Remove conf_archlinux role, replaced by GitLab Pages

See #237

Remove conf_archlinux role, replaced by GitLab Pages
See #237
02c4143d · Kristian Klausen · 88ff509c · 88ff509c · 88ff509c · 88ff509c
Commit 02c4143d authored Jan 10, 2021 by Kristian Klausen 🎉
--- a/roles/conf_archlinux/defaults/main.yml
+++ b/roles/conf_archlinux/defaults/main.yml
---
-
-conference_user: confweb
-conference_git: https://github.com/archlinux/conf.archlinux.org.git
-conference_version: 689b5488a1122fc897b8e468ce13c536b38e8b4c
-conference_domain: conf.archlinux.org
-static_conference_domain: static.conf.archlinux.org
-conference_dir: /srv/http/{{ conference_domain }}
-static_conference_dir: /srv/http/{{ static_conference_domain }}
--- a/roles/conf_archlinux/tasks/main.yml
+++ b/roles/conf_archlinux/tasks/main.yml
---
-
- name: install hugo, git
-  package: name=hugo,git state=present
-
- name: create {{ conference_user }} user
-  user: name={{ conference_user }} shell=/bin/false home={{ conference_dir }} createhome=no
-
- name: clone conf.archlinux.org website
-  git: >
-    repo={{ conference_git }}
-    dest="{{ conference_dir }}"
-    version={{ conference_version }}
-  register: release
-
- name: fix home permissions
-  file: state=directory owner={{ conference_user }} group=http mode=0750 path="{{ conference_dir }}"
-
- name: create static conf.archlinux.org dir
-  file: state=directory owner={{ conference_user }} group={{ conference_user }} mode=0755 path="{{ static_conference_dir }}"
-
- name: generate conf.archlinux.org site
-  command: hugo
-  become: yes
-  become_user: "{{ conference_user }}"
-  args:
-    chdir: "{{ conference_dir }}"
-  when: release.changed
-
- name: create ssl cert
-  command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ conference_domain }}' creates='/etc/letsencrypt/live/{{ conference_domain }}/fullchain.pem'
-
- name: create ssl cert
-  command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ static_conference_domain }}' creates='/etc/letsencrypt/live/{{ static_conference_domain }}/fullchain.pem'
-
- name: make nginx log dir
-  file: path=/var/log/nginx/{{ conference_domain }} state=directory owner=root group=root mode=0755
-
- name: make nginx log dir
-  file: path=/var/log/nginx/{{ static_conference_domain }} state=directory owner=root group=root mode=0755
-
- name: set up nginx
-  template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/conf.archlinux.org.conf owner=root group=root mode=0644
-  notify:
-    - reload nginx
-  tags: ['nginx']
-
- name: set up nginx
-  template: src=static.nginx.d.conf.j2 dest=/etc/nginx/nginx.d/static.conf.archlinux.org.conf owner=root group=root mode=0644
-  notify:
-    - reload nginx
-  tags: ['nginx']
--- a/roles/conf_archlinux/templates/nginx.d.conf.j2
+++ b/roles/conf_archlinux/templates/nginx.d.conf.j2
-server {
-    listen       80;
-    listen       [::]:80;
-    server_name  {{ conference_domain }};
-
-    access_log   /var/log/nginx/{{ conference_domain }}/access.log reduced;
-    error_log    /var/log/nginx/{{ conference_domain }}/error.log;
-
-    include snippets/letsencrypt.conf;
-
-    location / {
-        access_log off;
-        return 301 https://$server_name$request_uri;
-    }
-}
-
-server {
-    listen       443 ssl http2;
-    listen       [::]:443 ssl http2;
-    server_name  {{ conference_domain }};
-
-    access_log   /var/log/nginx/{{ conference_domain }}/access.log reduced;
-    error_log    /var/log/nginx/{{ conference_domain }}/error.log;
-
-    ssl_certificate      /etc/letsencrypt/live/{{ conference_domain }}/fullchain.pem;
-    ssl_certificate_key  /etc/letsencrypt/live/{{ conference_domain }}/privkey.pem;
-    ssl_trusted_certificate /etc/letsencrypt/live/{{ conference_domain }}/chain.pem;
-
-    # Security headers
-    add_header X-Frame-Options "SAMEORIGIN" always;
-    add_header X-Xss-Protection "1; mode=block" always;
-    add_header Referrer-Policy "same-origin";
-    add_header Feature-Policy "geolocation 'none' ;midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'none'; payment 'none';";
-    add_header Content-Security-Policy "default-src https: *.media.ccc.de embed.twitch.tv kiwiirc.com 'unsafe-inline';";
-    add_header X-Content-Type-Options "nosniff" always;
-
-    # Apply HSTS header again, since adding a header removes previous headers
-    add_header Strict-Transport-Security $hsts_header;
-
-    location /2019 {
-        return 301 $scheme://$server_name;
-    }
-
-    location /reports/archconf2019 {
-        return 301 $scheme://$server_name/reports/archconf_2019;
-    }
-
-    root {{ conference_dir }}/public;
-}
--- a/roles/conf_archlinux/templates/static.nginx.d.conf.j2
+++ b/roles/conf_archlinux/templates/static.nginx.d.conf.j2
-server {
-    listen       80;
-    listen       [::]:80;
-    server_name  {{ static_conference_domain }};
-
-    access_log   /var/log/nginx/{{ static_conference_domain }}/access.log reduced;
-    error_log    /var/log/nginx/{{ static_conference_domain }}/error.log;
-
-    include snippets/letsencrypt.conf;
-
-    location / {
-        access_log off;
-        return 301 https://$server_name$request_uri;
-    }
-}
-
-server {
-    listen       443 ssl http2;
-    listen       [::]:443 ssl http2;
-    server_name  {{ static_conference_domain }};
-
-    access_log   /var/log/nginx/{{ static_conference_domain }}/access.log reduced;
-    error_log    /var/log/nginx/{{ static_conference_domain }}/error.log;
-
-    ssl_certificate      /etc/letsencrypt/live/{{ static_conference_domain }}/fullchain.pem;
-    ssl_certificate_key  /etc/letsencrypt/live/{{ static_conference_domain }}/privkey.pem;
-    ssl_trusted_certificate /etc/letsencrypt/live/{{ static_conference_domain }}/chain.pem;
-
-    # Security headers
-    add_header X-Frame-Options "SAMEORIGIN" always;
-    add_header X-Xss-Protection "1; mode=block" always;
-    add_header Referrer-Policy "same-origin";
-    add_header Feature-Policy "geolocation 'none' ;midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'none'; payment 'none';";
-    add_header Content-Security-Policy "default-src 'self';";
-    add_header X-Content-Type-Options "nosniff" always;
-
-    # Apply HSTS header again, since adding a header removes previous headers
-    add_header Strict-Transport-Security $hsts_header;
-
-    autoindex on;
-
-    root {{ static_conference_dir }}/;
-}