Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
02c4143d
Commit
02c4143d
authored
Jan 10, 2021
by
Kristian Klausen
🎉
Browse files
Remove conf_archlinux role, replaced by GitLab Pages
See
#237
parent
88ff509c
Changes
4
Hide whitespace changes
Inline
Side-by-side
roles/conf_archlinux/defaults/main.yml
deleted
100644 → 0
View file @
88ff509c
---
conference_user
:
confweb
conference_git
:
https://github.com/archlinux/conf.archlinux.org.git
conference_version
:
689b5488a1122fc897b8e468ce13c536b38e8b4c
conference_domain
:
conf.archlinux.org
static_conference_domain
:
static.conf.archlinux.org
conference_dir
:
/srv/http/{{ conference_domain }}
static_conference_dir
:
/srv/http/{{ static_conference_domain }}
roles/conf_archlinux/tasks/main.yml
deleted
100644 → 0
View file @
88ff509c
---
-
name
:
install hugo, git
package
:
name=hugo,git state=present
-
name
:
create {{ conference_user }} user
user
:
name={{ conference_user }} shell=/bin/false home={{ conference_dir }} createhome=no
-
name
:
clone conf.archlinux.org website
git
:
>
repo={{ conference_git }}
dest="{{ conference_dir }}"
version={{ conference_version }}
register
:
release
-
name
:
fix home permissions
file
:
state=directory owner={{ conference_user }} group=http mode=0750 path="{{ conference_dir }}"
-
name
:
create static conf.archlinux.org dir
file
:
state=directory owner={{ conference_user }} group={{ conference_user }} mode=0755 path="{{ static_conference_dir }}"
-
name
:
generate conf.archlinux.org site
command
:
hugo
become
:
yes
become_user
:
"
{{
conference_user
}}"
args
:
chdir
:
"
{{
conference_dir
}}"
when
:
release.changed
-
name
:
create ssl cert
command
:
certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ conference_domain }}' creates='/etc/letsencrypt/live/{{ conference_domain }}/fullchain.pem'
-
name
:
create ssl cert
command
:
certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ static_conference_domain }}' creates='/etc/letsencrypt/live/{{ static_conference_domain }}/fullchain.pem'
-
name
:
make nginx log dir
file
:
path=/var/log/nginx/{{ conference_domain }} state=directory owner=root group=root mode=0755
-
name
:
make nginx log dir
file
:
path=/var/log/nginx/{{ static_conference_domain }} state=directory owner=root group=root mode=0755
-
name
:
set up nginx
template
:
src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/conf.archlinux.org.conf owner=root group=root mode=0644
notify
:
-
reload nginx
tags
:
[
'
nginx'
]
-
name
:
set up nginx
template
:
src=static.nginx.d.conf.j2 dest=/etc/nginx/nginx.d/static.conf.archlinux.org.conf owner=root group=root mode=0644
notify
:
-
reload nginx
tags
:
[
'
nginx'
]
roles/conf_archlinux/templates/nginx.d.conf.j2
deleted
100644 → 0
View file @
88ff509c
server {
listen 80;
listen [::]:80;
server_name {{ conference_domain }};
access_log /var/log/nginx/{{ conference_domain }}/access.log reduced;
error_log /var/log/nginx/{{ conference_domain }}/error.log;
include snippets/letsencrypt.conf;
location / {
access_log off;
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ conference_domain }};
access_log /var/log/nginx/{{ conference_domain }}/access.log reduced;
error_log /var/log/nginx/{{ conference_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ conference_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ conference_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ conference_domain }}/chain.pem;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Xss-Protection "1; mode=block" always;
add_header Referrer-Policy "same-origin";
add_header Feature-Policy "geolocation 'none' ;midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'none'; payment 'none';";
add_header Content-Security-Policy "default-src https: *.media.ccc.de embed.twitch.tv kiwiirc.com 'unsafe-inline';";
add_header X-Content-Type-Options "nosniff" always;
# Apply HSTS header again, since adding a header removes previous headers
add_header Strict-Transport-Security $hsts_header;
location /2019 {
return 301 $scheme://$server_name;
}
location /reports/archconf2019 {
return 301 $scheme://$server_name/reports/archconf_2019;
}
root {{ conference_dir }}/public;
}
roles/conf_archlinux/templates/static.nginx.d.conf.j2
deleted
100644 → 0
View file @
88ff509c
server {
listen 80;
listen [::]:80;
server_name {{ static_conference_domain }};
access_log /var/log/nginx/{{ static_conference_domain }}/access.log reduced;
error_log /var/log/nginx/{{ static_conference_domain }}/error.log;
include snippets/letsencrypt.conf;
location / {
access_log off;
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ static_conference_domain }};
access_log /var/log/nginx/{{ static_conference_domain }}/access.log reduced;
error_log /var/log/nginx/{{ static_conference_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ static_conference_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ static_conference_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ static_conference_domain }}/chain.pem;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Xss-Protection "1; mode=block" always;
add_header Referrer-Policy "same-origin";
add_header Feature-Policy "geolocation 'none' ;midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'none'; payment 'none';";
add_header Content-Security-Policy "default-src 'self';";
add_header X-Content-Type-Options "nosniff" always;
# Apply HSTS header again, since adding a header removes previous headers
add_header Strict-Transport-Security $hsts_header;
autoindex on;
root {{ static_conference_dir }}/;
}
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment