From e06d4fee0044572b8bc22283b6954047cdafcf3f Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Mon, 24 Jun 2024 20:21:03 +0200 Subject: [PATCH 1/3] wiki: Update spaceapi --- hosts.yaml | 4 ++-- roles/www/tasks/main.yaml | 6 +++--- roles/www/tasks/spaceapi.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/hosts.yaml b/hosts.yaml index 6bae61a..0dfe49b 100644 --- a/hosts.yaml +++ b/hosts.yaml @@ -38,6 +38,6 @@ all: services: hosts: service.bitlair.nl: - www: + wiki: hosts: - cyber.bitlair.nl: + wiki.bitlair.nl: diff --git a/roles/www/tasks/main.yaml b/roles/www/tasks/main.yaml index 32b52d1..f15f9e5 100644 --- a/roles/www/tasks/main.yaml +++ b/roles/www/tasks/main.yaml @@ -3,10 +3,10 @@ import_tasks: calendar.yaml - tags: www_mediawiki - include_tasks: mediawiki.yaml + import_tasks: mediawiki.yaml - tags: www_mqtt - include_tasks: mqtt.yaml + import_tasks: mqtt.yaml - tags: www_spaceapi - include_tasks: spaceapi.yaml + import_tasks: spaceapi.yaml diff --git a/roles/www/tasks/spaceapi.yaml b/roles/www/tasks/spaceapi.yaml index 85fa72f..c08ff73 100644 --- a/roles/www/tasks/spaceapi.yaml +++ b/roles/www/tasks/spaceapi.yaml @@ -2,7 +2,7 @@ - name: Clone spaceapi source git: repo: https://github.com/bitlair/spaceapi.git - version: master + version: main dest: /opt/spaceapi accept_hostkey: yes notify: restart spaceapi From 33567e61902c9a89b08cc57fb73e29dad62cceff Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Mon, 24 Jun 2024 20:25:00 +0200 Subject: [PATCH 2/3] Sync from polyfloyd infra --- roles/common/tasks/main.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml index 6e437c8..64f80c3 100644 --- a/roles/common/tasks/main.yaml +++ b/roles/common/tasks/main.yaml @@ -76,18 +76,18 @@ insertafter: '^PATH' line: 'MAILTO={{ notify_email }}' -- name: Turn off SSH password auth +- name: Configure SSH lineinfile: path: /etc/ssh/sshd_config - regexp: '^#?PasswordAuthentication' - line: 'PasswordAuthentication no' - notify: reload sshd - -- name: Configure SSH port - lineinfile: - path: /etc/ssh/sshd_config - regexp: '^#?Port' - line: 'Port {{ ssh_port }}' + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - regexp: '^#?Port' + line: 'Port {{ ssh_port }}' + - regexp: '^#?PasswordAuthentication' + line: 'PasswordAuthentication no' + - regexp: '^#?DebianBanner' + line: 'DebianBanner no' notify: reload sshd - name: Allow SSH From fedc15a1d7a8d19dee2b714a8cd4e80299835853 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Mon, 24 Jun 2024 20:25:36 +0200 Subject: [PATCH 3/3] etherpad: Fix HTTP permission error --- roles/etherpad/templates/nginx-site.conf | 1 - roles/etherpad/templates/settings.json | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/etherpad/templates/nginx-site.conf b/roles/etherpad/templates/nginx-site.conf index 57a48b0..0bca61d 100644 --- a/roles/etherpad/templates/nginx-site.conf +++ b/roles/etherpad/templates/nginx-site.conf @@ -13,7 +13,6 @@ server { {% endif %} add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; - add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; location / { diff --git a/roles/etherpad/templates/settings.json b/roles/etherpad/templates/settings.json index e2e8818..8ff1889 100644 --- a/roles/etherpad/templates/settings.json +++ b/roles/etherpad/templates/settings.json @@ -69,7 +69,7 @@ "allowUnknownFileEnds": true, "requireAuthentication": false, "requireAuthorization": false, - "trustProxy": false, + "trustProxy": true, "cookie": { "sameSite": "Lax" },