Compare commits
3 Commits
bc8c030700
...
62a6a491db
Author | SHA1 | Date | |
---|---|---|---|
62a6a491db | |||
4867d6da6a | |||
d9f7c7a93b |
@ -1,6 +1,9 @@
|
|||||||
---
|
---
|
||||||
# file: group_vars/web
|
# file: group_vars/web
|
||||||
|
|
||||||
|
# run nginx by default
|
||||||
|
webserver: nginx
|
||||||
|
|
||||||
# all hosts run fail2ban with the sshd filter, but some can use other filters
|
# all hosts run fail2ban with the sshd filter, but some can use other filters
|
||||||
extra_fail2ban_filters:
|
extra_fail2ban_filters:
|
||||||
- nginx
|
- nginx
|
||||||
|
149
host_vars/web23
149
host_vars/web23
@ -1,85 +1,66 @@
|
|||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
30633037383332656130363532373262623063623730666337373430336363383964343039663832
|
61316332393939333164663961386365343936663433326263656334356337666439643666313230
|
||||||
3633313230323565376234336433383330626238373665360a393234643435376431613363313036
|
3266663864383234633263626438653466643532323532620a636337353334366365336531313862
|
||||||
32386236343262643662356563633038333434333730616332353234333363356465326133623139
|
39393864613739303933366136633032336563666338656161313838313839616433633831626237
|
||||||
3830316433303631640a613231373138336330646639376135326238383230323534316464383135
|
3132363636383034380a313566653662663635386632613164626634376563323739653662323333
|
||||||
35333631356666323161313261633134636364396232323130333666373864333165346233666232
|
61663634336137646232626365623632353663323466363130396238356337653834623336643865
|
||||||
62346362353033636464323866343334633565373265623431613866623234633133633466383735
|
64646664376330636665303034326537363132366532373631646533643963643263386366316634
|
||||||
31343439646166633237643364386638306539626562636235666535333438343664323932383865
|
30623432623333343462316239343962643263336132643634356137336664393335353530383635
|
||||||
39333533363131633930353962336238363234393161623966376365326661643431303263653164
|
36353537333933356232326666316363306639366433383164313566343739663734656337376237
|
||||||
63666436616437326137303765303730303135663434663235373363323966623166376332393661
|
61303534626331643939636432626533376131613439393138613433613936666262346535353436
|
||||||
62336336366265623035346162303730323762353961376333313662626232343366653930656338
|
36366532303164366363663738653162653238386639336230656362373163303634646230633830
|
||||||
36353134333463663034363737653133633536356166353966373563316235636132383530643339
|
33643765616534636237333133383436633330666436326332306663656336353961663363623934
|
||||||
37326661346666663139326239396466373630633363373431346635626561623665366566653731
|
36613135626565363131613062646232333038653662626361663232323061626339303666316337
|
||||||
36396138643936623632613934633965663166313364396466633263303738666164316231366662
|
31383863656162366436356138666131383063323431646466323731373164356332363636356661
|
||||||
64636362356564663330363763323139623065336162353734626539663231663734333962343665
|
39333235353566303130346537636364623265393939346137613638383832333434303966313931
|
||||||
32613563363130376665333666313733303963633161313633636337646466353064653866623265
|
65633962353736633938666530393561616463343039393162393033353731663735363137303661
|
||||||
30653762316433653631306535303463663738653731633964666466623534396663326263643437
|
36303264316137386666343566636332623762353236303364623134346361333231353130333439
|
||||||
62663366613635373832316538653066623733336631663261666564333634643161653962373932
|
66326163323962663736656339336330386531663462653563633964373231323834333832373861
|
||||||
30313065656238663063313737383432393433656439383033346634373030643166306565646230
|
33363039333837633430646336303939393038376663373735336232376534376237636630653932
|
||||||
62353930336664393733663462343062323332323030356338316133393838656536306164623435
|
35373565313337663532633330663462343435666663386365366231643230333138306333383831
|
||||||
64393634363665643862346564326138336136393235316433313538383162396563303937356335
|
35383536633565616265303434653736396439396437386439666631306134313935343863663765
|
||||||
33646334646630646233323762323335303030393331636532656132313536663465383237623536
|
63323230396333616163356330613962313666343531656364373738376266653236623332393930
|
||||||
39633364363036636434323963613633353238346134643837316232653038616138373731643033
|
63363162373765633535653661393261363238623931346435346236616235656365626431353466
|
||||||
64396563353839386334313933653664613230323430383434653964636538393838386639356361
|
39353835393761333132396533613632616237313761653734396665393337346431666462623636
|
||||||
63643565643636653434343363333966653163616236363366356539313532393133666239376530
|
65333337363637653436306638636366636563393434323631623865633036306235316263643863
|
||||||
62663930343462633864373138633364636634643361363935303263353766373936386561376638
|
34376234363635343133333038623931653833353064633937663462646332616630393066316230
|
||||||
65316138646534396435636563326165643737326533303338323665656334346264643262636437
|
32353765306631653163643536646464643435343935356235633835633333623930653030366335
|
||||||
63303530363063316461333536333433366461356533393139313435396136353439323435366266
|
34346430343466633834376163663661643337326232626137323365666363653334333231653034
|
||||||
32343566616161636466663339613434643835613831346366613866343536663530326431343139
|
63346136376538353063626564343063306634613435323133393433343665356266636366666134
|
||||||
38653165383430653064613837343738623134303766373133623131646134613663383637336264
|
36383661343364633134663465336266633332613138393563383336626137363063663132663230
|
||||||
35313966646639613262623836393933376137623535323365393837326631663930313336313737
|
32633763363838393936653064323136643861386431316139623862333163343730643061633534
|
||||||
35626139386264303162393636306136306161383565353739643166653262366164386539353266
|
66653030303333366366366233646265323836313830383334653335363461386435326633663536
|
||||||
38323266343833323063343263346365383534643835353435626335333637303237633239646330
|
34666335343438626638376563346364373362326130633066653062343737303538636339663932
|
||||||
32643235666331613364616535326230346634333363633938646633633831633364653337373235
|
38326137363466396566386236373531353130653963313166383866323363373063653934356333
|
||||||
30316161633634303562613263633962376365363038346137316164323036616664626132386461
|
32303533613134376164336634343531363638613563643136343135636538623437333630616431
|
||||||
65323764383733666634643635633834396635343835663266623839383130343563386231376537
|
31373837383066366365386235316431626232356366313932373833356465656232663638393131
|
||||||
62326338643833303538343566616461353135333863626462663830366435636564626538346361
|
61663761313531353064313739323863323836333563636566356234363339656336313638646663
|
||||||
33646661613334636239653636383436653438376235376665363235653837303037363164633931
|
63356665393734633735323966323466393335363031643237353132376536643039626130353461
|
||||||
32633733326139346261323464393734316661633239643437373235303237643932633433313564
|
33303236306663363034386234633632393439653433386261646139396364663964333230303534
|
||||||
36643739613330303362663861626637613130383965646639356532353539373437326439356362
|
32356663326661653133336338393332626435366333346230326335643765656561316533643835
|
||||||
39643137666633313262356366616561353461633033376235313965646132343233326366353264
|
65326634633438363562313366646637663031363066316534336361623061613431633064353039
|
||||||
35393561633632306265373032306636326261646235623266636662646334363233623330333734
|
39643834366236633535346138356662323039303134363030623630626165313263613561616362
|
||||||
37663266363639623036323433656166383631386633313131303030306437643761343965353063
|
64623461393437633238656133343432316437666238643530646338353436343936386139376438
|
||||||
39373435363238616566643239306136366637646437633335313431623839616264616261633339
|
37626237646230656433326433353333386661373433353835343866656632616235393964306333
|
||||||
33313364323039373531346335333963343034323637643134653566666562373137656335633932
|
36663439383836383265616634643763643963663461666165636536643062356664373565303431
|
||||||
39653862653465626432663534663965653933623430616561363430666235363666613833656463
|
37646563376339636434376262323539633139373364613561626462393432326463646530386638
|
||||||
65326430383137663034623233393339623135356535666161366564383564336132363038646663
|
36633730323136643364613432383935656533363064633035626333633538623534376463316138
|
||||||
61353465393265613337643338326436333237336339326262356362643932623163616638643835
|
62633763633135373561363332363665303432646365326365636664346230393731643662616231
|
||||||
31323739646335383532396665326535373161666661306538653365346465366434346463663438
|
63333033393133653932633133323937646131373038663266643631623831303036623566653863
|
||||||
64323766353933633736313266386564656436666534326534663531613936633830386238303861
|
39306561393835636437346566366639396464303937643733363334383064323665636333623439
|
||||||
37363231656365383531613764386662356334313330333236363734646431383166636132383338
|
66303934663966313935383261363037636233636262666333343131326165633134393635633563
|
||||||
35343138353232663135366438386366626239326632333937666530626364313463613831313162
|
37656163393133646165353838663534343731323065393932396338616663633361626566666630
|
||||||
30363933623561396137616130656535393138346339663266353764653931316639636562666164
|
32656437616632323736303230613862613433666538653439303034646238333032303731336432
|
||||||
61333938363466623031653766313139306439396435663665386665663663306134666563373238
|
31363132373034333262636464346237353264323632393836663837313665303365376331373161
|
||||||
36316261363063666335363462353066313735386139313465623338366266383434643464643162
|
36653337633366613764383566383762626638613365373065633133366361653632653135623530
|
||||||
34383836636336316232343132363464383565366162313563393864376433386236376565623631
|
30333961633963366161313164313539613466353331363630313562316535313331306531383334
|
||||||
64656164646635666139396539353763333065323266663262643233306261656532613362346432
|
37313636666364376235633035326333633436333238643164393830643361646666633036623565
|
||||||
33373631613137336366666266633331303966653138393539326335653463303033613565663638
|
36393432356661656333363436613365346161646332386634386531363337663035633561353430
|
||||||
30663465643832643637643836323462633163643534663465336664313265353966306261613339
|
37323531303033623938373036313738373434623032643434383565343163393438333763646131
|
||||||
32616139353263663033373835653632386262396164343731613836336435616131356632653830
|
65373138643563666162343865636237353931623466613466623135666266613561343738613162
|
||||||
61613461333632666366653330626537396232323733663930633966663239356130306666376137
|
65636338336164613862393031303039663131316662373138663437666230353365323931656233
|
||||||
62636333373635356461633431346636643731656338306366396430323537626233316137656465
|
62303164353366313234613965393838316533396237363032303031336430346138353138393061
|
||||||
65643339346565376166373066643339356666663735313063303130313663393966623866613337
|
35396236306330646135333662663066303466616535313638636161383138663933653531376333
|
||||||
31386663363166336337633266646363666236623837303634643337316636353531653765323637
|
36366563363130363463393235363631663064356163353963383331326239666265343362306232
|
||||||
62313330326363303932633336383337353062643865383730613435353832663364643262626162
|
34616134633766663932346339396537633561343264326537653062323561383266316539646530
|
||||||
63303439383164333037306231613538313639626537323039366561363233303735323032653432
|
6636
|
||||||
35643432336666616665386238353034333037353630323234316266373936356439353632336365
|
|
||||||
37646462666537306534623937393939326663316532623837326564303330373261323630353863
|
|
||||||
38343438316539336464376664326362353831396132393566396333613164646462636361646234
|
|
||||||
35313837666463376233623762663239613134356632333730343363346238613334383861306635
|
|
||||||
31623665666461643661383265633965386566656165663566376235343338636336336330336661
|
|
||||||
64653032656365363835616634656663623365323766396537303361336533313132316631316533
|
|
||||||
31353036663766643131386135653366313535366232636538346237613461383761393666336432
|
|
||||||
31623364653166356565376463363437386533303062373930393761646163613962636462643865
|
|
||||||
33376561323366363936386531663637343465626666623133396162306139366665616132326161
|
|
||||||
63663535636465383836333061396239313463343635633135323464646135393031386361633539
|
|
||||||
64396534396361323466326364326266386336643831643536383866313033366534636135613736
|
|
||||||
34316661313335383239316536623862316637396465616563386361636261313330313466656239
|
|
||||||
37626431613464363965343233666534323736363865373734633535343632393335346265643361
|
|
||||||
65326436393631353264613761343237386561306261353261356364386137393362306566353032
|
|
||||||
31313363613963323136303262323934333961343563626533666563636432653436393937303037
|
|
||||||
37336566663932663062633534303632646162316262323935366661313938393735666561343237
|
|
||||||
31616366363339353231643561373362613266343266623464323238356261303762316334333266
|
|
||||||
39303633316164376330343864336636313333363862323835303735383866363334643933653337
|
|
||||||
35373030353264323761
|
|
||||||
|
11
roles/caddy/defaults/main.yml
Normal file
11
roles/caddy/defaults/main.yml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
# file: roles/caddy/defaults/main.yml
|
||||||
|
|
||||||
|
# parent directory of vhost document roots
|
||||||
|
caddy_root_prefix: /var/www
|
||||||
|
|
||||||
|
# Email address to use for the ACME account managing the site's certificates.
|
||||||
|
# Not sure what Caddy does if this doesn't exist.
|
||||||
|
caddy_email: foo@example.com
|
||||||
|
|
||||||
|
# vim: set ts=2 sw=2:
|
10
roles/caddy/handlers/main.yml
Normal file
10
roles/caddy/handlers/main.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
# file: roles/caddy/handlers/main.yml
|
||||||
|
|
||||||
|
# I'm currently not sure when we need to restart versus reload
|
||||||
|
- name: reload caddy
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: caddy
|
||||||
|
state: reloaded
|
||||||
|
|
||||||
|
# vim: set sw=2 ts=2:
|
83
roles/caddy/tasks/main.yml
Normal file
83
roles/caddy/tasks/main.yml
Normal file
@ -0,0 +1,83 @@
|
|||||||
|
---
|
||||||
|
# file: roles/caddy/tasks/main.yml
|
||||||
|
#
|
||||||
|
# Configure Caddy.
|
||||||
|
|
||||||
|
- name: Check Caddy package signing key
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: /etc/apt/keyrings/caddy-stable-archive-keyring.key
|
||||||
|
register: caddy_signing_key_stat
|
||||||
|
tags:
|
||||||
|
- packages
|
||||||
|
- caddy
|
||||||
|
|
||||||
|
# See: https://caddyserver.com/docs/install#debian-ubuntu-raspbian
|
||||||
|
- name: Download Caddy package signing key
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
|
||||||
|
dest: /etc/apt/keyrings/caddy-stable-archive-keyring.key
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
register: download_caddy_signing_key
|
||||||
|
when: not caddy_signing_key_stat.stat.exists
|
||||||
|
tags:
|
||||||
|
- packages
|
||||||
|
- caddy
|
||||||
|
|
||||||
|
- name: Add Caddy stable repo
|
||||||
|
ansible.builtin.apt_repository:
|
||||||
|
repo: 'deb [signed-by=/etc/apt/keyrings/caddy-stable-archive-keyring.key] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main'
|
||||||
|
filename: caddy-stable
|
||||||
|
state: present
|
||||||
|
register: add_caddy_apt_repository
|
||||||
|
tags:
|
||||||
|
- packages
|
||||||
|
- caddy
|
||||||
|
|
||||||
|
- name: Update apt cache
|
||||||
|
ansible.builtin.apt: # noqa no-handler
|
||||||
|
update_cache: true
|
||||||
|
when:
|
||||||
|
(download_caddy_signing_key.status_code is defined and download_caddy_signing_key.status_code == 200) or
|
||||||
|
add_caddy_apt_repository is changed
|
||||||
|
tags:
|
||||||
|
- packages
|
||||||
|
- caddy
|
||||||
|
|
||||||
|
- name: Install Caddy
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: caddy
|
||||||
|
state: present
|
||||||
|
install_recommends: false
|
||||||
|
cache_valid_time: 3600
|
||||||
|
tags:
|
||||||
|
- caddy
|
||||||
|
- packages
|
||||||
|
|
||||||
|
- name: Create Caddyfile
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: etc/caddy/Caddyfile.j2
|
||||||
|
dest: /etc/caddy/Caddyfile
|
||||||
|
mode: 0755
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
notify:
|
||||||
|
- reload caddy
|
||||||
|
tags: caddy
|
||||||
|
|
||||||
|
- name: Create Caddy conf.d directory
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/caddy/conf.d
|
||||||
|
state: directory
|
||||||
|
mode: 0755
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
|
||||||
|
# TODO: the variable is still named nginx_vhosts
|
||||||
|
- name: Configure Caddy virtual hosts
|
||||||
|
ansible.builtin.include_tasks: vhosts.yml
|
||||||
|
when: nginx_vhosts is defined
|
||||||
|
tags: caddy
|
||||||
|
|
||||||
|
# vim: set sw=2 ts=2:
|
15
roles/caddy/tasks/vhosts.yml
Normal file
15
roles/caddy/tasks/vhosts.yml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Configure vhosts
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: etc/caddy/conf.d/vhost.j2
|
||||||
|
dest: /etc/caddy/conf.d/{{ item.domain_name }}
|
||||||
|
mode: 0644
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
loop: "{{ nginx_vhosts }}"
|
||||||
|
notify:
|
||||||
|
- reload caddy
|
||||||
|
tags: caddy
|
||||||
|
|
||||||
|
# vim: set ts=2 sw=2:
|
29
roles/caddy/templates/etc/caddy/Caddyfile.j2
Normal file
29
roles/caddy/templates/etc/caddy/Caddyfile.j2
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
# Global options
|
||||||
|
{
|
||||||
|
email {{ caddy_email }}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Common security response headers
|
||||||
|
(security-headers) {
|
||||||
|
header {
|
||||||
|
# disable Google FLoC tracking
|
||||||
|
Permissions-Policy interest-cohort=()
|
||||||
|
|
||||||
|
# enable HSTS
|
||||||
|
Strict-Transport-Security max-age=31536000
|
||||||
|
|
||||||
|
# disable clients from sniffing the media type
|
||||||
|
X-Content-Type-Options nosniff
|
||||||
|
|
||||||
|
# clickjacking protection: refuse to allow rendering this page
|
||||||
|
# in a frame, iframe, etc.
|
||||||
|
X-Frame-Options DENY
|
||||||
|
|
||||||
|
# keep referrer data off of HTTP connections
|
||||||
|
Referrer-Policy no-referrer-when-downgrade
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Import additional caddy config files in /etc/caddy/conf.d/
|
||||||
|
# Note: these are imported in lexical sort order!
|
||||||
|
import /etc/caddy/conf.d/*
|
17
roles/caddy/templates/etc/caddy/conf.d/vhost.j2
Normal file
17
roles/caddy/templates/etc/caddy/conf.d/vhost.j2
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
{# helper variables and per-site defaults that we can't set in role defaults #}
|
||||||
|
{% set domain_name = item.domain_name %}
|
||||||
|
{% set domain_aliases = item.domain_aliases | default("") %}
|
||||||
|
{# assume optional features are off unless a vhost explicitly sets them #}
|
||||||
|
{% set has_wordpress = item.has_wordpress | default(false) %}
|
||||||
|
{% set needs_php = item.needs_php | default(false) %}
|
||||||
|
{% set has_gitea = item.has_gitea | default(false) %}
|
||||||
|
|
||||||
|
{{ domain_name }} {
|
||||||
|
{% if has_gitea %}
|
||||||
|
reverse_proxy :3000
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
import security-headers
|
||||||
|
}
|
3
web.yml
3
web.yml
@ -7,7 +7,8 @@
|
|||||||
roles:
|
roles:
|
||||||
- common
|
- common
|
||||||
- { role: mariadb, when: mariadb_databases is defined}
|
- { role: mariadb, when: mariadb_databases is defined}
|
||||||
- nginx
|
- { role: nginx, when: webserver is defined and webserver == 'nginx' }
|
||||||
|
- { role: caddy, when: webserver is defined and webserver == 'caddy' }
|
||||||
- php-fpm
|
- php-fpm
|
||||||
- munin
|
- munin
|
||||||
vars_files:
|
vars_files:
|
||||||
|
Loading…
Reference in New Issue
Block a user