Compare commits
No commits in common. "fedc15a1d7a8d19dee2b714a8cd4e80299835853" and "8a8216d78e72e8a8bd49ca52245dcf6458a08f84" have entirely different histories.
fedc15a1d7
...
8a8216d78e
6 changed files with 18 additions and 17 deletions
|
|
@ -38,6 +38,6 @@ all:
|
||||||
services:
|
services:
|
||||||
hosts:
|
hosts:
|
||||||
service.bitlair.nl:
|
service.bitlair.nl:
|
||||||
wiki:
|
www:
|
||||||
hosts:
|
hosts:
|
||||||
wiki.bitlair.nl:
|
cyber.bitlair.nl:
|
||||||
|
|
|
||||||
|
|
@ -76,18 +76,18 @@
|
||||||
insertafter: '^PATH'
|
insertafter: '^PATH'
|
||||||
line: 'MAILTO={{ notify_email }}'
|
line: 'MAILTO={{ notify_email }}'
|
||||||
|
|
||||||
- name: Configure SSH
|
- name: Turn off SSH password auth
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/ssh/sshd_config
|
path: /etc/ssh/sshd_config
|
||||||
regexp: "{{ item.regexp }}"
|
regexp: '^#?PasswordAuthentication'
|
||||||
line: "{{ item.line }}"
|
line: 'PasswordAuthentication no'
|
||||||
with_items:
|
notify: reload sshd
|
||||||
- regexp: '^#?Port'
|
|
||||||
line: 'Port {{ ssh_port }}'
|
- name: Configure SSH port
|
||||||
- regexp: '^#?PasswordAuthentication'
|
lineinfile:
|
||||||
line: 'PasswordAuthentication no'
|
path: /etc/ssh/sshd_config
|
||||||
- regexp: '^#?DebianBanner'
|
regexp: '^#?Port'
|
||||||
line: 'DebianBanner no'
|
line: 'Port {{ ssh_port }}'
|
||||||
notify: reload sshd
|
notify: reload sshd
|
||||||
|
|
||||||
- name: Allow SSH
|
- name: Allow SSH
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,7 @@ server {
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
||||||
|
add_header X-Frame-Options DENY;
|
||||||
add_header X-Content-Type-Options nosniff;
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
|
|
|
||||||
|
|
@ -69,7 +69,7 @@
|
||||||
"allowUnknownFileEnds": true,
|
"allowUnknownFileEnds": true,
|
||||||
"requireAuthentication": false,
|
"requireAuthentication": false,
|
||||||
"requireAuthorization": false,
|
"requireAuthorization": false,
|
||||||
"trustProxy": true,
|
"trustProxy": false,
|
||||||
"cookie": {
|
"cookie": {
|
||||||
"sameSite": "Lax"
|
"sameSite": "Lax"
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -3,10 +3,10 @@
|
||||||
import_tasks: calendar.yaml
|
import_tasks: calendar.yaml
|
||||||
|
|
||||||
- tags: www_mediawiki
|
- tags: www_mediawiki
|
||||||
import_tasks: mediawiki.yaml
|
include_tasks: mediawiki.yaml
|
||||||
|
|
||||||
- tags: www_mqtt
|
- tags: www_mqtt
|
||||||
import_tasks: mqtt.yaml
|
include_tasks: mqtt.yaml
|
||||||
|
|
||||||
- tags: www_spaceapi
|
- tags: www_spaceapi
|
||||||
import_tasks: spaceapi.yaml
|
include_tasks: spaceapi.yaml
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@
|
||||||
- name: Clone spaceapi source
|
- name: Clone spaceapi source
|
||||||
git:
|
git:
|
||||||
repo: https://github.com/bitlair/spaceapi.git
|
repo: https://github.com/bitlair/spaceapi.git
|
||||||
version: main
|
version: master
|
||||||
dest: /opt/spaceapi
|
dest: /opt/spaceapi
|
||||||
accept_hostkey: yes
|
accept_hostkey: yes
|
||||||
notify: restart spaceapi
|
notify: restart spaceapi
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue