add wtf preview

2024-09-14 19:53:56 +02:00 · 2021-02-18 23:59:46 +01:00 · 2021-02-18 23:59:46 +01:00 · c577759dad
commit c577759dad
parent 9f53fdb82c
4 changed files with 50 additions and 5 deletions
--- a/host_vars/web01.l3d.space/vars.yml
+++ b/host_vars/web01.l3d.space/vars.yml
@ -22,6 +22,14 @@ users:
    - l3d@derpy.l3d.yt
    - l3d@backup-rsa.l3d.yt
    - l3d@business.wingcon.com
+  wtfpreview:
+    - l3d@pinkie.l3d.yt
+    - l3d@mobile.l3d.yt
+    - l3d@backup.l3d.yt
+    - l3d@derpy.l3d.yt
+    - l3d@backup-rsa.l3d.yt
+    - l3d@business.wingcon.com
+

 sshd__allowed_users:
  - "root"
@ -30,6 +38,7 @@ sshd__allowed_users:
  - "webwaffel"
  - "webwaffelpodcast"
  - "gitea"
+  - "wtfpreview"

 sshd__allowed_groups:
  - "root"
@ -38,11 +47,13 @@ sshd__allowed_groups:
  - "webwaffel"
  - "webwaffelpodcast"
  - "gitea"
+  - "wtfpreview"

 accounts:
-  - l3d
-  - webwaffel
-  - webwaffelpodcast
+  - 'l3d'
+  - 'webwaffel'
+  - 'webwaffelpodcast'
+  - 'wtfpreview'

 nginx_sites:
  - name: 'c3woc.de'
@ -95,6 +106,10 @@ nginx_sites:
  - name: 'wtf-kooperative.de'
  - name: 'www.wtf-kooperative.de'
  - name: 'cyber.yt'
+  - name: 'preview.wtf-kooperative.de'
+    webroot:
+      user: 'wtfpreview'
+  - name: 'www.preview.wtf-kooperative.de'

 acme_notification_email: "{{ _acme_notification_email }}"

--- a/site.yml
+++ b/site.yml
@ -16,9 +16,9 @@
 - name: user specific roles for all hosts
  hosts: all
  roles:
-    - {role: users, tags: [default, init, users]}
+    - {role: users, tags: [default, init, users, web]}
    - {role: dotfiles, tags: [default, dotfiles]}
-    - {role: ssh_auth, tags: [default, init, users]}
+    - {role: ssh_auth, tags: [default, init, users, web]}
    - {role: sshd, tags: [default, init, users]}
    - {role: geerlingguy.firewall, tags: [default, firewall], become: true}
    - {role: robertdebock.fail2ban, tags: [default, fail2ban], become: true}
--- a/templates/files/nginx/sites/preview.wtf-kooperative.de_tls.conf
+++ b/templates/files/nginx/sites/preview.wtf-kooperative.de_tls.conf
@ -0,0 +1,16 @@
+server {
+        listen 443 ssl http2;
+        listen [::]:443 ssl http2;
+
+        server_name preview.wtf-kooperative.de;
+
+        include snippets/tls_parameters_{{ site.name }}.snippet.conf;
+        include snippets/tls_certificate_{{ site.name }}.snippet.conf;
+        include snippets/logging_{{ site.name }}.snippet.conf;
+
+        root /srv/www/preview.wtf-kooperative.de;
+
+        location / {
+                try_files $uri $uri/ =404;
+        }
+}
--- a/templates/files/nginx/sites/www.preview.wtf-kooperative.de_tls.conf
+++ b/templates/files/nginx/sites/www.preview.wtf-kooperative.de_tls.conf
@ -0,0 +1,14 @@
+server {
+        listen 443 ssl http2;
+        listen [::]:443 ssl http2;
+
+        server_name www.preview.wtf-kooperative.de;
+
+        include snippets/tls_parameters_{{ site.name }}.snippet.conf;
+        include snippets/tls_certificate_{{ site.name }}.snippet.conf;
+        include snippets/logging_{{ site.name }}.snippet.conf;
+
+        location / {
+                return 308 https://preview.wtf-kooperative.de$request_uri;
+        }
+}