playbooks/ansible_playbook_servers
1
0
Fork 0
mirror of https://github.com/DO1JLR/ansible_playbook_servers.git synced 2024-09-14 19:53:56 +02:00
Code Releases Activity

update nginx config

Browse source
This commit is contained in:
L3D 2021-11-09 16:40:55 +01:00
parent 00ddfabd9a
commit a15f1a8e52
Signed by: l3d
GPG key ID: CD08445BFF4313D1
10 changed files with 82 additions and 77 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
host_vars/web01.l3d.space/vars.yml
View file

@ -1,48 +1,41 @@
--- ---
postgres_users_no_log: false postgres_users_no_log: false
users: local_users:
l3d:
- l3d@pinkie.l3d.yt
- l3d@mobile.l3d.yt
- l3d@backup.l3d.yt
- l3d@derpy.l3d.yt
- l3d@backup-rsa.l3d.yt
- l3d@business.wingcon.com
webwaffel: webwaffel:
- l3d@pinkie.l3d.yt - l3d@pinkie.l3d.yt
- l3d@mobile.l3d.yt - l3d@mobile.l3d.yt
- l3d@backup.l3d.yt - l3d@backup.l3d.yt
- l3d@derpy.l3d.yt - l3d@derpy.l3d.yt
- l3d@backup-rsa.l3d.yt - l3d@backup-rsa.l3d.yt
- l3d@business.wingcon.com - l3d@bsns.l3d
webwaffelpodcast: webwaffelpodcast:
- l3d@pinkie.l3d.yt - l3d@pinkie.l3d.yt
- l3d@mobile.l3d.yt - l3d@mobile.l3d.yt
- l3d@backup.l3d.yt - l3d@backup.l3d.yt
- l3d@derpy.l3d.yt - l3d@derpy.l3d.yt
- l3d@backup-rsa.l3d.yt - l3d@backup-rsa.l3d.yt
- l3d@business.wingcon.com - l3d@bsns.l3d
files: files:
- l3d@pinkie.l3d.yt - l3d@pinkie.l3d.yt
- l3d@mobile.l3d.yt - l3d@mobile.l3d.yt
- l3d@backup.l3d.yt - l3d@backup.l3d.yt
- l3d@derpy.l3d.yt - l3d@derpy.l3d.yt
- l3d@backup-rsa.l3d.yt - l3d@backup-rsa.l3d.yt
- l3d@business.wingcon.com - l3d@bsns.l3d
preview: preview:
- l3d@pinkie.l3d.yt - l3d@pinkie.l3d.yt
- l3d@mobile.l3d.yt - l3d@mobile.l3d.yt
- l3d@backup.l3d.yt - l3d@backup.l3d.yt
- l3d@derpy.l3d.yt - l3d@derpy.l3d.yt
- l3d@backup-rsa.l3d.yt - l3d@backup-rsa.l3d.yt
- l3d@business.wingcon.com - l3d@bsns.l3d
see: see:
- l3d@pinkie.l3d.yt - l3d@pinkie.l3d.yt
- l3d@mobile.l3d.yt - l3d@mobile.l3d.yt
- l3d@backup.l3d.yt - l3d@backup.l3d.yt
- l3d@derpy.l3d.yt - l3d@derpy.l3d.yt
- l3d@backup-rsa.l3d.yt - l3d@backup-rsa.l3d.yt
- l3d@business.wingcon.com - l3d@bsns.l3d
sshd__allowed_users: sshd__allowed_users:
- "root" - "root"
@ -66,12 +59,12 @@ sshd__allowed_groups:
- "preview" - "preview"
- 'see' - 'see'
accounts: local_accounts:
- 'l3d' - 'l3d'
- 'webwaffel' - 'webwaffel'
- 'webwaffelpodcast' - 'webwaffelpodcast'
- "files" - 'files'
- "preview" - 'preview'
- 'see' - 'see'
acme_domain_unwant_list: [] acme_domain_unwant_list: []

2
site.yml
View file

@ -18,7 +18,7 @@
- name: user specific roles for all hosts - name: user specific roles for all hosts
hosts: all hosts: all
roles: roles:
- {role: do1jlr.admin_base, tags: [default, dotfiles]} - {role: do1jlr.admin_base, tags: [default, init, users, accounts, dotfiles]}
- {role: dotfiles, tags: [default, dotfiles]} - {role: dotfiles, tags: [default, dotfiles]}
- {role: geerlingguy.firewall, tags: [default, firewall], become: true} - {role: geerlingguy.firewall, tags: [default, firewall], become: true}
- {role: robertdebock.fail2ban, tags: [default, fail2ban], become: true} - {role: robertdebock.fail2ban, tags: [default, fail2ban], become: true}

5
templates/files/nginx/sites/files.l3d.ch_tls.conf
View file

@ -14,6 +14,7 @@ server {
location / { location / {
autoindex off; autoindex off;
add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
try_files $uri $uri/ =418; try_files $uri $uri/ =418;
} }
@ -21,16 +22,19 @@ server {
autoindex on; autoindex on;
autoindex_exact_size off; autoindex_exact_size off;
autoindex_localtime on; autoindex_localtime on;
add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
} }
location /fff/ { location /fff/ {
autoindex on; autoindex on;
autoindex_exact_size off; autoindex_exact_size off;
autoindex_localtime on; autoindex_localtime on;
add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
} }
location = /hidden/ { location = /hidden/ {
autoindex off; autoindex off;
add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
return 418; return 418;
} }
@ -38,5 +42,6 @@ server {
autoindex on; autoindex on;
autoindex_exact_size off; autoindex_exact_size off;
autoindex_localtime on; autoindex_localtime on;
add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
} }
} }

19
templates/files/nginx/sites/l3d.ch_tls.conf
View file

@ -1,14 +1,15 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name l3d.ch; server_name l3d.ch;
include snippets/tls_parameters_{{ site.name }}.snippet.conf; include snippets/tls_parameters_{{ site.name }}.snippet.conf;
include snippets/tls_certificate_{{ site.name }}.snippet.conf; include snippets/tls_certificate_{{ site.name }}.snippet.conf;
include snippets/logging_{{ site.name }}.snippet.conf; include snippets/logging_{{ site.name }}.snippet.conf;
location / { location / {
return 418; add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
} return 418;
}
} }

19
templates/files/nginx/sites/l3d.me_tls.conf
View file

@ -1,14 +1,15 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name l3d.me; server_name l3d.me;
include snippets/tls_parameters_{{ site.name }}.snippet.conf; include snippets/tls_parameters_{{ site.name }}.snippet.conf;
include snippets/tls_certificate_{{ site.name }}.snippet.conf; include snippets/tls_certificate_{{ site.name }}.snippet.conf;
include snippets/logging_{{ site.name }}.snippet.conf; include snippets/logging_{{ site.name }}.snippet.conf;
location / { location / {
return 418; add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
} return 418;
}
} }

19
templates/files/nginx/sites/l3d.space_tls.conf
View file

@ -1,14 +1,15 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name l3d.space; server_name l3d.space;
include snippets/tls_parameters_{{ site.name }}.snippet.conf; include snippets/tls_parameters_{{ site.name }}.snippet.conf;
include snippets/tls_certificate_{{ site.name }}.snippet.conf; include snippets/tls_certificate_{{ site.name }}.snippet.conf;
include snippets/logging_{{ site.name }}.snippet.conf; include snippets/logging_{{ site.name }}.snippet.conf;
location / { location / {
return 418; add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
} return 418;
}
} }

30
templates/files/nginx/sites/mail.l3d.space_tls.conf
View file

@ -1,19 +1,21 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name mail.l3d.space; server_name mail.l3d.space;
include snippets/tls_parameters_{{ site.name }}.snippet.conf; include snippets/tls_parameters_{{ site.name }}.snippet.conf;
include snippets/tls_certificate_{{ site.name }}.snippet.conf; include snippets/tls_certificate_{{ site.name }}.snippet.conf;
include snippets/logging_{{ site.name }}.snippet.conf; include snippets/logging_{{ site.name }}.snippet.conf;
location / { location / {
return 418; add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
} return 418;
location /rspamd/ { }
proxy_pass http://localhost:11334/; location /rspamd/ {
proxy_set_header Host $host; add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:11334/;
} proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
} }

19
templates/files/nginx/sites/waffel.shop_tls.conf
View file

@ -1,14 +1,15 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name waffel.shop; server_name waffel.shop;
include snippets/tls_parameters_{{ site.name }}.snippet.conf; include snippets/tls_parameters_{{ site.name }}.snippet.conf;
include snippets/tls_certificate_{{ site.name }}.snippet.conf; include snippets/tls_certificate_{{ site.name }}.snippet.conf;
include snippets/logging_{{ site.name }}.snippet.conf; include snippets/logging_{{ site.name }}.snippet.conf;
location / { location / {
return 418; add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
} return 418;
}
} }

19
templates/files/nginx/sites/waffelpate.de_tls.conf
View file

@ -1,14 +1,15 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name waffelpate.de; server_name waffelpate.de;
include snippets/tls_parameters_{{ site.name }}.snippet.conf; include snippets/tls_parameters_{{ site.name }}.snippet.conf;
include snippets/tls_certificate_{{ site.name }}.snippet.conf; include snippets/tls_certificate_{{ site.name }}.snippet.conf;
include snippets/logging_{{ site.name }}.snippet.conf; include snippets/logging_{{ site.name }}.snippet.conf;
location / { location / {
return 418; add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
} return 418;
}
} }

2
templates/files/nginx/sites/xn--see-br-0xa.se_tls.conf
View file

@ -11,7 +11,7 @@ server {
root /srv/www/xn--see-br-0xa.se; root /srv/www/xn--see-br-0xa.se;
location / { location / {
add_header X-Served-By "CYBER Teapod 2.0"; add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
charset utf-8; charset utf-8;
try_files $uri $uri/ =404; try_files $uri $uri/ =404;