3 files changed, 112 insertions, 0 deletions
diff --git a/ansible/inventory/host_vars/webby/certs.yml b/ansible/inventory/host_vars/webby/certs.yml
new file mode 100644
index 0000000..c38b80d
--- /dev/null
+++ b/ansible/inventory/host_vars/webby/certs.yml
@@ -0,0 +1,23 @@
+---
+certs:
+  # Copy only these private keys and certs from ansible into the system
+  keyTypes:
+    - rsa2048
+    - prime256v1
+# requested can EITHER be:
+# - just a list of hostnames (then we depoly all 'keyTypes' for each hostname)
+# - or, a mapping of, e.g.:
+#   - host: example1.com
+#     type: rsa2048
+#   - host: example1.com
+#     type: prime256v1
+  required:
+    - example1.com
+    - example2.com
+    - example3.com
+  # These users have ansible-controlled ssh private keys
+  # (mainly for automated backups right now)
+  sshKeysForUsers: []
+  #  - root
diff --git a/ansible/inventory/host_vars/webby/network.yml b/ansible/inventory/host_vars/webby/network.yml
new file mode 100644
index 0000000..39eb141
--- /dev/null
+++ b/ansible/inventory/host_vars/webby/network.yml
@@ -0,0 +1,12 @@
+---
+network:
+  # These interface names are used to pull IP addresses into templates.
+  # interface.public has the IP we use to open ports to the world (mail, web, etc)
+  # interface.private has the IP for private services (ssh login, reporting, etc)
+  # Right now we don't support multiple IPs per interface, we just grab the IPv4
+  # address as presented by ansible fact e.g. 'ansible_{{interface.public}}.ipv4.address'
+  interface:
+    private: ens3
+    public: ens4
+  hostname:
+    public: webby
diff --git a/ansible/inventory/host_vars/webby/nginx.yml b/ansible/inventory/host_vars/webby/nginx.yml
new file mode 100644
index 0000000..87976dc
--- /dev/null
+++ b/ansible/inventory/host_vars/webby/nginx.yml
@@ -0,0 +1,77 @@
+---
+nginx:
+  # Google webmaster tools wants this same filename on all hosts
+  google:
+    siteKey: googleYOURKEYHERE
+    siteKeyServeDir: /srv/web/files/
+  # ssl can be "modern" or "tls13" or anything else means default
+  ssl: default
+  # These configs are directly uploaded as saved config files from files/nginx/<sitename>
+  complex:
+    - example4.com
+    - example5.com
+  basic: []
+  # These configs are generated by template description below.
+  # 'customConfig' is nginx directives placed for your http2 server block.
+  #  basic:
+  #    - domain: "example.com"
+  #      uri:
+  #        - path: /
+  #
+  #    - domain: example2.com
+  #      uri:
+  #        - path: /
+  #          appServer: "http://127.0.0.1:7780"
+  #      customConfig: |
+  #          keepalive_timeout 5 5;
+  #          keepalive_requests 200;
+  #
+  #          proxy_intercept_errors on;
+  #          error_page 502 =503 @noserver;
+  #          error_page 503 =503 @noserver;
+  #          error_page 504 =503 @noserver;
+  #
+  #          location @noserver {
+  #            root /home/matt/repos/matt-prod/priv;
+  #            charset utf-8;
+  #            rewrite ^(.*)$ /noserver.txt break;
+  #          }
+  #
+  #          location /src/ {
+  #            proxy_pass http://127.0.0.1:7780/$request_uri;
+  #            add_header Cache-Control public;
+  #            expires +5m;
+  #            if ($args) {
+  #              expires +1y;
+  #            }
+  #          }
+  #
+  #          location /style {
+  #            proxy_pass http://127.0.0.1:7780/$request_uri;
+  #            add_header Cache-Control public;
+  #            expires +5m;
+  #            if ($args) {
+  #              expires +1y;
+  #            }
+  #          }
+  #
+  #          location /js {
+  #            proxy_pass http://127.0.0.1:7780/$request_uri;
+  #            add_header Cache-Control public;
+  #            expires +5m;
+  #            if ($args) {
+  #              expires +1y;
+  #            }
+  #          }
+  #
+  #          location /favicon.ico {
+  #            empty_gif;
+  #          }
+  #
+  #          location /files {
+  #            expires max;
+  #            root /srv/web/matt.sh;
+  #          }

diff --git a/ansible/inventory/host_vars/webby/certs.yml b/ansible/inventory/host_vars/webby/certs.yml new file mode 100644 index 0000000..c38b80d --- /dev/null +++ b/ansible/inventory/host_vars/webby/certs.yml
@@ -0,0 +1,23 @@
	1	---
	2	certs:
	3	# Copy only these private keys and certs from ansible into the system
	4	keyTypes:
	5	- rsa2048
	6	- prime256v1
	7
	8	# requested can EITHER be:
	9	# - just a list of hostnames (then we depoly all 'keyTypes' for each hostname)
	10	# - or, a mapping of, e.g.:
	11	# - host: example1.com
	12	# type: rsa2048
	13	# - host: example1.com
	14	# type: prime256v1
	15	required:
	16	- example1.com
	17	- example2.com
	18	- example3.com
	19
	20	# These users have ansible-controlled ssh private keys
	21	# (mainly for automated backups right now)
	22	sshKeysForUsers: []
	23	# - root


diff --git a/ansible/inventory/host_vars/webby/network.yml b/ansible/inventory/host_vars/webby/network.yml new file mode 100644 index 0000000..39eb141 --- /dev/null +++ b/ansible/inventory/host_vars/webby/network.yml
@@ -0,0 +1,12 @@
	1	---
	2	network:
	3	# These interface names are used to pull IP addresses into templates.
	4	# interface.public has the IP we use to open ports to the world (mail, web, etc)
	5	# interface.private has the IP for private services (ssh login, reporting, etc)
	6	# Right now we don't support multiple IPs per interface, we just grab the IPv4
	7	# address as presented by ansible fact e.g. 'ansible_{{interface.public}}.ipv4.address'
	8	interface:
	9	private: ens3
	10	public: ens4
	11	hostname:
	12	public: webby


diff --git a/ansible/inventory/host_vars/webby/nginx.yml b/ansible/inventory/host_vars/webby/nginx.yml new file mode 100644 index 0000000..87976dc --- /dev/null +++ b/ansible/inventory/host_vars/webby/nginx.yml
@@ -0,0 +1,77 @@
	1	---
	2	nginx:
	3	# Google webmaster tools wants this same filename on all hosts
	4	google:
	5	siteKey: googleYOURKEYHERE
	6	siteKeyServeDir: /srv/web/files/
	7
	8	# ssl can be "modern" or "tls13" or anything else means default
	9	ssl: default
	10
	11	# These configs are directly uploaded as saved config files from files/nginx/<sitename>
	12	complex:
	13	- example4.com
	14	- example5.com
	15
	16	basic: []
	17	# These configs are generated by template description below.
	18	# 'customConfig' is nginx directives placed for your http2 server block.
	19	# basic:
	20	# - domain: "example.com"
	21	# uri:
	22	# - path: /
	23	#
	24	# - domain: example2.com
	25	# uri:
	26	# - path: /
	27	# appServer: "http://127.0.0.1:7780"
	28	# customConfig: \|
	29	# keepalive_timeout 5 5;
	30	# keepalive_requests 200;
	31	#
	32	# proxy_intercept_errors on;
	33	# error_page 502 =503 @noserver;
	34	# error_page 503 =503 @noserver;
	35	# error_page 504 =503 @noserver;
	36	#
	37	# location @noserver {
	38	# root /home/matt/repos/matt-prod/priv;
	39	# charset utf-8;
	40	# rewrite ^(.*)$ /noserver.txt break;
	41	# }
	42	#
	43	# location /src/ {
	44	# proxy_pass http://127.0.0.1:7780/$request_uri;
	45	# add_header Cache-Control public;
	46	# expires +5m;
	47	# if ($args) {
	48	# expires +1y;
	49	# }
	50	# }
	51	#
	52	# location /style {
	53	# proxy_pass http://127.0.0.1:7780/$request_uri;
	54	# add_header Cache-Control public;
	55	# expires +5m;
	56	# if ($args) {
	57	# expires +1y;
	58	# }
	59	# }
	60	#
	61	# location /js {
	62	# proxy_pass http://127.0.0.1:7780/$request_uri;
	63	# add_header Cache-Control public;
	64	# expires +5m;
	65	# if ($args) {
	66	# expires +1y;
	67	# }
	68	# }
	69	#
	70	# location /favicon.ico {
	71	# empty_gif;
	72	# }
	73	#
	74	# location /files {
	75	# expires max;
	76	# root /srv/web/matt.sh;
	77	# }