch_tls.conf @@ -1,14 +1,15 @@ server { - listen 443 ssl http2; - listen [::]:443 ssl http2; + listen 443 ssl http2; + listen [::]:443 ssl http2; - server_name l3d.ch; + server_name l3d.ch; - include snippets/tls_parameters_{{ site.name }}.snippet.conf; - include snippets/tls_certificate_{{ site.name }}.snippet.conf; - include snippets/logging_{{ site.name }}.snippet.conf; + include snippets/tls_parameters_{{ site.name }}.snippet.conf; + include snippets/tls_certificate_{{ site.name }}.snippet.conf; + include snippets/logging_{{ site.name }}.snippet.conf; - location / { - return 418; - } + location / { + add_header X-Served-By "teapot CYBER 4.0 (with blockchain)"; + return 418; + } } diff --git a/templates/files/nginx/sites/l3d.me_tls.conf b/templates/files/nginx/sites/l3d.me_tls.conf index 49694c6..675e0e9 100644 --- a/templates/files/nginx/sites/l3d.me_tls.conf +++ b/templates/files/nginx/sites/l3d.me_tls.conf @@ -1,14 +1,15 @@ server { - listen 443 ssl http2; - listen [::]:443 ssl http2; + listen 443 ssl http2; + listen [::]:443 ssl http2; - server_name l3d.me; + server_name l3d.me; - include snippets/tls_parameters_{{ site.name }}.snippet.conf; - include snippets/tls_certificate_{{ site.name }}.snippet.conf; - include snippets/logging_{{ site.name }}.snippet.conf; + include snippets/tls_parameters_{{ site.name }}.snippet.conf; + include snippets/tls_certificate_{{ site.name }}.snippet.conf; + include snippets/logging_{{ site.name }}.snippet.conf; - location / { - return 418; - } + location / { + add_header X-Served-By "teapot CYBER 4.0 (with blockchain)"; + return 418; + } } diff --git a/templates/files/nginx/sites/l3d.space_tls.conf b/templates/files/nginx/sites/l3d.space_tls.conf index 0611902..150eae6 100644 --- a/templates/files/nginx/sites/l3d.space_tls.conf +++ b/templates/files/nginx/sites/l3d.space_tls.conf @@ -1,14 +1,15 @@ server { - listen 443 ssl http2; - listen [::]:443 ssl http2; + listen 443 ssl http2; + listen [::]:443 ssl http2; - server_name l3d.space; + server_name l3d.space; - include snippets/tls_parameters_{{ site.name }}.snippet.conf; - include snippets/tls_certificate_{{ site.name }}.snippet.conf; - include snippets/logging_{{ site.name }}.snippet.conf; + include snippets/tls_parameters_{{ site.name }}.snippet.conf; + include snippets/tls_certificate_{{ site.name }}.snippet.conf; + include snippets/logging_{{ site.name }}.snippet.conf; - location / { - return 418; - } + location / { + add_header X-Served-By "teapot CYBER 4.0 (with blockchain)"; + return 418; + } } diff --git a/templates/files/nginx/sites/mail.l3d.space_tls.conf b/templates/files/nginx/sites/mail.l3d.space_tls.conf index fbba559..9b5a0e0 100644 --- a/templates/files/nginx/sites/mail.l3d.space_tls.conf +++ b/templates/files/nginx/sites/mail.l3d.space_tls.conf @@ -1,19 +1,21 @@ server { - listen 443 ssl http2; - listen [::]:443 ssl http2; + listen 443 ssl http2; + listen [::]:443 ssl http2; - server_name mail.l3d.space; + server_name mail.l3d.space; - include snippets/tls_parameters_{{ site.name }}.snippet.conf; - include snippets/tls_certificate_{{ site.name }}.snippet.conf; - include snippets/logging_{{ site.name }}.snippet.conf; + include snippets/tls_parameters_{{ site.name }}.snippet.conf; + include snippets/tls_certificate_{{ site.name }}.snippet.conf; + include snippets/logging_{{ site.name }}.snippet.conf; - location / { - return 418; - } - location /rspamd/ { - proxy_pass http://localhost:11334/; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } + location / { + add_header X-Served-By "teapot CYBER 4.0 (with blockchain)"; + return 418; + } + location /rspamd/ { + add_header X-Served-By "teapot CYBER 4.0 (with blockchain)"; + proxy_pass http://localhost:11334/; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } } diff --git a/templates/files/nginx/sites/waffel.shop_tls.conf b/templates/files/nginx/sites/waffel.shop_tls.conf index cf06887..3220864 100644 --- a/templates/files/nginx/sites/waffel.shop_tls.conf +++ b/templates/files/nginx/sites/waffel.shop_tls.conf @@ -1,14 +1,15 @@ server { - listen 443 ssl http2; - listen [::]:443 ssl http2; + listen 443 ssl http2; + listen [::]:443 ssl http2; - server_name waffel.shop; + server_name waffel.shop; - include snippets/tls_parameters_{{ site.name }}.snippet.conf; - include snippets/tls_certificate_{{ site.name }}.snippet.conf; - include snippets/logging_{{ site.name }}.snippet.conf; + include snippets/tls_parameters_{{ site.name }}.snippet.conf; + include snippets/tls_certificate_{{ site.name }}.snippet.conf; + include snippets/logging_{{ site.name }}.snippet.conf; - location / { - return 418; - } + location / { + add_header X-Served-By "teapot CYBER 4.0 (with blockchain)"; + return 418; + } } diff --git a/templates/files/nginx/sites/waffelpate.de_tls.conf b/templates/files/nginx/sites/waffelpate.de_tls.conf index dc8c845..a1e5e6a 100644 --- a/templates/files/nginx/sites/waffelpate.de_tls.conf +++ b/templates/files/nginx/sites/waffelpate.de_tls.conf @@ -1,14 +1,15 @@ server { - listen 443 ssl http2; - listen [::]:443 ssl http2; + listen 443 ssl http2; + listen [::]:443 ssl http2; - server_name waffelpate.de; + server_name waffelpate.de; - include snippets/tls_parameters_{{ site.name }}.snippet.conf; - include snippets/tls_certificate_{{ site.name }}.snippet.conf; - include snippets/logging_{{ site.name }}.snippet.conf; + include snippets/tls_parameters_{{ site.name }}.snippet.conf; + include snippets/tls_certificate_{{ site.name }}.snippet.conf; + include snippets/logging_{{ site.name }}.snippet.conf; - location / { - return 418; - } + location / { + add_header X-Served-By "teapot CYBER 4.0 (with blockchain)"; + return 418; + } } diff --git a/templates/files/nginx/sites/xn--see-br-0xa.se_tls.conf b/templates/files/nginx/sites/xn--see-br-0xa.se_tls.conf index 657a3b2..b10b300 100644 --- a/templates/files/nginx/sites/xn--see-br-0xa.se_tls.conf +++ b/templates/files/nginx/sites/xn--see-br-0xa.se_tls.conf @@ -11,7 +11,7 @@ server { root /srv/www/xn--see-br-0xa.se; location / { - add_header X-Served-By "CYBER Teapod 2.0"; + add_header X-Served-By "teapot CYBER 4.0 (with blockchain)"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; charset utf-8; try_files $uri $uri/ =404;