diff options
author | clarkzjw <[email protected]> | 2023-02-08 00:40:09 -0800 |
---|---|---|
committer | clarkzjw <[email protected]> | 2023-02-08 00:40:09 -0800 |
commit | 1204730924436ef9e1c7c49c9557837f9a5ed0e8 (patch) | |
tree | 129d79dfd11245751cee6d4082ff5d2f6e941610 /ansible/inventory/host_vars/webby | |
parent | 9635ac4dedf69de5bff65785bcc16bef80b52d75 (diff) | |
download | mail-1204730924436ef9e1c7c49c9557837f9a5ed0e8.tar.gz |
Diffstat (limited to 'ansible/inventory/host_vars/webby')
-rw-r--r-- | ansible/inventory/host_vars/webby/certs.yml | 23 | ||||
-rw-r--r-- | ansible/inventory/host_vars/webby/network.yml | 12 | ||||
-rw-r--r-- | ansible/inventory/host_vars/webby/nginx.yml | 77 |
3 files changed, 112 insertions, 0 deletions
diff --git a/ansible/inventory/host_vars/webby/certs.yml b/ansible/inventory/host_vars/webby/certs.yml new file mode 100644 index 0000000..c38b80d --- /dev/null +++ b/ansible/inventory/host_vars/webby/certs.yml | |||
@@ -0,0 +1,23 @@ | |||
1 | --- | ||
2 | certs: | ||
3 | # Copy only these private keys and certs from ansible into the system | ||
4 | keyTypes: | ||
5 | - rsa2048 | ||
6 | - prime256v1 | ||
7 | |||
8 | # requested can EITHER be: | ||
9 | # - just a list of hostnames (then we depoly all 'keyTypes' for each hostname) | ||
10 | # - or, a mapping of, e.g.: | ||
11 | # - host: example1.com | ||
12 | # type: rsa2048 | ||
13 | # - host: example1.com | ||
14 | # type: prime256v1 | ||
15 | required: | ||
16 | - example1.com | ||
17 | - example2.com | ||
18 | - example3.com | ||
19 | |||
20 | # These users have ansible-controlled ssh private keys | ||
21 | # (mainly for automated backups right now) | ||
22 | sshKeysForUsers: [] | ||
23 | # - root | ||
diff --git a/ansible/inventory/host_vars/webby/network.yml b/ansible/inventory/host_vars/webby/network.yml new file mode 100644 index 0000000..39eb141 --- /dev/null +++ b/ansible/inventory/host_vars/webby/network.yml | |||
@@ -0,0 +1,12 @@ | |||
1 | --- | ||
2 | network: | ||
3 | # These interface names are used to pull IP addresses into templates. | ||
4 | # interface.public has the IP we use to open ports to the world (mail, web, etc) | ||
5 | # interface.private has the IP for private services (ssh login, reporting, etc) | ||
6 | # Right now we don't support multiple IPs per interface, we just grab the IPv4 | ||
7 | # address as presented by ansible fact e.g. 'ansible_{{interface.public}}.ipv4.address' | ||
8 | interface: | ||
9 | private: ens3 | ||
10 | public: ens4 | ||
11 | hostname: | ||
12 | public: webby | ||
diff --git a/ansible/inventory/host_vars/webby/nginx.yml b/ansible/inventory/host_vars/webby/nginx.yml new file mode 100644 index 0000000..87976dc --- /dev/null +++ b/ansible/inventory/host_vars/webby/nginx.yml | |||
@@ -0,0 +1,77 @@ | |||
1 | --- | ||
2 | nginx: | ||
3 | # Google webmaster tools wants this same filename on all hosts | ||
4 | google: | ||
5 | siteKey: googleYOURKEYHERE | ||
6 | siteKeyServeDir: /srv/web/files/ | ||
7 | |||
8 | # ssl can be "modern" or "tls13" or anything else means default | ||
9 | ssl: default | ||
10 | |||
11 | # These configs are directly uploaded as saved config files from files/nginx/<sitename> | ||
12 | complex: | ||
13 | - example4.com | ||
14 | - example5.com | ||
15 | |||
16 | basic: [] | ||
17 | # These configs are generated by template description below. | ||
18 | # 'customConfig' is nginx directives placed for your http2 server block. | ||
19 | # basic: | ||
20 | # - domain: "example.com" | ||
21 | # uri: | ||
22 | # - path: / | ||
23 | # | ||
24 | # - domain: example2.com | ||
25 | # uri: | ||
26 | # - path: / | ||
27 | # appServer: "http://127.0.0.1:7780" | ||
28 | # customConfig: | | ||
29 | # keepalive_timeout 5 5; | ||
30 | # keepalive_requests 200; | ||
31 | # | ||
32 | # proxy_intercept_errors on; | ||
33 | # error_page 502 =503 @noserver; | ||
34 | # error_page 503 =503 @noserver; | ||
35 | # error_page 504 =503 @noserver; | ||
36 | # | ||
37 | # location @noserver { | ||
38 | # root /home/matt/repos/matt-prod/priv; | ||
39 | # charset utf-8; | ||
40 | # rewrite ^(.*)$ /noserver.txt break; | ||
41 | # } | ||
42 | # | ||
43 | # location /src/ { | ||
44 | # proxy_pass http://127.0.0.1:7780/$request_uri; | ||
45 | # add_header Cache-Control public; | ||
46 | # expires +5m; | ||
47 | # if ($args) { | ||
48 | # expires +1y; | ||
49 | # } | ||
50 | # } | ||
51 | # | ||
52 | # location /style { | ||
53 | # proxy_pass http://127.0.0.1:7780/$request_uri; | ||
54 | # add_header Cache-Control public; | ||
55 | # expires +5m; | ||
56 | # if ($args) { | ||
57 | # expires +1y; | ||
58 | # } | ||
59 | # } | ||
60 | # | ||
61 | # location /js { | ||
62 | # proxy_pass http://127.0.0.1:7780/$request_uri; | ||
63 | # add_header Cache-Control public; | ||
64 | # expires +5m; | ||
65 | # if ($args) { | ||
66 | # expires +1y; | ||
67 | # } | ||
68 | # } | ||
69 | # | ||
70 | # location /favicon.ico { | ||
71 | # empty_gif; | ||
72 | # } | ||
73 | # | ||
74 | # location /files { | ||
75 | # expires max; | ||
76 | # root /srv/web/matt.sh; | ||
77 | # } | ||