Compare commits
3 Commits
bc8c030700
...
62a6a491db
Author | SHA1 | Date | |
---|---|---|---|
62a6a491db | |||
4867d6da6a | |||
d9f7c7a93b |
@ -1,6 +1,9 @@
|
||||
---
|
||||
# file: group_vars/web
|
||||
|
||||
# run nginx by default
|
||||
webserver: nginx
|
||||
|
||||
# all hosts run fail2ban with the sshd filter, but some can use other filters
|
||||
extra_fail2ban_filters:
|
||||
- nginx
|
||||
|
149
host_vars/web23
149
host_vars/web23
@ -1,85 +1,66 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
30633037383332656130363532373262623063623730666337373430336363383964343039663832
|
||||
3633313230323565376234336433383330626238373665360a393234643435376431613363313036
|
||||
32386236343262643662356563633038333434333730616332353234333363356465326133623139
|
||||
3830316433303631640a613231373138336330646639376135326238383230323534316464383135
|
||||
35333631356666323161313261633134636364396232323130333666373864333165346233666232
|
||||
62346362353033636464323866343334633565373265623431613866623234633133633466383735
|
||||
31343439646166633237643364386638306539626562636235666535333438343664323932383865
|
||||
39333533363131633930353962336238363234393161623966376365326661643431303263653164
|
||||
63666436616437326137303765303730303135663434663235373363323966623166376332393661
|
||||
62336336366265623035346162303730323762353961376333313662626232343366653930656338
|
||||
36353134333463663034363737653133633536356166353966373563316235636132383530643339
|
||||
37326661346666663139326239396466373630633363373431346635626561623665366566653731
|
||||
36396138643936623632613934633965663166313364396466633263303738666164316231366662
|
||||
64636362356564663330363763323139623065336162353734626539663231663734333962343665
|
||||
32613563363130376665333666313733303963633161313633636337646466353064653866623265
|
||||
30653762316433653631306535303463663738653731633964666466623534396663326263643437
|
||||
62663366613635373832316538653066623733336631663261666564333634643161653962373932
|
||||
30313065656238663063313737383432393433656439383033346634373030643166306565646230
|
||||
62353930336664393733663462343062323332323030356338316133393838656536306164623435
|
||||
64393634363665643862346564326138336136393235316433313538383162396563303937356335
|
||||
33646334646630646233323762323335303030393331636532656132313536663465383237623536
|
||||
39633364363036636434323963613633353238346134643837316232653038616138373731643033
|
||||
64396563353839386334313933653664613230323430383434653964636538393838386639356361
|
||||
63643565643636653434343363333966653163616236363366356539313532393133666239376530
|
||||
62663930343462633864373138633364636634643361363935303263353766373936386561376638
|
||||
65316138646534396435636563326165643737326533303338323665656334346264643262636437
|
||||
63303530363063316461333536333433366461356533393139313435396136353439323435366266
|
||||
32343566616161636466663339613434643835613831346366613866343536663530326431343139
|
||||
38653165383430653064613837343738623134303766373133623131646134613663383637336264
|
||||
35313966646639613262623836393933376137623535323365393837326631663930313336313737
|
||||
35626139386264303162393636306136306161383565353739643166653262366164386539353266
|
||||
38323266343833323063343263346365383534643835353435626335333637303237633239646330
|
||||
32643235666331613364616535326230346634333363633938646633633831633364653337373235
|
||||
30316161633634303562613263633962376365363038346137316164323036616664626132386461
|
||||
65323764383733666634643635633834396635343835663266623839383130343563386231376537
|
||||
62326338643833303538343566616461353135333863626462663830366435636564626538346361
|
||||
33646661613334636239653636383436653438376235376665363235653837303037363164633931
|
||||
32633733326139346261323464393734316661633239643437373235303237643932633433313564
|
||||
36643739613330303362663861626637613130383965646639356532353539373437326439356362
|
||||
39643137666633313262356366616561353461633033376235313965646132343233326366353264
|
||||
35393561633632306265373032306636326261646235623266636662646334363233623330333734
|
||||
37663266363639623036323433656166383631386633313131303030306437643761343965353063
|
||||
39373435363238616566643239306136366637646437633335313431623839616264616261633339
|
||||
33313364323039373531346335333963343034323637643134653566666562373137656335633932
|
||||
39653862653465626432663534663965653933623430616561363430666235363666613833656463
|
||||
65326430383137663034623233393339623135356535666161366564383564336132363038646663
|
||||
61353465393265613337643338326436333237336339326262356362643932623163616638643835
|
||||
31323739646335383532396665326535373161666661306538653365346465366434346463663438
|
||||
64323766353933633736313266386564656436666534326534663531613936633830386238303861
|
||||
37363231656365383531613764386662356334313330333236363734646431383166636132383338
|
||||
35343138353232663135366438386366626239326632333937666530626364313463613831313162
|
||||
30363933623561396137616130656535393138346339663266353764653931316639636562666164
|
||||
61333938363466623031653766313139306439396435663665386665663663306134666563373238
|
||||
36316261363063666335363462353066313735386139313465623338366266383434643464643162
|
||||
34383836636336316232343132363464383565366162313563393864376433386236376565623631
|
||||
64656164646635666139396539353763333065323266663262643233306261656532613362346432
|
||||
33373631613137336366666266633331303966653138393539326335653463303033613565663638
|
||||
30663465643832643637643836323462633163643534663465336664313265353966306261613339
|
||||
32616139353263663033373835653632386262396164343731613836336435616131356632653830
|
||||
61613461333632666366653330626537396232323733663930633966663239356130306666376137
|
||||
62636333373635356461633431346636643731656338306366396430323537626233316137656465
|
||||
65643339346565376166373066643339356666663735313063303130313663393966623866613337
|
||||
31386663363166336337633266646363666236623837303634643337316636353531653765323637
|
||||
62313330326363303932633336383337353062643865383730613435353832663364643262626162
|
||||
63303439383164333037306231613538313639626537323039366561363233303735323032653432
|
||||
35643432336666616665386238353034333037353630323234316266373936356439353632336365
|
||||
37646462666537306534623937393939326663316532623837326564303330373261323630353863
|
||||
38343438316539336464376664326362353831396132393566396333613164646462636361646234
|
||||
35313837666463376233623762663239613134356632333730343363346238613334383861306635
|
||||
31623665666461643661383265633965386566656165663566376235343338636336336330336661
|
||||
64653032656365363835616634656663623365323766396537303361336533313132316631316533
|
||||
31353036663766643131386135653366313535366232636538346237613461383761393666336432
|
||||
31623364653166356565376463363437386533303062373930393761646163613962636462643865
|
||||
33376561323366363936386531663637343465626666623133396162306139366665616132326161
|
||||
63663535636465383836333061396239313463343635633135323464646135393031386361633539
|
||||
64396534396361323466326364326266386336643831643536383866313033366534636135613736
|
||||
34316661313335383239316536623862316637396465616563386361636261313330313466656239
|
||||
37626431613464363965343233666534323736363865373734633535343632393335346265643361
|
||||
65326436393631353264613761343237386561306261353261356364386137393362306566353032
|
||||
31313363613963323136303262323934333961343563626533666563636432653436393937303037
|
||||
37336566663932663062633534303632646162316262323935366661313938393735666561343237
|
||||
31616366363339353231643561373362613266343266623464323238356261303762316334333266
|
||||
39303633316164376330343864336636313333363862323835303735383866363334643933653337
|
||||
35373030353264323761
|
||||
61316332393939333164663961386365343936663433326263656334356337666439643666313230
|
||||
3266663864383234633263626438653466643532323532620a636337353334366365336531313862
|
||||
39393864613739303933366136633032336563666338656161313838313839616433633831626237
|
||||
3132363636383034380a313566653662663635386632613164626634376563323739653662323333
|
||||
61663634336137646232626365623632353663323466363130396238356337653834623336643865
|
||||
64646664376330636665303034326537363132366532373631646533643963643263386366316634
|
||||
30623432623333343462316239343962643263336132643634356137336664393335353530383635
|
||||
36353537333933356232326666316363306639366433383164313566343739663734656337376237
|
||||
61303534626331643939636432626533376131613439393138613433613936666262346535353436
|
||||
36366532303164366363663738653162653238386639336230656362373163303634646230633830
|
||||
33643765616534636237333133383436633330666436326332306663656336353961663363623934
|
||||
36613135626565363131613062646232333038653662626361663232323061626339303666316337
|
||||
31383863656162366436356138666131383063323431646466323731373164356332363636356661
|
||||
39333235353566303130346537636364623265393939346137613638383832333434303966313931
|
||||
65633962353736633938666530393561616463343039393162393033353731663735363137303661
|
||||
36303264316137386666343566636332623762353236303364623134346361333231353130333439
|
||||
66326163323962663736656339336330386531663462653563633964373231323834333832373861
|
||||
33363039333837633430646336303939393038376663373735336232376534376237636630653932
|
||||
35373565313337663532633330663462343435666663386365366231643230333138306333383831
|
||||
35383536633565616265303434653736396439396437386439666631306134313935343863663765
|
||||
63323230396333616163356330613962313666343531656364373738376266653236623332393930
|
||||
63363162373765633535653661393261363238623931346435346236616235656365626431353466
|
||||
39353835393761333132396533613632616237313761653734396665393337346431666462623636
|
||||
65333337363637653436306638636366636563393434323631623865633036306235316263643863
|
||||
34376234363635343133333038623931653833353064633937663462646332616630393066316230
|
||||
32353765306631653163643536646464643435343935356235633835633333623930653030366335
|
||||
34346430343466633834376163663661643337326232626137323365666363653334333231653034
|
||||
63346136376538353063626564343063306634613435323133393433343665356266636366666134
|
||||
36383661343364633134663465336266633332613138393563383336626137363063663132663230
|
||||
32633763363838393936653064323136643861386431316139623862333163343730643061633534
|
||||
66653030303333366366366233646265323836313830383334653335363461386435326633663536
|
||||
34666335343438626638376563346364373362326130633066653062343737303538636339663932
|
||||
38326137363466396566386236373531353130653963313166383866323363373063653934356333
|
||||
32303533613134376164336634343531363638613563643136343135636538623437333630616431
|
||||
31373837383066366365386235316431626232356366313932373833356465656232663638393131
|
||||
61663761313531353064313739323863323836333563636566356234363339656336313638646663
|
||||
63356665393734633735323966323466393335363031643237353132376536643039626130353461
|
||||
33303236306663363034386234633632393439653433386261646139396364663964333230303534
|
||||
32356663326661653133336338393332626435366333346230326335643765656561316533643835
|
||||
65326634633438363562313366646637663031363066316534336361623061613431633064353039
|
||||
39643834366236633535346138356662323039303134363030623630626165313263613561616362
|
||||
64623461393437633238656133343432316437666238643530646338353436343936386139376438
|
||||
37626237646230656433326433353333386661373433353835343866656632616235393964306333
|
||||
36663439383836383265616634643763643963663461666165636536643062356664373565303431
|
||||
37646563376339636434376262323539633139373364613561626462393432326463646530386638
|
||||
36633730323136643364613432383935656533363064633035626333633538623534376463316138
|
||||
62633763633135373561363332363665303432646365326365636664346230393731643662616231
|
||||
63333033393133653932633133323937646131373038663266643631623831303036623566653863
|
||||
39306561393835636437346566366639396464303937643733363334383064323665636333623439
|
||||
66303934663966313935383261363037636233636262666333343131326165633134393635633563
|
||||
37656163393133646165353838663534343731323065393932396338616663633361626566666630
|
||||
32656437616632323736303230613862613433666538653439303034646238333032303731336432
|
||||
31363132373034333262636464346237353264323632393836663837313665303365376331373161
|
||||
36653337633366613764383566383762626638613365373065633133366361653632653135623530
|
||||
30333961633963366161313164313539613466353331363630313562316535313331306531383334
|
||||
37313636666364376235633035326333633436333238643164393830643361646666633036623565
|
||||
36393432356661656333363436613365346161646332386634386531363337663035633561353430
|
||||
37323531303033623938373036313738373434623032643434383565343163393438333763646131
|
||||
65373138643563666162343865636237353931623466613466623135666266613561343738613162
|
||||
65636338336164613862393031303039663131316662373138663437666230353365323931656233
|
||||
62303164353366313234613965393838316533396237363032303031336430346138353138393061
|
||||
35396236306330646135333662663066303466616535313638636161383138663933653531376333
|
||||
36366563363130363463393235363631663064356163353963383331326239666265343362306232
|
||||
34616134633766663932346339396537633561343264326537653062323561383266316539646530
|
||||
6636
|
||||
|
11
roles/caddy/defaults/main.yml
Normal file
11
roles/caddy/defaults/main.yml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
# file: roles/caddy/defaults/main.yml
|
||||
|
||||
# parent directory of vhost document roots
|
||||
caddy_root_prefix: /var/www
|
||||
|
||||
# Email address to use for the ACME account managing the site's certificates.
|
||||
# Not sure what Caddy does if this doesn't exist.
|
||||
caddy_email: foo@example.com
|
||||
|
||||
# vim: set ts=2 sw=2:
|
10
roles/caddy/handlers/main.yml
Normal file
10
roles/caddy/handlers/main.yml
Normal file
@ -0,0 +1,10 @@
|
||||
---
|
||||
# file: roles/caddy/handlers/main.yml
|
||||
|
||||
# I'm currently not sure when we need to restart versus reload
|
||||
- name: reload caddy
|
||||
ansible.builtin.systemd:
|
||||
name: caddy
|
||||
state: reloaded
|
||||
|
||||
# vim: set sw=2 ts=2:
|
83
roles/caddy/tasks/main.yml
Normal file
83
roles/caddy/tasks/main.yml
Normal file
@ -0,0 +1,83 @@
|
||||
---
|
||||
# file: roles/caddy/tasks/main.yml
|
||||
#
|
||||
# Configure Caddy.
|
||||
|
||||
- name: Check Caddy package signing key
|
||||
ansible.builtin.stat:
|
||||
path: /etc/apt/keyrings/caddy-stable-archive-keyring.key
|
||||
register: caddy_signing_key_stat
|
||||
tags:
|
||||
- packages
|
||||
- caddy
|
||||
|
||||
# See: https://caddyserver.com/docs/install#debian-ubuntu-raspbian
|
||||
- name: Download Caddy package signing key
|
||||
ansible.builtin.get_url:
|
||||
url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
|
||||
dest: /etc/apt/keyrings/caddy-stable-archive-keyring.key
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
register: download_caddy_signing_key
|
||||
when: not caddy_signing_key_stat.stat.exists
|
||||
tags:
|
||||
- packages
|
||||
- caddy
|
||||
|
||||
- name: Add Caddy stable repo
|
||||
ansible.builtin.apt_repository:
|
||||
repo: 'deb [signed-by=/etc/apt/keyrings/caddy-stable-archive-keyring.key] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main'
|
||||
filename: caddy-stable
|
||||
state: present
|
||||
register: add_caddy_apt_repository
|
||||
tags:
|
||||
- packages
|
||||
- caddy
|
||||
|
||||
- name: Update apt cache
|
||||
ansible.builtin.apt: # noqa no-handler
|
||||
update_cache: true
|
||||
when:
|
||||
(download_caddy_signing_key.status_code is defined and download_caddy_signing_key.status_code == 200) or
|
||||
add_caddy_apt_repository is changed
|
||||
tags:
|
||||
- packages
|
||||
- caddy
|
||||
|
||||
- name: Install Caddy
|
||||
ansible.builtin.apt:
|
||||
name: caddy
|
||||
state: present
|
||||
install_recommends: false
|
||||
cache_valid_time: 3600
|
||||
tags:
|
||||
- caddy
|
||||
- packages
|
||||
|
||||
- name: Create Caddyfile
|
||||
ansible.builtin.template:
|
||||
src: etc/caddy/Caddyfile.j2
|
||||
dest: /etc/caddy/Caddyfile
|
||||
mode: 0755
|
||||
owner: root
|
||||
group: root
|
||||
notify:
|
||||
- reload caddy
|
||||
tags: caddy
|
||||
|
||||
- name: Create Caddy conf.d directory
|
||||
ansible.builtin.file:
|
||||
path: /etc/caddy/conf.d
|
||||
state: directory
|
||||
mode: 0755
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
# TODO: the variable is still named nginx_vhosts
|
||||
- name: Configure Caddy virtual hosts
|
||||
ansible.builtin.include_tasks: vhosts.yml
|
||||
when: nginx_vhosts is defined
|
||||
tags: caddy
|
||||
|
||||
# vim: set sw=2 ts=2:
|
15
roles/caddy/tasks/vhosts.yml
Normal file
15
roles/caddy/tasks/vhosts.yml
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
|
||||
- name: Configure vhosts
|
||||
ansible.builtin.template:
|
||||
src: etc/caddy/conf.d/vhost.j2
|
||||
dest: /etc/caddy/conf.d/{{ item.domain_name }}
|
||||
mode: 0644
|
||||
owner: root
|
||||
group: root
|
||||
loop: "{{ nginx_vhosts }}"
|
||||
notify:
|
||||
- reload caddy
|
||||
tags: caddy
|
||||
|
||||
# vim: set ts=2 sw=2:
|
29
roles/caddy/templates/etc/caddy/Caddyfile.j2
Normal file
29
roles/caddy/templates/etc/caddy/Caddyfile.j2
Normal file
@ -0,0 +1,29 @@
|
||||
# Global options
|
||||
{
|
||||
email {{ caddy_email }}
|
||||
}
|
||||
|
||||
# Common security response headers
|
||||
(security-headers) {
|
||||
header {
|
||||
# disable Google FLoC tracking
|
||||
Permissions-Policy interest-cohort=()
|
||||
|
||||
# enable HSTS
|
||||
Strict-Transport-Security max-age=31536000
|
||||
|
||||
# disable clients from sniffing the media type
|
||||
X-Content-Type-Options nosniff
|
||||
|
||||
# clickjacking protection: refuse to allow rendering this page
|
||||
# in a frame, iframe, etc.
|
||||
X-Frame-Options DENY
|
||||
|
||||
# keep referrer data off of HTTP connections
|
||||
Referrer-Policy no-referrer-when-downgrade
|
||||
}
|
||||
}
|
||||
|
||||
# Import additional caddy config files in /etc/caddy/conf.d/
|
||||
# Note: these are imported in lexical sort order!
|
||||
import /etc/caddy/conf.d/*
|
17
roles/caddy/templates/etc/caddy/conf.d/vhost.j2
Normal file
17
roles/caddy/templates/etc/caddy/conf.d/vhost.j2
Normal file
@ -0,0 +1,17 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
{# helper variables and per-site defaults that we can't set in role defaults #}
|
||||
{% set domain_name = item.domain_name %}
|
||||
{% set domain_aliases = item.domain_aliases | default("") %}
|
||||
{# assume optional features are off unless a vhost explicitly sets them #}
|
||||
{% set has_wordpress = item.has_wordpress | default(false) %}
|
||||
{% set needs_php = item.needs_php | default(false) %}
|
||||
{% set has_gitea = item.has_gitea | default(false) %}
|
||||
|
||||
{{ domain_name }} {
|
||||
{% if has_gitea %}
|
||||
reverse_proxy :3000
|
||||
{% endif %}
|
||||
|
||||
import security-headers
|
||||
}
|
Loading…
Reference in New Issue
Block a user