diff options
| -rw-r--r-- | docs/meeting_notes/2022-09-18.md | 2 | ||||
| -rw-r--r-- | inventory/hosts.yaml | 1 | ||||
| -rw-r--r-- | roles/nginx-geoip/tasks/main.yml | 2 | ||||
| -rw-r--r-- | roles/nginx/files/default_server.conf | 8 | ||||
| -rw-r--r-- | roles/nginx/files/files.pydis.wtf | 10 | ||||
| -rw-r--r-- | roles/nginx/tasks/main.yml | 25 | ||||
| -rw-r--r-- | roles/wireguard/tasks/main.yml | 2 |
7 files changed, 46 insertions, 4 deletions
diff --git a/docs/meeting_notes/2022-09-18.md b/docs/meeting_notes/2022-09-18.md index 7edab73..6b6b378 100644 --- a/docs/meeting_notes/2022-09-18.md +++ b/docs/meeting_notes/2022-09-18.md @@ -43,7 +43,7 @@ - Joe and Johannes will check out OpenLDAP as a JumpCloud alternative starting from this evening - Sofi has experience with OpenLDAP - + ## Sponsorship diff --git a/inventory/hosts.yaml b/inventory/hosts.yaml index 4e7c9d0..5239457 100644 --- a/inventory/hosts.yaml +++ b/inventory/hosts.yaml @@ -6,6 +6,7 @@ all: lovelace: ansible_host: lovelace.box.pydis.wtf wireguard_subnet: 10.2.0.0/16 + children: nginx: hosts: turing: diff --git a/roles/nginx-geoip/tasks/main.yml b/roles/nginx-geoip/tasks/main.yml index 50ba93d..e41b1e4 100644 --- a/roles/nginx-geoip/tasks/main.yml +++ b/roles/nginx-geoip/tasks/main.yml @@ -10,4 +10,4 @@ tags: - role::nginx-geoip notify: - - reload the nginx service + - Reload the nginx service diff --git a/roles/nginx/files/default_server.conf b/roles/nginx/files/default_server.conf index 13e74a0..1d68ff5 100644 --- a/roles/nginx/files/default_server.conf +++ b/roles/nginx/files/default_server.conf @@ -1,5 +1,13 @@ # Managed by Ansible server { + listen 80 default_server; + + server_name _; + + return 301 https://$host$request_uri; +} + +server { listen 443 ssl http2 default_server; ssl_certificate /etc/letsencrypt/live/pydis.wtf/fullchain.pem; diff --git a/roles/nginx/files/files.pydis.wtf b/roles/nginx/files/files.pydis.wtf new file mode 100644 index 0000000..db8416e --- /dev/null +++ b/roles/nginx/files/files.pydis.wtf @@ -0,0 +1,10 @@ +# Managed by Ansible +server { + listen 443; + server_name files.pydis.wtf; + root /var/www/turing; + + location / { + try_files $uri $uri/; + } +} diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 266e916..85fe7ec 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -19,4 +19,27 @@ tags: - role::nginx notify: - - reload the nginx service + - Reload the nginx service + +- name: Remove default nginx site + file: + path: /etc/nginx/sites-enabled/default + state: absent + +- name: Copy file server config + copy: + src: files.pydis.wtf + dest: /etc/nginx/sites-available/files.pydis.wtf + group: root + owner: root + mode: "0644" + tags: + - role::nginx + notify: + - Reload the nginx service + +- name: Enable file server + file: + src: /etc/nginx/sites-available/files.pydis.wtf + dest: /etc/nginx/sites-enabled/files.pydis.wtf + state: link diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml index 46ff3e9..9dc92dd 100644 --- a/roles/wireguard/tasks/main.yml +++ b/roles/wireguard/tasks/main.yml @@ -59,7 +59,7 @@ group: root owner: root notify: - - reload wg-quick + - Reload wg-quick tags: - role::wireguard |