Cleanup

2024-07-18 20:55:48 +02:00 · 2024-07-18 20:55:48 +02:00 · 792f2749b6
commit 792f2749b6
parent c783601fa9
21 changed files with 160 additions and 58 deletions
--- a/bank.yaml
+++ b/bank.yaml
@ -1,8 +1,8 @@
 ---

 - hosts: bank
-  roles:
-    - common
-    - bank
  vars:
    bank_revbank_git: https://github.com/bitlair/revbank.git
+  roles:
+    - { role: "common", tags: [ "common" ] }
+    - { role: "bank", tags: [ "bank" ] }
--- a/bar.yaml
+++ b/bar.yaml
@ -4,6 +4,6 @@
  vars:
    raspi_rotate_display: "2"
  roles:
-    - raspi
-    - common
-    - bank-terminal
+    - { role: "raspi", tags: [ "raspi" ] }
+    - { role: "common", tags: [ "common" ] }
+    - { role: "bank-terminal", tags: [ "bank-terminal" ] }
--- a/bitlair.yaml
+++ b/bitlair.yaml
@ -31,6 +31,7 @@
 - hosts: monitoring
  roles:
    - { role: "acme", tags: [ "acme" ] }
+    - { role: "nginx", tags: [ "nginx" ] }
    - { role: "monitoring", tags: [ "monitoring" ] }

 - hosts: mqtt
@ -55,4 +56,5 @@
 - hosts: wiki
  roles:
    - { role: "acme", tags: [ "acme" ] }
+    - { role: "nginx", tags: [ "nginx" ] }
    - { role: "www", tags: [ "www" ] }
--- a/group_vars/wiki.yaml
+++ b/group_vars/wiki.yaml
@ -0,0 +1,21 @@
+acme_bootstrap_certs: yes
+acme_san_domains:
+  - [ bitlair.nl, wiki.bitlair.nl, www.bitlair.nl ]
+  - [ bitair.nl ]
+  - [ ravespace.nl ]
+
+nginx_sites:
+  - server_name: "bitlair.nl"
+    server_alias: "wiki.bitlair.nl www.bitlair.nl cyber.bitlair.nl"
+    snippets:
+      - "mqtt2web-nginx.j2"
+      - "spaceapi-nginx.j2"
+      - "www-nginx.j2"
+  - server_name: "bitair.nl"
+    server_alias: "www.bitair.nl"
+    snippets:
+      - "bitair-nginx.j2"
+  - server_name: "ravespace.nl"
+    server_alias: "www.ravespace.nl"
+    snippets:
+      - "ravespace-nginx.j2"
--- a/group_vars/www.yaml
+++ b/group_vars/www.yaml
@ -1,5 +0,0 @@
-acme_bootstrap_certs: yes
-acme_san_domains:
-  - [ bitlair.nl, wiki.bitlair.nl, www.bitlair.nl ]
-  - [ bitair.nl ]
-  - [ ravespace.nl ]
--- a/mqtt-internal.yaml
+++ b/mqtt-internal.yaml
@ -2,5 +2,5 @@

 - hosts: mqtt
  roles:
-    - common
-    - mqtt-internal
+    - { role: "common", tags: [ "common" ] }
+    - { role: "mqtt-internal", tags: [ "mqtt", "mqtt-internal" ] }
--- a/music.yaml
+++ b/music.yaml
@ -2,7 +2,8 @@

 - hosts: music
  roles:
-    - common
-    - acme
-    - go
-    - music
+    - { role: "common", tags: [ "common" ] }
+    - { role: "acme", tags: [ "acme" ] }
+    - { role: "go", tags: [ "go" ] }
+#    - { role: "nginx", tags: [ "nginx" ] }
+    - { role: "music", tags: [ "music" ] }
--- a/pad.yaml
+++ b/pad.yaml
@ -5,6 +5,7 @@
    acme_san_domains:
      - [ pad.bitlair.nl ]
  roles:
-    - common
-    - acme
-    - etherpad
+    - { role: "common", tags: [ "common" ] }
+    - { role: "acme", tags: [ "acme" ] }
+#    - { role: "nginx", tags: [ "nginx" ] }
+    - { role: "etherpad", tags: [ "etherpad" ] }
--- a/roles/etherpad/tasks/main.yaml
+++ b/roles/etherpad/tasks/main.yaml
@ -1,9 +1,6 @@
 ---
 - tags: etherpad
  block:
-    - ansible.builtin.import_tasks:
-        file: ../../../snippets/common-nginx.yaml
-
    - name: Install dependencies
      ansible.builtin.apt:
        name: [ gpg, postgresql, python3-psycopg2, apt-transport-https ]
--- a/roles/git-server/tasks/main.yaml
+++ b/roles/git-server/tasks/main.yaml
@ -1,6 +1,4 @@
 ---
- ansible.builtin.import_tasks:
-    file: ../../../snippets/common-nginx.yaml

 - name: Install dependencies
  ansible.builtin.apt:
--- a/roles/monitoring/tasks/main.yaml
+++ b/roles/monitoring/tasks/main.yaml
@ -2,9 +2,6 @@
 - name: monitoring
  tags: monitoring
  block:
-    - ansible.builtin.import_tasks:
-        file: ../../../snippets/common-nginx.yaml
-
    - name: Install nginx site
      ansible.builtin.template:
        src: nginx-site.conf
--- a/roles/music/tasks/main.yaml
+++ b/roles/music/tasks/main.yaml
@ -17,8 +17,6 @@

 - tags: music
  block:
-    - ansible.builtin.import_tasks:
-        file: ../../../snippets/common-nginx.yaml

    - name: Install nginx config
      ansible.builtin.template:
--- a/roles/www/tasks/mediawiki.yaml
+++ b/roles/www/tasks/mediawiki.yaml
@ -4,9 +4,6 @@
    name: php-fpm
    state: present

- ansible.builtin.import_tasks:
-    file: ../../../snippets/common-nginx.yaml
-
 - name: Install security.txt
  ansible.builtin.template:
    src: security.txt
--- a/snippets/bitair-nginx.j2
+++ b/snippets/bitair-nginx.j2
@ -0,0 +1,2 @@
+root /opt/bitair.nl/;
+index index.html;
--- a/snippets/common-nginx.yaml
+++ b/snippets/common-nginx.yaml
@ -1,18 +0,0 @@
---
- name: Install nginx
-  apt:
-    name: nginx
-    state: present
-
- name: Disable nginx server_tokens
-  lineinfile:
-    path: /etc/nginx/nginx.conf
-    line: "\tserver_tokens off;"
-    regexp: "server_tokens"
-  notify: reload nginx
-
- name: Clear default nginx site
-  file:
-    state: absent
-    path: /etc/nginx/sites-enabled/default
-  notify: reload nginx
--- a/snippets/mqtt2web-nginx.j2
+++ b/snippets/mqtt2web-nginx.j2
@ -0,0 +1,11 @@
+# mqtt2web nginx config snippet
+
+location /mqtt/ {
+        proxy_pass http://localhost:8080/mqtt;
+        include proxy_params;
+        proxy_buffering off;
+        proxy_cache off;
+        proxy_http_version 1.1;
+        proxy_set_header Connection '';
+        chunked_transfer_encoding off;
+}
--- a/snippets/ravespace-nginx.j2
+++ b/snippets/ravespace-nginx.j2
@ -0,0 +1,2 @@
+root /opt/ravespace.nl/;
+index index.html;
--- a/snippets/spaceapi-nginx.j2
+++ b/snippets/spaceapi-nginx.j2
@ -0,0 +1,8 @@
+# spaceapi nginx config snippet
+
+location = /statejson {
+    proxy_pass http://localhost:8888;
+    include proxy_params;
+    add_header 'Access-Control-Allow-Origin' '*';
+}
+
--- a/snippets/www-nginx.j2
+++ b/snippets/www-nginx.j2
@ -0,0 +1,89 @@
+root /opt/mediawiki-1.41.1/;
+
+# Photo gallery
+location = /fotos {
+    return 302 $scheme://bitlair.nl/fotos/;
+}
+
+location ~* ^/fotos/(.*)$ {
+    proxy_pass http://204.2.68.2:4567/$1$is_args$args;
+}
+
+location ~ ^/state/(.+)$ {
+    alias /opt/spaceapi/assets/$1;
+}
+
+location = /events.ics {
+    alias /var/lib/bitlair-calendar/events.ics;
+}
+
+location ~ ^/(cache|maintenance|vendor|extensions)/ {
+    deny all;
+}
+
+# Legacy space API stuff.
+location ~ ^/(putconfig|putjson|putstate|state|statejson)\.php$ {
+    root "/opt/legacy/";
+    fastcgi_pass unix:/run/php/php-fpm.sock;
+    include fastcgi.conf;
+}
+
+location ~ ^/(bitlair.svg|bitlair_closed.png|bitlair_open.png|state|statejson)$ {
+    root "/opt/legacy/";
+}
+
+location ~ ^/wp-content {
+    root "/opt/legacy/";
+}
+
+location = /statejson.php {
+    rewrite ^.+$ /statejson;
+}
+
+# Mediawiki
+location / {
+    try_files $uri $uri/ @rewrite;
+}
+
+location ~ \.php$ {
+    try_files $uri @rewrite;
+    fastcgi_pass unix:/run/php/php-fpm.sock;
+    fastcgi_index index.php;
+    include fastcgi.conf;
+}
+
+location @rewrite {
+#    rewrite ^/(.*)$ /index.php;
+    rewrite ^/(.*)$ /index.php?title=$1$args;
+}
+
+location ~ \.(png|css|ico|pdf|flv|jpe?g|gif|js|css)$ {
+    try_files $uri @rewrite;
+    expires 1M;
+}
+
+location = /_.gif {
+    expires max;
+    empty_gif;
+}
+
+#location /dumps {
+#    root /opt/bitlair-wiki/local;
+#    autoindex on;
+#}
+
+# Legacy: redirect old prefix.
+location /Pages/ {
+    rewrite ^/Pages/(.*) https://$server_name/$1$args redirect;
+}
+
+# Matrix realm delegation
+location = /.well-known/matrix/server {
+    add_header "Content-Type" "application/json";
+    add_header "Access-Control-Allow-Origin" "*";
+    alias /opt/matrix-delegation.json;
+}
+
+location = /.well-known/security.txt {
+    alias /opt/security.txt;
+}
--- a/wiki.yaml
+++ b/wiki.yaml
@ -0,0 +1,8 @@
+---
+
+- hosts: wiki
+  roles:
+    - { role: "common", tags: [ "common" ] }
+    - { role: "acme", tags: [ "acme" ] }
+    - { role: "nginx", tags: [ "nginx" ] }
+    - { role: "www", tags: [ "www" ] }
--- a/www.yaml
+++ b/www.yaml
@ -1,7 +0,0 @@
---
-
- hosts: wiki
-  roles:
-    - common
-    - acme
-    - www