deploy: Add dyndns service
This commit is contained in:
jaseg
parent
10b4f62b6a
commit
2d3756eb4e
8 changed files with 82 additions and 2 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -1,3 +1,4 @@
|
||||||
*_secret.txt
|
*_secret.txt
|
||||||
*_apikey.txt
|
*_apikey.txt
|
||||||
playbook.retry
|
playbook.retry
|
||||||
|
credentials.ini
|
||||||
|
|
|
||||||
3
credentials.ini.example
Normal file
3
credentials.ini.example
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
[inwx]
|
||||||
|
user=...
|
||||||
|
pass=...
|
||||||
|
|
@ -6,3 +6,6 @@ all:
|
||||||
ansible_ssh_identity_file: ~/.ssh/id_ed25519
|
ansible_ssh_identity_file: ~/.ssh/id_ed25519
|
||||||
ansible_user: root
|
ansible_user: root
|
||||||
ansible_python_interpreter: /usr/bin/python3
|
ansible_python_interpreter: /usr/bin/python3
|
||||||
|
localhost:
|
||||||
|
ansible_connection: local
|
||||||
|
ansible_python_interpreter: "{{ansible_playbook_python}}"
|
||||||
|
|
|
||||||
|
|
@ -20,6 +20,7 @@ COMMIT
|
||||||
-A INPUT -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT
|
-A INPUT -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT
|
||||||
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
|
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
|
||||||
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
|
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
|
||||||
|
-A INPUT -p udp --dport 53 -j ACCEPT
|
||||||
-A INPUT -j REJECT --reject-with icmp-host-prohibited
|
-A INPUT -j REJECT --reject-with icmp-host-prohibited
|
||||||
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
|
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
|
||||||
COMMIT
|
COMMIT
|
||||||
|
|
|
||||||
1
library/inwx-collection
Submodule
1
library/inwx-collection
Submodule
|
|
@ -0,0 +1 @@
|
||||||
|
Subproject commit 0ac040da14cc9d834098addc03cd8d4d26647df0
|
||||||
38
nginx.conf
38
nginx.conf
|
|
@ -370,5 +370,43 @@ http {
|
||||||
root /usr/share/nginx/html;
|
root /usr/share/nginx/html;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
server_name dyndns.jaseg.de;
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
|
||||||
|
ssl_certificate "/etc/letsencrypt/live/dyndns.jaseg.de/fullchain.pem";
|
||||||
|
ssl_certificate_key "/etc/letsencrypt/live/dyndns.jaseg.de/privkey.pem";
|
||||||
|
ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
|
||||||
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||||
|
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
|
||||||
|
resolver 67.207.67.2 67.207.67.3 valid=300s;
|
||||||
|
resolver_timeout 10s;
|
||||||
|
|
||||||
|
add_header Strict-Transport-Security "max-age=86400";
|
||||||
|
|
||||||
|
# Load configuration files for the default server block.
|
||||||
|
include /etc/nginx/default.d/*.conf;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include uwsgi_params;
|
||||||
|
uwsgi_pass unix:/run/uwsgi/dyndns.socket;
|
||||||
|
}
|
||||||
|
|
||||||
|
error_page 404 /404.html;
|
||||||
|
location = /40x.html {
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
}
|
||||||
|
|
||||||
|
error_page 500 502 503 504 /50x.html;
|
||||||
|
location = /50x.html {
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
36
playbook.yml
36
playbook.yml
|
|
@ -1,4 +1,34 @@
|
||||||
- name: Gerbolyze container setup playbook
|
- name: DNS setup
|
||||||
|
hosts: localhost
|
||||||
|
module_defaults:
|
||||||
|
inwx:
|
||||||
|
username: "{{lookup('ini', 'user section=inwx file=credentials.ini')}}"
|
||||||
|
password: "{{lookup('ini', 'pass section=inwx file=credentials.ini')}}"
|
||||||
|
vars:
|
||||||
|
subdomains:
|
||||||
|
- git.jaseg.net
|
||||||
|
- blog.jaseg.net
|
||||||
|
- kochbuch.jaseg.net
|
||||||
|
- gerbolyze.jaseg.net
|
||||||
|
- tracespace.jaseg.net
|
||||||
|
- openjscad.jaseg.net
|
||||||
|
- pogojig.jaseg.net
|
||||||
|
- automation.jaseg.de
|
||||||
|
- dyndns.jaseg.de
|
||||||
|
fastmail_domains:
|
||||||
|
- jaseg.net
|
||||||
|
- jaseg.de
|
||||||
|
tasks:
|
||||||
|
- name: Gather wendelstein facts
|
||||||
|
setup:
|
||||||
|
delegate_to: wendelstein
|
||||||
|
delegate_facts: True
|
||||||
|
|
||||||
|
- name: Setup DNS
|
||||||
|
include_tasks: dns.yml
|
||||||
|
|
||||||
|
|
||||||
|
- name: Wendelstein setup
|
||||||
hosts: wendelstein
|
hosts: wendelstein
|
||||||
tasks:
|
tasks:
|
||||||
- name: Set hostname
|
- name: Set hostname
|
||||||
|
|
@ -12,7 +42,7 @@
|
||||||
|
|
||||||
- name: Install host requisites
|
- name: Install host requisites
|
||||||
dnf:
|
dnf:
|
||||||
name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,libselinux-python,git,iptables-services,python3-pycryptodomex,zip,python3-uwsgidecorators
|
name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,libselinux-python,git,iptables-services,python3-pycryptodomex,zip,python3-uwsgidecorators,nsd
|
||||||
state: latest
|
state: latest
|
||||||
|
|
||||||
- name: Disable password-based root login
|
- name: Disable password-based root login
|
||||||
|
|
@ -77,3 +107,5 @@
|
||||||
- name: Setup semi-public git server
|
- name: Setup semi-public git server
|
||||||
include_tasks: setup_git.yml
|
include_tasks: setup_git.yml
|
||||||
|
|
||||||
|
- name: Setup private DynDNS service
|
||||||
|
include_tasks: setup_dyndns.yml
|
||||||
|
|
|
||||||
|
|
@ -58,6 +58,7 @@
|
||||||
- openjscad.jaseg.net
|
- openjscad.jaseg.net
|
||||||
- pogojig.jaseg.net
|
- pogojig.jaseg.net
|
||||||
- automation.jaseg.de
|
- automation.jaseg.de
|
||||||
|
- dyndns.jaseg.de
|
||||||
|
|
||||||
- name: Copy final nginx config
|
- name: Copy final nginx config
|
||||||
copy:
|
copy:
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue