This commit is contained in:
Mark Janssen 2024-07-18 20:55:48 +02:00
parent c783601fa9
commit 792f2749b6
21 changed files with 160 additions and 58 deletions

View file

@ -1,8 +1,8 @@
---
- hosts: bank
roles:
- common
- bank
vars:
bank_revbank_git: https://github.com/bitlair/revbank.git
roles:
- { role: "common", tags: [ "common" ] }
- { role: "bank", tags: [ "bank" ] }

View file

@ -4,6 +4,6 @@
vars:
raspi_rotate_display: "2"
roles:
- raspi
- common
- bank-terminal
- { role: "raspi", tags: [ "raspi" ] }
- { role: "common", tags: [ "common" ] }
- { role: "bank-terminal", tags: [ "bank-terminal" ] }

View file

@ -31,6 +31,7 @@
- hosts: monitoring
roles:
- { role: "acme", tags: [ "acme" ] }
- { role: "nginx", tags: [ "nginx" ] }
- { role: "monitoring", tags: [ "monitoring" ] }
- hosts: mqtt
@ -55,4 +56,5 @@
- hosts: wiki
roles:
- { role: "acme", tags: [ "acme" ] }
- { role: "nginx", tags: [ "nginx" ] }
- { role: "www", tags: [ "www" ] }

21
group_vars/wiki.yaml Normal file
View file

@ -0,0 +1,21 @@
acme_bootstrap_certs: yes
acme_san_domains:
- [ bitlair.nl, wiki.bitlair.nl, www.bitlair.nl ]
- [ bitair.nl ]
- [ ravespace.nl ]
nginx_sites:
- server_name: "bitlair.nl"
server_alias: "wiki.bitlair.nl www.bitlair.nl cyber.bitlair.nl"
snippets:
- "mqtt2web-nginx.j2"
- "spaceapi-nginx.j2"
- "www-nginx.j2"
- server_name: "bitair.nl"
server_alias: "www.bitair.nl"
snippets:
- "bitair-nginx.j2"
- server_name: "ravespace.nl"
server_alias: "www.ravespace.nl"
snippets:
- "ravespace-nginx.j2"

View file

@ -1,5 +0,0 @@
acme_bootstrap_certs: yes
acme_san_domains:
- [ bitlair.nl, wiki.bitlair.nl, www.bitlair.nl ]
- [ bitair.nl ]
- [ ravespace.nl ]

View file

@ -2,5 +2,5 @@
- hosts: mqtt
roles:
- common
- mqtt-internal
- { role: "common", tags: [ "common" ] }
- { role: "mqtt-internal", tags: [ "mqtt", "mqtt-internal" ] }

View file

@ -2,7 +2,8 @@
- hosts: music
roles:
- common
- acme
- go
- music
- { role: "common", tags: [ "common" ] }
- { role: "acme", tags: [ "acme" ] }
- { role: "go", tags: [ "go" ] }
# - { role: "nginx", tags: [ "nginx" ] }
- { role: "music", tags: [ "music" ] }

View file

@ -5,6 +5,7 @@
acme_san_domains:
- [ pad.bitlair.nl ]
roles:
- common
- acme
- etherpad
- { role: "common", tags: [ "common" ] }
- { role: "acme", tags: [ "acme" ] }
# - { role: "nginx", tags: [ "nginx" ] }
- { role: "etherpad", tags: [ "etherpad" ] }

View file

@ -1,9 +1,6 @@
---
- tags: etherpad
block:
- ansible.builtin.import_tasks:
file: ../../../snippets/common-nginx.yaml
- name: Install dependencies
ansible.builtin.apt:
name: [ gpg, postgresql, python3-psycopg2, apt-transport-https ]

View file

@ -1,6 +1,4 @@
---
- ansible.builtin.import_tasks:
file: ../../../snippets/common-nginx.yaml
- name: Install dependencies
ansible.builtin.apt:

View file

@ -2,9 +2,6 @@
- name: monitoring
tags: monitoring
block:
- ansible.builtin.import_tasks:
file: ../../../snippets/common-nginx.yaml
- name: Install nginx site
ansible.builtin.template:
src: nginx-site.conf

View file

@ -17,8 +17,6 @@
- tags: music
block:
- ansible.builtin.import_tasks:
file: ../../../snippets/common-nginx.yaml
- name: Install nginx config
ansible.builtin.template:

View file

@ -4,9 +4,6 @@
name: php-fpm
state: present
- ansible.builtin.import_tasks:
file: ../../../snippets/common-nginx.yaml
- name: Install security.txt
ansible.builtin.template:
src: security.txt

2
snippets/bitair-nginx.j2 Normal file
View file

@ -0,0 +1,2 @@
root /opt/bitair.nl/;
index index.html;

View file

@ -1,18 +0,0 @@
---
- name: Install nginx
apt:
name: nginx
state: present
- name: Disable nginx server_tokens
lineinfile:
path: /etc/nginx/nginx.conf
line: "\tserver_tokens off;"
regexp: "server_tokens"
notify: reload nginx
- name: Clear default nginx site
file:
state: absent
path: /etc/nginx/sites-enabled/default
notify: reload nginx

View file

@ -0,0 +1,11 @@
# mqtt2web nginx config snippet
location /mqtt/ {
proxy_pass http://localhost:8080/mqtt;
include proxy_params;
proxy_buffering off;
proxy_cache off;
proxy_http_version 1.1;
proxy_set_header Connection '';
chunked_transfer_encoding off;
}

View file

@ -0,0 +1,2 @@
root /opt/ravespace.nl/;
index index.html;

View file

@ -0,0 +1,8 @@
# spaceapi nginx config snippet
location = /statejson {
proxy_pass http://localhost:8888;
include proxy_params;
add_header 'Access-Control-Allow-Origin' '*';
}

89
snippets/www-nginx.j2 Normal file
View file

@ -0,0 +1,89 @@
root /opt/mediawiki-1.41.1/;
# Photo gallery
location = /fotos {
return 302 $scheme://bitlair.nl/fotos/;
}
location ~* ^/fotos/(.*)$ {
proxy_pass http://204.2.68.2:4567/$1$is_args$args;
}
location ~ ^/state/(.+)$ {
alias /opt/spaceapi/assets/$1;
}
location = /events.ics {
alias /var/lib/bitlair-calendar/events.ics;
}
location ~ ^/(cache|maintenance|vendor|extensions)/ {
deny all;
}
# Legacy space API stuff.
location ~ ^/(putconfig|putjson|putstate|state|statejson)\.php$ {
root "/opt/legacy/";
fastcgi_pass unix:/run/php/php-fpm.sock;
include fastcgi.conf;
}
location ~ ^/(bitlair.svg|bitlair_closed.png|bitlair_open.png|state|statejson)$ {
root "/opt/legacy/";
}
location ~ ^/wp-content {
root "/opt/legacy/";
}
location = /statejson.php {
rewrite ^.+$ /statejson;
}
# Mediawiki
location / {
try_files $uri $uri/ @rewrite;
}
location ~ \.php$ {
try_files $uri @rewrite;
fastcgi_pass unix:/run/php/php-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
location @rewrite {
# rewrite ^/(.*)$ /index.php;
rewrite ^/(.*)$ /index.php?title=$1$args;
}
location ~ \.(png|css|ico|pdf|flv|jpe?g|gif|js|css)$ {
try_files $uri @rewrite;
expires 1M;
}
location = /_.gif {
expires max;
empty_gif;
}
#location /dumps {
# root /opt/bitlair-wiki/local;
# autoindex on;
#}
# Legacy: redirect old prefix.
location /Pages/ {
rewrite ^/Pages/(.*) https://$server_name/$1$args redirect;
}
# Matrix realm delegation
location = /.well-known/matrix/server {
add_header "Content-Type" "application/json";
add_header "Access-Control-Allow-Origin" "*";
alias /opt/matrix-delegation.json;
}
location = /.well-known/security.txt {
alias /opt/security.txt;
}

8
wiki.yaml Normal file
View file

@ -0,0 +1,8 @@
---
- hosts: wiki
roles:
- { role: "common", tags: [ "common" ] }
- { role: "acme", tags: [ "acme" ] }
- { role: "nginx", tags: [ "nginx" ] }
- { role: "www", tags: [ "www" ] }

View file

@ -1,7 +0,0 @@
---
- hosts: wiki
roles:
- common
- acme
- www