nginx role for git + music

This commit is contained in:
Mark Janssen 2024-07-18 22:00:48 +02:00
parent d0c1e45196
commit ecf68bd0cf
8 changed files with 51 additions and 33 deletions

View file

@ -26,6 +26,7 @@
- hosts: git
roles:
- { role: "acme", tags: [ "acme" ] }
- { role: "nginx", tags: [ "nginx" ] }
- { role: "git-server", tags: [ "git-server" ] }
- hosts: monitoring

View file

@ -2,6 +2,7 @@
- hosts: git
roles:
- common
- acme
- git-server
- { role: "common", tags: [ "common" ] }
- { role: "acme", tags: [ "acme" ] }
- { role: "nginx", tags: [ "nginx" ] }
- { role: "git-server", tags: [ "git-server" ] }

View file

@ -1,5 +1,15 @@
---
acme_domains:
- "{{ git_server_domain }}"
git_server_domain: git.bitlair.nl
git_server_title: Gitlair
git_server_bootstrap_cert: no
nginx_client_max_body_size: 4G
nginx_sites:
- server_name: "git.bitlair.nl"
localproxy: "9001"
snippets:
- "forgejo-nginx.j2"

View file

@ -5,6 +5,8 @@ root_access:
- foobar
- polyfloyd
nginx_client_max_body_size: 512M
music_domain: music.bitlair.nl
acme_san_domains:
- [ music.bitlair.nl ]

View file

@ -1,34 +1,32 @@
---
- name: mqtt-internal
tags: mqtt_internal
block:
- name: Install dependencies
ansible.builtin.apt:
name:
- mosquitto
- avahi-daemon
- name: Install bambulab cafile
# openssl s_client -showcerts -connect <ip>:8883 </dev/null | sed -n -e '/-.BEGIN/,/-.END/ p'
ansible.builtin.copy:
dest: "{{ mqtt_bambulab_cafile }}"
content: "{{ lookup('passwordstore', 'bambulab subkey=cafile') }}"
- name: Install dependencies
ansible.builtin.apt:
name:
- mosquitto
- avahi-daemon
- name: Configure Mosquitto
ansible.builtin.template:
src: "{{ item }}"
dest: "/etc/mosquitto/conf.d/{{ item }}"
owner: root
group: root
mode: 0644
notify: restart mosquitto
with_items:
- bambulab.conf
- internal.conf
- public-bridge.conf
- name: Install bambulab cafile
# openssl s_client -showcerts -connect <ip>:8883 </dev/null | sed -n -e '/-.BEGIN/,/-.END/ p'
ansible.builtin.copy:
dest: "{{ mqtt_bambulab_cafile }}"
content: "{{ lookup('passwordstore', 'bambulab subkey=cafile') }}"
- name: Start mosquitto
ansible.builtin.systemd:
name: mosquitto
state: started
enabled: yes
- name: Configure Mosquitto
ansible.builtin.template:
src: "{{ item }}"
dest: "/etc/mosquitto/conf.d/{{ item }}"
owner: root
group: root
mode: 0644
notify: restart mosquitto
with_items:
- bambulab.conf
- internal.conf
- public-bridge.conf
- name: Start mosquitto
ansible.builtin.systemd:
name: mosquitto
state: started
enabled: yes

View file

@ -13,4 +13,5 @@ nginx_tls_session_timeout: "1h"
nginx_ssl_stapling: "on"
nginx_ssl_stapling_verify: "on"
nginx_wk_acme: "/var/lib/dehydrated/acme-challenges"
nginx_client_max_body_size: "32m"

View file

@ -10,6 +10,8 @@ server {
ssl_certificate /var/lib/dehydrated/certs/{{ site.server_name }}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/{{ site.server_name }}/privkey.pem;
client_max_body_size {{ nginx_client_max_body_size }};
location ~ /\.ht {
deny all;
}

View file

@ -0,0 +1,3 @@
location ~* \.keys$ {
deny all;
}