nginx role for git + music
This commit is contained in:
parent
d0c1e45196
commit
ecf68bd0cf
8 changed files with 51 additions and 33 deletions
|
@ -26,6 +26,7 @@
|
|||
- hosts: git
|
||||
roles:
|
||||
- { role: "acme", tags: [ "acme" ] }
|
||||
- { role: "nginx", tags: [ "nginx" ] }
|
||||
- { role: "git-server", tags: [ "git-server" ] }
|
||||
|
||||
- hosts: monitoring
|
||||
|
|
7
git.yaml
7
git.yaml
|
@ -2,6 +2,7 @@
|
|||
|
||||
- hosts: git
|
||||
roles:
|
||||
- common
|
||||
- acme
|
||||
- git-server
|
||||
- { role: "common", tags: [ "common" ] }
|
||||
- { role: "acme", tags: [ "acme" ] }
|
||||
- { role: "nginx", tags: [ "nginx" ] }
|
||||
- { role: "git-server", tags: [ "git-server" ] }
|
||||
|
|
|
@ -1,5 +1,15 @@
|
|||
---
|
||||
|
||||
acme_domains:
|
||||
- "{{ git_server_domain }}"
|
||||
git_server_domain: git.bitlair.nl
|
||||
git_server_title: Gitlair
|
||||
git_server_bootstrap_cert: no
|
||||
|
||||
nginx_client_max_body_size: 4G
|
||||
|
||||
nginx_sites:
|
||||
- server_name: "git.bitlair.nl"
|
||||
localproxy: "9001"
|
||||
snippets:
|
||||
- "forgejo-nginx.j2"
|
||||
|
|
|
@ -5,6 +5,8 @@ root_access:
|
|||
- foobar
|
||||
- polyfloyd
|
||||
|
||||
nginx_client_max_body_size: 512M
|
||||
|
||||
music_domain: music.bitlair.nl
|
||||
acme_san_domains:
|
||||
- [ music.bitlair.nl ]
|
||||
|
|
|
@ -1,34 +1,32 @@
|
|||
---
|
||||
- name: mqtt-internal
|
||||
tags: mqtt_internal
|
||||
block:
|
||||
- name: Install dependencies
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- mosquitto
|
||||
- avahi-daemon
|
||||
|
||||
- name: Install bambulab cafile
|
||||
# openssl s_client -showcerts -connect <ip>:8883 </dev/null | sed -n -e '/-.BEGIN/,/-.END/ p'
|
||||
ansible.builtin.copy:
|
||||
dest: "{{ mqtt_bambulab_cafile }}"
|
||||
content: "{{ lookup('passwordstore', 'bambulab subkey=cafile') }}"
|
||||
- name: Install dependencies
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- mosquitto
|
||||
- avahi-daemon
|
||||
|
||||
- name: Configure Mosquitto
|
||||
ansible.builtin.template:
|
||||
src: "{{ item }}"
|
||||
dest: "/etc/mosquitto/conf.d/{{ item }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: restart mosquitto
|
||||
with_items:
|
||||
- bambulab.conf
|
||||
- internal.conf
|
||||
- public-bridge.conf
|
||||
- name: Install bambulab cafile
|
||||
# openssl s_client -showcerts -connect <ip>:8883 </dev/null | sed -n -e '/-.BEGIN/,/-.END/ p'
|
||||
ansible.builtin.copy:
|
||||
dest: "{{ mqtt_bambulab_cafile }}"
|
||||
content: "{{ lookup('passwordstore', 'bambulab subkey=cafile') }}"
|
||||
|
||||
- name: Start mosquitto
|
||||
ansible.builtin.systemd:
|
||||
name: mosquitto
|
||||
state: started
|
||||
enabled: yes
|
||||
- name: Configure Mosquitto
|
||||
ansible.builtin.template:
|
||||
src: "{{ item }}"
|
||||
dest: "/etc/mosquitto/conf.d/{{ item }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: restart mosquitto
|
||||
with_items:
|
||||
- bambulab.conf
|
||||
- internal.conf
|
||||
- public-bridge.conf
|
||||
|
||||
- name: Start mosquitto
|
||||
ansible.builtin.systemd:
|
||||
name: mosquitto
|
||||
state: started
|
||||
enabled: yes
|
||||
|
|
|
@ -13,4 +13,5 @@ nginx_tls_session_timeout: "1h"
|
|||
nginx_ssl_stapling: "on"
|
||||
nginx_ssl_stapling_verify: "on"
|
||||
nginx_wk_acme: "/var/lib/dehydrated/acme-challenges"
|
||||
nginx_client_max_body_size: "32m"
|
||||
|
||||
|
|
|
@ -10,6 +10,8 @@ server {
|
|||
ssl_certificate /var/lib/dehydrated/certs/{{ site.server_name }}/fullchain.pem;
|
||||
ssl_certificate_key /var/lib/dehydrated/certs/{{ site.server_name }}/privkey.pem;
|
||||
|
||||
client_max_body_size {{ nginx_client_max_body_size }};
|
||||
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
|
|
3
snippets/forgejo-nginx.j2
Normal file
3
snippets/forgejo-nginx.j2
Normal file
|
@ -0,0 +1,3 @@
|
|||
location ~* \.keys$ {
|
||||
deny all;
|
||||
}
|
Loading…
Add table
Reference in a new issue