dbscripts: Support rsync.archlinux.org via HTTPS

This also adds location / {} blocks to make the letsencrypt include work. Signed-off-by: Florian Pritz <bluewind@xinu.at>

dbscripts: Support rsync.archlinux.org via HTTPS
This also adds location / {} blocks to make the letsencrypt include work. Signed-off-by: Florian Pritz <bluewind@xinu.at>
016d1860 · Florian Pritz · 4eaf2d85 · 016d1860
Verified Commit 016d1860 authored Apr 29, 2017 by Florian Pritz
--- a/roles/dbscripts/templates/nginx.d.conf.j2
+++ b/roles/dbscripts/templates/nginx.d.conf.j2
@@ -12,41 +12,43 @@ server {
        allow all;
    }

-    # Server at velocitynet
-    allow  66.211.214.130; # dom0.archlinux.org.
-    allow  66.211.214.131; # gudrun.archlinux.org.
-    allow  66.211.214.132; # gerolde.archlinux.org.
-    allow  2001:470:1f10:717::2/128; # gerolde's tunnel IP
+	location / {
+		# Server at velocitynet
+		allow  66.211.214.130; # dom0.archlinux.org.
+		allow  66.211.214.131; # gudrun.archlinux.org.
+		allow  66.211.214.132; # gerolde.archlinux.org.
+		allow  2001:470:1f10:717::2/128; # gerolde's tunnel IP

-    # Thomas' home
-    #allow  87.193.186.180; # port-87-193-186-180.static.qsc.de.
-    allow  2001:1a80:3026::/48;
+		# Thomas' home
+		#allow  87.193.186.180; # port-87-193-186-180.static.qsc.de.
+		allow  2001:1a80:3026::/48;

-    # orion.archlinux.org
-    allow  88.198.91.70;
-    allow  2a01:4f8:160:6087::1;
+		# orion.archlinux.org
+		allow  88.198.91.70;
+		allow  2a01:4f8:160:6087::1;

-    # brynhild.archlinux.org
-    allow  176.9.18.112;
-    allow  2a01:4f8:150:1261::2;
+		# brynhild.archlinux.org
+		allow  176.9.18.112;
+		allow  2a01:4f8:150:1261::2;

-    # alberich.archlinux.org
-    allow 216.151.172.98;
+		# alberich.archlinux.org
+		allow 216.151.172.98;

-    # allison.archlinux.de
-    allow  144.76.107.12;
-    allow  2a01:4f8:192:520b::2;
+		# allison.archlinux.de
+		allow  144.76.107.12;
+		allow  2a01:4f8:192:520b::2;

-    auth_basic            "Restricted";
-    auth_basic_user_file  auth/dbscripts.htpasswd;
+		auth_basic            "Restricted";
+		auth_basic_user_file  auth/dbscripts.htpasswd;

-    autoindex  on;
+		autoindex  on;
+	}
 }

 server {
    listen       443 ssl http2;
    listen       [::]:443 ssl http2;
-    server_name  {{ repos_domain }};
+    server_name  {{ repos_domain }} {{repos_rsync_domain}};
    root         /srv/ftp;

 {% if certfile.stat.exists %}
@@ -61,33 +63,35 @@ server {
        allow all;
    }

-    # Server at velocitynet
-    allow  66.211.214.130; # dom0.archlinux.org.
-    allow  66.211.214.131; # gudrun.archlinux.org.
-    allow  66.211.214.132; # gerolde.archlinux.org.
-    allow  2001:470:1f10:717::2/128; # gerolde's tunnel IP
+	location / {
+		# Server at velocitynet
+		allow  66.211.214.130; # dom0.archlinux.org.
+		allow  66.211.214.131; # gudrun.archlinux.org.
+		allow  66.211.214.132; # gerolde.archlinux.org.
+		allow  2001:470:1f10:717::2/128; # gerolde's tunnel IP

-    # Thomas' home
-    #allow  87.193.186.180; # port-87-193-186-180.static.qsc.de.
-    allow  2001:1a80:3026::/48;
+		# Thomas' home
+		#allow  87.193.186.180; # port-87-193-186-180.static.qsc.de.
+		allow  2001:1a80:3026::/48;

-    # orion.archlinux.org
-    allow  88.198.91.70;
-    allow  2a01:4f8:160:6087::1;
+		# orion.archlinux.org
+		allow  88.198.91.70;
+		allow  2a01:4f8:160:6087::1;

-    # brynhild.archlinux.org
-    allow  176.9.18.112;
-    allow  2a01:4f8:150:1261::2;
+		# brynhild.archlinux.org
+		allow  176.9.18.112;
+		allow  2a01:4f8:150:1261::2;

-    # alberich.archlinux.org
-    allow 216.151.172.98;
+		# alberich.archlinux.org
+		allow 216.151.172.98;

-    # allison.archlinux.de
-    allow  144.76.107.12;
-    allow  2a01:4f8:192:520b::2;
+		# allison.archlinux.de
+		allow  144.76.107.12;
+		allow  2a01:4f8:192:520b::2;

-    auth_basic            "Restricted";
-    auth_basic_user_file  auth/dbscripts.htpasswd;
+		auth_basic            "Restricted";
+		auth_basic_user_file  auth/dbscripts.htpasswd;

-    autoindex  on;
+		autoindex  on;
+	}
 }