diff --git a/host_vars/web01.l3d.space/vars.yml b/host_vars/web01.l3d.space/vars.yml index 78d4615..d995b14 100644 --- a/host_vars/web01.l3d.space/vars.yml +++ b/host_vars/web01.l3d.space/vars.yml @@ -22,6 +22,14 @@ users: - l3d@derpy.l3d.yt - l3d@backup-rsa.l3d.yt - l3d@business.wingcon.com + wtfpreview: + - l3d@pinkie.l3d.yt + - l3d@mobile.l3d.yt + - l3d@backup.l3d.yt + - l3d@derpy.l3d.yt + - l3d@backup-rsa.l3d.yt + - l3d@business.wingcon.com + sshd__allowed_users: - "root" @@ -30,6 +38,7 @@ sshd__allowed_users: - "webwaffel" - "webwaffelpodcast" - "gitea" + - "wtfpreview" sshd__allowed_groups: - "root" @@ -38,11 +47,13 @@ sshd__allowed_groups: - "webwaffel" - "webwaffelpodcast" - "gitea" + - "wtfpreview" accounts: - - l3d - - webwaffel - - webwaffelpodcast + - 'l3d' + - 'webwaffel' + - 'webwaffelpodcast' + - 'wtfpreview' nginx_sites: - name: 'c3woc.de' @@ -95,6 +106,10 @@ nginx_sites: - name: 'wtf-kooperative.de' - name: 'www.wtf-kooperative.de' - name: 'cyber.yt' + - name: 'preview.wtf-kooperative.de' + webroot: + user: 'wtfpreview' + - name: 'www.preview.wtf-kooperative.de' acme_notification_email: "{{ _acme_notification_email }}" diff --git a/site.yml b/site.yml index b700639..2af1cc7 100644 --- a/site.yml +++ b/site.yml @@ -16,9 +16,9 @@ - name: user specific roles for all hosts hosts: all roles: - - {role: users, tags: [default, init, users]} + - {role: users, tags: [default, init, users, web]} - {role: dotfiles, tags: [default, dotfiles]} - - {role: ssh_auth, tags: [default, init, users]} + - {role: ssh_auth, tags: [default, init, users, web]} - {role: sshd, tags: [default, init, users]} - {role: geerlingguy.firewall, tags: [default, firewall], become: true} - {role: robertdebock.fail2ban, tags: [default, fail2ban], become: true} diff --git a/templates/files/nginx/sites/preview.wtf-kooperative.de_tls.conf b/templates/files/nginx/sites/preview.wtf-kooperative.de_tls.conf new file mode 100644 index 0000000..dac79b6 --- /dev/null +++ b/templates/files/nginx/sites/preview.wtf-kooperative.de_tls.conf @@ -0,0 +1,16 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name preview.wtf-kooperative.de; + + include snippets/tls_parameters_{{ site.name }}.snippet.conf; + include snippets/tls_certificate_{{ site.name }}.snippet.conf; + include snippets/logging_{{ site.name }}.snippet.conf; + + root /srv/www/preview.wtf-kooperative.de; + + location / { + try_files $uri $uri/ =404; + } +} diff --git a/templates/files/nginx/sites/www.preview.wtf-kooperative.de_tls.conf b/templates/files/nginx/sites/www.preview.wtf-kooperative.de_tls.conf new file mode 100644 index 0000000..cf36603 --- /dev/null +++ b/templates/files/nginx/sites/www.preview.wtf-kooperative.de_tls.conf @@ -0,0 +1,14 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name www.preview.wtf-kooperative.de; + + include snippets/tls_parameters_{{ site.name }}.snippet.conf; + include snippets/tls_certificate_{{ site.name }}.snippet.conf; + include snippets/logging_{{ site.name }}.snippet.conf; + + location / { + return 308 https://preview.wtf-kooperative.de$request_uri; + } +}