Compare commits
2 Commits
64a2990c53
...
9ac6be27c5
Author | SHA1 | Date | |
---|---|---|---|
9ac6be27c5 | |||
f9d62cc8a7 |
4
deploy-backup-notifications.yml
Normal file
4
deploy-backup-notifications.yml
Normal file
@ -0,0 +1,4 @@
|
||||
- name: backup-notifications setup
|
||||
hosts: backup-notifications
|
||||
roles:
|
||||
- backup-notifications
|
4
deploy-borg.yml
Normal file
4
deploy-borg.yml
Normal file
@ -0,0 +1,4 @@
|
||||
- name: borg setup
|
||||
hosts: borg
|
||||
roles:
|
||||
- borg
|
4
deploy-ntfy.yml
Normal file
4
deploy-ntfy.yml
Normal file
@ -0,0 +1,4 @@
|
||||
- name: ntfy setup
|
||||
hosts: ntfy
|
||||
roles:
|
||||
- ntfy
|
4
deploy-rainrainrain.yml
Normal file
4
deploy-rainrainrain.yml
Normal file
@ -0,0 +1,4 @@
|
||||
- name: rainrainrain setup
|
||||
hosts: rainrainrain
|
||||
roles:
|
||||
- rainrainrain
|
23
group_vars/borg.yml
Normal file
23
group_vars/borg.yml
Normal file
@ -0,0 +1,23 @@
|
||||
borg_password: "{{ lookup('env', 'BORG_ENCRYPTION_PASSWORD') }}"
|
||||
borg_repo: "{{ lookup('env', 'BORG_REPO') }}"
|
||||
borg_secret_key: "{{ lookup('env', 'BORG_SECRET_KEY') }}"
|
||||
borg_my_user: "root"
|
||||
borg_my_group: "root"
|
||||
borg_ssh_key: "/root/borg_ssh_key"
|
||||
|
||||
backup_topic: "{{ lookup('env', 'BORG_BACKUP_TOPIC') }}"
|
||||
|
||||
base_files:
|
||||
- /home
|
||||
- /root
|
||||
- /var
|
||||
- /etc
|
||||
- /boot
|
||||
- /opt
|
||||
|
||||
extra_files:
|
||||
europa:
|
||||
- /mnt/ssd-01/owncloud
|
||||
- /mnt/ssd-01/borg/sync.sh
|
||||
- /mnt/ssd-01/borg/.config
|
||||
- /mnt/ssd-01/borg/.ssh
|
17
inventory
17
inventory
@ -1,3 +1,11 @@
|
||||
[borg]
|
||||
nijika ansible_user=root ansible_connection=ssh
|
||||
ryo ansible_user=root ansible_connection=ssh
|
||||
levi ansible_user=root ansible_connection=ssh
|
||||
mail.simponic.xyz ansible_user=root ansible_connection=ssh
|
||||
europa ansible_user=root ansible_connection=ssh
|
||||
johan ansible_user=root ansible_connection=ssh
|
||||
|
||||
[prod]
|
||||
nijika ansible_user=root ansible_connection=ssh
|
||||
ryo ansible_user=root ansible_connection=ssh
|
||||
@ -66,3 +74,12 @@ europa ansible_user=root ansible_connection=ssh
|
||||
|
||||
[hatecomputers]
|
||||
levi ansible_user=root ansible_connection=ssh
|
||||
|
||||
[ntfy]
|
||||
johan ansible_user=root ansible_connection=ssh
|
||||
|
||||
[backup-notifications]
|
||||
johan ansible_user=root ansible_connection=ssh
|
||||
|
||||
[rainrainrain]
|
||||
levi ansible_user=root ansible_connection=ssh
|
||||
|
22
roles/backup-notifications/tasks/main.yml
Normal file
22
roles/backup-notifications/tasks/main.yml
Normal file
@ -0,0 +1,22 @@
|
||||
---
|
||||
- name: ensure backup-notifications docker/compose exist
|
||||
file:
|
||||
path: /etc/docker/compose/backup-notifications
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0700
|
||||
|
||||
- name: build backup-notifications docker-compose.yml.j2
|
||||
template:
|
||||
src: ../templates/docker-compose.yml.j2
|
||||
dest: /etc/docker/compose/backup-notifications/docker-compose.yml
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=r
|
||||
|
||||
- name: daemon-reload and enable backup-notifications
|
||||
ansible.builtin.systemd_service:
|
||||
state: restarted
|
||||
enabled: true
|
||||
name: docker-compose@backup-notifications
|
14
roles/backup-notifications/templates/docker-compose.yml.j2
Normal file
14
roles/backup-notifications/templates/docker-compose.yml.j2
Normal file
@ -0,0 +1,14 @@
|
||||
version: "3"
|
||||
|
||||
services:
|
||||
backup-notify:
|
||||
image: git.simponic.xyz/simponic/backup-notify:latest
|
||||
healthcheck:
|
||||
test: ["CMD", "wget", "--spider", "http://localhost:8080/health"]
|
||||
interval: 5s
|
||||
timeout: 10s
|
||||
retries: 5
|
||||
ports:
|
||||
- "127.0.0.1:31152:8080"
|
||||
volumes:
|
||||
- ./db:/app/db
|
28
roles/borg/tasks/main.yml
Normal file
28
roles/borg/tasks/main.yml
Normal file
@ -0,0 +1,28 @@
|
||||
- name: copy key
|
||||
template:
|
||||
src: ../templates/borg_ssh_key.j2
|
||||
dest: /root/borg_ssh_key
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0600
|
||||
|
||||
- name: push borg
|
||||
import_role:
|
||||
name: borgbase.ansible_role_borgbackup
|
||||
vars:
|
||||
borg_encryption_passphrase: "{{ borg_password }}"
|
||||
borg_repository: "{{ borg_repo }}"
|
||||
borg_user: "{{ borg_my_user }}"
|
||||
borg_group: "{{ borg_my_group }}"
|
||||
borgmatic_timer: cron
|
||||
borg_ssh_command: "ssh -o StrictHostKeyChecking=no -i {{ borg_ssh_key }}"
|
||||
borg_source_directories:
|
||||
"{{ base_files + (extra_files[inventory_hostname] | default([])) }}"
|
||||
borg_retention_policy:
|
||||
keep_hourly: 3
|
||||
keep_daily: 7
|
||||
keep_weekly: 4
|
||||
keep_monthly: 6
|
||||
borgmatic_hooks:
|
||||
after_backup:
|
||||
- "curl -d '{{ inventory_hostname }}' {{ backup_topic }}"
|
1
roles/borg/templates/borg_ssh_key.j2
Normal file
1
roles/borg/templates/borg_ssh_key.j2
Normal file
@ -0,0 +1 @@
|
||||
{{ borg_secret_key | b64decode }}
|
@ -15,9 +15,11 @@
|
||||
- curl
|
||||
- gnupg-agent
|
||||
- software-properties-common
|
||||
- sudo
|
||||
- systemd-timesyncd
|
||||
state: latest
|
||||
update_cache: yes
|
||||
upgrade: yes
|
||||
|
||||
- name: enable systemd-timesyncd
|
||||
ansible.builtin.systemd_service:
|
||||
|
@ -12,5 +12,4 @@ rainrainra.in. IN NS {{ dns_primary_hostname }}.simponic.xyz.
|
||||
rainrainra.in. IN NS {{ dns_replica_hostname }}.simponic.xyz.
|
||||
|
||||
; Other A records
|
||||
@ IN A 129.123.76.14
|
||||
www IN A 129.123.76.14
|
||||
@ IN A 23.95.214.176
|
||||
|
@ -29,6 +29,7 @@ chesshbot.simponic.xyz. 1 IN A 129.123.76.14
|
||||
;; CNAME Records
|
||||
secure.tunnel.simponic.xyz. 1 IN CNAME simponic.xyz.
|
||||
tunnel.simponic.xyz. 1 IN CNAME simponic.xyz.
|
||||
party.simponic.xyz. 1 IN CNAME simponic.xyz.
|
||||
static.simponic.xyz. 1 IN CNAME simponic.xyz.
|
||||
www.simponic.xyz. 1 IN CNAME simponic.xyz.
|
||||
s1._domainkey.simponic.xyz. 1 IN CNAME s1.domainkey.u25709709.wl210.sendgrid.net.
|
||||
@ -37,6 +38,8 @@ headscale.simponic.xyz. 1 IN CNAME nijika.simponic.xyz.
|
||||
authelia.simponic.xyz. 1 IN CNAME nijika.simponic.xyz.
|
||||
git.simponic.xyz. 1 IN CNAME nijika.simponic.xyz.
|
||||
|
||||
lab.simponic.xyz. 1 IN CNAME simponic.tplinkdns.com.
|
||||
|
||||
;; MX Records
|
||||
simponic.xyz. 1 IN MX 10 mail.simponic.xyz.
|
||||
|
||||
|
22
roles/ntfy/tasks/main.yml
Normal file
22
roles/ntfy/tasks/main.yml
Normal file
@ -0,0 +1,22 @@
|
||||
---
|
||||
- name: ensure ntfy docker/compose exist
|
||||
file:
|
||||
path: /etc/docker/compose/ntfy
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0700
|
||||
|
||||
- name: build ntfy docker-compose.yml.j2
|
||||
template:
|
||||
src: ../templates/docker-compose.yml.j2
|
||||
dest: /etc/docker/compose/ntfy/docker-compose.yml
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=r
|
||||
|
||||
- name: daemon-reload and enable ntfy
|
||||
ansible.builtin.systemd_service:
|
||||
state: restarted
|
||||
enabled: true
|
||||
name: docker-compose@ntfy
|
15
roles/ntfy/templates/docker-compose.yml.j2
Normal file
15
roles/ntfy/templates/docker-compose.yml.j2
Normal file
@ -0,0 +1,15 @@
|
||||
version: "2.1"
|
||||
services:
|
||||
ntfy:
|
||||
image: binwiederhier/ntfy
|
||||
container_name: ntfy
|
||||
command:
|
||||
- serve
|
||||
environment:
|
||||
- TZ=UTC
|
||||
volumes:
|
||||
- ./cache:/var/cache/ntfy
|
||||
- ./conf:/etc/ntfy
|
||||
ports:
|
||||
- 127.0.0.1:22311:80
|
||||
restart: unless-stopped
|
@ -0,0 +1,13 @@
|
||||
server {
|
||||
listen 80;
|
||||
server_name backups.internal.simponic.xyz;
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
root /var/www/letsencrypt;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location / {
|
||||
rewrite ^ https://backups.internal.simponic.xyz$request_uri? permanent;
|
||||
}
|
||||
}
|
@ -0,0 +1,13 @@
|
||||
server {
|
||||
listen 80;
|
||||
server_name ntfy.internal.simponic.xyz;
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
root /var/www/letsencrypt;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location / {
|
||||
rewrite ^ https://ntfy.internal.simponic.xyz$request_uri? permanent;
|
||||
}
|
||||
}
|
@ -0,0 +1,32 @@
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name backups.internal.simponic.xyz;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/backups.internal.simponic.xyz/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/backups.internal.simponic.xyz/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/backups.internal.simponic.xyz/fullchain.pem;
|
||||
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_timeout 5m;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
|
||||
|
||||
ssl_dhparam /etc/nginx/dhparams.pem;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:31152;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host $server_name;
|
||||
proxy_buffering off;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
||||
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
|
||||
}
|
||||
}
|
@ -0,0 +1,32 @@
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name ntfy.internal.simponic.xyz;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/ntfy.internal.simponic.xyz/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/ntfy.internal.simponic.xyz/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/ntfy.internal.simponic.xyz/fullchain.pem;
|
||||
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_timeout 5m;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
|
||||
|
||||
ssl_dhparam /etc/nginx/dhparams.pem;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:22311;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host $server_name;
|
||||
proxy_buffering off;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
||||
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
|
||||
}
|
||||
}
|
@ -13,6 +13,13 @@
|
||||
proto: tcp
|
||||
from: 100.64.0.0/10
|
||||
|
||||
- name: allow https from docker and other internal stuffs
|
||||
ufw:
|
||||
rule: allow
|
||||
port: '443'
|
||||
proto: tcp
|
||||
from: 172.16.0.0/12
|
||||
|
||||
- name: restart ufw
|
||||
service: name=ufw state=restarted enabled=yes
|
||||
|
||||
|
9
roles/rainrainrain/tasks/main.yml
Normal file
9
roles/rainrainrain/tasks/main.yml
Normal file
@ -0,0 +1,9 @@
|
||||
---
|
||||
|
||||
- name: clone static repo
|
||||
git:
|
||||
repo: https://git.simponic.xyz/simponic/rainrainra.in.git
|
||||
dest: /var/www/html/rainrainra.in
|
||||
recursive: yes
|
||||
clone: yes
|
||||
update: yes
|
@ -17,7 +17,7 @@ services:
|
||||
- VPN_SERVICE_PROVIDER=mullvad
|
||||
- VPN_TYPE=openvpn
|
||||
- OPENVPN_USER={{ openvpn_user }}
|
||||
- SERVER_CITIES=Salt Lake City UT
|
||||
- SERVER_CITIES=Seattle WA
|
||||
|
||||
qbittorrent:
|
||||
image: hotio/qbittorrent:latest
|
||||
|
@ -2,8 +2,8 @@
|
||||
|
||||
- name: clone static repo
|
||||
git:
|
||||
repo: https://git.simponic.xyz/simponic/static.simponic.xyz.git
|
||||
dest: /var/www/html/static.simponic.xyz
|
||||
repo: https://git.simponic.xyz/simponic/simponic.xyz.git
|
||||
dest: /var/www/html/simponic.xyz
|
||||
recursive: yes
|
||||
clone: yes
|
||||
update: yes
|
||||
|
@ -8,7 +8,7 @@ services:
|
||||
volumes:
|
||||
- ./data/:/data/
|
||||
ports:
|
||||
- 8652:80
|
||||
- 127.0.0.1:8652:80
|
||||
environment:
|
||||
- DOMAIN=https://vaultwarden.internal.simponic.xyz
|
||||
- LOGIN_RATELIMIT_MAX_BURST=10
|
||||
@ -33,4 +33,4 @@ services:
|
||||
- SMTP_PORT=587
|
||||
- SMTP_USERNAME=info@simponic.xyz
|
||||
- SMTP_PASSWORD={{ email_password }}
|
||||
- SMTP_AUTH_MECHANISM="Plain"
|
||||
- SMTP_AUTH_MECHANISM="Plain"
|
||||
|
@ -23,18 +23,18 @@
|
||||
},
|
||||
{
|
||||
"action": "accept",
|
||||
"src": ["group:sys", "10.128.0.0/9:*"],
|
||||
"src": ["group:sys"],
|
||||
"dst": ["group:sys:*", "10.128.0.0/9:*"]
|
||||
},
|
||||
{
|
||||
"action": "accept",
|
||||
"src": ["group:admin", "10.128.0.0/9:*"],
|
||||
"dst": ["10.0.0.0/24:*", "10.128.0.0/9:*"]
|
||||
"src": ["group:admin"],
|
||||
"dst": ["group:admin:*", "10.128.0.0/9:*"]
|
||||
},
|
||||
{
|
||||
"action": "accept",
|
||||
"src": ["group:roomates"],
|
||||
"dst": ["10.0.0.0/24:*"]
|
||||
"dst": ["10.137.128.0/17:*"]
|
||||
},
|
||||
{
|
||||
"action": "accept",
|
||||
|
@ -0,0 +1,13 @@
|
||||
server {
|
||||
listen 80;
|
||||
server_name ntfy.simponic.hatecomputers.club;
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
root /var/www/letsencrypt;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location / {
|
||||
rewrite ^ https://ntfy.simponic.hatecomputers.club$request_uri? permanent;
|
||||
}
|
||||
}
|
13
roles/webservers/files/levi/http.party.simponic.xyz.conf
Normal file
13
roles/webservers/files/levi/http.party.simponic.xyz.conf
Normal file
@ -0,0 +1,13 @@
|
||||
server {
|
||||
listen 80;
|
||||
server_name party.simponic.xyz;
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
root /var/www/letsencrypt;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location / {
|
||||
rewrite ^ https://party.simponic.xyz$request_uri? permanent;
|
||||
}
|
||||
}
|
13
roles/webservers/files/levi/http.rainrainra.in.conf
Normal file
13
roles/webservers/files/levi/http.rainrainra.in.conf
Normal file
@ -0,0 +1,13 @@
|
||||
server {
|
||||
listen 80;
|
||||
server_name rainrainra.in;
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
root /var/www/letsencrypt;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location / {
|
||||
rewrite ^ https://rainrainra.in$request_uri? permanent;
|
||||
}
|
||||
}
|
@ -0,0 +1,34 @@
|
||||
server {
|
||||
listen 443 ssl;
|
||||
|
||||
allow 10.0.0.0/8;
|
||||
allow 100.64.0.0/12;
|
||||
deny all;
|
||||
|
||||
server_name ntfy.simponic.hatecomputers.club;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/ntfy.simponic.hatecomputers.club/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/ntfy.simponic.hatecomputers.club/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/ntfy.simponic.hatecomputers.club/fullchain.pem;
|
||||
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_timeout 5m;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
|
||||
|
||||
ssl_dhparam /etc/nginx/dhparams.pem;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
location / {
|
||||
proxy_pass https://ntfy.internal.simponic.xyz;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
|
||||
}
|
||||
}
|
25
roles/webservers/files/levi/https.party.simponic.xyz.conf
Normal file
25
roles/webservers/files/levi/https.party.simponic.xyz.conf
Normal file
@ -0,0 +1,25 @@
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name party.simponic.xyz;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/party.simponic.xyz/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/party.simponic.xyz/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/party.simponic.xyz/fullchain.pem;
|
||||
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_timeout 5m;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
|
||||
|
||||
ssl_dhparam /etc/nginx/dhparams.pem;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
root /var/www/html/party.simponic.xyz;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ $uri.html =404;
|
||||
}
|
||||
}
|
25
roles/webservers/files/levi/https.rainrainra.in.conf
Normal file
25
roles/webservers/files/levi/https.rainrainra.in.conf
Normal file
@ -0,0 +1,25 @@
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name rainrainra.in;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/rainrainra.in/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/rainrainra.in/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/rainrainra.in/fullchain.pem;
|
||||
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_timeout 5m;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
|
||||
|
||||
ssl_dhparam /etc/nginx/dhparams.pem;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
root /var/www/html/rainrainra.in;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ $uri.html =404;
|
||||
}
|
||||
}
|
@ -17,7 +17,7 @@ server {
|
||||
ssl_dhparam /etc/nginx/dhparams.pem;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
root /var/www/html/static.simponic.xyz;
|
||||
root /var/www/html/simponic.xyz;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ $uri.html =404;
|
||||
|
@ -17,7 +17,7 @@ server {
|
||||
ssl_dhparam /etc/nginx/dhparams.pem;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
root /var/www/html/static.simponic.xyz;
|
||||
root /var/www/html/simponic.xyz;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ $uri.html =404;
|
||||
|
@ -17,7 +17,7 @@ server {
|
||||
ssl_dhparam /etc/nginx/dhparams.pem;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
root /var/www/html/static.simponic.xyz;
|
||||
root /var/www/html/simponic.xyz;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ $uri.html =404;
|
||||
|
@ -62,7 +62,7 @@
|
||||
loop: "{{ nginx_conf_files.files }}"
|
||||
register: extracted_domains
|
||||
|
||||
# simponic.xyz
|
||||
# simponic.xyz & others
|
||||
- name: request simponic letsencrypt certificates
|
||||
shell: >
|
||||
letsencrypt certonly -n --webroot -w /var/www/letsencrypt -m {{ letsencrypt_email }} \
|
||||
@ -70,7 +70,7 @@
|
||||
args:
|
||||
creates: "/etc/letsencrypt/live/{{ item.stdout }}"
|
||||
loop: "{{ extracted_domains.results }}"
|
||||
when: '"simponic.xyz" in item.stdout'
|
||||
when: 'not "hatecomputers.club" in item.stdout'
|
||||
|
||||
# hatecomputers.club
|
||||
- name: build plugin template
|
||||
|
Loading…
Reference in New Issue
Block a user