From 1204730924436ef9e1c7c49c9557837f9a5ed0e8 Mon Sep 17 00:00:00 2001 From: clarkzjw Date: Wed, 8 Feb 2023 00:40:09 -0800 Subject: fork https://github.com/mattsta/mailweb --- ansible/inventory/host_vars/webby/certs.yml | 23 ++++++++ ansible/inventory/host_vars/webby/network.yml | 12 +++++ ansible/inventory/host_vars/webby/nginx.yml | 77 +++++++++++++++++++++++++++ 3 files changed, 112 insertions(+) create mode 100644 ansible/inventory/host_vars/webby/certs.yml create mode 100644 ansible/inventory/host_vars/webby/network.yml create mode 100644 ansible/inventory/host_vars/webby/nginx.yml (limited to 'ansible/inventory/host_vars/webby') diff --git a/ansible/inventory/host_vars/webby/certs.yml b/ansible/inventory/host_vars/webby/certs.yml new file mode 100644 index 0000000..c38b80d --- /dev/null +++ b/ansible/inventory/host_vars/webby/certs.yml @@ -0,0 +1,23 @@ +--- +certs: + # Copy only these private keys and certs from ansible into the system + keyTypes: + - rsa2048 + - prime256v1 + +# requested can EITHER be: +# - just a list of hostnames (then we depoly all 'keyTypes' for each hostname) +# - or, a mapping of, e.g.: +# - host: example1.com +# type: rsa2048 +# - host: example1.com +# type: prime256v1 + required: + - example1.com + - example2.com + - example3.com + + # These users have ansible-controlled ssh private keys + # (mainly for automated backups right now) + sshKeysForUsers: [] + # - root diff --git a/ansible/inventory/host_vars/webby/network.yml b/ansible/inventory/host_vars/webby/network.yml new file mode 100644 index 0000000..39eb141 --- /dev/null +++ b/ansible/inventory/host_vars/webby/network.yml @@ -0,0 +1,12 @@ +--- +network: + # These interface names are used to pull IP addresses into templates. + # interface.public has the IP we use to open ports to the world (mail, web, etc) + # interface.private has the IP for private services (ssh login, reporting, etc) + # Right now we don't support multiple IPs per interface, we just grab the IPv4 + # address as presented by ansible fact e.g. 'ansible_{{interface.public}}.ipv4.address' + interface: + private: ens3 + public: ens4 + hostname: + public: webby diff --git a/ansible/inventory/host_vars/webby/nginx.yml b/ansible/inventory/host_vars/webby/nginx.yml new file mode 100644 index 0000000..87976dc --- /dev/null +++ b/ansible/inventory/host_vars/webby/nginx.yml @@ -0,0 +1,77 @@ +--- +nginx: + # Google webmaster tools wants this same filename on all hosts + google: + siteKey: googleYOURKEYHERE + siteKeyServeDir: /srv/web/files/ + + # ssl can be "modern" or "tls13" or anything else means default + ssl: default + + # These configs are directly uploaded as saved config files from files/nginx/ + complex: + - example4.com + - example5.com + + basic: [] + # These configs are generated by template description below. + # 'customConfig' is nginx directives placed for your http2 server block. + # basic: + # - domain: "example.com" + # uri: + # - path: / + # + # - domain: example2.com + # uri: + # - path: / + # appServer: "http://127.0.0.1:7780" + # customConfig: | + # keepalive_timeout 5 5; + # keepalive_requests 200; + # + # proxy_intercept_errors on; + # error_page 502 =503 @noserver; + # error_page 503 =503 @noserver; + # error_page 504 =503 @noserver; + # + # location @noserver { + # root /home/matt/repos/matt-prod/priv; + # charset utf-8; + # rewrite ^(.*)$ /noserver.txt break; + # } + # + # location /src/ { + # proxy_pass http://127.0.0.1:7780/$request_uri; + # add_header Cache-Control public; + # expires +5m; + # if ($args) { + # expires +1y; + # } + # } + # + # location /style { + # proxy_pass http://127.0.0.1:7780/$request_uri; + # add_header Cache-Control public; + # expires +5m; + # if ($args) { + # expires +1y; + # } + # } + # + # location /js { + # proxy_pass http://127.0.0.1:7780/$request_uri; + # add_header Cache-Control public; + # expires +5m; + # if ($args) { + # expires +1y; + # } + # } + # + # location /favicon.ico { + # empty_gif; + # } + # + # location /files { + # expires max; + # root /srv/web/matt.sh; + # } -- cgit v1.2.3