bitlair/ansible
6
0
Fork 1
Code Issues Pull requests Releases Activity

Faalkaart fixes

Browse source 
https://basisbeveiliging.nl/report/NL/cyber_non_profit/1720
This commit is contained in:
polyfloyd 2024-06-04 18:50:16 +02:00
parent ec1a3662f8
commit 5ae55c6c5b
8 changed files with 44 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
roles/etherpad/tasks/main.yaml
View file

@ -1,9 +1,11 @@
--- ---
- tags: etherpad - tags: etherpad
block: block:
- import_tasks: ../../../snippets/common-nginx.yaml
- name: Install dependencies - name: Install dependencies
apt: apt:
name: [ gpg, nginx, postgresql, python3-psycopg2, apt-transport-https ] name: [ gpg, postgresql, python3-psycopg2, apt-transport-https ]
- name: Import nodesource signing key - name: Import nodesource signing key
shell: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource.gpg shell: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource.gpg
@ -109,12 +111,6 @@
state: started state: started
enabled: yes enabled: yes
- name: Clear default nginx site
file:
state: absent
path: /etc/nginx/sites-enabled/default
notify: reload nginx
- name: Install nginx config - name: Install nginx config
template: template:
src: nginx-site.conf src: nginx-site.conf

9
roles/git-server/tasks/main.yaml
View file

@ -1,18 +1,13 @@
--- ---
- import_tasks: ../../../snippets/common-nginx.yaml
- name: Install dependencies - name: Install dependencies
apt: apt:
name: name:
- git - git
- nginx
- xq - xq
state: present state: present
- name: Clear default nginx site
file:
state: absent
path: /etc/nginx/sites-enabled/default
notify: reload nginx
- name: Install nginx site - name: Install nginx site
template: template:
src: nginx-site.conf src: nginx-site.conf

11
roles/monitoring/tasks/main.yaml
View file

@ -2,16 +2,7 @@
- name: monitoring - name: monitoring
tags: monitoring tags: monitoring
block: block:
- name: Install dependencies - import_tasks: ../../../snippets/common-nginx.yaml
apt:
name: nginx
state: present
- name: Clear default nginx site
file:
state: absent
path: /etc/nginx/sites-enabled/default
notify: reload nginx
- name: Install nginx site - name: Install nginx site
template: template:

4
roles/music/tasks/main.yaml
View file

@ -13,9 +13,7 @@
- tags: music - tags: music
block: block:
- name: Install nginx - import_tasks: ../../../snippets/common-nginx.yaml
apt:
name: nginx
- name: Install nginx config - name: Install nginx config
template: template:

14
roles/www/tasks/mediawiki.yaml
View file

@ -1,8 +1,18 @@
--- ---
- name: Install dependencies - name: Install dependencies
apt: apt:
name: name: php-fpm
- php-fpm state: present
- import_tasks: ../../../snippets/common-nginx.yaml
- name: Install security.txt
template:
src: security.txt
dest: /opt/security.txt
owner: root
group: root
mode: 0644
- name: Allow HTTP/HTTPS - name: Allow HTTP/HTTPS
iptables: iptables:

4
roles/www/templates/nginx-site.conf
View file

@ -127,5 +127,9 @@ server {
alias /opt/matrix-delegation.json; alias /opt/matrix-delegation.json;
} }
location = /.well-known/security.txt {
alias /opt/security.txt;
}
include "snippets/acme.conf"; include "snippets/acme.conf";
} }

3
roles/www/templates/security.txt Normal file
View file

@ -0,0 +1,3 @@
Contact: mailto:bestuur@bitlair.nl
Preferred-Languages: nl, en
Hiring: https://bitlair.nl/Deelnemer_Worden

18
snippets/common-nginx.yaml Normal file
View file

@ -0,0 +1,18 @@
---
- name: Install nginx
apt:
name: nginx
state: present
- name: Disable nginx server_tokens
lineinfile:
path: /etc/nginx/nginx.conf
line: "\tserver_tokens off;"
regexp: "server_tokens"
notify: reload nginx
- name: Clear default nginx site
file:
state: absent
path: /etc/nginx/sites-enabled/default
notify: reload nginx