summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorclarkzjw <[email protected]>2023-02-08 00:40:09 -0800
committerclarkzjw <[email protected]>2023-02-08 00:40:09 -0800
commit1204730924436ef9e1c7c49c9557837f9a5ed0e8 (patch)
tree129d79dfd11245751cee6d4082ff5d2f6e941610 /ansible/inventory/host_vars/webby
parent9635ac4dedf69de5bff65785bcc16bef80b52d75 (diff)
downloadmail-1204730924436ef9e1c7c49c9557837f9a5ed0e8.tar.gz
fork https://github.com/mattsta/mailwebHEADmaster
Diffstat (limited to 'ansible/inventory/host_vars/webby')
-rw-r--r--ansible/inventory/host_vars/webby/certs.yml23
-rw-r--r--ansible/inventory/host_vars/webby/network.yml12
-rw-r--r--ansible/inventory/host_vars/webby/nginx.yml77
3 files changed, 112 insertions, 0 deletions
diff --git a/ansible/inventory/host_vars/webby/certs.yml b/ansible/inventory/host_vars/webby/certs.yml
new file mode 100644
index 0000000..c38b80d
--- /dev/null
+++ b/ansible/inventory/host_vars/webby/certs.yml
@@ -0,0 +1,23 @@
1---
2certs:
3 # Copy only these private keys and certs from ansible into the system
4 keyTypes:
5 - rsa2048
6 - prime256v1
7
8# requested can EITHER be:
9# - just a list of hostnames (then we depoly all 'keyTypes' for each hostname)
10# - or, a mapping of, e.g.:
11# - host: example1.com
12# type: rsa2048
13# - host: example1.com
14# type: prime256v1
15 required:
16 - example1.com
17 - example2.com
18 - example3.com
19
20 # These users have ansible-controlled ssh private keys
21 # (mainly for automated backups right now)
22 sshKeysForUsers: []
23 # - root
diff --git a/ansible/inventory/host_vars/webby/network.yml b/ansible/inventory/host_vars/webby/network.yml
new file mode 100644
index 0000000..39eb141
--- /dev/null
+++ b/ansible/inventory/host_vars/webby/network.yml
@@ -0,0 +1,12 @@
1---
2network:
3 # These interface names are used to pull IP addresses into templates.
4 # interface.public has the IP we use to open ports to the world (mail, web, etc)
5 # interface.private has the IP for private services (ssh login, reporting, etc)
6 # Right now we don't support multiple IPs per interface, we just grab the IPv4
7 # address as presented by ansible fact e.g. 'ansible_{{interface.public}}.ipv4.address'
8 interface:
9 private: ens3
10 public: ens4
11 hostname:
12 public: webby
diff --git a/ansible/inventory/host_vars/webby/nginx.yml b/ansible/inventory/host_vars/webby/nginx.yml
new file mode 100644
index 0000000..87976dc
--- /dev/null
+++ b/ansible/inventory/host_vars/webby/nginx.yml
@@ -0,0 +1,77 @@
1---
2nginx:
3 # Google webmaster tools wants this same filename on all hosts
4 google:
5 siteKey: googleYOURKEYHERE
6 siteKeyServeDir: /srv/web/files/
7
8 # ssl can be "modern" or "tls13" or anything else means default
9 ssl: default
10
11 # These configs are directly uploaded as saved config files from files/nginx/<sitename>
12 complex:
13 - example4.com
14 - example5.com
15
16 basic: []
17 # These configs are generated by template description below.
18 # 'customConfig' is nginx directives placed for your http2 server block.
19 # basic:
20 # - domain: "example.com"
21 # uri:
22 # - path: /
23 #
24 # - domain: example2.com
25 # uri:
26 # - path: /
27 # appServer: "http://127.0.0.1:7780"
28 # customConfig: |
29 # keepalive_timeout 5 5;
30 # keepalive_requests 200;
31 #
32 # proxy_intercept_errors on;
33 # error_page 502 =503 @noserver;
34 # error_page 503 =503 @noserver;
35 # error_page 504 =503 @noserver;
36 #
37 # location @noserver {
38 # root /home/matt/repos/matt-prod/priv;
39 # charset utf-8;
40 # rewrite ^(.*)$ /noserver.txt break;
41 # }
42 #
43 # location /src/ {
44 # proxy_pass http://127.0.0.1:7780/$request_uri;
45 # add_header Cache-Control public;
46 # expires +5m;
47 # if ($args) {
48 # expires +1y;
49 # }
50 # }
51 #
52 # location /style {
53 # proxy_pass http://127.0.0.1:7780/$request_uri;
54 # add_header Cache-Control public;
55 # expires +5m;
56 # if ($args) {
57 # expires +1y;
58 # }
59 # }
60 #
61 # location /js {
62 # proxy_pass http://127.0.0.1:7780/$request_uri;
63 # add_header Cache-Control public;
64 # expires +5m;
65 # if ($args) {
66 # expires +1y;
67 # }
68 # }
69 #
70 # location /favicon.ico {
71 # empty_gif;
72 # }
73 #
74 # location /files {
75 # expires max;
76 # root /srv/web/matt.sh;
77 # }
Powered by cgit v1.2.3 (git 2.41.0)